diff options
author | Marco Platania <platania@research.att.com> | 2018-08-02 14:52:45 -0400 |
---|---|---|
committer | Marco Platania <platania@research.att.com> | 2018-08-02 14:55:52 -0400 |
commit | 3ddd88cf4cb92f5b8e0eebca9afe806f96a09fba (patch) | |
tree | b5abafefc59f9bbc77333d548c02bab6ea880b56 | |
parent | d4c5f6b933e2ba449cb1ddf39355f03affec9b53 (diff) |
Add security group to vFW, vLB
- Extend the ONAP sec group to support the vLB/vDNS use case
- Add sec group to vFW, vFWCL, vLB, vLBMS
Change-Id: Ica89840cf40249990d6df2dfff9a7712c094ab3a
Issue-ID: INT-526
Signed-off-by: Marco Platania <platania@research.att.com>
-rw-r--r-- | heat/ONAP/onap_openstack.yaml | 5 | ||||
-rw-r--r-- | heat/vFW/base_vfw.env | 1 | ||||
-rw-r--r-- | heat/vFW/base_vfw.yaml | 17 | ||||
-rw-r--r-- | heat/vFWCL/vFWSNK/base_vfw.env | 1 | ||||
-rw-r--r-- | heat/vFWCL/vFWSNK/base_vfw.yaml | 13 | ||||
-rw-r--r-- | heat/vFWCL/vPKG/base_vpkg.env | 1 | ||||
-rw-r--r-- | heat/vFWCL/vPKG/base_vpkg.yaml | 7 | ||||
-rw-r--r-- | heat/vLB/base_vlb.env | 1 | ||||
-rw-r--r-- | heat/vLB/dnsscaling.env | 3 | ||||
-rw-r--r-- | heat/vLBMS/base_vlb.env | 1 | ||||
-rw-r--r-- | heat/vLBMS/base_vlb.yaml | 17 | ||||
-rw-r--r-- | heat/vLBMS/dnsscaling.env | 1 | ||||
-rw-r--r-- | heat/vLBMS/dnsscaling.yaml | 7 |
13 files changed, 73 insertions, 2 deletions
diff --git a/heat/ONAP/onap_openstack.yaml b/heat/ONAP/onap_openstack.yaml index 3ad3a541..bdd505cc 100644 --- a/heat/ONAP/onap_openstack.yaml +++ b/heat/ONAP/onap_openstack.yaml @@ -579,7 +579,10 @@ resources: - protocol: tcp port_range_min: 1 port_range_max: 65535 - + # Protocols used for vLB/vDNS use case + - protocol: 47 + - protocol: 53 + - protocol: 132 # ONAP management private network diff --git a/heat/vFW/base_vfw.env b/heat/vFW/base_vfw.env index a547ee4c..f41a7122 100644 --- a/heat/vFW/base_vfw.env +++ b/heat/vFW/base_vfw.env @@ -29,3 +29,4 @@ parameters: key_name: vfw_key pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE diff --git a/heat/vFW/base_vfw.yaml b/heat/vFW/base_vfw.yaml index 6f2f8909..e8a05555 100644 --- a/heat/vFW/base_vfw.yaml +++ b/heat/vFW/base_vfw.yaml @@ -157,6 +157,9 @@ parameters: type: string label: Cloud environment description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group ############# # # @@ -210,6 +213,8 @@ resources: properties: network: { get_resource: unprotected_private_network } fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vfw_private_ip_0 }}] + security_groups: + - { get_param: sec_group } vfw_private_1_port: type: OS::Neutron::Port @@ -217,12 +222,16 @@ resources: allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}] network: { get_resource: protected_private_network } fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vfw_private_ip_1 }}] + security_groups: + - { get_param: sec_group } vfw_private_2_port: type: OS::Neutron::Port properties: network: { get_param: onap_private_net_id } fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vfw_private_ip_2 }}] + security_groups: + - { get_param: sec_group } vfw_0: type: OS::Nova::Server @@ -289,12 +298,16 @@ resources: properties: network: { get_resource: unprotected_private_network } fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vpg_private_ip_0 }}] + security_groups: + - { get_param: sec_group } vpg_private_1_port: type: OS::Neutron::Port properties: network: { get_param: onap_private_net_id } fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}] + security_groups: + - { get_param: sec_group } vpg_0: type: OS::Nova::Server @@ -358,12 +371,16 @@ resources: properties: network: { get_resource: protected_private_network } fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vsn_private_ip_0 }}] + security_groups: + - { get_param: sec_group } vsn_private_1_port: type: OS::Neutron::Port properties: network: { get_param: onap_private_net_id } fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_1 }}] + security_groups: + - { get_param: sec_group } vsn_0: type: OS::Nova::Server diff --git a/heat/vFWCL/vFWSNK/base_vfw.env b/heat/vFWCL/vFWSNK/base_vfw.env index f026264a..83d90f28 100644 --- a/heat/vFWCL/vFWSNK/base_vfw.env +++ b/heat/vFWCL/vFWSNK/base_vfw.env @@ -29,3 +29,4 @@ parameters: key_name: vfw_key pub_key: PUT YOUR KEY HERE cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE diff --git a/heat/vFWCL/vFWSNK/base_vfw.yaml b/heat/vFWCL/vFWSNK/base_vfw.yaml index e75cef21..73b2c2a5 100644 --- a/heat/vFWCL/vFWSNK/base_vfw.yaml +++ b/heat/vFWCL/vFWSNK/base_vfw.yaml @@ -157,6 +157,9 @@ parameters: type: string label: Cloud environment description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group ############# # # @@ -212,6 +215,8 @@ resources: properties: network: { get_resource: unprotected_private_network } fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vfw_private_ip_0 }}] + security_groups: + - { get_param: sec_group } vfw_private_1_port: type: OS::Neutron::Port @@ -219,12 +224,16 @@ resources: allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}] network: { get_resource: protected_private_network } fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vfw_private_ip_1 }}] + security_groups: + - { get_param: sec_group } vfw_private_2_port: type: OS::Neutron::Port properties: network: { get_param: onap_private_net_id } fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vfw_private_ip_2 }}] + security_groups: + - { get_param: sec_group } vfw_0: type: OS::Nova::Server @@ -291,12 +300,16 @@ resources: properties: network: { get_resource: protected_private_network } fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vsn_private_ip_0 }}] + security_groups: + - { get_param: sec_group } vsn_private_1_port: type: OS::Neutron::Port properties: network: { get_param: onap_private_net_id } fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_1 }}] + security_groups: + - { get_param: sec_group } vsn_0: type: OS::Nova::Server diff --git a/heat/vFWCL/vPKG/base_vpkg.env b/heat/vFWCL/vPKG/base_vpkg.env index 04e8a681..080d02f9 100644 --- a/heat/vFWCL/vPKG/base_vpkg.env +++ b/heat/vFWCL/vPKG/base_vpkg.env @@ -22,3 +22,4 @@ parameters: key_name: vfw_key pub_key: PUT YOUR PUBLIC KEY HERE cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE
\ No newline at end of file diff --git a/heat/vFWCL/vPKG/base_vpkg.yaml b/heat/vFWCL/vPKG/base_vpkg.yaml index b1f01939..62d405a7 100644 --- a/heat/vFWCL/vPKG/base_vpkg.yaml +++ b/heat/vFWCL/vPKG/base_vpkg.yaml @@ -129,6 +129,9 @@ parameters: type: string label: Cloud environment description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group ############# # # @@ -161,12 +164,16 @@ resources: properties: network: { get_param: unprotected_private_net_id } fixed_ips: [{"subnet": { get_param: unprotected_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_0 }}] + security_groups: + - { get_param: sec_group } vpg_private_1_port: type: OS::Neutron::Port properties: network: { get_param: onap_private_net_id } fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}] + security_groups: + - { get_param: sec_group } vpg_0: type: OS::Nova::Server diff --git a/heat/vLB/base_vlb.env b/heat/vLB/base_vlb.env index 70c177eb..fecfc520 100644 --- a/heat/vLB/base_vlb.env +++ b/heat/vLB/base_vlb.env @@ -32,3 +32,4 @@ parameters: key_name: vlb_key pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN cloud_env: PUT openstack OR backspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE diff --git a/heat/vLB/dnsscaling.env b/heat/vLB/dnsscaling.env index 911a130d..b041e47a 100644 --- a/heat/vLB/dnsscaling.env +++ b/heat/vLB/dnsscaling.env @@ -19,4 +19,5 @@ parameters: install_script_version: 1.3.0-SNAPSHOT key_name: vlb_key_scaling pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN - cloud_env: PUT openstack OR backspace HERE
\ No newline at end of file + cloud_env: PUT openstack OR backspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE
\ No newline at end of file diff --git a/heat/vLBMS/base_vlb.env b/heat/vLBMS/base_vlb.env index 32b88474..d41fa184 100644 --- a/heat/vLBMS/base_vlb.env +++ b/heat/vLBMS/base_vlb.env @@ -33,3 +33,4 @@ parameters: key_name: vlb_key pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN cloud_env: PUT openstack OR backspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE diff --git a/heat/vLBMS/base_vlb.yaml b/heat/vLBMS/base_vlb.yaml index 749bc0bb..ca3db36c 100644 --- a/heat/vLBMS/base_vlb.yaml +++ b/heat/vLBMS/base_vlb.yaml @@ -173,6 +173,9 @@ parameters: type: string description: Root URL for the Nexus repository for Maven artifacts. default: "https://nexus.onap.org" + sec_group: + type: string + description: ONAP Security Group ############# # # @@ -228,18 +231,24 @@ resources: properties: network: { get_resource: vlb_private_network } fixed_ips: [{"subnet": { get_resource: vlb_private_subnet }, "ip_address": { get_param: vlb_private_ip_0 }}] + security_groups: + - { get_param: sec_group } vlb_private_1_port: type: OS::Neutron::Port properties: network: { get_param: onap_private_net_id } fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vlb_private_ip_1 }}] + security_groups: + - { get_param: sec_group } vlb_private_2_port: type: OS::Neutron::Port properties: network: { get_resource: pktgen_private_network } fixed_ips: [{"subnet": { get_resource: pktgen_private_subnet }, "ip_address": { get_param: vlb_private_ip_2 }}] + security_groups: + - { get_param: sec_group } vlb_0: type: OS::Nova::Server @@ -321,12 +330,16 @@ resources: properties: network: { get_resource: vlb_private_network } fixed_ips: [{"subnet": { get_resource: vlb_private_subnet }, "ip_address": { get_param: vdns_private_ip_0 }}] + security_groups: + - { get_param: sec_group } vdns_private_1_port: type: OS::Neutron::Port properties: network: { get_param: onap_private_net_id } fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vdns_private_ip_1 }}] + security_groups: + - { get_param: sec_group } vdns_0: type: OS::Nova::Server @@ -389,12 +402,16 @@ resources: properties: network: { get_resource: pktgen_private_network } fixed_ips: [{"subnet": { get_resource: pktgen_private_subnet }, "ip_address": { get_param: vpg_private_ip_0 }}] + security_groups: + - { get_param: sec_group } vpg_private_1_port: type: OS::Neutron::Port properties: network: { get_param: onap_private_net_id } fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}] + security_groups: + - { get_param: sec_group } vpg_0: type: OS::Nova::Server diff --git a/heat/vLBMS/dnsscaling.env b/heat/vLBMS/dnsscaling.env index 6706b7ec..54661ae0 100644 --- a/heat/vLBMS/dnsscaling.env +++ b/heat/vLBMS/dnsscaling.env @@ -22,3 +22,4 @@ parameters: key_name: vlb_key_scaling pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN cloud_env: PUT openstack OR backspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE diff --git a/heat/vLBMS/dnsscaling.yaml b/heat/vLBMS/dnsscaling.yaml index 29c1010a..f0a9a2d5 100644 --- a/heat/vLBMS/dnsscaling.yaml +++ b/heat/vLBMS/dnsscaling.yaml @@ -125,6 +125,9 @@ parameters: type: string description: Root URL for the Nexus repository for Maven artifacts. default: "https://nexus.onap.org" + sec_group: + type: string + description: ONAP Security Group ############# # # @@ -156,12 +159,16 @@ resources: properties: network: { get_param: vlb_private_net_id } fixed_ips: [{"subnet": { get_param: vlb_private_net_id }, "ip_address": { get_param: vdns_private_ip_0 }}] + security_groups: + - { get_param: sec_group } vdns_2_private_1_port: type: OS::Neutron::Port properties: network: { get_param: onap_private_net_id } fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vdns_private_ip_1 }}] + security_groups: + - { get_param: sec_group } vdns_2: type: OS::Nova::Server |