From 4f8f68dea9b168a933b1e05d89ed30e1bb4d8fbd Mon Sep 17 00:00:00 2001 From: Ross Brattain Date: Wed, 5 Jul 2017 01:36:47 -0700 Subject: heat: port_security_enabled, allowed_address_pairs, disable gateway_ip xe0: cidr: '10.0.2.0/24' vld_id: public allowed_address_pairs: - ip_address: '0.0.0.0/0' xe1: cidr: '10.0.3.0/24' vld_id: private allowed_address_pairs: - ip_address: '0.0.0.0/0' We need to disable gateways on data plane interfaces With TGs and VFNs we probably don't need gateway on data interfaces Change-Id: I276a7d591a0a3ff03877c4f525303fc2874de683 Signed-off-by: Ross Brattain --- yardstick/orchestrator/heat.py | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) (limited to 'yardstick/orchestrator/heat.py') diff --git a/yardstick/orchestrator/heat.py b/yardstick/orchestrator/heat.py index 2a907d124..57b23d393 100644 --- a/yardstick/orchestrator/heat.py +++ b/yardstick/orchestrator/heat.py @@ -231,13 +231,16 @@ name (i.e. %s).\ } def add_network(self, name, physical_network='physnet1', provider=None, - segmentation_id=None): + segmentation_id=None, port_security_enabled=True): """add to the template a Neutron Net""" log.debug("adding Neutron::Net '%s'", name) if provider is None: self.resources[name] = { 'type': 'OS::Neutron::Net', - 'properties': {'name': name} + 'properties': { + 'name': name, + 'port_security_enabled': port_security_enabled, + } } else: self.resources[name] = { @@ -245,12 +248,12 @@ name (i.e. %s).\ 'properties': { 'name': name, 'network_type': 'vlan', - 'physical_network': physical_network - } + 'physical_network': physical_network, + 'port_security_enabled': port_security_enabled, + }, } if segmentation_id: - seg_id_dit = {'segmentation_id': segmentation_id} - self.resources[name]["properties"].update(seg_id_dit) + self.resources[name]['properties']['segmentation_id'] = segmentation_id def add_server_group(self, name, policies): # pragma: no cover """add to the template a ServerGroup""" @@ -262,8 +265,9 @@ name (i.e. %s).\ 'policies': policies} } - def add_subnet(self, name, network, cidr): - """add to the template a Neutron Subnet""" + def add_subnet(self, name, network, cidr, enable_dhcp='true', gateway_ip=None): + """add to the template a Neutron Subnet + """ log.debug("adding Neutron::Subnet '%s' in network '%s', cidr '%s'", name, network, cidr) self.resources[name] = { @@ -272,9 +276,12 @@ name (i.e. %s).\ 'properties': { 'name': name, 'cidr': cidr, - 'network_id': {'get_resource': network} + 'network_id': {'get_resource': network}, + 'enable_dhcp': enable_dhcp, } } + if gateway_ip is not None: + self.resources[name]['properties']['gateway_ip'] = gateway_ip self._template['outputs'][name] = { 'description': 'subnet %s ID' % name, @@ -316,9 +323,10 @@ name (i.e. %s).\ } } - def add_port(self, name, network_name, subnet_name, sec_group_id=None, - provider=None): - """add to the template a named Neutron Port""" + def add_port(self, name, network_name, subnet_name, sec_group_id=None, provider=None, + allowed_address_pairs=None): + """add to the template a named Neutron Port + """ log.debug("adding Neutron::Port '%s', network:'%s', subnet:'%s', " "secgroup:%s", name, network_name, subnet_name, sec_group_id) self.resources[name] = { @@ -341,6 +349,10 @@ name (i.e. %s).\ self.resources[name]['properties']['security_groups'] = \ [sec_group_id] + if allowed_address_pairs: + self.resources[name]['properties'][ + 'allowed_address_pairs'] = allowed_address_pairs + self._template['outputs'][name] = { 'description': 'Address for interface %s' % name, 'value': {'get_attr': [name, 'fixed_ips', 0, 'ip_address']} -- cgit 1.2.3-korg