port security enabled property/attribute isn't supported

Bug #1451629 reported by Isaku Yamahata
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Heat
Fix Released
Medium
yalei wang

Bug Description

In Kilo cycle, Neutron introduced a new attribute to Port, port_security_enabled.
heat doesn't support it.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/179989

Changed in heat:
assignee: nobody → Isaku Yamahata (yamahata)
status: New → In Progress
Changed in heat:
importance: Undecided → Medium
Changed in heat:
assignee: Isaku Yamahata (yamahata) → yalei wang (yalei-wang)
Changed in heat:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in heat:
milestone: none → liberty-2
status: Fix Committed → Fix Released
Revision history for this message
Nguyen Dinh Hai (nguyendinhhai11) wrote :

Hi Isaku Yamahata and Tacker Team,

I have been interested in Tacker project recently and I am a new member in openstack as well.
I have some first practices and investigations about Tacker but when i try to create vnf by CLI, getting stuck with error related to "unknown port_security_enabled". I have researched through Tacker bugs and found this bug which could be relative.
If this bug is reason, seemly the fix will not be present in Kilo release. Btw, For now, Would be higly appreciated if someone could help to overcome this issue? Please don't hesitate asking me if you need more logs or info or correct me if I am wrong at any point.
My local.conf file for installation via devstack is also attached.
Thanks you so much.

tacker03@tacker03-VirtualBox:/opt/stack/tacker/devstack/samples$ tacker vnfd-create --name haidemo1 --vnfd-file openwrt.yaml
Created a new vnfd:
+---------------+----------------------------------------------------------------------------+
| Field | Value |
+---------------+----------------------------------------------------------------------------+
| description | Virtual WRT opensource router |
| id | 9b80fad9-2b43-494e-ac0f-3c8899be594a |
| infra_driver | heat |
| mgmt_driver | openwrt |
| name | haidemo1 |
| service_types | {"service_type": "vnfd", "id": "5ed601ce-dfa7-40a0-887c-e45f3c8a6699"} |
| | {"service_type": "router", "id": "70fa02b0-335b-46f6-b75c-a5cda2b19bfb"} |
| | {"service_type": "firewall", "id": "b96a969b-5566-44a9-8d4a-0e6978cf3995"} |
| tenant_id | 656827eb91bd49ffacc546afcc08fadf |
+---------------+----------------------------------------------------------------------------+
tacker03@tacker03-VirtualBox:/opt/stack/tacker/devstack/samples$ tacker vnf-create --name openwrthai --vnfd-id 9b80fad9-2b43-494e-ac0f-3c8899be594a
ERROR: Property error: : resources.vdu1-net_mgmt-port.properties: : Unknown Property port_security_enabled

Revision history for this message
Steve Baker (steve-stevebaker) wrote :

To work on Kilo the tacker templates will need to set port_security_enabled via the value_specs property. Here is an example from a template I use locally:

  baremetal_port:
    type: OS::Neutron::Port
    properties:
      network: {get_param: provision_net}
      value_specs:
        port_security_enabled: false

This approach will work on all versions of heat.

Revision history for this message
Nguyen Dinh Hai (nguyendinhhai11) wrote :

Thanks Steve Barker so much for pointing me.
Could you please show me detailed steps what I have to do and where or which files should i have to modify here.
I am using virtual box to bring tacker up and devstack for installation. Tacker and openstack is new with me.
From my understanding, you meant that I would have to modify openwrt.yaml with your suggested. Is this right ? or what else here ?
i saw in heat.py port_security_enabled alreade was set false.

template_name: OpenWRT
 description: Virtual WRT opensource router

 service_properties:
   Id: openwrt-vnfd
   vendor: tacker
   version: 1
   type:
     - router
     - firewall

 vdus:
   vdu1:
     id: vdu1
     vm_image: OpenWRT
     instance_type: m1.tiny
     service_type: firewall
     mgmt_driver: openwrt

     network_interfaces:
       management:
         network: net_mgmt
         management: True
       pkt_in:
         network: net0
       pkt_out:
         network: net1

     placement_policy:
       availability_zone: nova

     auto-scaling: noop

     monitoring_policy: ping
     failure_policy: respawn

     monitoring_parameter:
       a:

     config:
       param0: key0
       param1: key1
#######################################################################################

heat.py
@log.log
    def _process_vdu_network_interfaces(self, vdu_id, vdu_dict, properties,
                                        template_dict):
        def make_port_dict():
            port_dict = {
                'type': 'OS::Neutron::Port',
                'properties': {
                    'port_security_enabled': False
                }
            }
            port_dict['properties'].setdefault('fixed_ips', [])
            return port_dict

Revision history for this message
Steve Baker (steve-stevebaker) wrote :

I'm not familiar with tacker, you should ask them for help.

Revision history for this message
Nguyen Dinh Hai (nguyendinhhai11) wrote :

Thanks Baker for pointing me.

Hai.

Revision history for this message
Sridhar Ramaswamy (srics-r) wrote :

Thanks Steve.

Hai,

This is being fixed using https://review.openstack.org/#/c/232682/ for Liberty. It needs to be cherrypicked / backported to Kilo.

Revision history for this message
Nguyen Dinh Hai (nguyendinhhai11) wrote :

Thanks Sridhar for letting me know.

Hai

Thierry Carrez (ttx)
Changed in heat:
milestone: liberty-2 → 5.0.0
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments