summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarco Platania <platania@research.att.com>2018-08-02 14:52:45 -0400
committerMarco Platania <platania@research.att.com>2018-08-02 14:55:52 -0400
commit3ddd88cf4cb92f5b8e0eebca9afe806f96a09fba (patch)
treeb5abafefc59f9bbc77333d548c02bab6ea880b56
parentd4c5f6b933e2ba449cb1ddf39355f03affec9b53 (diff)
Add security group to vFW, vLB
- Extend the ONAP sec group to support the vLB/vDNS use case - Add sec group to vFW, vFWCL, vLB, vLBMS Change-Id: Ica89840cf40249990d6df2dfff9a7712c094ab3a Issue-ID: INT-526 Signed-off-by: Marco Platania <platania@research.att.com>
-rw-r--r--heat/ONAP/onap_openstack.yaml5
-rw-r--r--heat/vFW/base_vfw.env1
-rw-r--r--heat/vFW/base_vfw.yaml17
-rw-r--r--heat/vFWCL/vFWSNK/base_vfw.env1
-rw-r--r--heat/vFWCL/vFWSNK/base_vfw.yaml13
-rw-r--r--heat/vFWCL/vPKG/base_vpkg.env1
-rw-r--r--heat/vFWCL/vPKG/base_vpkg.yaml7
-rw-r--r--heat/vLB/base_vlb.env1
-rw-r--r--heat/vLB/dnsscaling.env3
-rw-r--r--heat/vLBMS/base_vlb.env1
-rw-r--r--heat/vLBMS/base_vlb.yaml17
-rw-r--r--heat/vLBMS/dnsscaling.env1
-rw-r--r--heat/vLBMS/dnsscaling.yaml7
13 files changed, 73 insertions, 2 deletions
diff --git a/heat/ONAP/onap_openstack.yaml b/heat/ONAP/onap_openstack.yaml
index 3ad3a541..bdd505cc 100644
--- a/heat/ONAP/onap_openstack.yaml
+++ b/heat/ONAP/onap_openstack.yaml
@@ -579,7 +579,10 @@ resources:
- protocol: tcp
port_range_min: 1
port_range_max: 65535
-
+ # Protocols used for vLB/vDNS use case
+ - protocol: 47
+ - protocol: 53
+ - protocol: 132
# ONAP management private network
diff --git a/heat/vFW/base_vfw.env b/heat/vFW/base_vfw.env
index a547ee4c..f41a7122 100644
--- a/heat/vFW/base_vfw.env
+++ b/heat/vFW/base_vfw.env
@@ -29,3 +29,4 @@ parameters:
key_name: vfw_key
pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN
cloud_env: PUT openstack OR rackspace HERE
+ sec_group: PUT THE ONAP SECURITY GROUP HERE
diff --git a/heat/vFW/base_vfw.yaml b/heat/vFW/base_vfw.yaml
index 6f2f8909..e8a05555 100644
--- a/heat/vFW/base_vfw.yaml
+++ b/heat/vFW/base_vfw.yaml
@@ -157,6 +157,9 @@ parameters:
type: string
label: Cloud environment
description: Cloud environment (e.g., openstack, rackspace)
+ sec_group:
+ type: string
+ description: ONAP Security Group
#############
# #
@@ -210,6 +213,8 @@ resources:
properties:
network: { get_resource: unprotected_private_network }
fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vfw_private_ip_0 }}]
+ security_groups:
+ - { get_param: sec_group }
vfw_private_1_port:
type: OS::Neutron::Port
@@ -217,12 +222,16 @@ resources:
allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}]
network: { get_resource: protected_private_network }
fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vfw_private_ip_1 }}]
+ security_groups:
+ - { get_param: sec_group }
vfw_private_2_port:
type: OS::Neutron::Port
properties:
network: { get_param: onap_private_net_id }
fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vfw_private_ip_2 }}]
+ security_groups:
+ - { get_param: sec_group }
vfw_0:
type: OS::Nova::Server
@@ -289,12 +298,16 @@ resources:
properties:
network: { get_resource: unprotected_private_network }
fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vpg_private_ip_0 }}]
+ security_groups:
+ - { get_param: sec_group }
vpg_private_1_port:
type: OS::Neutron::Port
properties:
network: { get_param: onap_private_net_id }
fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}]
+ security_groups:
+ - { get_param: sec_group }
vpg_0:
type: OS::Nova::Server
@@ -358,12 +371,16 @@ resources:
properties:
network: { get_resource: protected_private_network }
fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vsn_private_ip_0 }}]
+ security_groups:
+ - { get_param: sec_group }
vsn_private_1_port:
type: OS::Neutron::Port
properties:
network: { get_param: onap_private_net_id }
fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_1 }}]
+ security_groups:
+ - { get_param: sec_group }
vsn_0:
type: OS::Nova::Server
diff --git a/heat/vFWCL/vFWSNK/base_vfw.env b/heat/vFWCL/vFWSNK/base_vfw.env
index f026264a..83d90f28 100644
--- a/heat/vFWCL/vFWSNK/base_vfw.env
+++ b/heat/vFWCL/vFWSNK/base_vfw.env
@@ -29,3 +29,4 @@ parameters:
key_name: vfw_key
pub_key: PUT YOUR KEY HERE
cloud_env: PUT openstack OR rackspace HERE
+ sec_group: PUT THE ONAP SECURITY GROUP HERE
diff --git a/heat/vFWCL/vFWSNK/base_vfw.yaml b/heat/vFWCL/vFWSNK/base_vfw.yaml
index e75cef21..73b2c2a5 100644
--- a/heat/vFWCL/vFWSNK/base_vfw.yaml
+++ b/heat/vFWCL/vFWSNK/base_vfw.yaml
@@ -157,6 +157,9 @@ parameters:
type: string
label: Cloud environment
description: Cloud environment (e.g., openstack, rackspace)
+ sec_group:
+ type: string
+ description: ONAP Security Group
#############
# #
@@ -212,6 +215,8 @@ resources:
properties:
network: { get_resource: unprotected_private_network }
fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vfw_private_ip_0 }}]
+ security_groups:
+ - { get_param: sec_group }
vfw_private_1_port:
type: OS::Neutron::Port
@@ -219,12 +224,16 @@ resources:
allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}]
network: { get_resource: protected_private_network }
fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vfw_private_ip_1 }}]
+ security_groups:
+ - { get_param: sec_group }
vfw_private_2_port:
type: OS::Neutron::Port
properties:
network: { get_param: onap_private_net_id }
fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vfw_private_ip_2 }}]
+ security_groups:
+ - { get_param: sec_group }
vfw_0:
type: OS::Nova::Server
@@ -291,12 +300,16 @@ resources:
properties:
network: { get_resource: protected_private_network }
fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vsn_private_ip_0 }}]
+ security_groups:
+ - { get_param: sec_group }
vsn_private_1_port:
type: OS::Neutron::Port
properties:
network: { get_param: onap_private_net_id }
fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_1 }}]
+ security_groups:
+ - { get_param: sec_group }
vsn_0:
type: OS::Nova::Server
diff --git a/heat/vFWCL/vPKG/base_vpkg.env b/heat/vFWCL/vPKG/base_vpkg.env
index 04e8a681..080d02f9 100644
--- a/heat/vFWCL/vPKG/base_vpkg.env
+++ b/heat/vFWCL/vPKG/base_vpkg.env
@@ -22,3 +22,4 @@ parameters:
key_name: vfw_key
pub_key: PUT YOUR PUBLIC KEY HERE
cloud_env: PUT openstack OR rackspace HERE
+ sec_group: PUT THE ONAP SECURITY GROUP HERE \ No newline at end of file
diff --git a/heat/vFWCL/vPKG/base_vpkg.yaml b/heat/vFWCL/vPKG/base_vpkg.yaml
index b1f01939..62d405a7 100644
--- a/heat/vFWCL/vPKG/base_vpkg.yaml
+++ b/heat/vFWCL/vPKG/base_vpkg.yaml
@@ -129,6 +129,9 @@ parameters:
type: string
label: Cloud environment
description: Cloud environment (e.g., openstack, rackspace)
+ sec_group:
+ type: string
+ description: ONAP Security Group
#############
# #
@@ -161,12 +164,16 @@ resources:
properties:
network: { get_param: unprotected_private_net_id }
fixed_ips: [{"subnet": { get_param: unprotected_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_0 }}]
+ security_groups:
+ - { get_param: sec_group }
vpg_private_1_port:
type: OS::Neutron::Port
properties:
network: { get_param: onap_private_net_id }
fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}]
+ security_groups:
+ - { get_param: sec_group }
vpg_0:
type: OS::Nova::Server
diff --git a/heat/vLB/base_vlb.env b/heat/vLB/base_vlb.env
index 70c177eb..fecfc520 100644
--- a/heat/vLB/base_vlb.env
+++ b/heat/vLB/base_vlb.env
@@ -32,3 +32,4 @@ parameters:
key_name: vlb_key
pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN
cloud_env: PUT openstack OR backspace HERE
+ sec_group: PUT THE ONAP SECURITY GROUP HERE
diff --git a/heat/vLB/dnsscaling.env b/heat/vLB/dnsscaling.env
index 911a130d..b041e47a 100644
--- a/heat/vLB/dnsscaling.env
+++ b/heat/vLB/dnsscaling.env
@@ -19,4 +19,5 @@ parameters:
install_script_version: 1.3.0-SNAPSHOT
key_name: vlb_key_scaling
pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN
- cloud_env: PUT openstack OR backspace HERE \ No newline at end of file
+ cloud_env: PUT openstack OR backspace HERE
+ sec_group: PUT THE ONAP SECURITY GROUP HERE \ No newline at end of file
diff --git a/heat/vLBMS/base_vlb.env b/heat/vLBMS/base_vlb.env
index 32b88474..d41fa184 100644
--- a/heat/vLBMS/base_vlb.env
+++ b/heat/vLBMS/base_vlb.env
@@ -33,3 +33,4 @@ parameters:
key_name: vlb_key
pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN
cloud_env: PUT openstack OR backspace HERE
+ sec_group: PUT THE ONAP SECURITY GROUP HERE
diff --git a/heat/vLBMS/base_vlb.yaml b/heat/vLBMS/base_vlb.yaml
index 749bc0bb..ca3db36c 100644
--- a/heat/vLBMS/base_vlb.yaml
+++ b/heat/vLBMS/base_vlb.yaml
@@ -173,6 +173,9 @@ parameters:
type: string
description: Root URL for the Nexus repository for Maven artifacts.
default: "https://nexus.onap.org"
+ sec_group:
+ type: string
+ description: ONAP Security Group
#############
# #
@@ -228,18 +231,24 @@ resources:
properties:
network: { get_resource: vlb_private_network }
fixed_ips: [{"subnet": { get_resource: vlb_private_subnet }, "ip_address": { get_param: vlb_private_ip_0 }}]
+ security_groups:
+ - { get_param: sec_group }
vlb_private_1_port:
type: OS::Neutron::Port
properties:
network: { get_param: onap_private_net_id }
fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vlb_private_ip_1 }}]
+ security_groups:
+ - { get_param: sec_group }
vlb_private_2_port:
type: OS::Neutron::Port
properties:
network: { get_resource: pktgen_private_network }
fixed_ips: [{"subnet": { get_resource: pktgen_private_subnet }, "ip_address": { get_param: vlb_private_ip_2 }}]
+ security_groups:
+ - { get_param: sec_group }
vlb_0:
type: OS::Nova::Server
@@ -321,12 +330,16 @@ resources:
properties:
network: { get_resource: vlb_private_network }
fixed_ips: [{"subnet": { get_resource: vlb_private_subnet }, "ip_address": { get_param: vdns_private_ip_0 }}]
+ security_groups:
+ - { get_param: sec_group }
vdns_private_1_port:
type: OS::Neutron::Port
properties:
network: { get_param: onap_private_net_id }
fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vdns_private_ip_1 }}]
+ security_groups:
+ - { get_param: sec_group }
vdns_0:
type: OS::Nova::Server
@@ -389,12 +402,16 @@ resources:
properties:
network: { get_resource: pktgen_private_network }
fixed_ips: [{"subnet": { get_resource: pktgen_private_subnet }, "ip_address": { get_param: vpg_private_ip_0 }}]
+ security_groups:
+ - { get_param: sec_group }
vpg_private_1_port:
type: OS::Neutron::Port
properties:
network: { get_param: onap_private_net_id }
fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}]
+ security_groups:
+ - { get_param: sec_group }
vpg_0:
type: OS::Nova::Server
diff --git a/heat/vLBMS/dnsscaling.env b/heat/vLBMS/dnsscaling.env
index 6706b7ec..54661ae0 100644
--- a/heat/vLBMS/dnsscaling.env
+++ b/heat/vLBMS/dnsscaling.env
@@ -22,3 +22,4 @@ parameters:
key_name: vlb_key_scaling
pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN
cloud_env: PUT openstack OR backspace HERE
+ sec_group: PUT THE ONAP SECURITY GROUP HERE
diff --git a/heat/vLBMS/dnsscaling.yaml b/heat/vLBMS/dnsscaling.yaml
index 29c1010a..f0a9a2d5 100644
--- a/heat/vLBMS/dnsscaling.yaml
+++ b/heat/vLBMS/dnsscaling.yaml
@@ -125,6 +125,9 @@ parameters:
type: string
description: Root URL for the Nexus repository for Maven artifacts.
default: "https://nexus.onap.org"
+ sec_group:
+ type: string
+ description: ONAP Security Group
#############
# #
@@ -156,12 +159,16 @@ resources:
properties:
network: { get_param: vlb_private_net_id }
fixed_ips: [{"subnet": { get_param: vlb_private_net_id }, "ip_address": { get_param: vdns_private_ip_0 }}]
+ security_groups:
+ - { get_param: sec_group }
vdns_2_private_1_port:
type: OS::Neutron::Port
properties:
network: { get_param: onap_private_net_id }
fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vdns_private_ip_1 }}]
+ security_groups:
+ - { get_param: sec_group }
vdns_2:
type: OS::Nova::Server