def get_metadata_status(resource, event, trigger, **kwargs): if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) net_id = properties.get('network_id') else: net_id = None edgeapi = utils.NeutronDbClient() edge_list = nsxv_db.get_nsxv_internal_edges_by_purpose( edgeapi.context.session, vcns_constants.InternalEdgePurposes.INTER_EDGE_PURPOSE) md_rtr_ids = [edge['router_id'] for edge in edge_list] router_bindings = nsxv_db.get_nsxv_router_bindings( edgeapi.context.session, filters={'router_id': md_rtr_ids}) edge_ids = [b['edge_id'] for b in router_bindings] _md_member_status('Metadata edge appliance: %s members', edge_ids) if net_id: as_provider_data = nsxv_db.get_edge_vnic_bindings_by_int_lswitch( edgeapi.context.session, net_id) providers = [asp['edge_id'] for asp in as_provider_data] if providers: LOG.info('Metadata providers for network %s', net_id) _md_member_status('Edge %s', providers) else: LOG.info('No providers found for network %s', net_id)
def update_shared_secret(resource, event, trigger, **kwargs): edgeapi = utils.NeutronDbClient() edge_list = nsxv_db.get_nsxv_internal_edges_by_purpose( edgeapi.context.session, vcns_constants.InternalEdgePurposes.INTER_EDGE_PURPOSE) md_rtr_ids = [edge['router_id'] for edge in edge_list] router_bindings = nsxv_db.get_nsxv_router_bindings( edgeapi.context.session, filters={'edge_type': [nsxv_constants.SERVICE_EDGE]}) edge_ids = list(set([binding['edge_id'] for binding in router_bindings if (binding['router_id'] not in set(md_rtr_ids) and not binding['router_id'].startswith( vcns_constants.BACKUP_ROUTER_PREFIX) and not binding['router_id'].startswith( vcns_constants.PLR_EDGE_PREFIX))])) for edge_id in edge_ids: with locking.LockManager.get_lock(edge_id): lb = nsxv_lb.NsxvLoadbalancer.get_loadbalancer(nsxv, edge_id) virt = lb.virtual_servers.get(md_proxy.METADATA_VSE_NAME) if not virt: LOG.error("Virtual server not found for edge: %s", edge_id) continue virt.del_app_rule('insert-auth') if cfg.CONF.nsxv.metadata_shared_secret: signature = hmac.new( bytearray(cfg.CONF.nsxv.metadata_shared_secret, 'ascii'), bytearray(edge_id, 'ascii'), hashlib.sha256).hexdigest() sign = 'reqadd X-Metadata-Provider-Signature:' + signature sign_app_rule = nsxv_lb.NsxvLBAppRule('insert-auth', sign) virt.add_app_rule(sign_app_rule) lb.submit_to_backend(nsxv, edge_id)
def get_db_internal_edge_ips(context): ip_list = [] edge_list = nsxv_db.get_nsxv_internal_edges_by_purpose( context.session, vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE) if edge_list: ip_list = [edge['ext_ip_address'] for edge in edge_list] return ip_list
def get_db_internal_edge_ips(context, az_name): ip_list = [] edge_list = nsxv_db.get_nsxv_internal_edges_by_purpose( context.session, vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE) if edge_list: # Take only the edges on this availability zone ip_list = [edge['ext_ip_address'] for edge in edge_list if nsxv_db.get_router_availability_zone( context.session, edge['router_id']) == az_name] return ip_list
def _get_internal_edge_ips(context, az_name): # Get the list of internal networks for this AZ db_net = nsxv_db.get_nsxv_internal_network_for_az( context.session, vcns_constants.InternalEdgePurposes.INTER_EDGE_PURPOSE, az_name) internal_net = None internal_subnet = None if db_net: internal_net = db_net['network_id'] internal_subnet = context.session.query( models_v2.Subnet).filter_by( network_id=internal_net).first().get('id') # Get the list of internal edges for this AZ edge_list = nsxv_db.get_nsxv_internal_edges_by_purpose( context.session, vcns_constants.InternalEdgePurposes.INTER_EDGE_PURPOSE) edge_az_list = [edge for edge in edge_list if nsxv_db.get_router_availability_zone( context.session, edge['router_id']) == az_name] md_rtr_ids = [edge['router_id'] for edge in edge_az_list] edge_internal_ips = [] for edge in edge_az_list: edge_internal_port = context.session.query( models_v2.Port).filter_by(network_id=internal_net, device_id=edge['router_id']).first() if edge_internal_port: edge_internal_ip = context.session.query( models_v2.IPAllocation).filter_by( port_id=edge_internal_port['id']).first() edge_internal_ips.append(edge_internal_ip['ip_address']) if not internal_net or not internal_subnet or not edge_internal_ips: return None, None LOG.info('Metadata proxy internal IPs are %s', edge_internal_ips) return edge_internal_ips, md_rtr_ids
def nsx_redo_metadata_cfg_for_az(az, edgeapi): LOG.info("Updating MetaData for availability zone: %s", az.name) # Get the list of internal networks for this AZ db_net = nsxv_db.get_nsxv_internal_network( edgeapi.context.session, vcns_constants.InternalEdgePurposes.INTER_EDGE_PURPOSE, az.name) internal_net = None internal_subnet = None if db_net: internal_net = db_net['network_id'] internal_subnet = edgeapi.context.session.query( models_v2.Subnet).filter_by( network_id=internal_net).first().get('id') # Get the list of internal edges for this AZ edge_list = nsxv_db.get_nsxv_internal_edges_by_purpose( edgeapi.context.session, vcns_constants.InternalEdgePurposes.INTER_EDGE_PURPOSE) edge_az_list = [ edge for edge in edge_list if nsxv_db.get_router_availability_zone( edgeapi.context.session, edge['router_id']) == az.name ] md_rtr_ids = [edge['router_id'] for edge in edge_az_list] edge_internal_ips = [] for edge in edge_az_list: edge_internal_port = edgeapi.context.session.query( models_v2.Port).filter_by(network_id=internal_net, device_id=edge['router_id']).first() if edge_internal_port: edge_internal_ip = edgeapi.context.session.query( models_v2.IPAllocation).filter_by( port_id=edge_internal_port['id']).first() edge_internal_ips.append(edge_internal_ip['ip_address']) if not internal_net or not internal_subnet or not edge_internal_ips: LOG.error("Metadata infrastructure is missing or broken. " "It is recommended to restart neutron service before " "proceeding with configuration restoration") return router_bindings = nsxv_db.get_nsxv_router_bindings( edgeapi.context.session, filters={ 'edge_type': [nsxv_constants.SERVICE_EDGE], 'availability_zones': az.name }) edge_ids = list( set([ binding['edge_id'] for binding in router_bindings if (binding['router_id'] not in set(md_rtr_ids) and not binding['router_id'].startswith( vcns_constants.BACKUP_ROUTER_PREFIX) and not binding['router_id'].startswith( vcns_constants.PLR_EDGE_PREFIX)) ])) for edge_id in edge_ids: with locking.LockManager.get_lock(edge_id): lb = nsxv_lb.NsxvLoadbalancer.get_loadbalancer(nsxv, edge_id) virt = lb.virtual_servers.get(md_proxy.METADATA_VSE_NAME) if virt: pool = virt.default_pool pool.members = {} i = 0 s_port = cfg.CONF.nsxv.nova_metadata_port for member_ip in edge_internal_ips: i += 1 member = nsxv_lb.NsxvLBPoolMember(name='Member-%d' % i, ip_address=member_ip, port=s_port, monitor_port=s_port) pool.add_member(member) lb.submit_to_backend(nsxv, edge_id)
def nsx_redo_metadata_cfg(resource, event, trigger, **kwargs): edgeapi = utils.NeutronDbClient() net_list = nsxv_db.get_nsxv_internal_network( edgeapi.context.session, vcns_constants.InternalEdgePurposes.INTER_EDGE_PURPOSE) internal_net = None internal_subnet = None if net_list: internal_net = net_list[0]['network_id'] internal_subnet = edgeapi.context.session.query( models_v2.Subnet).filter_by( network_id=internal_net).first().get('id') edge_list = nsxv_db.get_nsxv_internal_edges_by_purpose( edgeapi.context.session, vcns_constants.InternalEdgePurposes.INTER_EDGE_PURPOSE) md_rtr_ids = [edge['router_id'] for edge in edge_list] edge_internal_ips = [] for edge in edge_list: edge_internal_port = edgeapi.context.session.query( models_v2.Port).filter_by(network_id=internal_net, device_id=edge['router_id']).first() if edge_internal_port: edge_internal_ip = edgeapi.context.session.query( models_v2.IPAllocation).filter_by( port_id=edge_internal_port['id']).first() edge_internal_ips.append(edge_internal_ip['ip_address']) if not internal_net or not internal_subnet or not edge_internal_ips: LOG.error(_LE("Metadata infrastructure is missing or broken. " "It is recommended to restart neutron service before " "proceeding with configuration restoration")) return router_bindings = nsxv_db.get_nsxv_router_bindings( edgeapi.context.session, filters={'edge_type': [nsxv_constants.SERVICE_EDGE]}) edge_ids = list(set([binding['edge_id'] for binding in router_bindings if (binding['router_id'] not in set(md_rtr_ids) and not binding['router_id'].startswith( vcns_constants.BACKUP_ROUTER_PREFIX) and not binding['router_id'].startswith( vcns_constants.PLR_EDGE_PREFIX))])) for edge_id in edge_ids: with locking.LockManager.get_lock(edge_id): lb = nsxv_lb.NsxvLoadbalancer.get_loadbalancer(nsxv, edge_id) virt = lb.virtual_servers.get(md_proxy.METADATA_VSE_NAME) if virt: pool = virt.default_pool pool.members = {} i = 0 s_port = cfg.CONF.nsxv.nova_metadata_port for member_ip in edge_internal_ips: i += 1 member = nsxv_lb.NsxvLBPoolMember( name='Member-%d' % i, ip_address=member_ip, port=s_port, monitor_port=s_port) pool.add_member(member) lb.submit_to_backend(nsxv, edge_id)