[Openstack] [group-based-policy] How to get Neutron ports with fixed IP when creating policy targets with Heat?

Lukas Garberg lukas at tele2.net
Tue Jul 11 22:19:13 UTC 2017


Hi all,

I'm trying to create a heat template automating the 
creation of group-based policy resources when deploying 
stacks. The template takes an L3 policy as an input 
argument and then creates an L2 policy, a policy target 
group and a policy target. I use GBP together with Cisco 
APIC on OpenStack Mitaka.

(Slightly simplified) Heat template:
  parameters:
     l3p_main:
       type: string
       description: L3 policy name to use for main network 
interface

   resources:
     l2p_main:
       type: OS::GroupBasedPolicy::L2Policy
       properties:
         name: { list_join: [ '_', [ { get_param: 
'OS::stack_name' }, 'l2p' ] ] }
         l3_policy_id: { get_param: l3p_main }
         shared: false
  
     ptg_main:
       type: OS::GroupBasedPolicy::PolicyTargetGroup
       properties:
         name: { list_join: [ '_', [ { get_param: 
'OS::stack_name' }, 'ptg' ] ] }
         l2_policy_id: { get_resource: l2p_main }
         shared: false

     pt_main:
       type: OS::GroupBasedPolicy::PolicyTarget
       properties:
         name: { list_join: [ '_', [ { get_param: 
'OS::stack_name' }, 'pt' ] ] }
         policy_target_group_id: { get_resource: ptg_main 
}

     server:
       type: OS::Nova::Server
       properties:
         networks:
          - port: { get_attr: [ pt_main, port_id ] }

The stack create fails with the following error message 
(taken from openstack stack show ... CLI command):
   | stack_status          | CREATE_FAILED
   |
   | stack_status_reason   | Resource CREATE failed: 
BadRequest: resources.server: Port 
49638f39-3e13-4813-b69f-efa2b3001c11 requires a FixedIP in 
order to be used. (HTTP 400) (Request-ID: 
req-4b6c465b-bb54-4eef-ae0b-d17e4a626c66) |

Inspecting the neutron port referred to by the policy 
target which was created gives the following:
   $ neutron port-show 
49638f39-3e13-4813-b69f-efa2b3001c11
   +-----------------------+--------------------------------------+
   | Field                 | Value 
                               |
   +-----------------------+--------------------------------------+
   | admin_state_up        | True 
                                |
   | allowed_address_pairs | 
                                     |
   | binding:vnic_type     | normal 
                              |
   | created_at            | 2017-07-11T21:11:54 
                 |
   | description           | 
                                     |
   | device_id             | 
                                     |
   | device_owner          | 
                                     |
   | extra_dhcp_opts       | 
                                     |
   | fixed_ips             | 
                                     | <-- empty
   | id                    | 
49638f39-3e13-4813-b69f-efa2b3001c11 |
   | mac_address           | fa:16:3e:93:b2:25 
                   |
   | name                  | pt_foo_bar_test_pt 
                  |
   | network_id            | 
72455662-1210-4aac-af70-8b19a974e0ea |
   | security_groups       | 
a3dd6bdc-bf85-4340-b305-166defc8e41c |
   | status                | DOWN 
                                |
   | tenant_id             | 
c0351d9a317f4b16b79ba7fa1fec4e0b     |
   | updated_at            | 2017-07-11T21:11:54 
                 |
   +-----------------------+--------------------------------------+

If I instead create a policy target manually with the GBP 
CLI client like this:
   gbp pt-create --policy-target-group hello_ptg 
hello_test_pt

The generated port looks like this:
   $ openstack port show 
74ea24e4-8925-4173-ba13-6b0fd319c18e
   +-----------------------+------------------------------------------------------------------------------+
   | Field                 | Value 
                                                            
           |
   +-----------------------+------------------------------------------------------------------------------+
   | admin_state_up        | UP 
                                                            
              |
   | allowed_address_pairs | 
                                                            
                 |
   | binding_vnic_type     | normal 
                                                            
          |
   | created_at            | 2017-06-27T12:57:01 
                                                         |
   | description           | None 
                                                            
            |
   | device_id             | 
                                                            
                 |
   | device_owner          | 
                                                            
                 |
   | extra_dhcp_opts       | 
                                                            
                 |
   | fixed_ips             | ip_address='10.156.248.60', 
subnet_id='31a163d5-4004-484e-9899-f60b2d9c0b47' | <-- 
filled in
   | id                    | 
74ea24e4-8925-4173-ba13-6b0fd319c18e 
                                        |
   | mac_address           | fa:16:3e:c5:58:6e 
                                                           |
   | name                  | pt_hello_test_pt 
                                                            
|
   | network_id            | 
73e0fb36-8490-49c0-99e5-5033900c999b 
                                        |
   | project_id            | 
c0351d9a317f4b16b79ba7fa1fec4e0b 
                                            |
   | security_groups       | 
a3dd6bdc-bf85-4340-b305-166defc8e41c 
                                        |
   | status                | DOWN 
                                                            
            |
   | updated_at            | 2017-06-27T12:57:01 
                                                         |
   +-----------------------+------------------------------------------------------------------------------+

How can I get a Neutron port populated with a fixed IP 
auto-generated when creating policy targets from Heat?

Regards,
Lukas



More information about the Openstack mailing list