openstack/tacker
Code Issues Proposed changes

Add allowed_address_pairs support in tacker CP

Browse Source 
Currently the tacker connection point (CP) support Virtural IP only if
the security group is off (via anti_spoofing_protection off).
But it's good to have both by supporting allowed_address_pairs.
This RFE is for this purpose.

Closes-Bug: #1664805
Change-Id: I9fa1d4b69f8cbf51b047110cd6cfa61fb91a0bf0
This commit is contained in:
futangw 2017-02-15 15:45:07 -05:00
parent 324a443806
commit e1bc853b72
7 changed files with 313 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
releasenotes/notes/add-allowed_address_pairs-support-for-Tacker-73f5d476a54b4182.yaml Normal file
View File

@ -0,0 +1,4 @@
---
features:
- Add allowed_address_pairs support in CP's properties,
so Virtual IP is enabled via Tacker.

94
samples/tosca-templates/vnfd/tosca-vnfd-vip.yaml Normal file
View File

@ -0,0 +1,94 @@
tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0
description: |
Demo example with virtural IP.
The VCP is used to grab an IP which will be used as an virtual IP as CP1 and CP2.
metadata:
template_name: sample-tosca-vnfd-vip
topology_template:
node_templates:
VDU1:
type: tosca.nodes.nfv.VDU.Tacker
capabilities:
nfv_compute:
properties:
num_cpus: 1
mem_size: 512 MB
disk_size: 1 GB
properties:
image: cirros-0.3.5-x86_64-disk
availability_zone: nova
mgmt_driver: noop
config: |
param0: key1
param1: key2
CP1:
type: tosca.nodes.nfv.CP.Tacker
properties:
management: true
anti_spoofing_protection: true
security_groups:
- default
ip_address: 10.10.1.11
order: 0
allowed_address_pairs:
- ip_address: 10.10.1.13
requirements:
- virtualLink:
node: VL1
- virtualBinding:
node: VDU1
VDU2:
type: tosca.nodes.nfv.VDU.Tacker
capabilities:
nfv_compute:
properties:
num_cpus: 1
mem_size: 512 MB
disk_size: 1 GB
properties:
image: cirros-0.3.5-x86_64-disk
availability_zone: nova
mgmt_driver: noop
config: |
param0: key1
param1: key2
CP2:
type: tosca.nodes.nfv.CP.Tacker
properties:
management: true
anti_spoofing_protection: true
security_groups:
- default
ip_address: 10.10.1.12
order: 0
allowed_address_pairs:
- ip_address: 10.10.1.13
requirements:
- virtualLink:
node: VL1
- virtualBinding:
node: VDU2
VCP:
type: tosca.nodes.nfv.CP.Tacker
properties:
management: true
anti_spoofing_protection: true
security_groups:
- default
ip_address: 10.10.1.13
requirements:
- virtualLink:
node: VL1
VL1:
type: tosca.nodes.nfv.VL
properties:
network_name: net1
vendor: Tacker

88
tacker/tests/unit/vm/infra_drivers/openstack/data/hot_tosca_allowed_address_pairs.yaml Normal file
View File

@ -0,0 +1,88 @@
heat_template_version: 2013-05-23
description: >
VIP Template
outputs:
mgmt_ip-VDU1:
value:
get_attr: [CP2, fixed_ips, 0, ip_address]
parameters: {}
resources:
VDU1:
type: OS::Nova::Server
properties:
config_drive: false
flavor: m1.nano
image: {get_resource: VDU1_image}
networks:
- port:
get_resource: CP1
- port:
get_resource: CP2
user_data_format: SOFTWARE_CONFIG
CP1:
type: OS::Neutron::Port
properties:
fixed_ips:
- ip_address: 10.10.1.11
allowed_address_pairs:
- ip_address: 10.10.1.12
network: existing_network_1
port_security_enabled: true
security_groups:
- default
VCP1:
type: OS::Neutron::Port
properties:
fixed_ips:
- ip_address: 10.10.1.12
network: existing_network_1
port_security_enabled: true
security_groups:
- default
CP2:
type: OS::Neutron::Port
properties:
fixed_ips:
- ip_address: 10.10.2.21
allowed_address_pairs:
- ip_address: 10.10.2.22
- ip_address: 10.10.2.23
mac_address: fe:1a:29:d9:36:45
mac_address: fe:1a:29:d9:36:45
network: existing_network_2
port_security_enabled: true
security_groups:
- default
VCP2:
type: OS::Neutron::Port
properties:
fixed_ips:
- ip_address: 10.10.2.22
network: existing_network_2
port_security_enabled: true
security_groups:
- default
VCP3:
type: OS::Neutron::Port
properties:
fixed_ips:
- ip_address: 10.10.2.23
network: existing_network_2
port_security_enabled: true
security_groups:
- default
VDU1_image:
type: OS::Glance::Image
properties:
container_format: bare
disk_format: raw
location: http://URL/vRouterVNF.qcow2
name: vm_image

105
tacker/tests/unit/vm/infra_drivers/openstack/data/test_tosca_allowed_address_pairs.yaml Normal file
View File

@ -0,0 +1,105 @@
tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0
description: VIP Template
metadata:
template_name: vipTemplate
topology_template:
node_templates:
VDU1:
type: tosca.nodes.nfv.VDU.Tacker
artifacts:
vm_image:
type: tosca.artifacts.Deployment.Image.VM
file: http://URL/vRouterVNF.qcow2
properties:
flavor: m1.nano
mgmt_driver: noop
monitoring_policy:
name: ping
actions:
failure: respawn
parameters:
count: 3
interval: 10
CP1:
type: tosca.nodes.nfv.CP.Tacker
properties:
management: true
ip_address: 10.10.1.11
anti_spoofing_protection: true
allowed_address_pairs:
- ip_address: 10.10.1.12
security_groups:
- default
requirements:
- virtualLink:
node: VL1
- virtualBinding:
node: VDU1
VCP1:
type: tosca.nodes.nfv.CP.Tacker
properties:
management: true
ip_address: 10.10.1.12
anti_spoofing_protection: true
security_groups:
- default
requirements:
- virtualLink:
node: VL1
CP2:
type: tosca.nodes.nfv.CP.Tacker
properties:
management: true
mac_address: fe:1a:29:d9:36:45
ip_address: 10.10.2.21
anti_spoofing_protection: true
allowed_address_pairs:
- ip_address: 10.10.2.22
- ip_address: 10.10.2.23
mac_address: fe:1a:29:d9:36:45
security_groups:
- default
requirements:
- virtualLink:
node: VL2
- virtualBinding:
node: VDU1
VCP2:
type: tosca.nodes.nfv.CP.Tacker
properties:
management: true
ip_address: 10.10.2.22
anti_spoofing_protection: true
security_groups:
- default
requirements:
- virtualLink:
node: VL2
VCP3:
type: tosca.nodes.nfv.CP.Tacker
properties:
management: true
ip_address: 10.10.2.23
anti_spoofing_protection: true
security_groups:
- default
requirements:
- virtualLink:
node: VL2
VL1:
type: tosca.nodes.nfv.VL
properties:
network_name: existing_network_1
vendor: Tacker
VL2:
type: tosca.nodes.nfv.VL
properties:
network_name: existing_network_2
vendor: Tacker

6
tacker/tests/unit/vnfm/infra_drivers/openstack/test_openstack.py
View File

@ -398,6 +398,12 @@ class TestOpenStack(base.TestCase):
'hot_tosca_security_groups.yaml' 'hot_tosca_security_groups.yaml'
) )
def test_create_port_with_allowed_address_pairs(self):
self._test_assert_equal_for_tosca_templates(
'test_tosca_allowed_address_pairs.yaml',
'hot_tosca_allowed_address_pairs.yaml'
)
def test_create_port_with_mac_and_ip(self): def test_create_port_with_mac_and_ip(self):
self._test_assert_equal_for_tosca_templates( self._test_assert_equal_for_tosca_templates(
'test_tosca_mac_ip.yaml', 'test_tosca_mac_ip.yaml',

11
tacker/vnfm/tosca/lib/tacker_defs.yaml
View File

@ -72,6 +72,17 @@ data_types:
type: map type: map
required: false required: false
tosca.datatypes.tacker.VirtualIP:
properties:
ip_address:
type: string
required: true
description: The virtual IP address allowed to be paired with.
mac_address:
type: string
required: false
description: The mac address allowed to be paired with specific virtual IP.
policy_types: policy_types:
tosca.policies.tacker.Placement: tosca.policies.tacker.Placement:
derived_from: tosca.policies.Root derived_from: tosca.policies.Root

5
tacker/vnfm/tosca/lib/tacker_nfv_defs.yaml
View File

@ -233,6 +233,11 @@ node_types:
anti_spoofing_protection: anti_spoofing_protection:
type: boolean type: boolean
required: false required: false
allowed_address_pairs:
type: list
entry_schema:
type: tosca.datatypes.tacker.VirtualIP
required: false
security_groups: security_groups:
type: list type: list
required: false required: false