From 3ddd88cf4cb92f5b8e0eebca9afe806f96a09fba Mon Sep 17 00:00:00 2001 From: Marco Platania Date: Thu, 2 Aug 2018 14:52:45 -0400 Subject: Add security group to vFW, vLB - Extend the ONAP sec group to support the vLB/vDNS use case - Add sec group to vFW, vFWCL, vLB, vLBMS Change-Id: Ica89840cf40249990d6df2dfff9a7712c094ab3a Issue-ID: INT-526 Signed-off-by: Marco Platania --- heat/vFWCL/vFWSNK/base_vfw.env | 1 + heat/vFWCL/vFWSNK/base_vfw.yaml | 13 +++++++++++++ heat/vFWCL/vPKG/base_vpkg.env | 1 + heat/vFWCL/vPKG/base_vpkg.yaml | 7 +++++++ 4 files changed, 22 insertions(+) (limited to 'heat/vFWCL') diff --git a/heat/vFWCL/vFWSNK/base_vfw.env b/heat/vFWCL/vFWSNK/base_vfw.env index f026264a..83d90f28 100644 --- a/heat/vFWCL/vFWSNK/base_vfw.env +++ b/heat/vFWCL/vFWSNK/base_vfw.env @@ -29,3 +29,4 @@ parameters: key_name: vfw_key pub_key: PUT YOUR KEY HERE cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE diff --git a/heat/vFWCL/vFWSNK/base_vfw.yaml b/heat/vFWCL/vFWSNK/base_vfw.yaml index e75cef21..73b2c2a5 100644 --- a/heat/vFWCL/vFWSNK/base_vfw.yaml +++ b/heat/vFWCL/vFWSNK/base_vfw.yaml @@ -157,6 +157,9 @@ parameters: type: string label: Cloud environment description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group ############# # # @@ -212,6 +215,8 @@ resources: properties: network: { get_resource: unprotected_private_network } fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vfw_private_ip_0 }}] + security_groups: + - { get_param: sec_group } vfw_private_1_port: type: OS::Neutron::Port @@ -219,12 +224,16 @@ resources: allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}] network: { get_resource: protected_private_network } fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vfw_private_ip_1 }}] + security_groups: + - { get_param: sec_group } vfw_private_2_port: type: OS::Neutron::Port properties: network: { get_param: onap_private_net_id } fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vfw_private_ip_2 }}] + security_groups: + - { get_param: sec_group } vfw_0: type: OS::Nova::Server @@ -291,12 +300,16 @@ resources: properties: network: { get_resource: protected_private_network } fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vsn_private_ip_0 }}] + security_groups: + - { get_param: sec_group } vsn_private_1_port: type: OS::Neutron::Port properties: network: { get_param: onap_private_net_id } fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_1 }}] + security_groups: + - { get_param: sec_group } vsn_0: type: OS::Nova::Server diff --git a/heat/vFWCL/vPKG/base_vpkg.env b/heat/vFWCL/vPKG/base_vpkg.env index 04e8a681..080d02f9 100644 --- a/heat/vFWCL/vPKG/base_vpkg.env +++ b/heat/vFWCL/vPKG/base_vpkg.env @@ -22,3 +22,4 @@ parameters: key_name: vfw_key pub_key: PUT YOUR PUBLIC KEY HERE cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE \ No newline at end of file diff --git a/heat/vFWCL/vPKG/base_vpkg.yaml b/heat/vFWCL/vPKG/base_vpkg.yaml index b1f01939..62d405a7 100644 --- a/heat/vFWCL/vPKG/base_vpkg.yaml +++ b/heat/vFWCL/vPKG/base_vpkg.yaml @@ -129,6 +129,9 @@ parameters: type: string label: Cloud environment description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group ############# # # @@ -161,12 +164,16 @@ resources: properties: network: { get_param: unprotected_private_net_id } fixed_ips: [{"subnet": { get_param: unprotected_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_0 }}] + security_groups: + - { get_param: sec_group } vpg_private_1_port: type: OS::Neutron::Port properties: network: { get_param: onap_private_net_id } fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}] + security_groups: + - { get_param: sec_group } vpg_0: type: OS::Nova::Server -- cgit 1.2.3-korg