The way I create Neutron ports is a hack. It goes:
- Agent starts OpenVPN server, and is then no longer involved.
- Client initiates connection to OpenVPN, passes username and password.
- OpenVPN calls my authentication hook, where I try to get a Keystone token (via the client API) to decide if the client is allowed to connect. If I get a token I store it termporarily in a file.
- Client connection succeeds, and OpenVPN calls my learn-address hook, passing the client's mac address. Here I re-use the stored token to create the port (again via client API), as the client user who is connecting. Then I forget/delete the token.
- Client disconnects, and OpenVPN could call a hook again, where I would like to remove the port. But I no longer have a valid token to call the client API.
The way I create Neutron ports is a hack. It goes:
- Agent starts OpenVPN server, and is then no longer involved.
- Client initiates connection to OpenVPN, passes username and password.
- OpenVPN calls my authentication hook, where I try to get a Keystone token (via the client API) to decide if the client is allowed to connect. If I get a token I store it termporarily in a file.
- Client connection succeeds, and OpenVPN calls my learn-address hook, passing the client's mac address. Here I re-use the stored token to create the port (again via client API), as the client user who is connecting. Then I forget/delete the token.
- Client disconnects, and OpenVPN could call a hook again, where I would like to remove the port. But I no longer have a valid token to call the client API.