def nsx_list_security_groups(resource, event, trigger, **kwargs): sections = firewall.list_sections() LOG.info(formatters.output_formatter(constants.FIREWALL_SECTIONS, sections, ['display_name', 'id'])) nsgroups = firewall.list_nsgroups() LOG.info(formatters.output_formatter(constants.FIREWALL_NSX_GROUPS, nsgroups, ['display_name', 'id'])) return bool(sections) or bool(nsgroups)
def nsx_list_security_groups(resource, event, trigger, **kwargs): sections = firewall.list_sections() LOG.info( formatters.output_formatter(constants.FIREWALL_SECTIONS, sections, ['display_name', 'id'])) nsgroups = firewall.list_nsgroups() LOG.info( formatters.output_formatter(constants.FIREWALL_NSX_GROUPS, nsgroups, ['display_name', 'id'])) return bool(sections) or bool(nsgroups)
def neutron_list_router_edge_bindings(resource, event, trigger, **kwargs): """List NSXv edges from Neutron DB""" edges = get_router_edge_bindings() LOG.info( formatters.output_formatter( constants.EDGES, edges, ['edge_id', 'router_id', 'availability_zone', 'status']))
def clean_orphaned_router_bindings(resource, event, trigger, **kwargs): """Delete nsx router bindings entries without real objects behind them""" orphaned_list = get_orphaned_router_bindings() if not len(orphaned_list): LOG.info("No orphaned Router bindings found.") return LOG.info("Before delete; Orphaned Bindings:") LOG.info( formatters.output_formatter( constants.ORPHANED_BINDINGS, orphaned_list, ['edge_id', 'router_id', 'availability_zone', 'status'])) if not kwargs.get('force'): if len(orphaned_list): user_confirm = admin_utils.query_yes_no( "Do you want to delete " "orphaned bindings", default="no") if not user_confirm: LOG.info("NSXv Router bindings deletion aborted by user") return edgeapi = utils.NeutronDbClient() for binding in orphaned_list: nsxv_db.delete_nsxv_router_binding(edgeapi.context.session, binding.router_id) LOG.info( "Deleted %s orphaned router bindings. You may need to check for " "orphaned edges now.", len(orphaned_list))
def clean_orphaned_router_bindings(resource, event, trigger, **kwargs): """Delete nsx router bindings entries without real objects behind them""" orphaned_list = get_orphaned_router_bindings() if not len(orphaned_list): LOG.info("No orphaned Router bindings found.") return LOG.info("Before delete; Orphaned Bindings:") LOG.info(formatters.output_formatter( constants.ORPHANED_BINDINGS, orphaned_list, ['edge_id', 'router_id', 'availability_zone', 'status'])) if not kwargs.get('force'): if len(orphaned_list): user_confirm = admin_utils.query_yes_no("Do you want to delete " "orphaned bindings", default="no") if not user_confirm: LOG.info("NSXv Router bindings deletion aborted by user") return edgeapi = utils.NeutronDbClient() for binding in orphaned_list: nsxv_db.delete_nsxv_router_binding( edgeapi.context.session, binding.router_id) LOG.info("Deleted %s orphaned router bindings. You may need to check for " "orphaned edges now.", len(orphaned_list))
def list_missing_networks(resource, event, trigger, **kwargs): """List the neutron networks which are missing the backend moref """ # get the neutron-nsx networks mapping from DB admin_context = context.get_admin_context() mappings = nsx_db.get_nsx_networks_mapping(admin_context.session) # get the list of backend networks: backend_networks = get_networks_name_map() missing_networks = [] # For each neutron network - check if there is a matching backend network for entry in mappings: nsx_id = entry['nsx_id'] dvs_id = entry['dvs_id'] if nsx_id not in backend_networks.keys(): missing_networks.append({ 'neutron_id': entry['neutron_id'], 'moref': nsx_id, 'dvs_id': dvs_id }) elif dvs_id: netname = backend_networks[nsx_id] if not netname.startswith(dvs_id): missing_networks.append({ 'neutron_id': entry['neutron_id'], 'moref': nsx_id, 'dvs_id': dvs_id }) LOG.info( formatters.output_formatter(constants.MISSING_NETWORKS, missing_networks, ['neutron_id', 'moref', 'dvs_id']))
def list_dhcp_bindings(resource, event, trigger, **kwargs): """List DHCP bindings in Neutron.""" comp_ports = [port for port in neutron_client.get_ports() if nsx_utils.is_port_dhcp_configurable(port)] LOG.info(formatters.output_formatter(constants.DHCP_BINDING, comp_ports, ['id', 'mac_address', 'fixed_ips']))
def list_missing_routers(resource, event, trigger, **kwargs): """List neutron routers that are missing the NSX backend router """ plugin = RoutersPlugin() admin_cxt = neutron_context.get_admin_context() neutron_routers = plugin.get_routers(admin_cxt) routers = [] for router in neutron_routers: neutron_id = router['id'] # get the router nsx id from the mapping table nsx_id = nsx_db.get_nsx_router_id(admin_cxt.session, neutron_id) if not nsx_id: routers.append({ 'name': router['name'], 'neutron_id': neutron_id, 'nsx_id': None }) else: try: nsxlib.logical_router.get(nsx_id) except nsx_exc.ResourceNotFound: routers.append({ 'name': router['name'], 'neutron_id': neutron_id, 'nsx_id': nsx_id }) if len(routers) > 0: title = ("Found %d routers missing from the NSX " "manager:") % len(routers) LOG.info( formatters.output_formatter(title, routers, ['name', 'neutron_id', 'nsx_id'])) else: LOG.info("All routers exist on the NSX manager")
def list_missing_networks(resource, event, trigger, **kwargs): """List the neutron networks which are missing the backend moref """ # get the neutron-nsx networks mapping from DB admin_context = context.get_admin_context() mappings = nsx_db.get_nsx_networks_mapping(admin_context.session) # get the list of backend networks: backend_networks = get_networks_name_map() missing_networks = [] # For each neutron network - check if there is a matching backend network for entry in mappings: nsx_id = entry['nsx_id'] dvs_id = entry['dvs_id'] if nsx_id not in backend_networks.keys(): missing_networks.append({'neutron_id': entry['neutron_id'], 'moref': nsx_id, 'dvs_id': dvs_id}) elif dvs_id: netname = backend_networks[nsx_id] if not netname.startswith(dvs_id): missing_networks.append({'neutron_id': entry['neutron_id'], 'moref': nsx_id, 'dvs_id': dvs_id}) LOG.info(formatters.output_formatter(constants.MISSING_NETWORKS, missing_networks, ['neutron_id', 'moref', 'dvs_id']))
def list_orphaned_router_bindings(resource, event, trigger, **kwargs): """List nsx router bindings entries without real objects behind them""" orphaned_list = get_orphaned_router_bindings() LOG.info( formatters.output_formatter( constants.ORPHANED_BINDINGS, orphaned_list, ['edge_id', 'router_id', 'availability_zone', 'status']))
def nsx_list_missing_spoofguard_policies(resource, event, trigger, **kwargs): """List missing spoofguard policies on NSXv. Spoofguard policies that have a binding in Neutron Db but there is no policy on NSXv backend to back it. """ props = kwargs.get('property') reverse = True if props and props[0] == 'reverse' else False if reverse: LOG.info( _LI("Spoofguard policies on NSXv but not present in " "Neutron Db")) else: LOG.info( _LI("Spoofguard policies in Neutron Db but not present " "on NSXv")) missing_policies = get_missing_spoofguard_policy_mappings(reverse) if not missing_policies: LOG.info( _LI("\nNo missing spoofguard policies found." "\nNeutron DB and NSXv backend are in sync\n")) else: LOG.info(missing_policies) missing_policies = [{'policy_id': pid} for pid in missing_policies] LOG.info( formatters.output_formatter(constants.SPOOFGUARD_POLICY, missing_policies, ['policy_id']))
def list_missing_networks(resource, event, trigger, **kwargs): """List neutron networks that are missing the NSX backend network """ plugin = db_base_plugin_v2.NeutronDbPluginV2() admin_cxt = neutron_context.get_admin_context() neutron_networks = plugin.get_networks(admin_cxt) networks = [] for net in neutron_networks: neutron_id = net['id'] # get the network nsx id from the mapping table nsx_id = get_network_nsx_id(admin_cxt, neutron_id) if not nsx_id: # skip external networks pass else: try: utils.get_connected_nsxlib().logical_switch.get(nsx_id) except nsx_exc.ResourceNotFound: networks.append({ 'name': net['name'], 'neutron_id': neutron_id, 'nsx_id': nsx_id }) if len(networks) > 0: title = _LI("Found %d internal networks missing from the NSX " "manager:") % len(networks) LOG.info( formatters.output_formatter(title, networks, ['name', 'neutron_id', 'nsx_id'])) else: LOG.info(_LI("All internal networks exist on the NSX manager"))
def nsx_list_backup_edges(resource, event, trigger, **kwargs): """List backup edges""" backup_edges = get_nsxv_backup_edges() LOG.info( formatters.output_formatter( constants.BACKUP_EDGES, backup_edges, ['id', 'name', 'size', 'type', 'availability_zone', 'db_status']))
def list_metadata_networks(resource, event, trigger, **kwargs): """List Metadata networks in Neutron.""" if not cfg.CONF.nsx_v3.native_metadata_route: meta_networks = [network for network in neutron_client.get_networks() if _is_metadata_network(network)] LOG.info(formatters.output_formatter(constants.METADATA_PROXY, meta_networks, ['id', 'name', 'subnets'])) else: nsxlib = utils.get_connected_nsxlib() tags = [{'scope': 'os-neutron-net-id'}] ports = nsxlib.search_by_tags(resource_type='LogicalPort', tags=tags) for port in ports['results']: if port['attachment']['attachment_type'] == 'METADATA_PROXY': net_id = None for tag in port['tags']: if tag['scope'] == 'os-neutron-net-id': net_id = tag['tag'] break uri = '/md-proxies/%s/%s/status' % (port['attachment']['id'], port['logical_switch_id']) status = nsxlib.client.get(uri) LOG.info("Status for MD proxy on neutron network %s (logical " "switch %s) is %s", net_id, port['logical_switch_id'], status.get('proxy_status', 'Unknown'))
def list_orphaned_routers(resource, event, trigger, **kwargs): nsxlib = utils.get_connected_nsxlib() admin_cxt = neutron_context.get_admin_context() missing_routers = v3_utils.get_orphaned_routers(admin_cxt, nsxlib) LOG.info( formatters.output_formatter(constants.ORPHANED_ROUTERS, missing_routers, ['id', 'display_name']))
def list_missing_networks(resource, event, trigger, **kwargs): """List neutron networks that are missing the NSX backend network """ nsxlib = utils.get_connected_nsxlib() plugin = db_base_plugin_v2.NeutronDbPluginV2() admin_cxt = neutron_context.get_admin_context() filters = utils.get_plugin_filters(admin_cxt) neutron_networks = plugin.get_networks(admin_cxt, filters=filters) networks = [] for net in neutron_networks: neutron_id = net['id'] # get the network nsx id from the mapping table nsx_id = get_network_nsx_id(admin_cxt, neutron_id) if not nsx_id: # skip external networks pass else: try: nsxlib.logical_switch.get(nsx_id) except nsx_exc.ResourceNotFound: networks.append({'name': net['name'], 'neutron_id': neutron_id, 'nsx_id': nsx_id}) if len(networks) > 0: title = ("Found %d internal networks missing from the NSX " "manager:") % len(networks) LOG.info(formatters.output_formatter( title, networks, ['name', 'neutron_id', 'nsx_id'])) else: LOG.info("All internal networks exist on the NSX manager")
def list_orphaned_networks(resource, event, trigger, **kwargs): nsxlib = utils.get_connected_nsxlib() admin_cxt = neutron_context.get_admin_context() missing_networks = v3_utils.get_orphaned_networks(admin_cxt, nsxlib) LOG.info(formatters.output_formatter(constants.ORPHANED_NETWORKS, missing_networks, ['id', 'display_name']))
def list_orphaned_networks(resource, event, trigger, **kwargs): """List the NSX networks which are missing the neutron DB """ admin_context = context.get_admin_context() missing_networks = [] # get the list of backend networks: backend_networks = get_networks() for net in backend_networks: moref = net['moref'] backend_name = net['name'] if backend_name.startswith('edge-') or net['type'] == 'Network': # This is not a neutron network continue # get the list of neutron networks with this moref neutron_networks = nsx_db.get_nsx_network_mapping_for_nsx_id( admin_context.session, moref) if not neutron_networks: # no network found for this moref missing_networks.append(net) elif moref.startswith(PORTGROUP_PREFIX): # This is a VLAN network. Also verify that the DVS Id matches for entry in neutron_networks: if (not entry['dvs_id'] or backend_name.startswith(entry['dvs_id'])): found = True # this moref & dvs-id does not appear in the DB if not found: missing_networks.append(net) LOG.info( formatters.output_formatter(constants.ORPHANED_NETWORKS, missing_networks, ['type', 'moref', 'name']))
def list_metadata_networks(resource, event, trigger, **kwargs): """List Metadata networks in Neutron.""" meta_networks = [network for network in neutron_client.get_networks() if _is_metadata_network(network)] LOG.info(formatters.output_formatter(constants.METADATA_PROXY, meta_networks, ['id', 'name', 'subnets']))
def list_orphaned_vnics(resource, event, trigger, **kwargs): """List router orphaned router vnics where the port was deleted""" orphaned_vnics = get_orphaned_vnics() if not orphaned_vnics: LOG.info("No orphaned router vnics found") return headers = ['edge_id', 'vnic_index', 'tunnel_index', 'network_id'] LOG.info(formatters.output_formatter(constants.ORPHANED_VNICS, orphaned_vnics, headers))
def nsx_list_edges(resource, event, trigger, **kwargs): """List edges from NSXv backend""" headers = ['id', 'name', 'type', 'size', 'ha'] edges = utils.get_nsxv_backend_edges() if (kwargs.get('verbose')): headers += ['syslog'] extend_edge_info(edges) LOG.info(formatters.output_formatter(constants.EDGES, edges, headers))
def list_dhcp_bindings(resource, event, trigger, **kwargs): """List DHCP bindings in Neutron.""" comp_ports = [ port for port in neutron_client.get_ports() if port['device_owner'].startswith(const.DEVICE_OWNER_COMPUTE_PREFIX) ] LOG.info( formatters.output_formatter(constants.DHCP_BINDING, comp_ports, ['id', 'mac_address', 'fixed_ips']))
def list_orphaned_vnics(resource, event, trigger, **kwargs): """List router orphaned router vnics where the port was deleted""" orphaned_vnics = get_orphaned_vnics() if not orphaned_vnics: LOG.info("No orphaned router vnics found") return headers = ['edge_id', 'vnic_index', 'tunnel_index', 'network_id'] LOG.info( formatters.output_formatter(constants.ORPHANED_VNICS, orphaned_vnics, headers))
def nsx_list_edges(resource, event, trigger, **kwargs): """List edges from NSXv backend""" headers = ['id', 'name', 'type', 'size', 'ha'] edges = utils.get_nsxv_backend_edges() if (kwargs.get('verbose')): headers += ['syslog'] extend_edge_info(edges) LOG.info(formatters.output_formatter(constants.EDGES, edges, headers))
def create_redis_rule(resource, event, trigger, **kwargs): usage = ("nsxadmin -r routing-redistribution-rule -o create " "--property gw-edge-ids=<GW_EDGE_ID>[,...] " "[--property prefix=<NAME:CIDR>] " "--property learn-from=ospf,bgp,connected,static " "--property action=<permit/deny>") required_params = ('gw-edge-ids', 'learn-from', 'action') properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', [])) if not properties or not set(required_params) <= set(properties.keys()): LOG.error(usage) return prefix = properties.get('prefix') if prefix: prefix_name, cidr = prefix.split(':') prefixes = [get_ip_prefix(prefix_name, cidr)] if cidr else [] else: prefix_name = None prefixes = [] learn_from = properties['learn-from'].split(',') rule = get_redistribution_rule(prefix_name, 'bgp' in learn_from, 'ospf' in learn_from, 'static' in learn_from, 'connected' in learn_from, properties['action']) edge_ids = properties['gw-edge-ids'].split(',') for edge_id in edge_ids: try: bgp_config = nsxv.get_routing_bgp_config(edge_id) if not bgp_config['bgp'].get('enabled'): LOG.error("BGP is not enabled on edge %s", edge_id) return if not bgp_config['bgp']['redistribution']['enabled']: LOG.error("BGP redistribution is not enabled on edge %s", edge_id) return nsxv.add_bgp_redistribution_rules(edge_id, prefixes, [rule]) except exceptions.ResourceNotFound: LOG.error("Edge %s was not found", edge_id) return res = [{ 'edge_id': edge_id, 'prefix': prefix_name if prefix_name else 'ANY', 'learner-protocol': 'bgp', 'learn-from': ', '.join(set(learn_from)), 'action': properties['action'] } for edge_id in edge_ids] headers = ['edge_id', 'prefix', 'learner-protocol', 'learn-from', 'action'] LOG.info( formatters.output_formatter('Routing redistribution rule', res, headers))
def nsx_list_name_mismatches(resource, event, trigger, **kwargs): edges = utils.get_nsxv_backend_edges() plugin_nsx_mismatch = [] backend_edge_ids = [] edgeapi = utils.NeutronDbClient() # Look for edges with the wrong names: for edge in edges: backend_edge_ids.append(edge['id']) rtr_binding = nsxv_db.get_nsxv_router_binding_by_edge( edgeapi.context.session, edge['id']) if (rtr_binding and edge['name'].startswith('backup-') and rtr_binding['router_id'] != edge['name']): plugin_nsx_mismatch.append({ 'edge_id': edge['id'], 'edge_name': edge['name'], 'router_id': rtr_binding['router_id'] }) LOG.info( formatters.output_formatter( constants.BACKUP_EDGES + ' with name mismatch:', plugin_nsx_mismatch, ['edge_id', 'edge_name', 'router_id'])) # Also look for missing edges like_filters = {'router_id': vcns_const.BACKUP_ROUTER_PREFIX + "%"} rtr_bindings = nsxv_db.get_nsxv_router_bindings(edgeapi.context.session, like_filters=like_filters) plugin_nsx_missing = [] for rtr_binding in rtr_bindings: if rtr_binding['edge_id'] not in backend_edge_ids: plugin_nsx_missing.append({ 'edge_id': rtr_binding['edge_id'], 'router_id': rtr_binding['router_id'], 'db_status': rtr_binding['status'] }) LOG.info( formatters.output_formatter( constants.BACKUP_EDGES + ' missing from backend:', plugin_nsx_missing, ['edge_id', 'router_id', 'db_status']))
def create_redis_rule(resource, event, trigger, **kwargs): usage = ("nsxadmin -r routing-redistribution-rule -o create " "--property gw-edge-ids=<GW_EDGE_ID>[,...] " "[--property prefix=<NAME:CIDR>] " "--property learn-from=ospf,bgp,connected,static " "--property action=<permit/deny>") required_params = ('gw-edge-ids', 'learn-from', 'action') properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', [])) if not properties or not set(required_params) <= set(properties.keys()): LOG.error(usage) return prefix = properties.get('prefix') if prefix: prefix_name, cidr = prefix.split(':') prefixes = [get_ip_prefix(prefix_name, cidr)] if cidr else [] else: prefix_name = None prefixes = [] learn_from = properties['learn-from'].split(',') rule = get_redistribution_rule(prefix_name, 'bgp' in learn_from, 'ospf' in learn_from, 'static' in learn_from, 'connected' in learn_from, properties['action']) edge_ids = properties['gw-edge-ids'].split(',') for edge_id in edge_ids: try: bgp_config = nsxv.get_routing_bgp_config(edge_id) if not bgp_config['bgp'].get('enabled'): LOG.error("BGP is not enabled on edge %s", edge_id) return if not bgp_config['bgp']['redistribution']['enabled']: LOG.error("BGP redistribution is not enabled on edge %s", edge_id) return nsxv.add_bgp_redistribution_rules(edge_id, prefixes, [rule]) except exceptions.ResourceNotFound: LOG.error("Edge %s was not found", edge_id) return res = [{'edge_id': edge_id, 'prefix': prefix_name if prefix_name else 'ANY', 'learner-protocol': 'bgp', 'learn-from': ', '.join(set(learn_from)), 'action': properties['action']} for edge_id in edge_ids] headers = ['edge_id', 'prefix', 'learner-protocol', 'learn-from', 'action'] LOG.info(formatters.output_formatter( 'Routing redistribution rule', res, headers))
def list_nsx_portgroups(resource, event, trigger, **kwargs): if not cfg.CONF.dvs.host_ip: LOG.info("Please configure the dvs section in the nsx configuration " "file") return dvs_id = cfg.CONF.nsxv.dvs_id port_groups = _get_nsx_portgroups(dvs_id) LOG.info(formatters.output_formatter( constants.NSX_PORTGROUPS + " for %s" % dvs_id, port_groups, ['moref', 'type']))
def nsx_list_lb_monitors(resource, event, trigger, **kwargs): if not nsxlib.feature_supported(consts.FEATURE_LOAD_BALANCER): LOG.error("This utility is not available for NSX version %s", nsxlib.get_version()) return lb_monitors = nsxlib.load_balancer.monitor.list() LOG.info( formatters.output_formatter(constants.LB_MONITORS, lb_monitors, ['display_name', 'id', 'resource_type'])) return bool(lb_monitors)
def list_nsx_portgroups(resource, event, trigger, **kwargs): if not cfg.CONF.dvs.host_ip: LOG.info("Please configure the dvs section in the nsx configuration " "file") return dvs_id = cfg.CONF.nsxv.dvs_id port_groups = _get_nsx_portgroups(dvs_id) LOG.info( formatters.output_formatter( constants.NSX_PORTGROUPS + " for %s" % dvs_id, port_groups, ['moref', 'type']))
def nsx_list_lb_pools(resource, event, trigger, **kwargs): nsxlib = utils.get_connected_nsxlib() if not nsxlib.feature_supported(consts.FEATURE_LOAD_BALANCER): LOG.error("This utility is not available for NSX version %s", nsxlib.get_version()) return lb_pools = nsxlib.load_balancer.pool.list() LOG.info(formatters.output_formatter( constants.LB_POOLS, [lb_pools['results']], ['display_name', 'id', 'active_monitor_ids', 'members'])) return bool(lb_pools)
def nsx_list_lb_services(resource, event, trigger, **kwargs): """List LB services on NSX backend""" if not nsxlib.feature_supported(consts.FEATURE_LOAD_BALANCER): LOG.error("This utility is not available for NSX version %s", nsxlib.get_version()) return lb_services = nsxlib.load_balancer.service.list() LOG.info( formatters.output_formatter( constants.LB_SERVICES, lb_services, ['display_name', 'id', 'virtual_server_ids', 'attachment'])) return bool(lb_services)
def nsx_list_lb_virtual_servers(resource, event, trigger, **kwargs): """List LB virtual servers on NSX backend""" nsxlib = utils.get_connected_nsxlib() if not nsxlib.feature_supported(consts.FEATURE_LOAD_BALANCER): LOG.error("This utility is not available for NSX version %s", nsxlib.get_version()) return lb_virtual_servers = nsxlib.load_balancer.virtual_server.list() LOG.info(formatters.output_formatter( constants.LB_VIRTUAL_SERVERS, [lb_virtual_servers['results']], ['display_name', 'id', 'ip_address', 'pool_id'])) return bool(lb_virtual_servers)
def _md_member_status(title, edge_ids): for edge_id in edge_ids: lb_stats = nsxv.get_loadbalancer_statistics( edge_id) pools_stats = lb_stats[1].get('pool', []) members = [] for pool_stats in pools_stats: if pool_stats['name'] == md_proxy.METADATA_POOL_NAME: for member in pool_stats.get('member', []): members.append({'member_ip': member['ipAddress'], 'member_status': member['status']}) LOG.info(formatters.output_formatter( title % edge_id, members, ['member_ip', 'member_status']))
def list_bgp_edges(resource, event, trigger, **kwargs): bgp_edges = [] edges = v_utils.get_nsxv_backend_edges() for edge in edges: bgp_config = nsxv.get_routing_bgp_config(edge['id']) if bgp_config['bgp']['enabled']: bgp_edges.append({'name': edge['name'], 'edge_id': edge['id'], 'local_as': bgp_config['bgp']['localAS']}) if not bgp_edges: LOG.info("No BGP GW edges found") return headers = ['name', 'edge_id', 'local_as'] LOG.info(formatters.output_formatter(constants.EDGES, bgp_edges, headers))
def list_orphaned_routers(resource, event, trigger, **kwargs): nsx_routers = nsxlib.logical_router.list()['results'] missing_routers = [] for nsx_router in nsx_routers: # check if it exists in the neutron DB if not neutron_client.lrouter_id_to_router_id(nsx_router['id']): # Skip non-neutron routers, by tags for tag in nsx_router.get('tags', []): if tag.get('scope') == 'os-neutron-router-id': missing_routers.append(nsx_router) break LOG.info( formatters.output_formatter(constants.ORPHANED_ROUTERS, missing_routers, ['id', 'display_name']))
def list_bgp_edges(resource, event, trigger, **kwargs): bgp_edges = [] edges = v_utils.get_nsxv_backend_edges() for edge in edges: bgp_config = nsxv.get_routing_bgp_config(edge['id']) if bgp_config['bgp']['enabled']: bgp_edges.append({ 'name': edge['name'], 'edge_id': edge['id'], 'local_as': bgp_config['bgp']['localAS'] }) if not bgp_edges: LOG.info("No BGP GW edges found") return headers = ['name', 'edge_id', 'local_as'] LOG.info(formatters.output_formatter(constants.EDGES, bgp_edges, headers))
def list_orphaned_networks(resource, event, trigger, **kwargs): nsx_switches = nsxlib.logical_switch.list()['results'] missing_networks = [] for nsx_switch in nsx_switches: # check if it exists in the neutron DB if not neutron_client.lswitch_id_to_net_id(nsx_switch['id']): # Skip non-neutron networks, by tags neutron_net = False for tag in nsx_switch.get('tags', []): if tag.get('scope') == 'os-neutron-net-id': neutron_net = True break if neutron_net: missing_networks.append(nsx_switch) LOG.info(formatters.output_formatter(constants.ORPHANED_NETWORKS, missing_networks, ['id', 'display_name']))
def list_missing_ports(resource, event, trigger, **kwargs): """List neutron ports that are missing the NSX backend port And ports with wrong switch profiles or bindings """ admin_cxt = neutron_context.get_admin_context() filters = v3_utils.get_plugin_filters(admin_cxt) nsxlib = v3_utils.get_connected_nsxlib() with v3_utils.NsxV3PluginWrapper() as plugin: problems = plugin_utils.get_mismatch_logical_ports( admin_cxt, nsxlib, plugin, filters) if len(problems) > 0: title = ("Found internal ports misconfiguration on the " "NSX manager:") LOG.info(formatters.output_formatter( title, problems, ['neutron_id', 'nsx_id', 'error'])) else: LOG.info("All internal ports verified on the NSX manager")
def nsx_list_orphaned_dhcp_servers(resource, event, trigger, **kwargs): """List logical DHCP servers without associated DHCP-enabled subnet.""" nsxlib = utils.get_connected_nsxlib() nsx_version = nsxlib.get_version() if not nsx_utils.is_nsx_version_1_1_0(nsx_version): LOG.error("This utility is not available for NSX version %s", nsx_version) return dhcp_profile_uuid = _get_dhcp_profile_uuid(**kwargs) if not dhcp_profile_uuid: LOG.error("dhcp_profile_uuid is not defined") return orphaned_servers = _get_orphaned_dhcp_servers(dhcp_profile_uuid) LOG.info(formatters.output_formatter(constants.ORPHANED_DHCP_SERVERS, orphaned_servers, ['id', 'neutron_net_id']))
def list_missing_ports(resource, event, trigger, **kwargs): """List neutron ports that are missing the NSX backend port And ports with wrong switch profiles or bindings """ admin_cxt = neutron_context.get_admin_context() filters = v3_utils.get_plugin_filters(admin_cxt) nsxlib = v3_utils.get_connected_nsxlib() with PortsPlugin() as plugin: problems = plugin_utils.get_mismatch_logical_ports( admin_cxt, nsxlib, plugin, filters) if len(problems) > 0: title = ("Found internal ports misconfiguration on the " "NSX manager:") LOG.info( formatters.output_formatter(title, problems, ['neutron_id', 'nsx_id', 'error'])) else: LOG.info("All internal ports verified on the NSX manager")
def nsx_list_name_mismatches(resource, event, trigger, **kwargs): edges = nsxv.get_edges()[1] edges = edges['edgePage'].get('data', []) plugin_nsx_mismatch = [] edgeapi = utils.NeutronDbClient() for edge in edges: rtr_binding = nsxv_db.get_nsxv_router_binding_by_edge( edgeapi.context.session, edge['id']) if (edge['name'].startswith('backup-') and rtr_binding['router_id'] != edge['name']): plugin_nsx_mismatch.append( {'edge_id': edge['id'], 'edge_name': edge['name'], 'router_id': rtr_binding['router_id']}) LOG.info(formatters.output_formatter( constants.BACKUP_EDGES, plugin_nsx_mismatch, ['edge_id', 'edge_name', 'router_id']))
def nsx_list_orphaned_dhcp_servers(resource, event, trigger, **kwargs): """List logical DHCP servers without associated DHCP-enabled subnet.""" nsxlib = utils.get_connected_nsxlib() nsx_version = nsxlib.get_version() if not nsx_utils.is_nsx_version_1_1_0(nsx_version): LOG.error("This utility is not available for NSX version %s", nsx_version) return dhcp_profile_uuid = _get_dhcp_profile_uuid(**kwargs) if not dhcp_profile_uuid: LOG.error("dhcp_profile_uuid is not defined") return orphaned_servers = v3_utils.get_orphaned_dhcp_servers( context.get_admin_context(), neutron_client, nsxlib, dhcp_profile_uuid) LOG.info(formatters.output_formatter( constants.ORPHANED_DHCP_SERVERS, orphaned_servers, ['id', 'neutron_net_id', 'display_name']))
def nsx_list_mismatch_addresses(resource, event, trigger, **kwargs): """List missing spoofguard policies approved addresses on NSXv. Address pairs defined on neutron compute ports that are missing from the NSX-V spoofguard policy of a specific/all networks. """ network_id = None if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) network_id = properties.get('network') spgapi = utils.NeutronDbClient() if network_id: policy_id = nsxv_db.get_spoofguard_policy_id( spgapi.context.session, network_id) if not policy_id: LOG.error("Could not find spoofguard policy for neutron network " "%s", network_id) return with utils.NsxVPluginWrapper() as plugin: missing_data = nsx_list_mismatch_addresses_for_net( spgapi.context, plugin, network_id, policy_id) else: with utils.NsxVPluginWrapper() as plugin: missing_data = [] # Go over all the networks with spoofguard policies mappings = get_spoofguard_policy_network_mappings() for entry in mappings: missing_data.extend(nsx_list_mismatch_addresses_for_net( spgapi.context, plugin, entry['network_id'], entry['policy_id'])) if missing_data: LOG.info(formatters.output_formatter( constants.SPOOFGUARD_POLICY, missing_data, ['network', 'policy', 'port', 'data'])) else: LOG.info("No mismatches found.")
def add_bgp_neighbour(resource, event, trigger, **kwargs): usage = ("nsxadmin -r bgp-neighbour -o create " "--property gw-edge-ids=<GW_EDGE_ID>[,...] " "--property ip-address=<IP_ADDRESS> " "--property remote-as=<AS_NUMBER> " "--property password=<PASSWORD>") required_params = ('gw-edge-ids', 'ip-address', 'remote-as', 'password') properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', [])) if not properties or not set(required_params) <= set(properties.keys()): LOG.error(usage) return remote_as = properties['remote-as'] if not _validate_asn(remote_as): return nbr = nsxv_bgp.gw_bgp_neighbour(properties['ip-address'], properties['remote-as'], properties['password']) edge_ids = properties['gw-edge-ids'].split(',') for edge_id in edge_ids: try: nsxv.add_bgp_neighbours(edge_id, [nbr]) except exceptions.ResourceNotFound: LOG.error("Edge %s was not found", edge_id) return res = [{'edge_id': edge_id, 'ip_address': properties['ip-address'], 'remote_as': properties['remote-as'], 'hold_down_timer': cfg.CONF.nsxv.bgp_neighbour_hold_down_timer, 'keep_alive_timer': cfg.CONF.nsxv.bgp_neighbour_keep_alive_timer} for edge_id in edge_ids] headers = ['edge_id', 'ip_address', 'remote_as', 'hold_down_timer', 'keep_alive_timer'] LOG.info(formatters.output_formatter('New BPG neighbour', res, headers))
def clean_orphaned_vnics(resource, event, trigger, **kwargs): """List router orphaned router vnics where the port was deleted""" orphaned_vnics = get_orphaned_vnics() if not orphaned_vnics: LOG.info("No orphaned router vnics found") return headers = ['edge_id', 'vnic_index', 'tunnel_index', 'network_id'] LOG.info(formatters.output_formatter(constants.ORPHANED_VNICS, orphaned_vnics, headers)) user_confirm = admin_utils.query_yes_no("Do you want to delete " "orphaned vnics", default="no") if not user_confirm: LOG.info("NSXv vnics deletion aborted by user") return context = n_context.get_admin_context() with utils.NsxVPluginWrapper() as plugin: nsxv_manager = vcns_driver.VcnsDriver( edge_utils.NsxVCallbacks(plugin)) for vnic in orphaned_vnics: if not vnic['distributed']: try: nsxv_manager.vcns.delete_interface( vnic['edge_id'], vnic['vnic_index']) except Exception as e: LOG.error("Failed to delete vnic from NSX: %s", e) nsxv_db.free_edge_vnic_by_network( context.session, vnic['edge_id'], vnic['network_id']) else: try: nsxv_manager.vcns.delete_vdr_internal_interface( vnic['edge_id'], vnic['vnic_index']) except Exception as e: LOG.error("Failed to delete vnic from NSX: %s", e) nsxv_db.delete_edge_vnic_binding_by_network( context.session, vnic['edge_id'], vnic['network_id'])
def nsx_list_missing_spoofguard_policies(resource, event, trigger, **kwargs): """List missing spoofguard policies on NSXv. Spoofguard policies that have a binding in Neutron Db but there is no policy on NSXv backend to back it. """ props = kwargs.get('property') reverse = True if props and props[0] == 'reverse' else False if reverse: LOG.info(_LI("Spoofguard policies on NSXv but not present in " "Neutron Db")) else: LOG.info(_LI("Spoofguard policies in Neutron Db but not present " "on NSXv")) missing_policies = get_missing_spoofguard_policy_mappings(reverse) if not missing_policies: LOG.info(_LI("\nNo missing spoofguard policies found." "\nNeutron DB and NSXv backend are in sync\n")) else: LOG.info(missing_policies) missing_policies = [{'policy_id': pid} for pid in missing_policies] LOG.info(formatters.output_formatter( constants.SPOOFGUARD_POLICY, missing_policies, ['policy_id']))
def list_orphaned_networks(resource, event, trigger, **kwargs): """List the NSX networks which are missing the neutron DB """ admin_context = context.get_admin_context() missing_networks = [] # get all neutron distributed routers in advanced with utils.NsxVPluginWrapper() as plugin: neutron_routers = plugin.get_routers( admin_context, fields=['id', 'name', 'distributed']) neutron_dist_routers = [rtr for rtr in neutron_routers if rtr['distributed']] # get the list of backend networks: backend_networks = get_networks() for net in backend_networks: moref = net['moref'] backend_name = net['name'] # Decide if this is a neutron network by its name (which should always # contain the net-id), and type if (backend_name.startswith('edge-') or len(backend_name) < 36 or net['type'] == 'Network'): # This is not a neutron network continue if backend_name.startswith('int-') and net['type'] == 'VirtualWire': # This is a PLR network. Check that the router exists found = False # compare the expected lswitch name by the dist router name & id for rtr in neutron_dist_routers: lswitch_name = ('int-' + rtr['name'] + rtr['id'])[:36] if lswitch_name == backend_name: found = True break # if the neutron router got renamed, this will not work. # compare ids prefixes instead (might cause false positives) for rtr in neutron_dist_routers: if rtr['id'][:5] in backend_name: LOG.info("Logical switch %s probably matches distributed " "router %s", backend_name, rtr['id']) found = True break if not found: missing_networks.append(net) continue # get the list of neutron networks with this moref neutron_networks = nsx_db.get_nsx_network_mapping_for_nsx_id( admin_context.session, moref) if not neutron_networks: # no network found for this moref missing_networks.append(net) elif moref.startswith(PORTGROUP_PREFIX): # This is a VLAN network. Also verify that the DVS Id matches for entry in neutron_networks: if (not entry['dvs_id'] or backend_name.startswith(entry['dvs_id'])): found = True # this moref & dvs-id does not appear in the DB if not found: missing_networks.append(net) LOG.info(formatters.output_formatter(constants.ORPHANED_NETWORKS, missing_networks, ['type', 'moref', 'name']))
def _log_info(resource, data, attrs=['display_name', 'id']): LOG.info(formatters.output_formatter(resource, data, attrs))
def list_orphaned_router_bindings(resource, event, trigger, **kwargs): """List nsx router bindings entries without real objects behind them""" orphaned_list = get_orphaned_router_bindings() LOG.info(formatters.output_formatter( constants.ORPHANED_BINDINGS, orphaned_list, ['edge_id', 'router_id', 'availability_zone', 'status']))
def nsx_list_backup_edges(resource, event, trigger, **kwargs): """List backup edges""" backup_edges = get_nsxv_backup_edges() LOG.info(formatters.output_formatter(constants.BACKUP_EDGES, backup_edges, ['id']))
def create_bgp_gw(resource, event, trigger, **kwargs): """Creates a new BGP GW edge""" usage = ("nsxadmin -r bgp-gw-edge -o create " "--property name=<GW_EDGE_NAME> " "--property local-as=<LOCAL_AS_NUMBER> " "--property external-iface=<PORTGROUP>:<IP_ADDRESS/PREFIX_LEN> " "--property internal-iface=<PORTGROUP>:<IP_ADDRESS/PREFIX_LEN> " "[--property default-gateway=<IP_ADDRESS>] " "[--property az-hint=<AZ_HINT>] " "[--property size=compact,large,xlarge,quadlarge]") required_params = ('name', 'local-as', 'internal-iface', 'external-iface') properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', [])) if not properties or not set(required_params) <= set(properties.keys()): LOG.error(usage) return local_as = properties['local-as'] if not _validate_asn(local_as): return size = properties.get('size', nsxv_constants.LARGE) if size not in vcns_const.ALLOWED_EDGE_SIZES: msg = ("Property 'size' takes one of the following values: %s." % ','.join(vcns_const.ALLOWED_EDGE_SIZES)) LOG.error(msg) return external_iface_info = _extract_interface_info(properties['external-iface']) internal_iface_info = _extract_interface_info(properties['internal-iface']) if not (external_iface_info and internal_iface_info): return if 'default-gateway' in properties: default_gw = _extract_interface_info(properties['default-gateway']) if not default_gw: msg = ("Property 'default-gateway' doesn't contain a valid IP " "address.") LOG.error(msg) return default_gw = default_gw[1] else: default_gw = None config.register_nsxv_azs(cfg.CONF, cfg.CONF.nsxv.availability_zones) az_hint = properties.get('az-hint', 'default') az = nsx_az.NsxVAvailabilityZones().get_availability_zone(az_hint) edge_id, gateway_ip = _assemble_gw_edge(properties['name'], size, external_iface_info, internal_iface_info, default_gw, az) nsxv.add_bgp_speaker_config(edge_id, gateway_ip, local_as, True, [], [], [], default_originate=True) res = {'name': properties['name'], 'edge_id': edge_id, 'size': size, 'availability_zone': az.name, 'bgp_identifier': gateway_ip, 'local_as': local_as} headers = ['name', 'edge_id', 'size', 'bgp_identifier', 'availability_zone', 'local_as'] LOG.info(formatters.output_formatter('BGP GW Edge', [res], headers))
def neutron_list_spoofguard_policy_mappings(resource, event, trigger, **kwargs): mappings = get_spoofguard_policy_network_mappings() LOG.info(formatters.output_formatter(constants.SPOOFGUARD_POLICY, mappings, ['network_id', 'policy_id']))
def nsx_list_spoofguard_policies(resource, event, trigger, **kwargs): """List spoofguard policies from NSXv backend""" policies = get_spoofguard_policies() LOG.info(formatters.output_formatter(constants.SPOOFGUARD_POLICY, policies, ['policyId', 'name']))
def neutron_list_security_groups(resource, event, trigger, **kwargs): security_groups = neutron_sg.get_security_groups() LOG.info(formatters.output_formatter(constants.SECURITY_GROUPS, security_groups, ['name', 'id'])) return bool(security_groups)
def nsx_list_edges(resource, event, trigger, **kwargs): """List edges from NSXv backend""" edges = get_nsxv_edges() LOG.info(formatters.output_formatter(constants.EDGES, edges, ['id']))
def neutron_list_networks(resource, event, trigger, **kwargs): LOG.info(formatters.output_formatter(constants.NETWORKS, get_networks(), ['type', 'moref', 'name']))
def neutron_list_router_edge_bindings(resource, event, trigger, **kwargs): """List NSXv edges from Neutron DB""" edges = get_router_edge_bindings() LOG.info(formatters.output_formatter(constants.EDGES, edges, ['edge_id', 'router_id']))