Re: [Openstack] [group-based-policy] How to get Neutron ports with fixed IP when creating policy targets with Heat?

2017-07-12 Thread Sumit Naiksatam 
Hi Lukas,

Could you please confirm if you have the following commit in the package
you have deployed:
https://github.com/openstack/group-based-policy-automation/commit/ea1fb1725062e97ea2fa8d6af188b718876d9f89

The above was a fix to the issue you are seeing.

Thanks,
Sumit.

On Jul 11, 2017 3:28 PM, "Lukas Garberg"  wrote:

> Hi all,
>
> I'm trying to create a heat template automating the creation of
> group-based policy resources when deploying stacks. The template takes an
> L3 policy as an input argument and then creates an L2 policy, a policy
> target group and a policy target. I use GBP together with Cisco APIC on
> OpenStack Mitaka.
>
> (Slightly simplified) Heat template:
>  parameters:
> l3p_main:
>   type: string
>   description: L3 policy name to use for main network interface
>
>   resources:
> l2p_main:
>   type: OS::GroupBasedPolicy::L2Policy
>   properties:
> name: { list_join: [ '_', [ { get_param: 'OS::stack_name' }, 'l2p'
> ] ] }
> l3_policy_id: { get_param: l3p_main }
> shared: false
>  ptg_main:
>   type: OS::GroupBasedPolicy::PolicyTargetGroup
>   properties:
> name: { list_join: [ '_', [ { get_param: 'OS::stack_name' }, 'ptg'
> ] ] }
> l2_policy_id: { get_resource: l2p_main }
> shared: false
>
> pt_main:
>   type: OS::GroupBasedPolicy::PolicyTarget
>   properties:
> name: { list_join: [ '_', [ { get_param: 'OS::stack_name' }, 'pt'
> ] ] }
> policy_target_group_id: { get_resource: ptg_main }
>
> server:
>   type: OS::Nova::Server
>   properties:
> networks:
>  - port: { get_attr: [ pt_main, port_id ] }
>
> The stack create fails with the following error message (taken from
> openstack stack show ... CLI command):
>   | stack_status  | CREATE_FAILED
>   |
>   | stack_status_reason   | Resource CREATE failed: BadRequest:
> resources.server: Port 49638f39-3e13-4813-b69f-efa2b3001c11 requires a
> FixedIP in order to be used. (HTTP 400) (Request-ID:
> req-4b6c465b-bb54-4eef-ae0b-d17e4a626c66) |
>
> Inspecting the neutron port referred to by the policy target which was
> created gives the following:
>   $ neutron port-show 49638f39-3e13-4813-b69f-efa2b3001c11
>   +---+--+
>   | Field | Value   |
>   +---+--+
>   | admin_state_up| True|
>   | allowed_address_pairs | |
>   | binding:vnic_type | normal  |
>   | created_at| 2017-07-11T21:11:54 |
>   | description   | |
>   | device_id | |
>   | device_owner  | |
>   | extra_dhcp_opts   | |
>   | fixed_ips | | <-- empty
>   | id| 49638f39-3e13-4813-b69f-efa2b3001c11 |
>   | mac_address   | fa:16:3e:93:b2:25   |
>   | name  | pt_foo_bar_test_pt  |
>   | network_id| 72455662-1210-4aac-af70-8b19a974e0ea |
>   | security_groups   | a3dd6bdc-bf85-4340-b305-166defc8e41c |
>   | status| DOWN|
>   | tenant_id | c0351d9a317f4b16b79ba7fa1fec4e0b |
>   | updated_at| 2017-07-11T21:11:54 |
>   +---+--+
>
> If I instead create a policy target manually with the GBP CLI client like
> this:
>   gbp pt-create --policy-target-group hello_ptg hello_test_pt
>
> The generated port looks like this:
>   $ openstack port show 74ea24e4-8925-4173-ba13-6b0fd319c18e
>   +---+---
> ---+
>   | Field | Value
> |
>   +---+---
> ---+
>   | admin_state_up| UP
>  |
>   | allowed_address_pairs |
> |
>   | binding_vnic_type | normal
>  |
>   | created_at| 2017-06-27T12:57:01
>  |
>   | description   | None
>  |
>   | device_id |
> |
>   | device_owner  |
> |
>   | extra_dhcp_opts   |
> |
>   | fixed_ips | ip_address='10.156.248.60',
> subnet_id='31a163d5-4004-484e-9899-f60b2d9c0b47' | <-- filled in
>   | id| 74ea24e4-8925-4173-ba13-6b0fd319c18e
>

Re: [Openstack] GBP(Group Based Policy) REST APIs

2015-09-11 Thread Sumit Naiksatam 
Hi Shital,

GBP does have a REST API which you can use directly, or use a client
lib [1] to programmatically interface with it. You can reach out to
the team on #openstack-gbp if you need further assistance.

Thanks,
~Sumit.
[1] 
https://github.com/stackforge/python-group-based-policy-client/blob/master/gbpclient/v2_0/client.py

On Fri, Sep 11, 2015 at 12:27 AM, Shital Patil  wrote:
> Hello Guys,
>
> From blueprint it looks likeGBP is currently using neutron REST and in next
> release plan is to write wrapper over it but I was interested to know when
> will GBP have its own REST exposed so that it can be consumed by
> applications having programmatic  interaction with openstack ?
>
> Thanks,
> Shital
>
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] FWaaS - where can I find logs of audited policies?

2013-10-08 Thread Sumit Naiksatam 
The audited flag is not for generating audit logs. It's meant to indicate
whether the particular firewall policy was audited or not by the creator of
the firewall policy.

~Sumit.


On Tue, Oct 8, 2013 at 4:05 AM, Rami Vaknin  wrote:

> I'm running havana, I've noticed the --audited argument in policy
> creation/update and I wonder where these audit logs saved? I couldn't find
> any audit log in the standard neutron logs.
>
> --
>
> Thanks,
>
> Rami Vaknin, QE @ Red Hat, TLV, IL.
>
>
> __**_
> Mailing list: http://lists.openstack.org/**cgi-bin/mailman/listinfo/**
> openstack 
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/**cgi-bin/mailman/listinfo/**
> openstack 
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack