• 検索:

    このセクションでは、VPN 接続するための VPN as a Service ( VPNaaS ) の有効化の設定について紹介します。作業は、ネットワーキングサービス( Neutron ) がインストールされているコントローラノードで実施します。

    ネットワーキングサービス( Neutron ) の設定ファイル( /etc/neutron/neutron.conf )を編集し、以下設定をします。

    [root@controller ~]# vi /etc/neutron/neutron.conf

    [DEFAULT] セクションの service_plugins に vpnaas を追加します。追加する際には、既に登録されている設定の後ろに追加します。

    #service_plugins = router
service_plugins = router,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2,vpnaas

    VPNaaS の設定ファイル( /etc/neutron/neutron_vpnaas.conf ) を新規作成し、以下設定をします。

    [root@controller ~]# vi /etc/neutron/neutron_vpnaas.conf

    VPNaaSサービスプロバイダに関する新規設定を追加します。

    [service_providers]
service_provider = VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

    L3エージェントの設定ファイル( /etc/neutron/l3_agent.ini ) を編集し、以下設定をします。

    [root@controller ~]# vi /etc/neutron/l3_agent.ini

    L3エージェント用のVPNaaSプラグインに関する新規設定を追加します。

    [AGENT]
extensions = vpnaas

[vpnagent]
vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver

    データベースにVPNaaS に必要なテーブルを作成するために、まず コントローラノードにneutron-vpnaasパッケージをインストールします。

    [root@controller ~]# git clone https://git.openstack.org//openstack/neutron-vpnaas
Cloning into 'neutron-vpnaas'...
remote: Counting objects: 110009, done.
remote: Compressing objects: 100% (20668/20668), done.
remote: Total 110009 (delta 72518), reused 108316 (delta 71053)
Receiving objects: 100% (110009/110009), 28.19 MiB | 33.00 KiB/s, done.
Resolving deltas: 100% (72518/72518), done.
[root@controller ~]# 
    [root@controller ~]# cd neutron-vpnaas/
    [root@controller neutron-vpnaas]# pip install neutron_vpnaas
Collecting neutron_vpnaas
  Downloading https://files.pythonhosted.org/packages/4e/31/9262ae03de600ec54201bfc695d947c4b8077fcef3e6e459d6beb1d4c181/neutron_vpnaas-13.0.1-py2.py3-none-any.whl (182kB)
    100% |████████████████████████████████| 184kB 326kB/s 
Requirement already satisfied: oslo.messaging>=5.29.0 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (8.1.2)
Requirement already satisfied: oslo.serialization!=2.19.1,>=2.18.0 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (2.27.0)
Requirement already satisfied: oslo.service!=1.28.1,>=1.24.0 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (1.31.5)
Requirement already satisfied: oslo.utils>=3.33.0 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (3.36.4)
Requirement already satisfied: oslo.db>=4.27.0 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (4.40.0)
Requirement already satisfied: netaddr>=0.7.18 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (0.7.19)
Requirement already satisfied: neutron>=13.0.0.0b2 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (13.0.1)
Requirement already satisfied: six>=1.10.0 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (1.11.0)
Requirement already satisfied: requests>=2.14.2 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (2.19.1)
Requirement already satisfied: oslo.reports>=1.18.0 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (1.28.0)
Requirement already satisfied: oslo.log>=3.36.0 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (3.39.2)
Requirement already satisfied: Jinja2>=2.10 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (2.10)
Requirement already satisfied: alembic>=0.8.10 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (0.9.7)
Requirement already satisfied: SQLAlchemy>=1.2.0 in /usr/lib64/python2.7/site-packages (from neutron_vpnaas) (1.2.7)
Requirement already satisfied: oslo.config>=5.2.0 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (6.4.0)
Requirement already satisfied: pbr!=2.1.0,>=2.0.0 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (4.1.0)
Requirement already satisfied: oslo.concurrency>=3.26.0 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (3.27.0)
Requirement already satisfied: neutron-lib>=1.18.0 in /usr/lib/python2.7/site-packages (from neutron_vpnaas) (1.18.0)
Requirement already satisfied: WebOb>=1.7.1 in /usr/lib/python2.7/site-packages (from oslo.service!=1.28.1,>=1.24.0->neutron_vpnaas) (1.8.2)
Collecting eventlet!=0.18.3,!=0.20.1,>=0.18.2 (from oslo.service!=1.28.1,>=1.24.0->neutron_vpnaas)
  Downloading https://files.pythonhosted.org/packages/86/7e/96e1412f96eeb2f2eca9342dcc4d5bc9305880a448b603b0a8e54439b71c/eventlet-0.24.1-py2.py3-none-any.whl (219kB)
    100% |████████████████████████████████| 225kB 326kB/s 
Requirement already satisfied: greenlet>=0.4.10 in /usr/lib64/python2.7/site-packages (from oslo.service!=1.28.1,>=1.24.0->neutron_vpnaas) (0.4.12)
Requirement already satisfied: monotonic>=0.6 in /usr/lib/python2.7/site-packages (from oslo.service!=1.28.1,>=1.24.0->neutron_vpnaas) (1.5)
Requirement already satisfied: oslo.i18n>=3.15.3 in /usr/lib/python2.7/site-packages (from oslo.service!=1.28.1,>=1.24.0->neutron_vpnaas) (3.21.0)
Requirement already satisfied: PasteDeploy>=1.5.0 in /usr/lib/python2.7/site-packages (from oslo.service!=1.28.1,>=1.24.0->neutron_vpnaas) (1.5.2)
Requirement already satisfied: Routes>=2.3.1 in /usr/lib/python2.7/site-packages (from oslo.service!=1.28.1,>=1.24.0->neutron_vpnaas) (2.4.1)
Collecting Paste>=2.0.2 (from oslo.service!=1.28.1,>=1.24.0->neutron_vpnaas)
  Downloading https://files.pythonhosted.org/packages/ab/6d/f5abec0603e4b1a78c3330de6515412fceb36a7767c2350208470d5c649c/Paste-3.0.5-py2.py3-none-any.whl (592kB)
    100% |████████████████████████████████| 593kB 301kB/s 
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/site-packages (from requests>=2.14.2->neutron_vpnaas) (3.0.4)
Requirement already satisfied: idna<2.8,>=2.5 in /usr/lib/python2.7/site-packages (from requests>=2.14.2->neutron_vpnaas) (2.5)
Requirement already satisfied: urllib3<1.24,>=1.21.1 in /usr/lib/python2.7/site-packages (from requests>=2.14.2->neutron_vpnaas) (1.21.1)
Requirement already satisfied: MarkupSafe>=0.23 in /usr/lib64/python2.7/site-packages (from Jinja2>=2.10->neutron_vpnaas) (0.23)
Requirement already satisfied: Mako in /usr/lib/python2.7/site-packages (from alembic>=0.8.10->neutron_vpnaas) (0.8.1)
Requirement already satisfied: python-editor>=0.3 in /usr/lib/python2.7/site-packages (from alembic>=0.8.10->neutron_vpnaas) (0.4)
Requirement already satisfied: python-dateutil in /usr/lib/python2.7/site-packages (from alembic>=0.8.10->neutron_vpnaas) (2.6.1)
Requirement already satisfied: dnspython>=1.15.0 in /usr/lib/python2.7/site-packages (from eventlet!=0.18.3,!=0.20.1,>=0.18.2->oslo.service!=1.28.1,>=1.24.0->neutron_vpnaas) (1.15.0)
Requirement already satisfied: enum34; python_version < "3.4" in /usr/lib/python2.7/site-packages (from eventlet!=0.18.3,!=0.20.1,>=0.18.2->oslo.service!=1.28.1,>=1.24.0->neutron_vpnaas) (1.0.4)
Requirement already satisfied: repoze.lru>=0.3 in /usr/lib/python2.7/site-packages (from Routes>=2.3.1->oslo.service!=1.28.1,>=1.24.0->neutron_vpnaas) (0.4)
glance-store 0.26.1 requires doc8>=0.6.0, which is not installed.
oslo-vmware 2.31.0 has requirement PyYAML>=3.12, but you'll have pyyaml 3.10 which is incompatible.
Installing collected packages: neutron-vpnaas, eventlet, Paste
  Found existing installation: eventlet 0.20.1
    Uninstalling eventlet-0.20.1:
      Successfully uninstalled eventlet-0.20.1
  Found existing installation: Paste 1.7.5.1
    Uninstalling Paste-1.7.5.1:
      Successfully uninstalled Paste-1.7.5.1
Successfully installed Paste-3.0.5 eventlet-0.24.1 neutron-vpnaas-13.0.1
[root@controller neutron-vpnaas]#

    データベースにVPNaaS に必要なテーブルを作成します。

    [root@controller ~]# neutron-db-manage --subproject neutron-vpnaas upgrade head
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
  neutron-vpnaas に対して upgrade を実行中です...
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade  -> start_neutron_vpnaas, start neutron-vpnaas chain
INFO  [alembic.runtime.migration] Running upgrade start_neutron_vpnaas -> 3ea02b2a773e, add_index_tenant_id
INFO  [alembic.runtime.migration] Running upgrade 3ea02b2a773e -> kilo, kilo
INFO  [alembic.runtime.migration] Running upgrade kilo -> 30018084ed99, Initial no-op Liberty expand rule.
INFO  [alembic.runtime.migration] Running upgrade 30018084ed99 -> 24f28869838b, Add fields to VPN service table
INFO  [alembic.runtime.migration] Running upgrade 24f28869838b -> 41b509d10b5e, VPNaaS endpoint groups
INFO  [alembic.runtime.migration] Running upgrade 41b509d10b5e -> 28ee739a7e4b, Multiple local subnets
INFO  [alembic.runtime.migration] Running upgrade kilo -> 56893333aa52, fix identifier map fk
INFO  [alembic.runtime.migration] Running upgrade 56893333aa52 -> 333dfd6afaa2, Populate VPN service table fields
INFO  [alembic.runtime.migration] Running upgrade 333dfd6afaa2 -> 2c82e782d734, drop_tenant_id_in_cisco_csr_identifier_map
INFO  [alembic.runtime.migration] Running upgrade 2c82e782d734 -> 2cb4ee992b41, Multiple local subnets
INFO  [alembic.runtime.migration] Running upgrade 2cb4ee992b41 -> b6a2519ab7dc, rename tenant to project
INFO  [alembic.runtime.migration] Running upgrade b6a2519ab7dc -> e50641731f1a, drop cisco_csr_identifier_map table
INFO  [alembic.runtime.migration] Running upgrade 28ee739a7e4b -> fe637dc3f042, support sha256
INFO  [alembic.runtime.migration] Running upgrade fe637dc3f042 -> 52783a36bd67, support local id
INFO  [alembic.runtime.migration] Running upgrade 52783a36bd67 -> 38893903cbde, add_auth_algorithm_sha384_and_sha512
INFO  [alembic.runtime.migration] Running upgrade 38893903cbde -> 95601446dbcc, add flavor id to vpnservices
  OK
[root@controller ~]#