Add spec for neutron-baremetal-compute blueprint

Adds the specification for the neutron physical port extension to integrate baremetal devices into neutron network. Change-Id: Ieea08993f364415c56e3416b1d222101ce5d1ac9
2014-04-13 19:23:38 -07:00 · 2014-04-13 19:23:38 -07:00 · 36ee7ef12a
parent 4f354e9fd2
commit 36ee7ef12a
1 changed files with 211 additions and 0 deletions
--- a/specs/juno/neutron-baremetal-compute.rst
+++ b/specs/juno/neutron-baremetal-compute.rst
@ -0,0 +1,211 @@
+===================================================
+Physical Port Extension for baremetal compute nodes
+===================================================
+
+Launchpad blueprint:
+
+https://blueprints.launchpad.net/neutron/+spec/neutron-baremetal-compute
+
+
+This blueprint is to introduce the concept of physical ports into Neutron
+via an extension so baremetal workloads can gain access to Neutron networks.
+Admins will create the physical port resources with the MAC address
+of the attached device and port identifier information for the backend.
+Physical ports will then be assigned to tenants, who will be allowed to
+associate them to physical networks.
+
+
+Problem description
+===================
+
+There is no well-defined way to connect a device not managed by OpenStack
+directly into a Neutron network. Even if everything is manually configured
+to setup connectivity, the neutron DHCP agent will not issue addresses to
+the device attached to the physical port since it doesn't have a corresponding
+Neutron port.
+
+
+Proposed change
+===============
+
+To integrate these baremetal devices into Neutron networks, this blueprint
+introduces the physical port extension. It will add a new mixin class for
+plugins to use to handle the database accounting for the physical port methods.
+
+Physical ports are created by admins and then assigned to a tenant for use. The
+tenant can then assign the physical port to any of the Neutron networks that
+the tenant can create a Neutron port on.
+
+When a tenant assigns a physical port to a network, the mixin code will
+automatically create a Neutron port on that network with the MAC address
+configured by the admin on the physical port. This will give the DHCP server
+the necessary information to issue IP addresses to the connected device.
+
+This keeps the IP allocation for a subnet fully managed by Neutron and enables
+the visibility of physical devices from neutron. It also paves the way for
+integrating Ironic with Neutron.
+
+Alternatives
+------------
+
+There isn't a very good alternative right now. To attach a physical device to
+a Neutron network, the admin has to lookup the VLAN (or other segment
+identifier) for that network and then manually associate a port to that VLAN.
+The end device then has to be configured with a static IP in an exclusion range
+on the Neutron subnet. Tenants then cannot assign the physical device to a
+different network, disable the port, or see any indication that the device is
+actually attached to the network.
+
+Data model impact
+-----------------
+
+For plugins that leverage this extension, it will add a new physical ports
+table. This table will contain the following fields:
+
+* id - standard object UUID
+* name - optional name
+* port_id - nullable foreign-key reference to associated Neutron port
+* mac_address - MAC address of attached device to use in Neutron port creation
+* attachment - an arbitrary identifier for the backend to identify the port
+
+This will have no impact on the existing data model.
+
+
+REST API impact
+---------------
+
+The following is the API exposed for physical ports.
+
+.. code-block:: python
+
+    RESOURCE_ATTRIBUTE_MAP = {
+        'physical_ports': {
+            'id': {'allow_post': False, 'allow_put': False,
+                   'enforce_policy': True,
+                   'validate': {'type:uuid': None},
+                   'is_visible': True, 'primary_key': True},
+            'tenant_id': {'allow_post': True, 'allow_put': True,
+                          'required_by_policy': True,
+                          'is_visible': True},
+            'network_id': {'allow_post': True, 'allow_put': True,
+                          'enforce_policy': True,
+                          'is_visible': True, 'default': None},
+            'port_id': {'allow_post': True, 'allow_put': True,
+                        'enforce_policy': True,
+                        'validate': {'type:uuid_or_none': None},
+                        'is_visible': True, 'default': None},
+            'name': {'allow_post': True, 'allow_put': True,
+                     'enforce_policy': True,
+                     'validate': {'type:string': None},
+                     'is_visible': True, 'default': ''},
+            'description': {'allow_post': True, 'allow_put': True,
+                            'enforce_policy': True,
+                            'validate': {'type:string': None},
+                            'is_visible': True, 'default': ''},
+            'mac_address': {'allow_post': True, 'allow_put': True,
+                            'enforce_policy': True,
+                            'validate': {'type:mac_address': None},
+                            'required_by_policy': True,
+                            'is_visible': True},
+            'attachment': {'allow_post': True, 'allow_put': True,
+                       'enforce_policy': True,
+                       'default': False, 'validate': {'type:string': None},
+                       'is_visible': True,
+                       'required_by_policy': True}
+        }
+    }
+
+
+The following is the default policy for physical ports.
+
+.. code-block:: javascript
+
+    {
+        "create_physical_port": "rule:admin_only",
+        "get_physical_port": "rule:admin_or_owner",
+        "update_physical_port:tenant_id": "rule:admin_only",
+        "update_physical_port": "rule:admin_or_owner",
+        "delete_physical_port": "rule:admin_only"
+    }
+
+
+Security impact
+---------------
+
+There should be no security impact to Neutron. However, these ports will
+not have security groups applied to them so users should be warned of this
+in the documentation.
+
+Notifications impact
+--------------------
+
+N/A
+
+Other end user impact
+---------------------
+
+The neutron command-line client will be updated with the new physical port
+CRUD commands.
+
+Performance Impact
+------------------
+
+None to plugins that don't use this extension.
+
+For plugins that use this extension it will be limited since most
+this code is only called during physical port CRUD operations.
+
+Other deployer impact
+---------------------
+
+N/A
+
+Developer impact
+----------------
+
+If plugin developers want to use this, they will need to enable the extension
+and use the mixin module.
+
+Implementation
+==============
+
+Assignee(s)
+-----------
+
+Primary assignee:
+  kevinbenton
+
+Other contributors:
+  kanzhe-jiang
+
+Work Items
+----------
+
+* Complete DB mixin model and extension API attributes
+* Update python neutron client to support the new physical port commands
+* Implement reference implementation in ML2
+
+
+Dependencies
+============
+
+N/A
+
+Testing
+=======
+
+This may be untestable in tempest by default because it requires physical
+infrastructure.
+
+
+Documentation Impact
+====================
+
+New admin and tenant workflows need to be documented for this extension.
+It should not impact any other documentation.
+
+
+References
+==========
+
+N/A