Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

HEAT template support for disabling port security with providernet

Hello,

It seems that HEAT currently does not support disabling port security for a provider network. The network has to be updated manually after creation to disable port security. Is this by design or a new enhancement/fix, or already being worked/fixed?

Currently running Mitaka.

Snippet of template:

....
resources:
   network:
    type: OS::Neutron::ProviderNet
    properties:
      name:
        str_replace:
          template: vlan-vlanid%
          params:
            vlanid%: { get_param: vlanid }
      network_type: vlan
      physical_network: physnet2
      port_security_enabled: false <----------problematic line
      segmentation_id: { get_param: vlanid }
      shared: True
      admin_state_up: True
....

heat stack-create fails with following error:

ERROR: Property error: : resources.network.properties: : Unknown Property port_security_enabled

removing port_security_enabled line results in succcessful creation:

root@node-15:~# neutron net-show vlan-1112
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2016-12-14T19:06:46                  |
| description               |                                      |
| id                        | d767ebaa-7374-43b9-b3cc-b0f2a5a88edc |
| ipv4_address_scope        |                                      |
| ipv6_address_scope        |                                      |
| mtu                       | 1500                                 |
| name                      | vlan-1111                            |
| port_security_enabled     | True                                 |
| provider:network_type     | vlan                                 |
| provider:physical_network | physnet2                             |
| provider:segmentation_id  | 1111                                 |
| router:external           | False                                |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | 9ee5899e-3d4e-4af3-8b6c-8fde3c85abfd |
| tags                      |                                      |
| tenant_id                 | d33081a56e894279902c94a4a0956225     |
| updated_at                | 2016-12-14T19:06:46                  |
+---------------------------+--------------------------------------+

but have to manually disable with following command:

neutron net-update vlan-1111 --port_security_enabled false