# Config for switches, tunnelIP is the local IP address.
switches = [{'name': 's1',
- 'tunnelIp': '192.168.56.30',
+ 'tunnelIp': '192.168.56.31',
'dpid': '1'},
{'name': 's2',
- 'tunnelIp': '192.168.56.32',
+ 'tunnelIp': '192.168.56.33',
'dpid': '2'}]
defaultContainerImage='alagalah/odlpoc_ovs230'
ifaceName = '{}_vxlan0'.format(sw)
cmd = ['ovs-vsctl', 'add-port', sw, ifaceName,
'--', 'set', 'Interface', ifaceName,
- 'type=vxlan',
+ 'type=vxlan',
'options:remote_ip=flow',
'options:key=flow']
if sourceIp is not None:
import requests,json
import uuid
+import sys
from requests.auth import HTTPBasicAuth
USERNAME='admin'
nodes.append(data)
return data
-def get_contract(tenantId, pgroupIds, cgroupIds, contract):
-#TODO: This assumes a single provider/consumer per contract. Should be able to process list, just
-# note entirely sure if everything should be repeated, or just IDs ??? For now, assuming single
+def get_contract(tenantId, pgroupId, cgroupId, contract):
tenant = get_tenant(tenantId)
- pgroup = get_epg(tenantId, pgroupIds[0])
- cgroup = get_epg(tenantId, cgroupIds[0])
+ pgroup = get_epg(tenantId, pgroupId)
+ cgroup = get_epg(tenantId, cgroupId)
if not contract.has_key('id'):
contract['id']=str(uuid.uuid4())
data=dict(contract)
del data['name']
- tenant["contract"].append(data)
- cgroup["consumer-named-selector"].append({
- "name": "{}-{}-{}".format(pgroupIds[0], cgroupIds[0], data['id']),
- "contract": [data['id']]
- })
- pgroup["provider-named-selector"].append({
- "name": "{}-{}-{}".format(pgroupIds[0], cgroupIds[0], data['id']),
- "contract": [data['id']]
- })
-
+ if not tenant["contract"]:
+ tenant["contract"].append(data)
+ else:
+ contractExists=False
+ for tenantContract in tenant["contract"]:
+ if tenantContract["id"] == data["id"]: contractExists=True
+ if not contractExists:
+ tenant["contract"].append(data)
+ name="{}-{}-{}".format(pgroupId, cgroupId, data['id'])
+ if not cgroup["consumer-named-selector"]:
+ cgroup["consumer-named-selector"].append({"name": name, "contract": [data['id']]})
+ else:
+ contractExists=False
+ for consumerContract in cgroup["consumer-named-selector"]:
+ if consumerContract["contract"][0] == data["id"]:
+ contractExists=True
+ if not contractExists:
+ cgroup["consumer-named-selector"].append({"name": name,"contract": [data['id']]})
+ if not pgroup["provider-named-selector"]:
+ pgroup["provider-named-selector"].append({"name": name,"contract": [data['id']]})
+ else:
+ contractExists=False
+ for providerContract in pgroup["provider-named-selector"]:
+ if providerContract["contract"][0] == data["id"]:
+ contractExists=True
+ if not contractExists:
+ pgroup["provider-named-selector"].append({"name": name,"contract": [data['id']]})
return data
def post(url, data):
# Only one tenant supported at this time.
tenants = [
{'name':'GBPPOC',
- 'id':'f5c7d344-d1c7-4208-8531-2c2693657e12', #Optional, if you leave this out will be generated
- 'subject-feature-instances':
- {'classifier-instance':
+ 'id':'f5c7d344-d1c7-4208-8531-2c2693657e12',
+ 'subject-feature-instances':
+ {'classifier-instance':
[
{'name': 'http-dest',
'classifier-definition-id': '4250ab32-e8b8-445a-aebb-e1bd2cdd291f',
'parameter-value': [
{'name': 'type',
- 'string-value': 'TCP'},
+ 'string-value': 'TCP'},
{'name': 'destport',
'int-value': '80'}
]},
'classifier-definition-id': '4250ab32-e8b8-445a-aebb-e1bd2cdd291f',
'parameter-value': [
{'name': 'type',
- 'string-value': 'TCP'},
+ 'string-value': 'TCP'},
{'name': 'sourceport',
'int-value': '80'}
]},
'clause': [
{'name': 'allow-http-clause',
'subject-refs': [
- 'allow-http-subject',
+ 'allow-http-subject',
'allow-icmp-subject'
]
}
{'name':'client',
'providesContracts' : [], #List of contract names provided
'consumesContracts' : ['pingall+web'],
- 'id' : '1eaf9a67-a171-42a8-9282-71cf702f61dd', #Optional, if you leave this out will be generated
+ 'id' : '1eaf9a67-a171-42a8-9282-71cf702f61dd',
},
{'name':'webserver',
'providesContracts' : ['pingall+web'], #List of contract names provided
'consumesContracts' : [],
- 'id' : 'e593f05d-96be-47ad-acd5-ba81465680d5', #Optional, if you leave this out will be generated
+ 'id' : 'e593f05d-96be-47ad-acd5-ba81465680d5',
}
]
-
-
-
contractConsumerEpgIDs.append(endpointGroup['id'])
if contract['name'] in endpointGroup['providesContracts']:
contractProviderEpgIDs.append(endpointGroup['id'])
-
- odl_gbp.get_contract(tenant['id'],
- contractProviderEpgIDs,
- contractConsumerEpgIDs,
- contract)
+ for contractProviderEpgID in contractProviderEpgIDs:
+ for contractConsumerEpgID in contractConsumerEpgIDs:
+ odl_gbp.get_contract(tenant['id'],
+ contractProviderEpgID,
+ contractConsumerEpgID,
+ contract)
# POST to the controller to register tenants
if args.policy:
--- /dev/null
+# Config for switches, tunnelIP is the local IP address.
+switches = [{'name': 's1',
+ 'tunnelIp': '192.168.56.31',
+ 'dpid': '1'},
+ {'name': 's2',
+ 'tunnelIp': '192.168.56.33',
+ 'dpid': '2'}]
+
+defaultContainerImage='alagalah/odlpoc_ovs230'
+
+#Note that tenant name and endpointGroup name come from policy_config.py
+
+hosts = [ {'name': 'h35_2',
+ 'mac': '00:00:00:00:35:02',
+ 'ip': '10.0.35.2/24',
+ 'switch': 's1',
+ 'tenant': 'GBPPOC',
+ 'endpointGroup': 'client1'},
+ {'name': 'h35_3',
+ 'ip': '10.0.35.3/24',
+ 'mac': '00:00:00:00:35:03',
+ 'switch': 's1',
+ 'tenant': 'GBPPOC',
+ 'endpointGroup': 'client1'},
+ {'name': 'h36_2',
+ 'ip': '10.0.36.2/24',
+ 'mac': '00:00:00:00:36:02',
+ 'switch': 's1',
+ 'tenant': 'GBPPOC',
+ 'endpointGroup': 'webserver'},
+ {'name': 'h36_3',
+ 'ip': '10.0.36.3/24',
+ 'mac': '00:00:00:00:36:03',
+ 'switch': 's1',
+ 'tenant': 'GBPPOC',
+ 'endpointGroup': 'webserver'},
+ {'name': 'h37_2',
+ 'ip': '10.0.37.2/24',
+ 'mac': '00:00:00:00:37:02',
+ 'switch': 's1',
+ 'tenant': 'GBPPOC',
+ 'endpointGroup': 'client2'},
+ {'name': 'h37_3',
+ 'ip': '10.0.37.3/24',
+ 'mac': '00:00:00:00:37:03',
+ 'switch': 's1',
+ 'tenant': 'GBPPOC',
+ 'endpointGroup': 'client2'},
+ {'name': 'h35_4',
+ 'mac': '00:00:00:00:35:04',
+ 'ip': '10.0.35.4/24',
+ 'switch': 's2',
+ 'tenant': 'GBPPOC',
+ 'endpointGroup': 'client1'},
+ {'name': 'h35_5',
+ 'ip': '10.0.35.5/24',
+ 'mac': '00:00:00:00:35:05',
+ 'switch': 's2',
+ 'tenant': 'GBPPOC',
+ 'endpointGroup': 'client1'},
+ {'name': 'h36_4',
+ 'ip': '10.0.36.4/24',
+ 'mac': '00:00:00:00:36:04',
+ 'switch': 's2',
+ 'tenant': 'GBPPOC',
+ 'endpointGroup': 'webserver'},
+ {'name': 'h36_5',
+ 'ip': '10.0.36.5/24',
+ 'mac': '00:00:00:00:36:05',
+ 'switch': 's2',
+ 'tenant': 'GBPPOC',
+ 'endpointGroup': 'webserver'},
+ {'name': 'h37_4',
+ 'ip': '10.0.37.4/24',
+ 'mac': '00:00:00:00:37:04',
+ 'switch': 's2',
+ 'tenant': 'GBPPOC',
+ 'endpointGroup': 'client2'},
+ {'name': 'h37_5',
+ 'ip': '10.0.37.5/24',
+ 'mac': '00:00:00:00:37:05',
+ 'switch': 's2',
+ 'tenant': 'GBPPOC',
+ 'endpointGroup': 'client2'}
+ ]
--- /dev/null
+L3CTX='cbe0cc07-b8ff-451d-8171-9eef002a8e80'
+L2BD='7b796915-adf4-4356-b5ca-de005ac410c1'
+# Only one tenant supported at this time.
+tenants = [
+ {'name':'GBPPOC',
+ 'id':'f5c7d344-d1c7-4208-8531-2c2693657e12',
+ 'subject-feature-instances':
+ {'classifier-instance':
+ [
+ {'name': 'http-dest',
+ 'classifier-definition-id': '4250ab32-e8b8-445a-aebb-e1bd2cdd291f',
+ 'parameter-value': [
+ {'name': 'type',
+ 'string-value': 'TCP'},
+ {'name': 'destport',
+ 'int-value': '80'}
+ ]},
+ {'name': 'http-src',
+ 'classifier-definition-id': '4250ab32-e8b8-445a-aebb-e1bd2cdd291f',
+ 'parameter-value': [
+ {'name': 'type',
+ 'string-value': 'TCP'},
+ {'name': 'sourceport',
+ 'int-value': '80'}
+ ]},
+ {'name': 'icmp',
+ 'classifier-definition-id': '79c6fdb2-1e1a-4832-af57-c65baf5c2335',
+ 'parameter-value': [
+ {'name': 'proto',
+ 'int-value': '1'}
+ ]
+ }
+ ]
+ }
+ }
+ ]
+
+contracts = [
+ {'name':'pingall+web',
+ 'id':'22282cca-9a13-4d0c-a67e-a933ebb0b0ae',
+ 'subject': [
+ {'name': 'allow-http-subject',
+ 'rule': [
+ {'name': 'allow-http-rule',
+ 'classifier-ref': [
+ {'name': 'http-dest',
+ 'direction': 'in'},
+ {'name': 'http-src',
+ 'direction': 'out'}
+ ]
+ }
+ ]
+ },
+ {'name': 'allow-icmp-subject',
+ 'rule': [
+ {'name': 'allow-icmp-rule',
+ 'classifier-ref': [
+ {'name': 'icmp'}
+ ]}
+ ]
+ }],
+ 'clause': [
+ {'name': 'allow-http-clause',
+ 'subject-refs': [
+ 'allow-http-subject',
+ 'allow-icmp-subject'
+ ]
+ }
+ ]
+ }]
+endpointGroups = [
+ {'name':'client1',
+ 'providesContracts' : [], #List of contract names provided
+ 'consumesContracts' : ['pingall+web'],
+ 'id' : '1eaf9a67-a171-42a8-9282-71cf702f61dd',
+ },
+ {'name':'client2',
+ 'providesContracts' : [], #List of contract names provided
+ 'consumesContracts' : ['pingall+web'],
+ 'id' : '6c787c-156a-49ed-8546-547bdccf283c',
+ },
+ {'name':'webserver',
+ 'providesContracts' : ['pingall+web'], #List of contract names provided
+ 'consumesContracts' : [],
+ 'id' : 'e593f05d-96be-47ad-acd5-ba81465680d5',
+ }
+ ]
Code Review / groupbasedpolicy.git / commitdiff