def test_vrf_contract_update(self):
l3out = a_res.L3Outside(tenant_name='t1', name='o1',
display_name='OUT')
ext_net = a_res.ExternalNetwork(
tenant_name='t1', l3out_name='o1', name='inet1',
display_name='INET1')
self.mgr.create(self.ctx, a_res.Tenant(name=self.vrf1_tenant_name))
self.ns.create_l3outside(self.ctx, l3out)
self.ns.create_external_network(self.ctx, ext_net)
vrf1 = a_res.VRF(tenant_name=self.vrf1_tenant_name, name='vrf1',
display_name='VRF1')
self.mgr.create(self.ctx, vrf1)
if self.fix_l3out_vrf:
self.mgr.update(self.ctx, l3out, vrf_name=vrf1.name)
ext_net.provided_contract_names = ['p1_vrf1', 'p2_vrf1']
ext_net.consumed_contract_names = ['c1_vrf1', 'c2_vrf1']
self.ns.connect_vrf(self.ctx, ext_net, vrf1)
self._check_vrf_contract_update('stage1')
# update contracts
ext_net.provided_contract_names = ['arp', 'p2_vrf1']
ext_net.consumed_contract_names = ['arp', 'c2_vrf1']
self.ns.connect_vrf(self.ctx, ext_net, vrf1)
self._check_vrf_contract_update('stage2')
# unset contracts
ext_net.provided_contract_names = []
ext_net.consumed_contract_names = []
self.ns.connect_vrf(self.ctx, ext_net, vrf1)
self._check_vrf_contract_update('stage3')
def test_external_subnet_update(self):
l3out = a_res.L3Outside(tenant_name='t1', name='o1',
display_name='OUT')
ext_net = a_res.ExternalNetwork(
tenant_name='t1', l3out_name='o1', name='inet1',
display_name='INET1')
self.mgr.create(self.ctx, a_res.Tenant(name=self.vrf1_tenant_name))
self.ns.create_l3outside(self.ctx, l3out)
self.ns.create_external_network(self.ctx, ext_net)
self.ns.update_external_cidrs(self.ctx, ext_net,
['20.20.20.0/24', '50.50.0.0/16'])
# Connect vrf1 to ext_net
vrf1 = a_res.VRF(tenant_name=self.vrf1_tenant_name, name='vrf1',
display_name='VRF1')
self.mgr.create(self.ctx, vrf1)
if self.fix_l3out_vrf:
self.mgr.update(self.ctx, l3out, vrf_name=vrf1.name)
ext_net.provided_contract_names = ['p1_vrf1', 'p2_vrf1']
ext_net.consumed_contract_names = ['c1_vrf1', 'c2_vrf1']
self.ns.connect_vrf(self.ctx, ext_net, vrf1)
self._check_external_subnet_update("stage1")
# Add & remove external-subnet
self.ns.update_external_cidrs(self.ctx, ext_net,
['100.200.0.0/28', '50.50.0.0/16'])
self._check_external_subnet_update("stage2")
# Remove all external-subnets
self.ns.update_external_cidrs(self.ctx, ext_net, [])
self._check_external_subnet_update("stage3")
def test_external_network_pre(self):
self.mgr.create(self.ctx, a_res.Tenant(name='t1'))
l3out = a_res.L3Outside(tenant_name='t1', name='o1',
display_name='OUT',
monitored=True)
self.mgr.create(self.ctx, l3out)
self.ns.create_l3outside(self.ctx, l3out)
ext_net = a_res.ExternalNetwork(
tenant_name='t1', l3out_name='o1', name='inet1',
display_name='INET1',
monitored=True,
provided_contract_names=['foo'],
consumed_contract_names=['bar'])
self.mgr.create(self.ctx, ext_net)
self.ns.create_external_network(self.ctx, ext_net)
ext_net.provided_contract_names.append('EXT-o1')
ext_net.consumed_contract_names.append('EXT-o1')
self._verify(present=[ext_net])
self.ns.delete_external_network(self.ctx, ext_net)
ext_net.provided_contract_names = ['foo']
ext_net.consumed_contract_names = ['bar']
self._verify(present=[ext_net])
def _get_vrf_1_ext_net_1_objects(self, connected=True):
return {
'l3out': a_res.L3Outside(
tenant_name='t1', name='o1',
display_name='OUT',
vrf_name='vrf1'),
'ext_net': a_res.ExternalNetwork(
tenant_name='t1', l3out_name='o1',
name='inet1', display_name='INET1',
provided_contract_names=(
['EXT-o1', 'p1_vrf1', 'p2_vrf1']
if connected else ['EXT-o1']),
consumed_contract_names=(
['EXT-o1', 'c1_vrf1', 'c2_vrf1']
if connected else ['EXT-o1'])),
'nat_bd': a_res.BridgeDomain(
tenant_name='t1', name='EXT-o1',
display_name='EXT-OUT',
vrf_name='EXT-o1',
limit_ip_learn_to_subnets=True,
l3out_names=['o1']),
'ext_sub_1': a_res.ExternalSubnet(
tenant_name='t1', l3out_name='o1',
external_network_name='inet1', cidr='20.20.20.0/24'),
'ext_sub_2': a_res.ExternalSubnet(
tenant_name='t1', l3out_name='o1',
external_network_name='inet1', cidr='50.50.0.0/16')}
def test_delete_l3outside_with_vrf(self):
self.mgr.create(self.ctx, a_res.Tenant(name=self.vrf1_tenant_name))
l3out = a_res.L3Outside(tenant_name='t1', name='o1',
display_name='OUT')
ext_net = a_res.ExternalNetwork(
tenant_name='t1', l3out_name='o1', name='inet1',
display_name='INET1')
ext_net2 = a_res.ExternalNetwork(
tenant_name='t1', l3out_name='o1', name='inet1_1',
display_name='INET1_1')
self.ns.create_l3outside(self.ctx, l3out)
self.ns.create_subnet(self.ctx, l3out, '200.10.20.1/28')
self.ns.create_external_network(self.ctx, ext_net)
self.ns.create_external_network(self.ctx, ext_net2)
self.ns.update_external_cidrs(self. ctx, ext_net,
['20.20.20.0/24', '50.50.0.0/16'])
# Connect vrf1 to ext_net with external-subnet
vrf1 = a_res.VRF(tenant_name=self.vrf1_tenant_name, name='vrf1',
display_name='VRF1')
self.mgr.create(self.ctx, vrf1)
if self.fix_l3out_vrf:
self.mgr.update(self.ctx, l3out, vrf_name=vrf1.name)
ext_net.provided_contract_names = ['p1_vrf1', 'p2_vrf1']
ext_net.consumed_contract_names = ['c1_vrf1', 'c2_vrf1']
self.ns.connect_vrf(self.ctx, ext_net, vrf1)
self._check_delete_l3outside_with_vrf('stage1')
self.ns.delete_l3outside(self.ctx, l3out)
self._check_delete_l3outside_with_vrf('stage2')
def test_bd_l3out_vrf_in_tenant(self):
self.mgr.create(self.ctx, a_res.Tenant(name='dept1'))
vrf = a_res.VRF(tenant_name='dept1', name='default')
bd1_dept1 = a_res.BridgeDomain(tenant_name='dept1', name='bd1',
limit_ip_learn_to_subnets=True,
vrf_name='default')
bd2_dept1 = a_res.BridgeDomain(tenant_name='dept1', name='bd2',
limit_ip_learn_to_subnets=True,
vrf_name='foo')
for o in [vrf, bd1_dept1, bd2_dept1]:
self.mgr.create(self.ctx, o)
l3out = a_res.L3Outside(tenant_name='dept1', name='o1')
ext_net = a_res.ExternalNetwork(
tenant_name='dept1', l3out_name='o1', name='inet1')
self.ns.create_l3outside(self.ctx, l3out)
self.ns.create_external_network(self.ctx, ext_net)
self.mgr.update(self.ctx, l3out, vrf_name='default')
self._verify(present=[bd1_dept1, bd2_dept1])
self.ns.connect_vrf(self.ctx, ext_net, vrf)
bd1_dept1.l3out_names = ['o1']
self._verify(present=[bd1_dept1, bd2_dept1])
self.ns.disconnect_vrf(self.ctx, ext_net, vrf)
bd1_dept1.l3out_names = []
self._verify(present=[bd1_dept1, bd2_dept1])
def fix_no_nat_l3out_ownership(aim_ctx):
"""Relinquish ownership of no-NAT L3Outs in AIM and APIC."""
saved_l3out_table = sa.Table(
'aim_lib_save_l3out',
sa.MetaData(),
sa.Column('tenant_name', sa.String(), primary_key=True),
sa.Column('name', sa.String(), primary_key=True),
sa.Column('monitored', nullable=True),
sa.Column('vrf_name', nullable=True))
session = aim_ctx.store.db_session
bind = session.get_bind()
with session.begin(subtransactions=True):
if not saved_l3out_table.exists(bind=bind):
return
results = session.execute(
saved_l3out_table.select(saved_l3out_table.c.monitored.is_(True)))
click.echo("Fixing ownership of no-NAT L3Outs")
rows = results.fetchall()
if rows:
cfg_mgr = config.ConfigManager(aim_ctx)
system_id = cfg_mgr.get_option('aim_system_id', 'aim')
aim_mgr = aim_manager.AimManager()
apic = aci_universe.AciUniverse.establish_aci_session(cfg_mgr)
for row in rows:
l3out = resource.L3Outside(tenant_name=row['tenant_name'],
name=row['name'])
aim_mgr.update(aim_ctx, l3out, monitored=True)
tag_dn = "/mo/" + l3out.dn + "/tag-" + system_id
click.echo('Deleting AIM tag %s' % tag_dn)
apic.DELETE(tag_dn + ".json")
# drop the table after the transaction completes because databases
# like MySQL hold locks on the table
saved_l3out_table.drop(bind=bind)
def test_connect_vrfs(self):
l3out = a_res.L3Outside(tenant_name='t1', name='o1',
display_name='OUT')
ext_net = a_res.ExternalNetwork(
tenant_name='t1', l3out_name='o1', name='inet1',
display_name='INET1')
self.mgr.create(self.ctx, a_res.Tenant(name=self.vrf1_tenant_name))
self.mgr.create(self.ctx, a_res.Tenant(name=self.vrf2_tenant_name))
self.ns.create_l3outside(self.ctx, l3out)
self.ns.create_external_network(self.ctx, ext_net)
self.ns.update_external_cidrs(self.ctx, ext_net,
['20.20.20.0/24', '50.50.0.0/16'])
# connect vrf_1
vrf1 = a_res.VRF(tenant_name=self.vrf1_tenant_name, name='vrf1',
display_name='VRF1')
if self.vrf1_tenant_name != self.bd1_tenant_name:
self.mgr.create(self.ctx, a_res.Tenant(name='dept1'))
if self.fix_l3out_vrf:
self.mgr.update(self.ctx, l3out, vrf_name=vrf1.name)
bd1 = a_res.BridgeDomain(tenant_name=self.bd1_tenant_name, name='bd1',
limit_ip_learn_to_subnets=True,
vrf_name='vrf1')
self.mgr.create(self.ctx, vrf1)
self.mgr.create(self.ctx, bd1)
ext_net.provided_contract_names = ['p1_vrf1', 'p2_vrf1']
ext_net.consumed_contract_names = ['c1_vrf1', 'c2_vrf1']
self.ns.connect_vrf(self.ctx, ext_net, vrf1)
connected_vrfs = self.ns.read_vrfs(self.ctx, ext_net)
self.assertEqual(vrf1, connected_vrfs[0])
self._check_connect_vrfs('stage1')
# connect vrf_1 again - should be no-op
self.ns.connect_vrf(self.ctx, ext_net, vrf1)
self._check_connect_vrfs('stage1')
# connect vrf_2
vrf2 = a_res.VRF(tenant_name=self.vrf2_tenant_name, name='vrf2',
display_name='VRF2')
bd2 = a_res.BridgeDomain(tenant_name=self.vrf2_tenant_name, name='bd2',
limit_ip_learn_to_subnets=True,
vrf_name='vrf2')
self.mgr.create(self.ctx, vrf2)
self.mgr.create(self.ctx, bd2)
ext_net.provided_contract_names = ['p1_vrf2', 'p2_vrf2']
ext_net.consumed_contract_names = ['c1_vrf2', 'c2_vrf2']
if self.fix_l3out_vrf:
self.mgr.update(self.ctx, l3out, vrf_name=vrf2.name)
self.ns.connect_vrf(self.ctx, ext_net, vrf2)
self._check_connect_vrfs('stage2')
# disconnect vrf_1
self.ns.disconnect_vrf(self.ctx, ext_net, vrf1)
self._check_connect_vrfs('stage3')
# disconnect vrf_2
self.ns.disconnect_vrf(self.ctx, ext_net, vrf2)
self._check_connect_vrfs('stage4')
def test_connect_vrf_multiple(self):
l3out1 = a_res.L3Outside(tenant_name='t1', name='o1',
display_name='OUT')
ext_net1 = a_res.ExternalNetwork(
tenant_name='t1', l3out_name='o1', name='inet1',
display_name='INET1')
self.mgr.create(self.ctx, a_res.Tenant(name=self.vrf1_tenant_name))
self.ns.create_l3outside(self.ctx, l3out1)
self.ns.create_external_network(self.ctx, ext_net1)
self.ns.update_external_cidrs(self. ctx, ext_net1,
['20.20.20.0/24', '50.50.0.0/16'])
l3out2 = a_res.L3Outside(tenant_name='t2', name='o2',
display_name='OUT2')
ext_net2 = a_res.ExternalNetwork(
tenant_name='t2', l3out_name='o2', name='inet2',
display_name='INET2')
self.ns.create_l3outside(self.ctx, l3out2)
self.ns.create_external_network(self.ctx, ext_net2)
self.ns.update_external_cidrs(self. ctx, ext_net2,
['0.0.0.0/0'])
vrf1 = a_res.VRF(tenant_name=self.vrf1_tenant_name, name='vrf1',
display_name='VRF1')
bd1 = a_res.BridgeDomain(tenant_name=self.vrf1_tenant_name, name='bd1',
limit_ip_learn_to_subnets=True,
vrf_name='vrf1')
self.mgr.create(self.ctx, vrf1)
self.mgr.create(self.ctx, bd1)
if self.fix_l3out_vrf:
self.mgr.update(self.ctx, l3out1, vrf_name=vrf1.name)
self.mgr.update(self.ctx, l3out2, vrf_name=vrf1.name)
ext_net1.provided_contract_names = ['p1_vrf1', 'p2_vrf1']
ext_net1.consumed_contract_names = ['c1_vrf1', 'c2_vrf1']
ext_net2.provided_contract_names = ['p3_vrf1', 'p4_vrf1']
ext_net2.consumed_contract_names = ['c3_vrf1', 'c4_vrf1']
self.ns.connect_vrf(self.ctx, ext_net1, vrf1)
self.ns.connect_vrf(self.ctx, ext_net2, vrf1)
self._check_connect_vrf_multiple('stage1')
self.ns.disconnect_vrf(self.ctx, ext_net1, vrf1)
self._check_connect_vrf_multiple('stage2')
self.ns.disconnect_vrf(self.ctx, ext_net2, vrf1)
self._check_connect_vrf_multiple('stage3')
def _make_l3out_clone(self, ctx, l3out, vrf):
new_tenant = vrf.tenant_name
new_name, new_display_name = self._generate_l3out_name(l3out, vrf)
clone_l3out = resource.L3Outside(tenant_name=new_tenant,
name=new_name,
display_name=new_display_name,
vrf_name=vrf.name)
return clone_l3out
def test_l3outside_multiple(self):
l3out1 = a_res.L3Outside(tenant_name='t1', name='o1',
display_name='OUT')
self.ns.create_l3outside(self.ctx, l3out1)
other_objs1 = self._get_l3out_objects()
l3out1.vrf_name = 'EXT-o1'
l3out2 = a_res.L3Outside(tenant_name='t1', name='o2',
display_name='OUT2')
self.ns.create_l3outside(self.ctx, l3out2)
other_objs2 = self._get_l3out_objects('o2', 'OUT2')
l3out2.vrf_name = 'EXT-o2'
self._verify(present=[l3out1, l3out2] + other_objs1 + other_objs2)
self.ns.delete_l3outside(self.ctx, l3out1)
self._verify(present=[l3out2] + other_objs2)
self.ns.delete_l3outside(self.ctx, l3out2)
self._verify(absent=[l3out1, l3out2] + other_objs1 + other_objs2)
def test_get_resources_for_delete(self):
objs = [
{'fvBD': {'attributes': {
'dn': 'uni/tn-t1/BD-test'}}},
{'vzRsSubjFiltAtt': {'attributes': {
'dn': 'uni/tn-t1/brc-c/subj-s/rssubjFiltAtt-f'}}},
{'vzRsFiltAtt': {'attributes': {
'dn': 'uni/tn-t1/brc-c/subj-s/intmnl/rsfiltAtt-g'}}},
{'vzRsFiltAtt': {'attributes': {
'dn': 'uni/tn-t1/brc-c/subj-s/outtmnl/rsfiltAtt-h'}}}]
keys = [('fvTenant|t1', 'fvBD|test'),
('fvTenant|t1', 'vzBrCP|c', 'vzSubj|s',
'vzRsSubjFiltAtt|f'),
('fvTenant|t1', 'vzBrCP|c', 'vzSubj|s',
'vzInTerm|intmnl', 'vzRsFiltAtt|g'),
('fvTenant|t1', 'vzBrCP|c', 'vzSubj|s',
'vzOutTerm|outtmnl', 'vzRsFiltAtt|h')]
result = self.universe.get_resources_for_delete(keys)
self.assertEqual(utils.deep_sort(objs), utils.deep_sort(result))
# Create a pending monitored object
tn1 = resource.Tenant(name='tn1', monitored=True)
monitored_bd = resource.BridgeDomain(
tenant_name='tn1', name='monitoredBD', monitored=True)
self.universe.manager.create(self.ctx, tn1)
self.universe.manager.set_resource_sync_pending(self.ctx, tn1)
self.universe.manager.create(self.ctx, monitored_bd)
self.universe.manager.set_resource_sync_pending(self.ctx, monitored_bd)
self.universe.multiverse = []
result = self.universe.get_resources_for_delete(
[('fvTenant|tn1', 'fvBD|monitoredBD')])
self.assertEqual(1, len(result))
result = result[0]
self.assertEqual('tagInst', result.keys()[0])
self.assertEqual('uni/tn-tn1/BD-monitoredBD/tag-openstack_aid',
list(result.values())[0]['attributes']['dn'])
# Delete an RS-node of a monitored object
self.universe.manager.create(self.ctx, resource.L3Outside(
tenant_name='tn1', name='out', monitored=True))
ext_net = self.universe.manager.create(
self.ctx,
resource.ExternalNetwork(tenant_name='tn1', l3out_name='out',
name='inet',
provided_contract_names=['p1'],
monitored=True))
self.universe.manager.set_resource_sync_synced(self.ctx, ext_net)
result = self.universe.get_resources_for_delete(
[('fvTenant|tn1', 'l3extOut|out', 'l3extInstP|inet',
'fvRsProv|p1')])
self.assertEqual(1, len(result))
result = result[0]
self.assertEqual('fvRsProv', result.keys()[0])
self.assertEqual('uni/tn-tn1/out-out/instP-inet/rsprov-p1',
list(result.values())[0]['attributes']['dn'])
def _get_network_l3out(self, mapping):
if not mapping:
# REVISIT: Is this still needed now that
# _add_network_mapping updates the Network instance's
# aim_mapping? If so, the test should probably be moved to
# the caller to make all these
# _get_<neutron-resource>_<aim-resource> methods more
# consistent.
return None
return aim_resource.L3Outside(
tenant_name=mapping.l3out_tenant_name,
name=mapping.l3out_name)
def _get_vrf_1_ext_net_2_objects(self):
return [
a_res.L3Outside(tenant_name='dept1', name='o2-vrf1',
display_name='OUT2-VRF1', vrf_name='vrf1'),
a_res.ExternalNetwork(
tenant_name='dept1', l3out_name='o2-vrf1',
name='inet2', display_name='INET2',
provided_contract_names=['p3_vrf1', 'p4_vrf1'],
consumed_contract_names=['c3_vrf1', 'c4_vrf1'],
nat_epg_dn=('uni/tn-t2/ap-myapp/epg-EXT-o2'
if self.with_nat_epg else '')),
a_res.ExternalSubnet(
tenant_name='dept1', l3out_name='o2-vrf1',
external_network_name='inet2', cidr='0.0.0.0/0')]
def read_vrfs(self, ctx, external_network):
l3out = self.mgr.get(ctx, self._ext_net_to_l3out(external_network))
result = []
for c in self.db.get_clones(ctx, l3out):
l3c = self.mgr.get(ctx,
resource.L3Outside(tenant_name=c[0], name=c[1]))
if l3c:
vrf = self.mgr.get(
ctx,
resource.VRF(tenant_name=l3c.tenant_name,
name=l3c.vrf_name))
if vrf:
result.append(vrf)
return result
def _delete_shadow(self, ctx, ext_net, vrf):
l3out = self.mgr.get(ctx, self._ext_net_to_l3out(ext_net))
clone_l3out = resource.L3Outside(tenant_name=vrf.tenant_name,
name=self._generate_l3out_name(
l3out, vrf)[0])
clone_ext_net = resource.ExternalNetwork(
tenant_name=clone_l3out.tenant_name,
l3out_name=clone_l3out.name,
name=ext_net.name)
with ctx.store.begin(subtransactions=True):
self._delete_ext_net(ctx, clone_ext_net)
self._delete_unused_l3out(ctx, clone_l3out)
def test_set_unset_bd_l3out(self):
l3out = a_res.L3Outside(tenant_name='t1', name='o1',
display_name='OUT')
bd1 = a_res.BridgeDomain(tenant_name=self.bd1_tenant_name, name='bd1',
limit_ip_learn_to_subnets=True,
vrf_name='vrf1')
self.mgr.create(self.ctx, bd1)
self.ns.set_bd_l3out(self.ctx, bd1, l3out)
self._check_bd_l3out(bd1, l3out)
# add the same l3out again
self.ns.set_bd_l3out(self.ctx, bd1, l3out)
self._check_bd_l3out(bd1, l3out)
self.ns.unset_bd_l3out(self.ctx, bd1, l3out)
bd1 = self.mgr.get(self.ctx, bd1)
self.assertEqual([], bd1.l3out_names)
def test_connect_vrf_change_disallowed(self):
vrf = a_res.VRF(tenant_name='t1', name='vrf', display_name='VRF')
l3out = a_res.L3Outside(tenant_name='t1', name='o1')
ext_net = a_res.ExternalNetwork(
tenant_name='t1', l3out_name='o1', name='inet1')
self.ns.create_l3outside(self.ctx, l3out)
self.ns.create_external_network(self.ctx, ext_net)
self.assertRaises(nat_strategy.L3OutsideVrfChangeDisallowed,
self.ns.connect_vrf, self.ctx, ext_net, vrf)
vrf = a_res.VRF(tenant_name='common', name='EXT-o1',
display_name='VRF2')
self.assertRaises(nat_strategy.L3OutsideVrfChangeDisallowed,
self.ns.connect_vrf, self.ctx, ext_net, vrf)
def _get_vrf_2_ext_net_1_objects(self):
return [
a_res.L3Outside(tenant_name='dept2', name='o1-vrf2',
display_name='OUT-VRF2', vrf_name='vrf2'),
a_res.ExternalNetwork(
tenant_name='dept2', l3out_name='o1-vrf2',
name='inet1', display_name='INET1',
provided_contract_names=['p1_vrf2', 'p2_vrf2'],
consumed_contract_names=['c1_vrf2', 'c2_vrf2'],
nat_epg_dn=('uni/tn-t1/ap-myapp/epg-EXT-o1'
if self.with_nat_epg else '')),
a_res.ExternalSubnet(
tenant_name='dept2', l3out_name='o1-vrf2',
external_network_name='inet1', cidr='20.20.20.0/24'),
a_res.ExternalSubnet(
tenant_name='dept2', l3out_name='o1-vrf2',
external_network_name='inet1', cidr='50.50.0.0/16')]
def test_l3outside(self):
l3out = a_res.L3Outside(tenant_name='t1', name='o1',
display_name='OUT')
res = self.ns.create_l3outside(self.ctx, l3out)
self.assertIsNotNone(res)
other_objs = self._get_l3out_objects()
l3out.vrf_name = 'EXT-o1'
self._verify(present=[l3out] + other_objs)
get_objs = self.ns.get_l3outside_resources(self.ctx, l3out)
other_objs.append(l3out)
self._assert_res_list_eq(get_objs, other_objs)
self.ns.delete_l3outside(self.ctx, l3out)
self._verify(absent=[l3out] + other_objs)
get_objs = self.ns.get_l3outside_resources(self.ctx, l3out)
self.assertEqual([], get_objs)
def test_connect_vrf_wrong_tenant(self):
vrf = a_res.VRF(tenant_name='dept1', name='vrf', display_name='VRF')
l3out = a_res.L3Outside(tenant_name='t1', name='o1')
ext_net = a_res.ExternalNetwork(
tenant_name='t1', l3out_name='o1', name='inet1')
self.ns.create_l3outside(self.ctx, l3out)
self.ns.create_external_network(self.ctx, ext_net)
self.assertRaises(nat_strategy.VrfNotVisibleFromExternalNetwork,
self.ns.connect_vrf, self.ctx, ext_net, vrf)
l3out.tenant_name = 'common'
ext_net.tenant_name = 'common'
self.ns.create_l3outside(self.ctx, l3out)
self.ns.create_external_network(self.ctx, ext_net)
self.assertRaises(nat_strategy.VrfNotVisibleFromExternalNetwork,
self.ns.connect_vrf, self.ctx, ext_net, vrf)
def test_subnet(self):
l3out = a_res.L3Outside(tenant_name='t1', name='o1',
display_name='OUT')
self.ns.create_l3outside(self.ctx, l3out)
self.ns.create_subnet(self.ctx, l3out, '200.10.20.1/28')
sub = a_res.Subnet(tenant_name='t1', bd_name='EXT-o1',
gw_ip_mask='200.10.20.1/28')
self._verify(present=[sub])
self._assert_res_eq(sub,
self.ns.get_subnet(self.ctx, l3out,
'200.10.20.1/28'))
self.ns.delete_subnet(self.ctx, l3out, '200.10.20.1/28')
self._verify(absent=[sub])
self.assertIsNone(self.ns.get_subnet(self.ctx, l3out,
'200.10.20.1/28'))
def test_l3outside_pre(self):
self.mgr.create(self.ctx, a_res.Tenant(name='t1'))
vrf = a_res.VRF(tenant_name='t1', name='ctx1', monitored=True)
self.mgr.create(self.ctx, vrf)
l3out = a_res.L3Outside(tenant_name='t1', name='o1',
display_name='OUT', vrf_name='ctx1',
monitored=True)
self.mgr.create(self.ctx, l3out)
self.ns.create_l3outside(self.ctx, l3out)
other_objs = self._get_l3out_objects(nat_vrf_name='ctx1')
self._verify(present=[l3out, vrf] + other_objs)
get_objs = self.ns.get_l3outside_resources(self.ctx, l3out)
self._assert_res_list_eq(other_objs + [l3out, vrf], get_objs)
self.ns.delete_l3outside(self.ctx, l3out)
self._verify(present=[l3out, vrf], absent=other_objs)
get_objs = self.ns.get_l3outside_resources(self.ctx, l3out)
self.assertEqual([l3out, vrf], get_objs)
def _check_delete_l3outside_with_vrf(self, stage):
objs = [a_res.L3Outside(tenant_name='t1', name='o1',
display_name='OUT', vrf_name='EXT-o1'),
a_res.Subnet(tenant_name='t1', bd_name='EXT-o1',
gw_ip_mask='200.10.20.1/28'),
a_res.ExternalNetwork(
tenant_name='t1', l3out_name='o1', name='inet1',
display_name='INET1',
provided_contract_names=['EXT-o1'],
consumed_contract_names=['EXT-o1']),
a_res.ExternalNetwork(
tenant_name='t1', l3out_name='o1', name='inet1_1',
display_name='INET1_1',
provided_contract_names=['EXT-o1'],
consumed_contract_names=['EXT-o1'])]
objs += self._get_vrf_1_ext_net_1_objects()
objs += self._get_l3out_objects()
if stage == 'stage1':
self._verify(present=objs)
elif stage == 'stage2':
self._verify(absent=objs)
else:
self.assertFalse(True, 'Unknown test stage %s' % stage)
def test_l3outside_vmm_domains_limited_domains(self):
l3out = a_res.L3Outside(tenant_name='t1', name='o1',
display_name='OUT')
vmm_domains = [{'type': 'OpenStack', 'name': 'ostack'},
{'type': 'VMware', 'name': 'vmware1'}]
phys_domains = [{'name': 'phys2'}]
res = self.ns.create_l3outside(self.ctx, l3out,
vmm_domains=vmm_domains,
phys_domains=phys_domains)
self.assertIsNotNone(res)
other_objs = self._get_l3out_objects(vmm_domains=vmm_domains,
phys_domains=phys_domains)
l3out.vrf_name = 'EXT-o1'
self._verify(present=[l3out] + other_objs)
get_objs = self.ns.get_l3outside_resources(self.ctx, l3out)
other_objs.append(l3out)
self._assert_res_list_eq(get_objs, other_objs)
self.ns.delete_l3outside(self.ctx, l3out)
self._verify(absent=[l3out] + other_objs)
get_objs = self.ns.get_l3outside_resources(self.ctx, l3out)
self.assertEqual([], get_objs)
def _get_vrf_1_ext_net_2_objects(self, connected=True):
return {
'l3out': a_res.L3Outside(
tenant_name='t2', name='o2',
display_name='OUT2',
vrf_name='vrf1'),
'ext_net': a_res.ExternalNetwork(
tenant_name='t2', l3out_name='o2',
name='inet2', display_name='INET2',
provided_contract_names=(
['EXT-o2', 'p3_vrf1', 'p4_vrf1']
if connected else ['EXT-o2']),
consumed_contract_names=(
['EXT-o2', 'c3_vrf1', 'c4_vrf1']
if connected else ['EXT-o2'])),
'nat_bd': a_res.BridgeDomain(
tenant_name='t2', name='EXT-o2',
display_name='EXT-OUT2',
vrf_name='EXT-o2',
limit_ip_learn_to_subnets=True,
l3out_names=['o2']),
'ext_sub_1': a_res.ExternalSubnet(
tenant_name='t2', l3out_name='o2',
external_network_name='inet2', cidr='0.0.0.0/0')}
def do_apic_aim_persist_migration(session):
alembic_util.msg(
"Starting data migration for apic_aim mechanism driver persistence.")
db_mixin = db.DbMixin()
aim = aim_manager.AimManager()
aim_ctx = aim_context.AimContext(session)
mapper = apic_mapper.APICNameMapper()
with session.begin(subtransactions=True):
# Migrate address scopes.
scope_dbs = (session.query(as_db.AddressScope).all())
for scope_db in scope_dbs:
alembic_util.msg("Migrating address scope: %s" % scope_db)
vrf = None
ext_db = (session.query(DefunctAddressScopeExtensionDb).filter_by(
address_scope_id=scope_db.id).one_or_none())
if ext_db:
# It has a pre-existing VRF.
vrf = aim_resource.VRF.from_dn(ext_db.vrf_dn)
# REVISIT: Get VRF to verify it exists?
vrf_owned = False
if not vrf:
# It does not have a pre-existing VRF.
aname = mapper.address_scope(session, scope_db.id)
vrfs = aim.find(aim_ctx, aim_resource.VRF, name=aname)
if vrfs:
vrf = vrfs[0]
vrf_owned = True
if vrf:
db_mixin._add_address_scope_mapping(session, scope_db.id, vrf,
vrf_owned)
else:
alembic_util.warn("No AIM VRF found for address scope: %s" %
scope_db)
# Migrate networks.
net_dbs = (session.query(models_v2.Network).all())
for net_db in net_dbs:
alembic_util.msg("Migrating network: %s" % net_db)
bd = None
epg = None
vrf = None
ext_db = (session.query(extension_db.NetworkExtensionDb).filter_by(
network_id=net_db.id).one_or_none())
if ext_db and ext_db.external_network_dn:
# Its a managed external network.
ext_net = aim_resource.ExternalNetwork.from_dn(
ext_db.external_network_dn)
# REVISIT: Get ExternalNetwork to verify it exists?
l3out = aim_resource.L3Outside(tenant_name=ext_net.tenant_name,
name=ext_net.l3out_name)
if ext_db.nat_type == '':
ns_cls = nat_strategy.NoNatStrategy
elif ext_db.nat_type == 'edge':
ns_cls = nat_strategy.EdgeNatStrategy
else:
ns_cls = nat_strategy.DistributedNatStrategy
ns = ns_cls(aim)
ns.app_profile_name = 'OpenStack'
for resource in ns.get_l3outside_resources(aim_ctx, l3out):
if isinstance(resource, aim_resource.BridgeDomain):
bd = resource
elif isinstance(resource, aim_resource.EndpointGroup):
epg = resource
elif isinstance(resource, aim_resource.VRF):
vrf = resource
if not bd:
# It must be a normal network.
aname = mapper.network(session, net_db.id)
bds = aim.find(aim_ctx, aim_resource.BridgeDomain, name=aname)
if bds:
bd = bds[0]
epgs = aim.find(aim_ctx,
aim_resource.EndpointGroup,
name=aname)
if epgs:
epg = epgs[0]
if bd:
vrfs = (aim.find(aim_ctx,
aim_resource.VRF,
tenant_name=bd.tenant_name,
name=bd.vrf_name)
or aim.find(aim_ctx,
aim_resource.VRF,
tenant_name='common',
name=bd.vrf_name))
if vrfs:
vrf = vrfs[0]
if bd and epg and vrf:
db_mixin._add_network_mapping(session, net_db.id, bd, epg, vrf)
elif not net_db.external:
alembic_util.warn(
"AIM BD, EPG or VRF not found for network: %s" % net_db)
alembic_util.msg(
"Finished data migration for apic_aim mechanism driver persistence.")
def do_ap_name_change(session, conf=None):
alembic_util.msg("Starting data migration for apic_aim ap name change.")
cfg = conf or CONF
aim = aim_manager.AimManager()
aim_ctx = aim_context.AimContext(session)
system_id = cfg.apic_system_id
alembic_util.msg("APIC System ID: %s" % system_id)
ext_mixin = extension_db.ExtensionDbMixin()
db_mixin = db.DbMixin()
with session.begin(subtransactions=True):
net_dbs = session.query(models_v2.Network).all()
for net_db in net_dbs:
ext_db = ext_mixin.get_network_extn_db(session, net_db.id)
if ext_db and ext_db[ext.EXTERNAL_NETWORK]:
alembic_util.msg("Migrating external network: %s" % net_db)
# Its a managed external network.
ext_net = aim_resource.ExternalNetwork.from_dn(
ext_db[ext.EXTERNAL_NETWORK])
ext_net = aim.get(aim_ctx, ext_net)
l3out = aim_resource.L3Outside(tenant_name=ext_net.tenant_name,
name=ext_net.l3out_name)
if ext_db[ext.NAT_TYPE] == '':
ns_cls = nat_strategy.NoNatStrategy
elif ext_db[ext.NAT_TYPE] == 'edge':
ns_cls = nat_strategy.EdgeNatStrategy
else:
ns_cls = nat_strategy.DistributedNatStrategy
clone_ext_nets = {}
ns = ns_cls(aim)
ns.app_profile_name = 'OpenStack'
ns.common_scope = None
# Start Cleanup
if not isinstance(ns, nat_strategy.NoNatStrategy):
l3out_clones = ns.db.get_clones(aim_ctx, l3out)
# Retrieve External Networks
for l3out_clone in l3out_clones:
for extc in aim.find(aim_ctx,
aim_resource.ExternalNetwork,
tenant_name=l3out_clone[0],
l3out_name=l3out_clone[1]):
clone_ext_nets[(l3out.tenant_name, l3out.name,
extc.name)] = extc
vrfs = ns.read_vrfs(aim_ctx, ext_net)
session.query(db.NetworkMapping).filter(
db.NetworkMapping.network_id == net_db.id).delete()
for vrf in vrfs:
ns.disconnect_vrf(aim_ctx, ext_net, vrf)
ns.delete_external_network(aim_ctx, ext_net)
ns.delete_l3outside(aim_ctx, l3out)
# Recreate
ns.common_scope = system_id
ns.create_l3outside(aim_ctx, l3out)
ns.create_external_network(aim_ctx, ext_net)
ns.update_external_cidrs(aim_ctx, ext_net,
ext_db[ext.EXTERNAL_CIDRS])
for subnet in net_db.subnets:
aim_subnet = aim_resource.Subnet.to_gw_ip_mask(
subnet.gateway_ip, int(subnet.cidr.split('/')[1]))
ns.create_subnet(aim_ctx, l3out, aim_subnet)
for resource in ns.get_l3outside_resources(aim_ctx, l3out):
if isinstance(resource, aim_resource.BridgeDomain):
bd = resource
elif isinstance(resource, aim_resource.EndpointGroup):
epg = resource
elif isinstance(resource, aim_resource.VRF):
vrf = resource
db_mixin._add_network_mapping(session, net_db.id, bd, epg, vrf)
eid = (ext_net.tenant_name, ext_net.l3out_name, ext_net.name)
for vrf in vrfs:
if eid in clone_ext_nets:
ext_net.provided_contract_names = clone_ext_nets[
eid].provided_contract_names
ext_net.consumed_contract_names = clone_ext_nets[
eid].consumed_contract_names
ns.connect_vrf(aim_ctx, ext_net, vrf)
def _find_l3out_clones(self, ctx, l3outside):
clone_keys = self.db.get_clones(ctx, l3outside)
return [
resource.L3Outside(tenant_name=x[0], name=x[1]) for x in clone_keys
]
def _ext_net_to_l3out(self, ext_net):
return resource.L3Outside(tenant_name=ext_net.tenant_name,
name=ext_net.l3out_name)
