Adding VPNaaS to an OpenStack Zed setup

First of all, sorry if I'm using the wrong category, group or whatever. This is my first every question here.

I've setup Openstack with this documentation https://docs.openstack.org/install-guide/ followed by the installation of keystone, glance, nova, neutron, horizon from here https://docs.openstack.org/install-guide/openstack-services.html#minimal-deployment-for-yoga (except I used zed instead of yoga). Now I managed to install FWaaS from here: https://docs.openstack.org/neutron/zed/admin/fwaas-v2-scenario.html but I also need VPNaaS for my project. When following this guide https://docs.openstack.org/neutron/zed/admin/vpnaas-scenario.html I can't make it work. Everytime I restart neutron it failes

2023-02-26 09:17:25.217 895152 ERROR neutron_lib.utils.runtime [req-a32b0298-9d9f-49c9-a0fb-d914020d1edd - - - - -] Error loading class by alias: stevedore.exception.NoMatches: No 'neutron.service_plugins' driver found, looking for 'vpnaas'
2023-02-26 09:17:25.217 895152 ERROR neutron_lib.utils.runtime Traceback (most recent call last):
2023-02-26 09:17:25.217 895152 ERROR neutron_lib.utils.runtime   File "/usr/lib/python3/dist-packages/neutron_lib/utils/runtime.py", line 113, in load_class_by_alias_or_classname
2023-02-26 09:17:25.217 895152 ERROR neutron_lib.utils.runtime     mgr = driver.DriverManager(
2023-02-26 09:17:25.217 895152 ERROR neutron_lib.utils.runtime   File "/usr/lib/python3/dist-packages/stevedore/driver.py", line 53, in __init__
2023-02-26 09:17:25.217 895152 ERROR neutron_lib.utils.runtime     super(DriverManager, self).__init__(
2023-02-26 09:17:25.217 895152 ERROR neutron_lib.utils.runtime   File "/usr/lib/python3/dist-packages/stevedore/named.py", line 89, in __init__
2023-02-26 09:17:25.217 895152 ERROR neutron_lib.utils.runtime     self._init_plugins(extensions)
2023-02-26 09:17:25.217 895152 ERROR neutron_lib.utils.runtime   File "/usr/lib/python3/dist-packages/stevedore/driver.py", line 112, in _init_plugins
2023-02-26 09:17:25.217 895152 ERROR neutron_lib.utils.runtime     raise NoMatches('No %r driver found, looking for %r' %
2023-02-26 09:17:25.217 895152 ERROR neutron_lib.utils.runtime stevedore.exception.NoMatches: No 'neutron.service_plugins' driver found, looking for 'vpnaas'
2023-02-26 09:17:25.217 895152 ERROR neutron_lib.utils.runtime
2023-02-26 09:17:25.218 895152 ERROR neutron_lib.utils.runtime [req-a32b0298-9d9f-49c9-a0fb-d914020d1edd - - - - -] Error loading class by class name: ValueError: Empty module name

There's more but it seems that with the installation I did the vpnaas is like non "existing" but I don't know how I should add or install it.

I tried several things like installing "pip install neutron-vpnaas", downloading the latest here https://tarballs.opendev.org/openstack/neutron-vpnaas/neutron-vpnaas-21.0.0.tar.gz and running the setup "sudo python3 setup.py install"...that probably broke my test environment, that I will have to setup completely new when I'm home.

But I thought it might be worth asking here as the installation is sometimes tricky and could have a cleaner structure. Maybe it's something obvious that other people encountered during the installation too.

Thanks for any help in advance!

Greetings

Edit after running python3-neutron-vpnaas:

When adding vpnaas to neutron the log shows:

The Log shows this: '2023-03-04 16:45:48.055 277379 INFO neutron.manager [req-493ddd6c-a9d0-417e-99c1-05d049749a71 - - - - -] Loading Plugin: vpnaas 2023-03-04 16:45:48.070 277379 WARNING stevedore.named [req-493ddd6c-a9d0-417e-99c1-05d049749a71 - - - - -] Could not load neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver 2023-03-04 16:45:48.070 277379 ERROR neutron.services.service_base [req-493ddd6c-a9d0-417e-99c1-05d049749a71 - - - - -] No providers specified for 'VPN' service, exiting'

the neutron.conf:



    [DEFAULT]
core_plugin = ml2
auth_strategy = keystone

#service_plugins = router,firewall_v2,vpnaas  ## when enable = failure
service_plugins = router,firewall_v2

allow_overlapping_ips = true
transport_url = rabbit://openstack:password@192.168.1.241


[agent]

root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"



[cors]


[database]
connection = mysql+pymysql://neutron:password@192.168.1.241/neutron


[ironic]


[keystone_authtoken]

www_authenticate_uri = http://192.168.1.241:5000
memcached_servers = 192.168.1.241:11211
auth_type = password
auth_url = http://192.168.1.241:5000
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = ----PWREMOVED-----

[nova]

region_name = RegionOne
auth_url = http://192.168.1.241:5000
password = ----PWREMOVED-----
project_domain_name = default
project_name = service
user_domain_name = default
username = nova


[oslo_concurrency]

lock_path = /var/lib/neutron/tmp


[oslo_messaging_amqp]


[oslo_messaging_kafka]


[oslo_messaging_notifications]


[oslo_messaging_rabbit]


[oslo_middleware]


[oslo_policy]


[privsep]


[quotas]


[ssl]


[service_providers]
service_provider = FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default

As describes in the guide https://docs.openstack.org/neutron/zed/admin/vpnaas-scenario.html the /etc/neutron/neutron_vpnaas.conf looks like this:

[DEFAULT]


[service_providers]
service_provider = VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

And the l3_agent.ini:

[DEFAULT]

interface_driver = linuxbridge


[agent]
extensions = fwaas_v2,vpnaas


[network_log]


[ovs]


[vpnagent]
vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver

EDIT after removing fwaas from service settings:

When fwaas is not configured in the corresponding files and vpnaas is configured, the neutron service starts but I think both servcies are not installed completely when just follwing these two documentations. FWaaS Openstack Guide and VPNaaS Openstack Guide. Because listing the options in the cli openstack .... the vpn option is not listet, from the fwaas the options were visible when enabled.

Solution

Okay, finally this seems to be working.Thank you eblock! In order to have FWaaS and VPNaas running, i did the following: Install the additional packages:

python3-neutron-fwaas
python3-neutron-vpnaas
neutron-fwaas-common

and my configuration files: /etc/neutron/neutron_vpnaas.conf & neutron_fwaas.conf --> nothing in it excep for the "headers" like [DEFAULT] etc..

/etc/neutron/neutron.conf

...
[DEFAULT]
service_plugins = router,firewall_v2,vpnaas
...
[service_providers]
service_provider = FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default
service_provider = VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

/etc/neutron/plugins/ml2/ml2_conf.ini

...
[agent]
extensions = fwaas_v2

[fwaas]
firewall_l2_driver = noop

/etc/neutron/fwaas_driver.ini

...
[fwaas]
agent_version = v2
driver = neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver
enabled = True

And don't forget /etc/neutron/l3_agent.ini:

...
[agent]
extensions = fwaas_v2,vpnaas
...
[vpnagent]
vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver

I hope that's really all and I can now test and build what I need with it.