Devstack will automatically configure heat to support BGPVPN.
Other deployments need to add the directory for the python networking_bgpvpn_heat module to plugin_dirs in the heat config: /etc/heat/heat.conf.
This directory can be found out with:
dirname $(python -c "import networking_bgpvpn_heat as n;print(n.__file__)")
This template has to be run with admin rights and will create a BGPVPN for the current tenant, along with a Network associated with it:
description: BGPVPN networking example (admin) heat_template_version: '2013-05-23' resources: BGPVPN1: type: OS::Neutron::BGPVPN properties: import_targets: [ "100:1001"] export_targets: [ "100:1002"] route_targets: [ "100:1000" ] name: "default VPN" Net1: type: OS::Neutron::Net SubNet1: type: OS::Neutron::Subnet properties: network: { get_resource: Net1 } cidr: 192.168.10.0/24 BGPVPN_NET_assoc1: type: OS::Neutron::BGPVPN-NET-ASSOCIATION properties: bgpvpn_id: { get_resource: BGPVPN1 } network_id: { get_resource: Net1 }
In devstack, this HOT file can be used with cloud admin privileges in the demo project; such privileges can be obtained with the command:
source openrc admin demo
This example can then be run:
$ heat stack-create networks -f bgpvpn_test-00.yaml +--------------------------------------+------------+--------------------+---------------------+--------------+ | id | stack_name | stack_status | creation_time | updated_time | +--------------------------------------+------------+--------------------+---------------------+--------------+ | 5a6c2bf1-c5da-4f8f-9838-4c3e59d13d41 | networks | CREATE_IN_PROGRESS | 2016-03-02T08:32:52 | None | +--------------------------------------+------------+--------------------+---------------------+--------------+ $ heat stack-list +--------------------------------------+------------+-----------------+---------------------+--------------+ | id | stack_name | stack_status | creation_time | updated_time | +--------------------------------------+------------+-----------------+---------------------+--------------+ | 5a6c2bf1-c5da-4f8f-9838-4c3e59d13d41 | networks | CREATE_COMPLETE | 2016-03-02T08:32:52 | None | +--------------------------------------+------------+-----------------+---------------------+--------------+
This is a set of two templates:
one that has to be run with admin rights and will create a BGPVPN for the ‘demo’ tenant:
description: BGPVPN networking example (admin) heat_template_version: '2013-05-23' resources: BGPVPN1: type: OS::Neutron::BGPVPN properties: import_targets: [ "100:1001"] export_targets: [ "100:1002"] route_targets: [ "100:1000" ] name: "default_vpn" tenant_id: "demo"$ source openrc admin admin $ heat stack-create bgpvpn -f bgpvpn_test-04-admin.yaml
one to run as a plain ‘demo’ tenant user, that will:
- create a Network and bind it to the ‘default_vpn’ BGPVPN
- create a second Network connected to a Router, and bind the Router to the ‘default_vpn’
description: BGPVPN networking example (tenant) heat_template_version: '2013-05-23' resources: Net1: type: OS::Neutron::Net SubNet1: type: OS::Neutron::Subnet properties: network: { get_resource: Net1 } cidr: 192.168.10.0/24 BGPVPN_NET_assoc1: type: OS::Neutron::BGPVPN-NET-ASSOCIATION properties: bgpvpn_id: "default_vpn" network_id: { get_resource: Net1 } Net2: type: OS::Neutron::Net SubNet2: type: OS::Neutron::Subnet properties: network: { get_resource: Net2 } cidr: 192.168.10.0/24 Router: type: OS::Neutron::Router router_interface: type: OS::Neutron::RouterInterface properties: router_id: { get_resource: Router } subnet_id: { get_resource: SubNet2 } BGPVPN_router_assoc1: type: OS::Neutron::BGPVPN-ROUTER-ASSOCIATION properties: bgpvpn_id: "default_vpn" router_id: { get_resource: Router }$ source openrc demo demo $ heat stack-create networks_bgpvpn -f bgpvpn_test-04-tenant.yaml +--------------------------------------+-----------------+--------------------+---------------------+--------------+ | id | stack_name | stack_status | creation_time | updated_time | +--------------------------------------+-----------------+--------------------+---------------------+--------------+ | a3cf1c1b-ac6c-425c-a4b5-d8ca894539f2 | networks_bgpvpn | CREATE_IN_PROGRESS | 2016-03-02T09:16:39 | None | +--------------------------------------+-----------------+--------------------+---------------------+--------------+ $ neutron bgpvpn-list +--------------------------------------+-------------+------+-------------------------------------------+------------------------------------------------+ | id | name | type | networks | routers | +--------------------------------------+-------------+------+-------------------------------------------+------------------------------------------------+ | 473e5218-f4a2-46bd-8086-36d6849ecf8e | default VPN | l3 | [u'5b1af75b-0608-4e03-aac1-2608728be45d'] | [u'cb9c7304-e844-447d-88e9-4a0a2dc14d21'] | +--------------------------------------+-------------+------+-------------------------------------------+------------------------------------------------+