def initialize(self):
super(NsxPolicyMappingDriver, self).initialize()
self._gbp_plugin = None
self.nsx_policy = self.get_nsxpolicy_lib()
self.policy_api = self.nsx_policy.policy_api
nsx_manager_client = self.get_nsxmanager_client()
self.nsx_port = nsx_resources.LogicalPort(nsx_manager_client)
self._verify_enforcement_point()
def migrate_exclude_ports(resource, event, trigger, **kwargs):
_nsx_client = v3_utils.get_nsxv3_client()
nsxlib = v3_utils.get_connected_nsxlib()
version = nsxlib.get_version()
if not nsx_utils.is_nsx_version_2_0_0(version):
LOG.info("Migration only supported from 2.0 onwards")
LOG.info("Version is %s", version)
return
admin_cxt = neutron_context.get_admin_context()
plugin = PortsPlugin()
_port_client = resources.LogicalPort(_nsx_client)
exclude_list = nsxlib.firewall_section.get_excludelist()
for member in exclude_list['members']:
if member['target_type'] == 'LogicalPort':
port_id = member['target_id']
# Get port
try:
nsx_port = _port_client.get(port_id)
except nsx_exc.ResourceNotFound:
LOG.info("Port %s not found", port_id)
continue
# Validate its a neutron port
is_neutron_port = False
for tag in nsx_port['tags']:
if tag['scope'] == 'os-neutron-port-id':
is_neutron_port = True
neutron_port_id = tag['tag']
break
if not is_neutron_port:
LOG.info("Port %s is not a neutron port", port_id)
continue
# Check if this port exists in the DB
try:
plugin.get_port(admin_cxt, neutron_port_id)
except Exception:
LOG.info("Port %s is not defined in DB", neutron_port_id)
continue
# Update tag for the port
tags_update = [{
'scope': security.PORT_SG_SCOPE,
'tag': nsxlib_consts.EXCLUDE_PORT
}]
_port_client.update(port_id, None, tags_update=tags_update)
# Remove port from the exclude list
nsxlib.firewall_section.remove_member_from_fw_exclude_list(
port_id, nsxlib_consts.TARGET_TYPE_LOGICAL_PORT)
LOG.info("Port %s successfully updated", port_id)
def initialize(self):
super(NsxPolicyMappingDriver, self).initialize()
self._gbp_plugin = None
self.nsx_policy = self.get_nsxpolicy_lib()
# reinitialize the cluster upon fork for api workers to ensure each
# process has its own keepalive loops + state
registry.subscribe(self.nsx_policy.reinitialize_cluster,
resources.PROCESS, events.AFTER_INIT)
self.policy_api = self.nsx_policy.policy_api
self.nsx_manager = self.get_nsxmanager_lib()
registry.subscribe(self.nsx_manager.reinitialize_cluster,
resources.PROCESS, events.AFTER_INIT)
self.nsx_port = nsx_resources.LogicalPort(self.nsx_manager.client)
self._verify_enforcement_point()
def nsx_update_metadata_proxy(resource, event, trigger, **kwargs):
"""Update Metadata proxy for NSXv3 CrossHairs."""
nsx_version = nsxlib.get_version()
if not nsx_utils.is_nsx_version_1_1_0(nsx_version):
LOG.error(_LE("This utility is not available for NSX version %s"),
nsx_version)
return
metadata_proxy_uuid = None
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
metadata_proxy_uuid = properties.get('metadata_proxy_uuid')
if not metadata_proxy_uuid:
LOG.error(_LE("metadata_proxy_uuid is not defined"))
return
cfg.CONF.set_override('dhcp_agent_notification', False)
cfg.CONF.set_override('native_dhcp_metadata', True, 'nsx_v3')
cfg.CONF.set_override('metadata_proxy', metadata_proxy_uuid, 'nsx_v3')
plugin = utils.NsxV3PluginWrapper()
nsx_client = utils.get_nsxv3_client()
port_resource = resources.LogicalPort(nsx_client)
# For each Neutron network, check if it is an internal metadata network.
# If yes, delete the network and associated router interface.
# Otherwise, create a logical switch port with MD-Proxy attachment.
for network in neutron_client.get_networks():
if _is_metadata_network(network):
# It is a metadata network, find the attached router,
# remove the router interface and the network.
filters = {
'device_owner': const.ROUTER_INTERFACE_OWNERS,
'fixed_ips': {
'subnet_id': [network['subnets'][0]],
'ip_address': [nsx_rpc.METADATA_GATEWAY_IP]
}
}
ports = neutron_client.get_ports(filters=filters)
if not ports:
continue
router_id = ports[0]['device_id']
interface = {'subnet_id': network['subnets'][0]}
plugin.remove_router_interface(router_id, interface)
LOG.info(_LI("Removed metadata interface on router %s"), router_id)
plugin.delete_network(network['id'])
LOG.info(_LI("Removed metadata network %s"), network['id'])
else:
lswitch_id = neutron_client.net_id_to_lswitch_id(network['id'])
if not lswitch_id:
continue
tags = nsxlib.build_v3_tags_payload(
network,
resource_type='os-neutron-net-id',
project_name='admin')
name = nsx_utils.get_name_and_uuid(
'%s-%s' % ('mdproxy', network['name'] or 'network'),
network['id'])
port_resource.create(
lswitch_id,
metadata_proxy_uuid,
tags=tags,
name=name,
attachment_type=nsx_constants.ATTACHMENT_MDPROXY)
LOG.info(_LI("Enabled native metadata proxy for network %s"),
network['id'])
def get_port_and_profile_clients():
_nsx_client = v3_utils.get_nsxv3_client()
return (resources.LogicalPort(_nsx_client),
resources.SwitchingProfile(_nsx_client))
def nsx_update_dhcp_bindings(resource, event, trigger, **kwargs):
"""Resync DHCP bindings for NSXv3 CrossHairs."""
nsx_version = nsxlib.get_version()
if not nsx_utils.is_nsx_version_1_1_0(nsx_version):
LOG.error(_LE("This utility is not available for NSX version %s"),
nsx_version)
return
dhcp_profile_uuid = None
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
dhcp_profile_uuid = properties.get('dhcp_profile_uuid')
if not dhcp_profile_uuid:
LOG.error(_LE("dhcp_profile_uuid is not defined"))
return
cfg.CONF.set_override('dhcp_agent_notification', False)
cfg.CONF.set_override('native_dhcp_metadata', True, 'nsx_v3')
cfg.CONF.set_override('dhcp_profile', dhcp_profile_uuid, 'nsx_v3')
nsx_client = utils.get_nsxv3_client()
port_resource = resources.LogicalPort(nsx_client)
dhcp_server_resource = resources.LogicalDhcpServer(nsx_client)
port_bindings = {} # lswitch_id: [(port_id, mac, ip), ...]
server_bindings = {} # lswitch_id: dhcp_server_id
ports = neutron_client.get_ports()
for port in ports:
device_owner = port['device_owner']
if (device_owner != const.DEVICE_OWNER_DHCP
and not nsx_utils.is_port_dhcp_configurable(port)):
continue
for fixed_ip in port['fixed_ips']:
if netaddr.IPNetwork(fixed_ip['ip_address']).version == 6:
continue
network_id = port['network_id']
subnet = neutron_client.get_subnet(fixed_ip['subnet_id'])
if device_owner == const.DEVICE_OWNER_DHCP:
# For each DHCP-enabled network, create a logical DHCP server
# and update the attachment type to DHCP on the corresponding
# logical port of the Neutron DHCP port.
network = neutron_client.get_network(port['network_id'])
net_tags = nsxlib.build_v3_tags_payload(
network,
resource_type='os-neutron-net-id',
project_name='admin')
server_data = nsxlib.native_dhcp.build_server_config(
network, subnet, port, net_tags)
server_data['dhcp_profile_id'] = dhcp_profile_uuid
dhcp_server = dhcp_server_resource.create(**server_data)
LOG.info(
_LI("Created logical DHCP server %(server)s for "
"network %(network)s"), {
'server': dhcp_server['id'],
'network': port['network_id']
})
# Add DHCP service binding in neutron DB.
neutron_client.add_dhcp_service_binding(
network['id'], port['id'], dhcp_server['id'])
# Update logical port for DHCP purpose.
lswitch_id, lport_id = (
neutron_client.get_lswitch_and_lport_id(port['id']))
port_resource.update(
lport_id,
dhcp_server['id'],
attachment_type=nsx_constants.ATTACHMENT_DHCP)
server_bindings[lswitch_id] = dhcp_server['id']
LOG.info(
_LI("Updated DHCP logical port %(port)s for "
"network %(network)s"), {
'port': lport_id,
'network': port['network_id']
})
elif subnet['enable_dhcp']:
# Store (mac, ip) binding of each compute port in a
# DHCP-enabled subnet.
lswitch_id = neutron_client.net_id_to_lswitch_id(network_id)
bindings = port_bindings.get(lswitch_id, [])
bindings.append(
(port['id'], port['mac_address'], fixed_ip['ip_address'],
fixed_ip['subnet_id']))
port_bindings[lswitch_id] = bindings
break # process only the first IPv4 address
# Populate mac/IP bindings in each logical DHCP server.
for lswitch_id, bindings in port_bindings.items():
dhcp_server_id = server_bindings.get(lswitch_id)
if not dhcp_server_id:
continue
for (port_id, mac, ip, subnet_id) in bindings:
hostname = 'host-%s' % ip.replace('.', '-')
options = {
'option121': {
'static_routes': [{
'network':
'%s' % cfg.CONF.nsx_v3.native_metadata_route,
'next_hop': ip
}]
}
}
binding = dhcp_server_resource.create_binding(
dhcp_server_id, mac, ip, hostname,
cfg.CONF.nsx_v3.dhcp_lease_time, options)
# Add DHCP static binding in neutron DB.
neutron_client.add_dhcp_static_binding(port_id, subnet_id, ip,
dhcp_server_id,
binding['id'])
LOG.info(
_LI("Added DHCP binding (mac: %(mac)s, ip: %(ip)s) "
"for neutron port %(port)s"), {
'mac': mac,
'ip': ip,
'port': port_id
})
def init_api(self):
self.port_mirror = core_resources.NsxLibPortMirror(
self.client, self.nsxlib_config, nsxlib=self)
self.bridge_endpoint = core_resources.NsxLibBridgeEndpoint(
self.client, self.nsxlib_config, nsxlib=self)
self.bridge_endpoint_profile = (
core_resources.NsxLibBridgeEndpointProfile(
self.client, self.nsxlib_config, nsxlib=self))
self.logical_switch = core_resources.NsxLibLogicalSwitch(
self.client, self.nsxlib_config, nsxlib=self)
self.logical_router = core_resources.NsxLibLogicalRouter(
self.client, self.nsxlib_config, nsxlib=self)
self.switching_profile = core_resources.NsxLibSwitchingProfile(
self.client, self.nsxlib_config, nsxlib=self)
self.qos_switching_profile = core_resources.NsxLibQosSwitchingProfile(
self.client, self.nsxlib_config, nsxlib=self)
self.edge_cluster = core_resources.NsxLibEdgeCluster(
self.client, self.nsxlib_config, nsxlib=self)
self.bridge_cluster = core_resources.NsxLibBridgeCluster(
self.client, self.nsxlib_config, nsxlib=self)
self.transport_zone = core_resources.NsxLibTransportZone(
self.client, self.nsxlib_config, nsxlib=self)
self.transport_node = core_resources.NsxLibTransportNode(
self.client, self.nsxlib_config, nsxlib=self)
self.relay_service = core_resources.NsxLibDhcpRelayService(
self.client, self.nsxlib_config, nsxlib=self)
self.relay_profile = core_resources.NsxLibDhcpRelayProfile(
self.client, self.nsxlib_config, nsxlib=self)
self.native_dhcp_profile = core_resources.NsxLibDhcpProfile(
self.client, self.nsxlib_config, nsxlib=self)
self.native_md_proxy = core_resources.NsxLibMetadataProxy(
self.client, self.nsxlib_config, nsxlib=self)
self.firewall_section = security.NsxLibFirewallSection(
self.client, self.nsxlib_config, nsxlib=self)
self.ns_group = security.NsxLibNsGroup(
self.client, self.nsxlib_config, self.firewall_section,
nsxlib=self)
self.native_dhcp = native_dhcp.NsxLibNativeDhcp(
self.client, self.nsxlib_config, nsxlib=self)
self.ip_block_subnet = core_resources.NsxLibIpBlockSubnet(
self.client, self.nsxlib_config, nsxlib=self)
self.ip_block = core_resources.NsxLibIpBlock(
self.client, self.nsxlib_config, nsxlib=self)
self.ip_set = security.NsxLibIPSet(
self.client, self.nsxlib_config, nsxlib=self)
self.logical_port = resources.LogicalPort(
self.client, self.nsxlib_config, nsxlib=self)
self.logical_router_port = resources.LogicalRouterPort(
self.client, self.nsxlib_config, nsxlib=self)
self.dhcp_server = resources.LogicalDhcpServer(
self.client, self.nsxlib_config, nsxlib=self)
self.ip_pool = resources.IpPool(
self.client, self.nsxlib_config, nsxlib=self)
self.load_balancer = load_balancer.LoadBalancer(
self.client, self.nsxlib_config)
self.trust_management = trust_management.NsxLibTrustManagement(
self.client, self.nsxlib_config)
self.router = router.RouterLib(
self.logical_router, self.logical_router_port, self)
self.virtual_machine = core_resources.NsxLibFabricVirtualMachine(
self.client, self.nsxlib_config, nsxlib=self)
self.vif = core_resources.NsxLibFabricVirtualInterface(
self.client, self.nsxlib_config, nsxlib=self)
self.vpn_ipsec = vpn_ipsec.VpnIpSec(
self.client, self.nsxlib_config, nsxlib=self)
self.http_services = resources.NodeHttpServiceProperties(
self.client, self.nsxlib_config, nsxlib=self)
self.cluster_nodes = resources.NsxlibClusterNodesConfig(
self.client, self.nsxlib_config, nsxlib=self)
self.global_routing = core_resources.NsxLibGlobalRoutingConfig(
self.client, self.nsxlib_config, nsxlib=self)
# Update tag limits
self.tag_limits = self.get_tag_limits()
utils.update_tag_limits(self.tag_limits)
