Ask Your Question
1

HEAT template support for disabling port security with providernet

asked 2017-01-03 17:56:36 -0500

dg5803 gravatar image

Hello,

It seems that HEAT currently does not support disabling port security for a provider network. The network has to be updated manually after creation to disable port security. Is this by design or a new enhancement/fix, or already being worked/fixed?

Currently running Mitaka.

Snippet of template:

....
resources:
   network:
    type: OS::Neutron::ProviderNet
    properties:
      name:
        str_replace:
          template: vlan-vlanid%
          params:
            vlanid%: { get_param: vlanid }
      network_type: vlan
      physical_network: physnet2
      port_security_enabled: false <----------problematic line
      segmentation_id: { get_param: vlanid }
      shared: True
      admin_state_up: True
....

heat stack-create fails with following error:

ERROR: Property error: : resources.network.properties: : Unknown Property port_security_enabled

removing port_security_enabled line results in succcessful creation:

root@node-15:~# neutron net-show vlan-1112
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2016-12-14T19:06:46                  |
| description               |                                      |
| id                        | d767ebaa-7374-43b9-b3cc-b0f2a5a88edc |
| ipv4_address_scope        |                                      |
| ipv6_address_scope        |                                      |
| mtu                       | 1500                                 |
| name                      | vlan-1111                            |
| port_security_enabled     | True                                 |
| provider:network_type     | vlan                                 |
| provider:physical_network | physnet2                             |
| provider:segmentation_id  | 1111                                 |
| router:external           | False                                |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | 9ee5899e-3d4e-4af3-8b6c-8fde3c85abfd |
| tags                      |                                      |
| tenant_id                 | d33081a56e894279902c94a4a0956225     |
| updated_at                | 2016-12-14T19:06:46                  |
+---------------------------+--------------------------------------+

but have to manually disable with following command:

neutron net-update vlan-1111 --port_security_enabled false

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2017-01-04 10:55:37 -0500

zaneb gravatar image

There's no property for it:

http://docs.openstack.org/developer/h...

I'd guess that this flag was added to Neutron after the resource type was created, and it was never updated. Feel free to raise a bug and/or submit a patch to add support.

edit flag offensive delete link more

Comments

Thanks for the confirmation of my suspicion. I have submitted a bug: https://bugs.launchpad.net/heat/+bug/1654048

dg5803 gravatar imagedg5803 ( 2017-01-04 13:01:56 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-01-03 17:56:36 -0500

Seen: 4,769 times

Last updated: Jan 04 '17