def delete_nsx_portgroups(resource, event, trigger, **kwargs):
if not cfg.CONF.dvs.host_ip:
LOG.info("Please configure the dvs section in the nsx configuration "
"file")
return
dvs_id = cfg.CONF.nsxv.dvs_id
portgroups = _get_nsx_portgroups(dvs_id)
if not portgroups:
LOG.info("No NSX portgroups found for %s", dvs_id)
return
if not kwargs.get('force'):
#ask for the user confirmation
confirm = admin_utils.query_yes_no(
"Do you want to delete all NSX portgroups for %s" % dvs_id,
default="no")
if not confirm:
LOG.info("NSX portgroups deletion aborted by user")
return
vcns = utils.get_nsxv_client()
for portgroup in portgroups:
try:
vcns.delete_port_group(dvs_id, portgroup['moref'])
except Exception as e:
LOG.error("Failed to delete portgroup %(pg)s: %(e)s",
{'pg': portgroup['moref'], 'e': e})
sys.exc_clear()
else:
LOG.info("Successfully deleted portgroup %(pg)s",
{'pg': portgroup['moref']})
LOG.info("Done.")
def nsx_update_switch(resource, event, trigger, **kwargs):
nsxv = utils.get_nsxv_client()
if not kwargs.get('property'):
LOG.error(_LE("Need to specify dvs-id parameter and "
"attribute to update. Add --property dvs-id=<dvs-id> "
"--property teamingpolicy=<policy>"))
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
dvs_id = properties.get('dvs-id')
if not dvs_id:
LOG.error(_LE("Need to specify dvs-id. "
"Add --property dvs-id=<dvs-id>"))
return
h, switch = nsxv.get_vdn_switch(dvs_id)
policy = properties.get('teamingpolicy')
if policy:
if switch['teamingPolicy'] == policy:
LOG.info(_LI("Policy already set!"))
return
LOG.info(_LI("Updating NSXv switch %(dvs)s teaming policy to "
"%(policy)s"), {'dvs': dvs_id, 'policy': policy})
switch['teamingPolicy'] = policy
switch = nsxv.update_vdn_switch(switch)
LOG.info(_LI("Switch value after update: %s"), switch)
else:
LOG.error(_LE("No teaming policy set. "
"Add --property teamingpolicy=<policy>"))
LOG.info(_LI("Current switch value is: %s"), switch)
def get_networks():
nsxv = utils.get_nsxv_client()
so_list = nsxv.get_scoping_objects()
networks = []
root = et.fromstring(so_list)
for obj in root.iter('object'):
if (obj.find('objectTypeName').text == 'Network' or
obj.find('objectTypeName').text == 'VirtualWire' or
obj.find('objectTypeName').text == 'DistributedVirtualPortgroup'):
networks.append({'type': obj.find('objectTypeName').text,
'moref': obj.find('objectId').text,
'name': obj.find('name').text})
return networks
def delete_backend_network(resource, event, trigger, **kwargs):
"""Delete a backend network by its moref
"""
errmsg = ("Need to specify moref property. Add --property moref=<moref>")
if not kwargs.get('property'):
LOG.error("%s", errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
moref = properties.get('moref')
if not moref:
LOG.error("%s", errmsg)
return
backend_name = get_networks_name_map().get(moref)
if not backend_name:
LOG.error("Failed to find the backend network %(moref)s",
{'moref': moref})
return
# Note: in case the backend network is attached to other backend objects,
# like VM, the deleting may fail and through an exception
nsxv = utils.get_nsxv_client()
if moref.startswith(PORTGROUP_PREFIX):
# get the dvs id from the backend name:
dvs_id = get_dvs_id_from_backend_name(backend_name)
if not dvs_id:
LOG.error("Failed to find the DVS id of backend network "
"%(moref)s", {'moref': moref})
else:
try:
nsxv.delete_port_group(dvs_id, moref)
except Exception as e:
LOG.error("Failed to delete backend network %(moref)s : "
"%(e)s", {'moref': moref, 'e': e})
else:
LOG.info("Backend network %(moref)s was deleted",
{'moref': moref})
else:
# Virtual wire
try:
nsxv.delete_virtual_wire(moref)
except Exception as e:
LOG.error("Failed to delete backend network %(moref)s : "
"%(e)s", {'moref': moref, 'e': e})
else:
LOG.info("Backend network %(moref)s was deleted",
{'moref': moref})
def nsx_update_switch(resource, event, trigger, **kwargs):
nsxv = utils.get_nsxv_client()
if not kwargs.get('property'):
LOG.error("Need to specify dvs-id parameter and "
"attribute to update. Add --property dvs-id=<dvs-id> "
"--property teamingpolicy=<policy>")
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
dvs_id = properties.get('dvs-id')
if not dvs_id:
LOG.error("Need to specify dvs-id. "
"Add --property dvs-id=<dvs-id>")
return
try:
h, switch = nsxv.get_vdn_switch(dvs_id)
except exceptions.ResourceNotFound:
LOG.error("DVS %s not found", dvs_id)
return
supported_policies = ['ETHER_CHANNEL', 'LOADBALANCE_LOADBASED',
'LOADBALANCE_SRCID', 'LOADBALANCE_SRCMAC',
'FAILOVER_ORDER', 'LACP_ACTIVE', 'LACP_PASSIVE',
'LACP_V2']
policy = properties.get('teamingpolicy')
if policy in supported_policies:
if switch['teamingPolicy'] == policy:
LOG.info("Policy already set!")
return
LOG.info("Updating NSXv switch %(dvs)s teaming policy to "
"%(policy)s", {'dvs': dvs_id, 'policy': policy})
switch['teamingPolicy'] = policy
try:
switch = nsxv.update_vdn_switch(switch)
except exceptions.VcnsApiException as e:
desc = jsonutils.loads(e.response)
details = desc.get('details')
if details.startswith("No enum constant"):
LOG.error("Unknown teaming policy %s", policy)
else:
LOG.error("Unexpected error occurred: %s", details)
return
LOG.info("Switch value after update: %s", switch)
else:
LOG.info("Current switch value is: %s", switch)
LOG.error("Invalid teaming policy. "
"Add --property teamingpolicy=<policy>")
LOG.error("Possible values: %s", ', '.join(supported_policies))
def delete_old_edge(context, old_edge_id):
LOG.info("Deleting the old edge: %s", old_edge_id)
# clean it up from the DB
nsxv_db.clean_edge_router_binding(context.session, old_edge_id)
nsxv_db.clean_edge_vnic_binding(context.session, old_edge_id)
nsxv_db.cleanup_nsxv_edge_firewallrule_binding(context.session,
old_edge_id)
with locking.LockManager.get_lock(old_edge_id):
# Delete from NSXv backend
# Note - If we will not delete the edge, but free it - it will be
# immediately used as the new one, So it is better to delete it.
try:
nsxv = utils.get_nsxv_client()
nsxv.delete_edge(old_edge_id)
except Exception as e:
LOG.warning("Failed to delete the old edge %(id)s: %(e)s",
{'id': old_edge_id, 'e': e})
def sync_lbaas_dfw_rules(resource, event, trigger, **kwargs):
vcns = utils.get_nsxv_client()
with locking.LockManager.get_lock('lbaas-fw-section'):
fw_section_id = vcns.get_section_id(LBAAS_FW_SECTION_NAME)
if not fw_section_id:
section = et.Element('section')
section.attrib['name'] = LBAAS_FW_SECTION_NAME
sect = vcns.create_section('ip', et.tostring(section))[1]
fw_section_id = et.fromstring(sect).attrib['id']
if not fw_section_id:
LOG.error('No LBaaS FW Section id found')
return
neutron_db = utils.NeutronDbClient()
pools = neutron_db.context.session.query(nlbaas_v2.PoolV2).all()
pool_ids = [pool['id'] for pool in pools]
section_uri = '%s/%s/%s' % (nsxv_api.FIREWALL_PREFIX,
'layer3sections',
fw_section_id)
xml_section_data = vcns.get_section(section_uri)
if xml_section_data:
xml_section = xml_section_data[1]
else:
LOG.info('LBaaS XML section was not found!')
return
section = et.fromstring(xml_section)
for rule in section.findall('.//rule'):
if rule.find('name').text in pool_ids:
LOG.info('Rule %s found and valid', rule.find('name').text)
else:
section.remove(rule)
LOG.info('Rule %s is stale and removed',
rule.find('name').text)
vcns.update_section(section_uri,
et.tostring(section, encoding="us-ascii"),
None)
def migrate_distributed_routers_dhcp(resource, event, trigger, **kwargs):
context = n_context.get_admin_context()
nsxv = utils.get_nsxv_client()
with utils.NsxVPluginWrapper() as plugin:
routers = plugin.get_routers(context)
for router in routers:
if router.get('distributed', False):
binding = nsxv_db.get_nsxv_router_binding(context.session,
router['id'])
if binding:
edge_id = binding['edge_id']
with locking.LockManager.get_lock(edge_id):
route_obj = nsxv.get_routes(edge_id)[1]
routes = route_obj.get('staticRoutes', {}
).get('staticRoutes', [])
new_routes = [route for route in routes if route.get(
'network') != '169.254.169.254/32']
route_obj['staticRoutes']['staticRoutes'] = new_routes
nsxv.update_routes(edge_id, route_obj)
def nsx_delete_orphaned_edges(resource, event, trigger, **kwargs):
"""Delete orphaned edges from NSXv backend"""
orphaned_edges = get_orphaned_edges()
LOG.info(_LI("Before delete; Orphaned Edges: %s"), orphaned_edges)
if not kwargs['force']:
if len(orphaned_edges):
user_confirm = admin_utils.query_yes_no("Do you want to delete "
"orphaned edges",
default="no")
if not user_confirm:
LOG.info(_LI("NSXv Edge deletion aborted by user"))
return
nsxv = utils.get_nsxv_client()
for edge in orphaned_edges:
LOG.info(_LI("Deleting edge: %s"), edge)
nsxv.delete_edge(edge)
LOG.info(_LI("After delete; Orphaned Edges: \n%s"),
pprint.pformat(get_orphaned_edges()))
def __init__(self):
self.vcns = utils.get_nsxv_client()
def get_networks_from_backend():
nsxv = utils.get_nsxv_client()
so_list = nsxv.get_scoping_objects()
return et.fromstring(so_list)
import logging
import xml.etree.ElementTree as et
from vmware_nsx._i18n import _LE, _LI
from vmware_nsx.shell.admin.plugins.common import constants
from vmware_nsx.shell.admin.plugins.common import formatters
from vmware_nsx.shell.admin.plugins.common import utils as admin_utils
from vmware_nsx.shell.admin.plugins.nsxv.resources import utils as utils
from vmware_nsx.shell import nsxadmin as shell
from neutron.callbacks import registry
LOG = logging.getLogger(__name__)
nsxv = utils.get_nsxv_client()
def get_networks():
nsxv = utils.get_nsxv_client()
so_list = nsxv.get_scoping_objects()
networks = []
root = et.fromstring(so_list)
for obj in root.iter('object'):
if (obj.find('objectTypeName').text == 'Network' or
obj.find('objectTypeName').text == 'VirtualWire' or
obj.find('objectTypeName').text == 'DistributedVirtualPortgroup'):
networks.append({'type': obj.find('objectTypeName').text,
'moref': obj.find('objectId').text,
'name': obj.find('name').text})
return networks
def get_spoofguard_policies():
nsxv = utils.get_nsxv_client()
return nsxv.get_spoofguard_policies()[1].get("policies")
from vmware_nsx.shell.admin.plugins.common import constants
from vmware_nsx.shell.admin.plugins.common import formatters
import vmware_nsx.shell.admin.plugins.common.utils as admin_utils
import vmware_nsx.shell.admin.plugins.nsxv.resources.utils as utils
import vmware_nsx.shell.resources as shell
from neutron_lib.callbacks import registry
from neutron_lib import exceptions
from vmware_nsx.db import nsxv_db
from oslo_log import log as logging
LOG = logging.getLogger(__name__)
nsxv = utils.get_nsxv_client()
def get_spoofguard_policies():
nsxv = utils.get_nsxv_client()
return nsxv.get_spoofguard_policies()[1].get("policies")
@admin_utils.output_header
def nsx_list_spoofguard_policies(resource, event, trigger, **kwargs):
"""List spoofguard policies from NSXv backend"""
policies = get_spoofguard_policies()
LOG.info(formatters.output_formatter(constants.SPOOFGUARD_POLICY, policies,
['policyId', 'name']))
def __init__(self):
self.vcns = utils.get_nsxv_client()
def get_spoofguard_policy_data(policy_id):
nsxv = utils.get_nsxv_client()
return nsxv.get_spoofguard_policy_data(policy_id)[1].get(
'spoofguardList', [])
def get_networks_from_backend():
nsxv = utils.get_nsxv_client()
so_list = nsxv.get_scoping_objects()
return et.fromstring(so_list)
def get_spoofguard_policy_data(policy_id):
nsxv = utils.get_nsxv_client()
return nsxv.get_spoofguard_policy_data(policy_id)[1].get(
'spoofguardList', [])
def get_spoofguard_policies():
nsxv = utils.get_nsxv_client()
return nsxv.get_spoofguard_policies()[1].get("policies")
