[Openstack] [group-based-policy] How to get Neutron ports with fixed IP when creating policy targets with Heat?
Sumit Naiksatam
sumitnaiksatam at gmail.com
Wed Jul 12 07:57:46 UTC 2017
Hi Lukas,
Could you please confirm if you have the following commit in the package
you have deployed:
https://github.com/openstack/group-based-policy-automation/commit/ea1fb1725062e97ea2fa8d6af188b718876d9f89
The above was a fix to the issue you are seeing.
Thanks,
Sumit.
On Jul 11, 2017 3:28 PM, "Lukas Garberg" <lukas at tele2.net> wrote:
> Hi all,
>
> I'm trying to create a heat template automating the creation of
> group-based policy resources when deploying stacks. The template takes an
> L3 policy as an input argument and then creates an L2 policy, a policy
> target group and a policy target. I use GBP together with Cisco APIC on
> OpenStack Mitaka.
>
> (Slightly simplified) Heat template:
> parameters:
> l3p_main:
> type: string
> description: L3 policy name to use for main network interface
>
> resources:
> l2p_main:
> type: OS::GroupBasedPolicy::L2Policy
> properties:
> name: { list_join: [ '_', [ { get_param: 'OS::stack_name' }, 'l2p'
> ] ] }
> l3_policy_id: { get_param: l3p_main }
> shared: false
> ptg_main:
> type: OS::GroupBasedPolicy::PolicyTargetGroup
> properties:
> name: { list_join: [ '_', [ { get_param: 'OS::stack_name' }, 'ptg'
> ] ] }
> l2_policy_id: { get_resource: l2p_main }
> shared: false
>
> pt_main:
> type: OS::GroupBasedPolicy::PolicyTarget
> properties:
> name: { list_join: [ '_', [ { get_param: 'OS::stack_name' }, 'pt'
> ] ] }
> policy_target_group_id: { get_resource: ptg_main }
>
> server:
> type: OS::Nova::Server
> properties:
> networks:
> - port: { get_attr: [ pt_main, port_id ] }
>
> The stack create fails with the following error message (taken from
> openstack stack show ... CLI command):
> | stack_status | CREATE_FAILED
> |
> | stack_status_reason | Resource CREATE failed: BadRequest:
> resources.server: Port 49638f39-3e13-4813-b69f-efa2b3001c11 requires a
> FixedIP in order to be used. (HTTP 400) (Request-ID:
> req-4b6c465b-bb54-4eef-ae0b-d17e4a626c66) |
>
> Inspecting the neutron port referred to by the policy target which was
> created gives the following:
> $ neutron port-show 49638f39-3e13-4813-b69f-efa2b3001c11
> +-----------------------+--------------------------------------+
> | Field | Value |
> +-----------------------+--------------------------------------+
> | admin_state_up | True |
> | allowed_address_pairs | |
> | binding:vnic_type | normal |
> | created_at | 2017-07-11T21:11:54 |
> | description | |
> | device_id | |
> | device_owner | |
> | extra_dhcp_opts | |
> | fixed_ips | | <-- empty
> | id | 49638f39-3e13-4813-b69f-efa2b3001c11 |
> | mac_address | fa:16:3e:93:b2:25 |
> | name | pt_foo_bar_test_pt |
> | network_id | 72455662-1210-4aac-af70-8b19a974e0ea |
> | security_groups | a3dd6bdc-bf85-4340-b305-166defc8e41c |
> | status | DOWN |
> | tenant_id | c0351d9a317f4b16b79ba7fa1fec4e0b |
> | updated_at | 2017-07-11T21:11:54 |
> +-----------------------+--------------------------------------+
>
> If I instead create a policy target manually with the GBP CLI client like
> this:
> gbp pt-create --policy-target-group hello_ptg hello_test_pt
>
> The generated port looks like this:
> $ openstack port show 74ea24e4-8925-4173-ba13-6b0fd319c18e
> +-----------------------+-----------------------------------
> -------------------------------------------+
> | Field | Value
> |
> +-----------------------+-----------------------------------
> -------------------------------------------+
> | admin_state_up | UP
> |
> | allowed_address_pairs |
> |
> | binding_vnic_type | normal
> |
> | created_at | 2017-06-27T12:57:01
> |
> | description | None
> |
> | device_id |
> |
> | device_owner |
> |
> | extra_dhcp_opts |
> |
> | fixed_ips | ip_address='10.156.248.60',
> subnet_id='31a163d5-4004-484e-9899-f60b2d9c0b47' | <-- filled in
> | id | 74ea24e4-8925-4173-ba13-6b0fd319c18e
> |
> | mac_address | fa:16:3e:c5:58:6e
> |
> | name | pt_hello_test_pt
> |
> | network_id | 73e0fb36-8490-49c0-99e5-5033900c999b
> |
> | project_id | c0351d9a317f4b16b79ba7fa1fec4e0b
> |
> | security_groups | a3dd6bdc-bf85-4340-b305-166defc8e41c
> |
> | status | DOWN
> |
> | updated_at | 2017-06-27T12:57:01
> |
> +-----------------------+-----------------------------------
> -------------------------------------------+
>
> How can I get a Neutron port populated with a fixed IP auto-generated when
> creating policy targets from Heat?
>
> Regards,
> Lukas
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac
> k
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac
> k
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20170712/c0d3a946/attachment.html>
More information about the Openstack
mailing list