[openstack-dev] [Heat] OS::Neutron::Port fails to set security group by name, no way to retrieve group ID from Neutron::SecurityGroup

Discussion:

jason witkowski

2015-08-07 03:10:37 UTC

Permalink

Hey All,

I am having issues on the Kilo branch creating an auto-scaling template
that builds a security group and then adds instances to it. I have tried
every various method I could think of with no success. My issues are as
such:

1) OS::Neutron::Port does not seem to recognize security groups by name
2) OS::Neutron::SecurityGroup has no attributes so it can not return a
security group ID

These issues combined find me struggling to automate the building of a
security group and instances in one heat stack. I have read and looked at
every example online and they all seem to use either the name of the
security group or the get_resource function to return the security group
object itself. Neither of these work for me.

Here are my heat template files:

autoscaling.yaml - http://paste.openstack.org/show/412143/
redirector.yaml - http://paste.openstack.org/show/412144/
env.yaml - http://paste.openstack.org/show/412145/

Heat Client: 0.4.1
Heat-Manage: 2015.1.1

Any help would be greatly appreciated.

Best Regards,

Jason

TIANTIAN

2015-08-07 06:43:34 UTC

Permalink

1) OS::Neutron::Port does not seem to recognize security groups by name

------ https://github.com/openstack/heat/blob/stable/kilo/heat/engine/resources/openstack/neutron/port.py#L303
https://github.com/openstack/heat/blob/stable/kilo/heat/engine/clients/os/neutron.py#L111
we can recognize group name
2) OS::Neutron::SecurityGroup has no attributes so it can not return a security group ID
------ https://github.com/openstack/heat/blob/stable/kilo/heat/engine/resources/openstack/neutron/neutron.py#L133
we can get the resource id (security group id) by function 'get_resource'
So what do you want? And what's the problems?

At 2015-08-07 11:10:37, "jason witkowski" <***@gmail.com> wrote:

Hey All,

I am having issues on the Kilo branch creating an auto-scaling template that builds a security group and then adds instances to it. I have tried every various method I could think of with no success. My issues are as such:

1) OS::Neutron::Port does not seem to recognize security groups by name

2) OS::Neutron::SecurityGroup has no attributes so it can not return a security group ID

These issues combined find me struggling to automate the building of a security group and instances in one heat stack. I have read and looked at every example online and they all seem to use either the name of the security group or the get_resource function to return the security group object itself. Neither of these work for me.

Here are my heat template files:

autoscaling.yaml - http://paste.openstack.org/show/412143/

redirector.yaml - http://paste.openstack.org/show/412144/

env.yaml - http://paste.openstack.org/show/412145/

Heat Client: 0.4.1

Heat-Manage: 2015.1.1

Any help would be greatly appreciated.

Best Regards,

Jason

Kairat Kushaev

2015-08-07 07:42:29 UTC

Permalink

Hello Jason,
Agree with TianTian. It would be good if you provide more details about the
error you have.
Additionally, it would be perfect if you'll use heat IRC channel: #heat or
ask.openstack.org to resolve such kind of questions.

Best regards,
Kairat Kushaev
Software Engineer, Mirantis

Post by jason witkowski
1) OS::Neutron::Port does not seem to recognize security groups by name
------
https://github.com/openstack/heat/blob/stable/kilo/heat/engine/resources/openstack/neutron/port.py#L303
https://github.com/openstack/heat/blob/stable/kilo/heat/engine/clients/os/neutron.py#L111
we can recognize group name
2) OS::Neutron::SecurityGroup has no attributes so it can not return a security group ID
------
https://github.com/openstack/heat/blob/stable/kilo/heat/engine/resources/openstack/neutron/neutron.py#L133
<https://github.com/openstack/heat/blob/stable/kilo/heat/engine/resources/openstack/neutron/neutron.py#L133,>
we can get the resource id (security group id) by function 'get_resource'
So what do you want? And what's the problems?
Hey All,
I am having issues on the Kilo branch creating an auto-scaling template
that builds a security group and then adds instances to it. I have tried
every various method I could think of with no success. My issues are as
1) OS::Neutron::Port does not seem to recognize security groups by name
2) OS::Neutron::SecurityGroup has no attributes so it can not return a security group ID
These issues combined find me struggling to automate the building of a
security group and instances in one heat stack. I have read and looked at
every example online and they all seem to use either the name of the
security group or the get_resource function to return the security group
object itself. Neither of these work for me.
autoscaling.yaml - http://paste.openstack.org/show/412143/
redirector.yaml - http://paste.openstack.org/show/412144/
env.yaml - http://paste.openstack.org/show/412145/
Heat Client: 0.4.1
Heat-Manage: 2015.1.1
Any help would be greatly appreciated.
Best Regards,
Jason
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

jason witkowski

2015-08-07 13:51:32 UTC

Permalink

Thanks for the replies guys. The issue is that it is not working. If you
take a look at the pastes I linked from the first email I am using the
get_resource function in the security group resource. I am not sure if it
is not resolving to an appropriate value or if it is resolving to an
appropriate value but then not assigning it to the port. I am happy to
provide any more details or examples but I'm not sure what else I can do
but provide the configuration examples I am using that are not working?
It's very possible my configurations are wrong but I have scoured the
internet for any/all examples and it looks like what I have should be
working but it is not.

Best Regards,

Jason Witkowski

Post by Kairat Kushaev
Hello Jason,
Agree with TianTian. It would be good if you provide more details about
the error you have.
Additionally, it would be perfect if you'll use heat IRC channel: #heat or
ask.openstack.org to resolve such kind of questions.
Best regards,
Kairat Kushaev
Software Engineer, Mirantis

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Steve Baker

2015-08-09 22:51:00 UTC

Permalink

Post by jason witkowski
Thanks for the replies guys. The issue is that it is not working. If
you take a look at the pastes I linked from the first email I am using
the get_resource function in the security group resource. I am not
sure if it is not resolving to an appropriate value or if it is
resolving to an appropriate value but then not assigning it to the
port. I am happy to provide any more details or examples but I'm not
sure what else I can do but provide the configuration examples I am
using that are not working? It's very possible my configurations are
wrong but I have scoured the internet for any/all examples and it
looks like what I have should be working but it is not.

Can you provide details of what the actual error is, plus the output of
neutron port-show for that port?

jason witkowski

2015-08-09 23:25:37 UTC

Permalink

Steve,

There is no error. Heat reports a successful build with no issues. I've
attached the neutron port-show as well as the full heat engine logs for a
build of the stack start to end.

http://paste.openstack.org/show/412313/ - Heat Engine logs
http://paste.openstack.org/show/412314/ - neutron port-show on newly
created interface

-Jason

Post by Steve Baker

Post by jason witkowski
Thanks for the replies guys. The issue is that it is not working. If
you take a look at the pastes I linked from the first email I am using the
get_resource function in the security group resource. I am not sure if it
is not resolving to an appropriate value or if it is resolving to an
appropriate value but then not assigning it to the port. I am happy to
provide any more details or examples but I'm not sure what else I can do
but provide the configuration examples I am using that are not working?
It's very possible my configurations are wrong but I have scoured the
internet for any/all examples and it looks like what I have should be
working but it is not.
Can you provide details of what the actual error is, plus the output of

neutron port-show for that port?
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

jason witkowski

2015-08-10 14:11:39 UTC

Permalink

Just to confirm as well if I use the CLI to create a neutron port after the
Heat stack has ran and created the security group everything works fine and
the security group is attached to the neutron port as expected. However
heat is not managing to make this happen, even if I run a check or an
update after the first run I am still met with neutron ports with no
security groups. Looking at the code snippets above it looks like default
is only not applied when an empty list is supplied. Wouldn't this mean
that the get_resource function is returning empty?

Post by jason witkowski
Steve,
There is no error. Heat reports a successful build with no issues. I've
attached the neutron port-show as well as the full heat engine logs for a
build of the stack start to end.
http://paste.openstack.org/show/412313/ - Heat Engine logs
http://paste.openstack.org/show/412314/ - neutron port-show on newly
created interface
-Jason

Post by Steve Baker

Post by jason witkowski
Thanks for the replies guys. The issue is that it is not working. If
you take a look at the pastes I linked from the first email I am using the
get_resource function in the security group resource. I am not sure if it
is not resolving to an appropriate value or if it is resolving to an
appropriate value but then not assigning it to the port. I am happy to
provide any more details or examples but I'm not sure what else I can do
but provide the configuration examples I am using that are not working?
It's very possible my configurations are wrong but I have scoured the
internet for any/all examples and it looks like what I have should be
working but it is not.
Can you provide details of what the actual error is, plus the output of

jason witkowski

2015-08-10 15:07:15 UTC

Permalink

Please ignore this thread. The issue was the line ' device_owner:
"network:dhcp" ' from the server_port resource. Once removed the port was
created with the security group attached.

Post by jason witkowski
Just to confirm as well if I use the CLI to create a neutron port after
the Heat stack has ran and created the security group everything works fine
and the security group is attached to the neutron port as expected.
However heat is not managing to make this happen, even if I run a check or
an update after the first run I am still met with neutron ports with no
security groups. Looking at the code snippets above it looks like default
is only not applied when an empty list is supplied. Wouldn't this mean
that the get_resource function is returning empty?

Post by Steve Baker

Post by jason witkowski
Thanks for the replies guys. The issue is that it is not working. If
you take a look at the pastes I linked from the first email I am using the
get_resource function in the security group resource. I am not sure if it
is not resolving to an appropriate value or if it is resolving to an
appropriate value but then not assigning it to the port. I am happy to
provide any more details or examples but I'm not sure what else I can do
but provide the configuration examples I am using that are not working?
It's very possible my configurations are wrong but I have scoured the
internet for any/all examples and it looks like what I have should be
working but it is not.
Can you provide details of what the actual error is, plus the output of