HEAT template support for disabling port security with providernet
Hello,
It seems that HEAT currently does not support disabling port security for a provider network. The network has to be updated manually after creation to disable port security. Is this by design or a new enhancement/fix, or already being worked/fixed?
Currently running Mitaka.
Snippet of template:
....
resources:
network:
type: OS::Neutron::ProviderNet
properties:
name:
str_replace:
template: vlan-vlanid%
params:
vlanid%: { get_param: vlanid }
network_type: vlan
physical_network: physnet2
port_security_enabled: false <----------problematic line
segmentation_id: { get_param: vlanid }
shared: True
admin_state_up: True
....
heat stack-create fails with following error:
ERROR: Property error: : resources.network.properties: : Unknown Property port_security_enabled
removing port_security_enabled line results in succcessful creation:
root@node-15:~# neutron net-show vlan-1112
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2016-12-14T19:06:46 |
| description | |
| id | d767ebaa-7374-43b9-b3cc-b0f2a5a88edc |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | vlan-1111 |
| port_security_enabled | True |
| provider:network_type | vlan |
| provider:physical_network | physnet2 |
| provider:segmentation_id | 1111 |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | 9ee5899e-3d4e-4af3-8b6c-8fde3c85abfd |
| tags | |
| tenant_id | d33081a56e894279902c94a4a0956225 |
| updated_at | 2016-12-14T19:06:46 |
+---------------------------+--------------------------------------+
but have to manually disable with following command:
neutron net-update vlan-1111 --port_security_enabled false
add a comment
