Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
With Release 3.0, contrail-heat resources/templates are being auto-generated from the Schema.
The generated resources/templates are part of the python-contrail package and located in
/usr/lib/python2.7/dist-packages/vnc_api/gen/heat/ directory. This directory has three sub-directories
1. resources/
This sub-directory contains all the resources for the contrail-heat plugin. It runs in the context
of the heat-engine service.
2. templates/
This sub-directory contains template for each resource. They are sample templates with every possible
parameter in the schema. They should be used as a reference when you build up more complex templates
for your network design.
3. env/
This sub-directories contains environment for input to each template.
Installation of contrail-heat
-----------------------------
Install the contrail-heat and python-contrail(vnc_api) package on the node running the openstack-heat.
contrail-heat resources use the vnc_api to communicate to the contrail-controller.
Configuration to use contrail-heat
----------------------------------
Following changes are needed to the /etc/heat/heat.conf
1. In the [DEFAULT] section, provide the plugin_dirs options
[DEFAULT]
...
plugin_dirs = /usr/lib/python2.7/dist-packages/vnc_api/gen/heat/resources
...
2. Add a new section [clients_contrail] as follows
[clients_contrail]
user = <user_name>
password = <password>
tenant = <tenant_name>
api_server = <Ip address of contrail-controller>
api_base_url = /
ANY change in the heat.conf file or the resources under the plugin_dirs need the
service heat-engine to be restarted "service heat-engine restart"
The Heat Plugin Resources
-------------------------
Here is a list of all the generated plugin resources supported by contrail-heat.
access_control_list_heat.py
analytics_node_heat.py
api_access_list_heat.py
bgp_as_a_service_heat.py
bgp_router_heat.py
config_node_heat.py
config_root_heat.py
customer_attachment_heat.py
database_node_heat.py
discovery_service_assignment_heat.py
domain_heat.py
dsa_rule_heat.py
floating_ip_heat.py
floating_ip_pool_heat.py
global_system_config_heat.py
global_vrouter_config_heat.py
instance_ip_heat.py
interface_route_table_heat.py
loadbalancer_healthmonitor_heat.py
loadbalancer_heat.py
loadbalancer_listener_heat.py
loadbalancer_member_heat.py
loadbalancer_pool_heat.py
logical_interface_heat.py
logical_router_heat.py
namespace_heat.py
network_ipam_heat.py
network_policy_heat.py
physical_interface_heat.py
physical_router_heat.py
port_tuple_heat.py
project_heat.py
provider_attachment_heat.py
qos_forwarding_class_heat.py
qos_queue_heat.py
route_aggregate_heat.py
route_table_heat.py
route_target_heat.py
routing_instance_heat.py
routing_policy_heat.py
security_group_heat.py
service_appliance_heat.py
service_appliance_set_heat.py
service_health_check_heat.py
service_instance_heat.py
service_template_heat.py
subnet_heat.py
virtual_DNS_heat.py
virtual_DNS_record_heat.py
virtual_ip_heat.py
virtual_machine_heat.py
virtual_machine_interface_heat.py
virtual_network_heat.py
virtual_router_heat.py
Contrail Heat templates migration from R2.x to R3.0
---------------------------------------------------
The contrail-heat resources in R2.X were hand coded and did not follow any process to name
the parameters in the resources defintion. The new R3.0 contrail-heat resources are
auto-generated from the schema and resource defintion follows the schema parameter defintion.
As a result, the templates from release R2.X are no longer compatible with the new R3.0 templates.
We will have to redo the templates in R3.0.
While coding any template for R3.0 release, look at the
/usr/lib/python2.7/dist-packages/vnc_api/gen/heat/template
Here you will find sample template defintion of each resource with each possible parameter.
Here is an example of virtual-network resource. We will convert it to the new template format.
Old Template
------------
private_net:
type: OS::Contrail::VirtualNetwork
properties:
name: { get_param: net_name }
shared: { get_param: shared }
external: { get_param: external }
route_targets: { "Fn::Split" : [ ",", Ref: route_targets ] }
forwarding_mode: { get_param: forwarding_mode }
allow_transit: { get_param: allow_transit }
flood_unknown_unicast: {get_param: flood_unknown_unicast }
New Template
------------
private_net:
type: OS::Contrail::VirtualNetwork
properties:
name: { get_param: net_name }
is_shared: { get_param: shared }
router_external: { get_param: external }
route_target_list:
{
route_target_list_route_target: [{ get_param: route_target }],
}
virtual_network_properties:
{
virtual_network_properties_allow_transit: { get_param: allow_transit },
virtual_network_properties_forwarding_mode: { get_param: forwarding_mode },
}
flood_unknown_unicast: {get_param: flood_unknown_unicast }
Another change in R3.0 template is the way one resource is referred by other resource.
We will take an explicit example of a netowkr-policy referred by a virtual-network.
In Release R2.x we had a resource called attach-policy to link network-policy to
the virtual-network. With release R3.0, we now refer the linked resource directly as
a parameter, in this example virtual-network would refer to the network-policy directly.
Old Way of linking network-policy to virtual-network
----------------------------------------------------
resources:
private_net_1:
type: OS::Neutron::Net
properties:
name: { get_param: private_net_1_name }
private_net_2:
type: OS::Neutron::Net
properties:
name: { get_param: private_net_2_name }
private_policy:
type: OS::Contrail::NetworkPolicy
properties:
name: { get_param: policy_name }
entries:
policy_rule: [
{
"direction": { get_param: direction },
"protocol": "any",
"src_ports": [{"start_port": {get_param: start_src_ports}, "end_port": {get_param: end_src_ports}}],
"dst_ports": [{"start_port": {get_param: start_dst_ports}, "end_port": {get_param: end_dst_ports}}],
"dst_addresses": [{ "virtual_network": {get_resource: private_net_1}}],
"action_list": {"simple_action": {get_param: action}},
"src_addresses": [{ "virtual_network": {get_resource: private_net_2}}]
},
]
private_policy_attach_net:
type: OS::Contrail::AttachPolicy
properties:
network: { get_resource: private_net_1 }
policy: { get_attr: [private_policy, fq_name] }
private_policy_attach_net2:
type: OS::Contrail::AttachPolicy
properties:
network: { get_resource: private_net_2 }
policy: { get_attr: [private_policy, fq_name] }
New Way of linking network-policy to virtual-network
----------------------------------------------------
template_VirtualNetwork_2:
type: OS::Contrail::VirtualNetwork
depends_on: [ template_NetworkPolicy ]
properties:
name: { get_param: left_vn }
network_policy_refs: [{ list_join: [':', { get_attr: [ template_NetworkPolicy, fq_name ] } ] }]
network_policy_refs_data:
[{
network_policy_refs_data_sequence:
{
network_policy_refs_data_sequence_major: 0,
network_policy_refs_data_sequence_minor: 0,
},
}]
template_NetworkPolicy:
type: OS::Contrail::NetworkPolicy
properties:
name: { get_param: policy_name }
network_policy_entries:
{
network_policy_entries_policy_rule: [{
network_policy_entries_policy_rule_direction: { get_param: direction },
network_policy_entries_policy_rule_protocol: { get_param: protocol },
network_policy_entries_policy_rule_src_ports: [{
network_policy_entries_policy_rule_src_ports_start_port: { get_param: src_port_start },
network_policy_entries_policy_rule_src_ports_end_port: { get_param: src_port_end }
}],
network_policy_entries_policy_rule_dst_ports: [{
network_policy_entries_policy_rule_dst_ports_start_port: { get_param: dst_port_start },
network_policy_entries_policy_rule_dst_ports_end_port: { get_param: dst_port_end }
}],
network_policy_entries_policy_rule_dst_addresses: [{
network_policy_entries_policy_rule_dst_addresses_virtual_network: { get_param: right_vn_fqdn }
}],
network_policy_entries_policy_rule_src_addresses: [{
network_policy_entries_policy_rule_src_addresses_virtual_network: { get_param: left_vn_fqdn }
}],
network_policy_entries_policy_rule_action_list: {
network_policy_entries_policy_rule_action_list_simple_action: { get_param: simple_action },
network_policy_entries_policy_rule_action_list_apply_service: [[{ get_param: service_instance_fq_name }]]
},
}]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.