diff --git a/releasenotes/notes/add-allowed_address_pairs-support-for-Tacker-73f5d476a54b4182.yaml b/releasenotes/notes/add-allowed_address_pairs-support-for-Tacker-73f5d476a54b4182.yaml new file mode 100644 index 000000000..c6b595473 --- /dev/null +++ b/releasenotes/notes/add-allowed_address_pairs-support-for-Tacker-73f5d476a54b4182.yaml @@ -0,0 +1,4 @@ +--- +features: + - Add allowed_address_pairs support in CP's properties, + so Virtual IP is enabled via Tacker. diff --git a/samples/tosca-templates/vnfd/tosca-vnfd-vip.yaml b/samples/tosca-templates/vnfd/tosca-vnfd-vip.yaml new file mode 100644 index 000000000..87a3af756 --- /dev/null +++ b/samples/tosca-templates/vnfd/tosca-vnfd-vip.yaml @@ -0,0 +1,94 @@ +tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0 + +description: | + Demo example with virtural IP. + The VCP is used to grab an IP which will be used as an virtual IP as CP1 and CP2. + +metadata: + template_name: sample-tosca-vnfd-vip + +topology_template: + node_templates: + VDU1: + type: tosca.nodes.nfv.VDU.Tacker + capabilities: + nfv_compute: + properties: + num_cpus: 1 + mem_size: 512 MB + disk_size: 1 GB + properties: + image: cirros-0.3.5-x86_64-disk + availability_zone: nova + mgmt_driver: noop + config: | + param0: key1 + param1: key2 + + CP1: + type: tosca.nodes.nfv.CP.Tacker + properties: + management: true + anti_spoofing_protection: true + security_groups: + - default + ip_address: 10.10.1.11 + order: 0 + allowed_address_pairs: + - ip_address: 10.10.1.13 + requirements: + - virtualLink: + node: VL1 + - virtualBinding: + node: VDU1 + + VDU2: + type: tosca.nodes.nfv.VDU.Tacker + capabilities: + nfv_compute: + properties: + num_cpus: 1 + mem_size: 512 MB + disk_size: 1 GB + properties: + image: cirros-0.3.5-x86_64-disk + availability_zone: nova + mgmt_driver: noop + config: | + param0: key1 + param1: key2 + + CP2: + type: tosca.nodes.nfv.CP.Tacker + properties: + management: true + anti_spoofing_protection: true + security_groups: + - default + ip_address: 10.10.1.12 + order: 0 + allowed_address_pairs: + - ip_address: 10.10.1.13 + requirements: + - virtualLink: + node: VL1 + - virtualBinding: + node: VDU2 + + VCP: + type: tosca.nodes.nfv.CP.Tacker + properties: + management: true + anti_spoofing_protection: true + security_groups: + - default + ip_address: 10.10.1.13 + requirements: + - virtualLink: + node: VL1 + + VL1: + type: tosca.nodes.nfv.VL + properties: + network_name: net1 + vendor: Tacker diff --git a/tacker/tests/unit/vm/infra_drivers/openstack/data/hot_tosca_allowed_address_pairs.yaml b/tacker/tests/unit/vm/infra_drivers/openstack/data/hot_tosca_allowed_address_pairs.yaml new file mode 100644 index 000000000..041589c57 --- /dev/null +++ b/tacker/tests/unit/vm/infra_drivers/openstack/data/hot_tosca_allowed_address_pairs.yaml @@ -0,0 +1,88 @@ +heat_template_version: 2013-05-23 + +description: > + VIP Template + +outputs: + mgmt_ip-VDU1: + value: + get_attr: [CP2, fixed_ips, 0, ip_address] + +parameters: {} +resources: + VDU1: + type: OS::Nova::Server + properties: + config_drive: false + flavor: m1.nano + image: {get_resource: VDU1_image} + networks: + - port: + get_resource: CP1 + - port: + get_resource: CP2 + user_data_format: SOFTWARE_CONFIG + CP1: + type: OS::Neutron::Port + properties: + fixed_ips: + - ip_address: 10.10.1.11 + allowed_address_pairs: + - ip_address: 10.10.1.12 + network: existing_network_1 + port_security_enabled: true + security_groups: + - default + + VCP1: + type: OS::Neutron::Port + properties: + fixed_ips: + - ip_address: 10.10.1.12 + network: existing_network_1 + port_security_enabled: true + security_groups: + - default + + CP2: + type: OS::Neutron::Port + properties: + fixed_ips: + - ip_address: 10.10.2.21 + allowed_address_pairs: + - ip_address: 10.10.2.22 + - ip_address: 10.10.2.23 + mac_address: fe:1a:29:d9:36:45 + mac_address: fe:1a:29:d9:36:45 + network: existing_network_2 + port_security_enabled: true + security_groups: + - default + + VCP2: + type: OS::Neutron::Port + properties: + fixed_ips: + - ip_address: 10.10.2.22 + network: existing_network_2 + port_security_enabled: true + security_groups: + - default + + VCP3: + type: OS::Neutron::Port + properties: + fixed_ips: + - ip_address: 10.10.2.23 + network: existing_network_2 + port_security_enabled: true + security_groups: + - default + + VDU1_image: + type: OS::Glance::Image + properties: + container_format: bare + disk_format: raw + location: http://URL/vRouterVNF.qcow2 + name: vm_image diff --git a/tacker/tests/unit/vm/infra_drivers/openstack/data/test_tosca_allowed_address_pairs.yaml b/tacker/tests/unit/vm/infra_drivers/openstack/data/test_tosca_allowed_address_pairs.yaml new file mode 100644 index 000000000..2bb2b53c0 --- /dev/null +++ b/tacker/tests/unit/vm/infra_drivers/openstack/data/test_tosca_allowed_address_pairs.yaml @@ -0,0 +1,105 @@ +tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0 + +description: VIP Template + +metadata: + template_name: vipTemplate + +topology_template: + node_templates: + + VDU1: + type: tosca.nodes.nfv.VDU.Tacker + artifacts: + vm_image: + type: tosca.artifacts.Deployment.Image.VM + file: http://URL/vRouterVNF.qcow2 + properties: + flavor: m1.nano + mgmt_driver: noop + monitoring_policy: + name: ping + actions: + failure: respawn + parameters: + count: 3 + interval: 10 + + CP1: + type: tosca.nodes.nfv.CP.Tacker + properties: + management: true + ip_address: 10.10.1.11 + anti_spoofing_protection: true + allowed_address_pairs: + - ip_address: 10.10.1.12 + security_groups: + - default + requirements: + - virtualLink: + node: VL1 + - virtualBinding: + node: VDU1 + VCP1: + type: tosca.nodes.nfv.CP.Tacker + properties: + management: true + ip_address: 10.10.1.12 + anti_spoofing_protection: true + security_groups: + - default + requirements: + - virtualLink: + node: VL1 + CP2: + type: tosca.nodes.nfv.CP.Tacker + properties: + management: true + mac_address: fe:1a:29:d9:36:45 + ip_address: 10.10.2.21 + anti_spoofing_protection: true + allowed_address_pairs: + - ip_address: 10.10.2.22 + - ip_address: 10.10.2.23 + mac_address: fe:1a:29:d9:36:45 + security_groups: + - default + requirements: + - virtualLink: + node: VL2 + - virtualBinding: + node: VDU1 + VCP2: + type: tosca.nodes.nfv.CP.Tacker + properties: + management: true + ip_address: 10.10.2.22 + anti_spoofing_protection: true + security_groups: + - default + requirements: + - virtualLink: + node: VL2 + VCP3: + type: tosca.nodes.nfv.CP.Tacker + properties: + management: true + ip_address: 10.10.2.23 + anti_spoofing_protection: true + security_groups: + - default + requirements: + - virtualLink: + node: VL2 + + VL1: + type: tosca.nodes.nfv.VL + properties: + network_name: existing_network_1 + vendor: Tacker + + VL2: + type: tosca.nodes.nfv.VL + properties: + network_name: existing_network_2 + vendor: Tacker diff --git a/tacker/tests/unit/vnfm/infra_drivers/openstack/test_openstack.py b/tacker/tests/unit/vnfm/infra_drivers/openstack/test_openstack.py index b2cc41c67..1dc17773a 100644 --- a/tacker/tests/unit/vnfm/infra_drivers/openstack/test_openstack.py +++ b/tacker/tests/unit/vnfm/infra_drivers/openstack/test_openstack.py @@ -398,6 +398,12 @@ class TestOpenStack(base.TestCase): 'hot_tosca_security_groups.yaml' ) + def test_create_port_with_allowed_address_pairs(self): + self._test_assert_equal_for_tosca_templates( + 'test_tosca_allowed_address_pairs.yaml', + 'hot_tosca_allowed_address_pairs.yaml' + ) + def test_create_port_with_mac_and_ip(self): self._test_assert_equal_for_tosca_templates( 'test_tosca_mac_ip.yaml', diff --git a/tacker/vnfm/tosca/lib/tacker_defs.yaml b/tacker/vnfm/tosca/lib/tacker_defs.yaml index 3267d79dd..4da9d8f58 100644 --- a/tacker/vnfm/tosca/lib/tacker_defs.yaml +++ b/tacker/vnfm/tosca/lib/tacker_defs.yaml @@ -72,6 +72,17 @@ data_types: type: map required: false + tosca.datatypes.tacker.VirtualIP: + properties: + ip_address: + type: string + required: true + description: The virtual IP address allowed to be paired with. + mac_address: + type: string + required: false + description: The mac address allowed to be paired with specific virtual IP. + policy_types: tosca.policies.tacker.Placement: derived_from: tosca.policies.Root diff --git a/tacker/vnfm/tosca/lib/tacker_nfv_defs.yaml b/tacker/vnfm/tosca/lib/tacker_nfv_defs.yaml index 346d4499d..f4f151490 100644 --- a/tacker/vnfm/tosca/lib/tacker_nfv_defs.yaml +++ b/tacker/vnfm/tosca/lib/tacker_nfv_defs.yaml @@ -233,6 +233,11 @@ node_types: anti_spoofing_protection: type: boolean required: false + allowed_address_pairs: + type: list + entry_schema: + type: tosca.datatypes.tacker.VirtualIP + required: false security_groups: type: list required: false