def remove_router_interface(self, context, router_id, interface_info): edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock(str(edge_id)): info = super( nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] router_ids = self.edge_manager.get_routers_on_same_edge( context, router_id) self._update_nat_rules_on_routers(context, router_id, router_ids) self._update_subnets_and_dnat_firewall_on_routers( context, router_id, router_ids, allow_external=True) ports = self.plugin._get_router_interface_ports_by_network( context, router_id, network_id) if not ports: edge_utils.delete_interface(self.nsx_v, context, router_id, network_id) # unbind all services if no interfaces attached to the router if not self.plugin._get_internal_network_ids_by_router( context, router_id): self._remove_router_services_on_edge(context, router_id) self._unbind_router_on_edge(context, router_id) else: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface( self.nsx_v, context, router_id, network_id, address_groups) return info
def _bind_router_on_available_edge(self, context, router_id, admin_state): with locking.LockManager.get_lock('nsx-shared-router-pool'): conflict_network_ids, conflict_router_ids, intf_num = ( self._get_conflict_network_and_router_ids_by_intf(context, router_id)) conflict_network_ids_by_ext_net = ( self._get_conflict_network_ids_by_ext_net(context, router_id)) conflict_network_ids.extend(conflict_network_ids_by_ext_net) optional_router_ids, new_conflict_router_ids = ( self._get_available_and_conflicting_ids(context, router_id)) conflict_router_ids.extend(new_conflict_router_ids) conflict_router_ids = list(set(conflict_router_ids)) new = self.edge_manager.bind_router_on_available_edge( context, router_id, optional_router_ids, conflict_router_ids, conflict_network_ids, intf_num) # configure metadata service on the router. metadata_proxy_handler = self.plugin.metadata_proxy_handler if metadata_proxy_handler and new: metadata_proxy_handler.configure_router_edge(router_id) edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock(str(edge_id)): # add all internal interfaces of the router on edge intf_net_ids = ( self.plugin._get_internal_network_ids_by_router(context, router_id)) for network_id in intf_net_ids: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface( self.nsx_v, context, router_id, network_id, address_groups, admin_state)
def attach_router(self, context, router_id, router, appliance_size=None): router_db = self.plugin._get_router(context, router_id) # Add DB attributes to the router data structure # before creating it as an exclusive router self._build_router_data_from_db(router_db, router) self.create_router(context, router['router'], allow_metadata=False, appliance_size=appliance_size) edge_id = edge_utils.get_router_edge_id(context, router_id) LOG.debug("Exclusive router %s attached to edge %s", router_id, edge_id) # add all internal interfaces of the router on edge intf_net_ids = ( self.plugin._get_internal_network_ids_by_router(context, router_id)) for network_id in intf_net_ids: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface( self.nsx_v, context, router_id, network_id, address_groups, router_db.admin_state_up) # Update external interface (which also update nat rules, routes, etc) external_net_id = self._get_external_network_id_by_router(context, router_id) gw_info = None if (external_net_id): gw_info = {'network_id': external_net_id} self._update_router_gw_info( context, router_id, gw_info, force_update=True)
def create_lb_interface(context, plugin, lb_id, subnet_id, tenant_id, vip_addr=None, subnet=None): if not subnet: subnet = plugin.get_subnet(context, subnet_id) network_id = subnet.get('network_id') port_dict = {'name': 'lb_if-' + lb_id, 'admin_state_up': True, 'network_id': network_id, 'tenant_id': tenant_id, 'fixed_ips': [{'subnet_id': subnet['id']}], 'device_owner': constants.DEVICE_OWNER_NEUTRON_PREFIX + 'LB', 'device_id': lb_id, 'mac_address': constants.ATTR_NOT_SPECIFIED } port = plugin.base_create_port(context, {'port': port_dict}) ip_addr = port['fixed_ips'][0]['ip_address'] net = netaddr.IPNetwork(subnet['cidr']) resource_id = get_lb_edge_name(context, lb_id) address_groups = [{'primaryAddress': ip_addr, 'subnetPrefixLength': str(net.prefixlen), 'subnetMask': str(net.netmask)}] if vip_addr: address_groups[0]['secondaryAddresses'] = { 'type': 'secondary_addresses', 'ipAddress': [vip_addr]} edge_utils.update_internal_interface( plugin.nsx_v, context, resource_id, network_id, address_groups)
def remove_router_interface(self, context, router_id, interface_info): edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock(str(edge_id)): info = super(nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] router_ids = self.edge_manager.get_routers_on_same_edge( context, router_id) self._update_nat_rules_on_routers(context, router_id, router_ids) self._update_subnets_and_dnat_firewall_on_routers( context, router_id, router_ids, allow_external=True) ports = self.plugin._get_router_interface_ports_by_network( context, router_id, network_id) if not ports: edge_utils.delete_interface(self.nsx_v, context, router_id, network_id) # unbind all services if no interfaces attached to the router if not self.plugin._get_internal_network_ids_by_router( context, router_id): self._remove_router_services_on_edge(context, router_id) self._unbind_router_on_edge(context, router_id) else: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface(self.nsx_v, context, router_id, network_id, address_groups) return info
def create_lb_interface(context, plugin, lb_id, subnet_id, tenant_id, vip_addr=None, subnet=None): if not subnet: subnet = plugin.get_subnet(context, subnet_id) network_id = subnet.get('network_id') port_dict = {'name': 'lb_if-' + lb_id, 'admin_state_up': True, 'network_id': network_id, 'tenant_id': tenant_id, 'fixed_ips': [{'subnet_id': subnet['id']}], 'device_owner': constants.DEVICE_OWNER_NEUTRON_PREFIX + 'LB', 'device_id': lb_id, 'mac_address': constants.ATTR_NOT_SPECIFIED } port = plugin.base_create_port(context, {'port': port_dict}) ip_addr = port['fixed_ips'][0]['ip_address'] net = netaddr.IPNetwork(subnet['cidr']) resource_id = get_lb_edge_name(context, lb_id) address_groups = [{'primaryAddress': ip_addr, 'subnetPrefixLength': str(net.prefixlen), 'subnetMask': str(net.netmask)}] if vip_addr: address_groups[0]['secondaryAddresses'] = { 'type': 'secondary_addresses', 'ipAddress': [vip_addr]} edge_utils.update_internal_interface( plugin.nsx_v, context, resource_id, network_id, address_groups)
def _bind_router_on_available_edge(self, context, router_id, admin_state): with locking.LockManager.get_lock('nsx-shared-router-pool'): conflict_network_ids, conflict_router_ids, intf_num = ( self._get_conflict_network_and_router_ids_by_intf( context, router_id)) conflict_network_ids_by_ext_net = ( self._get_conflict_network_ids_by_ext_net(context, router_id)) conflict_network_ids.extend(conflict_network_ids_by_ext_net) optional_router_ids, new_conflict_router_ids = ( self._get_available_and_conflicting_ids(context, router_id)) conflict_router_ids.extend(new_conflict_router_ids) conflict_router_ids = list(set(conflict_router_ids)) az = self.get_router_az_by_id(context, router_id) new = self.edge_manager.bind_router_on_available_edge( context, router_id, optional_router_ids, conflict_router_ids, conflict_network_ids, intf_num, az) # configure metadata service on the router. metadata_proxy_handler = self.plugin.metadata_proxy_handler if metadata_proxy_handler and new: metadata_proxy_handler.configure_router_edge(router_id) edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock(str(edge_id)): # add all internal interfaces of the router on edge intf_net_ids = ( self.plugin._get_internal_network_ids_by_router( context, router_id)) for network_id in intf_net_ids: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface( self.nsx_v, context, router_id, network_id, address_groups, admin_state)
def remove_router_interface(self, context, router_id, interface_info): # If a loadbalancer is attached to this Edge appliance, we cannot # detach the subnet from the exclusive router. subnet = interface_info.get('subnet_id') if not subnet and interface_info.get('port_id'): port = self.plugin.get_port(context, interface_info['port_id']) port_subnets = [ fixed_ip['subnet_id'] for fixed_ip in port.get('fixed_ips', []) ] subnet = port_subnets[0] if subnet and self._check_lb_on_subnet(context, subnet): error = _('Cannot delete router %(rtr)s interface while ' 'loadbalancers are provisioned on attached ' 'subnet %(subnet)s') % { 'rtr': router_id, 'subnet': subnet } raise nsxv_exc.NsxPluginException(err_msg=error) info = super(nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) router_db = self.plugin._get_router(context, router_id) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] with locking.LockManager.get_lock( self._get_router_edge_id(context, router_id)): if router_db.gw_port and router_db.enable_snat: # First update nat rules self.plugin._update_nat_rules(context, router_db) ports = self.plugin._get_router_interface_ports_by_network( context, router_id, network_id) self.plugin._update_subnets_and_dnat_firewall(context, router_db) # No subnet on the network connects to the edge vnic if not ports: edge_utils.delete_interface(self.nsx_v, context, router_id, network_id, dist=False) else: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface(self.nsx_v, context, router_id, network_id, address_groups) return info
def _bind_router_on_available_edge(self, context, router_id, admin_state): with locking.LockManager.get_lock('nsx-shared-router-pool'): conflict_network_ids, conflict_router_ids, intf_num = ( self._get_conflict_network_and_router_ids_by_intf( context, router_id)) conflict_network_ids_by_ext_net = ( self._get_conflict_network_ids_by_ext_net(context, router_id)) conflict_network_ids.extend(conflict_network_ids_by_ext_net) optional_router_ids, new_conflict_router_ids = ( self._get_available_and_conflicting_ids(context, router_id)) conflict_router_ids.extend(new_conflict_router_ids) conflict_router_ids = list(set(conflict_router_ids)) az, flavor_id = self.get_router_az_and_flavor_by_id( context, router_id) new = self.edge_manager.bind_router_on_available_edge( context, router_id, optional_router_ids, conflict_router_ids, conflict_network_ids, intf_num, az) # configure metadata service on the router. if self.plugin.metadata_proxy_handler and new: md_proxy_handler = self.plugin.get_metadata_proxy_handler( az.name) if md_proxy_handler: md_proxy_handler.configure_router_edge(context, router_id) edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock(str(edge_id)): # add all internal interfaces of the router on edge intf_net_ids = ( self.plugin._get_internal_network_ids_by_router( context, router_id)) for network_id in intf_net_ids: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface( self.nsx_v, context, router_id, network_id, address_groups, admin_state) if flavor_id: # if several routers share same edge, they might have # different flavors with conflicting syslog settings. # in this case, each new router association will override # previous syslog settings on the edge self.edge_manager.update_syslog_by_flavor( context, router_id, flavor_id, edge_id) LOG.info("Binding shared router %(rtr)s: edge %(edge)s", { 'rtr': router_id, 'edge': edge_id })
def _bind_router_on_available_edge(self, context, router_id, admin_state): with locking.LockManager.get_lock('nsx-shared-router-pool'): conflict_network_ids, conflict_router_ids, intf_num = ( self._get_conflict_network_and_router_ids_by_intf(context, router_id)) conflict_network_ids_by_ext_net = ( self._get_conflict_network_ids_by_ext_net(context, router_id)) conflict_network_ids.extend(conflict_network_ids_by_ext_net) optional_router_ids, new_conflict_router_ids = ( self._get_available_and_conflicting_ids(context, router_id)) conflict_router_ids.extend(new_conflict_router_ids) conflict_router_ids = list(set(conflict_router_ids)) az, flavor_id = self.get_router_az_and_flavor_by_id(context, router_id) new = self.edge_manager.bind_router_on_available_edge( context, router_id, optional_router_ids, conflict_router_ids, conflict_network_ids, intf_num, az) # configure metadata service on the router. if self.plugin.metadata_proxy_handler and new: md_proxy_handler = self.plugin.get_metadata_proxy_handler( az.name) if md_proxy_handler: md_proxy_handler.configure_router_edge(context, router_id) edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock(str(edge_id)): # add all internal interfaces of the router on edge intf_net_ids = ( self.plugin._get_internal_network_ids_by_router(context, router_id)) for network_id in intf_net_ids: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface( self.nsx_v, context, router_id, network_id, address_groups, admin_state) if flavor_id: # if several routers share same edge, they might have # different flavors with conflicting syslog settings. # in this case, each new router association will override # previous syslog settings on the edge self.edge_manager.update_syslog_by_flavor(context, router_id, flavor_id, edge_id) LOG.info("Binding shared router %(rtr)s: edge %(edge)s", {'rtr': router_id, 'edge': edge_id})
def remove_router_interface(self, context, router_id, interface_info): # If a loadbalancer is attached to this Edge appliance, we cannot # detach the subnet from the exclusive router. subnet = interface_info.get('subnet_id') if not subnet and interface_info.get('port_id'): port = self.plugin.get_port(context, interface_info['port_id']) port_subnets = [ fixed_ip['subnet_id'] for fixed_ip in port.get( 'fixed_ips', [])] subnet = port_subnets[0] if subnet and self._check_lb_on_subnet(context, subnet, router_id): error = _('Cannot delete router %(rtr)s interface while ' 'loadbalancers are provisioned on attached ' 'subnet %(subnet)s') % {'rtr': router_id, 'subnet': subnet} raise nsxv_exc.NsxPluginException(err_msg=error) info = super(nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) router_db = self.plugin._get_router(context, router_id) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] with locking.LockManager.get_lock( self._get_router_edge_id(context, router_id)): if router_db.gw_port and router_db.enable_snat: # First update nat rules self.plugin._update_nat_rules(context, router_db) ports = self.plugin._get_router_interface_ports_by_network( context, router_id, network_id) self.plugin._update_subnets_and_dnat_firewall(context, router_db) # No subnet on the network connects to the edge vnic if not ports: edge_utils.delete_interface(self.nsx_v, context, router_id, network_id, dist=False) else: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface(self.nsx_v, context, router_id, network_id, address_groups) return info
def attach_router(self, context, router_id, router, appliance_size=None): router_db = self.plugin._get_router(context, router_id) # Add DB attributes to the router data structure # before creating it as an exclusive router router_attr = self._build_router_data_from_db(router_db, router) allow_metadata = True if self.plugin.metadata_proxy_handler else False self.create_router(context, router_attr, allow_metadata=allow_metadata, appliance_size=appliance_size) edge_id = edge_utils.get_router_edge_id(context, router_id) LOG.debug("Exclusive router %s attached to edge %s", router_id, edge_id) # add all internal interfaces of the router on edge intf_net_ids = (self.plugin._get_internal_network_ids_by_router( context, router_id)) with locking.LockManager.get_lock(edge_id): for network_id in intf_net_ids: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface(self.nsx_v, context, router_id, network_id, address_groups, router_db.admin_state_up) # Update external interface (which also update nat rules, routes, etc) external_net_id = self._get_external_network_id_by_router( context, router_id) gw_info = None if (external_net_id): gw_info = { 'network_id': external_net_id, 'enable_snat': router_db.enable_snat } self.plugin._update_router_gw_info(context, router_id, gw_info, force_update=True)
def _safe_remove_router_interface(self, context, router_id, interface_info): edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock('nsx-shared-router-pool'): info = super( nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] ports = self.plugin._get_router_interface_ports_by_network( context, router_id, network_id) connected_networks = ( self.plugin._get_internal_network_ids_by_router(context, router_id)) if not ports and not connected_networks: router = self.plugin._get_router(context, router_id) self._notify_before_router_edge_association(context, router) with locking.LockManager.get_lock(str(edge_id)): router_ids = self.edge_manager.get_routers_on_same_edge( context, router_id) self._update_nat_rules_on_routers(context, router_id, router_ids) self._update_subnets_and_dnat_firewall_on_routers( context, router_id, router_ids, allow_external=True) if not ports: edge_utils.delete_interface(self.nsx_v, context, router_id, network_id) # unbind all services if no interfaces attached to the # router if not connected_networks: self._remove_router_services_on_edge(context, router_id) self._unbind_router_on_edge(context, router_id) else: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface(self.nsx_v, context, router_id, network_id, address_groups) return info
def _safe_remove_router_interface(self, context, router_id, interface_info): edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock('nsx-shared-router-pool'): info = super( nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] ports = self.plugin._get_router_interface_ports_by_network( context, router_id, network_id) connected_networks = ( self.plugin._get_internal_network_ids_by_router(context, router_id)) if not ports and not connected_networks: router = self.plugin._get_router(context, router_id) self._notify_before_router_edge_association(context, router) with locking.LockManager.get_lock(str(edge_id)): router_ids = self.edge_manager.get_routers_on_same_edge( context, router_id) self._update_nat_rules_on_routers(context, router_id, router_ids) self._update_subnets_and_dnat_firewall_on_routers( context, router_id, router_ids, allow_external=True) if not ports: edge_utils.delete_interface(self.nsx_v, context, router_id, network_id) # unbind all services if no interfaces attached to the # router if not connected_networks: self._remove_router_services_on_edge(context, router_id) self._unbind_router_on_edge(context, router_id) else: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface(self.nsx_v, context, router_id, network_id, address_groups) return info
def configure_router_edge(self, context, rtr_id): ctx = context.elevated() # Connect router interface to inter-edge network port_data = { 'port': { 'network_id': self.internal_net, 'name': None, 'admin_state_up': True, 'device_id': rtr_id, 'device_owner': constants.DEVICE_OWNER_ROUTER_GW, 'fixed_ips': constants.ATTR_NOT_SPECIFIED, 'mac_address': constants.ATTR_NOT_SPECIFIED, 'port_security_enabled': False, 'tenant_id': None } } self.nsxv_plugin.base_create_port(ctx, port_data) address_groups = self._get_address_groups(ctx, self.internal_net, rtr_id, is_proxy=False) if context is None: context = self.context edge_utils.update_internal_interface(self.nsxv_plugin.nsx_v, context, rtr_id, self.internal_net, address_groups=address_groups) self._setup_metadata_lb(rtr_id, METADATA_IP_ADDR, METADATA_TCP_PORT, cfg.CONF.nsxv.nova_metadata_port, self.proxy_edge_ips, proxy_lb=False, context=context)
def add_router_interface(self, context, router_id, interface_info): self.plugin._check_intf_number_of_router(context, router_id) info = super(nsx_v.NsxVPluginV2, self.plugin).add_router_interface( context, router_id, interface_info) router_db = self.plugin._get_router(context, router_id) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] address_groups = self.plugin._get_address_groups( context, router_id, network_id) with locking.LockManager.get_lock( self._get_router_edge_id(context, router_id)): edge_utils.update_internal_interface( self.nsx_v, context, router_id, network_id, address_groups, router_db['admin_state_up']) # Update edge's firewall rules to accept subnets flows. self.plugin._update_subnets_and_dnat_firewall(context, router_db) if router_db.gw_port and router_db.enable_snat: # Update Nat rules on external edge vnic self.plugin._update_nat_rules(context, router_db) return info
def configure_router_edge(self, rtr_id, context=None): # Connect router interface to inter-edge network port_data = { 'port': { 'network_id': self.internal_net, 'name': None, 'admin_state_up': True, 'device_id': rtr_id, 'device_owner': constants.DEVICE_OWNER_ROUTER_GW, 'fixed_ips': constants.ATTR_NOT_SPECIFIED, 'mac_address': constants.ATTR_NOT_SPECIFIED, 'port_security_enabled': False, 'tenant_id': None}} self.nsxv_plugin.create_port(self.context, port_data) address_groups = self._get_address_groups( self.context, self.internal_net, rtr_id, is_proxy=False) if context is None: context = self.context edge_utils.update_internal_interface( self.nsxv_plugin.nsx_v, context, rtr_id, self.internal_net, address_groups=address_groups) self._setup_metadata_lb(rtr_id, METADATA_IP_ADDR, METADATA_TCP_PORT, cfg.CONF.nsxv.nova_metadata_port, self.proxy_edge_ips, proxy_lb=False, context=context)
def configure_router_edge(self, context, rtr_id): LOG.debug('Configuring metadata infrastructure for %s', rtr_id) ctx = neutron_context.get_admin_context() # Connect router interface to inter-edge network port_data = { 'port': { 'network_id': self.internal_net, 'name': None, 'admin_state_up': True, 'device_id': rtr_id, 'device_owner': constants.DEVICE_OWNER_ROUTER_GW, 'fixed_ips': constants.ATTR_NOT_SPECIFIED, 'mac_address': constants.ATTR_NOT_SPECIFIED, 'port_security_enabled': False, 'tenant_id': nsxv_constants.INTERNAL_TENANT_ID}} self.nsxv_plugin.base_create_port(ctx, port_data) address_groups = self._get_address_groups( ctx, self.internal_net, rtr_id, is_proxy=False) edge_utils.update_internal_interface( self.nsxv_plugin.nsx_v, context, rtr_id, self.internal_net, address_groups=address_groups) self._setup_metadata_lb(rtr_id, METADATA_IP_ADDR, METADATA_TCP_PORT, cfg.CONF.nsxv.nova_metadata_port, self.proxy_edge_ips, proxy_lb=False, context=context)
def add_router_interface(self, context, router_id, interface_info): self.plugin._check_intf_number_of_router(context, router_id) info = super(nsx_v.NsxVPluginV2, self.plugin).add_router_interface(context, router_id, interface_info) router_db = self.plugin._get_router(context, router_id) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] address_groups = self.plugin._get_address_groups( context, router_id, network_id) with locking.LockManager.get_lock( self._get_router_edge_id(context, router_id)): edge_utils.update_internal_interface(self.nsx_v, context, router_id, network_id, address_groups, router_db['admin_state_up']) # Update edge's firewall rules to accept subnets flows. self.plugin._update_subnets_and_dnat_firewall(context, router_db) if router_db.gw_port and router_db.enable_snat: # Update Nat rules on external edge vnic self.plugin._update_nat_rules(context, router_db) return info
def _safe_add_router_interface(self, context, router_id, interface_info): self.plugin._check_intf_number_of_router(context, router_id) edge_id = edge_utils.get_router_edge_id(context, router_id) router_db = self.plugin._get_router(context, router_id) if edge_id: is_migrated = False with locking.LockManager.get_lock('nsx-shared-router-pool'): info = super(nsx_v.NsxVPluginV2, self.plugin).add_router_interface( context, router_id, interface_info) with locking.LockManager.get_lock(str(edge_id)): router_ids = self.edge_manager.get_routers_on_same_edge( context, router_id) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] # Collect all conflict networks whose cidr are overlapped # with networks attached to the router and conflict routers # which has same network with the router's. conflict_network_ids, conflict_router_ids, _ = ( self._get_conflict_network_and_router_ids_by_intf( context, router_id)) _, new_conflict_router_ids = ( self._get_available_and_conflicting_ids( context, router_id)) conflict_router_ids.extend(new_conflict_router_ids) conflict_router_ids = list(set(conflict_router_ids)) interface_ports = ( self.plugin._get_router_interface_ports_by_network( context, router_id, network_id)) # Consider whether another subnet of the same network # has been attached to the router. if len(interface_ports) > 1: is_conflict = ( self.edge_manager.is_router_conflict_on_edge( context, router_id, conflict_router_ids, conflict_network_ids, 0)) else: is_conflict = ( self.edge_manager.is_router_conflict_on_edge( context, router_id, conflict_router_ids, conflict_network_ids, 1)) if not is_conflict: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface( self.nsx_v, context, router_id, network_id, address_groups, router_db.admin_state_up) if router_db.gw_port and router_db.enable_snat: self._update_nat_rules_on_routers( context, router_id, router_ids) self._update_subnets_and_dnat_firewall_on_routers( context, router_id, router_ids, allow_external=True) if is_conflict: self._notify_before_router_edge_association( context, router_db, edge_id) with locking.LockManager.get_lock(str(edge_id)): if len(interface_ports) > 1: self._remove_router_services_on_edge( context, router_id) else: self._remove_router_services_on_edge( context, router_id, network_id) self._unbind_router_on_edge(context, router_id) is_migrated = True if is_migrated: self._bind_router_on_available_edge(context, router_id, router_db.admin_state_up) edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock(str(edge_id)): self._add_router_services_on_available_edge( context, router_id) self._notify_after_router_edge_association(context, router_db) else: info = self._base_add_router_interface(context, router_id, interface_info) # bind and configure routing service on an available edge self._bind_router_on_available_edge(context, router_id, router_db.admin_state_up) edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock(str(edge_id)): self._add_router_services_on_available_edge(context, router_id) self._notify_after_router_edge_association(context, router_db) return info
def _setup_new_proxy_edge(self, rtr_ext_ip): rtr_id = None try: router_data = { 'router': { 'name': 'metadata_proxy_router', 'admin_state_up': True, 'router_type': 'exclusive', 'tenant_id': None}} rtr = self.nsxv_plugin.create_router( self.context, router_data, allow_metadata=False) rtr_id = rtr['id'] edge_id = self._get_edge_id_by_rtr_id(rtr_id) self.nsxv_plugin.nsx_v.update_interface( rtr['id'], edge_id, vcns_const.EXTERNAL_VNIC_INDEX, cfg.CONF.nsxv.mgt_net_moid, address=rtr_ext_ip, netmask=cfg.CONF.nsxv.mgt_net_proxy_netmask, secondary=[]) port_data = { 'port': { 'network_id': self.internal_net, 'name': None, 'admin_state_up': True, 'device_id': rtr_id, 'device_owner': constants.DEVICE_OWNER_ROUTER_INTF, 'fixed_ips': constants.ATTR_NOT_SPECIFIED, 'mac_address': constants.ATTR_NOT_SPECIFIED, 'port_security_enabled': False, 'tenant_id': None}} port = self.nsxv_plugin.create_port(self.context, port_data) address_groups = self._get_address_groups( self.context, self.internal_net, rtr_id, is_proxy=True) edge_ip = port['fixed_ips'][0]['ip_address'] edge_utils.update_internal_interface( self.nsxv_plugin.nsx_v, self.context, rtr_id, self.internal_net, address_groups) self._setup_metadata_lb(rtr_id, port['fixed_ips'][0]['ip_address'], cfg.CONF.nsxv.nova_metadata_port, cfg.CONF.nsxv.nova_metadata_port, cfg.CONF.nsxv.nova_metadata_ips, proxy_lb=True) firewall_rules = [ DEFAULT_EDGE_FIREWALL_RULE, { 'action': 'allow', 'enabled': True, 'source_ip_address': [INTERNAL_SUBNET]}] edge_utils.update_firewall( self.nsxv_plugin.nsx_v, self.context, rtr_id, {'firewall_rule_list': firewall_rules}, allow_external=False) if cfg.CONF.nsxv.mgt_net_default_gateway: self.nsxv_plugin._update_routes( self.context, rtr_id, cfg.CONF.nsxv.mgt_net_default_gateway) nsxv_db.create_nsxv_internal_edge( self.context.session, rtr_ext_ip, vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE, rtr_id) return edge_ip except Exception as e: LOG.exception(_LE("Exception %s while creating internal edge " "for metadata service"), e) ports = self.nsxv_plugin.get_ports( self.context, filters={'device_id': [rtr_id]}) for port in ports: self.nsxv_plugin.delete_port(self.context, port['id'], l3_port_check=True, nw_gw_port_check=True) nsxv_db.delete_nsxv_internal_edge( self.context.session, rtr_ext_ip) if rtr_id: self.nsxv_plugin.delete_router(self.context, rtr_id)
def _setup_new_proxy_edge(self, rtr_ext_ip): rtr_id = None try: router_data = { 'router': { 'name': 'metadata_proxy_router', 'admin_state_up': True, 'router_type': 'exclusive', 'tenant_id': None } } rtr = self.nsxv_plugin.create_router(self.context, router_data, allow_metadata=False) rtr_id = rtr['id'] edge_id = self._get_edge_id_by_rtr_id(rtr_id) self.nsxv_plugin.nsx_v.update_interface( rtr['id'], edge_id, vcns_const.EXTERNAL_VNIC_INDEX, cfg.CONF.nsxv.mgt_net_moid, address=rtr_ext_ip, netmask=cfg.CONF.nsxv.mgt_net_proxy_netmask, secondary=[]) port_data = { 'port': { 'network_id': self.internal_net, 'name': None, 'admin_state_up': True, 'device_id': rtr_id, 'device_owner': constants.DEVICE_OWNER_ROUTER_INTF, 'fixed_ips': constants.ATTR_NOT_SPECIFIED, 'mac_address': constants.ATTR_NOT_SPECIFIED, 'port_security_enabled': False, 'tenant_id': None } } port = self.nsxv_plugin.create_port(self.context, port_data) address_groups = self._get_address_groups(self.context, self.internal_net, rtr_id, is_proxy=True) edge_ip = port['fixed_ips'][0]['ip_address'] edge_utils.update_internal_interface(self.nsxv_plugin.nsx_v, self.context, rtr_id, self.internal_net, address_groups) self._setup_metadata_lb(rtr_id, port['fixed_ips'][0]['ip_address'], cfg.CONF.nsxv.nova_metadata_port, cfg.CONF.nsxv.nova_metadata_port, cfg.CONF.nsxv.nova_metadata_ips, proxy_lb=True) firewall_rules = [ DEFAULT_EDGE_FIREWALL_RULE, { 'action': 'allow', 'enabled': True, 'source_ip_address': [INTERNAL_SUBNET] } ] edge_utils.update_firewall(self.nsxv_plugin.nsx_v, self.context, rtr_id, {'firewall_rule_list': firewall_rules}, allow_external=False) if cfg.CONF.nsxv.mgt_net_default_gateway: self.nsxv_plugin._update_routes( self.context, rtr_id, cfg.CONF.nsxv.mgt_net_default_gateway) nsxv_db.create_nsxv_internal_edge( self.context.session, rtr_ext_ip, vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE, rtr_id) return edge_ip except Exception as e: LOG.exception( _LE("Exception %s while creating internal edge " "for metadata service"), e) ports = self.nsxv_plugin.get_ports(self.context, filters={'device_id': [rtr_id]}) for port in ports: self.nsxv_plugin.delete_port(self.context, port['id'], l3_port_check=True, nw_gw_port_check=True) nsxv_db.delete_nsxv_internal_edge(self.context.session, rtr_ext_ip) if rtr_id: self.nsxv_plugin.delete_router(self.context, rtr_id)
def _safe_add_router_interface(self, context, router_id, interface_info): self.plugin._check_intf_number_of_router(context, router_id) edge_id = edge_utils.get_router_edge_id(context, router_id) router_db = self.plugin._get_router(context, router_id) if edge_id: is_migrated = False with locking.LockManager.get_lock('nsx-shared-router-pool'): info = super(nsx_v.NsxVPluginV2, self.plugin).add_router_interface( context, router_id, interface_info) with locking.LockManager.get_lock(str(edge_id)): router_ids = self.edge_manager.get_routers_on_same_edge( context, router_id) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] # Collect all conflict networks whose cidr are overlapped # with networks attached to the router and conflict routers # which has same network with the router's. conflict_network_ids, conflict_router_ids, _ = ( self._get_conflict_network_and_router_ids_by_intf( context, router_id)) _, new_conflict_router_ids = ( self._get_available_and_conflicting_ids(context, router_id)) conflict_router_ids.extend(new_conflict_router_ids) conflict_router_ids = list(set(conflict_router_ids)) interface_ports = ( self.plugin._get_router_interface_ports_by_network( context, router_id, network_id)) # Consider whether another subnet of the same network # has been attached to the router. if len(interface_ports) > 1: is_conflict = ( self.edge_manager.is_router_conflict_on_edge( context, router_id, conflict_router_ids, conflict_network_ids, 0)) else: is_conflict = ( self.edge_manager.is_router_conflict_on_edge( context, router_id, conflict_router_ids, conflict_network_ids, 1)) if not is_conflict: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface( self.nsx_v, context, router_id, network_id, address_groups, router_db.admin_state_up) if router_db.gw_port and router_db.enable_snat: self._update_nat_rules_on_routers( context, router_id, router_ids) self._update_subnets_and_dnat_firewall_on_routers( context, router_id, router_ids, allow_external=True) if is_conflict: self._notify_before_router_edge_association( context, router_db, edge_id) with locking.LockManager.get_lock(str(edge_id)): if len(interface_ports) > 1: self._remove_router_services_on_edge( context, router_id) else: self._remove_router_services_on_edge( context, router_id, network_id) self._unbind_router_on_edge(context, router_id) is_migrated = True if is_migrated: self._bind_router_on_available_edge( context, router_id, router_db.admin_state_up) edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock(str(edge_id)): self._add_router_services_on_available_edge(context, router_id) self._notify_after_router_edge_association(context, router_db) else: info = self._base_add_router_interface(context, router_id, interface_info) # bind and configure routing service on an available edge self._bind_router_on_available_edge( context, router_id, router_db.admin_state_up) edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock(str(edge_id)): self._add_router_services_on_available_edge(context, router_id) self._notify_after_router_edge_association(context, router_db) return info
def _setup_new_proxy_edge(self, rtr_ext_ip): # Use separate context per each as we use this in tread context context = neutron_context.get_admin_context() rtr_id = None try: rtr_name = 'metadata_proxy_router' if not self.az.is_default(): rtr_name = '%s-%s' % (rtr_name, self.az.name) router_data = { 'router': { 'name': rtr_name, 'admin_state_up': True, 'router_type': 'exclusive', 'availability_zone_hints': [self.az.name], 'tenant_id': nsxv_constants.INTERNAL_TENANT_ID}} rtr = self.nsxv_plugin.create_router( context, router_data, allow_metadata=False) rtr_id = rtr['id'] edge_id = self._get_edge_id_by_rtr_id(context, rtr_id) if not edge_id: LOG.error('No edge create for router - %s', rtr_id) if rtr_id: self.nsxv_plugin.delete_router(context, rtr_id) return self.nsxv_plugin.nsx_v.update_interface( rtr['id'], edge_id, vcns_const.EXTERNAL_VNIC_INDEX, self.az.mgt_net_moid, address=rtr_ext_ip, netmask=self.az.mgt_net_proxy_netmask, secondary=[]) port_data = { 'port': { 'network_id': self.internal_net, 'name': None, 'admin_state_up': True, 'device_id': rtr_id, 'device_owner': (constants.DEVICE_OWNER_NETWORK_PREFIX + 'md_interface'), 'fixed_ips': constants.ATTR_NOT_SPECIFIED, 'mac_address': constants.ATTR_NOT_SPECIFIED, 'port_security_enabled': False, 'tenant_id': nsxv_constants.INTERNAL_TENANT_ID}} port = self.nsxv_plugin.base_create_port(context, port_data) address_groups = self._get_address_groups( context, self.internal_net, rtr_id, is_proxy=True) edge_ip = port['fixed_ips'][0]['ip_address'] with locking.LockManager.get_lock(edge_id): edge_utils.update_internal_interface( self.nsxv_plugin.nsx_v, context, rtr_id, self.internal_net, address_groups) self._setup_metadata_lb(rtr_id, port['fixed_ips'][0]['ip_address'], cfg.CONF.nsxv.nova_metadata_port, cfg.CONF.nsxv.nova_metadata_port, cfg.CONF.nsxv.nova_metadata_ips, proxy_lb=True) firewall_rules = [ DEFAULT_EDGE_FIREWALL_RULE, { 'action': 'allow', 'enabled': True, 'source_ip_address': [INTERNAL_SUBNET]}] edge_utils.update_firewall( self.nsxv_plugin.nsx_v, context, rtr_id, {'firewall_rule_list': firewall_rules}, allow_external=False) if self.az.mgt_net_default_gateway: self.nsxv_plugin._update_routes( context, rtr_id, self.az.mgt_net_default_gateway) nsxv_db.create_nsxv_internal_edge( context.session, rtr_ext_ip, vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE, rtr_id) return edge_ip except Exception as e: LOG.exception("Exception %s while creating internal edge " "for metadata service", e) ports = self.nsxv_plugin.get_ports( context, filters={'device_id': [rtr_id]}) for port in ports: self.nsxv_plugin.delete_port(context, port['id'], l3_port_check=True, nw_gw_port_check=True) nsxv_db.delete_nsxv_internal_edge( context.session, rtr_ext_ip) if rtr_id: self.nsxv_plugin.delete_router(context, rtr_id)
def _setup_new_proxy_edge(self, rtr_ext_ip): # Use separate context per each as we use this in tread context context = neutron_context.get_admin_context() rtr_id = None try: rtr_name = 'metadata_proxy_router' if not self.az.is_default(): rtr_name = '%s-%s' % (rtr_name, self.az.name) router_data = { 'router': { 'name': rtr_name, 'admin_state_up': True, 'router_type': 'exclusive', 'availability_zone_hints': [self.az.name], 'tenant_id': nsxv_constants.INTERNAL_TENANT_ID}} rtr = self.nsxv_plugin.create_router( context, router_data, allow_metadata=False) rtr_id = rtr['id'] edge_id = self._get_edge_id_by_rtr_id(context, rtr_id) if not edge_id: LOG.error('No edge create for router - %s', rtr_id) if rtr_id: self.nsxv_plugin.delete_router(context, rtr_id) return self.nsxv_plugin.nsx_v.update_interface( rtr['id'], edge_id, vcns_const.EXTERNAL_VNIC_INDEX, self.az.mgt_net_moid, address=rtr_ext_ip, netmask=self.az.mgt_net_proxy_netmask, secondary=[]) port_data = { 'port': { 'network_id': self.internal_net, 'name': None, 'admin_state_up': True, 'device_id': rtr_id, 'device_owner': (constants.DEVICE_OWNER_NETWORK_PREFIX + 'md_interface'), 'fixed_ips': constants.ATTR_NOT_SPECIFIED, 'mac_address': constants.ATTR_NOT_SPECIFIED, 'port_security_enabled': False, 'tenant_id': nsxv_constants.INTERNAL_TENANT_ID}} port = self.nsxv_plugin.base_create_port(context, port_data) address_groups = self._get_address_groups( context, self.internal_net, rtr_id, is_proxy=True) edge_ip = port['fixed_ips'][0]['ip_address'] with locking.LockManager.get_lock(edge_id): edge_utils.update_internal_interface( self.nsxv_plugin.nsx_v, context, rtr_id, self.internal_net, address_groups) self._setup_metadata_lb(rtr_id, port['fixed_ips'][0]['ip_address'], cfg.CONF.nsxv.nova_metadata_port, cfg.CONF.nsxv.nova_metadata_port, cfg.CONF.nsxv.nova_metadata_ips, proxy_lb=True) firewall_rules = [ DEFAULT_EDGE_FIREWALL_RULE, { 'action': 'allow', 'enabled': True, 'source_ip_address': [INTERNAL_SUBNET]}] edge_utils.update_firewall( self.nsxv_plugin.nsx_v, context, rtr_id, {'firewall_rule_list': firewall_rules}, allow_external=False) if self.az.mgt_net_default_gateway: self.nsxv_plugin._update_routes( context, rtr_id, self.az.mgt_net_default_gateway) nsxv_db.create_nsxv_internal_edge( context.session, rtr_ext_ip, vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE, rtr_id) return edge_ip except Exception as e: LOG.exception("Exception %s while creating internal edge " "for metadata service", e) ports = self.nsxv_plugin.get_ports( context, filters={'device_id': [rtr_id]}) for port in ports: self.nsxv_plugin.delete_port(context, port['id'], l3_port_check=True, nw_gw_port_check=True, allow_delete_internal=True) nsxv_db.delete_nsxv_internal_edge( context.session, rtr_ext_ip) if rtr_id: self.nsxv_plugin.delete_router(context, rtr_id)