9b7b759221
Adds validation and repair framework that calls into mechanism, policy and SFC drivers to validate mappings to Neutron resources and to AIM resources. The mappings from all standard Neutron resources to AIM are currently handled. New unit tests are provided for validation of each resource, and validation calls are added to several existing unit tests. A simple command line interface is used to perform validation, optionally repairing invalid state. This is run using 'gbp-validate <neutron-server args> [--repair]'. The same arguments that are passed to specify the configuration of neutron-server must be passed to gbp-validate. Validation of GBP and SFC resources and of SVI networks is not yet implemented. Attempting to validate deployments where these resources exist intentionally fails, even when repair is enabled, so that valid deployments are not corrupted. Proper validation of these resources will be addressed in followup patches. For isomorphic address scopes with a non-pre-existing VRF, the VRF's display name currently depends on the order in which the address scopes were created. This will be addressed in a followup patch. EPG domain association, static paths, and other aspects of port binding are not yet validated. This will be addressed in a followup patch. Migration from the old APIC plugin to the unified plugin will require associating existing subnets with subnetpools and rebinding all port, which will also be addressed in a followup patch. A simply neutron_aim exercise script is added to the AIM gate job that runs gbp-validate with Neutron resources. Once validation of GBP resources is implemented, similar gbp-validate calls will be added to the gbp_aim exercise script. Change-Id: I0c3fe9e2629f76ecca8b3c8a93f9534b2d946e14 |
||
---|---|---|
devstack | ||
doc/source | ||
etc | ||
gbpservice | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.testr.conf | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
MANIFEST.in | ||
README.rst | ||
TESTING.rst | ||
babel.cfg | ||
openstack-common.conf | ||
requirements.txt | ||
run_tests.sh | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Group Based Policy (GBP) provides declarative abstractions for achieving scalable intent-based infrastructure automation.
GBP complements the OpenStack networking model with the notion of policies that can be applied between groups of network endpoints. As users look beyond basic connectivity, richer network services with diverse implementations and network properties are naturally expressed as policies. Examples include service chaining, QoS, path properties, access control, etc.
GBP allows application administrators to express their networking requirements using a Group and a Policy Rules-Set abstraction. The specifics of policy rendering are left to the underlying pluggable policy driver.
GBP model also supports a redirect operation that makes it easy to abstract and consume complex network service chains and graphs.
Checkout the GBP wiki page for more detailed information: <https://wiki.openstack.org/wiki/GroupBasedPolicy>
The latest code is available at: <http://git.openstack.org/cgit/openstack/group-based-policy>.
GBP project management (blueprints, bugs) is done via Launchpad: <https://launchpad.net/group-based-policy>
For help using or hacking on GBP, you can send mail to <mailto:openstack-dev@lists.openstack.org>.
Acronyms used in code for brevity:
- PT: Policy Target
- PTG: Policy Target Group
- PR: Policy Rule
- PRS: Policy Rule Set
- L2P: L2 Policy
- L3P: L3 Policy
- NSP: Network Service Policy
- EP: External Policy
- ES: External Segment
- SC: Service Chain
- SP: Service Profile