From 3825fdc3752f124b5951bacc91f36f1eb3b68970 Mon Sep 17 00:00:00 2001 From: Anne Gentle Date: Fri, 8 Aug 2014 10:34:18 -0500 Subject: [PATCH] Removes WADL references and replaces with links to API Ref Change-Id: Ie28876acb2c8e0837a87dd475ef235f54dcf4c03 --- v2.0/ch_neutron_api_extensions.xml | 76 - v2.0/ch_neutron_api_operations.xml | 57 - v2.0/neutron-api-guide.xml | 31 +- v2.0/section_neutron-ext-agent-management.xml | 249 --- v2.0/section_neutron-ext-agent-schedulers.xml | 662 ------- ...tion_neutron-ext-allowed-address-pairs.xml | 169 -- v2.0/section_neutron-ext-binding-ports.xml | 161 -- ...on_neutron-ext-external-gateways-modes.xml | 222 --- .../section_neutron-ext-external-networks.xml | 217 --- ...section_neutron-ext-extra-dhcp-options.xml | 215 --- v2.0/section_neutron-ext-extra-routes.xml | 137 -- v2.0/section_neutron-ext-fwaas.xml | 1296 ------------- v2.0/section_neutron-ext-layer3.xml | 262 --- v2.0/section_neutron-ext-lbaas.xml | 275 --- v2.0/section_neutron-ext-metering.xml | 36 - ...on_neutron-ext-provider-networks-multi.xml | 20 - .../section_neutron-ext-provider-networks.xml | 91 - v2.0/section_neutron-ext-quotas.xml | 30 - ...tion_neutron-ext-security-groups-rules.xml | 34 - v2.0/section_neutron-ext-show-info.xml | 24 - v2.0/section_neutron-ext-vpnaas.xml | 1680 ----------------- 21 files changed, 29 insertions(+), 5915 deletions(-) delete mode 100644 v2.0/ch_neutron_api_extensions.xml delete mode 100644 v2.0/ch_neutron_api_operations.xml delete mode 100644 v2.0/section_neutron-ext-agent-management.xml delete mode 100644 v2.0/section_neutron-ext-agent-schedulers.xml delete mode 100644 v2.0/section_neutron-ext-allowed-address-pairs.xml delete mode 100644 v2.0/section_neutron-ext-binding-ports.xml delete mode 100644 v2.0/section_neutron-ext-external-gateways-modes.xml delete mode 100644 v2.0/section_neutron-ext-external-networks.xml delete mode 100755 v2.0/section_neutron-ext-extra-dhcp-options.xml delete mode 100644 v2.0/section_neutron-ext-extra-routes.xml delete mode 100644 v2.0/section_neutron-ext-fwaas.xml delete mode 100644 v2.0/section_neutron-ext-layer3.xml delete mode 100644 v2.0/section_neutron-ext-lbaas.xml delete mode 100644 v2.0/section_neutron-ext-metering.xml delete mode 100644 v2.0/section_neutron-ext-provider-networks-multi.xml delete mode 100644 v2.0/section_neutron-ext-provider-networks.xml delete mode 100644 v2.0/section_neutron-ext-quotas.xml delete mode 100644 v2.0/section_neutron-ext-security-groups-rules.xml delete mode 100644 v2.0/section_neutron-ext-show-info.xml delete mode 100644 v2.0/section_neutron-ext-vpnaas.xml diff --git a/v2.0/ch_neutron_api_extensions.xml b/v2.0/ch_neutron_api_extensions.xml deleted file mode 100644 index 15c9c3d..0000000 --- a/v2.0/ch_neutron_api_extensions.xml +++ /dev/null @@ -1,76 +0,0 @@ - - - - - - - -GET'> -PUT'> -POST'> -DELETE'> - - - - - '> - - - - - '> - -]> - - API extensions - An API extension extends one or more of the following - components of the core API: - - - Resources. An extension creates object - classes. - - - Attributes. An extended attribute creates an - attribute on existing resources. Prefixed by the - extension name. - - - Actions. An extended action creates an operation on - an existing resource. - - - Generic API extensions are not plug-in-specific. For - information about plug-in-specific extensions that ship with - OpenStack Networking, see the extension documentation in the - source code tree. - - - - - - - - - - - - - - - - - - - diff --git a/v2.0/ch_neutron_api_operations.xml b/v2.0/ch_neutron_api_operations.xml deleted file mode 100644 index d922021..0000000 --- a/v2.0/ch_neutron_api_operations.xml +++ /dev/null @@ -1,57 +0,0 @@ - - - API operations - Provides virtual networking services among devices that are - managed by the OpenStack Compute service. The Networking API - v2.0 combines the API v1.1 functionality with some essential - Internet Protocol Address Management (IPAM) - functionality. - Enables users to associate IP address blocks and other - network configuration settings with a neutron network. You can - choose a specific IP address from the block or let neutron - choose the first available IP address. -
- Networks - List, show information for, create, update, and delete - networks. - -
-
- Subnets - List, show information for, create, update, and delete - subnet resources. - - - - - - - - - - - - - -
-
- Ports - List, show information for, create, update, and delete - ports. - -
- diff --git a/v2.0/neutron-api-guide.xml b/v2.0/neutron-api-guide.xml index 0da0d17..361db09 100644 --- a/v2.0/neutron-api-guide.xml +++ b/v2.0/neutron-api-guide.xml @@ -44,6 +44,20 @@ + + 2014-08-08 + + + + Removed and replaced WADL references + with links to Networking API v2.0 + (CURRENT). + + + + 2014-06-29 @@ -136,6 +150,19 @@ - - + + API operations and extensions + Provides virtual networking services among devices that are + managed by the OpenStack Compute service. The Networking API + v2.0 combines the API v1.1 functionality with some essential + Internet Protocol Address Management (IPAM) + functionality. + Enables users to associate IP address blocks and other + network configuration settings with a neutron network. You + can choose a specific IP address from the block or let the + service choose the first available IP address. + For information about Networking API operations, see Networking API v2.0 (CURRENT). + diff --git a/v2.0/section_neutron-ext-agent-management.xml b/v2.0/section_neutron-ext-agent-management.xml deleted file mode 100644 index 6d5dc56..0000000 --- a/v2.0/section_neutron-ext-agent-management.xml +++ /dev/null @@ -1,249 +0,0 @@ - - -GET'> -PUT'> -POST'> -DELETE'> -]> -
- Agent management - In a typical OpenStack Networking deployment, some agents - run on network or compute nodes, such as - neutron-dhcp-agent, - neutron-ovs-agent, and - neutron-l3-agent. This extension - enables administrators (enforced by the policy engine) to view - status and update attributes for agents. Updating agent - management API attributes affects operations of other - components, such as OpenStack Networking schedulers. For - example, administrators can disable a specified agent so that - OpenStack Networking schedulers do not schedule resources to - it. - For how to use agent management extension and OpenStack - Networking schedulers feature, see the OpenStack - Cloud Administrator Guide. - - - - - - - Verb - URI - Description - - - - - &GET; - /agents - Lists agents that report their status to OpenStack - Networking server. - - - &GET; - /agents/agent_id - Shows details for a specified agent. - - - &PUT; - /agents/agent_id - Updates the admin status and description for a - specified agent. - - - &DELETE; - /agents/agent_id - Deletes a specified agent. - - - -
- List agents - - - - - - - Verb - URI - Description - - - - - &GET; - /agents - Lists agents that report their status to - OpenStack Networking server. - - - - Normal Response Code: 200 - - This operation does not require a request body. - This operation returns a response body. The default - policy behavior is that non-admin user won't be able to - see any agent in the response when this call is - invoked - - List agents: JSON request - GET /v2.0/agents HTTP/1.1 -Host: controlnode:9696 -User-Agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: c52a1b304fec4ca0ac85dc1741eec6e2 - - - List agents: JSON response - - -
-
- Show agent details - - - - - - - Verb - URI - Description - - - - - &GET; - /agents/agent_id - Shows details for a specified agent. - - - - Normal Response Code: 200 - - Error Response Codes:NotFound - (404) if not authorized or the - agent does not exist - This operation returns information for the given - agent. - This operation does not require a request body. - This operation returns a response body. The body - contents depend on the agent's type. - - Show agent details: JSON request - GET /v2.0/agents/af4567ad-c2e6-4311-944d-22efc12f89af HTTP/1.1 -Host: controlnode:9696 -User-agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: a54d6fdda41341f892150e2aaf648f0d - - - Show agent details: JSON response - - -
-
- Update agent - - - - - - - Verb - URI - Description - - - - - &PUT; - /agents/agent_id - Updates the admin status and description for a - specified agent. - - - - Normal Response Code: 200 - - Error Response Codes: BadRequest - (400) if something other than - description or admin status is changed, NotFound - (404) if not authorized or the - agent does not exist - This operation updates the agent's admin status and - description. - This operation requires a request body. - This operation returns a response body. - - Update agent: JSON request - PUT /v2.0/agents/af4567ad-c2e6-4311-944d-22efc12f89af HTTP/1.1 -Host: controlnode:9696 -User-Agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: 4cbb09e780434b249ff596d6979fd8fc -Content-Length: 38 - - - Update agents: JSON response - - -
- -
- Delete agent - - - - - - - Verb - URI - Description - - - - - &DELETE; - /agents/agent_id - Deletes a specified agent. - - - - Normal Response Code: 204 - - Error Response Codes: NotFound - (404) if not authorized or the - agent does not exist - This operation deletes the agent. - This operation does not require a request body. - This operation does not return a response body. - - Delete agent: JSON request - DELETE /v2.0/agents/44002aeb-2817-4cb8-9306-34308b4b40d9 HTTP/1.1 -Host: controlnode:9696 -User-Agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: 4cbb09e780434b249ff596d6979fd8fc - - - Delete agent: JSON response - - -
-
diff --git a/v2.0/section_neutron-ext-agent-schedulers.xml b/v2.0/section_neutron-ext-agent-schedulers.xml deleted file mode 100644 index 600fc76..0000000 --- a/v2.0/section_neutron-ext-agent-schedulers.xml +++ /dev/null @@ -1,662 +0,0 @@ - - -GET'> -PUT'> -POST'> -DELETE'> -]> - -
- Agent schedulers - The agent scheduler extensions schedule resources among - agents on top of the . - The agent scheduler feature consist of several agent - scheduler extensions. In Havana, the following extensions are - available. - - - DHCP agent scheduler - (dhcp_agent_scheduler) - - - L3 agent scheduler - (l3_agent_scheduler) - - - load balancer agent scheduler - (lbaas_agent_scheduler) - - - In Grizzly, the DHCP agent scheduler and the L3 agent - scheduler features are provided by a single extension named - the agent scheduler (agent_scheduler). In - Havana, this extension is split into the DHCP agent scheduler - and the L3 agent scheduler extensions. The load balancer agent - scheduler extension was introduced in Havana. -
- DHCP agent scheduler - (<literal>dhcp_agent_scheduler</literal>) - The DHCP agent scheduler extension enables - administrators to assign DHCP servers for Neutron networks - to given Neutron DHCP agents, and retrieve mappings - between Neutron networks and DHCP agents. This feature is - implemented on top of Agent Management extension. - - - - - - - Verb - URI - Description - - - - - &GET; - /agents/agent_id/dhcp-networks - Lists networks that the specified DHCP agent - hosts. - - - &GET; - /networks/network_id/dhcp-agents - Lists DHCP agents that host a specified - network. - - - &POST; - /agents/agent_id/dhcp-networks - Schedules the network to that the specified - DHCP agent. - - - &DELETE; - /agents/agent_id/dhcp-networks/network_id - Removes the network from that the specified - DHCP agent. - - - -
- List networks hosted by a DHCP agent - - - - - - - Verb - URI - Description - - - - - &GET; - /agents/agent_id/dhcp-networks - Lists networks that the specified DHCP - agenthosts. - - - - Normal response Code: - 200 - - Error response Codes: Unauthorized - (401), Forbidden - (403) - This operation does not require a request - body. - This operation returns a response body. - - List networks hosted by on DHCP agent: JSON - request - GET /v2.0/agents/d5724d7e-389d-4ba0-8d00-fc673a147bfa/dhcp-networks HTTP/1.1 -Host: localhost:9696 -User-Agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: 797f94caf0a8481c893a232cc0c1dfca - - - List networks hosted by DHCP agent: JSON - response - - -
-
- List DHCP agents hosted by network - - - - - - - Verb - URI - Description - - - - - &GET; - /networks/network_id/dhcp-agents - Lists DHCP agents that hosts a specified - network. - - - - Normal response Code: - 200 - - Error response Codes: Unauthorized - (401), Forbidden - (403) - This operation does not require a request - body. - This operation returns a response body. - - List DHCP agents hosted by network: JSON - request - - GET /v2.0/networks/2d627131-c841-4e3a-ace6-f2dd75773b6d/dhcp-agents HTTP/1.1 -Host: localhost:9696 -User-Agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: cc0f378bdf1545fb8dea2120c89eb532 - - - - - - List DHCP agents hosted by network: JSON - response - - -
- -
- Schedule network to DHCP agent - - - - - - - Verb - URI - Description - - - - - &POST; - /agents/agent_id/dhcp-networks - Schedules the network to that the - specified DHCP agent. - - - - Normal response Code: - 201 - - Error response Codes: Unauthorized - (401), Forbidden - (403), Conflict - (409) if the network is - already hosted by that the specified DHCP agent, - NotFound(404) when the - specified agent is not a valid DHCP agent. - This operation requires a request body. - This operation returns a null - body. - - Schedule network: JSON request - POST /v2.0/agents/d5724d7e-389d-4ba0-8d00-fc673a147bfa/dhcp-networks.json HTTP/1.1 -Host: localhost:9696 -User-Agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: d88f7af21ee34f6c87e23e46cf3f986d -Content-Length: 54 - - - - - Schedule network: JSON response - - -
-
- Remove network from DHCP agent - - - - - - - Verb - URI - Description - - - - - &DELETE; - /agents/agent_id/dhcp-networks/network_id - Removes the network from that the - specified DHCP agent. - - - - Normal response Code: - 204 - - Error response Codes: Unauthorized - (401), Forbidden - (403), NotFound - (404), Conflict - (409) if the network is not - hosted by that the specified DHCP agent. - This operation does not require a request - body. - This operation does not return a response - body. - - Remove network from DHCP agent: JSON - request - DELETE /v2.0/agents/d5724d7e-389d-4ba0-8d00-fc673a147bfa/dhcp-networks/1ae075ca-708b-4e66-b4a7-b7698632f05f.json HTTP/1.1 -Host: localhost:9696 -User-Agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: 7ae91cde8f504031be5a2cd5b99d4fe9 - -
-
-
- L3 agent scheduler - (<literal>l3_agent_scheduler</literal>) - The L3 agent scheduler extension allows administrators - to assign Neutron routers to Neutron L3 agents, and - retrieve mappings between Neutron routers and L3 agents. - This feature is implemented on top of Agent Management - extension. - - - - - - - Verb - URI - Description - - - - - &GET; - /agents/agent_id/l3-routers - Lists routers that the specified L3 agent - hosts. - - - &GET; - /routers/router_id/l3-agents - Lists L3 agents that hosts a specified - router. - - - &POST; - /agents/agent_id/l3-routers - Schedules the router to that the specified L3 - agent. - - - &DELETE; - /agents/agent_id/l3-routers/router_id - Removes the router from that the specified L3 - agent. - - - -
- List routers hosted by an L3 agent - - - - - - - Verb - URI - Description - - - - - &GET; - /agents/agent_id/l3-routers - Lists routers that the specified L3 agent - hosts. - - - - Normal response Code: - 200 - - Error response Codes: Unauthorized - (401), Forbidden - (403) - This operation does not require a request - body. - This operation returns a response body. - - List routers hosted by L3 agent: JSON - request - GET /v2.0/agents/fa24e88e-3d2f-4fc2-b038-5fb5be294c03/l3-routers.json HTTP/1.1 -Host: localhost:9696 -User-Agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: 6eeea6e73b68415f85d8368902a32c11 - - - - - List routers hosted by L3 agent: JSON - response - - -
- -
- List L3 agents hosted by router - - - - - - - Verb - URI - Description - - - - - &GET; - /routers/router_id/l3-agents - Lists L3 agents that hosts a specified - router. - - - - Normal response Code: - 200 - - Error response Codes: Unauthorized - (401), Forbidden - (403) - This operation does not require a request - body. - This operation returns a response body. - - List L3 agents hosted by router: JSON - request - GET /v2.0/routers/8eef2388-f27d-4a17-986e-9319a77ccd9d/l3-agents.json HTTP/1.1 -Host: localhost:9696 -User-Agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: bce63afb1e794c70972a19a7c2d6dcab - - - List L3 agents hosted by router: JSON - response - - -
- -
- Schedule router to L3 agent - - - - - - - Verb - URI - Description - - - - - &POST; - /agents/agent_id/l3-routers - Schedules one router to that the specified - L3 agent. - - - - Normal response Code: - 201 - - Error response Codes: Unauthorized - (401), Forbidden - (403), Conflict - (409) if the router is - already hosted, NotFound (404) - if the specified agent is not a valid L3 - agent. - This operation requires a request body. - This operation returns a null - body. - - Schedule router: JSON request - POST /v2.0/agents/fa24e88e-3d2f-4fc2-b038-5fb5be294c03/l3-routers.json HTTP/1.1 -Host: localhost:9696 -User-Agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: d88f7af21ee34f6c87e23e46cf3f986d -Content-Length: 54 - - - - - Schedule router: JSON response - - -
-
- Remove router from L3 agent - - - - - - - Verb - URI - Description - - - - - &DELETE; - /agents/agent_id/l3-routers/router_id - Removes the router from that the specified - L3 agent. - - - - Normal response Code: - 204 - - Error response Codes: Unauthorized - (401), Forbidden - (403), Conflict - (409) if the router is not - hosted by that the specified L3 agent. - This operation does not require a request - body. - This operation does not return a response - body. - - Remove router from L3 agent: JSON - request - DELETE /v2.0/agents/b7d7ba43-1a05-4b09-ba07-67242d4a98f4/l3-routers/8eef2388-f27d-4a17-986e-9319a77ccd9d.json HTTP/1.1 -Host: localhost:9696 -User-Agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: 2147ef6fe4444f0299b1c0b6b529ff47 - -
-
-
- Load balancer agent scheduler - (<literal>lbaas_agent_scheduler</literal>) - The LBaaS agent scheduler extension allows - administrators to retrieve mappings between load balancer - pools to LBaaS agents. In Havana, this extension does not - provide an ability to assign load balancer pool to - specific LBaaS agent. Pools are scheduled automatically - when created. This feature is implemented on top of Agent - Management extension. The load balancer agent scheduler - extension was introduced in Havana. - - - - - - - Verb - URI - Description - - - - - &GET; - /agents/agent_id/loadbalancer-pools - Lists pools that the specified LBaaS agent - hosts. - - - &GET; - /lb/pools/pool_id/loadbalancer-agent - Shows an LBaaS agent that hosts a specified - pool. - - - -
- List pools hosted by an LBaaS agent - - - - - - - Verb - URI - Description - - - - - &GET; - /agents/agent_id/loadbalancer-pools - Lists pools that the specified LBaaS agent - hosts. - - - - Normal response Code: - 200 - - Error response Codes: Unauthorized - (401), Forbidden - (403) - This operation does not require a request - body. - This operation returns a response body. - - List pools hosted by LBaaS agent: JSON - request - GET /v2.0/agents/6ee1df7f-bae4-4ee9-910a-d33b000773b0/loadbalancer-pools.json HTTP/1.1 -Host: localhost:9696 -User-Agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: 6eeea6e73b68415f85d8368902a32c11 - - - List pools hosted by LBaaS agent: JSON - response - - -
-
- Show LBaaS agent that hosts pool - - - - - - - Verb - URI - Description - - - - - &GET; - /lb/pools/pool_id/loadbalancer-agent - Shows an LBaaS agent that hosts a - specified pool. - - - - Normal response Code: - 200 - - Error response Codes: Unauthorized - (401), Forbidden - (403) - This operation does not require a request - body. - This operation returns a response body. - - Show LBaaS agent that hosts pool: JSON - request - GET /v2.0/lb/pools/28296abb-e675-4288-9cd0-6c112c720db0/loadbalancer-agent.json HTTP/1.1 -Host: localhost:9696 -User-Agent: python-neutronclient -Content-Type: application/json -Accept: application/json -X-Auth-Token: bce63afb1e794c70972a19a7c2d6dcab - - - Show LBaaS agent that hosts pool: JSON - response - - -
-
-
diff --git a/v2.0/section_neutron-ext-allowed-address-pairs.xml b/v2.0/section_neutron-ext-allowed-address-pairs.xml deleted file mode 100644 index 88eedf0..0000000 --- a/v2.0/section_neutron-ext-allowed-address-pairs.xml +++ /dev/null @@ -1,169 +0,0 @@ - - -GET'> -PUT'> -POST'> -DELETE'> -]> -
- Allowed address pairs - The allowed address pair extension extends the port - attribute to enable you to specify arbitrary - mac_address/ip_address(cidr) pairs that are allowed to pass - through a port regardless of the subnet associated with the - network. -
- List ports - - - - - - - - Verb - URI - Description - - - - - &GET; - /ports - Lists ports with their allowed address - pair attributes. - - - - - Normal Response Code: 200 OK - Error Response Codes: 401 Unauthorized - This operation returns, for each port, its allowed - address pair attributes as well as all the attributes - normally returned by the list port operation. - - List ports with allowed address pair attributes: - JSON response - - - - List ports with allowed address pair attributes: - XML response - - -
-
- Show port details - - - - - - - - Verb - URI - Description - - - - - &GET; - /ports/port_id - Shows details about a specified port, - including allowed address pair - attributes. - - - - - Normal Response Code: 200 OK - Error Response Code: 401 Unauthorized, 404 Not - Found - - Show port with allowed address pair attributes: - JSON response - - - - Show port with allowed address pair attributes: XML - response - - -
-
- Create port - - - - - - - - Verb - URI - Description - - - - - &POST; - /ports - Creates a port and explicitly specifies - the allowed address pair attributes. - - - - - Normal Response Code: 201 - Error Response Code: 400 Bad Request, 401 Unauthorized, - 403 Forbidden - Bad request is returned if an allowed address pair - matches the mac_address and ip_address on port. - Note: If the mac_address field is left out of the body - of the request the mac_address assigned to the port will - be used. - - Create port with allowed address pair attributes: - JSON request - - -
-
- Update port - - - - - - - - Verb - URI - Description - - - - - &PUT; - /ports/port_id - Updates a port, with new allowed address - pair values. - - - - - Normal Response Code: 200 OK - Error Response Code: 400 Bad Request, 401 Unauthorized, - 404 Not Found, 403 Forbidden - - Update allowed address pair attributes for a port: - JSON request - - -
-
diff --git a/v2.0/section_neutron-ext-binding-ports.xml b/v2.0/section_neutron-ext-binding-ports.xml deleted file mode 100644 index da6fae8..0000000 --- a/v2.0/section_neutron-ext-binding-ports.xml +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - -GET'> -PUT'> -POST'> -DELETE'> - -]> -
- Ports binding extended attributes (ports) - Use the &APIv2; with the binding - extended attributes to get information about, create, and - update port objects. - The binding-prefixed extended - attributes for ports are: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Ports binding extended attributes
AttributeTypeRequiredCRUD - - - C. Use the attribute in - create operations. - - - R. This attribute is - returned in response to show and - list operations. - - - U. You can update the - value of this attribute. - - - D. You can delete the - value of this attribute. - - - Default valueValidation constraintsNotes
binding:vnic_typeStringN/ACRUnormal(normal, direct, macvtap)The vnic type to be bound on the neutron - port. - In &POST; and &PUT; operations, specify a - value of normal (virtual - nic), direct (pci - passthrough), or macvtap - (virtual interface with a tap-like software - interface). These values support SR-IOV PCI - passthrough networking. The ML2 plug-in - supports the - vnic_type. - In &GET; operations, the - binding:vnic_type - extended attribute is visible to only port - owners and administrative users. -
binding:vif_typeStringN/ARNoneN/ARead-only. The vif type for the specified - port. - Visible to only administrative users. -
- binding:vif_detailslist(dict)N/ARNoneN/ARead-only. A dictionary that enables the - application to pass information about - functions that &APIv2; provides. Specify the - following value: port_filter : - Boolean to define whether &APIv2; - provides port filtering features such as - security group and anti-MAC/IP - spoofing. - Visible to only administrative - users.
binding:host_iduuid-strN/ACRUNoneN/AThe ID of the host where the port is - allocated. In some cases, different - implementations can run on different - hosts. - Visible to only administrative users. -
binding:profilelist(dict)N/ACRUNoneN/AA dictionary that enables the application to - pass information about functions that the - Networking API provides. To enable or disable - port filtering features such as security group - and anti-MAC/IP spoofing, specify - port_filter: True or - port_filter: False. - Visible to only administrative users. -
- -
diff --git a/v2.0/section_neutron-ext-external-gateways-modes.xml b/v2.0/section_neutron-ext-external-gateways-modes.xml deleted file mode 100644 index 323ab4e..0000000 --- a/v2.0/section_neutron-ext-external-gateways-modes.xml +++ /dev/null @@ -1,222 +0,0 @@ - - -GET'> -PUT'> -POST'> -DELETE'> -]> -
- Configurable external gateway modes - By default, when a gateway is attached to a router using the - Neutron L3 extension, Network Address Translation (NAT) is - enabled for traffic generated by subnets attached to the - router. With this extension, the user will have the option of - choosing whether SNAT should be enabled or not on a router - basis. - This is achieved simply by specifying a boolean attribute, - enable_snat, in the - external_gateway_info attribute of the - router resource. - This extension redefines the external_gateway_info - attribute: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
external_gateway_info attributes
AttributeTypeRequiredDefault ValueValidation ConstraintsNotes
network_idUUIDYesN/AMust be a valid uuid representative of an external - network. -
enable_snatBooleanNoTrue{True|False}The default setting is True to - ensure backward compatibility for plugins - supporting this extension.
- SNAT can be enabled or disabled at any time on a Neutron - router regardless of the current status of floating IPs. - Floating IPs will continue working even when SNAT is - disabled. -
- List routers - - - - - - - - Verb - URI - Description - - - - - &GET; - /routers - Lists neutron routers. - - - - - Success and error response codes are not changed with - regards to the operation as introduced by the L3 API - extension. - When this extension is enabled, this operation also - returns the current Source NAT status for configured - routers, as follows. - The response for the show router - operation is the same, with the obvious exception that a - single router is returned. - - Router list with configurable external gateway - modes enabled - - -
-
- Create router with external gateway - - - - - - - - Verb - URI - Description - - - - - &POST; - /routers - Create a new Neutron router - - - - - Success and error response codes are not changed with - regards to the operation as introduced by the L3 API - extension. - Neutron API users can specify whether SNAT should be - performed on the network specified as the router's - external gateway by setting enable_snat - in external_gateway_info to either - True or False; - the default value is True. - - Create router with SNAT disabled - - -
-
- Update external gateway information for router - - - - - - - - Verb - URI - Description - - - - - &PUT; - /routers/router_id - Creates a neutron router. - - - - - Success and error response codes are not changed with - regards to the operation as introduced by the L3 API - extension. - Neutron API users can enable or disable SNAT on a router - specifying the enable_snat attribute in - the external_gateway_info attribute for - the router resource. This operation can be either used for - updating the SNAT status only, the external network, or - both attributes at the same time. In any case, if the - enable_snat attribute is not - specified, it will default to True. For - instance, if the current SNAT status is disabled, and the - router's gateway is updated to a different external - network without specifying enable_snat, - SNAT will be enabled for the new network. - It is important to note that whenever updating a - router's external gateway information, the - network_idparameter must be - specified always, even if the final goal is just to enable - or disable SNAT for the router on the same external - network. - The rest of this section provides some samples for - updating a router's external gateway info with SNAT - mode. - - - Disable SNAT for the current external - network - - - - - - - Change external network and enable SNAT - - - - - - - Change external network and external-gateway SNAT - disabled - - - - - - -
-
diff --git a/v2.0/section_neutron-ext-external-networks.xml b/v2.0/section_neutron-ext-external-networks.xml deleted file mode 100644 index 0f84b43..0000000 --- a/v2.0/section_neutron-ext-external-networks.xml +++ /dev/null @@ -1,217 +0,0 @@ - - -GET'> -PUT'> -POST'> -DELETE'> - -]> -
- External networks (<literal>external-net</literal>) - The external network extension is used to specify whether - the network is external or not. This information is used by - Layer-3 network (router) extension. - External networks are connected to a router's external gateway - and host floating IPs. - The external network extension adds the router:external attribute to the - network resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Network Attributes
AttributeTypeRequiredCRUD - - - C. Use the attribute in - create operations. - - - R. This attribute is - returned in response to show and - list operations. - - - U. You can update the - value of this attribute. - - - D. You can delete the - value of this attribute. - - - Default ValueValidation ConstraintsNotes
router:externalBoolNoCRUFalse{ True | False }Specifies whether the network is an external - network or not.
-
- List networks - - - - - - - Verb - URI - Description - - - - - &GET; - /networks - Returns a list of networks with their - router:external attributes. - - - - Response codes are same as the normal operation of - listing networks. router:external attribute is visible to - all users by default policy setting. - Regular users are not authorized to create ports on - external networks, however they will be able to see this - attribute in their network list. This is because external - networks can be used by any tenant to set an external - gateway for Neutron routers or create floating IPs and - associate them with ports on internal tenant - networks. - - List networks with router:external attribute: JSON - response - - -
-
- Show network details - - - - - - - Verb - URI - Description - - - - - &GET; - /networks/network_id - Returns details about a specific network, - including external networks attributes. - - - - Response codes are same as the normal operation of - listing networks. router:external attribute is visible to - all users including non-admin by default policy - setting. - - Show network with external attributes: JSON - response - - -
-
- Create network - - - - - - - Verb - URI - Description - - - - - &POST; - /networks - Creates a new network using the external - network extension attribute. - - - - If the user submitting the request is not allowed to set - this attribute, a 403 Forbidden response will be returned. - Usage of this attribute might be restricted through - authorization policies. By the default policy only admin - users can set this attribute. - - Create network with external attributes: JSON - request - - -
-
- Update network - - - - - - - Verb - URI - Description - - - - - &PUT; - /networks/network_id - Updates a network, including the external - network extension attribute. - - - - If the user submitting the request is not allowed to set - this attribute, a 403 Forbidden response will be returned. - Usage of this attribute might be restricted through - authorization policies. By the default policy only admin - users can set this attribute. - - Update external attributes for a network: JSON - request - - -
-
diff --git a/v2.0/section_neutron-ext-extra-dhcp-options.xml b/v2.0/section_neutron-ext-extra-dhcp-options.xml deleted file mode 100755 index c8c6c7f..0000000 --- a/v2.0/section_neutron-ext-extra-dhcp-options.xml +++ /dev/null @@ -1,215 +0,0 @@ - - -GET'> -PUT'> -POST'> -DELETE'> -]> -
- Extra DHCP options - (<literal>extra-dhcp-opt</literal>) - The DHCP options extension allows adding DHCP options that - are associated to a Neutron port. They are tagged such that - they can be associated from the hosts file to designate a - specific network interface and port. The DHCP tag scheme used - to associate options to the host files is the port_id (UUID - - in the form of 8-4-4-4-12 for a total of 36 - characters), these associate options to a Neutron port and its - network. The Dynamic Host Configuration Protocol (DHCP) - provides a framework for passing configuration information to - hosts on a TCP/IP network. Configuration parameters and other - information are carried in tagged data items that are stored - in the 'options' field of the DHCP message. - You can specify a DHCP options when defining or updating a - port by specifying the extra_dhcp_opts tag and providing its - options as name value pairs, such as, - opt_name='bootfile-name', opt_value='pxelinux.0'. -
- Concepts - The extra-dhcp-opt extension is an - attribute extension which adds the following set of - attributes to the port - resource: - - - - extra-dhcp-opt:opt_name - Specified - the DHCP option that this is defined as mapped to - this port resource. Examples are - bootfile-name, - server-ip-address, - tftp-server, etc.. - - - - extra-dhcp-opt:opt_value - - Identifies the value associated with the opt_name. - These are handled in opt_name, opt_value pairs - only. value_opt can be any text string depending - upon the name. - - - The actual semantics of - extra-dhcp-opt attributes depend on - the name of the dhcp option being used that defines the - vendor extension to DHCP. For example reference RFC: - http://tools.ietf.org/html/rfc2132, contains specific - detail on BOOTP Vendor Extensions. -
-
- List ports - - - - - - - Verb - URI - Description - - - - - &GET; - /ports - Lists ports with attributes. - - - - Normal response Code: 200 OK - Error response Codes: 401 Unauthorized - This operation returns all the ports defined in Neutron - that to which this user has access. - - List ports with extra_dhcp_opts: JSON - response - - -
-
- Show port details - - - - - - - Verb - URI - Description - - - - - &GET; - /ports/port_id - Shows details about a specified port, - including extra-dhcp-opt - attributes. - - - - Normal response Code: 200 OK - Error response Code: 401 Unauthorized, 404 Not - Found - This operation returns, for the port specified in the - request URI, its port attributes, including the - extra_dhcp_opts attributes. - - Show port details with extra-dhcp-opt attributes: - JSON response - - -
-
- Create port - - - - - - - - Verb - URI - Description - - - - - &POST; - /ports - Creates a port and explicitly specifies - attributes with the - extra-dhcp-opt - extension attributes. - - - - - Normal response Code: 200 OK - Error response Code: 401 Unauthorized. - This operation returns, for the port specified in the - request URI, its port attributes, including the - extra_dhcp_opts attributes. - - Create port with extra-dhcp-opt attributes: JSON - request - - - - Create port with extra-dhcp-opt attributes: JSON - response - - -
-
- Update port - - - - - - - Verb - URI - Description - - - - - &PUT; - /ports/port_id - Updates attributes for a port, including - extra_dhcp_opts extension attributes. - - - - - Normal response Code: 200 OK - Error response Code: 401 Unauthorized. - This operation allow for the updating of attributes for - the port specified in the request URI, its port - attributes, including the extra_dhcp_opts - attributes. - - Update port with extra-dhcp-opt attributes: JSON - request - - - - Update port with extra-dhcp-opt attributes: JSON - response - - -
-
diff --git a/v2.0/section_neutron-ext-extra-routes.xml b/v2.0/section_neutron-ext-extra-routes.xml deleted file mode 100644 index 897329c..0000000 --- a/v2.0/section_neutron-ext-extra-routes.xml +++ /dev/null @@ -1,137 +0,0 @@ - - -GET'> -PUT'> -POST'> -DELETE'> -]> -
- Extra routes - This extension adds extra routes to the - router resource. - You can specify a set of nexthop IPs and destination - CIDRs. - - The nexthop IP must be a part of one of the subnets to - which the router interfaces are connected. You can - configure the routes attribute on only - update operations. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Router attributes
AttributeTypeRequiredCRUD - - - C. Use the attribute in - create operations. - - - R. This attribute is - returned in response to show and - list operations. - - - U. You can update the - value of this attribute. - - - D. You can delete the - value of this attribute. - - - Default ValueValidation ConstraintsNotes
routeslist of dictNoUNoneList should be in this form. - [{'nexthop':IPAddress, 'destination':CIDR}]Extra route configuration
-
- Update extra route - - - - - - - - Verb - URI - Description - - - - - &PUT; - /routers/router_id - Updates logical router with - routes - attribute. - - - - - Normal Response Code: 200 - - Error Response Codes: Unauthorized - (401), Bad Request - (400), Not Found - (404), Conflict - (409) - This operation configures extra routes on the router. - The nexthop IP must be a part of one of the subnets to - which the router interfaces are connected. Otherwise, the - server responds with 400 Bad Request - error code. When a validation error is detected, such as a - format error of IP address or CIDR, the server responds - with 400 Bad Request. When Networking - receives a request to delete the router interface for - subnets that are used by one or more routes, it responds - with 409 Conflict. - - Update routes: JSON request - - - - Update routes: JSON response - - -
- -
diff --git a/v2.0/section_neutron-ext-fwaas.xml b/v2.0/section_neutron-ext-fwaas.xml deleted file mode 100644 index 7878eb4..0000000 --- a/v2.0/section_neutron-ext-fwaas.xml +++ /dev/null @@ -1,1296 +0,0 @@ - - -GET'> -PUT'> -POST'> -DELETE'> -]> -
- Firewall as a Service (FWaaS) - The FWaaS extension provides OpenStack users with the - ability to deploy firewalls to protect their networks. The - FWaaS extension enables you to: - - - Apply firewall rules on traffic entering and leaving - tenant networks. - - - Support for applying tcp, udp, icmp, or protocol - agnostic rules. - - - Creation and sharing of firewall policies which hold - an ordered collection of the firewall rules. - - - Audit firewall rules and policies. - - - This extension introduces these resources: - - - firewall: - represents a logical firewall resource that a tenant - can instantiate and manage. A firewall is associated - with one firewall_policy. - - - firewall_policy: is - an ordered collection of firewall_rules. A - firewall_policy can be shared across tenants. Thus it - can also be made part of an audit workflow wherein the - firewall_policy can be audited by the relevant entity - that is authorized (and can be different from the - tenants which create or use the - firewall_policy). - - - firewall_rule: - represents a collection of attributes like ports, ip - addresses which define match criteria and action - (allow, or deny) that needs to be taken on the matched - data traffic. - - -
- Firewall rules - Manage firewall rules. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Firewall rule attributes
AttributeTypeRequiredCRUD - - - C. Use the attribute in - create operations. - - - R. This attribute is - returned in response to show and - list operations. - - - U. You can update the - value of this attribute. - - - D. You can delete the - value of this attribute. - - - - Default valueValidation constraintsNotes
iduuid-strN/ARgeneratedN/AUnique identifier for the firewall rule - object.
tenant_iduuid-strYesCRDerived from Authentication tokenN/AOwner of the firewall rule. Only admin users - can specify a tenant identifier other than - their own.
nameStringNoCRUNoneN/AHuman readable name for the firewall rule (255 - characters limit). Does not have to be - unique.
descriptionStringNoCRUNoneN/AHuman readable description for the firewall - Rule (1024 characters limit).
firewall_policy_iduuid-strNoRNoneN/AThis is a read-only attribute which gets - populated with the uuid of the firewall policy - when this firewall rule is associated with a - firewall policy. A firewall rule can be - associated with one firewall policy at a time. - The association can however be updated to a - different firewall policy. This attribute can - be "null" if the rule is not associated with - any firewall policy.
sharedBoolNoCRUfalse{true | false}When set to True makes this firewall rule - visible to tenants other than its owner, and - can be used in firewall policies not owned by - its tenant.
protocolStringNoCRUNone{icmp | tcp | udp | null}IP Protocol
ip_versionIntegerNoCRU4{4 | 6}IP Protocol Version
source_ip_addressString (IP address or CIDR)NoCRUNonevalid IP address (v4 or v6), or CIDRSource IP address or CIDR
destination_ip_addressString (IP address or CIDR)NoCRUNoneValid IP address (v4 or v6), or CIDRDestination IP address or CIDR
source_portIntegerNoCRUNoneValid port number (integer or string), or port - range in the format of a ':' separated range). - In the case of port range, both ends of the - range are included.Source port number or a range
destination_portIntegerNoCRUNoneValid port number (integer or string), or port - range in the format of a ':' separated range. - In the case of port range, both ends of the - range are included.Destination port number or a range
positionIntegerNoRNoneN/AThis is a read-only attribute that gets - assigned to this rule when the rule is - associated with a firewall policy. It - indicates the position of this rule in that - firewall policy. This position number starts - at 1. The position can be "null" if the - firewall rule is not associated with any - policy.
actionStringNoCRUdeny{allow | deny}Action to be performed on the traffic matching - the rule (allow, deny)
enabledBoolNoCRUtrue{true | false}When set to False will disable this rule in - the firewall policy. Facilitates selectively - turning off rules without having to - disassociate the rule from the firewall - policy
-
- List firewall rules - - - - - - - Verb - URI - Description - - - - - &GET; - /fw/firewall_rules - Lists firewall rules. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401). - This operation does not require a request - body. - This operation returns a response body. - - List firewall rules: JSON request - GET /v2.0/fw/firewall_rules.json -User-Agent: python-neutronclient -Accept: application/json - - - List firewall rules: JSON response - - -
-
- Show firewall rule details - - - - - - - Verb - URI - Description - - - - - &GET; - /fw/firewall_rules/firewall_rule-id - Shows firewall rule details. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401), Forbidden - (403), Not Found - (404) - This operation does not require a request - body. - This operation returns a response body. - - Show firewall rule: JSON request - GET /v2.0/fw/firewall_rules/9faaf49f-dd89-4e39-a8c6-101839aa49bc.json -User-Agent: python-neutronclient -Accept: application/json - - - Show firewall rule: JSON response - - -
-
- Create firewall rule - - - - - - - Verb - URI - Description - - - - - &POST; - /fw/firewall_rules - Creates a firewall rule. - - - - Normal Response Code: 201 - - Error Response Codes: Unauthorized - (401), Bad Request - (400) - This operation requires a request body. - This operation returns a response body. - - Create firewall rule: JSON request - POST /v2.0/fw/firewall_rules.json -User-Agent: python-neutronclient -Accept: application/json - - - - Create firewall rule: JSON response - HTTP/1.1 201 Created -Content-Type: application/json; charset=UTF-8 - - -
-
- Update firewall rule - - - - - - - Verb - URI - Description - - - - - &PUT; - /fw/firewall_rules/firewall_rule-id - Updates a firewall rule. - - - - Normal Response Code: - 200 - Error Response Codes: Unauthorized - (401), Bad Request - (400), Not Found - (404) - - Update firewall rule: JSON request - PUT /v2.0/fw/firewall_rules/41bfef97-af4e-4f6b-a5d3-4678859d2485.json -User-Agent: python-neutronclient -Accept: application/json - - - - Update firewall rule: JSON response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- Delete firewall rule - - - - - - - Verb - URI - Description - - - - - &DELETE; - /fw/firewall_rules/firewall_rule-id - Deletes a firewall rule. - - - - Normal Response Code: 204 - - Error Response Codes: Unauthorized - (401), Not Found - (404), Conflict - (409). The Conflict error - response is returned when an operation is performed - while the firewall is in a PENDING state. - This operation does not require a request - body. - This operation does not return a response - body. - - Delete firewall rule: JSON request - DELETE /v2.0/fw/firewall_rules/1be5e5f7-c45e-49ba-85da-156575b60d50.json -User-Agent: python-neutronclient -Accept: application/json - - - Delete firewall rule: JSON response - HTTP/1.1 204 No Content -Content-Length: 0 - -
- -
- - - - -
- Firewall policies - Manage firewall policies. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Firewall policy attributes
AttributeTypeRequiredCRUD - - - C. Use the attribute in - create operations. - - - R. This attribute is - returned in response to show and - list operations. - - - U. You can update the - value of this attribute. - - - D. You can delete the - value of this attribute. - - - - Default valueValidation constraintsNotes
iduuid-strN/ARgeneratedN/AUnique identifier for the firewall policy - object.
tenant_iduuid-strYesCRDerived from Authentication tokenN/AOwner of the firewall policy. Only admin users - can specify a tenant identifier other than - their own.
nameStringNoCRUNoneN/AHuman readable name for the firewall policy - (255 characters limit). Does not have to be - unique.
descriptionStringNoCRUNoneN/AHuman readable description for the firewall - policy (1024 characters limit)
sharedBoolNoCRUfalse{true | false}When set to True makes this firewall policy - visible to tenants other than its owner.
firewall_rulesListNoCRUEmpty listJSON list of firewall rule uuidsThis is an ordered list of firewall rule - uuids. The firewall applies the rules in the - order in which they appear in this list.
auditedBoolNoCRUfalse{true | false}When set to True by the policy owner indicates - that the firewall policy has been audited. - This attribute is meant to aid in the firewall - policy audit workflows. Each time the firewall - policy or the associated firewall rules are - changed, this attribute will be set to False - and will have to be explicitly set to True - through an update operation.
- -
- List firewall policies - - - - - - - Verb - URI - Description - - - - - &GET; - /fw/firewall_policies - Lists firewall policies. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401), Forbidden - (403) - This operation does not require a request - body. - This operation returns a response body. - - List firewall policies: JSON request - GET /v2.0/fw/firewall_policies.json -User-Agent: python-neutronclient -Accept: application/json - - - List firewall policies: JSON response - - -
-
- Show firewall policy details - - - - - - - Verb - URI - Description - - - - - &GET; - /fw/firewall_policies/firewall_policy-id - Shows firewall policy details. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401), Not Found - (404) - This operation does not require a request - body. - This operation returns a response body. - - Show firewall policy: JSON request - - GET /v2.0/fw/firewall_policies/9faaf49f-dd89-4e39-a8c6-101839aa49bc.json -User-Agent: python-neutronclient -Accept: application/json - - - Show firewall policy: JSON response - - -
-
- Create firewall policy - - - - - - - Verb - URI - Description - - - - - &POST; - /fw/firewall_policies - Creates a firewall policy. - - - - Normal Response Code: 201 - - Error Response Codes: Unauthorized - (401). - This operation requires a request body. - This operation returns a response body. - - Create firewall policy: JSON request - POST /v2.0/fw/firewall_policies.json -User-Agent: python-neutronclient -Accept: application/json - - - - Create firewall policy: JSON response - HTTP/1.1 201 Created -Content-Type: application/json; charset=UTF-8 - - -
-
- Update firewall policy - - - - - - - Verb - URI - Description - - - - - &PUT; - /fw/firewall_policies/firewall_policy-id - Updates a firewall policy. - - - - Normal Response Code: - 200 - Error Response Codes: Unauthorized - (401), Not Found - (404) - - Update firewall policy: JSON request - PUT /v2.0/fw/firewall_policies/41bfef97-af4e-4f6b-a5d3-4678859d2485.json -User-Agent: python-neutronclient -Accept: application/json - - - - Update firewall policy: JSON response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- Delete firewall policy - - - - - - - Verb - URI - Description - - - - - &DELETE; - /fw/firewall_policies/firewall_policy-id - Deletes a firewall policy. - - - - Normal Response Code: 204 - - Error Response Codes: Unauthorized - (401), Not Found - (404), Conflict - (409 ). Conflict error code - is returned the firewall policy is in use. - This operation does not require a request - body. - This operation does not return a response - body. - - Delete firewall policy: JSON request - DELETE /v2.0/fw/firewall_policies/1be5e5f7-c45e-49ba-85da-156575b60d50.json -User-Agent: python-neutronclient -Accept: application/json - - - Delete firewall policy: JSON response - HTTP/1.1 204 No Content -Content-Length: 0 - -
-
- Insert firewall rule in firewall policy - - - - - - - Verb - URI - Description - - - - - &PUT; - /fw/firewall_policies/firewall_policy-id/insert_rule - Inserts a firewall rule in a firewall - policy relative to the position of other - rules. - - - - Normal Response Code: - 200 - Error Response Codes: Unauthorized - (401), Bad Request - (400), Not Found - (404). Bad Request error is - returned in the case the rule information is - missing. - - Insert firewall rule in firewall policy: JSON - request - PUT /v2.0/fw/firewall_policies/41bfef97-af4e-4f6b-a5d3-4678859d2485/insert_rule.json -User-Agent: python-neutronclient -Accept: application/json - - - - Insert firewall rule in firewall policy: - Response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - - insert_before and insert_after parameters refer to - firewall rule uuids already associated with the - firewall policy. firewall_rule_id refers to uuid of - the rule being inserted. insert_before takes - precedence over insert_after and if neither is - specified, firewall_rule_is inserted at the first - position. -
-
- Remove firewall rule from firewall policy - - - - - - - Verb - URI - Description - - - - - &PUT; - /fw/firewall_policies/firewall_policy-id/remove_rule - Removes a firewall rule from a firewall - policy. - - - - Normal Response Code: - 200 - Error Response Codes: Unauthorized - (401), Bad Request - (400), Not Found - (404). Bad Request error is - returned if the rule information is missing or when a - firewall rule is tried to be removed from a firewall - policy to which it is not associated. - - Remove firewall rule from firewall policy: JSON - request - PUT /v2.0/fw/firewall_policies/41bfef97-af4e-4f6b-a5d3-4678859d2485/remove_rule.json -User-Agent: python-neutronclient -Accept: application/json - - - - Remove firewall rule from firewall policy: JSON - response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- -
- Firewalls - Manage firewalls. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Firewall attributes
AttributeTypeRequiredCRUD - - - C. Use the attribute in - create operations. - - - R. This attribute is - returned in response to show and - list operations. - - - U. You can update the - value of this attribute. - - - D. You can delete the - value of this attribute. - - - - Default valueValidation constraintsNotes
iduuid-strN/ARgeneratedN/AUnique identifier for the firewall - object.
tenant_iduuid-strYesCRDerived from Authentication tokenN/AOwner of the firewall. Only admin users can - specify a tenant identifier other than their - own.
nameStringNoCRUNoneN/AHuman readable name for the firewall (255 - characters limit). Does not have to be - unique.
descriptionStringNoCRUNoneN/AHuman readable description for the firewall - (1024 characters limit)
admin_state_upBoolN/ACRUtrue{true | false }Administrative state of the firewall. If false - (down), firewall does not forward packets and - will drop all traffic to/from VMs behind the - firewall.
statusStringN/ARN/AN/AIndicates whether firewall resource is - currently operational. Possible values - include: ACTIVE, DOWN, BUILD, ERROR, - PENDING_CREATE, PENDING_UPDATE, or - PENDING_DELETE.
sharedBoolNoCRUfalse{true | false}When set to True makes this firewall rule - visible to tenants other than its owner, and - can be used in firewall policies not owned by - its tenant.
firewall_policy_iduuid-strNoCRUNonevalid firewall policy uuidThe firewall policy uuid that this firewall is - associated with. This firewall will implement - the rules contained in the firewall policy - represented by this uuid.
-
- List firewalls - - - - - - - Verb - URI - Description - - - - - &GET; - /fw/firewalls - Lists firewalls. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401) - This operation does not require a request - body. - This operation returns a response body. - - List firewalls: JSON request - GET /v2.0/fw/firewalls.json -User-Agent: python-neutronclient -Accept: application/json - - - List firewalls: JSON response - - -
-
- Show firewall details - - - - - - - Verb - URI - Description - - - - - &GET; - /fw/firewalls/firewall-id - Shows firewall details. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401), Forbidden - (403), Not Found - (404) - This operation does not require a request - body. - This operation returns a response body. - - Show firewall: JSON request - - GET /v2.0/fw/firewalls/9faaf49f-dd89-4e39-a8c6-101839aa49bc.json -User-Agent: python-neutronclient -Accept: application/json - - - Show firewall: JSON response - - -
-
- Create firewall - - - - - - - Verb - URI - Description - - - - - &POST; - /fw/firewalls - Creates a firewall. - - - - Normal Response Code: 201 - - Error Response Codes: Unauthorized - (401), Bad Request - (400) - This operation requires a request body. - This operation returns a response body. - - Create firewall: JSON request - POST /v2.0/fw/firewalls.json -User-Agent: python-neutronclient -Accept: application/json - - - - Create firewall: JSON response - HTTP/1.1 201 Created -Content-Type: application/json; charset=UTF-8 - - -
-
- Update firewall - - - - - - - Verb - URI - Description - - - - - &PUT; - /fw/firewalls/firewall-id - Updates a firewall, provided status is not - PENDING_*. - - - - Normal Response Code: - 200 - Error Response Codes: Unauthorized - (401), Bad Request - (400), Not Found - (404) - - Update firewall: JSON request - PUT /v2.0/fw/firewalls/41bfef97-af4e-4f6b-a5d3-4678859d2485.json -User-Agent: python-neutronclient -Accept: application/json - - - - Update firewall: JSON response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- Delete firewall - - - - - - - Verb - URI - Description - - - - - &DELETE; - /fw/firewalls/firewall-id - Deletes a firewall. - - - - Normal Response Code: 204 - - Error Response Codes: Unauthorized - (401), Not Found - (404) - This operation does not require a request - body. - This operation does not return a response - body. - - Delete firewall: JSON request - DELETE /v2.0/fw/firewalls/1be5e5f7-c45e-49ba-85da-156575b60d50.json -User-Agent: python-neutronclient -Accept: application/json - - - Delete firewall: JSON response - HTTP/1.1 204 No Content -Content-Length: 0 - -
-
-
diff --git a/v2.0/section_neutron-ext-layer3.xml b/v2.0/section_neutron-ext-layer3.xml deleted file mode 100644 index b5d036c..0000000 --- a/v2.0/section_neutron-ext-layer3.xml +++ /dev/null @@ -1,262 +0,0 @@ - -
- Layer-3 networking (<literal>router</literal>) - The Layer-3 networking extension enables OpenStack - Networking API users to route packets between subnets, forward - packets from internal networks to external ones, and access - instances from external networks through floating IPs. - The OpenStack Networking layer-3 extension defines these - resources: - - - router. A logical - entity that forwards packets across internal subnets - and NATs them on external networks through an - appropriate external gateway. - A router has an interface for each subnet with which - it is associated. By default, the IP address of such - interface is the subnet's gateway IP. Also, whenever a - router is associated with a subnet, a port for that - router interface is added to the subnet's - network. - - - floatingip. - Represents an external IP address that is mapped to an - OpenStack Networking port and, optionally, a specific - IP address on a private OpenStack Networking network. - A floating IP enables access to an instance on a - private network from an external network. Floating IPs - can only be defined on networks where the router:external attribute - (by the external network extension) is set to - True. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Router attributes
AttributeTypeRequiredCRUD - - - - C. Use the attribute in - create operations. - - - R. This attribute is - returned in response to show and - list operations. - - - U. You can update the - value of this attribute. - - - D. You can delete the - value of this attribute. - - - - Default valueValidation constraintsNotes
iduuid-strN/ARgeneratedN/AUnique identifier for the router.
nameStringNoCRUNoneN/AHuman readable name for the router. Does not have - to be unique.
admin_state_upBoolNoCRUtrue{true | false }Administrative state of the router.
statusStringN/ARN/AN/AIndicates whether or not a router is currently - operational.
tenant_iduuid-strNoCRDerived from Authentication tokenN/AOwner of the router. Only admin users can specify - a tenant identifier other than its own.
external_gateway_infodictNoCRUNoneNo constraintInformation on external gateway for the - router.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Floating IP attributes
AttributeTypeRequiredCRUDDefault valueValidation constraintsNotes
iduuid-strN/ARgeneratedN/AUnique identifier for the floating IP - instance.
floating_network_iduuid-strYesCRN/AUUID PatternUUID of the external network where the floating IP - is to be created.
port_iduuid-strYesCRUN/AUUID PatternUUID of the port on an internal OpenStack - Networking network that is associated with the - floating IP.
fixed_ip_addressIP AddressNoCRUNoneIP address or nullSpecific IP address on port_id - which should be associated with the floating - IP.
floating_ip_addressIP AddressN/ARAutomatically allocated from poolN/AAddress of the floating IP on the external - network.
tenant_iduuid-strNoCRDerived from Authentication tokenN/AOwner of the floating IP. Only admin users can - specify a tenant identifier other than its - own.
- - - - - - - - - - - - - - - - - - - - - - - - -
diff --git a/v2.0/section_neutron-ext-lbaas.xml b/v2.0/section_neutron-ext-lbaas.xml deleted file mode 100644 index 7cc0f7d..0000000 --- a/v2.0/section_neutron-ext-lbaas.xml +++ /dev/null @@ -1,275 +0,0 @@ - -GET'> -PUT'> -POST'> -DELETE'> -]> -
- Load-Balancer-as-a-Service (LBaaS) - The LBaaS extension enables OpenStack tenants to load-balance their VM traffic. - The extension enables you to: - - - Load-balance client traffic from one network to application services, such as VMs, - on the same or a different network. - - - Load-balance several protocols, such as TCP and HTTP. - - - Monitor the health of application services. - - - Support session persistence. - - -
- Concepts - This extension introduces these concepts: - - - Load balancers - - The primary load-balancing configuration object. Specifies the virtual IP - address where client traffic is received. - - - - Pools - - A logical set of devices, such as web servers, that you group together to - receive and process traffic. - The load-balancing algorithm chooses which member of the pool handles new - requests or connections that are received on a listener. Each listener has - one default pool. - - - - Listener - - Represents a single listening port. Defines the protocol and can - optionally provide TLS termination. - - - - Members - - The application that runs on the back-end server. - - - - Health monitors - - Determines whether or not back-end members of the pool can process a - request. A pool can have one health monitor associated with it. - The LBaaS extension supports these types of health monitors: - - - PING. Uses ICMP to ping the - members. - - - TCP. Uses TCP to connect to the - members. - - - HTTP. Sends an HTTP request to - the member. - - - HTTPS. Sends a secure HTTP - request to the member. - - - - - - Session persistence - - Forces connections or requests in the same session to be processed by the - same member as long as it is active. - The LBaaS extension supports these types of persistence: - - - SOURCE_IP. All connections that - originate from the same source IP address are handled by the same - member of the pool. - - - HTTP_COOKIE. The load-balancing - function creates a cookie on the first request from a client. - Subsequent requests that contain the same cookie value are handled - by the same member of the pool. - - - APP_COOKIE. The load-balancing - function relies on a cookie established by the back-end application. - All requests with the same cookie value are handled by the same - member of the pool. - - - Absence of session_persistence attribute means no session - persistence mechanism is used. - When no session persistence is used, the session_persistence - attribute does not appear in the API response and instead returns - null. - You can clear session persistence by sending null in - session_persistence attribute in a listener update - request. - - - -
-
- Use the LBaaS extension to configure load balancing - You must complete these high-level tasks: - - To use the LBaaS extension to configure load balancing - - Create a pool, which is initially empty. - - - Create one or more members in the pool. - - - Create a health monitor. - - - Associate the health monitor with the pool. - - - Create a load balancer object. - - - Create a listener. - - - Associate the listener with the load balancer. - - - Associate the pool with the listener. - - - Optional. If you use HTTPS termination, complete these tasks: - - - Add the TLS certificate, key, and optional chain to Barbican. - - - Associate the Barbican container with the listener. - - - - - Optional. If you use layer-7 HTTP switching, complete these tasks: - - - Create any additional pools, members, and health monitors that are - used as non-default pools. - - - Create a layer-7 policy that associates the listener with the - non-default pool. - - - Create rules for the layer-7 policy that describe the logic that - selects the non-default pool for servicing some requests. - - - - -
-
- Load balancers - Use the LBaas extension to create and manage load balancers. - - - - - - - - - - - -
- -
- Listeners - Use the LBaas extension to create and manage load-balancer listeners. - - - - - - - - - - - -
- -
- Pools - Use the LBaas extension to create and manage load-balancer pools. - - - - - - - - - - - -
- -
- Members - Use the LBaas extension to create and manage load-balancer pool members. - - - - - - - - - - - -
- -
- Health monitors - Use the LBaas extension to create and manage load-balancer health monitors. - - - - - - - - - - - -
-
diff --git a/v2.0/section_neutron-ext-metering.xml b/v2.0/section_neutron-ext-metering.xml deleted file mode 100644 index 8e40dfb..0000000 --- a/v2.0/section_neutron-ext-metering.xml +++ /dev/null @@ -1,36 +0,0 @@ - -
- Metering labels and rules - Create, modify, and delete OpenStack Layer3 metering - labels and rules. - - - - - - - - - - - - - - - - - - -
diff --git a/v2.0/section_neutron-ext-provider-networks-multi.xml b/v2.0/section_neutron-ext-provider-networks-multi.xml deleted file mode 100644 index 1cfcfae..0000000 --- a/v2.0/section_neutron-ext-provider-networks-multi.xml +++ /dev/null @@ -1,20 +0,0 @@ - -
- Multiple provider networks - Set and retrieve the multiple provider networks extension - attributes for network objects. - - - - - - - - - -
diff --git a/v2.0/section_neutron-ext-provider-networks.xml b/v2.0/section_neutron-ext-provider-networks.xml deleted file mode 100644 index 962aed1..0000000 --- a/v2.0/section_neutron-ext-provider-networks.xml +++ /dev/null @@ -1,91 +0,0 @@ - - - -GET'> -PUT'> -POST'> -DELETE'> - -]> -
- Provider networks (<literal>provider</literal>) - The provider extended attributes for - networks enable administrative users to specify how network - objects map to the underlying networking infrastructure. These - extended attributes also appear when administrative users - query networks. - To this aim, it extends the network resource by defining a set of - attributes prefixed with provider. - These attributes are added to the network resource: - - - - provider:network_type - Specifies the - nature of the physical network mapped to this network - resource. Examples are flat, - vlan, or - gre. - - - - provider:physical_network - Identifies - the physical network on top of which this network - object is being implemented. The OpenStack Networking - API does not expose any facility for retrieving the - list of available physical networks. As an example, in - the Open vSwitch plug-in this is a symbolic name which - is then mapped to specific bridges on each compute - host through the Open vSwitch plug-in configuration - file. - - - - provider:segmentation_id - Identifies - an isolated segment on the physical network; the - nature of the segment depends on the segmentation - model defined by network_type. For - instance, if network_type is - vlan, then this is a - vlan identifier; otherwise, if - network_type is - gre, then this will be a - gre key. - - - The actual semantics of these attributes depend on the - technology back end of the particular plug-in. See the plug-in - documentation and the OpenStack Cloud Administrator - Guide to understand which values should be - specific for each of these attributes when OpenStack - Networking is deployed with a particular plug-in. The examples - shown in this chapter refer to the Open vSwitch - plug-in. - The default policy settings enable only users with - administrative rights to specify these parameters in requests - and to see their values in responses. By default, the provider - network extension attributes are completely hidden from - regular tenants. As a rule of thumb, if these attributes are - not visible in a GET - /networks/<network-id> operation, this - implies the user submitting the request is not authorized to - view or manipulate provider network attributes. - - - - - - - - - - - -
diff --git a/v2.0/section_neutron-ext-quotas.xml b/v2.0/section_neutron-ext-quotas.xml deleted file mode 100644 index 89d21bd..0000000 --- a/v2.0/section_neutron-ext-quotas.xml +++ /dev/null @@ -1,30 +0,0 @@ - -
- Quotas - Use the neutron.conf configuration file - to define and apply default quota values to all tenants. This - extension enables an administrative user to define quotas - values on a per-tenant basis. For example, an administrative - user can permit tenant A to create at most - n networks and tenant B to - create at most n networks. - - - - - - - - - - -
diff --git a/v2.0/section_neutron-ext-security-groups-rules.xml b/v2.0/section_neutron-ext-security-groups-rules.xml deleted file mode 100644 index 46e0cd6..0000000 --- a/v2.0/section_neutron-ext-security-groups-rules.xml +++ /dev/null @@ -1,34 +0,0 @@ - -
- Security groups and rules (security-groups) - - - - - - - - - - - - - - - - - - -
diff --git a/v2.0/section_neutron-ext-show-info.xml b/v2.0/section_neutron-ext-show-info.xml deleted file mode 100644 index 789a9cd..0000000 --- a/v2.0/section_neutron-ext-show-info.xml +++ /dev/null @@ -1,24 +0,0 @@ - -
- Get extension information - List available extensions and show details for a specified - extension. - - - - - - - - -
diff --git a/v2.0/section_neutron-ext-vpnaas.xml b/v2.0/section_neutron-ext-vpnaas.xml deleted file mode 100644 index 275fd08..0000000 --- a/v2.0/section_neutron-ext-vpnaas.xml +++ /dev/null @@ -1,1680 +0,0 @@ - - -GET'> -PUT'> -POST'> -DELETE'> -]> -
- Virtual Private Network as a Service (VPNaaS) - The VPNaaS extension provides OpenStack tenants with the - ability to extend private networks across the public - telecommunication infrastructure. The capabilities provided by - this initial implementation of the VPNaaS extension - are: - - - Site-to-site Virtual Private Network connecting two - private networks. - - - Multiple VPN connections per tenant. - - - Supporting IKEv1 policy with 3des, aes-128, aes-256, - or aes-192 encryption. - - - Supporting IPSec policy with 3des, aes-128, aes-256, - or aes-192 encryption, sha1 authentication, ESP, AH, - or AH-ESP transform protocol, and tunnel or transport - mode encapsulation. - - - Dead Peer Detection (DPD) allowing hold, clear, - restart, disabled, or restart-by-peer actions. - - - This extension introduces new resources: - - - service, a high - level object that associates VPN with a specific - subnet and router. - - - ikepolicy, the - Internet Key Exchange policy identifying the - authentication and encryption algorithm used during - phase one and phase two negotiation of a VPN - connection. - - - ipsecpolicy, the IP - security policy specifying the authentication and - encryption algorithm, and encapsulation mode used for - the established VPN connection. - - - ipsec-site-connection, has details for - the site-to-site IPsec connection, including the peer - CIDRs, MTU, authentication mode, peer address, DPD - settings, and status. - - - - This extension is experimental for the Havana release. The - API may change without backward compatibility. - -
- Concepts - A VPN service relates - the Virtual Private Network with a specific subnet and - router for a tenant. - An IKE Policy is used - for phase one and phase two negotiation of the VPN - connection. Configuration selects the authentication and - encryption algorithm used to establish a - connection. - An IPsec Policy is used - to specify the encryption algorithm, transform protocol, - and mode (tunnel/transport) for the VPN connection. - A VPN connection - represents the IPsec tunnel established between two sites - for the tenant. This contains configuration settings - specifying the policies used, peer information, MTU, and - the DPD actions to take. -
-
- High-level flow - The high-level task flow for using VPNaaS API to - configure a site-to-site Virtual Private Network is as - follows: - - - The tenant creates a VPN service specifying the - router and subnet. - - - The tenant creates an IKE Policy. - - - The tenant creates an IPsec Policy. - - - The tenant creates a VPN connection, specifying - the VPN service, peer information, and IKE and - IPsec policies. - - -
-
- VPN services - Manage a tenant's VPN service through this - extension. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
VPN Service Attributes
AttributeTypeRequiredCRUD - - - C. Use the attribute in - create operations. - - - R. This attribute is - returned in response to show and - list operations. - - - U. You can update the - value of this attribute. - - - D. You can delete the - value of this attribute. - - - - Default valueValidation constraintsNotes
iduuid-strN/ARgeneratedN/AUnique identifier for the VPN Service - object.
tenant_iduuid-strYesCRDerived from Authentication tokenvalid tenant_idOwner of the VPN service. Only admin users can - specify a tenant identifier other than their - own.
nameStringNoCRUNoneN/AHuman readable name for the VPN service. Does - not have to be unique.
descriptionStringNoCRUNoneN/AHuman readable description for the VPN - service.
statusStringN/ARN/AN/AIndicates whether IPsec VPN service is - currently operational. Possible values - include: ACTIVE, DOWN, BUILD, ERROR, - PENDING_CREATE, PENDING_UPDATE, or - PENDING_DELETE.
admin_state_upBoolN/ACRUtrue{true | false }Administrative state of the vpnservice. If - false (down), port does not forward - packets.
subnet_iduuid-strYesCRN/Avalid subnet IDThe subnet on which the tenant wants the VPN - service. This may be extended in the future to - support multiple subnets.
router_iduuid-strYesCRN/Avalid router IDRouter ID to which the VPN service is - inserted. This may change in the future, when - router level insertion is available.
- - - -
- List VPN services - - - - - - - Verb - URI - Description - - - - - &GET; - /vpn/vpnservices - Lists VPN services. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401), Forbidden - (403) - This operation does not require a request - body. - This operation returns a response body. - - List VPN Services: Request - GET /v2.0/vpn/vpnservices.json -User-Agent: python-neutronclient -Accept: application/json - - - List VPN Services: Response - - -
-
- Show VPN service details - - - - - - - Verb - URI - Description - - - - - &GET; - /vpn/vpnservices/service-id - Shows details about a specified VPN - service. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401), Forbidden - (403), Not Found - (404) - This operation does not require a request - body. - This operation returns a response body. - - Show VPN Service: Request - - GET /v2.0/vpn/vpnservices/9faaf49f-dd89-4e39-a8c6-101839aa49bc.json -User-Agent: python-neutronclient -Accept: application/json - - - Show VPN Service: Response - - -
-
- Create VPN service - - - - - - - Verb - URI - Description - - - - - &POST; - /vpn/vpnservices - Creates a VPN service. - - - - Normal Response Code: 201 - - Error Response Codes: Unauthorized - (401), Bad Request - (400) - This operation requires a request body. - This operation returns a response body. - - Create VPN Service: Request - POST /v2.0/vpn/vpnservices.json -User-Agent: python-neutronclient -Accept: application/json - - - - Create VPN: Response - HTTP/1.1 201 Created -Content-Type: application/json; charset=UTF-8 - - -
-
- Update VPN service - - - - - - - Verb - URI - Description - - - - - &PUT; - /vpn/vpnservices/service-id - Updates a VPN service, provided status is - not indicating a PENDING_* state. - - - - Normal Response Code: - 200 - Error Response Codes: Unauthorized - (401), Bad Request - (400), Not Found - (404) - - Update VPN Service: Request - PUT /v2.0/vpn/vpnservices/41bfef97-af4e-4f6b-a5d3-4678859d2485.json -User-Agent: python-neutronclient -Accept: application/json - - - - Update VPN Service: Response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- Delete VPN service - - - - - - - Verb - URI - Description - - - - - &DELETE; - /vpn/vpnservices/service-id - Deletes a VPN service. - - - - Normal Response Code: 204 - - Error Response Codes: Unauthorized - (401), Not Found - (404), Conflict - (409) - This operation does not require a request - body. - This operation does not return a response - body. - - Delete VPN Service: Request - DELETE /v2.0/vpn/vpnservices/1be5e5f7-c45e-49ba-85da-156575b60d50.json -User-Agent: python-neutronclient -Accept: application/json - - - Delete VPN Service: Response - HTTP/1.1 204 No Content -Content-Length: 0 - -
- -
- -
- IKE policies - Manage IKE policies through the VPN as a Service - extension. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IKE Policy Attributes
AttributeTypeRequiredCRUD - - - C. Use the attribute in - create operations. - - - R. This attribute is - returned in response to show and - list operations. - - - U. You can update the - value of this attribute. - - - D. You can delete the - value of this attribute. - - - - Default valueValidation constraintsNotes
iduuid-strN/ARgeneratedN/AUnique identifier for the IKE policy.
tenant_iduuid-strYesCRNonevalid tenant_idUnique identifier for owner of the VPN - service.
namestringyesCRUNoneN/AFriendly name for the IKE policy.
descriptionstringnoCRUNoneN/ADescription of the IKE policy.
auth_algorithmstringnoCRUsha1N/AAuthentication Hash algorithms: sha1.
encryption_algorithmstringnoCRUaes-128N/AEncryption Algorithms: 3des, aes-128, aes-256, - aes-192, etc.
phase1_negotiation_modestringnoCRUMain ModeN/AIKE mode: Main Mode.
pfsstringnoCRUGroup5N/APerfect Forward Secrecy: Group2, Group5, or - Group14.
ike_versionstringnoCRUv1N/AVersion: v1 or v2.
lifetimedictnoCRUunits: seconds, value: 3600.Dictionary should be in this form: {'units': - 'seconds', 'value': 2000}. Value is a positive - integer.Lifetime of the SA. Units in 'seconds'. Either - units or value may be omitted.
- - - -
- List IKE policies - - - - - - - Verb - URI - Description - - - - - &GET; - /vpn/ikepolicies - Lists IKE policies. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401), Forbidden - (403) - This operation does not require a request - body. - This operation returns a response body. - - List IKE Policies: Request - - GET /v2.0/vpn/ikepolicies.json -User-Agent: python-neutronclient -Accept: application/json - - - List IKE Policies: Response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- Show IKE policy details - - - - - - - Verb - URI - Description - - - - - &GET; - /vpn/ikepolicies/ikepolicy-id - Shows details for a specified IKE - policy. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401), Forbidden - (403), Not Found - (404) - This operation does not require a request - body. - This operation returns a response body. - - Show IKE Policy: Request - - GET /v2.0/vpn/ikepolicies/5522aff7-1b3c-48dd-9c3c-b50f016b73db.json -User-Agent: python-neutronclient -Accept: application/json - - - Show IKE Policy: Response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- Create IKE policy - - - - - - - Verb - URI - Description - - - - - &POST; - /vpn/ikepolicies - Creates an IKE policy. - - - - Normal Response Code: 201 - - Error Response Codes: Unauthorized - (401), Bad Request - (400) - This operation requires a request body. - This operation returns a response body. - - Create IKE Policy: Request - POST /v2.0/vpn/ikepolicies.json -User-Agent: python-neutronclient -Accept: application/json - - - - Create IKE Policy: Response - HTTP/1.1 201 Created -Content-Type: application/json; charset=UTF-8 - - -
-
- Update IKE policy - - - - - - - Verb - URI - Description - - - - - &PUT; - /vpn/ikepolicies/ikepolicy-id - Updates an IKE policy. - - - - Normal Response Code: - 200 - Error Response Codes: Unauthorized - (401), Bad Request - (400), Not Found - (404) - - Update IKE Policy: Request - PUT /v2.0/vpn/ikepolicies/5522aff7-1b3c-48dd-9c3c-b50f016b73db.json -User-Agent: python-neutronclient -Accept: application/json - - - - Update IKE Policy: Response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- Delete IKE policy - - - - - - - Verb - URI - Description - - - - - &DELETE; - /vpn/ikepolicies/ikepolicy-id - Deletes an IKE policy. - - - - Normal Response Code: 204 - - Error Response Codes: Unauthorized - (401), Not Found - (404), Conflict - (409) - This operation does not require a request - body. - This operation does not return a response - body. - - Delete IKE Policy: Request - DELETE /v2.0/vpn/ikepolicies/5522aff7-1b3c-48dd-9c3c-b50f016b73db.json -User-Agent: python-neutronclient -Accept: application/json - - - Delete IKE Policy: Response - HTTP/1.1 204 No Content -Content-Length: 0 - -
- -
- -
- IPSec policies - Manage IPSec policies through the VPN as a Service - extension. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IPSec Policy Attributes
AttributeTypeRequiredCRUD - - - C. Use the attribute in - create operations. - - - R. This attribute is - returned in response to show and - list operations. - - - U. You can update the - value of this attribute. - - - D. You can delete the - value of this attribute. - - - - Default valueValidation constraintsNotes
iduuid-strN/ARgeneratedN/AUnique identifier for the IPsec policy.
tenant_iduuid-strYesCRNonevalid tenant_idUnique identifier for owner of the VPN - service.
namestringyesCRUNoneN/AFriendly name for the IPsec policy.
descriptionstringnoCRUNoneN/ADescription of the IPSec policy.
transform_protocolstringnoCRUESPN/ATransform protocol used: ESP, AH, or - AH-ESP.
encapsulation_modestringnoCRUtunnelN/AEncapsulation mode: tunnel or transport.
auth_algorithmstringnoCRUsha1N/AAuthentication algorithm: sha1.
encryption_algorithmstringnoCRUaes-128N/AEncryption Algorithms: 3des, aes-128, aes-256, - or aes-192.
pfsstringnoCRUgroup5N/APerfect Forward Secrecy: group2, group5, or - group14.
lifetimedictnoCRUunits: seconds, value: 3600.Dictionary should be in this form: {'units': - 'seconds', 'value': 2000}. Value is a positive - integer.Lifetime of the SA. Units in 'seconds'. Either - units or value may be omitted.
- - - -
- List IPSec policies - - - - - - - Verb - URI - Description - - - - - &GET; - /vpn/ipsecpolicies - Lists IPSec policies. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401), Forbidden - (403) - This operation does not require a request - body. - This operation returns a response body. - - List IPSec Policies: Request - - GET /v2.0/vpn/ipsecpolicies.json -User-Agent: python-neutronclient -Accept: application/json - - - List IPSec Policies: Response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- Show IPSec policy details - - - - - - - Verb - URI - Description - - - - - &GET; - /vpn/ipsecpolicies/ipsecpolicy-id - Shows details for a specified IPSec - policy. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401), Forbidden - (403), Not Found - (404) - This operation does not require a request - body. - This operation returns a response body. - - Show IPSec policy: Request - - GET /v2.0/vpn/ipsecpolicies/5291b189-fd84-46e5-84bd-78f40c05d69c.json -User-Agent: python-neutronclient -Accept: application/json - - - Show IPSec policy: Response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- Create IPSec Policy - - - - - - - Verb - URI - Description - - - - - &POST; - /vpn/ipsecpolicies - Creates an IPSec policy. - - - - Normal Response Code: 201 - - Error Response Codes: Unauthorized - (401), Bad Request - (400) - This operation requires a request body. - This operation returns a response body. - - Create IPSec policy: Request - POST /v2.0/vpn/ipsecpolicies.json -User-Agent: python-neutronclient -Accept: application/json - - - - Create IPSec policy: Response - HTTP/1.1 201 Created -Content-Type: application/json; charset=UTF-8 - - -
-
- Update IPSec Policy - - - - - - - Verb - URI - Description - - - - - &PUT; - /vpn/ipsecpolicies/ipsecpolicy-id - Updates an IPSec policy. - - - - Normal Response Code: - 200 - Error Response Codes: Unauthorized - (401), Bad Request - (400), Not Found - (404) - - Update IPSec policy: Request - PUT /v2.0/vpn/ipsecpolicies/5291b189-fd84-46e5-84bd-78f40c05d69c.json -User-Agent: python-neutronclient -Accept: application/json - - - - Update IPSec policy: Response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- Delete IPSec policy - - - - - - - Verb - URI - Description - - - - - &DELETE; - /vpn/ipsecpolicies/ipsecpolicy-id - Deletes an IPSec policy. - - - - Normal Response Code: 204 - - Error Response Codes: Unauthorized - (401), Not Found - (404), Conflict - (409) - This operation does not require a request - body. - This operation does not return a response - body. - - Delete IPSec policy: Request - DELETE /v2.0/vpn/ipsecpolicies/5291b189-fd84-46e5-84bd-78f40c05d69c.json -User-Agent: python-neutronclient -Accept: application/json - - - Delete IPSec policy: Response - HTTP/1.1 204 No Content -Content-Length: 0 - -
-
- -
- IPSec site connections - Manage IPSec site-to-site connections through the VPN as - a Service extension. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IPSec site connection attributes
AttributeTypeRequiredCRUD - - - C. Use the attribute in - create operations. - - - R. This attribute is - returned in response to show and - list operations. - - - U. You can update the - value of this attribute. - - - D. You can delete the - value of this attribute. - - - - Default ValueValidation ConstraintsNotes
iduuid-strN/ARgeneratedN/AUnique identifier for the IPSec site-to-site - connection.
tenant_iduuid-strYesCRNonevalid tenant_idUnique identifier for owner of the VPN - service.
namestringnoCRUNoneN/AName for IPSec site-to-site connection.
descriptionstringnoCRUNoneN/ADescription of the IPSec site-to-site - connection.
peer_addressstringyesCRUN/AN/APeer gateway public IPv4/IPv6 address or - FQDN.
peer_idstringyesCRUN/AN/APeer router identity for authentication. Can - be IPv4/IPv6 address, e-mail address, key id, - or FQDN.
peer_cidrslist[string]yesCRUN/Aunique list of valid cidr in the form - <net_address>/<prefix>Peer private CIDRs.
route_modestringnoRstaticstaticRoute mode: static. This will be extended in - the future.
mtuintegernoCRU1500Integer. Minimum is 68 for IPv4 and 1280 for - IPv6.Maximum Transmission Unit to address - fragmentation.
auth_modestringnoRpskpsk/certsAuthentication mode: PSK or certificate.
pskstringyesCRUN/ANOPre Shared Key: any string.
initiatorstringnoCRUbi-directionalbi-directional / response-onlyWhether this VPN can only respond to - connections or can initiate as well.
admin_state_upboolN/ACRUTRUEtrue / falseAdministrative state of VPN connection. If - false (down), VPN connection does not forward - packets.
statusstringN/ARN/AN/AIndicates whether VPN connection is currently - operational. Possible values include: ACTIVE, - DOWN, BUILD, ERROR, PENDING_CREATE, - PENDING_UPDATE, or PENDING_DELETE.
ikepolicy_iduuidyesCRN/AUnique identifier of IKE policyUnique identifier of IKE policy.
ipsecpolicy_iduuidyesCRN/AUnique identifier of IPSec policyUnique identifier of IPSec policy.
vpnservice_iduuidyesCRN/AUnique identifier of VPN serviceUnique identifier of VPN service.
dpddictnoCRUaction: hold, interval: 30, timeout: 120Dictionary should be in this form: {'action': - 'clear', 'interval': 20, 'timeout': 60}. - Interval is positive integer. Timeout is - greater than interval.Dead Peer Detection protocol controls. Action: - clear, hold, restart, disabled, or - restart-by-peer. Interval and timeout in - seconds.
- - - -
- List IPSec site connections - - - - - - - Verb - URI - Description - - - - - &GET; - /vpn/ipsec-site-connections - Lists the IPSec site-to-site - connections. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401), Forbidden - (403) - This operation does not require a request - body. - This operation returns a response body. - - List IPSec site connections: Request - - GET /v2.0/vpn/ipsec-site-connections.json -User-Agent: python-neutronclient -Accept: application/json - - - List IPSec site connections: Response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- Show IPSec site connection details - - - - - - - Verb - URI - Description - - - - - &GET; - /vpn/ipsec-site-connections/connection-id - Shows details about a specified IPSec - site-to-site connection. - - - - Normal Response Code: - 200 - - Error Response Codes: Unauthorized - (401), Forbidden - (403), Not Found - (404) - This operation does not require a request - body. - This operation returns a response body. - - Show IPSec site connection: Request - GET /v2.0/vpn/ipsec-site-connections/cbc152a0-7e93-4f98-9f04-b085a4bf2511.json -User-Agent: python-neutronclient -Accept: application/json - - - Show IPSec site connection: Response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- Create IPSec site connection - - - - - - - Verb - URI - Description - - - - - &POST; - /vpn/ipsec-site-connections - Creates an IPSec site connection. - - - - Normal Response Code: 201 - - Error Response Codes: Unauthorized - (401), Bad Request - (400) - This operation requires a request body. - This operation returns a response body. - - Create IPSec site connection: Request - POST /v2.0/vpn/ipsec-site-connections.json -User-Agent: python-neutronclient -Accept: application/json - - - - Create IPSec site connection: Response - HTTP/1.1 201 Created -Content-Type: application/json; charset=UTF-8 - - -
-
- Update IPSec site connection - - - - - - - Verb - URI - Description - - - - - &PUT; - /vpn/ipsec-site-connections/connection-id - Updates an IPSec site-to-site connection, - provided status is not indicating a - PENDING_* state. - - - - Normal Response Code: - 200 - Error Response Codes: Unauthorized - (401), Bad Request - (400), Not Found - (404) - - Update IPSec site connection: Request - PUT /v2.0/vpn/ipsec-site-connections/f7cf7305-f491-45f4-ad9c-8e7240fe3d72.json -User-Agent: python-neutronclient -Accept: application/json - - - - Update IPSec site connection: Response - HTTP/1.1 200 OK -Content-Type: application/json; charset=UTF-8 - - -
-
- Delete IPSec site connection - - - - - - - Verb - URI - Description - - - - - &DELETE; - /vpn/ipsec-site-connections/connection-id - Deletes an IPSec site-to-site - connection. - - - - Normal Response Code: 204 - - Error Response Codes: Unauthorized - (401), Not Found - (404), Conflict - (409) - This operation does not require a request - body. - This operation does not return a response - body. - - Delete IPSec site connection: Request - DELETE /v2.0/vpn/ipsec-site-connections/cbc152a0-7e93-4f98-9f04-b085a4bf2511.json -User-Agent: python-neutronclient -Accept: application/json - - - Delete IPSec site connection: Response - HTTP/1.1 204 No Content -Content-Length: 0 - -
-
-