VPNaaS' vpn service remains in PENDING_CREATE

asked 2018-04-17 01:27:58 -0600

Krish gravatar image
[root@controller ~(keystone_admin)]# neutron ipsec-site-connection-list
+--------------------------------------+-----------+----------------+-----------+----------------+
| id                                   | name      | peer_address   | auth_mode | status         |
+--------------------------------------+-----------+----------------+-----------+----------------+
| 25efc727-891b-4115-a4cb-a9b133837381 | conn_west | 192.168.140.54 | psk       | PENDING_CREATE |
| b2a4c39c-a7e1-456c-88cd-43ce558b4f11 | conn_east | 192.168.140.52 | psk       | PENDING_CREATE |
+--------------------------------------+-----------+----------------+-----------+----------------+
[root@controller ~(keystone_admin)]#

Why the vpn is down here ?

[root@controller ~(keystone_admin)]# neutron net-list
+--------------------------------------+-----------+-------------------------------------------------------+
| id                                   | name      | subnets                                               |
+--------------------------------------+-----------+-------------------------------------------------------+
| 0ce504f2-a04f-4466-ac3d-55116ae9ea3f | net_west  | f5270e49-3e01-498b-a483-76f508f96f2d 192.168.1.0/24   |
| 499149be-5c9d-44fc-9a0f-0cb33685c965 | Public-Nw | 6e497b30-bf53-4f53-844d-262b1b9ff89b 192.168.140.0/24 |
| ae06999d-167b-44d1-bf68-0b9d7f0b5773 | net_east  | 34fe0a1f-4e89-469a-9240-752990e1ad3f 192.168.2.0/24   |
+--------------------------------------+-----------+-------------------------------------------------------+
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]# neutron port-list -c fixed_ips -c device_id -c device_owner|grep router_gateway
| {"subnet_id": "6e497b30-bf53-4f53-844d-262b1b9ff89b", "ip_address": "192.168.140.54"} | c720c1a7-5e88-4c34-a423-c91a125d41bb                                          | network:router_gateway   |
| {"subnet_id": "6e497b30-bf53-4f53-844d-262b1b9ff89b", "ip_address": "192.168.140.52"} | c80488ef-1539-411c-9a03-67728583a73d                                          | network:router_gateway   |
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]# neutron ipsec-site-connection-show conn_west
+-------------------+----------------------------------------------------+
| Field             | Value                                              |
+-------------------+----------------------------------------------------+
| admin_state_up    | True                                               |
| auth_mode         | psk                                                |
| description       |                                                    |
| dpd               | {"action": "hold", "interval": 30, "timeout": 120} |
| id                | 25efc727-891b-4115-a4cb-a9b133837381               |
| ikepolicy_id      | f82a42a9-dad1-43de-8606-045363d3ede7               |
| initiator         | bi-directional                                     |
| ipsecpolicy_id    | e18e3693-3bd3-4aa9-81c9-1a5d86443c3d               |
| local_ep_group_id |                                                    |
| local_id          |                                                    |
| mtu               | 1500                                               |
| name              | conn_west                                          |
| peer_address      | 192.168.140.54                                     |
| peer_cidrs        | 192.168.2.0/24                                     |
| peer_ep_group_id  |                                                    |
| peer_id           | 192.168.140.54                                     |
| project_id        | c8efd0704d0644779af26096b96597c0                   |
| psk               | secret                                             |
| route_mode        | static                                             |
| status            | PENDING_CREATE                                     |
| tenant_id         | c8efd0704d0644779af26096b96597c0                   |
| vpnservice_id     | 556c23ec-877f-446f-8d21-4eea4414e1c6               |
+-------------------+----------------------------------------------------+
    [root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]#  neutron service-provider-list
+---------------+-------------+---------+
| service_type  | name        | default |
+---------------+-------------+---------+
| L3_ROUTER_NAT | single_node | False   |
| L3_ROUTER_NAT | ha          | False   |
| L3_ROUTER_NAT | dvrha       | False   |
| VPN           | libreswan   | True    |
| L3_ROUTER_NAT | dvr         | False   |
| VPN           | libreswan   | True    |
+---------------+-------------+---------+
[root@controller ~(keystone_admin)]# neutron agent-list
+--------------------------------------+--------------------+------------------------+-------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host                   | availability_zone | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+------------------------+-------------------+-------+----------------+---------------------------+
| 5d6964ad-ba0a-42b4-bfe2-bed2fdf02326 | Metering agent     | controller.example.com |                   | :-)   | True           | neutron-metering-agent    |
| 8d41b20a-46ae-4221-be70-2f3f1410e42f | Metadata agent     | controller.example.com |                   | :-)   | True           | neutron-metadata-agent    |
| cb309af7-a486-4ca0-bca3-8bcd360cddee | Open vSwitch agent | compute.example.com    |                   | :-)   | True           | neutron-openvswitch-agent |
| cda684cc-40c4-4933-8f1d-f18401fc84d0 | DHCP agent         | controller.example.com | nova              | :-)   | True           | neutron-dhcp-agent        |
| de30594b-94bd-4385-9a32-36427d83d690 | L3 agent           | controller.example.com | nova              | :-)   | True           | neutron-vpn-agent         |
| e6549a09-72fb-4aa2-9549-8c0be728d62b | Open vSwitch agent | controller.example.com |                   | :-)   | True           | neutron-openvswitch-agent |
+--------------------------------------+--------------------+------------------------+-------------------+-------+----------------+---------------------------+
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]# yum -y update
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: centos.excellmedia.net
 * extras: centos.excellmedia.net
 * updates: centos.excellmedia.net
No packages marked for update
[root@controller ~(keystone_admin)]# openstack --version
openstack 3.2.1
[root@controller ~(keystone_admin)]#

[root@controller ~(keystone_admin)]# vi /var/log/neutron/vpn-agent.log

2018-04-12 15:12:58.915 1459 INFO oslo_rootwrap.client [-] Spawned new rootwrap daemon process with pid=26588
2018-04-17 10:18:26.253 1459 INFO neutron.agent.linux.interface [-] Device qg-2e1c10ec-aa already exists
2018-04-17 11:17:54.483 1459 ERROR neutron.agent.linux.utils [req-c2d8a61a-1d61-4a95-afe9-f7af9bd66cfe 520678a6e7f542ac9618d09efcda37b8 c8efd0704d0644779af26096b96597c0 - - -] Exit code: 1; Stdin: ; Stdout: ; Stderr: usage: ipsec initnss [--nssdir /etc/ipsec.d]

2018-04-17 11:17:54.526 1459 ERROR neutron.agent.linux.utils [req-c2d8a61a-1d61-4a95-afe9-f7af9bd66cfe 520678a6e7f542ac9618d09efcda37b8 c8efd0704d0644779af26096b96597c0 - - -] Exit code: 1; Stdin: ; Stdout: ; Stderr: usage: ipsec initnss [--nssdir /etc/ipsec.d]

2018-04-17 11:17:54.527 1459 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec [req-c2d8a61a-1d61-4a95-afe9-f7af9bd66cfe 520678a6e7f542ac9618d09efcda37b8 c8efd0704d0644779af26096b96597c0 - - -] Failed to enable vpn process on router c720c1a7-5e88-4c34-a423-c91a125d41bb
2018-04-17 11:17:54.527 1459 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec Traceback (most recent call last):
2018-04-17 11:17:54.527 1459 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 304, in enable
2018-04-17 11:17:54.527 1459 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec     self.ensure_configs()
2018-04-17 11:17:54.527 1459 ERROR ...
(more)
edit retag flag offensive close merge delete