VPNaaS support for OVN: documentation

Add documentation how to set up the vpnaas plugin variant for OVN. Change-Id: I72530249767ca63f8e841ca49e9da9191b0a6860
2023-09-18 14:11:34 +02:00 · 2023-09-18 14:11:34 +02:00 · 2d4762d55d
commit 2d4762d55d
parent 3faca16339
6 changed files with 101 additions and 1 deletions
--- a/doc/source/conf.py
+++ b/doc/source/conf.py
@ -247,6 +247,7 @@ openstackdocs_bug_tag = 'doc'
 _config_generator_config_files = [
    'vpn_agent.ini',
    'neutron_vpnaas.conf',
+    'neutron_ovn_vpn_agent.ini',
 ]


--- a/doc/source/configuration/l3_agent.rst
+++ b/doc/source/configuration/l3_agent.rst
@ -4,6 +4,7 @@ vpn_agent.ini

 This is a configuration file for the VPNaaS L3 agent
 extension of the neutron l3-agent.
+Note that this is not used in an OVN setup.

 .. show-options::
   :config-file: etc/oslo-config-generator/vpn_agent.ini
--- a/doc/source/configuration/neutron_ovn_vpn_agent.rst
+++ b/doc/source/configuration/neutron_ovn_vpn_agent.rst
@ -2,7 +2,8 @@
 neutron_ovn_vpn_agent.ini
 =========================

-This is a configuration file for the OVN VPN agent.
+This is a configuration file for the standalone VPN agent
+for a setup based on OVN.

 .. show-options::
   :config-file: etc/oslo-config-generator/neutron_ovn_vpn_agent.ini
--- a/doc/source/configuration/samples/neutron_ovn_vpn_agent.rst
+++ b/doc/source/configuration/samples/neutron_ovn_vpn_agent.rst
@ -0,0 +1,8 @@
+================================
+Sample neutron_ovn_vpn_agent.ini
+================================
+
+This sample configuration can also be viewed in `the raw format
+<../../_static/config_samples/neutron_ovn_vpn_agent.conf.sample>`_.
+
+.. literalinclude:: ../../_static/config_samples/neutron_ovn_vpn_agent.conf.sample
--- a/doc/source/contributor/index.rst
+++ b/doc/source/contributor/index.rst
@ -91,6 +91,13 @@ Testing
   Add notes about functional testing, with info on how
   different reference drivers are tested.

+Set up VPNaaS for OVN
+---------------------
+.. toctree::
+   :maxdepth: 3
+
+   vpnaas-for-ovn
+
 Module Reference
 ----------------
 .. toctree::
--- a/doc/source/contributor/vpnaas-for-ovn.rst
+++ b/doc/source/contributor/vpnaas-for-ovn.rst
@ -0,0 +1,82 @@
+==========================
+Configuring VPNaaS for OVN
+==========================
+
+A general instruction to enable neutron VPNaaS is described in
+`the Networking Guide
+<https://docs.openstack.org/neutron/latest/admin/vpnaas-scenario.html#enabling-vpnaas>`__.
+
+For an OVN-based setup some details are different though. The following instructions adapt the general ones
+accordingly.
+
+Enabling VPNaaS for OVN
+~~~~~~~~~~~~~~~~~~~~~~~
+
+#. Enable the VPNaaS plug-in in the ``/etc/neutron/neutron.conf`` file
+   by appending ``ovn-vpnaas`` to ``service_plugins`` in ``[DEFAULT]``:
+
+   .. code-block:: ini
+
+      [DEFAULT]
+      # ...
+      service_plugins = ovn-vpnaas
+
+   .. note::
+
+      ``ovn-vpnaas`` is the plugin variant of the reference implementation that supports OVN.
+
+
+#. Configure the VPNaaS service provider by creating the
+   ``/etc/neutron/neutron_vpnaas.conf`` file as follows, ``strongswan`` used in Ubuntu distribution:
+
+   .. code-block:: ini
+
+      [service_providers]
+      service_provider = VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ovn_ipsec.IPsecOvnVPNDriver
+
+#. With OVN there is no L3 agent. Instead a stand-alone VPN agent is installed. There is a new "binary" called
+   ``neutron-ovn-vpn-agent``. Create its configuration file ``/etc/neutron/neutron_ovn_vpn_agent.ini``
+   with the following contents:
+
+   .. code-block:: ini
+
+      [DEFAULT]
+      transport_url = rabbit://openstack:RABBIT_PASS@CONTROLLER_IP
+      interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+
+      [AGENT]
+      extensions = vpnaas
+
+      [vpnagent]
+      vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver
+
+      [ovs]
+      ovsdb_connection="unix:/var/run/openvswitch/db.sock"
+
+      [ovn]
+      ovn_sb_connection = tcp:OVSDB_SERVER_IP:6642
+
+   .. note::
+
+      Replace ``OVSDB_SERVER_IP`` with the IP address of the controller node that
+      runs the ``ovsdb-server`` service.
+      Replace ``RABBIT_PASS`` with the password you chose for the
+      ``openstack`` account in RabbitMQ and CONTROLLER_IP with the IP address of
+      the controller node that runs the RabbitMQ server.
+
+#. Create the required tables in the database:
+
+   .. code-block:: console
+
+      # neutron-db-manage --subproject neutron-vpnaas upgrade head
+
+#. Restart the ``neutron-server`` in controller node to apply the settings.
+
+#. Start the ``neutron-ovn-vpn-agent`` in network node to apply the settings.
+
+Specifics of the OVN variant of the plugin
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Details about the architecture are described in
+`the feature spec
+<https://opendev.org/openstack/neutron-specs/src/branch/master/specs/xena/vpnaas-ovn.rst>`__.