VPNaaS' vpn service remains in PENDING_CREATE
[root@controller ~(keystone_admin)]# neutron ipsec-site-connection-list
+--------------------------------------+-----------+----------------+-----------+----------------+
| id | name | peer_address | auth_mode | status |
+--------------------------------------+-----------+----------------+-----------+----------------+
| 25efc727-891b-4115-a4cb-a9b133837381 | conn_west | 192.168.140.54 | psk | PENDING_CREATE |
| b2a4c39c-a7e1-456c-88cd-43ce558b4f11 | conn_east | 192.168.140.52 | psk | PENDING_CREATE |
+--------------------------------------+-----------+----------------+-----------+----------------+
[root@controller ~(keystone_admin)]#
Why the vpn is down here ?
[root@controller ~(keystone_admin)]# neutron net-list
+--------------------------------------+-----------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+-----------+-------------------------------------------------------+
| 0ce504f2-a04f-4466-ac3d-55116ae9ea3f | net_west | f5270e49-3e01-498b-a483-76f508f96f2d 192.168.1.0/24 |
| 499149be-5c9d-44fc-9a0f-0cb33685c965 | Public-Nw | 6e497b30-bf53-4f53-844d-262b1b9ff89b 192.168.140.0/24 |
| ae06999d-167b-44d1-bf68-0b9d7f0b5773 | net_east | 34fe0a1f-4e89-469a-9240-752990e1ad3f 192.168.2.0/24 |
+--------------------------------------+-----------+-------------------------------------------------------+
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]# neutron port-list -c fixed_ips -c device_id -c device_owner|grep router_gateway
| {"subnet_id": "6e497b30-bf53-4f53-844d-262b1b9ff89b", "ip_address": "192.168.140.54"} | c720c1a7-5e88-4c34-a423-c91a125d41bb | network:router_gateway |
| {"subnet_id": "6e497b30-bf53-4f53-844d-262b1b9ff89b", "ip_address": "192.168.140.52"} | c80488ef-1539-411c-9a03-67728583a73d | network:router_gateway |
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]# neutron ipsec-site-connection-show conn_west
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 25efc727-891b-4115-a4cb-a9b133837381 |
| ikepolicy_id | f82a42a9-dad1-43de-8606-045363d3ede7 |
| initiator | bi-directional |
| ipsecpolicy_id | e18e3693-3bd3-4aa9-81c9-1a5d86443c3d |
| local_ep_group_id | |
| local_id | |
| mtu | 1500 |
| name | conn_west |
| peer_address | 192.168.140.54 |
| peer_cidrs | 192.168.2.0/24 |
| peer_ep_group_id | |
| peer_id | 192.168.140.54 |
| project_id | c8efd0704d0644779af26096b96597c0 |
| psk | secret |
| route_mode | static |
| status | PENDING_CREATE |
| tenant_id | c8efd0704d0644779af26096b96597c0 |
| vpnservice_id | 556c23ec-877f-446f-8d21-4eea4414e1c6 |
+-------------------+----------------------------------------------------+
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]# neutron service-provider-list
+---------------+-------------+---------+
| service_type | name | default |
+---------------+-------------+---------+
| L3_ROUTER_NAT | single_node | False |
| L3_ROUTER_NAT | ha | False |
| L3_ROUTER_NAT | dvrha | False |
| VPN | libreswan | True |
| L3_ROUTER_NAT | dvr | False |
| VPN | libreswan | True |
+---------------+-------------+---------+
[root@controller ~(keystone_admin)]# neutron agent-list
+--------------------------------------+--------------------+------------------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------------------+-------------------+-------+----------------+---------------------------+
| 5d6964ad-ba0a-42b4-bfe2-bed2fdf02326 | Metering agent | controller.example.com | | :-) | True | neutron-metering-agent |
| 8d41b20a-46ae-4221-be70-2f3f1410e42f | Metadata agent | controller.example.com | | :-) | True | neutron-metadata-agent |
| cb309af7-a486-4ca0-bca3-8bcd360cddee | Open vSwitch agent | compute.example.com | | :-) | True | neutron-openvswitch-agent |
| cda684cc-40c4-4933-8f1d-f18401fc84d0 | DHCP agent | controller.example.com | nova | :-) | True | neutron-dhcp-agent |
| de30594b-94bd-4385-9a32-36427d83d690 | L3 agent | controller.example.com | nova | :-) | True | neutron-vpn-agent |
| e6549a09-72fb-4aa2-9549-8c0be728d62b | Open vSwitch agent | controller.example.com | | :-) | True | neutron-openvswitch-agent |
+--------------------------------------+--------------------+------------------------+-------------------+-------+----------------+---------------------------+
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]# yum -y update
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* extras: centos.excellmedia.net
* updates: centos.excellmedia.net
No packages marked for update
[root@controller ~(keystone_admin)]# openstack --version
openstack 3.2.1
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]# vi /var/log/neutron/vpn-agent.log
2018-04-12 15:12:58.915 1459 INFO oslo_rootwrap.client [-] Spawned new rootwrap daemon process with pid=26588
2018-04-17 10:18:26.253 1459 INFO neutron.agent.linux.interface [-] Device qg-2e1c10ec-aa already exists
2018-04-17 11:17:54.483 1459 ERROR neutron.agent.linux.utils [req-c2d8a61a-1d61-4a95-afe9-f7af9bd66cfe 520678a6e7f542ac9618d09efcda37b8 c8efd0704d0644779af26096b96597c0 - - -] Exit code: 1; Stdin: ; Stdout: ; Stderr: usage: ipsec initnss [--nssdir /etc/ipsec.d]
2018-04-17 11:17:54.526 1459 ERROR neutron.agent.linux.utils [req-c2d8a61a-1d61-4a95-afe9-f7af9bd66cfe 520678a6e7f542ac9618d09efcda37b8 c8efd0704d0644779af26096b96597c0 - - -] Exit code: 1; Stdin: ; Stdout: ; Stderr: usage: ipsec initnss [--nssdir /etc/ipsec.d]
2018-04-17 11:17:54.527 1459 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec [req-c2d8a61a-1d61-4a95-afe9-f7af9bd66cfe 520678a6e7f542ac9618d09efcda37b8 c8efd0704d0644779af26096b96597c0 - - -] Failed to enable vpn process on router c720c1a7-5e88-4c34-a423-c91a125d41bb
2018-04-17 11:17:54.527 1459 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec Traceback (most recent call last):
2018-04-17 11:17:54.527 1459 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 304, in enable
2018-04-17 11:17:54.527 1459 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec self.ensure_configs()
2018-04-17 11:17:54.527 1459 ERROR ...