[openstack-dev][tacker] Not able to inject firewall configuration to openWRT image while creating vnf

asked 2017-04-05 08:22:41 -0500

vishnu430 gravatar image

updated 2017-04-13 05:30:47 -0500

Hi, I'm running tacker and able to launch vnf through VNF manager. But the configuration of the VNF is not getting injected to VNF. Kindly help me in debugging of injection of configuration

Please find below tosca config file

Blockquote

tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0

description: OpenWRT with firewall services

metadata: template_name: APM

topology_template: node_templates: VDU1: type: tosca.nodes.nfv.VDU.Tacker capabilities: nfv_compute: properties: num_cpus: 1 mem_size: 1024 MB disk_size: 1 GB properties: image: openWRT-image2 config: firewall: | package firewall

        config defaults
            option syn_flood '1'
            option input 'ACCEPT'
            option output 'ACCEPT'
            option forward 'REJECT'

        config zone
            option name 'lan'
            list network 'lan'
            option input 'ACCEPT'
            option output 'ACCEPT'
            option forward 'REJECT'

        config zone
            option name 'wan'
            list network 'wan'
            list network 'wan6'
            option input 'REJECT'
            option output 'ACCEPT'
            option forward 'REJECT'
            option masq '1'
            option mtu_fix '1'

        config forwarding
            option src 'lan'
            option dest 'wan'

        config rule
            option name 'Allow-DHCP-Renew'
            option src 'wan'
            option proto 'udp'
            option dest_port '68'
            option target 'ACCEPT'
            option family 'ipv4'

        config rule
            option name 'Allow-Ping'
            option src 'wan'
            option proto 'icmp'
            option icmp_type 'echo-request'
            option family 'ipv4'
            option target 'REJECT'
    mgmt_driver: openwrt
    monitoring_policy:
      name: ping
      parameters:
        count: 3
        interval: 10
      actions:
        failure: respawn

CP1:
  type: tosca.nodes.nfv.CP.Tacker
  properties:
    management: true
    anti_spoofing_protection: false
  requirements:
    - virtualLink:
        node: VL1
    - virtualBinding:
        node: VDU1

VL1:
  type: tosca.nodes.nfv.VL
  properties:
    network_name: net_mgmt
    vendor: Tacker

Blockquote

Note: haven't seen any ssh connection formed to VNF from host during and after installation.

Thanks && Regards, -Vishnu

edit retag flag offensive close merge delete