OpenStack Heat

Instance resource doesn't allow IP assignment to VPC/quantum network

Bug #1096013 reported by Steven Hardy
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
OpenStack Heat
Fix Released
High
Steve Baker
OpenStack Heat 2013.1 "grizzly"
Grizzly
Fix Released
High
Steve Baker
OpenStack Heat grizzly-rc1 "rc1"

Bug Description

Now we have initial support for quantum-based VPC resources, we need a way to assign an instance to a specific virtual private subnet.

This probably means we need to implement PrivateIpAddress/SubnetId properties for AWS::EC2::Instance, maybe NetworkInterfaces/AWS::EC2::NetworkInterface too.

Revision history for this message
Steven Hardy (shardy) wrote :

Setting this to High importance - this has been a FAQ from users on IRC recently so there seems to be a need to add this functionality.

Changed in heat:
status: New → Triaged
importance: Undecided → High
Steven Dake (sdake)
Changed in heat:
milestone: none → grizzly-3
Steve Baker (steve-stevebaker)
Changed in heat:
assignee: nobody → Steve Baker (steve-stevebaker)
Revision history for this message
Steve Baker (steve-stevebaker) wrote :
Download full text (11.6 KiB)

From: <email address hidden>

I have some questions regarding the integration of Quantum in Heat:
- I haven't found a way to attach an instance resource to a Quantum port that already exists. Is it possible?
- When I create a Quantum port in my template and binds the instance to that port, why does Heat still create an additional port to the tenant-owned network?

I have created a very simple template to test:

{
  "AWSTemplateFormatVersion" : "2010-09-09",

  "Description" : "Test creation of Quantum resources with a very simple instance",

  "Parameters" : {

    "KeyName" : {
      "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances",
      "Type" : "String"
    },

    "NetworkUuid" : {
      "Description" : "Network UUID",
      "Type" : "String"
    },

    "SubnetUuid" : {
      "Description" : "Network UUID",
      "Type" : "String"
    }
  },

  "Resources" : {
    "QuantumPort": {
      "Type": "OS::Quantum::Port",
      "Properties": {
        "network_id": { "Ref" : "NetworkUuid" },
        "device_id": { "Ref": "CirrosInstance" },
        "fixed_ips": [{
          "subnet_id": { "Ref" : "SubnetUuid" },
          "ip_address": "10.0.0.100"
        }]
      }
    },

    "DefaultSecurityGroup" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupDescription" : "Enable ICMP plus SSH access",
        "SecurityGroupIngress" : [
          {"IpProtocol" : "icmp", "FromPort" : "-1", "ToPort" : "-1", "CidrIp" : "0.0.0.0/0"},
          {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0"}
        ]
      }
    },

    "CirrosInstance": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId" : "cirros-0.3.0-x86_64-uec",
        "InstanceType" : "m1.nano",
        "KeyName" : { "Ref" : "KeyName" },
        "SecurityGroups" : [ {"Ref" : "DefaultSecurityGroup"} ]
      }
    }
  },

  "Outputs" : {
    "InstanceIPAddress" : {
      "Value" : { "Fn::GetAtt" : ["CirrosInstance", "PrivateIp"] },
      "Description": "Private IP address of the instance"
    }
  }
}

For my tests, I use devstack and the Open vSwitch plugin. After the stack is created, the instance is up and running but it is connected to 2 ports:

$ heat stack-show cirros
+----------------------+-----------------------------------------------------------------------------------------------------------------+
| Property | Value |
 +----------------------+-----------------------------------------------------------------------------------------------------------------+
| capabilities | [] |
| creation_time | 2013-02-05T09:11:39Z |
| description | Test creation of Quantum resources with a very simple |
| | instance ...

Revision history for this message
Steve Baker (steve-stevebaker) wrote :

I've replicated the issue with the above template

Changed in heat:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/21622

Revision history for this message
Steve Baker (steve-stevebaker) wrote :

With the above proposed fix, the above example template would instead contain:
...
    "QuantumPort": {
      "Type": "OS::Quantum::Port",
      "Properties": {
        "network_id": { "Ref" : "NetworkUuid" },
        "fixed_ips": [{
          "subnet_id": { "Ref" : "SubnetUuid" },
          "ip_address": "10.0.0.100"
        }]
      }
    },
...
    "CirrosInstance": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
...
        "NetworkInterfaces" : [ { "Ref" : "QuantumPort"} ],
...
      }
    }

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (master)

Reviewed: https://review.openstack.org/21622
Committed: http://github.com/openstack/heat/commit/15e0532428fffa46c3da7b1e2e58a7b47fc7a430
Submitter: Jenkins
Branch: master

commit 15e0532428fffa46c3da7b1e2e58a7b47fc7a430
Author: Steve Baker <email address hidden>
Date: Mon Feb 11 14:31:09 2013 +1300

    Implement NetworkInterfaces instance property.

    This accepts a list of strings, where each string will be a Ref
    to either a OS::Quantum::Port or a (yet to be implemented)
    AWS::EC2::NetworkInterface.

    This fixes bug 1096013

    Change-Id: Ic8aecf8d59395edcf111b3a778e79762af0e50d4

Changed in heat:
status: In Progress → Fix Committed
Revision history for this message
Steve Baker (steve-stevebaker) wrote :

I've realised that another change will be needed here to be properly
compatible with CloudFormation.

As its implemented now, the instance takes a property like this:
"NetworkInterfaces" : [ {"Ref" : "controlXface"} ],

Whereas according to
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-network-interface.html
it should look like this:
"NetworkInterfaces" : [ {
         "NetworkInterfaceId" : {"Ref" : "controlXface"}, "DeviceIndex"
: "1" } ],

I'll most likely implement this in a way which supports either approach

Steven Dake (sdake)
no longer affects: heat
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/23645

Changed in heat:
assignee: nobody → Steve Baker (steve-stevebaker)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (master)

Reviewed: https://review.openstack.org/23645
Committed: http://github.com/openstack/heat/commit/cfcaa895a6357a4bc08ce84928541f2d80c5b0e7
Submitter: Jenkins
Branch: master

commit cfcaa895a6357a4bc08ce84928541f2d80c5b0e7
Author: Steve Baker <email address hidden>
Date: Wed Mar 6 15:29:12 2013 +1300

    Allow instance NetworkInterfaces to be list of str or dict

    It should be possible to specify NetworkInterfaces of an instance either
    as an array of strings or as an array of dicts.

    The following should now be possible:
    This will define nics in the order specified by DeviceIndex
    "NetworkInterfaces" : [
      { "NetworkInterfaceId" : {"Ref" : "controlXface"}, "DeviceIndex" : "0" },
      { "NetworkInterfaceId" : {"Ref" : "controlXface2"}, "DeviceIndex" : "1" },
    ],

    This will define nics in the order specified by list position
    "NetworkInterfaces" : [{"Ref" : "controlXface"}, {"Ref" : "controlXface2"}],

    Mixing the 2 forms is supported but the resulting order is not defined.

    Amazon documentation is ambigious about which form is actually supported
    http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2-instance-networkinterfaces
    http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-ec2.html#cfn-template-snippets-eni
    Fixes: Bug #1096013

    Change-Id: Id387d2e750cbe533a9b8a1fedc49d5bcf690fbcf

Changed in heat:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in heat:
milestone: none → grizzly-rc1
status: Fix Committed → Fix Released
Steven Dake (sdake)
Changed in heat:
importance: Undecided → High
Thierry Carrez (ttx)
Changed in heat:
milestone: grizzly-rc1 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.