praneetb/contrail-heat

## contrail-heat
With Release 3.0, contrail-heat resources/templates are being auto-generated from the Schema.

The generated resources/templates are part of the python-contrail package and located in
/usr/lib/python2.7/dist-packages/vnc_api/gen/heat/ directory. This directory has three sub-directories

1. resources/
   This sub-directory contains all the resources for the contrail-heat plugin. It runs in the context
   of the heat-engine service.
2. templates/
   This sub-directory contains template for each resource. They are sample templates with every possible
   parameter in the schema. They should be used as a reference when you build up more complex templates
   for your network design.
3. env/
   This sub-directories contains environment for input to each template.

Installation of contrail-heat
-----------------------------
Install the contrail-heat and python-contrail(vnc_api) package on the node running the openstack-heat.
contrail-heat resources use the vnc_api to communicate to the contrail-controller.

Configuration to use contrail-heat
----------------------------------
Following changes are needed to the /etc/heat/heat.conf

1. In the [DEFAULT] section, provide the plugin_dirs options
[DEFAULT]
...
plugin_dirs = /usr/lib/python2.7/dist-packages/vnc_api/gen/heat/resources
...

2. Add a new section [clients_contrail] as follows
[clients_contrail]
user = <user_name>
password = <password>
tenant = <tenant_name>
api_server = <Ip address of contrail-controller>
api_base_url = /

ANY change in the heat.conf file or the resources under the plugin_dirs need the
service heat-engine to be restarted "service heat-engine restart"

The Heat Plugin Resources
-------------------------
Here is a list of all the generated plugin resources supported by contrail-heat.

access_control_list_heat.py
analytics_node_heat.py
api_access_list_heat.py
bgp_as_a_service_heat.py
bgp_router_heat.py
config_node_heat.py
config_root_heat.py
customer_attachment_heat.py
database_node_heat.py
discovery_service_assignment_heat.py
domain_heat.py
dsa_rule_heat.py
floating_ip_heat.py
floating_ip_pool_heat.py
global_system_config_heat.py
global_vrouter_config_heat.py
instance_ip_heat.py
interface_route_table_heat.py
loadbalancer_healthmonitor_heat.py
loadbalancer_heat.py
loadbalancer_listener_heat.py
loadbalancer_member_heat.py
loadbalancer_pool_heat.py
logical_interface_heat.py
logical_router_heat.py
namespace_heat.py
network_ipam_heat.py
network_policy_heat.py
physical_interface_heat.py
physical_router_heat.py
port_tuple_heat.py
project_heat.py
provider_attachment_heat.py
qos_forwarding_class_heat.py
qos_queue_heat.py
route_aggregate_heat.py
route_table_heat.py
route_target_heat.py
routing_instance_heat.py
routing_policy_heat.py
security_group_heat.py
service_appliance_heat.py
service_appliance_set_heat.py
service_health_check_heat.py
service_instance_heat.py
service_template_heat.py
subnet_heat.py
virtual_DNS_heat.py
virtual_DNS_record_heat.py
virtual_ip_heat.py
virtual_machine_heat.py
virtual_machine_interface_heat.py
virtual_network_heat.py
virtual_router_heat.py

Contrail Heat templates migration from R2.x to R3.0
---------------------------------------------------
The contrail-heat resources in R2.X were hand coded and did not follow any process to name
the parameters in the resources defintion. The new R3.0 contrail-heat resources are
auto-generated from the schema and resource defintion follows the schema parameter defintion.
As a result, the templates from release R2.X are no longer compatible with the new R3.0 templates.
We will have to redo the templates in R3.0.

While coding any template for R3.0 release, look at the
/usr/lib/python2.7/dist-packages/vnc_api/gen/heat/template
Here you will find sample template defintion of each resource with each possible parameter.

Here is an example of virtual-network resource. We will convert it to the new template format.

Old Template
------------

  private_net:
    type: OS::Contrail::VirtualNetwork
    properties:
      name: { get_param: net_name }
      shared: { get_param: shared }
      external: { get_param: external }
      route_targets: { "Fn::Split" : [ ",", Ref: route_targets ] }
      forwarding_mode: { get_param: forwarding_mode }
      allow_transit: { get_param: allow_transit }
      flood_unknown_unicast: {get_param: flood_unknown_unicast }

New Template
------------

  private_net:
    type: OS::Contrail::VirtualNetwork
    properties:
      name: { get_param: net_name }
      is_shared: { get_param: shared }
      router_external: { get_param: external }
      route_target_list:
        {
          route_target_list_route_target: [{ get_param: route_target }],
        }
      virtual_network_properties:
        {
          virtual_network_properties_allow_transit: { get_param: allow_transit },
          virtual_network_properties_forwarding_mode: { get_param: forwarding_mode },
        }
      flood_unknown_unicast: {get_param: flood_unknown_unicast }


Another change in R3.0 template is the way one resource is referred by other resource.
We will take an explicit example of a netowkr-policy referred by a virtual-network.
In Release R2.x we had a resource called attach-policy to link network-policy to
the virtual-network. With release R3.0, we now refer the linked resource directly as
a parameter, in this example virtual-network would refer to the network-policy directly.

Old Way of linking network-policy to virtual-network
----------------------------------------------------

resources:
  private_net_1:
    type: OS::Neutron::Net
    properties:
      name: { get_param: private_net_1_name }

  private_net_2:
    type: OS::Neutron::Net
    properties:
      name: { get_param: private_net_2_name }

  private_policy:
    type: OS::Contrail::NetworkPolicy
    properties:
      name: { get_param: policy_name }
      entries:
        policy_rule: [
              {
                "direction": { get_param: direction },
                "protocol": "any",
                "src_ports": [{"start_port": {get_param: start_src_ports}, "end_port": {get_param: end_src_ports}}],
                "dst_ports": [{"start_port": {get_param: start_dst_ports}, "end_port": {get_param: end_dst_ports}}],
                "dst_addresses": [{ "virtual_network": {get_resource: private_net_1}}],
                "action_list": {"simple_action": {get_param: action}},
                "src_addresses": [{ "virtual_network": {get_resource: private_net_2}}]
              },
        ]

   private_policy_attach_net:
    type: OS::Contrail::AttachPolicy
    properties:
      network: { get_resource: private_net_1 }
      policy: { get_attr: [private_policy, fq_name] }

   private_policy_attach_net2:
    type: OS::Contrail::AttachPolicy
    properties:
      network: { get_resource: private_net_2 }
      policy: { get_attr: [private_policy, fq_name] }


New Way of linking network-policy to virtual-network
----------------------------------------------------

  template_VirtualNetwork_2:
    type: OS::Contrail::VirtualNetwork
    depends_on: [ template_NetworkPolicy ]
    properties:
      name: { get_param: left_vn }
      network_policy_refs: [{ list_join: [':', { get_attr: [ template_NetworkPolicy, fq_name ] } ] }]
      network_policy_refs_data:
        [{
          network_policy_refs_data_sequence:
            {
              network_policy_refs_data_sequence_major: 0,
              network_policy_refs_data_sequence_minor: 0,
            },
        }]

  template_NetworkPolicy:
    type: OS::Contrail::NetworkPolicy
    properties:
      name: { get_param: policy_name }
      network_policy_entries:
        {
            network_policy_entries_policy_rule: [{
              network_policy_entries_policy_rule_direction: { get_param: direction },
              network_policy_entries_policy_rule_protocol: { get_param: protocol },
              network_policy_entries_policy_rule_src_ports: [{
                network_policy_entries_policy_rule_src_ports_start_port: { get_param: src_port_start },
                network_policy_entries_policy_rule_src_ports_end_port: { get_param: src_port_end }
              }],
              network_policy_entries_policy_rule_dst_ports: [{
                network_policy_entries_policy_rule_dst_ports_start_port: { get_param: dst_port_start },
                network_policy_entries_policy_rule_dst_ports_end_port: { get_param: dst_port_end }
              }],
              network_policy_entries_policy_rule_dst_addresses: [{
                network_policy_entries_policy_rule_dst_addresses_virtual_network: { get_param: right_vn_fqdn }
              }],
              network_policy_entries_policy_rule_src_addresses: [{
                network_policy_entries_policy_rule_src_addresses_virtual_network: { get_param: left_vn_fqdn }
              }],
              network_policy_entries_policy_rule_action_list: {
                network_policy_entries_policy_rule_action_list_simple_action: { get_param: simple_action },
                network_policy_entries_policy_rule_action_list_apply_service: [[{ get_param: service_instance_fq_name }]]
              },
           }]
        }
	With Release 3.0, contrail-heat resources/templates are being auto-generated from the Schema.

	The generated resources/templates are part of the python-contrail package and located in
	/usr/lib/python2.7/dist-packages/vnc_api/gen/heat/ directory. This directory has three sub-directories

	1. resources/
	This sub-directory contains all the resources for the contrail-heat plugin. It runs in the context
	of the heat-engine service.
	2. templates/
	This sub-directory contains template for each resource. They are sample templates with every possible
	parameter in the schema. They should be used as a reference when you build up more complex templates
	for your network design.
	3. env/
	This sub-directories contains environment for input to each template.

	Installation of contrail-heat
	-----------------------------
	Install the contrail-heat and python-contrail(vnc_api) package on the node running the openstack-heat.
	contrail-heat resources use the vnc_api to communicate to the contrail-controller.

	Configuration to use contrail-heat
	----------------------------------
	Following changes are needed to the /etc/heat/heat.conf

	1. In the [DEFAULT] section, provide the plugin_dirs options
	[DEFAULT]
	...
	plugin_dirs = /usr/lib/python2.7/dist-packages/vnc_api/gen/heat/resources
	...

	2. Add a new section [clients_contrail] as follows
	[clients_contrail]
	user = <user_name>
	password = <password>
	tenant = <tenant_name>
	api_server = <Ip address of contrail-controller>
	api_base_url = /

	ANY change in the heat.conf file or the resources under the plugin_dirs need the
	service heat-engine to be restarted "service heat-engine restart"

	The Heat Plugin Resources
	-------------------------
	Here is a list of all the generated plugin resources supported by contrail-heat.

	access_control_list_heat.py
	analytics_node_heat.py
	api_access_list_heat.py
	bgp_as_a_service_heat.py
	bgp_router_heat.py
	config_node_heat.py
	config_root_heat.py
	customer_attachment_heat.py
	database_node_heat.py
	discovery_service_assignment_heat.py
	domain_heat.py
	dsa_rule_heat.py
	floating_ip_heat.py
	floating_ip_pool_heat.py
	global_system_config_heat.py
	global_vrouter_config_heat.py
	instance_ip_heat.py
	interface_route_table_heat.py
	loadbalancer_healthmonitor_heat.py
	loadbalancer_heat.py
	loadbalancer_listener_heat.py
	loadbalancer_member_heat.py
	loadbalancer_pool_heat.py
	logical_interface_heat.py
	logical_router_heat.py
	namespace_heat.py
	network_ipam_heat.py
	network_policy_heat.py
	physical_interface_heat.py
	physical_router_heat.py
	port_tuple_heat.py
	project_heat.py
	provider_attachment_heat.py
	qos_forwarding_class_heat.py
	qos_queue_heat.py
	route_aggregate_heat.py
	route_table_heat.py
	route_target_heat.py
	routing_instance_heat.py
	routing_policy_heat.py
	security_group_heat.py
	service_appliance_heat.py
	service_appliance_set_heat.py
	service_health_check_heat.py
	service_instance_heat.py
	service_template_heat.py
	subnet_heat.py
	virtual_DNS_heat.py
	virtual_DNS_record_heat.py
	virtual_ip_heat.py
	virtual_machine_heat.py
	virtual_machine_interface_heat.py
	virtual_network_heat.py
	virtual_router_heat.py

	Contrail Heat templates migration from R2.x to R3.0
	---------------------------------------------------
	The contrail-heat resources in R2.X were hand coded and did not follow any process to name
	the parameters in the resources defintion. The new R3.0 contrail-heat resources are
	auto-generated from the schema and resource defintion follows the schema parameter defintion.
	As a result, the templates from release R2.X are no longer compatible with the new R3.0 templates.
	We will have to redo the templates in R3.0.

	While coding any template for R3.0 release, look at the
	/usr/lib/python2.7/dist-packages/vnc_api/gen/heat/template
	Here you will find sample template defintion of each resource with each possible parameter.

	Here is an example of virtual-network resource. We will convert it to the new template format.

	Old Template
	------------

	private_net:
	type: OS::Contrail::VirtualNetwork
	properties:
	name: { get_param: net_name }
	shared: { get_param: shared }
	external: { get_param: external }
	route_targets: { "Fn::Split" : [ ",", Ref: route_targets ] }
	forwarding_mode: { get_param: forwarding_mode }
	allow_transit: { get_param: allow_transit }
	flood_unknown_unicast: {get_param: flood_unknown_unicast }

	New Template
	------------

	private_net:
	type: OS::Contrail::VirtualNetwork
	properties:
	name: { get_param: net_name }
	is_shared: { get_param: shared }
	router_external: { get_param: external }
	route_target_list:
	{
	route_target_list_route_target: [{ get_param: route_target }],
	}
	virtual_network_properties:
	{
	virtual_network_properties_allow_transit: { get_param: allow_transit },
	virtual_network_properties_forwarding_mode: { get_param: forwarding_mode },
	}
	flood_unknown_unicast: {get_param: flood_unknown_unicast }


	Another change in R3.0 template is the way one resource is referred by other resource.
	We will take an explicit example of a netowkr-policy referred by a virtual-network.
	In Release R2.x we had a resource called attach-policy to link network-policy to
	the virtual-network. With release R3.0, we now refer the linked resource directly as
	a parameter, in this example virtual-network would refer to the network-policy directly.

	Old Way of linking network-policy to virtual-network
	----------------------------------------------------

	resources:
	private_net_1:
	type: OS::Neutron::Net
	properties:
	name: { get_param: private_net_1_name }

	private_net_2:
	type: OS::Neutron::Net
	properties:
	name: { get_param: private_net_2_name }

	private_policy:
	type: OS::Contrail::NetworkPolicy
	properties:
	name: { get_param: policy_name }
	entries:
	policy_rule: [
	{
	"direction": { get_param: direction },
	"protocol": "any",
	"src_ports": [{"start_port": {get_param: start_src_ports}, "end_port": {get_param: end_src_ports}}],
	"dst_ports": [{"start_port": {get_param: start_dst_ports}, "end_port": {get_param: end_dst_ports}}],
	"dst_addresses": [{ "virtual_network": {get_resource: private_net_1}}],
	"action_list": {"simple_action": {get_param: action}},
	"src_addresses": [{ "virtual_network": {get_resource: private_net_2}}]
	},
	]

	private_policy_attach_net:
	type: OS::Contrail::AttachPolicy
	properties:
	network: { get_resource: private_net_1 }
	policy: { get_attr: [private_policy, fq_name] }

	private_policy_attach_net2:
	type: OS::Contrail::AttachPolicy
	properties:
	network: { get_resource: private_net_2 }
	policy: { get_attr: [private_policy, fq_name] }


	New Way of linking network-policy to virtual-network
	----------------------------------------------------

	template_VirtualNetwork_2:
	type: OS::Contrail::VirtualNetwork
	depends_on: [ template_NetworkPolicy ]
	properties:
	name: { get_param: left_vn }
	network_policy_refs: [{ list_join: [':', { get_attr: [ template_NetworkPolicy, fq_name ] } ] }]
	network_policy_refs_data:
	[{
	network_policy_refs_data_sequence:
	{
	network_policy_refs_data_sequence_major: 0,
	network_policy_refs_data_sequence_minor: 0,
	},
	}]

	template_NetworkPolicy:
	type: OS::Contrail::NetworkPolicy
	properties:
	name: { get_param: policy_name }
	network_policy_entries:
	{
	network_policy_entries_policy_rule: [{
	network_policy_entries_policy_rule_direction: { get_param: direction },
	network_policy_entries_policy_rule_protocol: { get_param: protocol },
	network_policy_entries_policy_rule_src_ports: [{
	network_policy_entries_policy_rule_src_ports_start_port: { get_param: src_port_start },
	network_policy_entries_policy_rule_src_ports_end_port: { get_param: src_port_end }
	}],
	network_policy_entries_policy_rule_dst_ports: [{
	network_policy_entries_policy_rule_dst_ports_start_port: { get_param: dst_port_start },
	network_policy_entries_policy_rule_dst_ports_end_port: { get_param: dst_port_end }
	}],
	network_policy_entries_policy_rule_dst_addresses: [{
	network_policy_entries_policy_rule_dst_addresses_virtual_network: { get_param: right_vn_fqdn }
	}],
	network_policy_entries_policy_rule_src_addresses: [{
	network_policy_entries_policy_rule_src_addresses_virtual_network: { get_param: left_vn_fqdn }
	}],
	network_policy_entries_policy_rule_action_list: {
	network_policy_entries_policy_rule_action_list_simple_action: { get_param: simple_action },
	network_policy_entries_policy_rule_action_list_apply_service: [[{ get_param: service_instance_fq_name }]]
	},
	}]
	}