def nsx_clean_all_backup_edges(resource, event, trigger, **kwargs): """Delete all backup edges""" scope = "all" if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) scope = properties.get("scope", "all") if scope not in ["neutron", "all"]: LOG.error("Need to specify the scope in ['neutron', 'all']") return backup_edges = get_nsxv_backup_edges(scope=scope) if not kwargs.get('force'): #ask for the user confirmation confirm = admin_utils.query_yes_no( "Do you want to delete %s backup edges?" % len(backup_edges), default="no") if not confirm: LOG.info("Backup edges deletion aborted by user") return deleted_cnt = 0 for edge in backup_edges: # delete the backup edge if _nsx_delete_backup_edge(edge['id'], backup_edges): deleted_cnt = deleted_cnt + 1 LOG.info('Done Deleting %s backup edges', deleted_cnt)
def nsx_clean_spoofguard_policy(resource, event, trigger, **kwargs): """Delete spoofguard policy""" errmsg = ("Need to specify policy-id. Add --property " "policy-id=<policy-id>") if not kwargs.get('property'): LOG.error(_LE("%s"), errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) policy_id = properties.get('policy-id') if not policy_id: LOG.error(_LE("%s"), errmsg) return try: nsxv.get_spoofguard_policy(policy_id) except exceptions.NeutronException as e: LOG.error(_LE("Unable to retrieve policy %(p)s: %(e)s"), {'p': policy_id, 'e': str(e)}) else: confirm = admin_utils.query_yes_no( "Do you want to delete spoofguard-policy: %s" % policy_id, default="no") if not confirm: LOG.info(_LI("spoofguard-policy deletion aborted by user")) return try: nsxv.delete_spoofguard_policy(policy_id) except Exception as e: LOG.error(_LE("%s"), str(e)) LOG.info(_LI('spoofguard-policy successfully deleted.'))
def update_security_groups_logging(resource, event, trigger, **kwargs): """Update allowed traffic logging for all neutron security group rules""" errmsg = ("Need to specify log-allowed-traffic property. Add --property " "log-allowed-traffic=true/false") if not kwargs.get('property'): LOG.error("%s", errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) log_allowed_str = properties.get('log-allowed-traffic') if not log_allowed_str or log_allowed_str.lower() not in ['true', 'false']: LOG.error("%s", errmsg) return log_allowed = log_allowed_str.lower() == 'true' context = neutron_context.get_admin_context() nsxlib = v3_utils.get_connected_nsxlib() with v3_utils.NsxV3PluginWrapper() as plugin: secgroups = plugin.get_security_groups(context, fields=['id', sg_logging.LOGGING]) LOG.info("Going to update logging of %s sections", len(secgroups)) for sg in [sg for sg in secgroups if sg.get(sg_logging.LOGGING) is False]: nsgroup_id, section_id = nsx_db.get_sg_mappings( context.session, sg['id']) if section_id: try: nsxlib.firewall_section.set_rule_logging( section_id, logging=log_allowed) except nsx_lib_exc.ManagerError: LOG.error("Failed to update firewall rule logging " "for rule in section %s", section_id)
def nsx_update_edges(resource, event, trigger, **kwargs): """Update all edges with the given property""" if not kwargs.get('property'): usage_msg = ("Need to specify a property to update all edges. " "Add --property appliances=<True/False>") LOG.error(usage_msg) return edges = utils.get_nsxv_backend_edges() properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) result = 0 for edge in edges: if properties.get('appliances', 'false').lower() == "true": try: change_edge_appliance(edge.get('edge-id')) except Exception as e: result += 1 LOG.error( "Failed to update edge %(edge)s. Exception: " "%(e)s", { 'edge': edge.get('edge-id'), 'e': str(e) }) if result > 0: total = len(edges) LOG.error("%(result)s of %(total)s edges failed " "to update.", { 'result': result, 'total': total })
def neutron_clean_backup_edge(resource, event, trigger, **kwargs): """Delete a backup edge from the neutron, and backend by it's name The name of the backup edge is the router-id column in the BD table nsxv_router_bindings, and it is also printed by list-mismatches """ errmsg = ("Need to specify router-id property. Add --property " "router-id=<router-id>") if not kwargs.get('property'): LOG.error("%s", errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) router_id = properties.get('router-id') if not router_id: LOG.error("%s", errmsg) return # look for the router-binding entry edgeapi = utils.NeutronDbClient() rtr_binding = nsxv_db.get_nsxv_router_binding( edgeapi.context.session, router_id) if not rtr_binding: LOG.error('Backup %s was not found in DB', router_id) return edge_id = rtr_binding['edge_id'] if edge_id: # delete from backend too _delete_edge_from_nsx_and_neutron(edge_id, router_id) else: # delete only from DB _delete_backup_from_neutron_db(None, router_id)
def nsx_clean_backup_edge(resource, event, trigger, **kwargs): """Delete backup edge""" errmsg = ("Need to specify edge-id property. Add --property " "edge-id=<edge-id>") if not kwargs.get('property'): LOG.error(_LE("%s"), errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) edge_id = properties.get('edge-id') if not edge_id: LOG.error(_LE("%s"), errmsg) return try: edge = nsxv.get_edge(edge_id) except exceptions.NeutronException as x: LOG.error(_LE("%s"), str(x)) else: # edge[0] is response status code # edge[1] is response body backup_edges = [e['id'] for e in get_nsxv_backup_edges()] if (not edge[1]['name'].startswith('backup-') or edge[1]['id'] not in backup_edges): LOG.error( _LE('Edge: %s is not a backup edge; aborting delete'), edge_id) return confirm = admin_utils.query_yes_no( "Do you want to delete edge: %s" % edge_id, default="no") if not confirm: LOG.info(_LI("Backup edge deletion aborted by user")) return _delete_edge_from_nsx_and_neutron(edge_id, edge[1]['name'])
def get_metadata_status(resource, event, trigger, **kwargs): if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) net_id = properties.get('network_id') else: net_id = None edgeapi = utils.NeutronDbClient() edge_list = nsxv_db.get_nsxv_internal_edges_by_purpose( edgeapi.context.session, vcns_constants.InternalEdgePurposes.INTER_EDGE_PURPOSE) md_rtr_ids = [edge['router_id'] for edge in edge_list] router_bindings = nsxv_db.get_nsxv_router_bindings( edgeapi.context.session, filters={'router_id': md_rtr_ids}) edge_ids = [b['edge_id'] for b in router_bindings] _md_member_status('Metadata edge appliance: %s members', edge_ids) if net_id: as_provider_data = nsxv_db.get_edge_vnic_bindings_by_int_lswitch( edgeapi.context.session, net_id) providers = [asp['edge_id'] for asp in as_provider_data] if providers: LOG.info('Metadata providers for network %s', net_id) _md_member_status('Edge %s', providers) else: LOG.info('No providers found for network %s', net_id)
def nsx_clean_spoofguard_policy(resource, event, trigger, **kwargs): """Delete spoofguard policy""" errmsg = ("Need to specify policy-id. Add --property " "policy-id=<policy-id>") if not kwargs.get('property'): LOG.error("%s", errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) policy_id = properties.get('policy-id') if not policy_id: LOG.error("%s", errmsg) return try: h, c = nsxv.get_spoofguard_policy(policy_id) except exceptions.NeutronException as e: LOG.error("Unable to retrieve policy %(p)s: %(e)s", {'p': policy_id, 'e': str(e)}) else: if not c.get('spoofguardList'): LOG.error("Policy %s does not exist", policy_id) return confirm = admin_utils.query_yes_no( "Do you want to delete spoofguard-policy: %s" % policy_id, default="no") if not confirm: LOG.info("spoofguard-policy deletion aborted by user") return try: nsxv.delete_spoofguard_policy(policy_id) except Exception as e: LOG.error("%s", str(e)) LOG.info('spoofguard-policy successfully deleted.')
def get_metadata_status(resource, event, trigger, **kwargs): if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) net_id = properties.get('network_id') else: net_id = None edgeapi = utils.NeutronDbClient() edge_list = nsxv_db.get_nsxv_internal_edges_by_purpose( edgeapi.context.session, vcns_constants.InternalEdgePurposes.INTER_EDGE_PURPOSE) md_rtr_ids = [edge['router_id'] for edge in edge_list] router_bindings = nsxv_db.get_nsxv_router_bindings( edgeapi.context.session, filters={'router_id': md_rtr_ids}) edge_ids = [b['edge_id'] for b in router_bindings] _md_member_status('Metadata edge appliance: %s members', edge_ids) if net_id: as_provider_data = nsxv_db.get_edge_vnic_bindings_by_int_lswitch( edgeapi.context.session, net_id) providers = [asp['edge_id'] for asp in as_provider_data] if providers: LOG.info('Metadata providers for network %s', net_id) _md_member_status('Edge %s', providers) else: LOG.info('No providers found for network %s', net_id)
def nsx_update_edge(resource, event, trigger, **kwargs): """Update edge properties""" usage_msg = _LE("Need to specify edge-id parameter and " "attribute to update. Add --property edge-id=<edge-id> " "and --property highavailability=<True/False> or " "--property size=<size> or --property appliances=True") if not kwargs.get('property'): LOG.error(usage_msg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) if not properties.get('edge-id'): LOG.error( _LE("Need to specify edge-id. " "Add --property edge-id=<edge-id>")) return LOG.info(_LI("Updating NSXv edge: %(edge)s with properties\n%(prop)s"), { 'edge': properties.get('edge-id'), 'prop': properties }) if properties.get('highavailability'): change_edge_ha(properties['highavailability'].lower() == "true", properties['edge-id']) elif properties.get('size'): change_edge_appliance_size(properties) elif (properties.get('appliances') and properties.get('appliances').lower() == "true"): change_edge_appliance(properties['edge-id']) else: # no attribute was specified LOG.error(usage_msg)
def update_security_groups_logging(resource, event, trigger, **kwargs): """Update allowed traffic logging for all neutron security group rules""" errmsg = ("Need to specify log-allowed-traffic property. Add --property " "log-allowed-traffic=true/false") if not kwargs.get('property'): LOG.error("%s", errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) log_allowed_str = properties.get('log-allowed-traffic') if not log_allowed_str or log_allowed_str.lower() not in ['true', 'false']: LOG.error("%s", errmsg) return log_allowed = log_allowed_str.lower() == 'true' context = neutron_context.get_admin_context() nsxlib = v3_utils.get_connected_nsxlib() with v3_utils.NsxV3PluginWrapper() as plugin: secgroups = plugin.get_security_groups( context, fields=['id', sg_logging.LOGGING]) LOG.info("Going to update logging of %s sections", len(secgroups)) for sg in [ sg for sg in secgroups if sg.get(sg_logging.LOGGING) is False ]: nsgroup_id, section_id = nsx_db.get_sg_mappings( context.session, sg['id']) if section_id: try: nsxlib.firewall_section.set_rule_logging( section_id, logging=log_allowed) except nsx_lib_exc.ManagerError: LOG.error( "Failed to update firewall rule logging " "for rule in section %s", section_id)
def nsx_update_switch(resource, event, trigger, **kwargs): nsxv = utils.get_nsxv_client() if not kwargs.get('property'): LOG.error(_LE("Need to specify dvs-id parameter and " "attribute to update. Add --property dvs-id=<dvs-id> " "--property teamingpolicy=<policy>")) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) dvs_id = properties.get('dvs-id') if not dvs_id: LOG.error(_LE("Need to specify dvs-id. " "Add --property dvs-id=<dvs-id>")) return h, switch = nsxv.get_vdn_switch(dvs_id) policy = properties.get('teamingpolicy') if policy: if switch['teamingPolicy'] == policy: LOG.info(_LI("Policy already set!")) return LOG.info(_LI("Updating NSXv switch %(dvs)s teaming policy to " "%(policy)s"), {'dvs': dvs_id, 'policy': policy}) switch['teamingPolicy'] = policy switch = nsxv.update_vdn_switch(switch) LOG.info(_LI("Switch value after update: %s"), switch) else: LOG.error(_LE("No teaming policy set. " "Add --property teamingpolicy=<policy>")) LOG.info(_LI("Current switch value is: %s"), switch)
def nsx_update_metadata_proxy(resource, event, trigger, **kwargs): """Update Metadata proxy for NSXv3 CrossHairs.""" nsx_version = utils.get_connected_nsxlib().get_version() if not nsx_utils.is_nsx_version_1_1_0(nsx_version): LOG.info(_LI("This utility is not available for NSX version %s"), nsx_version) return metadata_proxy_uuid = None if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) metadata_proxy_uuid = properties.get('metadata_proxy_uuid') if not metadata_proxy_uuid: LOG.error(_LE("metadata_proxy_uuid is not defined")) return cfg.CONF.set_override('dhcp_agent_notification', False) cfg.CONF.set_override('native_dhcp_metadata', True, 'nsx_v3') cfg.CONF.set_override('metadata_proxy_uuid', metadata_proxy_uuid, 'nsx_v3') plugin = utils.NsxV3PluginWrapper() nsx_client = utils.get_nsxv3_client() port_resource = resources.LogicalPort(nsx_client) # For each Neutron network, check if it is an internal metadata network. # If yes, delete the network and associated router interface. # Otherwise, create a logical switch port with MD-Proxy attachment. for network in neutron_client.get_networks(): if _is_metadata_network(network): # It is a metadata network, find the attached router, # remove the router interface and the network. filters = {'device_owner': const.ROUTER_INTERFACE_OWNERS, 'fixed_ips': { 'subnet_id': [network['subnets'][0]], 'ip_address': [nsx_rpc.METADATA_GATEWAY_IP]}} ports = neutron_client.get_ports(filters=filters) if not ports: continue router_id = ports[0]['device_id'] interface = {'subnet_id': network['subnets'][0]} plugin.remove_router_interface(router_id, interface) LOG.info(_LI("Removed metadata interface on router %s"), router_id) plugin.delete_network(network['id']) LOG.info(_LI("Removed metadata network %s"), network['id']) else: lswitch_id = neutron_client.net_id_to_lswitch_id(network['id']) if not lswitch_id: continue tags = nsx_utils.build_v3_tags_payload( network, resource_type='os-neutron-net-id', project_name='admin') name = nsx_utils.get_name_and_uuid('%s-%s' % ( 'mdproxy', network['name'] or 'network'), network['id']) port_resource.create( lswitch_id, metadata_proxy_uuid, tags=tags, name=name, attachment_type=nsx_constants.ATTACHMENT_MDPROXY) LOG.info(_LI("Enabled native metadata proxy for network %s"), network['id'])
def delete_backend_network(resource, event, trigger, **kwargs): """Delete a backend network by its moref """ errmsg = ("Need to specify moref property. Add --property moref=<moref>") if not kwargs.get('property'): LOG.error(_LE("%s"), errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) moref = properties.get('moref') if not moref: LOG.error(_LE("%s"), errmsg) return backend_name = get_networks_name_map().get(moref) if not backend_name: LOG.error(_LE("Failed to find the backend network %(moref)s"), {'moref': moref}) return # Note: in case the backend network is attached to other backend objects, # like VM, the deleting may fail and through an exception nsxv = utils.get_nsxv_client() if moref.startswith(PORTGROUP_PREFIX): # get the dvs id from the backend name: dvs_id = get_dvs_id_from_backend_name(backend_name) if not dvs_id: LOG.error( _LE("Failed to find the DVS id of backend network " "%(moref)s"), {'moref': moref}) else: try: nsxv.delete_port_group(dvs_id, moref) except Exception as e: LOG.error( _LE("Failed to delete backend network %(moref)s : " "%(e)s"), { 'moref': moref, 'e': e }) else: LOG.info(_LI("Backend network %(moref)s was deleted"), {'moref': moref}) else: # Virtual wire try: nsxv.delete_virtual_wire(moref) except Exception as e: LOG.error( _LE("Failed to delete backend network %(moref)s : " "%(e)s"), { 'moref': moref, 'e': e }) else: LOG.info(_LI("Backend network %(moref)s was deleted"), {'moref': moref})
def _get_dhcp_profile_uuid(**kwargs): if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) dhcp_profile_uuid = properties.get('dhcp_profile_uuid') if dhcp_profile_uuid: return dhcp_profile_uuid if cfg.CONF.nsx_v3.dhcp_profile: return nsxlib.native_dhcp_profile.get_id_by_name_or_id( cfg.CONF.nsx_v3.dhcp_profile)
def nsx_update_edge(resource, event, trigger, **kwargs): """Update edge properties""" usage_msg = ("Need to specify edge-id parameter and " "attribute to update. Add --property edge-id=<edge-id> " "and --property highavailability=<True/False> or " "--property size=<size> or --property appliances=True. " "\nFor syslog, add --property syslog-server=<ip>|none and " "(optional) --property syslog-server2=<ip> and/or " "(optional) --property syslog-proto=[tcp/udp] " "\nFor log levels, add --property [routing|dhcp|dns|" "highavailability|loadbalancer]-log-level=" "[debug|info|warning|error]. To set log level for all " "modules, add --property log-level=<level> " "\nFor edge reservations, add " "--property resource=cpu|memory and " "(optional) --property limit=<limit> and/or " "(optional) --property shares=<shares> and/or " "(optional) --property reservation=<reservation> " "\nFor hostgroup updates, add " "--property hostgroup=update/all/clean") if not kwargs.get('property'): LOG.error(usage_msg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) if (not properties.get('edge-id') and not properties.get('hostgroup', '').lower() == "all" and not properties.get('hostgroup', '').lower() == "clean"): LOG.error("Need to specify edge-id. " "Add --property edge-id=<edge-id>") return LOG.info("Updating NSXv edge: %(edge)s with properties\n%(prop)s", { 'edge': properties.get('edge-id'), 'prop': properties }) if properties.get('highavailability'): change_edge_ha(properties['highavailability'].lower() == "true", properties['edge-id']) elif properties.get('size'): change_edge_appliance_size(properties) elif (properties.get('appliances') and properties.get('appliances').lower() == "true"): change_edge_appliance(properties['edge-id']) elif properties.get('syslog-server'): if (properties.get('syslog-server').lower() == "none"): delete_edge_syslog(properties['edge-id']) else: change_edge_syslog(properties) elif properties.get('resource'): change_edge_appliance_reservations(properties) elif properties.get('hostgroup'): change_edge_hostgroup(properties) elif change_edge_loglevel(properties): pass else: # no attribute was specified LOG.error(usage_msg)
def nsx_recreate_dhcp_edge(resource, event, trigger, **kwargs): """Recreate a dhcp edge with all the networks n a new NSXv edge""" if not kwargs.get('property'): LOG.error(_LE("Need to specify edge-id parameter")) return # input validation properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) old_edge_id = properties.get('edge-id') if not old_edge_id: LOG.error(_LE("Need to specify edge-id parameter")) return LOG.info(_LI("ReCreating NSXv Edge: %s"), old_edge_id) # init the plugin and edge manager cfg.CONF.set_override('core_plugin', 'vmware_nsx.shell.admin.plugins.nsxv.resources' '.utils.NsxVPluginWrapper') plugin = utils.NsxVPluginWrapper() nsxv_manager = vcns_driver.VcnsDriver(edge_utils.NsxVCallbacks(plugin)) edge_manager = edge_utils.EdgeManager(nsxv_manager, plugin) context = n_context.get_admin_context() # verify that this is a DHCP edge bindings = nsxv_db.get_nsxv_router_bindings_by_edge( context.session, old_edge_id) if (not bindings or not bindings[0]['router_id'].startswith( nsxv_constants.DHCP_EDGE_PREFIX)): LOG.error(_LE("Edge %(edge_id)s is not a DHCP edge"), {'edge_id': old_edge_id}) return # find the networks bound to this DHCP edge networks_binding = nsxv_db.get_edge_vnic_bindings_by_edge( context.session, old_edge_id) network_ids = [binding['network_id'] for binding in networks_binding] # Find out the vdr router, if this is a vdr DHCP edge vdr_binding = nsxv_db.get_vdr_dhcp_binding_by_edge( context.session, old_edge_id) vdr_router_id = vdr_binding['vdr_router_id'] if vdr_binding else None # Delete the old edge delete_old_dhcp_edge(context, old_edge_id, bindings) if vdr_router_id: # recreate the edge as a VDR DHCP edge recreate_vdr_dhcp_edge(context, plugin, edge_manager, old_edge_id, vdr_router_id) else: # This is a regular DHCP edge: # Move all the networks to other (new or existing) edge for net_id in network_ids: recreate_network_dhcp(context, plugin, edge_manager, old_edge_id, net_id)
def get_cert_filename(**kwargs): filename = cfg.CONF.nsx_v3.nsx_client_cert_file if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) filename = properties.get('filename', filename) if not filename: LOG.info("Please specify file containing the certificate " "using filename property") return filename
def get_nsx_trust_management(**kwargs): username, password = None, None if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) username = properties.get('user') password = properties.get('password') nsx_client = utils.get_nsxv3_client(username, password, True) nsx_trust = trust_management.NsxLibTrustManagement(nsx_client, {}) return nsx_trust
def create_redis_rule(resource, event, trigger, **kwargs): usage = ("nsxadmin -r routing-redistribution-rule -o create " "--property gw-edge-ids=<GW_EDGE_ID>[,...] " "[--property prefix=<NAME:CIDR>] " "--property learn-from=ospf,bgp,connected,static " "--property action=<permit/deny>") required_params = ('gw-edge-ids', 'learn-from', 'action') properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', [])) if not properties or not set(required_params) <= set(properties.keys()): LOG.error(usage) return prefix = properties.get('prefix') if prefix: prefix_name, cidr = prefix.split(':') prefixes = [get_ip_prefix(prefix_name, cidr)] if cidr else [] else: prefix_name = None prefixes = [] learn_from = properties['learn-from'].split(',') rule = get_redistribution_rule(prefix_name, 'bgp' in learn_from, 'ospf' in learn_from, 'static' in learn_from, 'connected' in learn_from, properties['action']) edge_ids = properties['gw-edge-ids'].split(',') for edge_id in edge_ids: try: bgp_config = nsxv.get_routing_bgp_config(edge_id) if not bgp_config['bgp'].get('enabled'): LOG.error("BGP is not enabled on edge %s", edge_id) return if not bgp_config['bgp']['redistribution']['enabled']: LOG.error("BGP redistribution is not enabled on edge %s", edge_id) return nsxv.add_bgp_redistribution_rules(edge_id, prefixes, [rule]) except exceptions.ResourceNotFound: LOG.error("Edge %s was not found", edge_id) return res = [{ 'edge_id': edge_id, 'prefix': prefix_name if prefix_name else 'ANY', 'learner-protocol': 'bgp', 'learn-from': ', '.join(set(learn_from)), 'action': properties['action'] } for edge_id in edge_ids] headers = ['edge_id', 'prefix', 'learner-protocol', 'learn-from', 'action'] LOG.info( formatters.output_formatter('Routing redistribution rule', res, headers))
def generate_cert(resource, event, trigger, **kwargs): """Generate self signed client certificate and private key """ if not verify_client_cert_on(): return if cfg.CONF.nsx_v3.nsx_client_cert_storage.lower() == "none": LOG.info("Generate operation is not supported " "with storage type 'none'") return # update cert defaults based on user input properties = CERT_DEFAULTS.copy() if kwargs.get('property'): properties.update( admin_utils.parse_multi_keyval_opt(kwargs['property'])) try: prop = 'key-size' key_size = int(properties.get(prop)) prop = 'valid-days' valid_for_days = int(properties.get(prop)) except ValueError: LOG.info("%s property must be a number", prop) return signature_alg = properties.get('sig-alg') subject = {} subject[client_cert.CERT_SUBJECT_COUNTRY] = properties.get('country') subject[client_cert.CERT_SUBJECT_STATE] = properties.get('state') subject[client_cert.CERT_SUBJECT_ORG] = properties.get('org') subject[client_cert.CERT_SUBJECT_UNIT] = properties.get('org') subject[client_cert.CERT_SUBJECT_HOST] = properties.get('host') regenerate = False with get_certificate_manager(**kwargs) as cert: if cert.exists(): LOG.info("Deleting existing certificate") # Need to delete cert first cert.delete() regenerate = True try: cert.generate(subject, key_size, valid_for_days, signature_alg) except exceptions.NsxLibInvalidInput as e: LOG.info(e) return LOG.info("Client certificate generated successfully") if not regenerate: # No certificate existed, so client authentication service was likely # changed to true just now. The user must restart neutron to avoid # failures. LOG.info("Please restart neutron service")
def nsx_update_switch(resource, event, trigger, **kwargs): nsxv = utils.get_nsxv_client() if not kwargs.get('property'): LOG.error( _LE("Need to specify dvs-id parameter and " "attribute to update. Add --property dvs-id=<dvs-id> " "--property teamingpolicy=<policy>")) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) dvs_id = properties.get('dvs-id') if not dvs_id: LOG.error( _LE("Need to specify dvs-id. " "Add --property dvs-id=<dvs-id>")) return try: h, switch = nsxv.get_vdn_switch(dvs_id) except exceptions.ResourceNotFound: LOG.error(_LE("DVS %s not found"), dvs_id) return supported_policies = [ 'ETHER_CHANNEL', 'LOADBALANCE_LOADBASED', 'LOADBALANCE_SRCID', 'LOADBALANCE_SRCMAC', 'FAILOVER_ORDER', 'LACP_ACTIVE', 'LACP_PASSIVE', 'LACP_V2' ] policy = properties.get('teamingpolicy') if policy in supported_policies: if switch['teamingPolicy'] == policy: LOG.info(_LI("Policy already set!")) return LOG.info( _LI("Updating NSXv switch %(dvs)s teaming policy to " "%(policy)s"), { 'dvs': dvs_id, 'policy': policy }) switch['teamingPolicy'] = policy try: switch = nsxv.update_vdn_switch(switch) except exceptions.VcnsApiException as e: desc = jsonutils.loads(e.response) details = desc.get('details') if details.startswith("No enum constant"): LOG.error(_LE("Unknown teaming policy %s"), policy) else: LOG.error(_LE("Unexpected error occurred: %s"), details) return LOG.info(_LI("Switch value after update: %s"), switch) else: LOG.info(_LI("Current switch value is: %s"), switch) LOG.error( _LE("Invalid teaming policy. " "Add --property teamingpolicy=<policy>")) LOG.error(_LE("Possible values: %s"), ', '.join(supported_policies))
def create_redis_rule(resource, event, trigger, **kwargs): usage = ("nsxadmin -r routing-redistribution-rule -o create " "--property gw-edge-ids=<GW_EDGE_ID>[,...] " "[--property prefix=<NAME:CIDR>] " "--property learn-from=ospf,bgp,connected,static " "--property action=<permit/deny>") required_params = ('gw-edge-ids', 'learn-from', 'action') properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', [])) if not properties or not set(required_params) <= set(properties.keys()): LOG.error(usage) return prefix = properties.get('prefix') if prefix: prefix_name, cidr = prefix.split(':') prefixes = [get_ip_prefix(prefix_name, cidr)] if cidr else [] else: prefix_name = None prefixes = [] learn_from = properties['learn-from'].split(',') rule = get_redistribution_rule(prefix_name, 'bgp' in learn_from, 'ospf' in learn_from, 'static' in learn_from, 'connected' in learn_from, properties['action']) edge_ids = properties['gw-edge-ids'].split(',') for edge_id in edge_ids: try: bgp_config = nsxv.get_routing_bgp_config(edge_id) if not bgp_config['bgp'].get('enabled'): LOG.error("BGP is not enabled on edge %s", edge_id) return if not bgp_config['bgp']['redistribution']['enabled']: LOG.error("BGP redistribution is not enabled on edge %s", edge_id) return nsxv.add_bgp_redistribution_rules(edge_id, prefixes, [rule]) except exceptions.ResourceNotFound: LOG.error("Edge %s was not found", edge_id) return res = [{'edge_id': edge_id, 'prefix': prefix_name if prefix_name else 'ANY', 'learner-protocol': 'bgp', 'learn-from': ', '.join(set(learn_from)), 'action': properties['action']} for edge_id in edge_ids] headers = ['edge_id', 'prefix', 'learner-protocol', 'learn-from', 'action'] LOG.info(formatters.output_formatter( 'Routing redistribution rule', res, headers))
def nsx_update_edge(resource, event, trigger, **kwargs): """Update edge properties""" usage_msg = ("Need to specify edge-id parameter and " "attribute to update. Add --property edge-id=<edge-id> " "and --property highavailability=<True/False> or " "--property size=<size> or --property appliances=True. " "\nFor syslog, add --property syslog-server=<ip>|none and " "(optional) --property syslog-server2=<ip> and/or " "(optional) --property syslog-proto=[tcp/udp] " "\nFor log levels, add --property [routing|dhcp|dns|" "highavailability|loadbalancer]-log-level=" "[debug|info|warning|error]. To set log level for all " "modules, add --property log-level=<level> " "\nFor edge reservations, add " "--property resource=cpu|memory and " "(optional) --property limit=<limit> and/or " "(optional) --property shares=<shares> and/or " "(optional) --property reservation=<reservation> " "\nFor hostgroup updates, add " "--property hostgroup=update/all/clean") if not kwargs.get('property'): LOG.error(usage_msg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) if (not properties.get('edge-id') and not properties.get('hostgroup', '').lower() == "all" and not properties.get('hostgroup', '').lower() == "clean"): LOG.error("Need to specify edge-id. " "Add --property edge-id=<edge-id>") return LOG.info("Updating NSXv edge: %(edge)s with properties\n%(prop)s", {'edge': properties.get('edge-id'), 'prop': properties}) if properties.get('highavailability'): change_edge_ha(properties['highavailability'].lower() == "true", properties['edge-id']) elif properties.get('size'): change_edge_appliance_size(properties) elif (properties.get('appliances') and properties.get('appliances').lower() == "true"): change_edge_appliance(properties['edge-id']) elif properties.get('syslog-server'): if (properties.get('syslog-server').lower() == "none"): delete_edge_syslog(properties['edge-id']) else: change_edge_syslog(properties) elif properties.get('resource'): change_edge_appliance_reservations(properties) elif properties.get('hostgroup'): change_edge_hostgroup(properties) elif change_edge_loglevel(properties): pass else: # no attribute was specified LOG.error(usage_msg)
def _get_dhcp_profile_uuid(**kwargs): if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) dhcp_profile_uuid = properties.get('dhcp_profile_uuid') if dhcp_profile_uuid: return dhcp_profile_uuid nsxlib = utils.get_connected_nsxlib() if cfg.CONF.nsx_v3.dhcp_profile: return nsxlib.native_dhcp_profile.get_id_by_name_or_id( cfg.CONF.nsx_v3.dhcp_profile)
def nsx_update_metadata_proxy_server_ip(resource, event, trigger, **kwargs): """Update Metadata proxy server ip on the nsx.""" nsxlib = utils.get_connected_nsxlib() nsx_version = nsxlib.get_version() if not nsx_utils.is_nsx_version_1_1_0(nsx_version): LOG.error("This utility is not available for NSX version %s", nsx_version) return server_ip = None az_name = nsx_az.DEFAULT_NAME if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) server_ip = properties.get('server-ip') az_name = properties.get('availability-zone', az_name) if not server_ip or not netaddr.valid_ipv4(server_ip): LOG.error("Need to specify a valid server-ip parameter") return config.register_nsxv3_azs(cfg.CONF, cfg.CONF.nsx_v3.availability_zones) if (az_name != nsx_az.DEFAULT_NAME and az_name not in cfg.CONF.nsx_v3.availability_zones): LOG.error("Availability zone %s was not found in the configuration", az_name) return az = nsx_az.NsxV3AvailabilityZones().get_availability_zone(az_name) az.translate_configured_names_to_uuids(nsxlib) if (not az.metadata_proxy or not cfg.CONF.nsx_v3.native_dhcp_metadata): LOG.error( "Native DHCP metadata is not enabled in the configuration " "of availability zone %s", az_name) return metadata_proxy_uuid = az._native_md_proxy_uuid try: mdproxy = nsxlib.native_md_proxy.get(metadata_proxy_uuid) except nsx_exc.ResourceNotFound: LOG.error("metadata proxy %s not found", metadata_proxy_uuid) return # update the IP in the URL url = mdproxy.get('metadata_server_url') url = re.sub(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', server_ip, url) LOG.info( "Updating the URL of the metadata proxy server %(uuid)s to " "%(url)s", { 'uuid': metadata_proxy_uuid, 'url': url }) nsxlib.native_md_proxy.update(metadata_proxy_uuid, server_url=url) LOG.info("Done.")
def nsx_recreate_dhcp_edge(resource, event, trigger, **kwargs): """Recreate a dhcp edge with all the networks on a new NSXv edge""" usage_msg = ("Need to specify edge-id or net-id parameter") if not kwargs.get('property'): LOG.error(usage_msg) return # input validation properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) old_edge_id = properties.get('edge-id') if not old_edge_id: # if the net-id property exist - recreate the edge for this network net_id = properties.get('net-id') if net_id: nsx_recreate_dhcp_edge_by_net_id(net_id) return LOG.error(usage_msg) return LOG.info("ReCreating NSXv Edge: %s", old_edge_id) context = n_context.get_admin_context() # verify that this is a DHCP edge bindings = nsxv_db.get_nsxv_router_bindings_by_edge( context.session, old_edge_id) if (not bindings or not bindings[0]['router_id'].startswith( nsxv_constants.DHCP_EDGE_PREFIX)): LOG.error("Edge %(edge_id)s is not a DHCP edge", {'edge_id': old_edge_id}) return # init the plugin and edge manager cfg.CONF.set_override('core_plugin', 'vmware_nsx.shell.admin.plugins.nsxv.resources' '.utils.NsxVPluginWrapper') with utils.NsxVPluginWrapper() as plugin: nsxv_manager = vcns_driver.VcnsDriver( edge_utils.NsxVCallbacks(plugin)) edge_manager = edge_utils.EdgeManager(nsxv_manager, plugin) # find the networks bound to this DHCP edge networks_binding = nsxv_db.get_edge_vnic_bindings_by_edge( context.session, old_edge_id) network_ids = [binding['network_id'] for binding in networks_binding] # Delete the old edge delete_old_dhcp_edge(context, old_edge_id, bindings) # Move all the networks to other (new or existing) edge for net_id in network_ids: recreate_network_dhcp(context, plugin, edge_manager, old_edge_id, net_id)
def nsx_recreate_dhcp_edge(resource, event, trigger, **kwargs): """Recreate a dhcp edge with all the networks on a new NSXv edge""" usage_msg = ("Need to specify edge-id or net-id parameter") if not kwargs.get('property'): LOG.error(usage_msg) return # input validation properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) old_edge_id = properties.get('edge-id') if not old_edge_id: # if the net-id property exist - recreate the edge for this network net_id = properties.get('net-id') if net_id: nsx_recreate_dhcp_edge_by_net_id(net_id) return LOG.error(usage_msg) return LOG.info("ReCreating NSXv Edge: %s", old_edge_id) context = n_context.get_admin_context() # verify that this is a DHCP edge bindings = nsxv_db.get_nsxv_router_bindings_by_edge( context.session, old_edge_id) if (not bindings or not bindings[0]['router_id'].startswith( nsxv_constants.DHCP_EDGE_PREFIX)): LOG.error("Edge %(edge_id)s is not a DHCP edge", {'edge_id': old_edge_id}) return # init the plugin and edge manager cfg.CONF.set_override( 'core_plugin', 'vmware_nsx.shell.admin.plugins.nsxv.resources' '.utils.NsxVPluginWrapper') with utils.NsxVPluginWrapper() as plugin: nsxv_manager = vcns_driver.VcnsDriver(edge_utils.NsxVCallbacks(plugin)) edge_manager = edge_utils.EdgeManager(nsxv_manager, plugin) # find the networks bound to this DHCP edge networks_binding = nsxv_db.get_edge_vnic_bindings_by_edge( context.session, old_edge_id) network_ids = [binding['network_id'] for binding in networks_binding] # Delete the old edge delete_old_dhcp_edge(context, old_edge_id, bindings) # Move all the networks to other (new or existing) edge for net_id in network_ids: recreate_network_dhcp(context, plugin, edge_manager, old_edge_id, net_id)
def update_security_groups_logging(resource, event, trigger, **kwargs): """Update allowed traffic logging for all neutron security group rules""" errmsg = ("Need to specify log-allowed-traffic property. Add --property " "log-allowed-traffic=true/false") if not kwargs.get('property'): LOG.error("%s", errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) log_allowed_str = properties.get('log-allowed-traffic') if not log_allowed_str or log_allowed_str.lower() not in ['true', 'false']: LOG.error("%s", errmsg) return log_allowed = log_allowed_str.lower() == 'true' context = n_context.get_admin_context() with utils.NsxVPluginWrapper() as plugin: vcns = plugin.nsx_v.vcns sg_utils = plugin. nsx_sg_utils # If the section/sg is already logged, then no action is # required. security_groups = plugin.get_security_groups(context) LOG.info("Going to update logging of %s sections", len(security_groups)) for sg in [sg for sg in plugin.get_security_groups(context) if sg.get(sg_logging.LOGGING) is False]: if sg.get(sg_policy.POLICY): # Logging is not relevant with a policy continue section_uri = plugin._get_section_uri(context.session, sg['id']) if section_uri is None: continue # Section/sg is not logged, update rules logging according # to the 'log_security_groups_allowed_traffic' config # option. try: h, c = vcns.get_section(section_uri) section = sg_utils.parse_section(c) section_needs_update = sg_utils.set_rules_logged_option( section, log_allowed) if section_needs_update: vcns.update_section(section_uri, sg_utils.to_xml_string(section), h) except Exception as exc: LOG.error('Unable to update security group %(sg)s ' 'section for logging. %(e)s', {'e': exc, 'sg': sg['id']})
def delete_bgp_gw(resource, event, trigger, **kwargs): usage = ("nsxadmin -r bgp-gw-edge -o delete " "--property gw-edge-id=<EDGE_ID>") required_params = ('gw-edge-id', ) properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', [])) if not properties or not set(required_params) <= set(properties.keys()): LOG.error(usage) return edge_id = properties['gw-edge-id'] try: nsxv.vcns.delete_edge(edge_id) except Exception: LOG.error("Failed to delete edge %s", edge_id) return
def delete_bgp_gw(resource, event, trigger, **kwargs): usage = ("nsxadmin -r bgp-gw-edge -o delete " "--property gw-edge-id=<EDGE_ID>") required_params = ('gw-edge-id', ) properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', [])) if not properties or not set(required_params) <= set(properties.keys()): LOG.error(usage) return edge_id = properties['gw-edge-id'] try: nsxv.vcns.delete_edge(edge_id) except Exception: LOG.error("Failed to delete edge %s", edge_id) return
def generate_cert(resource, event, trigger, **kwargs): """Generate self signed client certificate and private key """ if not verify_client_cert_on(): return if cfg.CONF.nsx_v3.nsx_client_cert_storage.lower() == "none": LOG.info("Generate operation is not supported " "with storage type 'none'") return # update cert defaults based on user input properties = CERT_DEFAULTS.copy() if kwargs.get('property'): properties.update( admin_utils.parse_multi_keyval_opt(kwargs['property'])) try: prop = 'key-size' key_size = int(properties.get(prop)) prop = 'valid-days' valid_for_days = int(properties.get(prop)) except ValueError: LOG.info("%s property must be a number", prop) return signature_alg = properties.get('sig-alg') # TODO(annak): use nsxlib constants when they land subject = {} subject['country'] = properties.get('country') subject['state'] = properties.get('state') subject['organization'] = properties.get('org') subject['unit'] = properties.get('org') subject['hostname'] = properties.get('host') with get_certificate_manager(**kwargs) as cert: if cert.exists(): LOG.info("Deleting existing certificate") # Need to delete cert first cert.delete() try: cert.generate(subject, key_size, valid_for_days, signature_alg) except exceptions.InvalidInput as e: LOG.info(e) return LOG.info("Client certificate generated succesfully")
def delete_backend_network(resource, event, trigger, **kwargs): """Delete a backend network by its moref """ errmsg = ("Need to specify moref property. Add --property moref=<moref>") if not kwargs.get('property'): LOG.error("%s", errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) moref = properties.get('moref') if not moref: LOG.error("%s", errmsg) return backend_name = get_networks_name_map().get(moref) if not backend_name: LOG.error("Failed to find the backend network %(moref)s", {'moref': moref}) return # Note: in case the backend network is attached to other backend objects, # like VM, the deleting may fail and through an exception nsxv = utils.get_nsxv_client() if moref.startswith(PORTGROUP_PREFIX): # get the dvs id from the backend name: dvs_id = get_dvs_id_from_backend_name(backend_name) if not dvs_id: LOG.error("Failed to find the DVS id of backend network " "%(moref)s", {'moref': moref}) else: try: nsxv.delete_port_group(dvs_id, moref) except Exception as e: LOG.error("Failed to delete backend network %(moref)s : " "%(e)s", {'moref': moref, 'e': e}) else: LOG.info("Backend network %(moref)s was deleted", {'moref': moref}) else: # Virtual wire try: nsxv.delete_virtual_wire(moref) except Exception as e: LOG.error("Failed to delete backend network %(moref)s : " "%(e)s", {'moref': moref, 'e': e}) else: LOG.info("Backend network %(moref)s was deleted", {'moref': moref})
def nsx_update_switch(resource, event, trigger, **kwargs): nsxv = utils.get_nsxv_client() if not kwargs.get('property'): LOG.error("Need to specify dvs-id parameter and " "attribute to update. Add --property dvs-id=<dvs-id> " "--property teamingpolicy=<policy>") return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) dvs_id = properties.get('dvs-id') if not dvs_id: LOG.error("Need to specify dvs-id. " "Add --property dvs-id=<dvs-id>") return try: h, switch = nsxv.get_vdn_switch(dvs_id) except exceptions.ResourceNotFound: LOG.error("DVS %s not found", dvs_id) return supported_policies = ['ETHER_CHANNEL', 'LOADBALANCE_LOADBASED', 'LOADBALANCE_SRCID', 'LOADBALANCE_SRCMAC', 'FAILOVER_ORDER', 'LACP_ACTIVE', 'LACP_PASSIVE', 'LACP_V2'] policy = properties.get('teamingpolicy') if policy in supported_policies: if switch['teamingPolicy'] == policy: LOG.info("Policy already set!") return LOG.info("Updating NSXv switch %(dvs)s teaming policy to " "%(policy)s", {'dvs': dvs_id, 'policy': policy}) switch['teamingPolicy'] = policy try: switch = nsxv.update_vdn_switch(switch) except exceptions.VcnsApiException as e: desc = jsonutils.loads(e.response) details = desc.get('details') if details.startswith("No enum constant"): LOG.error("Unknown teaming policy %s", policy) else: LOG.error("Unexpected error occurred: %s", details) return LOG.info("Switch value after update: %s", switch) else: LOG.info("Current switch value is: %s", switch) LOG.error("Invalid teaming policy. " "Add --property teamingpolicy=<policy>") LOG.error("Possible values: %s", ', '.join(supported_policies))
def nsx_recreate_dhcp_server(resource, event, trigger, **kwargs): """Recreate DHCP server & binding for a neutron network""" if not cfg.CONF.nsx_v3.native_dhcp_metadata: LOG.error("Native DHCP is disabled.") return errmsg = ("Need to specify net-id property. Add --property net-id=<id>") if not kwargs.get('property'): LOG.error("%s", errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) net_id = properties.get('net-id') if not net_id: LOG.error("%s", errmsg) return context = neutron_context.get_admin_context() with utils.NsxV3PluginWrapper() as plugin: # verify that this is an existing network with dhcp enabled try: network = plugin._get_network(context, net_id) except exceptions.NetworkNotFound: LOG.error("Network %s was not found", net_id) return if plugin._has_no_dhcp_enabled_subnet(context, network): LOG.error("Network %s has no DHCP enabled subnet", net_id) return dhcp_relay = plugin.get_network_az_by_net_id( context, net_id).dhcp_relay_service if dhcp_relay: LOG.error("Native DHCP should not be enabled with dhcp relay") return # find the dhcp subnet of this network subnet_id = None for subnet in network.subnets: if subnet.enable_dhcp: subnet_id = subnet.id break if not subnet_id: LOG.error("Network %s has no DHCP enabled subnet", net_id) return dhcp_subnet = plugin.get_subnet(context, subnet_id) # disable and re-enable the dhcp plugin._enable_native_dhcp(context, network, dhcp_subnet) LOG.info("Done.")
def nsx_update_dhcp_edge_binding(resource, event, trigger, **kwargs): """Resync DHCP bindings on NSXv Edge""" if not kwargs['property']: LOG.error(_LE("Need to specify edge-id parameter")) return else: properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) LOG.info(_LI("Updating NSXv Edge: %s"), properties.get('edge-id')) # Need to create a NeutronDbPlugin object; so that we are able to # do neutron list-ports. plugin = db_base_plugin_v2.NeutronDbPluginV2() nsxv_manager = vcns_driver.VcnsDriver( edge_utils.NsxVCallbacks(plugin)) edge_manager = edge_utils.EdgeManager(nsxv_manager, plugin) edge_manager.update_dhcp_service_config( neutron_db.context, properties.get('edge-id'))
def delete_backend_router(resource, event, trigger, **kwargs): nsxlib = utils.get_connected_nsxlib() errmsg = ("Need to specify nsx-id property. Add --property nsx-id=<id>") if not kwargs.get('property'): LOG.error("%s", errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) nsx_id = properties.get('nsx-id') if not nsx_id: LOG.error("%s", errmsg) return # check if the router exists try: nsxlib.logical_router.get(nsx_id, silent=True) except nsx_exc.ResourceNotFound: # prevent logger from logging this exception sys.exc_clear() LOG.warning("Backend router %s was not found.", nsx_id) return # try to delete it try: # first delete its ports ports = nsxlib.logical_router_port.get_by_router_id(nsx_id) for port in ports: nsxlib.logical_router_port.delete(port['id']) nsxlib.logical_router.delete(nsx_id) except Exception as e: LOG.error("Failed to delete backend router %(id)s : %(e)s.", { 'id': nsx_id, 'e': e }) return # Verify that the router was deleted since the backend does not always # throws errors try: nsxlib.logical_router.get(nsx_id, silent=True) except nsx_exc.ResourceNotFound: # prevent logger from logging this exception sys.exc_clear() LOG.info("Backend router %s was deleted.", nsx_id) else: LOG.error("Failed to delete backend router %s.", nsx_id)
def nsx_update_edge(resource, event, trigger, **kwargs): """Update edge properties""" if not kwargs.get('property'): LOG.error(_LE("Need to specify edge-id parameter and " "attribute to update. Add --property edge-id=<edge-id> " "--property highavailability=True")) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) if not properties.get('edge-id'): LOG.error(_LE("Need to specify edge-id. " "Add --property edge-id=<edge-id>")) return LOG.info(_LI("Updating NSXv edge: %(edge)s with properties\n%(prop)s"), {'edge': properties.get('edge-id'), 'prop': properties}) if properties.get('highavailability'): change_edge_ha(properties) elif properties.get('size'): change_edge_appliance_size(properties)
def nsx_clean_backup_edge(resource, event, trigger, **kwargs): """Delete backup edge""" errmsg = ("Need to specify edge-id property. Add --property " "edge-id=<edge-id>") if not kwargs.get('property'): LOG.error(_LE("%s"), errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) edge_id = properties.get('edge-id') if not edge_id: LOG.error(_LE("%s"), errmsg) return try: edge = nsxv.get_edge(edge_id) except exceptions.NeutronException as x: LOG.error(_LE("%s"), str(x)) else: # edge[0] is response status code # edge[1] is response body backup_edges = [e['id'] for e in get_nsxv_backup_edges()] if (not edge[1]['name'].startswith('backup-') or edge[1]['id'] not in backup_edges): LOG.error(_LE('Edge: %s is not a backup edge; aborting delete'), edge_id) return confirm = admin_utils.query_yes_no("Do you want to delete edge: %s" % edge_id, default="no") if not confirm: LOG.info(_LI("Backup edge deletion aborted by user")) return try: with locking.LockManager.get_lock(edge_id): # Delete from NSXv backend nsxv.delete_edge(edge_id) # Remove bindings from Neutron DB edgeapi = utils.NeutronDbClient() nsxv_db.delete_nsxv_router_binding(edgeapi.context.session, edge[1]['name']) nsxv_db.clean_edge_vnic_binding(edgeapi.context.session, edge_id) except Exception as expt: LOG.error(_LE("%s"), str(expt))
def nsx_clean_backup_edge(resource, event, trigger, **kwargs): """Delete backup edge""" errmsg = ("Need to specify edge-id property. Add --property " "edge-id=<edge-id>") if not kwargs.get('property'): LOG.error(_LE("%s"), errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) edge_id = properties.get('edge-id') if not edge_id: LOG.error(_LE("%s"), errmsg) return try: edge = nsxv.get_edge(edge_id) except exceptions.NeutronException as e: LOG.error(_LE("%s"), str(e)) else: # edge[0] is response status code # edge[1] is response body backup_edges = [e['id'] for e in get_nsxv_backup_edges()] if (not edge[1]['name'].startswith('backup-') or edge[1]['id'] not in backup_edges): LOG.error( _LE('Edge: %s is not a backup edge; aborting delete'), edge_id) return confirm = admin_utils.query_yes_no( "Do you want to delete edge: %s" % edge_id, default="no") if not confirm: LOG.info(_LI("Backup edge deletion aborted by user")) return try: with locking.LockManager.get_lock(edge_id): # Delete from NSXv backend nsxv.delete_edge(edge_id) # Remove bindings from Neutron DB edgeapi = utils.NeutronDbClient() nsxv_db.delete_nsxv_router_binding( edgeapi.context.session, edge[1]['name']) nsxv_db.clean_edge_vnic_binding(edgeapi.context.session, edge_id) except Exception as e: LOG.error(_LE("%s"), str(e))
def remove_bgp_neighbour(resource, event, trigger, **kwargs): usage = ("nsxadmin -r bgp-neighbour -o delete " "--property gw-edge-ids=<GW_EDGE_ID>[,...] " "--property ip-address=<IP_ADDRESS>") required_params = ('gw-edge-ids', 'ip-address') properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', [])) if not properties or not set(required_params) <= set(properties.keys()): LOG.error(usage) return nbr = nsxv_bgp.gw_bgp_neighbour(properties['ip-address'], '', '') edge_ids = properties['gw-edge-ids'].split(',') for edge_id in edge_ids: try: nsxv.remove_bgp_neighbours(edge_id, [nbr]) except exceptions.ResourceNotFound: LOG.error("Edge %s was not found", edge_id) return
def remove_bgp_neighbour(resource, event, trigger, **kwargs): usage = ("nsxadmin -r bgp-neighbour -o delete " "--property gw-edge-ids=<GW_EDGE_ID>[,...] " "--property ip-address=<IP_ADDRESS>") required_params = ('gw-edge-ids', 'ip-address') properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', [])) if not properties or not set(required_params) <= set(properties.keys()): LOG.error(usage) return nbr = nsxv_bgp.gw_bgp_neighbour(properties['ip-address'], '', '') edge_ids = properties['gw-edge-ids'].split(',') for edge_id in edge_ids: try: nsxv.remove_bgp_neighbours(edge_id, [nbr]) except exceptions.ResourceNotFound: LOG.error("Edge %s was not found", edge_id) return
def nsx_list_mismatch_addresses(resource, event, trigger, **kwargs): """List missing spoofguard policies approved addresses on NSXv. Address pairs defined on neutron compute ports that are missing from the NSX-V spoofguard policy of a specific/all networks. """ network_id = None if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) network_id = properties.get('network') spgapi = utils.NeutronDbClient() if network_id: policy_id = nsxv_db.get_spoofguard_policy_id(spgapi.context.session, network_id) if not policy_id: LOG.error( "Could not find spoofguard policy for neutron network " "%s", network_id) return with utils.NsxVPluginWrapper() as plugin: missing_data = nsx_list_mismatch_addresses_for_net( spgapi.context, plugin, network_id, policy_id) else: with utils.NsxVPluginWrapper() as plugin: missing_data = [] # Go over all the networks with spoofguard policies mappings = get_spoofguard_policy_network_mappings() for entry in mappings: missing_data.extend( nsx_list_mismatch_addresses_for_net( spgapi.context, plugin, entry['network_id'], entry['policy_id'])) if missing_data: LOG.info( formatters.output_formatter(constants.SPOOFGUARD_POLICY, missing_data, ['network', 'policy', 'port', 'data'])) else: LOG.info("No mismatches found.")
def delete_redis_rule(resource, event, trigger, **kwargs): usage = ("nsxadmin -r routing-redistribution-rule -o delete " "--property gw-edge-ids=<GW_EDGE_ID>[,...]" "[--property prefix-name=<NAME>]") required_params = ('gw-edge-ids', ) properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', [])) if not properties or not set(required_params) <= set(properties.keys()): LOG.error(usage) return edge_ids = properties['gw-edge-ids'].split(',') # If no prefix-name is given then remove rules configured with default # prefix. prefixes = [properties.get('prefix-name')] for edge_id in edge_ids: try: nsxv.remove_bgp_redistribution_rules(edge_id, prefixes) except exceptions.ResourceNotFound: LOG.error("Edge %s was not found", edge_id) return
def nsx_redo_metadata_cfg(resource, event, trigger, **kwargs): properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property')) edgeapi = utils.NeutronDbClient() plugin = utils.NsxVPluginWrapper() edge_id = properties.get('edge-id') if properties: if edge_id: nsx_redo_metadata_cfg_for_edge(edgeapi.context, plugin, edge_id) return else: # if the net-id property exist - recreate the edge for this network az_name = properties.get('az-name') if az_name: nsx_redo_metadata_cfg_for_az(edgeapi.context, plugin, az_name) return LOG.error('Cannot parse properties %s', properties) return nsx_redo_metadata_cfg_all(edgeapi.context, plugin)
def nsx_recreate_router_or_edge(resource, event, trigger, **kwargs): """Recreate a router edge with all the data on a new NSXv edge""" if not kwargs.get('property'): LOG.error("Need to specify edge-id or router-id parameter") return # input validation properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) old_edge_id = properties.get('edge-id') router_id = properties.get('router-id') if (not old_edge_id and not router_id) or (old_edge_id and router_id): LOG.error("Need to specify edge-id or router-id parameter") return if old_edge_id: LOG.info("ReCreating NSXv Router Edge: %s", old_edge_id) return nsx_recreate_router_edge(old_edge_id) else: LOG.info("ReCreating NSXv Router: %s", router_id) return nsx_recreate_router(router_id)
def nsx_update_dhcp_edge_binding(resource, event, trigger, **kwargs): """Resync DHCP bindings on NSXv Edge""" if not kwargs['property']: LOG.error(_LE("Need to specify edge-id parameter")) return else: properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) edge_id = properties.get('edge-id') LOG.info(_LI("Updating NSXv Edge: %s"), edge_id) # Need to create a NeutronDbPlugin object; so that we are able to # do neutron list-ports. plugin = db_base_plugin_v2.NeutronDbPluginV2() nsxv_manager = vcns_driver.VcnsDriver(edge_utils.NsxVCallbacks(plugin)) edge_manager = edge_utils.EdgeManager(nsxv_manager, plugin) try: edge_manager.update_dhcp_service_config(neutron_db.context, edge_id) except exceptions.ResourceNotFound: LOG.error(_LE("Edge %s not found"), edge_id)
def import_projects(resource, event, trigger, **kwargs): """Import existing openstack projects to the current plugin""" # TODO(asarfaty): get the projects list from keystone # get the plugin name from the user if not kwargs.get('property'): LOG.error("Need to specify plugin and project parameters") return else: properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) plugin = properties.get('plugin') project = properties.get('project') if not plugin or not project: LOG.error("Need to specify plugin and project parameters") return if plugin not in projectpluginmap.VALID_TYPES: LOG.error("The supported plugins are %s", projectpluginmap.VALID_TYPES) return ctx = n_context.get_admin_context() if not db.get_project_plugin_mapping(ctx.session, project): db.add_project_plugin_mapping(ctx.session, project, plugin)
def nsx_list_mismatch_addresses(resource, event, trigger, **kwargs): """List missing spoofguard policies approved addresses on NSXv. Address pairs defined on neutron compute ports that are missing from the NSX-V spoofguard policy of a specific/all networks. """ network_id = None if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) network_id = properties.get('network') spgapi = utils.NeutronDbClient() if network_id: policy_id = nsxv_db.get_spoofguard_policy_id( spgapi.context.session, network_id) if not policy_id: LOG.error("Could not find spoofguard policy for neutron network " "%s", network_id) return with utils.NsxVPluginWrapper() as plugin: missing_data = nsx_list_mismatch_addresses_for_net( spgapi.context, plugin, network_id, policy_id) else: with utils.NsxVPluginWrapper() as plugin: missing_data = [] # Go over all the networks with spoofguard policies mappings = get_spoofguard_policy_network_mappings() for entry in mappings: missing_data.extend(nsx_list_mismatch_addresses_for_net( spgapi.context, plugin, entry['network_id'], entry['policy_id'])) if missing_data: LOG.info(formatters.output_formatter( constants.SPOOFGUARD_POLICY, missing_data, ['network', 'policy', 'port', 'data'])) else: LOG.info("No mismatches found.")
def delete_backend_network(resource, event, trigger, **kwargs): errmsg = ("Need to specify nsx-id property. Add --property nsx-id=<id>") if not kwargs.get('property'): LOG.error("%s", errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) nsx_id = properties.get('nsx-id') if not nsx_id: LOG.error("%s", errmsg) return nsxlib = utils.get_connected_nsxlib() # check if the network exists try: nsxlib.logical_switch.get(nsx_id, silent=True) except nsx_exc.ResourceNotFound: # prevent logger from logging this exception sys.exc_clear() LOG.warning("Backend network %s was not found.", nsx_id) return # try to delete it try: nsxlib.logical_switch.delete(nsx_id) except Exception as e: LOG.error("Failed to delete backend network %(id)s : %(e)s.", { 'id': nsx_id, 'e': e}) return # Verify that the network was deleted since the backend does not always # through errors try: nsxlib.logical_switch.get(nsx_id, silent=True) except nsx_exc.ResourceNotFound: # prevent logger from logging this exception sys.exc_clear() LOG.info("Backend network %s was deleted.", nsx_id) else: LOG.error("Failed to delete backend network %s.", nsx_id)
def add_bgp_neighbour(resource, event, trigger, **kwargs): usage = ("nsxadmin -r bgp-neighbour -o create " "--property gw-edge-ids=<GW_EDGE_ID>[,...] " "--property ip-address=<IP_ADDRESS> " "--property remote-as=<AS_NUMBER> " "--property password=<PASSWORD>") required_params = ('gw-edge-ids', 'ip-address', 'remote-as', 'password') properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', [])) if not properties or not set(required_params) <= set(properties.keys()): LOG.error(usage) return remote_as = properties['remote-as'] if not _validate_asn(remote_as): return nbr = nsxv_bgp.gw_bgp_neighbour(properties['ip-address'], properties['remote-as'], properties['password']) edge_ids = properties['gw-edge-ids'].split(',') for edge_id in edge_ids: try: nsxv.add_bgp_neighbours(edge_id, [nbr]) except exceptions.ResourceNotFound: LOG.error("Edge %s was not found", edge_id) return res = [{'edge_id': edge_id, 'ip_address': properties['ip-address'], 'remote_as': properties['remote-as'], 'hold_down_timer': cfg.CONF.nsxv.bgp_neighbour_hold_down_timer, 'keep_alive_timer': cfg.CONF.nsxv.bgp_neighbour_keep_alive_timer} for edge_id in edge_ids] headers = ['edge_id', 'ip_address', 'remote_as', 'hold_down_timer', 'keep_alive_timer'] LOG.info(formatters.output_formatter('New BPG neighbour', res, headers))
def nsx_rate_limit_update(resource, event, trigger, **kwargs): """Set the NSX rate limit The default value is 40. 0 means no limit """ nsxlib = utils.get_connected_nsxlib() if not nsxlib.feature_supported(nsx_constants.FEATURE_RATE_LIMIT): LOG.error("This utility is not available for NSX version %s", nsxlib.get_version()) return rate_limit = None if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) rate_limit = properties.get('value', None) if rate_limit is None or not rate_limit.isdigit(): usage = ("nsxadmin -r rate-limit -o nsx-update " "--property value=<new limit>") LOG.error("Missing parameters. Usage: %s", usage) return nsxlib.http_services.update_rate_limit(rate_limit) LOG.info("NSX rate limit was updated to %s", rate_limit)
def nsx_update_dhcp_edge_binding(resource, event, trigger, **kwargs): """Resync DHCP bindings on NSXv Edge""" if not kwargs.get('property'): LOG.error("Need to specify edge-id parameter") return else: properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) edge_id = properties.get('edge-id') if not edge_id: LOG.error("Need to specify edge-id parameter") return LOG.info("Updating NSXv Edge: %s", edge_id) # Need to create a plugin object; so that we are able to # do neutron list-ports. with utils.NsxVPluginWrapper() as plugin: nsxv_manager = vcns_driver.VcnsDriver( edge_utils.NsxVCallbacks(plugin)) edge_manager = edge_utils.EdgeManager(nsxv_manager, plugin) try: edge_manager.update_dhcp_service_config( neutron_db.context, edge_id) except exceptions.ResourceNotFound: LOG.error("Edge %s not found", edge_id)
def nsx_update_edges(resource, event, trigger, **kwargs): """Update all edges with the given property""" if not kwargs.get('property'): usage_msg = ("Need to specify a property to update all edges. " "Add --property appliances=<True/False>") LOG.error(usage_msg) return edges = utils.get_nsxv_backend_edges() properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) result = 0 for edge in edges: if properties.get('appliances', 'false').lower() == "true": try: change_edge_appliance(edge.get('edge-id')) except Exception as e: result += 1 LOG.error("Failed to update edge %(edge)s. Exception: " "%(e)s", {'edge': edge.get('edge-id'), 'e': str(e)}) if result > 0: total = len(edges) LOG.error("%(result)s of %(total)s edges failed " "to update.", {'result': result, 'total': total})
def nsx_fix_mismatch_addresses(resource, event, trigger, **kwargs): """Fix missing spoofguard policies approved addresses for a port.""" port_id = None if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) port_id = properties.get('port') if not port_id: usage_msg = ("Need to specify the id of the neutron port. " "Add --property port=<port_id>") LOG.error(usage_msg) return spgapi = utils.NeutronDbClient() with utils.NsxVPluginWrapper() as plugin: try: port = plugin.get_port(spgapi.context, port_id) except exceptions.PortNotFound: LOG.error("Could not find neutron port %s", port_id) return vnic_id = get_port_vnic_id(plugin, port) plugin._update_vnic_assigned_addresses( spgapi.context.session, port, vnic_id) LOG.info("Done.")
def nsx_fix_name_mismatch(resource, event, trigger, **kwargs): errmsg = ("Need to specify edge-id property. Add --property " "edge-id=<edge-id>") if not kwargs.get('property'): LOG.error(_LE("%s"), errmsg) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) edgeapi = utils.NeutronDbClient() edge_id = properties.get('edge-id') if not edge_id: LOG.error(_LE("%s"), errmsg) return try: # edge[0] is response status code # edge[1] is response body edge = nsxv.get_edge(edge_id)[1] except exceptions.NeutronException as e: LOG.error(_LE("%s"), str(e)) else: if edge['name'].startswith('backup-'): rtr_binding = nsxv_db.get_nsxv_router_binding_by_edge( edgeapi.context.session, edge['id']) if rtr_binding['router_id'] == edge['name']: LOG.error( _LE('Edge %s no mismatch with NSX'), edge_id) return try: with locking.LockManager.get_lock(edge_id): # Update edge at NSXv backend if rtr_binding['router_id'].startswith('dhcp-'): # Edge is a DHCP edge - just use router_id as name edge['name'] = rtr_binding['router_id'] else: # This is a router - if shared, prefix with 'shared-' nsx_attr = (edgeapi.context.session.query( nsxv_models.NsxvRouterExtAttributes).filter_by( router_id=rtr_binding['router_id']).first()) if nsx_attr and nsx_attr['router_type'] == 'shared': edge['name'] = ('shared-' + _uuid())[ :vcns_const.EDGE_NAME_LEN] elif (nsx_attr and nsx_attr['router_type'] == 'exclusive'): rtr_db = (edgeapi.context.session.query( l3_db.Router).filter_by( id=rtr_binding['router_id']).first()) if rtr_db: edge['name'] = ( rtr_db['name'][ :nsxv_constants.ROUTER_NAME_LENGTH - len(rtr_db['id'])] + '-' + rtr_db['id']) else: LOG.error( _LE('No database entry for router id %s'), rtr_binding['router_id']) else: LOG.error( _LE('Could not determine the name for ' 'Edge %s'), edge_id) return confirm = admin_utils.query_yes_no( "Do you want to rename edge %s to %s" % (edge_id, edge['name']), default="no") if not confirm: LOG.info(_LI("Edge rename aborted by user")) return LOG.info(_LI("Edge rename started")) # remove some keys that will fail the NSX transaction edge_utils.remove_irrelevant_keys_from_edge_request(edge) try: LOG.error(_LE("Update edge...")) nsxv.update_edge(edge_id, edge) except Exception as e: LOG.error(_LE("Update failed - %s"), (e)) except Exception as e: LOG.error(_LE("%s"), str(e)) else: LOG.error( _LE('Edge %s has no backup prefix on NSX'), edge_id) return
def migrate_compute_ports_vms(resource, event, trigger, **kwargs): """Update the VMs ports on the backend after migrating nsx-v -> nsx-v3 After using api_replay to migrate the neutron data from NSX-V to NSX-T we need to update the VM ports to use OpaqueNetwork instead of DistributedVirtualPortgroup """ # Connect to the DVS manager, using the configuration parameters try: vm_mng = dvs.VMManager() except Exception as e: LOG.error("Cannot connect to the DVS: Please update the [dvs] " "section in the nsx.ini file: %s", e) return port_filters = {} if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) project = properties.get('project-id') if project: port_filters['project_id'] = [project] net_name = properties.get('net-name', 'VM Network') LOG.info("Common network name for migration %s", net_name) host_moref = properties.get('host-moref') # TODO(garyk): We can explore the option of passing the cluster # moref then this will remove the need for the host-moref and the # resource pool moref. respool_moref = properties.get('respool-moref') datastore_moref = properties.get('datastore-moref') if not host_moref: LOG.error("Unable to migrate with no host") return # Go over all the ports from the plugin admin_cxt = neutron_context.get_admin_context() with PortsPlugin() as plugin: neutron_ports = plugin.get_ports(admin_cxt, filters=port_filters) for port in neutron_ports: # skip non compute ports if (not port.get('device_owner').startswith( const.DEVICE_OWNER_COMPUTE_PREFIX)): continue device_id = port.get('device_id') # get the vm moref & spec from the DVS vm_moref = vm_mng.get_vm_moref_obj(device_id) vm_spec = vm_mng.get_vm_spec(vm_moref) if not vm_spec: LOG.error("Failed to get the spec of vm %s", device_id) continue # Go over the VM interfaces and check if it should be updated update_spec = False for prop in vm_spec.propSet: if (prop.name == 'network' and hasattr(prop.val, 'ManagedObjectReference')): for net in prop.val.ManagedObjectReference: if (net._type == 'DistributedVirtualPortgroup' or net._type == 'Network'): update_spec = True if not update_spec: LOG.info("No need to update the spec of vm %s", device_id) continue device = get_vm_network_device(vm_mng, vm_moref, port['mac_address']) if device is None: LOG.warning("No device with MAC address %s exists on the VM", port['mac_address']) continue # Update interface to be common network devices = [vm_mng.update_vm_network(device, name=net_name)] LOG.info("Update instance %s to common network", device_id) vm_mng.update_vm_interface(vm_moref, devices=devices) LOG.info("Migrate instance %s to host %s", device_id, host_moref) vm_mng.relocate_vm(vm_moref, host_moref=host_moref, datastore_moref=datastore_moref, respool_moref=respool_moref) LOG.info("Update instance %s to opaque network", device_id) device = get_vm_network_device(vm_mng, vm_moref, port['mac_address']) vif_info = {'nsx_id': get_network_nsx_id(admin_cxt.session, port['network_id']), 'iface_id': port['id']} devices = [vm_mng.update_vm_opaque_spec(vif_info, device)] vm_mng.update_vm_interface(vm_moref, devices=devices) LOG.info("Instance %s successfully migrated!", device_id)
def migrate_v_project_to_t(resource, event, trigger, **kwargs): """Migrate 1 project from v to t with all its resources""" # filter out the plugins INFO logging # TODO(asarfaty): Consider this for all admin utils LOG.logger.setLevel(logging.INFO) logging.getLogger(None).logger.setLevel(logging.WARN) # get the configuration: tenant + public network + from file flag usage = ("Usage: nsxadmin -r projects -o %s --property project-id=<> " "--property external-net=<NSX-T external network to be used> " "<--property from-file=True>" % shell.Operations.NSX_MIGRATE_V_V3.value) if not kwargs.get('property'): LOG.error("Missing parameters: %s", usage) return properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) project = properties.get('project-id') ext_net_id = properties.get('external-net') from_file = properties.get('from-file', 'false').lower() == "true" # TODO(asarfaty): get files path if not project: LOG.error("Missing project-id parameter: %s", usage) return if not ext_net_id: LOG.error("Missing external-net parameter: %s", usage) return # check if files exist in the current directory try: filename = get_resource_file_name(project, 'network') file = open(filename, 'r') if file.read(): if not from_file: from_file = admin_utils.query_yes_no( "Use existing resources files for this project?", default="yes") file.close() except Exception: sys.exc_clear() if from_file: LOG.error("Cannot run from file: files not found") return # validate tenant id and public network ctx = n_context.get_admin_context() mapping = db.get_project_plugin_mapping(ctx.session, project) current_plugin = mapping.plugin if not mapping: LOG.error("Project %s is unknown", project) return if not from_file and current_plugin != projectpluginmap.NsxPlugins.NSX_V: LOG.error("Project %s belongs to plugin %s.", project, mapping.plugin) return with v3_utils.NsxV3PluginWrapper() as plugin: try: plugin.get_network(ctx, ext_net_id) except exceptions.NetworkNotFound: LOG.error("Network %s was not found", ext_net_id) return if not plugin._network_is_external(ctx, ext_net_id): LOG.error("Network %s is not external", ext_net_id) return if from_file: # read resources from files objects = read_v_resources_from_files(project) else: # read all V resources and dump to a file objects = read_v_resources_to_files(ctx, project) # delete all the V resources (reading it from the files) if current_plugin == projectpluginmap.NsxPlugins.NSX_V: delete_v_resources(ctx, objects) # change the mapping of this tenant to T db.update_project_plugin_mapping(ctx.session, project, projectpluginmap.NsxPlugins.NSX_T) # use api replay flag to allow keeping the IDs cfg.CONF.set_override('api_replay_mode', True) # add resources 1 by one after adapting them to T (api-replay code) create_t_resources(ctx, objects, ext_net_id) # reset api replay flag to allow keeping the IDs cfg.CONF.set_override('api_replay_mode', False)
def create_bgp_gw(resource, event, trigger, **kwargs): """Creates a new BGP GW edge""" usage = ("nsxadmin -r bgp-gw-edge -o create " "--property name=<GW_EDGE_NAME> " "--property local-as=<LOCAL_AS_NUMBER> " "--property external-iface=<PORTGROUP>:<IP_ADDRESS/PREFIX_LEN> " "--property internal-iface=<PORTGROUP>:<IP_ADDRESS/PREFIX_LEN> " "[--property default-gateway=<IP_ADDRESS>] " "[--property az-hint=<AZ_HINT>] " "[--property size=compact,large,xlarge,quadlarge]") required_params = ('name', 'local-as', 'internal-iface', 'external-iface') properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', [])) if not properties or not set(required_params) <= set(properties.keys()): LOG.error(usage) return local_as = properties['local-as'] if not _validate_asn(local_as): return size = properties.get('size', nsxv_constants.LARGE) if size not in vcns_const.ALLOWED_EDGE_SIZES: msg = ("Property 'size' takes one of the following values: %s." % ','.join(vcns_const.ALLOWED_EDGE_SIZES)) LOG.error(msg) return external_iface_info = _extract_interface_info(properties['external-iface']) internal_iface_info = _extract_interface_info(properties['internal-iface']) if not (external_iface_info and internal_iface_info): return if 'default-gateway' in properties: default_gw = _extract_interface_info(properties['default-gateway']) if not default_gw: msg = ("Property 'default-gateway' doesn't contain a valid IP " "address.") LOG.error(msg) return default_gw = default_gw[1] else: default_gw = None config.register_nsxv_azs(cfg.CONF, cfg.CONF.nsxv.availability_zones) az_hint = properties.get('az-hint', 'default') az = nsx_az.NsxVAvailabilityZones().get_availability_zone(az_hint) edge_id, gateway_ip = _assemble_gw_edge(properties['name'], size, external_iface_info, internal_iface_info, default_gw, az) nsxv.add_bgp_speaker_config(edge_id, gateway_ip, local_as, True, [], [], [], default_originate=True) res = {'name': properties['name'], 'edge_id': edge_id, 'size': size, 'availability_zone': az.name, 'bgp_identifier': gateway_ip, 'local_as': local_as} headers = ['name', 'edge_id', 'size', 'bgp_identifier', 'availability_zone', 'local_as'] LOG.info(formatters.output_formatter('BGP GW Edge', [res], headers))