<div dir="auto">Hi Lukas,<div dir="auto"><br></div><div dir="auto">Could you please confirm if you have the following commit in the package you have deployed:</div><div dir="auto"><a href="https://github.com/openstack/group-based-policy-automation/commit/ea1fb1725062e97ea2fa8d6af188b718876d9f89">https://github.com/openstack/group-based-policy-automation/commit/ea1fb1725062e97ea2fa8d6af188b718876d9f89</a><br></div><div dir="auto"><br></div><div dir="auto">The above was a fix to the issue you are seeing.</div><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto">Sumit.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Jul 11, 2017 3:28 PM, "Lukas Garberg" <<a href="mailto:lukas@tele2.net">lukas@tele2.net</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
I'm trying to create a heat template automating the creation of group-based policy resources when deploying stacks. The template takes an L3 policy as an input argument and then creates an L2 policy, a policy target group and a policy target. I use GBP together with Cisco APIC on OpenStack Mitaka.<br>
<br>
(Slightly simplified) Heat template:<br>
parameters:<br>
l3p_main:<br>
type: string<br>
description: L3 policy name to use for main network interface<br>
<br>
resources:<br>
l2p_main:<br>
type: OS::GroupBasedPolicy::L2Policy<br>
properties:<br>
name: { list_join: [ '_', [ { get_param: 'OS::stack_name' }, 'l2p' ] ] }<br>
l3_policy_id: { get_param: l3p_main }<br>
shared: false<br>
ptg_main:<br>
type: OS::GroupBasedPolicy::PolicyTa<wbr>rgetGroup<br>
properties:<br>
name: { list_join: [ '_', [ { get_param: 'OS::stack_name' }, 'ptg' ] ] }<br>
l2_policy_id: { get_resource: l2p_main }<br>
shared: false<br>
<br>
pt_main:<br>
type: OS::GroupBasedPolicy::PolicyTa<wbr>rget<br>
properties:<br>
name: { list_join: [ '_', [ { get_param: 'OS::stack_name' }, 'pt' ] ] }<br>
policy_target_group_id: { get_resource: ptg_main }<br>
<br>
server:<br>
type: OS::Nova::Server<br>
properties:<br>
networks:<br>
- port: { get_attr: [ pt_main, port_id ] }<br>
<br>
The stack create fails with the following error message (taken from openstack stack show ... CLI command):<br>
| stack_status | CREATE_FAILED<br>
|<br>
| stack_status_reason | Resource CREATE failed: BadRequest: resources.server: Port 49638f39-3e13-4813-b69f-efa2b3<wbr>001c11 requires a FixedIP in order to be used. (HTTP 400) (Request-ID: req-4b6c465b-bb54-4eef-ae0b-d1<wbr>7e4a626c66) |<br>
<br>
Inspecting the neutron port referred to by the policy target which was created gives the following:<br>
$ neutron port-show 49638f39-3e13-4813-b69f-efa2b3<wbr>001c11<br>
+-----------------------+-----<wbr>------------------------------<wbr>---+<br>
| Field | Value |<br>
+-----------------------+-----<wbr>------------------------------<wbr>---+<br>
| admin_state_up | True |<br>
| allowed_address_pairs | |<br>
| binding:vnic_type | normal |<br>
| created_at | 2017-07-11T21:11:54 |<br>
| description | |<br>
| device_id | |<br>
| device_owner | |<br>
| extra_dhcp_opts | |<br>
| fixed_ips | | <-- empty<br>
| id | 49638f39-3e13-4813-b69f-efa2b3<wbr>001c11 |<br>
| mac_address | fa:16:3e:93:b2:25 |<br>
| name | pt_foo_bar_test_pt |<br>
| network_id | 72455662-1210-4aac-af70-8b19a9<wbr>74e0ea |<br>
| security_groups | a3dd6bdc-bf85-4340-b305-166def<wbr>c8e41c |<br>
| status | DOWN |<br>
| tenant_id | c0351d9a317f4b16b79ba7fa1fec4e<wbr>0b |<br>
| updated_at | 2017-07-11T21:11:54 |<br>
+-----------------------+-----<wbr>------------------------------<wbr>---+<br>
<br>
If I instead create a policy target manually with the GBP CLI client like this:<br>
gbp pt-create --policy-target-group hello_ptg hello_test_pt<br>
<br>
The generated port looks like this:<br>
$ openstack port show 74ea24e4-8925-4173-ba13-6b0fd3<wbr>19c18e<br>
+-----------------------+-----<wbr>------------------------------<wbr>------------------------------<wbr>-------------+<br>
| Field | Value |<br>
+-----------------------+-----<wbr>------------------------------<wbr>------------------------------<wbr>-------------+<br>
| admin_state_up | UP |<br>
| allowed_address_pairs | |<br>
| binding_vnic_type | normal |<br>
| created_at | 2017-06-27T12:57:01 |<br>
| description | None |<br>
| device_id | |<br>
| device_owner | |<br>
| extra_dhcp_opts | |<br>
| fixed_ips | ip_address='10.156.248.60', subnet_id='31a163d5-4004-484e-<wbr>9899-f60b2d9c0b47' | <-- filled in<br>
| id | 74ea24e4-8925-4173-ba13-6b0fd3<wbr>19c18e |<br>
| mac_address | fa:16:3e:c5:58:6e |<br>
| name | pt_hello_test_pt |<br>
| network_id | 73e0fb36-8490-49c0-99e5-503390<wbr>0c999b |<br>
| project_id | c0351d9a317f4b16b79ba7fa1fec4e<wbr>0b |<br>
| security_groups | a3dd6bdc-bf85-4340-b305-166def<wbr>c8e41c |<br>
| status | DOWN |<br>
| updated_at | 2017-06-27T12:57:01 |<br>
+-----------------------+-----<wbr>------------------------------<wbr>------------------------------<wbr>-------------+<br>
<br>
How can I get a Neutron port populated with a fixed IP auto-generated when creating policy targets from Heat?<br>
<br>
Regards,<br>
Lukas<br>
<br>
______________________________<wbr>_________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k</a><br>
</blockquote></div></div>