[Openstack] [group-based-policy] How to get Neutron ports with fixed IP when creating policy targets with Heat?
Lukas Garberg
lukas at tele2.net
Sun Jul 23 18:31:24 UTC 2017
Hi,
I have now confirmed that the package we have deployed does NOT contain the commit you referred to. Thanks for pointing it out!
Regards,
Lukas
On July 12, 2017 9:57:46 AM GMT+02:00, Sumit Naiksatam <sumitnaiksatam at gmail.com> wrote:
>Hi Lukas,
>
>Could you please confirm if you have the following commit in the
>package
>you have deployed:
>https://github.com/openstack/group-based-policy-automation/commit/ea1fb1725062e97ea2fa8d6af188b718876d9f89
>
>The above was a fix to the issue you are seeing.
>
>Thanks,
>Sumit.
>
>On Jul 11, 2017 3:28 PM, "Lukas Garberg" <lukas at tele2.net> wrote:
>
>> Hi all,
>>
>> I'm trying to create a heat template automating the creation of
>> group-based policy resources when deploying stacks. The template
>takes an
>> L3 policy as an input argument and then creates an L2 policy, a
>policy
>> target group and a policy target. I use GBP together with Cisco APIC
>on
>> OpenStack Mitaka.
>>
>> (Slightly simplified) Heat template:
>> parameters:
>> l3p_main:
>> type: string
>> description: L3 policy name to use for main network interface
>>
>> resources:
>> l2p_main:
>> type: OS::GroupBasedPolicy::L2Policy
>> properties:
>> name: { list_join: [ '_', [ { get_param: 'OS::stack_name' },
>'l2p'
>> ] ] }
>> l3_policy_id: { get_param: l3p_main }
>> shared: false
>> ptg_main:
>> type: OS::GroupBasedPolicy::PolicyTargetGroup
>> properties:
>> name: { list_join: [ '_', [ { get_param: 'OS::stack_name' },
>'ptg'
>> ] ] }
>> l2_policy_id: { get_resource: l2p_main }
>> shared: false
>>
>> pt_main:
>> type: OS::GroupBasedPolicy::PolicyTarget
>> properties:
>> name: { list_join: [ '_', [ { get_param: 'OS::stack_name' },
>'pt'
>> ] ] }
>> policy_target_group_id: { get_resource: ptg_main }
>>
>> server:
>> type: OS::Nova::Server
>> properties:
>> networks:
>> - port: { get_attr: [ pt_main, port_id ] }
>>
>> The stack create fails with the following error message (taken from
>> openstack stack show ... CLI command):
>> | stack_status | CREATE_FAILED
>> |
>> | stack_status_reason | Resource CREATE failed: BadRequest:
>> resources.server: Port 49638f39-3e13-4813-b69f-efa2b3001c11 requires
>a
>> FixedIP in order to be used. (HTTP 400) (Request-ID:
>> req-4b6c465b-bb54-4eef-ae0b-d17e4a626c66) |
>>
>> Inspecting the neutron port referred to by the policy target which
>was
>> created gives the following:
>> $ neutron port-show 49638f39-3e13-4813-b69f-efa2b3001c11
>> +-----------------------+--------------------------------------+
>> | Field | Value |
>> +-----------------------+--------------------------------------+
>> | admin_state_up | True |
>> | allowed_address_pairs | |
>> | binding:vnic_type | normal |
>> | created_at | 2017-07-11T21:11:54 |
>> | description | |
>> | device_id | |
>> | device_owner | |
>> | extra_dhcp_opts | |
>> | fixed_ips | | <--
>empty
>> | id | 49638f39-3e13-4813-b69f-efa2b3001c11 |
>> | mac_address | fa:16:3e:93:b2:25 |
>> | name | pt_foo_bar_test_pt |
>> | network_id | 72455662-1210-4aac-af70-8b19a974e0ea |
>> | security_groups | a3dd6bdc-bf85-4340-b305-166defc8e41c |
>> | status | DOWN |
>> | tenant_id | c0351d9a317f4b16b79ba7fa1fec4e0b |
>> | updated_at | 2017-07-11T21:11:54 |
>> +-----------------------+--------------------------------------+
>>
>> If I instead create a policy target manually with the GBP CLI client
>like
>> this:
>> gbp pt-create --policy-target-group hello_ptg hello_test_pt
>>
>> The generated port looks like this:
>> $ openstack port show 74ea24e4-8925-4173-ba13-6b0fd319c18e
>> +-----------------------+-----------------------------------
>> -------------------------------------------+
>> | Field | Value
>> |
>> +-----------------------+-----------------------------------
>> -------------------------------------------+
>> | admin_state_up | UP
>> |
>> | allowed_address_pairs |
>> |
>> | binding_vnic_type | normal
>> |
>> | created_at | 2017-06-27T12:57:01
>> |
>> | description | None
>> |
>> | device_id |
>> |
>> | device_owner |
>> |
>> | extra_dhcp_opts |
>> |
>> | fixed_ips | ip_address='10.156.248.60',
>> subnet_id='31a163d5-4004-484e-9899-f60b2d9c0b47' | <-- filled in
>> | id | 74ea24e4-8925-4173-ba13-6b0fd319c18e
>> |
>> | mac_address | fa:16:3e:c5:58:6e
>> |
>> | name | pt_hello_test_pt
>> |
>> | network_id | 73e0fb36-8490-49c0-99e5-5033900c999b
>> |
>> | project_id | c0351d9a317f4b16b79ba7fa1fec4e0b
>> |
>> | security_groups | a3dd6bdc-bf85-4340-b305-166defc8e41c
>> |
>> | status | DOWN
>> |
>> | updated_at | 2017-06-27T12:57:01
>> |
>> +-----------------------+-----------------------------------
>> -------------------------------------------+
>>
>> How can I get a Neutron port populated with a fixed IP auto-generated
>when
>> creating policy targets from Heat?
>>
>> Regards,
>> Lukas
>>
>> _______________________________________________
>> Mailing list:
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac
>> k
>> Post to : openstack at lists.openstack.org
>> Unsubscribe :
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac
>> k
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20170723/2174ced2/attachment.html>
More information about the Openstack
mailing list