)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"11ac651a8152a6e8fead990471c24a0666d93d61","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"5a9a8e3e_a010c2d9","updated":"2024-07-17 08:23:44.000000000","message":"Reno missing","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"025032b1bf8871bb6a5a587ac8f93a684f30da4a","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"3b42dbbc_43373c96","updated":"2024-07-17 08:36:58.000000000","message":"the dockerfile LGTM.\n\nDid you actually test this though?\n\nE.g. are you sure neutron does not need additional sudo rules inside the container (just as an example) to setup ipsec?\n\nI need to look in more detail at the upstream neutron implementation to judge if this is complete with just adding the dockerfile.\n\nI would thus appreciate more reviews from people who are maybe already familiar with the new neutron-ovn-vpn-agent.\n\nThanks","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"a1b177e043f174065d908a49a86d56267724ae83","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"72c2c12c_3a7e4b74","in_reply_to":"1aecbdef_139bc0f6","updated":"2024-07-17 10:46:03.000000000","message":"so from what I read so far (looking at the neutron vpnaas change and the neutron docs) this does not seem to need additional sudo rules at least (these are contained within upstreams rootwrap changes already).\n\nI\u0027m still looking into the upstream implementation and docs to see if we have missed anything else.\n\nIt would be nice if someone could test drive this in some lab.\n\n@maximilian@stinsky.com do you plan to submit changes for this to kolla-ansible as well?","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":34380,"name":"Maximilian Stinsky","email":"maximilian@stinsky.com","username":"mstinsky"},"change_message_id":"461ef54de3a425552341e3b5df9848663b909920","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"1aecbdef_139bc0f6","in_reply_to":"3b42dbbc_43373c96","updated":"2024-07-17 09:00:58.000000000","message":"No, the only thing I checked so far is if everything is installed correctly inside the container.\n\nMy assumption regarding the configuration is that nothing else is required as the old vpnaas implementation already works from the neutron-base image. Therefore everything regarding starting strongswan should already be present.","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"9d6a40206e9199a7f6501365dc5e3a96d2c8b827","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"f8dcede1_bf09793b","in_reply_to":"4089adb2_a9a58a6a","updated":"2024-11-06 08:52:36.000000000","message":"Done","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":34380,"name":"Maximilian Stinsky","email":"maximilian@stinsky.com","username":"mstinsky"},"change_message_id":"bce10f526063a861dc6ea0c10773025ab7d32690","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"d21b5afb_fdf999ae","in_reply_to":"5a9a8e3e_a010c2d9","updated":"2024-07-17 08:56:05.000000000","message":"Added","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"dd24635a0a470687b26a1a7b1ee11f353e06e1a7","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"f80448ca_ee38f74b","in_reply_to":"72c2c12c_3a7e4b74","updated":"2024-07-17 10:59:07.000000000","message":"As Sven mentioned - we\u0027re not merging this as long as we\u0027re not seeing a kolla-ansible patch - ideally with testing in kolla-ansible CI","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":34380,"name":"Maximilian Stinsky","email":"maximilian@stinsky.com","username":"mstinsky"},"change_message_id":"2d14e615c4858c99cb37df7cfb4822471c210688","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"4089adb2_a9a58a6a","in_reply_to":"f80448ca_ee38f74b","updated":"2024-07-17 11:23:10.000000000","message":"We are building kolla containers ourselves through kolla-build and then use those in our own deployment tool. That\u0027s where I wanted to use this new image.\n\nIf it is a hard requirement to have this image used by kolla-ansible I can take a look into implementing it there. I would assume thats not too hard to do.\nThe \u0027only\u0027 problem will be the CI testes where I have 0 experience with what kolla-ansible is doing. But I\u0027ll take a look.","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"da3456dad8027dd797d57e1dbd4b624e7a902248","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"d7e1cc2c_778cfdb8","updated":"2024-10-29 10:35:19.000000000","message":"Can be merged once we finalise Dalmatian","commit_id":"6ef5e08facea1303eca28f356f5b5101a1dfe3e9"},{"author":{"_account_id":34476,"name":"Marc Vorwerk","email":"marc+ubuntu@marc-vorwerk.de","username":"marc-vorwerk"},"change_message_id":"024141f35ad29b82c49103b35d2daf33adc4ace7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"64b765e9_08e0b3a9","updated":"2024-11-06 07:36:21.000000000","message":"Is something still missing here? If so, please let me know. For me it looks good.","commit_id":"6ef5e08facea1303eca28f356f5b5101a1dfe3e9"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"0294bbca16d3f7f510e6f629888121e05faa5ead","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":4,"id":"a03267a2_da0eacee","updated":"2024-11-05 12:40:17.000000000","message":"Where is the kolla-ansible part?","commit_id":"6ef5e08facea1303eca28f356f5b5101a1dfe3e9"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"995fd166f788e4bc82b491a4f0bb5c37b223c2be","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"11fa715f_1156a3e8","in_reply_to":"64b765e9_08e0b3a9","updated":"2024-11-06 07:45:19.000000000","message":"As long as the kolla-ansible side patch is not ready to merge - we\u0027re not merging this.","commit_id":"6ef5e08facea1303eca28f356f5b5101a1dfe3e9"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"dfc8cda1634602c9bbfff62ada631718151b2a8f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"5fc9b4bc_589e8d8f","in_reply_to":"a03267a2_da0eacee","updated":"2024-11-05 13:59:18.000000000","message":"it\u0027s here https://review.opendev.org/c/openstack/kolla-ansible/+/924575","commit_id":"6ef5e08facea1303eca28f356f5b5101a1dfe3e9"},{"author":{"_account_id":37355,"name":"Pablo Colson","display_name":"Pablo Colson","email":"colson.pablo@gmail.com","username":"pabloclsn"},"change_message_id":"cf523daf4748f23a7b1adea90fa010c9d77f5421","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"27bc5069_8e0cf06d","updated":"2026-01-23 07:27:22.000000000","message":"Hi everyone, how can we make this one move forward is there something else to do ? or can we merge ?","commit_id":"6797ee1cf2fe12d6e7be7ce036e6c5adcdbd88b8"},{"author":{"_account_id":37306,"name":"Piotr Milewski","display_name":"Piotr Milewski","email":"vurmil@gmail.com","username":"vurmil"},"change_message_id":"1da698dcdf4ab7fc93d884367114a1a0679c43f0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"0a82ed2f_b365d295","updated":"2026-03-31 05:02:39.000000000","message":"Recheck - quay problem","commit_id":"63024ee8a26f08f5f65fec3f58be6bbb690365b7"},{"author":{"_account_id":37306,"name":"Piotr Milewski","display_name":"Piotr Milewski","email":"vurmil@gmail.com","username":"vurmil"},"change_message_id":"e018848e9688e7760d67bea85fa61a4645a82020","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"898e2036_fd6641a5","updated":"2026-04-01 22:09:22.000000000","message":"recheck","commit_id":"63024ee8a26f08f5f65fec3f58be6bbb690365b7"},{"author":{"_account_id":37306,"name":"Piotr Milewski","display_name":"Piotr Milewski","email":"vurmil@gmail.com","username":"vurmil"},"change_message_id":"33ddc895aa05ae0ffa4dda94aaee80c89be08d3d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"c55bbf62_14fd9087","updated":"2026-03-25 12:37:05.000000000","message":"recheck - grafana error (ERROR:kolla.common.utils.grafana:\u001bFailed to fetch https://apt.grafana.com/dists/stable/main/binary-amd64/Packages.gz  File has unexpected size (509418 !\u003d 509253))","commit_id":"63024ee8a26f08f5f65fec3f58be6bbb690365b7"},{"author":{"_account_id":23084,"name":"Bartosz Bezak","email":"bartosz@stackhpc.com","username":"b.bezak"},"change_message_id":"d057cf8014ecc80a678fb1eeb29590abd87c0975","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"a8476b21_366dd833","updated":"2026-04-01 10:25:06.000000000","message":"recheck - post failure","commit_id":"63024ee8a26f08f5f65fec3f58be6bbb690365b7"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"33a5023dc0c9e24aaae834bb864d9680c6cafe21","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"7e919a1d_d02cd030","updated":"2026-03-25 14:19:44.000000000","message":"recheck Grafana build failed on noble","commit_id":"63024ee8a26f08f5f65fec3f58be6bbb690365b7"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"f669b51d0fd521da48f21ee373785764b18fee2f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"78bf59a3_c8b452a4","updated":"2026-03-30 19:13:07.000000000","message":"recheck noble upgrade unrelated failure","commit_id":"63024ee8a26f08f5f65fec3f58be6bbb690365b7"}],"docker/neutron/neutron-ovn-vpn-agent/Dockerfile.j2":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"11ac651a8152a6e8fead990471c24a0666d93d61","unresolved":true,"context_lines":[{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"{{ macros.install_packages(neutron_ovn_vpn_agent_packages | customizable(\"packages\")) }}"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"{% block neutron_ovn_vpn_agent_footer %}{% endblock %}"},{"line_number":24,"context_line":"{% block footer %}{% endblock %}"}],"source_content_type":"text/x-jinja2","patch_set":1,"id":"6b76a401_689e21d5","line":21,"updated":"2024-07-17 08:23:44.000000000","message":"And that\u0027s enough? No python code to be installed?","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":37170,"name":"Enrico Kern","email":"enrico.kern@stackxperts.com"},"change_message_id":"d29aa42de0d2aaa7e560844d6b17b303453ee274","unresolved":true,"context_lines":[{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"{{ macros.install_packages(neutron_ovn_vpn_agent_packages | customizable(\"packages\")) }}"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"{% block neutron_ovn_vpn_agent_footer %}{% endblock %}"},{"line_number":24,"context_line":"{% block footer %}{% endblock %}"}],"source_content_type":"text/x-jinja2","patch_set":1,"id":"df91ebfc_b0d5be70","line":21,"in_reply_to":"2e42debe_fd48ca83","updated":"2024-07-22 08:36:28.000000000","message":"should really be tested, trying to manually put all the steps into the configs i get as example:\n\nWARNING stevedore.named [-] Could not load neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver\n\nwhen the agent starts","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":37171,"name":"pmil","display_name":"pmil","email":"yurus1@o2.pl","username":"pmil"},"change_message_id":"edd87a1765466f243b769e864e459f7c67f350d5","unresolved":true,"context_lines":[{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"{{ macros.install_packages(neutron_ovn_vpn_agent_packages | customizable(\"packages\")) }}"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"{% block neutron_ovn_vpn_agent_footer %}{% endblock %}"},{"line_number":24,"context_line":"{% block footer %}{% endblock %}"}],"source_content_type":"text/x-jinja2","patch_set":1,"id":"aa31664c_d867d4c9","line":21,"in_reply_to":"5882ffe2_100d4c2d","updated":"2024-07-22 12:58:22.000000000","message":"I don\u0027t know how it happened, but it didn\u0027t download a new image (cache?) :) Everything works. I confirm that the proposed solution works :) thx","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":34380,"name":"Maximilian Stinsky","email":"maximilian@stinsky.com","username":"mstinsky"},"change_message_id":"c652ce24fc347c9ef1ead87764eec3237f567482","unresolved":true,"context_lines":[{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"{{ macros.install_packages(neutron_ovn_vpn_agent_packages | customizable(\"packages\")) }}"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"{% block neutron_ovn_vpn_agent_footer %}{% endblock %}"},{"line_number":24,"context_line":"{% block footer %}{% endblock %}"}],"source_content_type":"text/x-jinja2","patch_set":1,"id":"2e42debe_fd48ca83","line":21,"in_reply_to":"6b76a401_689e21d5","updated":"2024-07-17 08:43:26.000000000","message":"The code for the new neutron-ovn-vpn-agent is already present through the neutron-base image: https://opendev.org/openstack/kolla/src/branch/stable/2024.1/kolla/common/sources.py#L232-L235","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":34380,"name":"Maximilian Stinsky","email":"maximilian@stinsky.com","username":"mstinsky"},"change_message_id":"95098f4568b765292629ad421f95008a69931034","unresolved":false,"context_lines":[{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"{{ macros.install_packages(neutron_ovn_vpn_agent_packages | customizable(\"packages\")) }}"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"{% block neutron_ovn_vpn_agent_footer %}{% endblock %}"},{"line_number":24,"context_line":"{% block footer %}{% endblock %}"}],"source_content_type":"text/x-jinja2","patch_set":1,"id":"5ef3f072_beefb0f3","line":21,"in_reply_to":"aa31664c_d867d4c9","updated":"2024-07-24 07:20:45.000000000","message":"I will resolve this discussion as the neutron-ovn-vpn-agent code is definitely present through the neutron base image.","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":37171,"name":"pmil","display_name":"pmil","email":"yurus1@o2.pl","username":"pmil"},"change_message_id":"4960b39ecc768fe6df1d294ccb3ce577a8399457","unresolved":true,"context_lines":[{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"{{ macros.install_packages(neutron_ovn_vpn_agent_packages | customizable(\"packages\")) }}"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"{% block neutron_ovn_vpn_agent_footer %}{% endblock %}"},{"line_number":24,"context_line":"{% block footer %}{% endblock %}"}],"source_content_type":"text/x-jinja2","patch_set":1,"id":"c2826cee_e502cfe3","line":21,"in_reply_to":"b66ec5e6_236092ce","updated":"2024-07-22 11:52:23.000000000","message":"I just did a test on a multinode cluster. Unfortunately, the service does not start properly.. Error on docker image side\n\ndocker logs neutron_ovn_vpn_agent\n...\n++ . /usr/local/bin/kolla_neutron_extend_start\n+ echo \u0027Running command: \u0027\\\u0027\u0027neutron-ovn-vpn-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/neutron_ovn_vpn_agent.ini\u0027\\\u0027\u0027\u0027\nRunning command: \u0027neutron-ovn-vpn-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/neutron_ovn_vpn_agent.ini\u0027\n+ exec neutron-ovn-vpn-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/neutron_ovn_vpn_agent.ini\n/usr/local/bin/kolla_start: line 24: exec: neutron-ovn-vpn-agent: not found","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":34380,"name":"Maximilian Stinsky","email":"maximilian@stinsky.com","username":"mstinsky"},"change_message_id":"4a7f190d07e9b4ee687cd6c2d3554c8c3c90d883","unresolved":true,"context_lines":[{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"{{ macros.install_packages(neutron_ovn_vpn_agent_packages | customizable(\"packages\")) }}"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"{% block neutron_ovn_vpn_agent_footer %}{% endblock %}"},{"line_number":24,"context_line":"{% block footer %}{% endblock %}"}],"source_content_type":"text/x-jinja2","patch_set":1,"id":"5882ffe2_100d4c2d","line":21,"in_reply_to":"c2826cee_e502cfe3","updated":"2024-07-22 12:14:27.000000000","message":"@yurus1@o2.pl Did you potentially build the container with a specific openstack release in your kolla build config? The neutron-ovn-vpn-agent code was first released with 2024.1.\nAs I mentioned in an earlier comment the vpnaas plugin is installed in the neutron base image so the neutron-ovn-vpn-agent code is available in any neutron container. (At least I can see it in avilable in every neutron container.)\n\nHere is a bit of output from this Dockerfile running in my kolla-ansible patched deployment:\n\nDocker container running healthy:\n```\nf13851f94993   kolla/neutron-ovn-vpn-agent:18.1.0    \"dumb-init --single-…\"   4 hours ago   Up 4 hours (healthy)             neutron_ovn_vpn_agent\n```\n\nNeutron vpn agent output showing both alive and state as \u0027true\u0027:\n```\nopenstack network agent list -f json | jq \u0027.[] | select(.\"Agent Type\" \u003d\u003d \"VPN Agent\")\u0027\n{\n  \"ID\": \"23c69b5a-031f-5a15-9b41-b03750f206e1\",\n  \"Agent Type\": \"VPN Agent\",\n  \"Host\": \"kolla-docker\",\n  \"Availability Zone\": \"\",\n  \"Alive\": true,\n  \"State\": true,\n  \"Binary\": \"neutron-ovn-vpn-agent\"\n}\n```","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":34380,"name":"Maximilian Stinsky","email":"maximilian@stinsky.com","username":"mstinsky"},"change_message_id":"49d24160b398a4cea33a6d87f9b407b40d5cbd9a","unresolved":true,"context_lines":[{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"{{ macros.install_packages(neutron_ovn_vpn_agent_packages | customizable(\"packages\")) }}"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"{% block neutron_ovn_vpn_agent_footer %}{% endblock %}"},{"line_number":24,"context_line":"{% block footer %}{% endblock %}"}],"source_content_type":"text/x-jinja2","patch_set":1,"id":"b66ec5e6_236092ce","line":21,"in_reply_to":"df91ebfc_b0d5be70","updated":"2024-07-22 09:06:03.000000000","message":"I made a kolla-ansible PR which implements this container: https://review.opendev.org/c/openstack/kolla-ansible/+/924575\n\nThere it was working without any issues for me in a kolla-ansible all-in-one setup.\nAgent is starting without issues, can create qovn network namespaces and spawn the ipsec process in it.","commit_id":"0215bb2da928a313c2bcdeadfe55fc68cf6b3b8a"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"a22dd64eef4a2f9db4d39bb3b0fe4ab1f1584cc2","unresolved":true,"context_lines":[{"line_number":13,"context_line":"   ] %}"},{"line_number":14,"context_line":"{% elif base_package_type \u003d\u003d \u0027deb\u0027 %}"},{"line_number":15,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["},{"line_number":16,"context_line":"      \u0027strongswan\u0027"},{"line_number":17,"context_line":"   ] %}"},{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"94332ebc_e4dfc389","line":16,"updated":"2024-07-22 16:06:12.000000000","message":"I\u0027m not sure which one is better, but I would prefer to have the same implementation getting used for all distros unless there is a strong (sic ;) reason to diverge here.","commit_id":"6bad36142c8652a7304abfc19472fd488561afb0"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"7aa37f581542f2e9ada5db220d5e69cbf8f7f8aa","unresolved":false,"context_lines":[{"line_number":13,"context_line":"   ] %}"},{"line_number":14,"context_line":"{% elif base_package_type \u003d\u003d \u0027deb\u0027 %}"},{"line_number":15,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["},{"line_number":16,"context_line":"      \u0027strongswan\u0027"},{"line_number":17,"context_line":"   ] %}"},{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"8e767f65_701eaf60","line":16,"in_reply_to":"2142d8eb_a7be610e","updated":"2024-10-29 10:54:29.000000000","message":"I\u0027m sorry, I didn\u0027t mean to be offensive; I just genuinely didn\u0027t understand exactly what you were talking about. Both implementations are supported in Neutron, and at the same time, there are different standards/defaults used in each distro, so it really makes sense to support both—especially since these two differences work out-of-the-box in different distributions.","commit_id":"6bad36142c8652a7304abfc19472fd488561afb0"},{"author":{"_account_id":34380,"name":"Maximilian Stinsky","email":"maximilian@stinsky.com","username":"mstinsky"},"change_message_id":"57c6c47191c82b5fe92d4afb34693dd742b20fd1","unresolved":true,"context_lines":[{"line_number":13,"context_line":"   ] %}"},{"line_number":14,"context_line":"{% elif base_package_type \u003d\u003d \u0027deb\u0027 %}"},{"line_number":15,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["},{"line_number":16,"context_line":"      \u0027strongswan\u0027"},{"line_number":17,"context_line":"   ] %}"},{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"c2850de0_4149f124","line":16,"in_reply_to":"94332ebc_e4dfc389","updated":"2024-07-22 17:58:45.000000000","message":"I was thinking that we do the same as in the neutron-l3 vpnaas implementation?\nhttps://opendev.org/openstack/kolla/src/tag/18.0.0/docker/neutron/neutron-l3-agent/Dockerfile.j2#L10-L22\n\nIs there any reason that we want to change the implementation between neutron-l3 vpnaas and ovn vpnaas?","commit_id":"6bad36142c8652a7304abfc19472fd488561afb0"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"cb4215c94777c2048e94dcde9d3935a2ee69cb82","unresolved":true,"context_lines":[{"line_number":13,"context_line":"   ] %}"},{"line_number":14,"context_line":"{% elif base_package_type \u003d\u003d \u0027deb\u0027 %}"},{"line_number":15,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["},{"line_number":16,"context_line":"      \u0027strongswan\u0027"},{"line_number":17,"context_line":"   ] %}"},{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"f62f0a25_b83b62eb","line":16,"in_reply_to":"aabe2a2e_9d982964","updated":"2024-10-29 10:09:38.000000000","message":"What are u talking about ? This is same implementation as neutron-l3-agent already have in master branch \n\nhttps://github.com/openstack/kolla/blob/ee7fe59f7ba366bb3f203eb072ae2c9babc2175c/docker/neutron/neutron-l3-agent/Dockerfile.j2#L10-L22\n\nThis is same approach. Nothing less nothing more.","commit_id":"6bad36142c8652a7304abfc19472fd488561afb0"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"ef833bd36b9df193c95b15e8b952a4950232c8f9","unresolved":true,"context_lines":[{"line_number":13,"context_line":"   ] %}"},{"line_number":14,"context_line":"{% elif base_package_type \u003d\u003d \u0027deb\u0027 %}"},{"line_number":15,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["},{"line_number":16,"context_line":"      \u0027strongswan\u0027"},{"line_number":17,"context_line":"   ] %}"},{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"dc8f92aa_ff5059f8","line":16,"in_reply_to":"c2850de0_4149f124","updated":"2024-10-29 09:41:22.000000000","message":"Here’s a very good reason to distinguish between Strongswan and Libreswan. The reasoning includes system compatibility, user preference, and technical differences. Strongswan is the default for Debian-based systems, while Libreswan is standard for RHEL-like systems. Ultimately, it also gives the user the option to choose, and I see no reason to put in extra effort to make one piece of software fit both distributions. Since there is already an officially preferred approach, I wouldn’t change it.\n\n@frickler@offenerstapel.de are u ok to leave it as it\u0027s proposed by Maximilian ?","commit_id":"6bad36142c8652a7304abfc19472fd488561afb0"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"c61d0578c5de5e12d529f6d6959c1863dd974cbc","unresolved":true,"context_lines":[{"line_number":13,"context_line":"   ] %}"},{"line_number":14,"context_line":"{% elif base_package_type \u003d\u003d \u0027deb\u0027 %}"},{"line_number":15,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["},{"line_number":16,"context_line":"      \u0027strongswan\u0027"},{"line_number":17,"context_line":"   ] %}"},{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"aabe2a2e_9d982964","line":16,"in_reply_to":"dc8f92aa_ff5059f8","updated":"2024-10-29 09:56:28.000000000","message":"From my perspective either we\u0027re supporting both implementations on both ML2/OVN and ML2/OVS, or we support the same one - now it\u0027s a mess.","commit_id":"6bad36142c8652a7304abfc19472fd488561afb0"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"da3456dad8027dd797d57e1dbd4b624e7a902248","unresolved":false,"context_lines":[{"line_number":13,"context_line":"   ] %}"},{"line_number":14,"context_line":"{% elif base_package_type \u003d\u003d \u0027deb\u0027 %}"},{"line_number":15,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["},{"line_number":16,"context_line":"      \u0027strongswan\u0027"},{"line_number":17,"context_line":"   ] %}"},{"line_number":18,"context_line":"{% endif %}"},{"line_number":19,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"2142d8eb_a7be610e","line":16,"in_reply_to":"f62f0a25_b83b62eb","updated":"2024-10-29 10:35:19.000000000","message":"\"What are u talking about\" is a bit offensive term, let\u0027s be better next time.\nI haven\u0027t looked in detail - I guess if it\u0027s the same - it\u0027s fine.\nI see that we\u0027re handling this in kolla-ansible properly.","commit_id":"6bad36142c8652a7304abfc19472fd488561afb0"},{"author":{"_account_id":30523,"name":"Dincer Celik","email":"hello@dincercelik.com","username":"osmanlicilegi"},"change_message_id":"79ed6da883a6ed01ab7a5798d3c1b85afbee1708","unresolved":true,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"{{ macros.install_packages(neutron_ovn_vpn_agent_packages | customizable(\"packages\")) }}"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"{% block neutron_ovn_vpn_agent_footer %}{% endblock %}"},{"line_number":24,"context_line":"{% block footer %}{% endblock %}"},{"line_number":25,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"805f9d73_d183b015","line":22,"updated":"2025-10-01 11:45:04.000000000","message":"We should have macros.kolla_patch_sources() here.","commit_id":"3b84bb80e049623089dd8340b7ee8d0218babb64"},{"author":{"_account_id":37355,"name":"Pablo Colson","display_name":"Pablo Colson","email":"colson.pablo@gmail.com","username":"pabloclsn"},"change_message_id":"921a804e4f61a90c8f1cadced7be593a45a605ba","unresolved":true,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"{{ macros.install_packages(neutron_ovn_vpn_agent_packages | customizable(\"packages\")) }}"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"{% block neutron_ovn_vpn_agent_footer %}{% endblock %}"},{"line_number":24,"context_line":"{% block footer %}{% endblock %}"},{"line_number":25,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"c0863ec6_34276723","line":22,"in_reply_to":"805f9d73_d183b015","updated":"2026-02-02 16:44:51.000000000","message":"is it ok now ?","commit_id":"3b84bb80e049623089dd8340b7ee8d0218babb64"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"33a5023dc0c9e24aaae834bb864d9680c6cafe21","unresolved":false,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"{{ macros.install_packages(neutron_ovn_vpn_agent_packages | customizable(\"packages\")) }}"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"{% block neutron_ovn_vpn_agent_footer %}{% endblock %}"},{"line_number":24,"context_line":"{% block footer %}{% endblock %}"},{"line_number":25,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"7e6856f3_0ea8a75c","line":22,"in_reply_to":"c0863ec6_34276723","updated":"2026-03-25 14:19:44.000000000","message":"Done","commit_id":"3b84bb80e049623089dd8340b7ee8d0218babb64"},{"author":{"_account_id":34380,"name":"Maximilian Stinsky","email":"maximilian@stinsky.com","username":"mstinsky"},"change_message_id":"37890cab434cd50a3fa5c5b6e388725f5e8854f9","unresolved":true,"context_lines":[{"line_number":9,"context_line":""},{"line_number":10,"context_line":"{% if base_package_type \u003d\u003d \u0027rpm\u0027 %}"},{"line_number":11,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["},{"line_number":12,"context_line":"      \u0027strongswan\u0027"},{"line_number":13,"context_line":"   ] %}"},{"line_number":14,"context_line":"{% elif base_package_type \u003d\u003d \u0027deb\u0027 %}"},{"line_number":15,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["}],"source_content_type":"text/x-jinja2","patch_set":10,"id":"1a1d3646_85aa983b","line":12,"updated":"2026-03-21 18:01:22.000000000","message":"@vurmil@gmail.com I am not a fan of your change to strongswan on rpm based systems in Patchset 10. Whats your reason for changing it?\nInstalling libreswan on rpm was intentional as its the same implementation as none ovn installation: https://github.com/openstack/kolla/blob/6a1d383c48eda9fd9c1c55474d29bdba0f06a52f/docker/neutron/neutron-l3-agent/Dockerfile.j2#L12","commit_id":"db63f720490eb6158bf38f7d684466d5709f8e83"},{"author":{"_account_id":37306,"name":"Piotr Milewski","display_name":"Piotr Milewski","email":"vurmil@gmail.com","username":"vurmil"},"change_message_id":"157d1c78cf5de830f460b5790d0ebb3983af0027","unresolved":true,"context_lines":[{"line_number":9,"context_line":""},{"line_number":10,"context_line":"{% if base_package_type \u003d\u003d \u0027rpm\u0027 %}"},{"line_number":11,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["},{"line_number":12,"context_line":"      \u0027strongswan\u0027"},{"line_number":13,"context_line":"   ] %}"},{"line_number":14,"context_line":"{% elif base_package_type \u003d\u003d \u0027deb\u0027 %}"},{"line_number":15,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["}],"source_content_type":"text/x-jinja2","patch_set":10,"id":"448108c3_fcac09e8","line":12,"in_reply_to":"1a1d3646_85aa983b","updated":"2026-03-21 18:53:57.000000000","message":"The reason for this change is that the current implementation with libreswan on RPM-based systems seems to be broken in the OVN context. Before the change, I encountered the following errors in the logs:\n\nWARNING stevedore.named [-] Could not load ... OvnLibreSwanDriver\n...\nCommand: [\u0027ipsec\u0027, \u0027_stackmanager\u0027, \u0027start\u0027] Exit code: 2\nStderr: /usr/sbin/ipsec: unknown IPsec command \"_stackmanager\"\n\nIt appears that the OvnLibreSwanDriver is trying to call commands that are not supported or correctly mapped in the current RPM package version, leading to a failure in the IPsec stack management.\n\nI am switching to strongswan to verify if it resolves these compatibility issues. I suspect that this change will fix the driver loading error and allow the service to start correctly, as strongswan often has better alignment with the expected OVN driver calls in this environment. I\u0027m currently testing this hypothesis to see if it passes.\n\n\nTests with dropped CAPs and privileges currently pass only for Ubuntu. On Rocky Linux they don’t, and on Debian the ipsec command is missing, which strongswan-starter should resolve.","commit_id":"db63f720490eb6158bf38f7d684466d5709f8e83"},{"author":{"_account_id":34380,"name":"Maximilian Stinsky","email":"maximilian@stinsky.com","username":"mstinsky"},"change_message_id":"baa0795f86ee076f2b149367d643e6591bb1a44f","unresolved":true,"context_lines":[{"line_number":9,"context_line":""},{"line_number":10,"context_line":"{% if base_package_type \u003d\u003d \u0027rpm\u0027 %}"},{"line_number":11,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["},{"line_number":12,"context_line":"      \u0027strongswan\u0027"},{"line_number":13,"context_line":"   ] %}"},{"line_number":14,"context_line":"{% elif base_package_type \u003d\u003d \u0027deb\u0027 %}"},{"line_number":15,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["}],"source_content_type":"text/x-jinja2","patch_set":10,"id":"bc976d71_03e41ad7","line":12,"in_reply_to":"448108c3_fcac09e8","updated":"2026-03-21 19:07:59.000000000","message":"Mhh. We were running libreswan at first which worked fine for us in our ovn setup. We had some dual stack issues in the way neutron renders the libreswan config thats why at least in our deployment we switched to using ubuntu based strongswan containers.\n\n\nStill I think it would be good to have neutron-l3 and ovn\u0027s implementation allign in which implementation is getting used. Maybe kolla should switch to only support strongswan in all deployment types?\n\n\n\nAnother side note regarding additional packages. We should think about adding `libstrongswan-extra-plugins` otherwise the \"newly\" added ciphers in neutron-vpnaas 2025.1 wont work.","commit_id":"db63f720490eb6158bf38f7d684466d5709f8e83"},{"author":{"_account_id":37306,"name":"Piotr Milewski","display_name":"Piotr Milewski","email":"vurmil@gmail.com","username":"vurmil"},"change_message_id":"b32bbd9acc6e7dd4bfa9249ec2ff04a782636fa5","unresolved":false,"context_lines":[{"line_number":9,"context_line":""},{"line_number":10,"context_line":"{% if base_package_type \u003d\u003d \u0027rpm\u0027 %}"},{"line_number":11,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["},{"line_number":12,"context_line":"      \u0027strongswan\u0027"},{"line_number":13,"context_line":"   ] %}"},{"line_number":14,"context_line":"{% elif base_package_type \u003d\u003d \u0027deb\u0027 %}"},{"line_number":15,"context_line":"   {% set neutron_ovn_vpn_agent_packages \u003d ["}],"source_content_type":"text/x-jinja2","patch_set":10,"id":"670eb069_74b99797","line":12,"in_reply_to":"bc976d71_03e41ad7","updated":"2026-03-25 11:38:48.000000000","message":"# Note: VPN is currently not working on RHEL 10 due to a known issue:\n# https://bugs.launchpad.net/neutron/+bug/2146308\n\nI filed a ticket, but too much has changed in RHEL10 and it won\u0027t work at the moment.\n\nUbuntu and Debian already work with these packages.","commit_id":"db63f720490eb6158bf38f7d684466d5709f8e83"}]}