<html><head></head><body>Hi,<br>
<br>
I have now confirmed that the package we have deployed does NOT contain the commit you referred to. Thanks for pointing it out!<br>
<br>
Regards,<br>
Lukas<br><br><div class="gmail_quote">On July 12, 2017 9:57:46 AM GMT+02:00, Sumit Naiksatam <sumitnaiksatam@gmail.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div dir="auto">Hi Lukas,<div dir="auto"><br /></div><div dir="auto">Could you please confirm if you have the following commit in the package you have deployed:</div><div dir="auto"><a href="https://github.com/openstack/group-based-policy-automation/commit/ea1fb1725062e97ea2fa8d6af188b718876d9f89">https://github.com/openstack/group-based-policy-automation/commit/ea1fb1725062e97ea2fa8d6af188b718876d9f89</a><br /></div><div dir="auto"><br /></div><div dir="auto">The above was a fix to the issue you are seeing.</div><div dir="auto"><br /></div><div dir="auto">Thanks,</div><div dir="auto">Sumit.</div></div><div class="gmail_extra"><br /><div class="gmail_quote">On Jul 11, 2017 3:28 PM, "Lukas Garberg" <<a href="mailto:lukas@tele2.net">lukas@tele2.net</a>> wrote:<br type="attribution" /><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br />
<br />
I'm trying to create a heat template automating the creation of group-based policy resources when deploying stacks. The template takes an L3 policy as an input argument and then creates an L2 policy, a policy target group and a policy target. I use GBP together with Cisco APIC on OpenStack Mitaka.<br />
<br />
(Slightly simplified) Heat template:<br />
parameters:<br />
l3p_main:<br />
type: string<br />
description: L3 policy name to use for main network interface<br />
<br />
resources:<br />
l2p_main:<br />
type: OS::GroupBasedPolicy::L2Policy<br />
properties:<br />
name: { list_join: [ '_', [ { get_param: 'OS::stack_name' }, 'l2p' ] ] }<br />
l3_policy_id: { get_param: l3p_main }<br />
shared: false<br />
ptg_main:<br />
type: OS::GroupBasedPolicy::PolicyTa<wbr />rgetGroup<br />
properties:<br />
name: { list_join: [ '_', [ { get_param: 'OS::stack_name' }, 'ptg' ] ] }<br />
l2_policy_id: { get_resource: l2p_main }<br />
shared: false<br />
<br />
pt_main:<br />
type: OS::GroupBasedPolicy::PolicyTa<wbr />rget<br />
properties:<br />
name: { list_join: [ '_', [ { get_param: 'OS::stack_name' }, 'pt' ] ] }<br />
policy_target_group_id: { get_resource: ptg_main }<br />
<br />
server:<br />
type: OS::Nova::Server<br />
properties:<br />
networks:<br />
- port: { get_attr: [ pt_main, port_id ] }<br />
<br />
The stack create fails with the following error message (taken from openstack stack show ... CLI command):<br />
| stack_status | CREATE_FAILED<br />
|<br />
| stack_status_reason | Resource CREATE failed: BadRequest: resources.server: Port 49638f39-3e13-4813-b69f-efa2b3<wbr />001c11 requires a FixedIP in order to be used. (HTTP 400) (Request-ID: req-4b6c465b-bb54-4eef-ae0b-d1<wbr />7e4a626c66) |<br />
<br />
Inspecting the neutron port referred to by the policy target which was created gives the following:<br />
$ neutron port-show 49638f39-3e13-4813-b69f-efa2b3<wbr />001c11<br />
+-----------------------+-----<wbr />------------------------------<wbr />---+<br />
| Field | Value |<br />
+-----------------------+-----<wbr />------------------------------<wbr />---+<br />
| admin_state_up | True |<br />
| allowed_address_pairs | |<br />
| binding:vnic_type | normal |<br />
| created_at | 2017-07-11T21:11:54 |<br />
| description | |<br />
| device_id | |<br />
| device_owner | |<br />
| extra_dhcp_opts | |<br />
| fixed_ips | | <-- empty<br />
| id | 49638f39-3e13-4813-b69f-efa2b3<wbr />001c11 |<br />
| mac_address | fa:16:3e:93:b2:25 |<br />
| name | pt_foo_bar_test_pt |<br />
| network_id | 72455662-1210-4aac-af70-8b19a9<wbr />74e0ea |<br />
| security_groups | a3dd6bdc-bf85-4340-b305-166def<wbr />c8e41c |<br />
| status | DOWN |<br />
| tenant_id | c0351d9a317f4b16b79ba7fa1fec4e<wbr />0b |<br />
| updated_at | 2017-07-11T21:11:54 |<br />
+-----------------------+-----<wbr />------------------------------<wbr />---+<br />
<br />
If I instead create a policy target manually with the GBP CLI client like this:<br />
gbp pt-create --policy-target-group hello_ptg hello_test_pt<br />
<br />
The generated port looks like this:<br />
$ openstack port show 74ea24e4-8925-4173-ba13-6b0fd3<wbr />19c18e<br />
+-----------------------+-----<wbr />------------------------------<wbr />------------------------------<wbr />-------------+<br />
| Field | Value |<br />
+-----------------------+-----<wbr />------------------------------<wbr />------------------------------<wbr />-------------+<br />
| admin_state_up | UP |<br />
| allowed_address_pairs | |<br />
| binding_vnic_type | normal |<br />
| created_at | 2017-06-27T12:57:01 |<br />
| description | None |<br />
| device_id | |<br />
| device_owner | |<br />
| extra_dhcp_opts | |<br />
| fixed_ips | ip_address='10.156.248.60', subnet_id='31a163d5-4004-484e-<wbr />9899-f60b2d9c0b47' | <-- filled in<br />
| id | 74ea24e4-8925-4173-ba13-6b0fd3<wbr />19c18e |<br />
| mac_address | fa:16:3e:c5:58:6e |<br />
| name | pt_hello_test_pt |<br />
| network_id | 73e0fb36-8490-49c0-99e5-503390<wbr />0c999b |<br />
| project_id | c0351d9a317f4b16b79ba7fa1fec4e<wbr />0b |<br />
| security_groups | a3dd6bdc-bf85-4340-b305-166def<wbr />c8e41c |<br />
| status | DOWN |<br />
| updated_at | 2017-06-27T12:57:01 |<br />
+-----------------------+-----<wbr />------------------------------<wbr />------------------------------<wbr />-------------+<br />
<br />
How can I get a Neutron port populated with a fixed IP auto-generated when creating policy targets from Heat?<br />
<br />
Regards,<br />
Lukas<br />
<br />
______________________________<wbr />_________________<br />
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr />-bin/mailman/listinfo/openstac<wbr />k</a><br />
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br />
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr />-bin/mailman/listinfo/openstac<wbr />k</a><br />
</blockquote></div></div>
</blockquote></div></body></html>