Jump to: navigation, search

Difference between revisions of "Heat/VPC Resources Support"

m (Update gap list)
Line 75: Line 75:
  
 
Existing VPC/Heat gaps:
 
Existing VPC/Heat gaps:
* [https://bugs.launchpad.net/heat/+bug/1163952 Instance resource should implement the SubnetId property]
+
* <del>[https://bugs.launchpad.net/heat/+bug/1163952 Instance resource should implement the SubnetId property]</del> Fix released
* [https://bugs.launchpad.net/heat/+bug/1163991 Instance resource should implement the SecurityGroupIds property]
+
* <del>[https://bugs.launchpad.net/heat/+bug/1163991 Instance resource should implement the SecurityGroupIds property]</del> Fix released
* [https://blueprints.launchpad.net/heat/+spec/quantum-security-group Use quantum security groups when a VpcId is specified in AWS::EC2::SecurityGroup]
+
* <del>[https://blueprints.launchpad.net/heat/+spec/quantum-security-group Use quantum security groups when a VpcId is specified in AWS::EC2::SecurityGroup]</del> Implemented
 
* [https://bugs.launchpad.net/heat/+bug/1164864 AWS::EC2::EIP resource should implement the InstanceId property]
 
* [https://bugs.launchpad.net/heat/+bug/1164864 AWS::EC2::EIP resource should implement the InstanceId property]
 
* [https://bugs.launchpad.net/heat/+bug/1164865 AWS::EC2::EIPAssociation resource should implement the AllocationId attribute]
 
* [https://bugs.launchpad.net/heat/+bug/1164865 AWS::EC2::EIPAssociation resource should implement the AllocationId attribute]
 
* [https://bugs.launchpad.net/heat/+bug/1164866 AWS::EC2::EIPAssociation resource should implement the NetworkInterfaceId attribute]
 
* [https://bugs.launchpad.net/heat/+bug/1164866 AWS::EC2::EIPAssociation resource should implement the NetworkInterfaceId attribute]
 
* [https://bugs.launchpad.net/heat/+bug/1166787 AWS::EC2::Subnet resource cannot reference an existing VPC]
 
* [https://bugs.launchpad.net/heat/+bug/1166787 AWS::EC2::Subnet resource cannot reference an existing VPC]
* [https://bugs.launchpad.net/heat/+bug/1165043 AWS::EC2::NetworkInterface cannot reference an existing Subnet]
+
* <del>[https://bugs.launchpad.net/heat/+bug/1165043 AWS::EC2::NetworkInterface cannot reference an existing Subnet]</del> Fix released
 
* [https://bugs.launchpad.net/heat/+bug/1165050 AWS::EC2::VPCGatewayAttachment cannot reference an existing VPC]
 
* [https://bugs.launchpad.net/heat/+bug/1165050 AWS::EC2::VPCGatewayAttachment cannot reference an existing VPC]
 
* [https://bugs.launchpad.net/heat/+bug/1166779 AWS::EC2::RouteTable cannot reference an existing VPC]
 
* [https://bugs.launchpad.net/heat/+bug/1166779 AWS::EC2::RouteTable cannot reference an existing VPC]
 
* [https://bugs.launchpad.net/heat/+bug/1165056 AWS::EC2::SubnetRouteTableAssocation cannot reference an existing Subnet]
 
* [https://bugs.launchpad.net/heat/+bug/1165056 AWS::EC2::SubnetRouteTableAssocation cannot reference an existing Subnet]
* [https://bugs.launchpad.net/heat/+bug/1164913 The SecurityGroups property of an Instance resource doesn't get applied]
+
* <del>[https://bugs.launchpad.net/heat/+bug/1164913 The SecurityGroups property of an Instance resource doesn't get applied]</del> Fix released
 
* [https://bugs.launchpad.net/heat/+bug/1165071 Stack deletion failed because the VPCGatewayAttachment resource cannot be deleted]
 
* [https://bugs.launchpad.net/heat/+bug/1165071 Stack deletion failed because the VPCGatewayAttachment resource cannot be deleted]
 
* [https://bugs.launchpad.net/heat/+bug/1166084 Creation of NetworkInterface resource failed because GroupSet attribute is invalid]
 
* [https://bugs.launchpad.net/heat/+bug/1166084 Creation of NetworkInterface resource failed because GroupSet attribute is invalid]

Revision as of 09:00, 5 June 2013

OpenStack Networking was integrated in the Folsom release and as there is a good fit between OS Networking and Virtual Private Cloud, the Heat team decided to implement of the AWS VPC resources during the Grizzly release.

The following table describes the current support of VPC in Heat but be aware that it may be out of date as the Heat team is bridging the gaps :-)

CloudFormation resource Heat implementation Comment
AWS::EC2::VPC Partial Creates a network and a router.

The internal id of the network is used for the VpcId attribute.

No support for the CidrBlock attribute, it is accepted but unused.

No support for the InstanceTenancy attribute. It defines the tenancy mode of instances launched in the VPC: default (=shared or dedicated hardware) or dedicated (=only dedicated hardware).

AWS::EC2::Subnet Partial Creates a subnet and associates the subnet to the network's router.

No support in Networking for the AvailabilityZone attribute.

AWS::EC2::NetworkInterface Partial Creates a port.

The GroupSet attribute maps to an existing security group in OpenStack Networking.

No support in OpenStack Networking for the Description attribute.

No support in OpenStack Networking for the SourceDestCheck attribute. By default, An EC2 instance doesn't receive traffic which isn't destined to one of its private IP address. This flag must be turned off for NAT instances.

AWS::EC2::InternetGateway Ok Associates all routers of the network to an external network.

The creation generates no additional Networking resource but one (and only one) network with attribute 'router:external' must exist first.

AWS::EC2::CustomerGateway None No equivalent yet.
AWS::EC2::VPNGateway None No equivalent yet.
AWS::EC2::VPNConnection None No equivalent yet.
AWS::EC2::VPCGatewayAttachment Partial AWS::EC2::VPCGatewayAttachment creation associates all VPC network's routers to the external network.

No support for the VpnGatewayId attribute yet.

AWS::EC2::RouteTable Partial Creates a new router which gets added to the Quantum network associated to the VpcId.
AWS::EC2::SubnetRouteTableAssocation Partial Associates the subnet (SubnetId attribute) with the given router (RouteTableId attribute).
AWS::EC2::Route None No equivalent yet.
AWS::EC2::DHCPOptions None Not supported but subnets have a 'DNS nameservers' attribute.
AWS::EC2::VPCDHCPOptionsAssociation None There is a mismatch between OpenStack Networking (DHCP options apply to a subnet) and VPC (DHCP options apply to a network).
AWS::EC2::NetworkAcl None No equivalent yet.
AWS::EC2::NetworkAclEntry None No equivalent yet.
AWS::EC2::SubnetNetworkAclAssocation None No equivalent yet.
AWS::EC2::SecurityGroup Partial Maps to Nova security groups.Creates a security group if no group with the same name already exists.

Should be updated to create/modify Quantum security group when the VpcId attribute is passed (see https://blueprints.launchpad.net/heat/+spec/quantum-security-group).

AWS::EC2::SecurityGroupIngress Partial Partial Resource wrapped inside the AWS::EC2::SecurityGroup resource. It should be a standalone resource for full support.
AWS::EC2::SecurityGroupEgress None No equivalent yet.
AWS::EC2::EIP Partial The creation of the floating IP address relies on Nova which proxies the request to OpenStack Networking.

The name of the network allocating the floating IP addresses is defined by the default_floating_pool parameter in nova.conf (default value: "nova")

AWS::EC2::EIPAssociation Partial See below

Like for all AWS resources exposed in Heat, there is no support of the Tags attribute but this is first a Nova & Networking limitation but a blueprint exists to track the issue.

Existing VPC/Heat gaps:


Finally remember that using AWS resources in Heat templates is not mandatory as you still have the opportunity to use the Networking resources (in the OS::Quantum::* namespace for now). If you don't care about AWS CloudFormation compatibility, it is even recommended to stick with these native resources as they map perfectly with the Quantum components.

Retrieved from "https://wiki.openstack.org/w/index.php?title=Heat/VPC_Resources_Support&oldid=23767"