=============================== Configuring VPNaaS for DevStack =============================== ----------------------- Multinode vs All-In-One ----------------------- Devstack typically runs in single or "All-In-One" (AIO) mode. However, it can also be deployed to run on multiple nodes. For VPNaaS, running on an AIO setup is simple, as everything happens on the same node. However, to deploy to a multinode setup requires the following things to happen: #. Each controller node requires database migrations in support of running VPNaaS. #. Each network node that would run the L3 agent needs to run the Neutron VPNaaS agent in its place. Therefore, the devstack plugin script needs some extra logic. ---------------- How to Configure ---------------- To configure VPNaaS, it is only necessary to enable the neutron-vpnaas devstack plugin by adding the following line to the [[local|localrc]] section of devstack's local.conf file:: enable_plugin neutron-vpnaas [BRANCH] is the URL of a neutron-vpnaas repository [BRANCH] is an optional git ref (branch/ref/tag). The default is master. For example:: enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas stable/kilo The default implementation for IPSEC package under DevStack is 'openswan'. However, depending upon the Linux distribution, you may need to override this value. Select 'libreswan' for Fedora/RHEL/CentOS or 'strongswan' for Ubuntu 14.4.04+:: For example, install libreswan for CentOS/RHEL 7:: IPSEC_PACKAGE=libreswan This VPNaaS devstack plugin code will then #. Install the common VPNaaS configuration and code, #. Apply database migrations on nodes that are running the controller (as determined by enabling the q-svc service), #. Run the VPNaaS agent on nodes that would normally be running the L3 agent (as determined by enabling the q-l3 service).