Merge lp:~corey.bryant/ubuntu/vivid/neutron-vpnaas/2015.1.1 into lp:ubuntu/vivid-updates/neutron-vpnaas
- Vivid (15.04)
- 2015.1.1
- Merge into vivid-updates
Proposed by
Corey Bryant
Status: | Approved | ||||
---|---|---|---|---|---|
Approved by: | Corey Bryant | ||||
Approved revision: | 8 | ||||
Proposed branch: | lp:~corey.bryant/ubuntu/vivid/neutron-vpnaas/2015.1.1 | ||||
Merge into: | lp:ubuntu/vivid-updates/neutron-vpnaas | ||||
Diff against target: |
572 lines (+290/-43) 20 files modified
AUTHORS (+3/-0) ChangeLog (+11/-0) PKG-INFO (+1/-1) debian/changelog (+11/-0) etc/neutron/rootwrap.d/vpnaas.filters (+1/-0) etc/vpn_agent.ini (+2/-0) neutron_vpnaas.egg-info/PKG-INFO (+1/-1) neutron_vpnaas.egg-info/SOURCES.txt (+2/-0) neutron_vpnaas.egg-info/pbr.json (+1/-1) neutron_vpnaas.egg-info/requires.txt (+11/-11) neutron_vpnaas/services/vpn/agent.py (+1/-0) neutron_vpnaas/services/vpn/device_drivers/fedora_strongswan_ipsec.py (+107/-0) neutron_vpnaas/services/vpn/device_drivers/ipsec.py (+8/-7) neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py (+50/-0) neutron_vpnaas/tests/unit/db/vpn/test_vpn_db.py (+10/-0) neutron_vpnaas/tests/unit/services/vpn/device_drivers/test_ipsec.py (+49/-0) requirements.txt (+11/-11) setup.cfg (+1/-1) setup.py (+0/-1) test-requirements.txt (+9/-9) |
||||
To merge this branch: | bzr merge lp:~corey.bryant/ubuntu/vivid/neutron-vpnaas/2015.1.1 | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ubuntu Development Team | Pending | ||
Review via email: mp+266899@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
Unmerged revisions
- 8. By Corey Bryant
-
* Resynchronize with stable/kilo (9c73c0c) (LP: #1481008):
- [fb18c46] Set vpn agent's agent_state['binary' ] attribute
- [0ec1668] Fix failures for integration tests
- [053fd30] VPNaaS: Fix breakage in status reporting
- [5cc0613] Libreswan driver support in VPNaaS
- [9c73c0c] Provide Fedora support for StrongSwan
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'AUTHORS' | |||
2 | --- AUTHORS 2015-03-30 11:20:04 +0000 | |||
3 | +++ AUTHORS 2015-08-04 15:46:24 +0000 | |||
4 | @@ -147,6 +147,7 @@ | |||
5 | 147 | Tomoko Inoue <inoue.tomoko@lab.ntt.co.jp> | 147 | Tomoko Inoue <inoue.tomoko@lab.ntt.co.jp> |
6 | 148 | Trinath Somanchi <trinath.somanchi@freescale.com> | 148 | Trinath Somanchi <trinath.somanchi@freescale.com> |
7 | 149 | Tyler Smith <tylesmit@cisco.com> | 149 | Tyler Smith <tylesmit@cisco.com> |
8 | 150 | Wei Hu <hwhu@cn.ibm.com> | ||
9 | 150 | Weidong Shao <weidong.shao@huawei.com> | 151 | Weidong Shao <weidong.shao@huawei.com> |
10 | 151 | Wu Wenxiang <wu.wenxiang@99cloud.net> | 152 | Wu Wenxiang <wu.wenxiang@99cloud.net> |
11 | 152 | YAMAMOTO Takashi <yamamoto@valinux.co.jp> | 153 | YAMAMOTO Takashi <yamamoto@valinux.co.jp> |
12 | @@ -174,6 +175,7 @@ | |||
13 | 174 | johndavidge <jodavidg@cisco.com> | 175 | johndavidge <jodavidg@cisco.com> |
14 | 175 | justin Lund <justin.lund@dreamhost.com> | 176 | justin Lund <justin.lund@dreamhost.com> |
15 | 176 | lawrancejing <lawrancejing@gmail.com> | 177 | lawrancejing <lawrancejing@gmail.com> |
16 | 178 | leejian0612 <ljianbj@cn.ibm.com> | ||
17 | 177 | liu-sheng <liusheng@huawei.com> | 179 | liu-sheng <liusheng@huawei.com> |
18 | 178 | liuqing <jing.liuqing@99cloud.net> | 180 | liuqing <jing.liuqing@99cloud.net> |
19 | 179 | llg8212 <lilinguo@huawei.com> | 181 | llg8212 <lilinguo@huawei.com> |
20 | @@ -187,6 +189,7 @@ | |||
21 | 187 | sridhargaddam <sridhar.gaddam@enovance.com> | 189 | sridhargaddam <sridhar.gaddam@enovance.com> |
22 | 188 | sukhdev <sukhdev@aristanetworks.com> | 190 | sukhdev <sukhdev@aristanetworks.com> |
23 | 189 | trinaths <trinath.somanchi@freescale.com> | 191 | trinaths <trinath.somanchi@freescale.com> |
24 | 192 | venkata anil <anil.venkata@enovance.com> | ||
25 | 190 | vikas <vikas.d-m@hp.com> | 193 | vikas <vikas.d-m@hp.com> |
26 | 191 | vinkesh banka <vinkeshb@thoughtworks.com> | 194 | vinkesh banka <vinkeshb@thoughtworks.com> |
27 | 192 | zhhuabj <zhhuabj@cn.ibm.com> | 195 | zhhuabj <zhhuabj@cn.ibm.com> |
28 | 193 | 196 | ||
29 | === modified file 'ChangeLog' | |||
30 | --- ChangeLog 2015-04-30 18:32:31 +0000 | |||
31 | +++ ChangeLog 2015-08-04 15:46:24 +0000 | |||
32 | @@ -1,6 +1,17 @@ | |||
33 | 1 | CHANGES | 1 | CHANGES |
34 | 2 | ======= | 2 | ======= |
35 | 3 | 3 | ||
36 | 4 | 2015.1.1 | ||
37 | 5 | -------- | ||
38 | 6 | |||
39 | 7 | * Updated from global requirements | ||
40 | 8 | * Set vpn agent's agent_state['binary'] attribute | ||
41 | 9 | * Fix failures for integration tests | ||
42 | 10 | * VPNaaS: Fix breakage in status reporting | ||
43 | 11 | * Libreswan driver support in VPNaaS | ||
44 | 12 | * Provide Fedora support for StrongSwan | ||
45 | 13 | * Bump pre-release to 2015.1.1 | ||
46 | 14 | |||
47 | 4 | 2015.1.0 | 15 | 2015.1.0 |
48 | 5 | -------- | 16 | -------- |
49 | 6 | 17 | ||
50 | 7 | 18 | ||
51 | === modified file 'PKG-INFO' | |||
52 | --- PKG-INFO 2015-04-30 18:32:31 +0000 | |||
53 | +++ PKG-INFO 2015-08-04 15:46:24 +0000 | |||
54 | @@ -1,6 +1,6 @@ | |||
55 | 1 | Metadata-Version: 1.1 | 1 | Metadata-Version: 1.1 |
56 | 2 | Name: neutron-vpnaas | 2 | Name: neutron-vpnaas |
58 | 3 | Version: 2015.1.0 | 3 | Version: 2015.1.1 |
59 | 4 | Summary: OpenStack Networking VPN as a Service | 4 | Summary: OpenStack Networking VPN as a Service |
60 | 5 | Home-page: http://www.openstack.org/ | 5 | Home-page: http://www.openstack.org/ |
61 | 6 | Author: OpenStack | 6 | Author: OpenStack |
62 | 7 | 7 | ||
63 | === modified file 'debian/changelog' | |||
64 | --- debian/changelog 2015-04-30 18:32:31 +0000 | |||
65 | +++ debian/changelog 2015-08-04 15:46:24 +0000 | |||
66 | @@ -1,3 +1,14 @@ | |||
67 | 1 | neutron-vpnaas (1:2015.1.1-0ubuntu1) UNRELEASED; urgency=medium | ||
68 | 2 | |||
69 | 3 | * Resynchronize with stable/kilo (9c73c0c) (LP: #1481008): | ||
70 | 4 | - [fb18c46] Set vpn agent's agent_state['binary'] attribute | ||
71 | 5 | - [0ec1668] Fix failures for integration tests | ||
72 | 6 | - [053fd30] VPNaaS: Fix breakage in status reporting | ||
73 | 7 | - [5cc0613] Libreswan driver support in VPNaaS | ||
74 | 8 | - [9c73c0c] Provide Fedora support for StrongSwan | ||
75 | 9 | |||
76 | 10 | -- Corey Bryant <corey.bryant@canonical.com> Tue, 04 Aug 2015 11:31:19 -0400 | ||
77 | 11 | |||
78 | 1 | neutron-vpnaas (1:2015.1.0-0ubuntu1) vivid; urgency=medium | 12 | neutron-vpnaas (1:2015.1.0-0ubuntu1) vivid; urgency=medium |
79 | 2 | 13 | ||
80 | 3 | * New upstream release for OpenStack kilo. (LP: #1449744) | 14 | * New upstream release for OpenStack kilo. (LP: #1449744) |
81 | 4 | 15 | ||
82 | === modified file 'etc/neutron/rootwrap.d/vpnaas.filters' | |||
83 | --- etc/neutron/rootwrap.d/vpnaas.filters 2015-03-30 11:20:04 +0000 | |||
84 | +++ etc/neutron/rootwrap.d/vpnaas.filters 2015-08-04 15:46:24 +0000 | |||
85 | @@ -11,5 +11,6 @@ | |||
86 | 11 | ip: IpFilter, ip, root | 11 | ip: IpFilter, ip, root |
87 | 12 | ip_exec: IpNetnsExecFilter, ip, root | 12 | ip_exec: IpNetnsExecFilter, ip, root |
88 | 13 | ipsec: CommandFilter, ipsec, root | 13 | ipsec: CommandFilter, ipsec, root |
89 | 14 | strongswan: CommandFilter, strongswan, root | ||
90 | 14 | neutron_netns_wrapper: CommandFilter, neutron-vpn-netns-wrapper, root | 15 | neutron_netns_wrapper: CommandFilter, neutron-vpn-netns-wrapper, root |
91 | 15 | neutron_netns_wrapper_local: CommandFilter, /usr/local/bin/neutron-vpn-netns-wrapper, root | 16 | neutron_netns_wrapper_local: CommandFilter, /usr/local/bin/neutron-vpn-netns-wrapper, root |
92 | 16 | 17 | ||
93 | === modified file 'etc/vpn_agent.ini' | |||
94 | --- etc/vpn_agent.ini 2015-03-30 11:20:04 +0000 | |||
95 | +++ etc/vpn_agent.ini 2015-08-04 15:46:24 +0000 | |||
96 | @@ -12,6 +12,8 @@ | |||
97 | 12 | # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver | 12 | # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver |
98 | 13 | # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver | 13 | # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver |
99 | 14 | # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver | 14 | # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver |
100 | 15 | # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.fedora_strongswan_ipsec.FedoraStrongSwanDriver | ||
101 | 16 | # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver | ||
102 | 15 | # vpn_device_driver=another_driver | 17 | # vpn_device_driver=another_driver |
103 | 16 | 18 | ||
104 | 17 | [ipsec] | 19 | [ipsec] |
105 | 18 | 20 | ||
106 | === modified file 'neutron_vpnaas.egg-info/PKG-INFO' | |||
107 | --- neutron_vpnaas.egg-info/PKG-INFO 2015-04-30 18:32:31 +0000 | |||
108 | +++ neutron_vpnaas.egg-info/PKG-INFO 2015-08-04 15:46:24 +0000 | |||
109 | @@ -1,6 +1,6 @@ | |||
110 | 1 | Metadata-Version: 1.1 | 1 | Metadata-Version: 1.1 |
111 | 2 | Name: neutron-vpnaas | 2 | Name: neutron-vpnaas |
113 | 3 | Version: 2015.1.0 | 3 | Version: 2015.1.1 |
114 | 4 | Summary: OpenStack Networking VPN as a Service | 4 | Summary: OpenStack Networking VPN as a Service |
115 | 5 | Home-page: http://www.openstack.org/ | 5 | Home-page: http://www.openstack.org/ |
116 | 6 | Author: OpenStack | 6 | Author: OpenStack |
117 | 7 | 7 | ||
118 | === modified file 'neutron_vpnaas.egg-info/SOURCES.txt' | |||
119 | --- neutron_vpnaas.egg-info/SOURCES.txt 2015-04-30 18:32:31 +0000 | |||
120 | +++ neutron_vpnaas.egg-info/SOURCES.txt 2015-08-04 15:46:24 +0000 | |||
121 | @@ -63,7 +63,9 @@ | |||
122 | 63 | neutron_vpnaas/services/vpn/device_drivers/__init__.py | 63 | neutron_vpnaas/services/vpn/device_drivers/__init__.py |
123 | 64 | neutron_vpnaas/services/vpn/device_drivers/cisco_csr_rest_client.py | 64 | neutron_vpnaas/services/vpn/device_drivers/cisco_csr_rest_client.py |
124 | 65 | neutron_vpnaas/services/vpn/device_drivers/cisco_ipsec.py | 65 | neutron_vpnaas/services/vpn/device_drivers/cisco_ipsec.py |
125 | 66 | neutron_vpnaas/services/vpn/device_drivers/fedora_strongswan_ipsec.py | ||
126 | 66 | neutron_vpnaas/services/vpn/device_drivers/ipsec.py | 67 | neutron_vpnaas/services/vpn/device_drivers/ipsec.py |
127 | 68 | neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py | ||
128 | 67 | neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py | 69 | neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py |
129 | 68 | neutron_vpnaas/services/vpn/device_drivers/vyatta_ipsec.py | 70 | neutron_vpnaas/services/vpn/device_drivers/vyatta_ipsec.py |
130 | 69 | neutron_vpnaas/services/vpn/device_drivers/template/openswan/ipsec.conf.template | 71 | neutron_vpnaas/services/vpn/device_drivers/template/openswan/ipsec.conf.template |
131 | 70 | 72 | ||
132 | === modified file 'neutron_vpnaas.egg-info/pbr.json' | |||
133 | --- neutron_vpnaas.egg-info/pbr.json 2015-04-30 18:32:31 +0000 | |||
134 | +++ neutron_vpnaas.egg-info/pbr.json 2015-08-04 15:46:24 +0000 | |||
135 | @@ -1,1 +1,1 @@ | |||
136 | 1 | {"is_release": true, "git_version": "eca9e87"} | ||
137 | 2 | \ No newline at end of file | 1 | \ No newline at end of file |
138 | 2 | {"is_release": true, "git_version": "db6dfc8"} | ||
139 | 3 | \ No newline at end of file | 3 | \ No newline at end of file |
140 | 4 | 4 | ||
141 | === modified file 'neutron_vpnaas.egg-info/requires.txt' | |||
142 | --- neutron_vpnaas.egg-info/requires.txt 2015-04-10 10:27:42 +0000 | |||
143 | +++ neutron_vpnaas.egg-info/requires.txt 2015-08-04 15:46:24 +0000 | |||
144 | @@ -1,14 +1,14 @@ | |||
148 | 1 | pbr>=0.6,!=0.7,<1.0 | 1 | pbr!=0.7,<1.0,>=0.6 |
149 | 2 | requests>=2.2.0,!=2.4.0 | 2 | requests!=2.4.0,>=2.2.0 |
150 | 3 | Jinja2>=2.6 # BSD License3 clause | 3 | Jinja2>=2.6 # BSD License3 clause |
151 | 4 | netaddr>=0.7.12 | 4 | netaddr>=0.7.12 |
153 | 5 | SQLAlchemy>=0.9.7,<=0.9.99 | 5 | SQLAlchemy<=0.9.99,>=0.9.7 |
154 | 6 | alembic>=0.7.2 | 6 | alembic>=0.7.2 |
155 | 7 | six>=1.9.0 | 7 | six>=1.9.0 |
163 | 8 | oslo.concurrency>=1.8.0,<1.9.0 # Apache-2.0 | 8 | oslo.concurrency<1.9.0,>=1.8.0 # Apache-2.0 |
164 | 9 | oslo.config>=1.9.3,<1.10.0 # Apache-2.0 | 9 | oslo.config<1.10.0,>=1.9.3 # Apache-2.0 |
165 | 10 | oslo.db>=1.7.0,<1.8.0 # Apache-2.0 | 10 | oslo.db<1.8.0,>=1.7.0 # Apache-2.0 |
166 | 11 | oslo.log>=1.0.0,<1.1.0 # Apache-2.0 | 11 | oslo.log<1.1.0,>=1.0.0 # Apache-2.0 |
167 | 12 | oslo.messaging>=1.8.0,<1.9.0 # Apache-2.0 | 12 | oslo.messaging<1.9.0,>=1.8.0 # Apache-2.0 |
168 | 13 | oslo.serialization>=1.4.0,<1.5.0 # Apache-2.0 | 13 | oslo.serialization<1.5.0,>=1.4.0 # Apache-2.0 |
169 | 14 | oslo.utils>=1.4.0,<1.5.0 # Apache-2.0 | 14 | oslo.utils<1.5.0,>=1.4.0 # Apache-2.0 |
170 | 15 | 15 | ||
171 | === modified file 'neutron_vpnaas/services/vpn/agent.py' | |||
172 | --- neutron_vpnaas/services/vpn/agent.py 2015-04-10 10:27:42 +0000 | |||
173 | +++ neutron_vpnaas/services/vpn/agent.py 2015-08-04 15:46:24 +0000 | |||
174 | @@ -34,6 +34,7 @@ | |||
175 | 34 | """VPNAgent class which can handle vpn service drivers.""" | 34 | """VPNAgent class which can handle vpn service drivers.""" |
176 | 35 | def __init__(self, host, conf=None): | 35 | def __init__(self, host, conf=None): |
177 | 36 | super(VPNAgent, self).__init__(host=host, conf=conf) | 36 | super(VPNAgent, self).__init__(host=host, conf=conf) |
178 | 37 | self.agent_state['binary'] = 'neutron-vpn-agent' | ||
179 | 37 | self.service = vpn_service.VPNService(self) | 38 | self.service = vpn_service.VPNService(self) |
180 | 38 | self.device_drivers = self.service.load_device_drivers(host) | 39 | self.device_drivers = self.service.load_device_drivers(host) |
181 | 39 | 40 | ||
182 | 40 | 41 | ||
183 | === added file 'neutron_vpnaas/services/vpn/device_drivers/fedora_strongswan_ipsec.py' | |||
184 | --- neutron_vpnaas/services/vpn/device_drivers/fedora_strongswan_ipsec.py 1970-01-01 00:00:00 +0000 | |||
185 | +++ neutron_vpnaas/services/vpn/device_drivers/fedora_strongswan_ipsec.py 2015-08-04 15:46:24 +0000 | |||
186 | @@ -0,0 +1,107 @@ | |||
187 | 1 | # Copyright (c) 2015 IBM, Inc. | ||
188 | 2 | # All Rights Reserved. | ||
189 | 3 | # | ||
190 | 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
191 | 5 | # not use this file except in compliance with the License. You may obtain | ||
192 | 6 | # a copy of the License at | ||
193 | 7 | # | ||
194 | 8 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
195 | 9 | # | ||
196 | 10 | # Unless required by applicable law or agreed to in writing, software | ||
197 | 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
198 | 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
199 | 13 | # License for the specific language governing permissions and limitations | ||
200 | 14 | # under the License. | ||
201 | 15 | |||
202 | 16 | import os | ||
203 | 17 | |||
204 | 18 | from oslo_config import cfg | ||
205 | 19 | from oslo_log import log as logging | ||
206 | 20 | |||
207 | 21 | from neutron_vpnaas.services.vpn.device_drivers import ipsec | ||
208 | 22 | from neutron_vpnaas.services.vpn.device_drivers import strongswan_ipsec | ||
209 | 23 | |||
210 | 24 | LOG = logging.getLogger(__name__) | ||
211 | 25 | TEMPLATE_PATH = os.path.dirname(os.path.abspath(__file__)) | ||
212 | 26 | |||
213 | 27 | cfg.CONF.set_default(name='default_config_area', | ||
214 | 28 | default=os.path.join( | ||
215 | 29 | TEMPLATE_PATH, | ||
216 | 30 | '/usr/share/strongswan/templates/' | ||
217 | 31 | 'config/strongswan.d'), | ||
218 | 32 | group='strongswan') | ||
219 | 33 | |||
220 | 34 | |||
221 | 35 | class FedoraStrongSwanProcess(strongswan_ipsec.StrongSwanProcess): | ||
222 | 36 | |||
223 | 37 | binary = 'strongswan' | ||
224 | 38 | CONFIG_DIRS = [ | ||
225 | 39 | 'var/run', | ||
226 | 40 | 'log', | ||
227 | 41 | 'etc', | ||
228 | 42 | 'etc/strongswan/ipsec.d/aacerts', | ||
229 | 43 | 'etc/strongswan/ipsec.d/acerts', | ||
230 | 44 | 'etc/strongswan/ipsec.d/cacerts', | ||
231 | 45 | 'etc/strongswan/ipsec.d/certs', | ||
232 | 46 | 'etc/strongswan/ipsec.d/crls', | ||
233 | 47 | 'etc/strongswan/ipsec.d/ocspcerts', | ||
234 | 48 | 'etc/strongswan/ipsec.d/policies', | ||
235 | 49 | 'etc/strongswan/ipsec.d/private', | ||
236 | 50 | 'etc/strongswan/ipsec.d/reqs', | ||
237 | 51 | 'etc/pki/nssdb/' | ||
238 | 52 | ] | ||
239 | 53 | STATUS_NOT_RUNNING_RE = ('Command:.*[ipsec|strongswan].*status.*' | ||
240 | 54 | 'Exit code: [1|3] ') | ||
241 | 55 | |||
242 | 56 | def __init__(self, conf, process_id, vpnservice, namespace): | ||
243 | 57 | super(FedoraStrongSwanProcess, self).__init__(conf, process_id, | ||
244 | 58 | vpnservice, namespace) | ||
245 | 59 | |||
246 | 60 | def ensure_configs(self): | ||
247 | 61 | """Generate config files which are needed for StrongSwan. | ||
248 | 62 | |||
249 | 63 | If there is no directory, this function will create | ||
250 | 64 | dirs. | ||
251 | 65 | """ | ||
252 | 66 | self.ensure_config_dir(self.vpnservice) | ||
253 | 67 | self.ensure_config_file( | ||
254 | 68 | 'ipsec.conf', | ||
255 | 69 | cfg.CONF.strongswan.ipsec_config_template, | ||
256 | 70 | self.vpnservice) | ||
257 | 71 | self.ensure_config_file( | ||
258 | 72 | 'strongswan.conf', | ||
259 | 73 | cfg.CONF.strongswan.strongswan_config_template, | ||
260 | 74 | self.vpnservice) | ||
261 | 75 | self.ensure_config_file( | ||
262 | 76 | 'ipsec.secrets', | ||
263 | 77 | cfg.CONF.strongswan.ipsec_secret_template, | ||
264 | 78 | self.vpnservice) | ||
265 | 79 | self.copy_and_overwrite(cfg.CONF.strongswan.default_config_area, | ||
266 | 80 | self._get_config_filename('strongswan.d')) | ||
267 | 81 | # Fedora uses /usr/share/strongswan/templates/config/ as strongswan | ||
268 | 82 | # template directory. But /usr/share/strongswan/templates/config/ | ||
269 | 83 | # strongswan.d does not include charon. Those configuration files | ||
270 | 84 | # are in /usr/share/strongswan/templates/config/plugins directory. | ||
271 | 85 | charon_dir = os.path.join( | ||
272 | 86 | cfg.CONF.strongswan.default_config_area, | ||
273 | 87 | 'charon') | ||
274 | 88 | if not os.path.exists(charon_dir): | ||
275 | 89 | plugins_dir = os.path.join( | ||
276 | 90 | cfg.CONF.strongswan.default_config_area, '../plugins') | ||
277 | 91 | self.copy_and_overwrite( | ||
278 | 92 | plugins_dir, | ||
279 | 93 | self._get_config_filename('strongswan.d/charon')) | ||
280 | 94 | |||
281 | 95 | def _get_config_filename(self, kind): | ||
282 | 96 | config_dir = '%s/strongswan' % self.etc_dir | ||
283 | 97 | return os.path.join(config_dir, kind) | ||
284 | 98 | |||
285 | 99 | |||
286 | 100 | class FedoraStrongSwanDriver(ipsec.IPsecDriver): | ||
287 | 101 | |||
288 | 102 | def create_process(self, process_id, vpnservice, namespace): | ||
289 | 103 | return FedoraStrongSwanProcess( | ||
290 | 104 | self.conf, | ||
291 | 105 | process_id, | ||
292 | 106 | vpnservice, | ||
293 | 107 | namespace) | ||
294 | 0 | 108 | ||
295 | === modified file 'neutron_vpnaas/services/vpn/device_drivers/ipsec.py' | |||
296 | --- neutron_vpnaas/services/vpn/device_drivers/ipsec.py 2015-04-10 10:27:42 +0000 | |||
297 | +++ neutron_vpnaas/services/vpn/device_drivers/ipsec.py 2015-08-04 15:46:24 +0000 | |||
298 | @@ -298,16 +298,17 @@ | |||
299 | 298 | self.STATUS_MAP[status]) | 298 | self.STATUS_MAP[status]) |
300 | 299 | 299 | ||
301 | 300 | def _record_connection_status(self, connection_id, status, | 300 | def _record_connection_status(self, connection_id, status, |
304 | 301 | updated_pending_status=False): | 301 | force_status_update=False): |
305 | 302 | if not self.connection_status.get(connection_id): | 302 | conn_info = self.connection_status.get(connection_id) |
306 | 303 | if not conn_info: | ||
307 | 303 | self.connection_status[connection_id] = { | 304 | self.connection_status[connection_id] = { |
308 | 304 | 'status': status, | 305 | 'status': status, |
310 | 305 | 'updated_pending_status': updated_pending_status | 306 | 'updated_pending_status': force_status_update |
311 | 306 | } | 307 | } |
312 | 307 | else: | 308 | else: |
316 | 308 | self.connection_status[connection_id]['status'] = status | 309 | conn_info['status'] = status |
317 | 309 | self.connection_status[connection_id]['updated_pending_status'] = ( | 310 | if force_status_update: |
318 | 310 | updated_pending_status) | 311 | conn_info['updated_pending_status'] = True |
319 | 311 | 312 | ||
320 | 312 | 313 | ||
321 | 313 | class OpenSwanProcess(BaseSwanProcess): | 314 | class OpenSwanProcess(BaseSwanProcess): |
322 | @@ -380,7 +381,7 @@ | |||
323 | 380 | ip_addr = self._resolve_fqdn(address) | 381 | ip_addr = self._resolve_fqdn(address) |
324 | 381 | if not ip_addr: | 382 | if not ip_addr: |
325 | 382 | self._record_connection_status(connection_id, constants.ERROR, | 383 | self._record_connection_status(connection_id, constants.ERROR, |
327 | 383 | updated_pending_status=True) | 384 | force_status_update=True) |
328 | 384 | raise vpnaas.VPNPeerAddressNotResolved(peer_address=address) | 385 | raise vpnaas.VPNPeerAddressNotResolved(peer_address=address) |
329 | 385 | else: | 386 | else: |
330 | 386 | ip_addr = address | 387 | ip_addr = address |
331 | 387 | 388 | ||
332 | === added file 'neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py' | |||
333 | --- neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py 1970-01-01 00:00:00 +0000 | |||
334 | +++ neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py 2015-08-04 15:46:24 +0000 | |||
335 | @@ -0,0 +1,50 @@ | |||
336 | 1 | # Copyright (c) 2015 Red Hat, Inc. | ||
337 | 2 | # All Rights Reserved. | ||
338 | 3 | # | ||
339 | 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
340 | 5 | # not use this file except in compliance with the License. You may obtain | ||
341 | 6 | # a copy of the License at | ||
342 | 7 | # | ||
343 | 8 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
344 | 9 | # | ||
345 | 10 | # Unless required by applicable law or agreed to in writing, software | ||
346 | 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
347 | 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
348 | 13 | # License for the specific language governing permissions and limitations | ||
349 | 14 | # under the License. | ||
350 | 15 | from neutron_vpnaas.services.vpn.device_drivers import ipsec | ||
351 | 16 | |||
352 | 17 | |||
353 | 18 | class LibreSwanProcess(ipsec.OpenSwanProcess): | ||
354 | 19 | """Libreswan Process manager class. | ||
355 | 20 | |||
356 | 21 | Libreswan needs nssdb initialised before running pluto daemon. | ||
357 | 22 | """ | ||
358 | 23 | def __init__(self, conf, process_id, vpnservice, namespace): | ||
359 | 24 | super(LibreSwanProcess, self).__init__(conf, process_id, | ||
360 | 25 | vpnservice, namespace) | ||
361 | 26 | |||
362 | 27 | def ensure_configs(self): | ||
363 | 28 | """Generate config files which are needed for Libreswan. | ||
364 | 29 | |||
365 | 30 | Initialise the nssdb, otherwise pluto daemon will fail to run. | ||
366 | 31 | """ | ||
367 | 32 | super(LibreSwanProcess, self).ensure_configs() | ||
368 | 33 | # Load the ipsec kernel module if not loaded | ||
369 | 34 | self._execute([self.binary, '_stackmanager', 'start']) | ||
370 | 35 | # checknss creates nssdb only if it is missing | ||
371 | 36 | # It is added in Libreswan version v3.10 | ||
372 | 37 | # For prior versions use initnss | ||
373 | 38 | try: | ||
374 | 39 | self._execute([self.binary, 'checknss', self.etc_dir]) | ||
375 | 40 | except RuntimeError: | ||
376 | 41 | self._execute([self.binary, 'initnss', self.etc_dir]) | ||
377 | 42 | |||
378 | 43 | |||
379 | 44 | class LibreSwanDriver(ipsec.IPsecDriver): | ||
380 | 45 | def create_process(self, process_id, vpnservice, namespace): | ||
381 | 46 | return LibreSwanProcess( | ||
382 | 47 | self.conf, | ||
383 | 48 | process_id, | ||
384 | 49 | vpnservice, | ||
385 | 50 | namespace) | ||
386 | 0 | 51 | ||
387 | === modified file 'neutron_vpnaas/tests/unit/db/vpn/test_vpn_db.py' | |||
388 | --- neutron_vpnaas/tests/unit/db/vpn/test_vpn_db.py 2015-04-10 10:27:42 +0000 | |||
389 | +++ neutron_vpnaas/tests/unit/db/vpn/test_vpn_db.py 2015-08-04 15:46:24 +0000 | |||
390 | @@ -453,6 +453,16 @@ | |||
391 | 453 | 453 | ||
392 | 454 | class TestVpnaas(VPNPluginDbTestCase): | 454 | class TestVpnaas(VPNPluginDbTestCase): |
393 | 455 | 455 | ||
394 | 456 | def setUp(self, **kwargs): | ||
395 | 457 | # TODO(armax): this is far from being a unit test case, as it tests | ||
396 | 458 | # that multiple parties (core + vpn) are integrated properly and | ||
397 | 459 | # should be replaced by API test that do not rely on so much mocking. | ||
398 | 460 | # NOTE(armax): make sure that the callbacks needed by this test are | ||
399 | 461 | # registered, as they may get wiped out depending by the order in | ||
400 | 462 | # which imports, subscriptions and mocks occur. | ||
401 | 463 | super(TestVpnaas, self).setUp(**kwargs) | ||
402 | 464 | vpn_db.subscribe() | ||
403 | 465 | |||
404 | 456 | def _check_policy(self, policy, keys, lifetime): | 466 | def _check_policy(self, policy, keys, lifetime): |
405 | 457 | for k, v in keys: | 467 | for k, v in keys: |
406 | 458 | self.assertEqual(policy[k], v) | 468 | self.assertEqual(policy[k], v) |
407 | 459 | 469 | ||
408 | === modified file 'neutron_vpnaas/tests/unit/services/vpn/device_drivers/test_ipsec.py' | |||
409 | --- neutron_vpnaas/tests/unit/services/vpn/device_drivers/test_ipsec.py 2015-04-10 10:27:42 +0000 | |||
410 | +++ neutron_vpnaas/tests/unit/services/vpn/device_drivers/test_ipsec.py 2015-08-04 15:46:24 +0000 | |||
411 | @@ -25,7 +25,9 @@ | |||
412 | 25 | from oslo_config import cfg | 25 | from oslo_config import cfg |
413 | 26 | 26 | ||
414 | 27 | from neutron_vpnaas.extensions import vpnaas | 27 | from neutron_vpnaas.extensions import vpnaas |
415 | 28 | from neutron_vpnaas.services.vpn.device_drivers import fedora_strongswan_ipsec | ||
416 | 28 | from neutron_vpnaas.services.vpn.device_drivers import ipsec as ipsec_driver | 29 | from neutron_vpnaas.services.vpn.device_drivers import ipsec as ipsec_driver |
417 | 30 | from neutron_vpnaas.services.vpn.device_drivers import libreswan_ipsec | ||
418 | 29 | from neutron_vpnaas.services.vpn.device_drivers import strongswan_ipsec | 31 | from neutron_vpnaas.services.vpn.device_drivers import strongswan_ipsec |
419 | 30 | from neutron_vpnaas.tests import base | 32 | from neutron_vpnaas.tests import base |
420 | 31 | 33 | ||
421 | @@ -643,6 +645,36 @@ | |||
422 | 643 | self.driver.connection_status) | 645 | self.driver.connection_status) |
423 | 644 | 646 | ||
424 | 645 | 647 | ||
425 | 648 | class TestLibreSwanProcess(base.BaseTestCase): | ||
426 | 649 | def setUp(self): | ||
427 | 650 | super(TestLibreSwanProcess, self).setUp() | ||
428 | 651 | self.ipsec_process = libreswan_ipsec.LibreSwanProcess(mock.ANY, | ||
429 | 652 | 'foo-process-id', | ||
430 | 653 | FAKE_VPN_SERVICE, | ||
431 | 654 | mock.ANY) | ||
432 | 655 | |||
433 | 656 | def test_ensure_configs(self): | ||
434 | 657 | ipsec_driver.OpenSwanProcess.ensure_configs = mock.Mock() | ||
435 | 658 | with mock.patch.object(self.ipsec_process, '_execute') as fake_execute: | ||
436 | 659 | self.ipsec_process.ensure_configs() | ||
437 | 660 | expected = [mock.call(['ipsec', '_stackmanager', 'start']), | ||
438 | 661 | mock.call(['ipsec', 'checknss', | ||
439 | 662 | self.ipsec_process.etc_dir])] | ||
440 | 663 | fake_execute.assert_has_calls(expected) | ||
441 | 664 | self.assertEqual(fake_execute.call_count, 2) | ||
442 | 665 | |||
443 | 666 | with mock.patch.object(self.ipsec_process, '_execute') as fake_execute: | ||
444 | 667 | fake_execute.side_effect = [None, RuntimeError, None] | ||
445 | 668 | self.ipsec_process.ensure_configs() | ||
446 | 669 | expected = [mock.call(['ipsec', '_stackmanager', 'start']), | ||
447 | 670 | mock.call(['ipsec', 'checknss', | ||
448 | 671 | self.ipsec_process.etc_dir]), | ||
449 | 672 | mock.call(['ipsec', 'initnss', | ||
450 | 673 | self.ipsec_process.etc_dir])] | ||
451 | 674 | fake_execute.assert_has_calls(expected) | ||
452 | 675 | self.assertEqual(fake_execute.call_count, 3) | ||
453 | 676 | |||
454 | 677 | |||
455 | 646 | class IPsecStrongswanDeviceDriverLegacy(IPSecDeviceLegacy): | 678 | class IPsecStrongswanDeviceDriverLegacy(IPSecDeviceLegacy): |
456 | 647 | def setUp(self, driver=strongswan_ipsec.StrongSwanDriver, | 679 | def setUp(self, driver=strongswan_ipsec.StrongSwanDriver, |
457 | 648 | ipsec_process='strongswan_ipsec.StrongSwanProcess'): | 680 | ipsec_process='strongswan_ipsec.StrongSwanProcess'): |
458 | @@ -738,3 +770,20 @@ | |||
459 | 738 | ipsec_process='strongswan_ipsec.StrongSwanProcess'): | 770 | ipsec_process='strongswan_ipsec.StrongSwanProcess'): |
460 | 739 | super(IPsecStrongswanDeviceDriverDVR, self).setUp(driver, | 771 | super(IPsecStrongswanDeviceDriverDVR, self).setUp(driver, |
461 | 740 | ipsec_process) | 772 | ipsec_process) |
462 | 773 | |||
463 | 774 | |||
464 | 775 | class IPsecFedoraStrongswanDeviceDriverLegacy( | ||
465 | 776 | IPsecStrongswanDeviceDriverLegacy): | ||
466 | 777 | |||
467 | 778 | def setUp(self, driver=fedora_strongswan_ipsec.FedoraStrongSwanDriver, | ||
468 | 779 | ipsec_process=fedora_strongswan_ipsec.FedoraStrongSwanProcess): | ||
469 | 780 | super(IPsecFedoraStrongswanDeviceDriverLegacy, | ||
470 | 781 | self).setUp(driver, ipsec_process) | ||
471 | 782 | |||
472 | 783 | |||
473 | 784 | class IPsecFedoraStrongswanDeviceDriverDVR(IPSecDeviceDVR): | ||
474 | 785 | |||
475 | 786 | def setUp(self, driver=fedora_strongswan_ipsec.FedoraStrongSwanDriver, | ||
476 | 787 | ipsec_process=fedora_strongswan_ipsec.FedoraStrongSwanProcess): | ||
477 | 788 | super(IPsecFedoraStrongswanDeviceDriverDVR, self).setUp(driver, | ||
478 | 789 | ipsec_process) | ||
479 | 741 | 790 | ||
480 | === modified file 'requirements.txt' | |||
481 | --- requirements.txt 2015-04-30 18:32:31 +0000 | |||
482 | +++ requirements.txt 2015-08-04 15:46:24 +0000 | |||
483 | @@ -1,21 +1,21 @@ | |||
484 | 1 | # The order of packages is significant, because pip processes them in the order | 1 | # The order of packages is significant, because pip processes them in the order |
485 | 2 | # of appearance. Changing the order has an impact on the overall integration | 2 | # of appearance. Changing the order has an impact on the overall integration |
486 | 3 | # process, which may cause wedges in the gate later. | 3 | # process, which may cause wedges in the gate later. |
488 | 4 | pbr>=0.6,!=0.7,<1.0 | 4 | pbr!=0.7,<1.0,>=0.6 |
489 | 5 | 5 | ||
492 | 6 | requests>=2.2.0,!=2.4.0 | 6 | requests!=2.4.0,>=2.2.0 |
493 | 7 | Jinja2>=2.6 # BSD License (3 clause) | 7 | Jinja2>=2.6 # BSD License (3 clause) |
494 | 8 | netaddr>=0.7.12 | 8 | netaddr>=0.7.12 |
496 | 9 | SQLAlchemy>=0.9.7,<=0.9.99 | 9 | SQLAlchemy<=0.9.99,>=0.9.7 |
497 | 10 | alembic>=0.7.2 | 10 | alembic>=0.7.2 |
498 | 11 | six>=1.9.0 | 11 | six>=1.9.0 |
506 | 12 | oslo.concurrency>=1.8.0,<1.9.0 # Apache-2.0 | 12 | oslo.concurrency<1.9.0,>=1.8.0 # Apache-2.0 |
507 | 13 | oslo.config>=1.9.3,<1.10.0 # Apache-2.0 | 13 | oslo.config<1.10.0,>=1.9.3 # Apache-2.0 |
508 | 14 | oslo.db>=1.7.0,<1.8.0 # Apache-2.0 | 14 | oslo.db<1.8.0,>=1.7.0 # Apache-2.0 |
509 | 15 | oslo.log>=1.0.0,<1.1.0 # Apache-2.0 | 15 | oslo.log<1.1.0,>=1.0.0 # Apache-2.0 |
510 | 16 | oslo.messaging>=1.8.0,<1.9.0 # Apache-2.0 | 16 | oslo.messaging<1.9.0,>=1.8.0 # Apache-2.0 |
511 | 17 | oslo.serialization>=1.4.0,<1.5.0 # Apache-2.0 | 17 | oslo.serialization<1.5.0,>=1.4.0 # Apache-2.0 |
512 | 18 | oslo.utils>=1.4.0,<1.5.0 # Apache-2.0 | 18 | oslo.utils<1.5.0,>=1.4.0 # Apache-2.0 |
513 | 19 | 19 | ||
514 | 20 | # This project does depend on neutron as a library, but the | 20 | # This project does depend on neutron as a library, but the |
515 | 21 | # openstack tooling does not play nicely with projects that | 21 | # openstack tooling does not play nicely with projects that |
516 | 22 | 22 | ||
517 | === modified file 'setup.cfg' | |||
518 | --- setup.cfg 2015-03-30 11:20:04 +0000 | |||
519 | +++ setup.cfg 2015-08-04 15:46:24 +0000 | |||
520 | @@ -1,6 +1,6 @@ | |||
521 | 1 | [metadata] | 1 | [metadata] |
522 | 2 | name = neutron-vpnaas | 2 | name = neutron-vpnaas |
524 | 3 | version = 2015.1 | 3 | version = 2015.1.1 |
525 | 4 | summary = OpenStack Networking VPN as a Service | 4 | summary = OpenStack Networking VPN as a Service |
526 | 5 | description-file = | 5 | description-file = |
527 | 6 | README.rst | 6 | README.rst |
528 | 7 | 7 | ||
529 | === modified file 'setup.py' | |||
530 | --- setup.py 2015-01-14 11:23:12 +0000 | |||
531 | +++ setup.py 2015-08-04 15:46:24 +0000 | |||
532 | @@ -1,4 +1,3 @@ | |||
533 | 1 | #!/usr/bin/env python | ||
534 | 2 | # Copyright (c) 2013 Hewlett-Packard Development Company, L.P. | 1 | # Copyright (c) 2013 Hewlett-Packard Development Company, L.P. |
535 | 3 | # | 2 | # |
536 | 4 | # Licensed under the Apache License, Version 2.0 (the "License"); | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
537 | 5 | 4 | ||
538 | === modified file 'test-requirements.txt' | |||
539 | --- test-requirements.txt 2015-04-10 10:27:42 +0000 | |||
540 | +++ test-requirements.txt 2015-08-04 15:46:24 +0000 | |||
541 | @@ -1,22 +1,22 @@ | |||
542 | 1 | # The order of packages is significant, because pip processes them in the order | 1 | # The order of packages is significant, because pip processes them in the order |
543 | 2 | # of appearance. Changing the order has an impact on the overall integration | 2 | # of appearance. Changing the order has an impact on the overall integration |
544 | 3 | # process, which may cause wedges in the gate later. | 3 | # process, which may cause wedges in the gate later. |
546 | 4 | hacking>=0.10.0,<0.11 | 4 | hacking<0.11,>=0.10.0 |
547 | 5 | 5 | ||
549 | 6 | cliff>=1.10.0,<1.11.0 # Apache-2.0 | 6 | cliff<1.11.0,>=1.10.0 # Apache-2.0 |
550 | 7 | coverage>=3.6 | 7 | coverage>=3.6 |
551 | 8 | discover | 8 | discover |
554 | 9 | fixtures>=0.3.14 | 9 | fixtures<1.3.0,>=0.3.14 |
555 | 10 | mock>=1.0 | 10 | mock<1.1.0,>=1.0 |
556 | 11 | python-subunit>=0.0.18 | 11 | python-subunit>=0.0.18 |
560 | 12 | requests-mock>=0.6.0 # Apache-2.0 | 12 | requests-mock>=0.6.0 # Apache-2.0 |
561 | 13 | sphinx>=1.1.2,!=1.2.0,!=1.3b1,<1.3 | 13 | sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2 |
562 | 14 | oslosphinx>=2.5.0,<2.6.0 # Apache-2.0 | 14 | oslosphinx<2.6.0,>=2.5.0 # Apache-2.0 |
563 | 15 | testrepository>=0.0.18 | 15 | testrepository>=0.0.18 |
565 | 16 | testtools>=0.9.36,!=1.2.0 | 16 | testtools!=1.2.0,>=0.9.36 |
566 | 17 | testscenarios>=0.4 | 17 | testscenarios>=0.4 |
567 | 18 | WebOb>=1.2.3 | 18 | WebOb>=1.2.3 |
568 | 19 | WebTest>=2.0 | 19 | WebTest>=2.0 |
570 | 20 | oslotest>=1.5.1,<1.6.0 # Apache-2.0 | 20 | oslotest<1.6.0,>=1.5.1 # Apache-2.0 |
571 | 21 | psycopg2 | 21 | psycopg2 |
572 | 22 | MySQL-python | 22 | MySQL-python |
I've uploaded this to the archive and will let the Package Import Robot commit the branch changes.