def create_ipsec_site_connection(self, context, ipsec_site_connection):
LOG.debug('Creating ipsec site connection %(conn_info)s.',
{"conn_info": ipsec_site_connection})
new_ipsec = self._convert_ipsec_conn(context, ipsec_site_connection)
vpnservice_id = ipsec_site_connection['vpnservice_id']
edge_id = self._get_router_edge_id(context, vpnservice_id)[1]
with locking.LockManager.get_lock(edge_id):
vse_sites = self._generate_new_sites(edge_id, new_ipsec)
ipsec_id = ipsec_site_connection["id"]
try:
LOG.debug('Updating ipsec vpn configuration %(vse_sites)s.',
{'vse_sites': vse_sites})
self._update_ipsec_config(edge_id, vse_sites, enabled=True)
except vcns_exc.VcnsApiException:
self._update_status(context, vpnservice_id, ipsec_id, "ERROR")
msg = (_("Failed to create ipsec site connection "
"configuration with %(edge_id)s.") % {
'edge_id': edge_id
})
raise nsxv_exc.NsxPluginException(err_msg=msg)
LOG.debug('Updating ipsec vpn firewall')
try:
self._update_firewall_rules(context, vpnservice_id)
except vcns_exc.VcnsApiException:
self._update_status(context, vpnservice_id, ipsec_id, "ERROR")
msg = (_("Failed to update firewall rule for ipsec vpn "
"with %(edge_id)s.") % {
'edge_id': edge_id
})
raise nsxv_exc.NsxPluginException(err_msg=msg)
self._update_status(context, vpnservice_id, ipsec_id, "ACTIVE")
def update_lrouter_port_ips(cluster, lrouter_id, lport_id, ips_to_add,
ips_to_remove):
uri = nsxlib._build_uri_path(LROUTERPORT_RESOURCE, lport_id, lrouter_id)
try:
port = nsxlib.do_request(HTTP_GET, uri, cluster=cluster)
# TODO(salvatore-orlando): Enforce ips_to_add intersection with
# ips_to_remove is empty
ip_address_set = set(port['ip_addresses'])
ip_address_set = ip_address_set - set(ips_to_remove)
ip_address_set = ip_address_set | set(ips_to_add)
# Set is not JSON serializable - convert to list
port['ip_addresses'] = list(ip_address_set)
nsxlib.do_request(HTTP_PUT,
uri,
jsonutils.dumps(port),
cluster=cluster)
except exception.NotFound:
# FIXME(salv-orlando):avoid raising different exception
data = {'lport_id': lport_id, 'lrouter_id': lrouter_id}
msg = (_("Router Port %(lport_id)s not found on router "
"%(lrouter_id)s") % data)
LOG.exception(msg)
raise nsx_exc.NsxPluginException(err_msg=msg)
except api_exc.NsxApiException as e:
msg = _("An exception occurred while updating IP addresses on a "
"router logical port:%s") % e
LOG.exception(msg)
raise nsx_exc.NsxPluginException(err_msg=msg)
def _get_proxy_edges(self, context):
proxy_edge_ips = []
db_edge_ips = get_db_internal_edge_ips(context, self.az.name)
if len(db_edge_ips) > len(self.az.mgt_net_proxy_ips):
error = (_('Number of configured metadata proxy IPs is smaller '
'than number of Edges which are already provisioned '
'for availability zone %s'), self.az.name)
raise nsxv_exc.NsxPluginException(err_msg=error)
pool = eventlet.GreenPool(min(MAX_INIT_THREADS,
len(self.az.mgt_net_proxy_ips)))
# Edge IPs that exist in both lists have to be validated that their
# Edge appliance settings are valid
for edge_inner_ip in pool.imap(
self._setup_proxy_edge_route_and_connectivity,
list(set(db_edge_ips) & set(self.az.mgt_net_proxy_ips))):
proxy_edge_ips.append(edge_inner_ip)
# Edges that exist only in the CFG list, should be paired with Edges
# that exist only in the DB list. The existing Edge from the list will
# be reconfigured to match the new config
edge_to_convert_ips = (
list(set(db_edge_ips) - set(self.az.mgt_net_proxy_ips)))
edge_ip_to_set = (
list(set(self.az.mgt_net_proxy_ips) - set(db_edge_ips)))
if edge_to_convert_ips:
if cfg.CONF.nsxv.metadata_initializer:
for edge_inner_ip in pool.imap(
self._setup_proxy_edge_external_interface_ip,
zip(edge_to_convert_ips, edge_ip_to_set)):
proxy_edge_ips.append(edge_inner_ip)
else:
error = _('Metadata initialization is incomplete on '
'initializer node')
raise nsxv_exc.NsxPluginException(err_msg=error)
# Edges that exist in the CFG list but do not have a matching DB
# element will be created.
remaining_cfg_ips = edge_ip_to_set[len(edge_to_convert_ips):]
if remaining_cfg_ips:
if cfg.CONF.nsxv.metadata_initializer:
for edge_inner_ip in pool.imap(
self._setup_new_proxy_edge, remaining_cfg_ips):
proxy_edge_ips.append(edge_inner_ip)
pool.waitall()
else:
error = _('Metadata initialization is incomplete on '
'initializer node')
raise nsxv_exc.NsxPluginException(err_msg=error)
return proxy_edge_ips
def validate_nsxv_config_options():
if (cfg.CONF.nsxv.manager_uri is None or cfg.CONF.nsxv.user is None
or cfg.CONF.nsxv.password is None):
error = _("manager_uri, user, and password must be configured!")
raise nsx_exc.NsxPluginException(err_msg=error)
if cfg.CONF.nsxv.dvs_id is None:
LOG.warning(_LW("dvs_id must be configured to support VLANs!"))
if cfg.CONF.nsxv.vdn_scope_id is None:
LOG.warning(_LW("vdn_scope_id must be configured to support VXLANs!"))
if cfg.CONF.nsxv.use_dvs_features and not dvs_utils.dvs_is_enabled():
error = _("dvs host/vcenter credentials must be defined to use "
"dvs features")
raise nsx_exc.NsxPluginException(err_msg=error)
def _create_ssl_cert(self, edge_id=None):
# Create a self signed certificate in the backend if both Cert details
# and private key are not supplied in nsx.ini
if (not cfg.CONF.nsxv.metadata_nova_client_cert and
not cfg.CONF.nsxv.metadata_nova_client_priv_key):
h = self.nsxv_plugin.nsx_v.vcns.create_csr(edge_id)[0]
# Extract the CSR ID from header
csr_id = lbaas_common.extract_resource_id(h['location'])
# Create a self signed certificate
cert = self.nsxv_plugin.nsx_v.vcns.create_csr_cert(csr_id)[1]
cert_id = cert['objectId']
else:
# Raise an error if either the Cert path or the private key is not
# configured
error = None
if not cfg.CONF.nsxv.metadata_nova_client_cert:
error = _('Metadata certificate path not configured')
elif not cfg.CONF.nsxv.metadata_nova_client_priv_key:
error = _('Metadata client private key not configured')
if error:
raise nsxv_exc.NsxPluginException(err_msg=error)
pem_encoding = utils.read_file(
cfg.CONF.nsxv.metadata_nova_client_cert)
priv_key = utils.read_file(
cfg.CONF.nsxv.metadata_nova_client_priv_key)
request = {
'pemEncoding': pem_encoding,
'privateKey': priv_key}
cert = self.nsxv_plugin.nsx_v.vcns.upload_edge_certificate(
edge_id, request)[1]
cert_id = cert.get('certificates')[0]['objectId']
return cert_id
def _get_edge_id_or_raise(self, context, router_id):
edge_id = edge_utils.get_router_edge_id(context, router_id)
if not edge_id:
error = (_("Failed to get router %(rid)s edge Id") %
{'rid': router_id})
raise nsxv_exc.NsxPluginException(err_msg=error)
return edge_id
def delete_nsxv_edge_firewallrule_binding(session, id):
with session.begin(subtransactions=True):
if not (session.query(
nsxv_models.NsxvEdgeFirewallRuleBinding).filter_by(
rule_id=id).delete()):
msg = _("Rule Resource binding with id:%s not found!") % id
raise nsx_exc.NsxPluginException(err_msg=msg)
def lsn_metadata_configure(self, context, subnet_id, is_enabled):
"""Configure metadata service for the specified subnet."""
subnet = self.plugin.get_subnet(context, subnet_id)
network_id = subnet['network_id']
meta_conf = cfg.CONF.NSX_METADATA
metadata_options = {
'metadata_server_ip': meta_conf.metadata_server_address,
'metadata_server_port': meta_conf.metadata_server_port,
'metadata_proxy_shared_secret': meta_conf.metadata_shared_secret
}
try:
lsn_id = self.lsn_get(context, network_id)
lsn_api.lsn_metadata_configure(
self.cluster, lsn_id, is_enabled, metadata_options)
except (p_exc.LsnNotFound, api_exc.NsxApiException):
err_msg = (_('Unable to configure metadata '
'for subnet %s') % subnet_id)
LOG.error(err_msg)
raise p_exc.NsxPluginException(err_msg=err_msg)
if is_enabled:
try:
# test that the lsn port exists
self.lsn_port_get(context, network_id, subnet_id)
except p_exc.LsnPortNotFound:
# this might happen if subnet had dhcp off when created
# so create one, and wire it
self.lsn_port_metadata_setup(context, lsn_id, subnet)
else:
self.lsn_port_dispose(context, network_id, const.METADATA_MAC)
def __init__(self, plugin, cluster, state_sync_interval,
req_delay, min_chunk_size, max_rand_delay=0,
initial_delay=5):
random.seed()
self._nsx_cache = NsxCache()
# Store parameters as instance members
# NOTE(salv-orlando): apologies if it looks java-ish
self._plugin = plugin
self._cluster = cluster
self._req_delay = req_delay
self._sync_interval = state_sync_interval
self._max_rand_delay = max_rand_delay
# Validate parameters
if self._sync_interval < self._req_delay:
err_msg = (_("Minimum request delay:%(req_delay)s must not "
"exceed synchronization interval:%(sync_interval)s") %
{'req_delay': self._req_delay,
'sync_interval': self._sync_interval})
LOG.error(err_msg)
raise nsx_exc.NsxPluginException(err_msg=err_msg)
# Backoff time in case of failures while fetching sync data
self._sync_backoff = 1
# Store the looping call in an instance variable to allow unit tests
# for controlling its lifecycle
self._sync_looping_call = _start_loopingcall(
min_chunk_size, state_sync_interval,
self._synchronize_state, initial_delay=initial_delay)
def _create_local_endpoint(self, context, local_addr, nsx_service_id,
router_id, project_id):
"""Creating an NSX local endpoint for a logical router
This endpoint can be reused by other connections, and will be deleted
when the router is deleted or gateway is removed
"""
# Add the neutron router-id to the tags to help search later
tags = self._nsxlib.build_v3_tags_payload(
{
'id': router_id,
'project_id': project_id
},
resource_type='os-neutron-router-id',
project_name=context.tenant_name)
try:
local_endpoint = self._nsx_vpn.local_endpoint.create(
'Local endpoint for OS VPNaaS',
local_addr,
nsx_service_id,
tags=tags)
except nsx_lib_exc.ManagerError as e:
msg = _("Failed to create a local endpoint: %s") % e
raise nsx_exc.NsxPluginException(err_msg=msg)
return local_endpoint['id']
def get_plugin_type_from_project(self, context, project_id):
"""Get the correct plugin type for this project.
Look for the project in the DB.
If not there - add an entry with the default plugin
"""
plugin_type = self.default_plugin
if not project_id:
# if the project_id is empty - return the default one and do not
# add to db (used by admin context to get actions)
return plugin_type
mapping = nsx_db.get_project_plugin_mapping(
context.session, project_id)
if mapping:
plugin_type = mapping['plugin']
else:
# add a new entry with the default plugin
try:
self.create_project_plugin_map(
context,
{'project_plugin_map': {'plugin': plugin_type,
'project': project_id}},
internal=True)
except projectpluginmap.ProjectPluginAlreadyExists:
# Maybe added by another thread
pass
if not self.plugins.get(plugin_type):
msg = (_("Cannot use unsupported plugin %(plugin)s for project "
"%(project)s") % {'plugin': plugin_type,
'project': project_id})
raise nsx_exc.NsxPluginException(err_msg=msg)
LOG.debug("Using %s plugin for project %s", plugin_type, project_id)
return plugin_type
def setup_dhcpmeta_access(self):
"""Initialize support for DHCP and Metadata services."""
self._init_extensions()
if cfg.CONF.NSX.agent_mode == config.AgentModes.AGENT:
self._setup_rpc_dhcp_metadata()
mod = nsx_rpc
elif cfg.CONF.NSX.agent_mode == config.AgentModes.AGENTLESS:
self._setup_nsx_dhcp_metadata()
mod = nsx_svc
elif cfg.CONF.NSX.agent_mode == config.AgentModes.COMBINED:
notifier = self._setup_nsx_dhcp_metadata()
self._setup_rpc_dhcp_metadata(notifier=notifier)
mod = combined
else:
error = _("Invalid agent_mode: %s") % cfg.CONF.NSX.agent_mode
LOG.error(error)
raise nsx_exc.NsxPluginException(err_msg=error)
self.handle_network_dhcp_access_delegate = (
mod.handle_network_dhcp_access
)
self.handle_port_dhcp_access_delegate = (
mod.handle_port_dhcp_access
)
self.handle_port_metadata_access_delegate = (
mod.handle_port_metadata_access
)
self.handle_metadata_access_delegate = (
mod.handle_router_metadata_access
)
def _create_ipsec_profile(self, context, connection):
"""Create an ipsec profile for a connection"""
# Note(asarfaty) the NSX profile can be reused, so we can consider
# creating it only once in the future, and keeping a use-count for it.
# There is no driver callback for profiles creation so it has to be
# done on connection creation.
ipsec_policy_id = connection['ipsecpolicy_id']
ipsecpolicy = self.vpn_plugin.get_ipsecpolicy(context, ipsec_policy_id)
try:
profile = self._nsx_vpn.tunnel_profile.create(
ipsecpolicy['name'] or ipsecpolicy['id'],
description=ipsecpolicy['description'],
encryption_algorithm=ipsec_utils.ENCRYPTION_ALGORITHM_MAP[
ipsecpolicy['encryption_algorithm']],
digest_algorithm=ipsec_utils.AUTH_ALGORITHM_MAP[
ipsecpolicy['auth_algorithm']],
dh_group=ipsec_utils.PFS_MAP[ipsecpolicy['pfs']],
pfs=True,
sa_life_time=ipsecpolicy['lifetime']['value'],
tags=self._nsx_tags(context, connection))
except nsx_lib_exc.ManagerError as e:
msg = _("Failed to create a tunnel profile: %s") % e
raise nsx_exc.NsxPluginException(err_msg=msg)
return profile['id']
def lsn_create(self, context, network_id):
"""Create a LSN associated to the network."""
try:
return lsn_api.lsn_for_network_create(self.cluster, network_id)
except api_exc.NsxApiException:
err_msg = _('Unable to create LSN for network %s') % network_id
raise p_exc.NsxPluginException(err_msg=err_msg)
def lsn_port_dhcp_configure(self, context, lsn_id, lsn_port_id, subnet):
"""Enable/disable dhcp services with the given config options."""
is_enabled = subnet["enable_dhcp"]
dhcp_options = {
"domain_name": cfg.CONF.NSX_DHCP.domain_name,
"default_lease_time": cfg.CONF.NSX_DHCP.default_lease_time,
}
dns_servers = cfg.CONF.NSX_DHCP.extra_domain_name_servers or []
dns_servers.extend(subnet["dns_nameservers"])
if subnet['gateway_ip']:
dhcp_options["routers"] = subnet["gateway_ip"]
if dns_servers:
dhcp_options["domain_name_servers"] = ",".join(dns_servers)
if subnet["host_routes"]:
dhcp_options["classless_static_routes"] = (
",".join(subnet["host_routes"])
)
try:
lsn_api.lsn_port_dhcp_configure(
self.cluster, lsn_id, lsn_port_id, is_enabled, dhcp_options)
except (n_exc.NotFound, api_exc.NsxApiException):
err_msg = (_('Unable to configure dhcp for Logical Service '
'Node %(lsn_id)s and port %(lsn_port_id)s')
% {'lsn_id': lsn_id, 'lsn_port_id': lsn_port_id})
LOG.error(err_msg)
raise p_exc.NsxPluginException(err_msg=err_msg)
def allocate_edge_vnic_with_tunnel_index(session, edge_id, network_id,
availability_zone):
"""Allocate an available edge vnic with tunnel index to network."""
# TODO(berlin): temporary solution to let metadata and dhcp use
# different vnics
int_net = get_nsxv_internal_network(
session, constants.InternalEdgePurposes.INTER_EDGE_PURPOSE,
availability_zone)
metadata_net_id = int_net['network_id'] if int_net else None
with session.begin(subtransactions=True):
query = session.query(nsxv_models.NsxvEdgeVnicBinding)
query = query.filter(
nsxv_models.NsxvEdgeVnicBinding.edge_id == edge_id,
nsxv_models.NsxvEdgeVnicBinding.network_id == expr.null())
if metadata_net_id:
vnic_binding = get_edge_vnic_binding(
session, edge_id, metadata_net_id)
if vnic_binding:
vnic_index = vnic_binding.vnic_index
query = query.filter(
nsxv_models.NsxvEdgeVnicBinding.vnic_index != vnic_index)
binding = query.first()
if not binding:
msg = (_("Failed to allocate one available vnic on edge_id: "
":%(edge_id)s to network_id: %(network_id)s") %
{'edge_id': edge_id, 'network_id': network_id})
LOG.error(msg)
raise nsx_exc.NsxPluginException(err_msg=msg)
binding['network_id'] = network_id
session.add(binding)
return binding
def __init__(self):
LOG.info(_LI("Loading VMware NSX-V Qos Service Plugin"))
super(NsxVQosPlugin, self).__init__()
if not cfg.CONF.nsxv.use_dvs_features:
error = _("Cannot use the NSX-V QoS plugin without "
"enabling the dvs features")
raise nsx_exc.NsxPluginException(err_msg=error)
def update_ipsec_site_connection(self, context, old_ipsec_conn,
ipsec_site_connection):
LOG.debug('Updating ipsec site connection %(site)s.',
{"site": ipsec_site_connection})
vpnservice_id = old_ipsec_conn['vpnservice_id']
ipsec_id = old_ipsec_conn['id']
edge_id = self._get_router_edge_id(context, vpnservice_id)[1]
with locking.LockManager.get_lock(edge_id):
vse_sites = self._update_site_dict(context, edge_id,
old_ipsec_conn,
ipsec_site_connection)
if not vse_sites:
self._update_status(context, vpnservice_id, ipsec_id, "ERROR")
LOG.error(
"Failed to find ipsec_site_connection "
"%(ipsec_site_conn)s with %(edge_id)s.", {
'ipsec_site_conn': ipsec_site_connection,
'edge_id': edge_id
})
raise nsxv_exc.NsxIPsecVpnMappingNotFound(conn=ipsec_id)
try:
LOG.debug('Updating ipsec vpn configuration %(vse_sites)s.',
{'vse_sites': vse_sites})
self._update_ipsec_config(edge_id, vse_sites)
except vcns_exc.VcnsApiException:
self._update_status(context, vpnservice_id, ipsec_id, "ERROR")
msg = (_("Failed to create ipsec site connection "
"configuration with %(edge_id)s.") % {
'edge_id': edge_id
})
raise nsxv_exc.NsxPluginException(err_msg=msg)
if 'peer_cidrs' in ipsec_site_connection:
# Update firewall
old_ipsec_conn['peer_cidrs'] = (
ipsec_site_connection['peer_cidrs'])
try:
self._update_firewall_rules(context, vpnservice_id)
except vcns_exc.VcnsApiException:
self._update_status(context, vpnservice_id, ipsec_id,
"ERROR")
msg = (_("Failed to update firewall rule for ipsec "
"vpn with %(edge_id)s.") % {
'edge_id': edge_id
})
raise nsxv_exc.NsxPluginException(err_msg=msg)
def init_availability_zones(self):
# Make sure there are no overlaps between v/t availability zones
if (self.plugins.get(projectpluginmap.NsxPlugins.NSX_V) and
self.plugins.get(projectpluginmap.NsxPlugins.NSX_T) and
bool(set(cfg.CONF.nsxv.availability_zones) &
set(cfg.CONF.nsx_v3.availability_zones))):
msg = _("Cannot use the same availability zones in NSX-V and T")
raise nsx_exc.NsxPluginException(err_msg=msg)
def lsn_save(self, context, network_id, lsn_id):
"""Save LSN-Network mapping to the DB."""
try:
lsn_db.lsn_add(context, network_id, lsn_id)
except db_exc.DBError:
err_msg = _('Unable to save LSN for network %s') % network_id
LOG.exception(err_msg)
raise p_exc.NsxPluginException(err_msg=err_msg)
def get_nsxv_edge_firewallrule_binding_by_vseid(session, edge_id, rule_vseid):
with session.begin(subtransactions=True):
try:
return (session.query(
nsxv_models.NsxvEdgeFirewallRuleBinding).filter_by(
edge_id=edge_id, rule_vse_id=rule_vseid).one())
except exc.NoResultFound:
msg = _("Rule Resource binding not found!")
raise nsx_exc.NsxPluginException(err_msg=msg)
def create(self, context, pool, completor):
lb_id = pool['loadbalancer_id']
pool_client = self.core_plugin.nsxlib.load_balancer.pool
pool_name = utils.get_name_and_uuid(pool['name'] or 'pool', pool['id'])
tags = self._get_pool_tags(context, pool)
description = pool.get('description')
lb_algorithm = lb_const.LB_POOL_ALGORITHM_MAP.get(pool['lb_algorithm'])
if pool.get('listeners') and len(pool['listeners']) > 1:
completor(success=False)
msg = (_('Failed to create pool: Multiple listeners are not '
'supported.'))
raise n_exc.BadRequest(resource='lbaas-pool', msg=msg)
# NOTE(salv-orlando): Guard against accidental compat breakages
try:
listener = pool['listener'] or pool['listeners'][0]
except IndexError:
# If listeners is an empty list we hit this exception
listener = None
# Perform additional validation for session persistence before
# creating resources in the backend
lb_common.validate_session_persistence(pool, listener, completor)
try:
kwargs = self._get_pool_kwargs(pool_name, tags, lb_algorithm,
description)
lb_pool = pool_client.create(**kwargs)
nsx_db.add_nsx_lbaas_pool_binding(context.session, lb_id,
pool['id'], lb_pool['id'])
except nsxlib_exc.ManagerError:
completor(success=False)
msg = (_('Failed to create pool on NSX backend: %(pool)s') % {
'pool': pool['id']
})
raise n_exc.BadRequest(resource='lbaas-pool', msg=msg)
# The pool object can be created with either --listener or
# --loadbalancer option. If listener is present, the virtual server
# will be updated with the pool. Otherwise, just return. The binding
# will be added later when the pool is associated with layer7 rule.
# FIXME(salv-orlando): This two-step process can leave a zombie pool on
# NSX if the VS update operation fails
if listener:
listener_id = listener['id']
binding = nsx_db.get_nsx_lbaas_listener_binding(
context.session, lb_id, listener_id)
if binding:
vs_id = binding['lb_vs_id']
self._process_vs_update(context, pool, listener, lb_pool['id'],
vs_id, completor)
nsx_db.update_nsx_lbaas_pool_binding(context.session, lb_id,
pool['id'], vs_id)
else:
completor(success=False)
msg = (_("Couldn't find binding on the listener: %s") %
listener['id'])
raise nsx_exc.NsxPluginException(err_msg=msg)
completor(success=True)
def lsn_port_save(self, context, lsn_port_id, subnet_id, mac_addr, lsn_id):
"""Save LSN Port information to the DB."""
try:
lsn_db.lsn_port_add_for_lsn(
context, lsn_port_id, subnet_id, mac_addr, lsn_id)
except db_exc.DBError:
err_msg = _('Unable to save LSN port for subnet %s') % subnet_id
LOG.exception(err_msg)
raise p_exc.NsxPluginException(err_msg=err_msg)
def lsn_port_create(self, context, lsn_id, subnet_info):
"""Create and return LSN port for associated subnet."""
try:
return lsn_api.lsn_port_create(self.cluster, lsn_id, subnet_info)
except n_exc.NotFound:
raise p_exc.LsnNotFound(entity='', entity_id=lsn_id)
except api_exc.NsxApiException:
err_msg = _('Unable to create port for LSN %s') % lsn_id
raise p_exc.NsxPluginException(err_msg=err_msg)
def _update_ipsec_config(self, edge_id, sites, enabled=True):
ipsec_config = {'featureType': "ipsec_4.0", 'enabled': enabled}
ipsec_config['sites'] = {'sites': sites}
try:
self._vcns.update_ipsec_config(edge_id, ipsec_config)
except vcns_exc.VcnsApiException:
msg = _("Failed to update ipsec vpn configuration with "
"edge_id: %s") % edge_id
raise nsxv_exc.NsxPluginException(err_msg=msg)
def _get_driver_for_project(self, project):
plugin_type = tvd_utils.get_tvd_plugin_type_for_project(project)
if not self.drivers.get(plugin_type):
msg = (_("Project %(project)s with plugin %(plugin)s has no "
"support for VPNaaS"), {
'project': project,
'plugin': plugin_type
})
raise nsx_exc.NsxPluginException(err_msg=msg)
return self.drivers[plugin_type]
def _get_internal_network_and_subnet(self, context):
# Try to find internal net, internal subnet. If not found, create new
internal_net = self._get_internal_net_by_az(context)
internal_subnet = None
if internal_net:
internal_subnet = self.nsxv_plugin.get_subnets(
context, fields=['id'], filters={'network_id':
[internal_net]})[0]['id']
if internal_net is None or internal_subnet is None:
if cfg.CONF.nsxv.metadata_initializer:
# Couldn't find net, subnet - create new
try:
internal_net, internal_subnet = (
self._create_metadata_internal_network(
context, INTERNAL_SUBNET))
except Exception as e:
nsxv_db.delete_nsxv_internal_network(
context.session,
vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE,
internal_net)
# if network is created, clean up
if internal_net:
self.nsxv_plugin.delete_network(context, internal_net)
error = (_("Exception %s while creating internal "
"network for metadata service") % e)
LOG.exception(error)
raise nsxv_exc.NsxPluginException(err_msg=error)
# Update the new network_id in DB
nsxv_db.create_nsxv_internal_network(
context.session, nsxv_constants.INTER_EDGE_PURPOSE,
self.az.name, internal_net)
else:
error = _('Metadata initialization is incomplete on '
'initializer node')
raise nsxv_exc.NsxPluginException(err_msg=error)
return internal_net, internal_subnet
def _find_vpn_service(self, tier0_uuid):
# find the service for the tier0 router in the NSX.
# Note(asarfaty) we expect only a small number of services
services = self._nsx_vpn.service.list()['results']
for srv in services:
if srv['logical_router_id'] == tier0_uuid:
# if it exists but disabled: issue an error
if not srv.get('enabled', True):
msg = _("NSX vpn service %s must be enabled") % srv['id']
raise nsx_exc.NsxPluginException(err_msg=msg)
return srv['id']
def _create_vpn_service(self, tier0_uuid):
try:
service = self._nsx_vpn.service.create(
'Neutron VPN service for T0 router ' + tier0_uuid,
tier0_uuid,
enabled=True,
ike_log_level=ipsec_utils.DEFAULT_LOG_LEVEL,
tags=self._nsx_tags_for_reused())
except nsx_lib_exc.ManagerError as e:
msg = _("Failed to create vpn service: %s") % e
raise nsx_exc.NsxPluginException(err_msg=msg)
return service['id']
def _check_services_requirements(self):
try:
error = None
nsx_svc.check_services_requirements(self.cluster)
except nsx_exc.InvalidVersion:
error = _("Unable to run Neutron with config option '%s', as NSX "
"does not support it") % cfg.CONF.NSX.agent_mode
except nsx_exc.ServiceClusterUnavailable:
error = _("Unmet dependency for config option "
"'%s'") % cfg.CONF.NSX.agent_mode
if error:
LOG.error(error)
raise nsx_exc.NsxPluginException(err_msg=error)
