From 2d4762d55d945272c98be7587c5b24d91cadd8bf Mon Sep 17 00:00:00 2001 From: Bodo Petermann Date: Mon, 18 Sep 2023 14:11:34 +0200 Subject: [PATCH] VPNaaS support for OVN: documentation Add documentation how to set up the vpnaas plugin variant for OVN. Change-Id: I72530249767ca63f8e841ca49e9da9191b0a6860 --- doc/source/conf.py | 1 + doc/source/configuration/l3_agent.rst | 1 + .../configuration/neutron_ovn_vpn_agent.rst | 3 +- .../samples/neutron_ovn_vpn_agent.rst | 8 ++ doc/source/contributor/index.rst | 7 ++ doc/source/contributor/vpnaas-for-ovn.rst | 82 +++++++++++++++++++ 6 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 doc/source/configuration/samples/neutron_ovn_vpn_agent.rst create mode 100644 doc/source/contributor/vpnaas-for-ovn.rst diff --git a/doc/source/conf.py b/doc/source/conf.py index 83b04649d..fe2bfdda7 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -247,6 +247,7 @@ openstackdocs_bug_tag = 'doc' _config_generator_config_files = [ 'vpn_agent.ini', 'neutron_vpnaas.conf', + 'neutron_ovn_vpn_agent.ini', ] diff --git a/doc/source/configuration/l3_agent.rst b/doc/source/configuration/l3_agent.rst index 9d3b982f2..7fadb9f71 100644 --- a/doc/source/configuration/l3_agent.rst +++ b/doc/source/configuration/l3_agent.rst @@ -4,6 +4,7 @@ vpn_agent.ini This is a configuration file for the VPNaaS L3 agent extension of the neutron l3-agent. +Note that this is not used in an OVN setup. .. show-options:: :config-file: etc/oslo-config-generator/vpn_agent.ini diff --git a/doc/source/configuration/neutron_ovn_vpn_agent.rst b/doc/source/configuration/neutron_ovn_vpn_agent.rst index 15fd6de5f..d00225fe1 100644 --- a/doc/source/configuration/neutron_ovn_vpn_agent.rst +++ b/doc/source/configuration/neutron_ovn_vpn_agent.rst @@ -2,7 +2,8 @@ neutron_ovn_vpn_agent.ini ========================= -This is a configuration file for the OVN VPN agent. +This is a configuration file for the standalone VPN agent +for a setup based on OVN. .. show-options:: :config-file: etc/oslo-config-generator/neutron_ovn_vpn_agent.ini diff --git a/doc/source/configuration/samples/neutron_ovn_vpn_agent.rst b/doc/source/configuration/samples/neutron_ovn_vpn_agent.rst new file mode 100644 index 000000000..0275526d4 --- /dev/null +++ b/doc/source/configuration/samples/neutron_ovn_vpn_agent.rst @@ -0,0 +1,8 @@ +================================ +Sample neutron_ovn_vpn_agent.ini +================================ + +This sample configuration can also be viewed in `the raw format +<../../_static/config_samples/neutron_ovn_vpn_agent.conf.sample>`_. + +.. literalinclude:: ../../_static/config_samples/neutron_ovn_vpn_agent.conf.sample diff --git a/doc/source/contributor/index.rst b/doc/source/contributor/index.rst index 88d32d867..172c98a06 100644 --- a/doc/source/contributor/index.rst +++ b/doc/source/contributor/index.rst @@ -91,6 +91,13 @@ Testing Add notes about functional testing, with info on how different reference drivers are tested. +Set up VPNaaS for OVN +--------------------- +.. toctree:: + :maxdepth: 3 + + vpnaas-for-ovn + Module Reference ---------------- .. toctree:: diff --git a/doc/source/contributor/vpnaas-for-ovn.rst b/doc/source/contributor/vpnaas-for-ovn.rst new file mode 100644 index 000000000..ee8f74a10 --- /dev/null +++ b/doc/source/contributor/vpnaas-for-ovn.rst @@ -0,0 +1,82 @@ +========================== +Configuring VPNaaS for OVN +========================== + +A general instruction to enable neutron VPNaaS is described in +`the Networking Guide +`__. + +For an OVN-based setup some details are different though. The following instructions adapt the general ones +accordingly. + +Enabling VPNaaS for OVN +~~~~~~~~~~~~~~~~~~~~~~~ + +#. Enable the VPNaaS plug-in in the ``/etc/neutron/neutron.conf`` file + by appending ``ovn-vpnaas`` to ``service_plugins`` in ``[DEFAULT]``: + + .. code-block:: ini + + [DEFAULT] + # ... + service_plugins = ovn-vpnaas + + .. note:: + + ``ovn-vpnaas`` is the plugin variant of the reference implementation that supports OVN. + + +#. Configure the VPNaaS service provider by creating the + ``/etc/neutron/neutron_vpnaas.conf`` file as follows, ``strongswan`` used in Ubuntu distribution: + + .. code-block:: ini + + [service_providers] + service_provider = VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ovn_ipsec.IPsecOvnVPNDriver + +#. With OVN there is no L3 agent. Instead a stand-alone VPN agent is installed. There is a new "binary" called + ``neutron-ovn-vpn-agent``. Create its configuration file ``/etc/neutron/neutron_ovn_vpn_agent.ini`` + with the following contents: + + .. code-block:: ini + + [DEFAULT] + transport_url = rabbit://openstack:RABBIT_PASS@CONTROLLER_IP + interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver + + [AGENT] + extensions = vpnaas + + [vpnagent] + vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver + + [ovs] + ovsdb_connection="unix:/var/run/openvswitch/db.sock" + + [ovn] + ovn_sb_connection = tcp:OVSDB_SERVER_IP:6642 + + .. note:: + + Replace ``OVSDB_SERVER_IP`` with the IP address of the controller node that + runs the ``ovsdb-server`` service. + Replace ``RABBIT_PASS`` with the password you chose for the + ``openstack`` account in RabbitMQ and CONTROLLER_IP with the IP address of + the controller node that runs the RabbitMQ server. + +#. Create the required tables in the database: + + .. code-block:: console + + # neutron-db-manage --subproject neutron-vpnaas upgrade head + +#. Restart the ``neutron-server`` in controller node to apply the settings. + +#. Start the ``neutron-ovn-vpn-agent`` in network node to apply the settings. + +Specifics of the OVN variant of the plugin +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Details about the architecture are described in +`the feature spec +`__.