1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
|
# Template for instantiating
# - 1 x HA SSC pair - A instance
#
# During initial instantiation, the Perimeta A instance is configured with
# minimal configuration, commissioned as an SSC and started. In addition, it
# will attempt partnering with the B instance when it becomes availble.
#
# During healing, the Perimeta A instance is only configured with sufficient
# configuration to allow partnering from the B instance (which will complete
# the configuration).
#
# This template assumes that a base template stack has previously been
# created so that deployment wide resources such as server-groups have been
# defined.
#
heat_template_version: 2014-10-16
description: >
HOT template to instantiate an A side Perimeta SSC and optionally partner it with the corresponding B side
parameters:
# General VNF parameters
vnf_name:
type: string
description: Unique name for this VNF instance
vnf_id:
type: string
description: ID of VNF
vf_module_id:
type: string
description: Unique ID for this VF Module instance
# Availability zones
availability_zone_0:
type: string
description: Availability zone for A instances.
shared_perimeta_keypair:
type: string
description: Keypair to use for accessing this Perimeta instance
shared_perimeta_sec_groups:
type: comma_delimited_list
description: List of security groups to add on all interfaces.
shared_perimeta_ssc_server_group:
type: string
description: Server group to use for these VMs
# Internal network parameters
shared_int_ha_net_id:
type: string
description: HA network id
constraints:
- custom_constraint: neutron.network
# Constraint below is copied from base module
shared_int_ha_net_prefix_len_v4:
type: number
description: Prefix length of subnet associated with internal HA network
constraints:
- range: { min: 0, max: 31 }
description: shared_int_ha_net_prefix_len_v4 must be between 0 and 31
# Unused network parameters
#
# This is used for connecting the unused 4th SSC service interface.
shared_ssc_unused_net_id:
type: string
description: Unused network ID
# Management network parameters
mgmt_net_id:
type: string
description: Management network ID
constraints:
- custom_constraint: neutron.network
mgmt_net_plen:
type: number
description: Management network prefix length
constraints:
- range: { min: 0, max: 32 }
description: mgmt_net_plen must be between 0 and 32
mgmt_net_default_gateway:
type: string
description: Default gateway for management network
# Trusted/core network parameters
trusted_net_id:
type: string
description: Network ID of Trusted/core network.
constraints:
- custom_constraint: neutron.network
# untrusted parent network parameters
shared_int_untrusted_parent_net_id:
type: string
description: untrusted parent network id
# SSC IP addresses on Untrusted/access parent network
ssc_untrusted_parent_vip_0:
type: string
description: Virtual IPv4 address on Untrusted/access parent network for SSC.
ssc_a_untrusted_parent_ip_0:
type: string
description: Fixed IPv4 address on Untrusted/access parent network for SSC A.
perimeta_untrusted_num_vlans:
type: number
description: number of VLANs to connect to the untrusted/access interface
constraints:
- range: { min: 1, max: 1001 }
description: perimeta_untrusted_num_vlans (number of VLANs to connect to the untrusted/access interface) must be between 1 and 1001
perimeta_untrusted_vlan_ids:
type: comma_delimited_list
description: List of VLAN IDs to use on the untrusted/access network
perimeta_untrusted_vlan_networks:
type: comma_delimited_list
description: List of Contrail VLAN networks to use on the untrusted/access network. The order and number of these must match the VLAN ID list.
# SSC parameters
ssc_flavor_name:
type: string
description: Flavor to use for creating SSC VM instance
constraints:
- custom_constraint: nova.flavor
ssc_image_name:
type: string
description: Glance image to use for launching SSC Perimeta instances.
constraints:
- custom_constraint: glance.image
# Hostames of the VIP and servers
ssc_vnfcname_0:
type: string
description: Name of vnfc of SSC. This is the name associated with the perimeta pair and corresponds to the VIP
constraints:
- allowed_pattern: '[a-zA-Z0-9][a-zA-Z0-9-]{0,31}$'
description: vnfc name must be 32 characters or less and a valid hostname. Only alphanumeric characters plus hyphen are allowed.
ssc_a_vnfcname_0:
type: string
description: vnfc name of VM A of SSC
constraints:
- allowed_pattern: '[a-zA-Z0-9][a-zA-Z0-9-]{0,31}$'
description: vnfc name must be 32 characters or less and a valid hostname. Only alphanumeric characters plus hyphen are allowed.
ssc_b_vnfcname_0:
type: string
description: vnfc name of VM B of SSC
constraints:
- allowed_pattern: '[a-zA-Z0-9][a-zA-Z0-9-]{0,31}$'
description: vnfc name must be 32 characters or less and a valid hostname. Only alphanumeric characters plus hyphen are allowed.
# SSC names of the physical A instance
ssc_a_name_0:
type: string
description: Name of VM A of SSC
constraints:
- allowed_pattern: '[a-zA-Z0-9][a-zA-Z0-9-]{0,29}$'
description: VM name must be 30 characters or less. Only alphanumeric characters plus hyphen are allowed.
# SSC IP addresses on management network
ssc_mgmt_vip_0:
type: string
description: Management virtual IP address to use for SSC.
ssc_a_mgmt_ip_0:
type: string
description: Management fixed IP address to use for SSC A.
ssc_b_mgmt_ip_0:
type: string
description: Management fixed IP address to use for SSC B.
# SSC IP addresses on internal HA network
ssc_a_int_ha_ip_0:
type: string
description: HA fixed IP address to use for SSC A.
ssc_b_int_ha_ip_0:
type: string
description: HA fixed IP address to use for SSC B.
# SSC IP addresses on Trusted/core network
ssc_trusted_vip_0:
type: string
description: Virtual IPv4 address on Trusted/core network for SSC.
ssc_a_trusted_ip_0:
type: string
description: Fixed IPv4 address on Trusted/core network for SSC A.
# SSC IP addresses on Untrusted/access network
ssc_untrusted_vip_0:
type: string
description: Virtual IPv4 address on Untrusted/access network for SSC.
ssc_untrusted_v6_vip_0:
type: string
description: Virtual IPv6 address on Untrusted/access network for SSC.
ssc_a_untrusted_ip_0:
type: string
description: Fixed IPv4 address on Untrusted/access network for SSC A.
ssc_a_untrusted_v6_ip_0:
type: string
description: Fixed IPv6 address on Untrusted/access network for SSC A.
#
# RF virtual IPv4 address on management/Rf network for SSC.
#
ssc_rf_vip_0:
type: string
description: RF virtual IP address to use for SSC.
ssc_a_rf_ip_0:
type: string
description: RF fixed IP address to use for SSC A.
ntp_server_ip_addrs:
type: string
description: NTP server IPv4 addresses, separated by commas. These must be accessible from the management network
constraints:
- allowed_pattern: "((?:\\d{1,3}\\.){3}\\d{1,3},)*((?:\\d{1,3}\\.){3}\\d{1,3})"
description: ntp_server_ip_addrs must be a comma separated list of IPv4 addresses (with no spaces)
# Healing or instantiating? Used to build the correct json file
ssc_a_json_prefix:
type: string
description: Json prefix, used to create the correct json file depending on the operation being performed
constraints:
- allowed_values:
- " "
- "// healing, not required "
description: ssc_a_json_prefix must be set to ' ' or '// healing, not required '
# Running V4.1 perimeta or greater. Used to ensure that newer json tags are
# not included if the server will not recognize them
ssc_json_v41:
type: string
description: Json prefix, used to ensure that the json tags will be recognised by the server loading them
constraints:
- allowed_values:
- " "
- "// older perimeta, parameter not required "
description: ssc_json_v41 must be set to ' ' or '// older perimeta, parameter not required '
# Use Radius for user account authentication.
ssc_json_use_radius_authentication:
type: string
description: Json prefix, used to indicate if user account authentication is done externally through Radius
constraints:
- allowed_values:
- " "
- "// not using Radius "
description: ssc_json_use_radius_authentication must be set to ' ' or '// not using Radius '
# Radius Server address configuration
ssc_json_radius_servername:
type: string
description: IP Address or hostname of RADIUS server
# Radius Server port configuration
ssc_json_radius_port:
type: number
description: Port to use to connect to RADIUS server
constraints:
- range: { min: 0, max: 65535 }
description: ssc_json_radius_port must be between 0 and 65535
# Radius Server shared secret
ssc_json_radius_secret:
type: string
description: Shared secret to use for the RADIUS Server
# Radius Server connection timeout
ssc_json_radius_timeout:
type: number
description: Timeout for connect requests to RADIUS server
constraints:
- range: { min: 1, max: 60 }
description: ssc_json_timeout must be between 1 and 60
# Radius Server default user authentication level
ssc_json_radius_default:
type: string
description: Default authentication level for RADIUS users
constraints:
- allowed_values:
- "no-access"
- "read-only"
- "support"
- "restricted-admin"
- "admin"
description: ssc_json_radius_default must be set to one of 'no-access', 'read-only', 'support', 'restricted-admin' or 'admin'
resources:
# Perimeta SSC
perimeta_ssc_a:
type: module_1_perimeta_swmu_a_child.yaml
properties:
vnf_name: { get_param: vnf_name }
vnf_id: { get_param: vnf_id }
vm_role: 'ssc'
vf_module_id: { get_param: vf_module_id }
ssc_a_name_0: { get_param: ssc_a_name_0 }
perimeta_image_name: { get_param: ssc_image_name }
perimeta_flavor_name: { get_param: ssc_flavor_name }
perimeta_keypair: { get_param: shared_perimeta_keypair }
availability_zone_0: { get_param: availability_zone_0 }
mgmt_net_id: { get_param: mgmt_net_id }
ssc_mgmt_vip_0: { get_param: ssc_mgmt_vip_0 }
ssc_a_mgmt_ip_0: { get_param: ssc_a_mgmt_ip_0 }
perimeta_sec_groups: { get_param: shared_perimeta_sec_groups }
int_ha_net_id: { get_param: shared_int_ha_net_id }
int_ha_network_plen: { get_param: shared_int_ha_net_prefix_len_v4 }
ssc_a_int_ha_ip_0: { get_param: ssc_a_int_ha_ip_0 }
ssc_b_int_ha_ip_0: { get_param: ssc_b_int_ha_ip_0 }
trusted_net_id: { get_param: trusted_net_id }
ssc_trusted_vip_0: { get_param: ssc_trusted_vip_0 }
ssc_a_trusted_ip_0: { get_param: ssc_a_trusted_ip_0 }
ssc_untrusted_vip_0: { get_param: ssc_untrusted_vip_0 }
ssc_untrusted_v6_vip_0: { get_param: ssc_untrusted_v6_vip_0 }
ssc_a_untrusted_ip_0: { get_param: ssc_a_untrusted_ip_0 }
ssc_a_untrusted_v6_ip_0: { get_param: ssc_a_untrusted_v6_ip_0 }
int_untrusted_parent_net_id: { get_param: shared_int_untrusted_parent_net_id }
ssc_untrusted_parent_vip_0: { get_param: ssc_untrusted_parent_vip_0 }
ssc_a_untrusted_parent_ip_0: { get_param: ssc_a_untrusted_parent_ip_0 }
perimeta_untrusted_num_vlans: { get_param: perimeta_untrusted_num_vlans }
perimeta_untrusted_vlan_ids: { get_param: perimeta_untrusted_vlan_ids }
perimeta_untrusted_vlan_networks: { get_param: perimeta_untrusted_vlan_networks }
perimeta_server_group: { get_param: shared_perimeta_ssc_server_group }
ssc_rf_vip_0: { get_param: ssc_rf_vip_0 }
ssc_a_rf_ip_0: { get_param: ssc_a_rf_ip_0 }
unused_port_net_id: { get_param: shared_ssc_unused_net_id }
perimeta_config:
str_replace:
template: {get_file: ssc_a_template.json}
params:
$HEALING_OR_INSTANTIATION: { get_param: ssc_a_json_prefix }
$NTP_SERVER_IP_ADDRS: { get_param: ntp_server_ip_addrs }
$41ORABOVE: { get_param: ssc_json_v41 }
$USERADIUSAUTH: { get_param: ssc_json_use_radius_authentication }
$RADIUS_SERVERNAME: { get_param: ssc_json_radius_servername }
$RADIUS_PORT: { get_param: ssc_json_radius_port }
$RADIUS_SECRET: { get_param: ssc_json_radius_secret }
$RADIUS_TIMEOUT: { get_param: ssc_json_radius_timeout }
$RADIUS_DEFAULT: { get_param: ssc_json_radius_default }
$LOCAL_MGMT_IP_ADDR: { get_param: ssc_a_mgmt_ip_0 }
$REMOTE_MGMT_IP_ADDR: { get_param: ssc_b_mgmt_ip_0 }
$MGMT_NETWORK_PLEN: { get_param: mgmt_net_plen }
$MGMT_NETWORK_DEFAULT_GATEWAY: { get_param: mgmt_net_default_gateway }
$VIRT_MGMT_IP_ADDR: { get_param: ssc_mgmt_vip_0 }
$VM_NAME_A: { get_param: ssc_a_vnfcname_0 }
$VM_NAME_B: { get_param: ssc_b_vnfcname_0 }
$SYSTEM_NAME: { get_param: ssc_vnfcname_0 }
$COMPLETION_PARAMS: ''
|