def nsx_clean_all_backup_edges(resource, event, trigger, **kwargs):
"""Delete all backup edges"""
scope = "all"
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
scope = properties.get("scope", "all")
if scope not in ["neutron", "all"]:
LOG.error("Need to specify the scope in ['neutron', 'all']")
return
backup_edges = get_nsxv_backup_edges(scope=scope)
if not kwargs.get('force'):
#ask for the user confirmation
confirm = admin_utils.query_yes_no(
"Do you want to delete %s backup edges?" % len(backup_edges),
default="no")
if not confirm:
LOG.info("Backup edges deletion aborted by user")
return
deleted_cnt = 0
for edge in backup_edges:
# delete the backup edge
if _nsx_delete_backup_edge(edge['id'], backup_edges):
deleted_cnt = deleted_cnt + 1
LOG.info('Done Deleting %s backup edges', deleted_cnt)
def nsx_clean_spoofguard_policy(resource, event, trigger, **kwargs):
"""Delete spoofguard policy"""
errmsg = ("Need to specify policy-id. Add --property "
"policy-id=<policy-id>")
if not kwargs.get('property'):
LOG.error(_LE("%s"), errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
policy_id = properties.get('policy-id')
if not policy_id:
LOG.error(_LE("%s"), errmsg)
return
try:
nsxv.get_spoofguard_policy(policy_id)
except exceptions.NeutronException as e:
LOG.error(_LE("Unable to retrieve policy %(p)s: %(e)s"),
{'p': policy_id, 'e': str(e)})
else:
confirm = admin_utils.query_yes_no(
"Do you want to delete spoofguard-policy: %s" % policy_id,
default="no")
if not confirm:
LOG.info(_LI("spoofguard-policy deletion aborted by user"))
return
try:
nsxv.delete_spoofguard_policy(policy_id)
except Exception as e:
LOG.error(_LE("%s"), str(e))
LOG.info(_LI('spoofguard-policy successfully deleted.'))
def update_security_groups_logging(resource, event, trigger, **kwargs):
"""Update allowed traffic logging for all neutron security group rules"""
errmsg = ("Need to specify log-allowed-traffic property. Add --property "
"log-allowed-traffic=true/false")
if not kwargs.get('property'):
LOG.error("%s", errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
log_allowed_str = properties.get('log-allowed-traffic')
if not log_allowed_str or log_allowed_str.lower() not in ['true', 'false']:
LOG.error("%s", errmsg)
return
log_allowed = log_allowed_str.lower() == 'true'
context = neutron_context.get_admin_context()
nsxlib = v3_utils.get_connected_nsxlib()
with v3_utils.NsxV3PluginWrapper() as plugin:
secgroups = plugin.get_security_groups(context,
fields=['id',
sg_logging.LOGGING])
LOG.info("Going to update logging of %s sections",
len(secgroups))
for sg in [sg for sg in secgroups
if sg.get(sg_logging.LOGGING) is False]:
nsgroup_id, section_id = nsx_db.get_sg_mappings(
context.session, sg['id'])
if section_id:
try:
nsxlib.firewall_section.set_rule_logging(
section_id, logging=log_allowed)
except nsx_lib_exc.ManagerError:
LOG.error("Failed to update firewall rule logging "
"for rule in section %s", section_id)
def nsx_update_edges(resource, event, trigger, **kwargs):
"""Update all edges with the given property"""
if not kwargs.get('property'):
usage_msg = ("Need to specify a property to update all edges. "
"Add --property appliances=<True/False>")
LOG.error(usage_msg)
return
edges = utils.get_nsxv_backend_edges()
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
result = 0
for edge in edges:
if properties.get('appliances', 'false').lower() == "true":
try:
change_edge_appliance(edge.get('edge-id'))
except Exception as e:
result += 1
LOG.error(
"Failed to update edge %(edge)s. Exception: "
"%(e)s", {
'edge': edge.get('edge-id'),
'e': str(e)
})
if result > 0:
total = len(edges)
LOG.error("%(result)s of %(total)s edges failed "
"to update.", {
'result': result,
'total': total
})
def neutron_clean_backup_edge(resource, event, trigger, **kwargs):
"""Delete a backup edge from the neutron, and backend by it's name
The name of the backup edge is the router-id column in the BD table
nsxv_router_bindings, and it is also printed by list-mismatches
"""
errmsg = ("Need to specify router-id property. Add --property "
"router-id=<router-id>")
if not kwargs.get('property'):
LOG.error("%s", errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
router_id = properties.get('router-id')
if not router_id:
LOG.error("%s", errmsg)
return
# look for the router-binding entry
edgeapi = utils.NeutronDbClient()
rtr_binding = nsxv_db.get_nsxv_router_binding(
edgeapi.context.session, router_id)
if not rtr_binding:
LOG.error('Backup %s was not found in DB', router_id)
return
edge_id = rtr_binding['edge_id']
if edge_id:
# delete from backend too
_delete_edge_from_nsx_and_neutron(edge_id, router_id)
else:
# delete only from DB
_delete_backup_from_neutron_db(None, router_id)
def nsx_clean_backup_edge(resource, event, trigger, **kwargs):
"""Delete backup edge"""
errmsg = ("Need to specify edge-id property. Add --property "
"edge-id=<edge-id>")
if not kwargs.get('property'):
LOG.error(_LE("%s"), errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
edge_id = properties.get('edge-id')
if not edge_id:
LOG.error(_LE("%s"), errmsg)
return
try:
edge = nsxv.get_edge(edge_id)
except exceptions.NeutronException as x:
LOG.error(_LE("%s"), str(x))
else:
# edge[0] is response status code
# edge[1] is response body
backup_edges = [e['id'] for e in get_nsxv_backup_edges()]
if (not edge[1]['name'].startswith('backup-')
or edge[1]['id'] not in backup_edges):
LOG.error(
_LE('Edge: %s is not a backup edge; aborting delete'), edge_id)
return
confirm = admin_utils.query_yes_no(
"Do you want to delete edge: %s" % edge_id, default="no")
if not confirm:
LOG.info(_LI("Backup edge deletion aborted by user"))
return
_delete_edge_from_nsx_and_neutron(edge_id, edge[1]['name'])
def get_metadata_status(resource, event, trigger, **kwargs):
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
net_id = properties.get('network_id')
else:
net_id = None
edgeapi = utils.NeutronDbClient()
edge_list = nsxv_db.get_nsxv_internal_edges_by_purpose(
edgeapi.context.session,
vcns_constants.InternalEdgePurposes.INTER_EDGE_PURPOSE)
md_rtr_ids = [edge['router_id'] for edge in edge_list]
router_bindings = nsxv_db.get_nsxv_router_bindings(
edgeapi.context.session,
filters={'router_id': md_rtr_ids})
edge_ids = [b['edge_id'] for b in router_bindings]
_md_member_status('Metadata edge appliance: %s members', edge_ids)
if net_id:
as_provider_data = nsxv_db.get_edge_vnic_bindings_by_int_lswitch(
edgeapi.context.session, net_id)
providers = [asp['edge_id'] for asp in as_provider_data]
if providers:
LOG.info('Metadata providers for network %s', net_id)
_md_member_status('Edge %s', providers)
else:
LOG.info('No providers found for network %s', net_id)
def nsx_clean_spoofguard_policy(resource, event, trigger, **kwargs):
"""Delete spoofguard policy"""
errmsg = ("Need to specify policy-id. Add --property "
"policy-id=<policy-id>")
if not kwargs.get('property'):
LOG.error("%s", errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
policy_id = properties.get('policy-id')
if not policy_id:
LOG.error("%s", errmsg)
return
try:
h, c = nsxv.get_spoofguard_policy(policy_id)
except exceptions.NeutronException as e:
LOG.error("Unable to retrieve policy %(p)s: %(e)s",
{'p': policy_id, 'e': str(e)})
else:
if not c.get('spoofguardList'):
LOG.error("Policy %s does not exist", policy_id)
return
confirm = admin_utils.query_yes_no(
"Do you want to delete spoofguard-policy: %s" % policy_id,
default="no")
if not confirm:
LOG.info("spoofguard-policy deletion aborted by user")
return
try:
nsxv.delete_spoofguard_policy(policy_id)
except Exception as e:
LOG.error("%s", str(e))
LOG.info('spoofguard-policy successfully deleted.')
def get_metadata_status(resource, event, trigger, **kwargs):
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
net_id = properties.get('network_id')
else:
net_id = None
edgeapi = utils.NeutronDbClient()
edge_list = nsxv_db.get_nsxv_internal_edges_by_purpose(
edgeapi.context.session,
vcns_constants.InternalEdgePurposes.INTER_EDGE_PURPOSE)
md_rtr_ids = [edge['router_id'] for edge in edge_list]
router_bindings = nsxv_db.get_nsxv_router_bindings(
edgeapi.context.session, filters={'router_id': md_rtr_ids})
edge_ids = [b['edge_id'] for b in router_bindings]
_md_member_status('Metadata edge appliance: %s members', edge_ids)
if net_id:
as_provider_data = nsxv_db.get_edge_vnic_bindings_by_int_lswitch(
edgeapi.context.session, net_id)
providers = [asp['edge_id'] for asp in as_provider_data]
if providers:
LOG.info('Metadata providers for network %s', net_id)
_md_member_status('Edge %s', providers)
else:
LOG.info('No providers found for network %s', net_id)
def nsx_update_edge(resource, event, trigger, **kwargs):
"""Update edge properties"""
usage_msg = _LE("Need to specify edge-id parameter and "
"attribute to update. Add --property edge-id=<edge-id> "
"and --property highavailability=<True/False> or "
"--property size=<size> or --property appliances=True")
if not kwargs.get('property'):
LOG.error(usage_msg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
if not properties.get('edge-id'):
LOG.error(
_LE("Need to specify edge-id. "
"Add --property edge-id=<edge-id>"))
return
LOG.info(_LI("Updating NSXv edge: %(edge)s with properties\n%(prop)s"), {
'edge': properties.get('edge-id'),
'prop': properties
})
if properties.get('highavailability'):
change_edge_ha(properties['highavailability'].lower() == "true",
properties['edge-id'])
elif properties.get('size'):
change_edge_appliance_size(properties)
elif (properties.get('appliances')
and properties.get('appliances').lower() == "true"):
change_edge_appliance(properties['edge-id'])
else:
# no attribute was specified
LOG.error(usage_msg)
def update_security_groups_logging(resource, event, trigger, **kwargs):
"""Update allowed traffic logging for all neutron security group rules"""
errmsg = ("Need to specify log-allowed-traffic property. Add --property "
"log-allowed-traffic=true/false")
if not kwargs.get('property'):
LOG.error("%s", errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
log_allowed_str = properties.get('log-allowed-traffic')
if not log_allowed_str or log_allowed_str.lower() not in ['true', 'false']:
LOG.error("%s", errmsg)
return
log_allowed = log_allowed_str.lower() == 'true'
context = neutron_context.get_admin_context()
nsxlib = v3_utils.get_connected_nsxlib()
with v3_utils.NsxV3PluginWrapper() as plugin:
secgroups = plugin.get_security_groups(
context, fields=['id', sg_logging.LOGGING])
LOG.info("Going to update logging of %s sections", len(secgroups))
for sg in [
sg for sg in secgroups if sg.get(sg_logging.LOGGING) is False
]:
nsgroup_id, section_id = nsx_db.get_sg_mappings(
context.session, sg['id'])
if section_id:
try:
nsxlib.firewall_section.set_rule_logging(
section_id, logging=log_allowed)
except nsx_lib_exc.ManagerError:
LOG.error(
"Failed to update firewall rule logging "
"for rule in section %s", section_id)
def nsx_update_switch(resource, event, trigger, **kwargs):
nsxv = utils.get_nsxv_client()
if not kwargs.get('property'):
LOG.error(_LE("Need to specify dvs-id parameter and "
"attribute to update. Add --property dvs-id=<dvs-id> "
"--property teamingpolicy=<policy>"))
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
dvs_id = properties.get('dvs-id')
if not dvs_id:
LOG.error(_LE("Need to specify dvs-id. "
"Add --property dvs-id=<dvs-id>"))
return
h, switch = nsxv.get_vdn_switch(dvs_id)
policy = properties.get('teamingpolicy')
if policy:
if switch['teamingPolicy'] == policy:
LOG.info(_LI("Policy already set!"))
return
LOG.info(_LI("Updating NSXv switch %(dvs)s teaming policy to "
"%(policy)s"), {'dvs': dvs_id, 'policy': policy})
switch['teamingPolicy'] = policy
switch = nsxv.update_vdn_switch(switch)
LOG.info(_LI("Switch value after update: %s"), switch)
else:
LOG.error(_LE("No teaming policy set. "
"Add --property teamingpolicy=<policy>"))
LOG.info(_LI("Current switch value is: %s"), switch)
def nsx_update_metadata_proxy(resource, event, trigger, **kwargs):
"""Update Metadata proxy for NSXv3 CrossHairs."""
nsx_version = utils.get_connected_nsxlib().get_version()
if not nsx_utils.is_nsx_version_1_1_0(nsx_version):
LOG.info(_LI("This utility is not available for NSX version %s"),
nsx_version)
return
metadata_proxy_uuid = None
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
metadata_proxy_uuid = properties.get('metadata_proxy_uuid')
if not metadata_proxy_uuid:
LOG.error(_LE("metadata_proxy_uuid is not defined"))
return
cfg.CONF.set_override('dhcp_agent_notification', False)
cfg.CONF.set_override('native_dhcp_metadata', True, 'nsx_v3')
cfg.CONF.set_override('metadata_proxy_uuid', metadata_proxy_uuid, 'nsx_v3')
plugin = utils.NsxV3PluginWrapper()
nsx_client = utils.get_nsxv3_client()
port_resource = resources.LogicalPort(nsx_client)
# For each Neutron network, check if it is an internal metadata network.
# If yes, delete the network and associated router interface.
# Otherwise, create a logical switch port with MD-Proxy attachment.
for network in neutron_client.get_networks():
if _is_metadata_network(network):
# It is a metadata network, find the attached router,
# remove the router interface and the network.
filters = {'device_owner': const.ROUTER_INTERFACE_OWNERS,
'fixed_ips': {
'subnet_id': [network['subnets'][0]],
'ip_address': [nsx_rpc.METADATA_GATEWAY_IP]}}
ports = neutron_client.get_ports(filters=filters)
if not ports:
continue
router_id = ports[0]['device_id']
interface = {'subnet_id': network['subnets'][0]}
plugin.remove_router_interface(router_id, interface)
LOG.info(_LI("Removed metadata interface on router %s"), router_id)
plugin.delete_network(network['id'])
LOG.info(_LI("Removed metadata network %s"), network['id'])
else:
lswitch_id = neutron_client.net_id_to_lswitch_id(network['id'])
if not lswitch_id:
continue
tags = nsx_utils.build_v3_tags_payload(
network, resource_type='os-neutron-net-id',
project_name='admin')
name = nsx_utils.get_name_and_uuid('%s-%s' % (
'mdproxy', network['name'] or 'network'), network['id'])
port_resource.create(
lswitch_id, metadata_proxy_uuid, tags=tags, name=name,
attachment_type=nsx_constants.ATTACHMENT_MDPROXY)
LOG.info(_LI("Enabled native metadata proxy for network %s"),
network['id'])
def delete_backend_network(resource, event, trigger, **kwargs):
"""Delete a backend network by its moref
"""
errmsg = ("Need to specify moref property. Add --property moref=<moref>")
if not kwargs.get('property'):
LOG.error(_LE("%s"), errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
moref = properties.get('moref')
if not moref:
LOG.error(_LE("%s"), errmsg)
return
backend_name = get_networks_name_map().get(moref)
if not backend_name:
LOG.error(_LE("Failed to find the backend network %(moref)s"),
{'moref': moref})
return
# Note: in case the backend network is attached to other backend objects,
# like VM, the deleting may fail and through an exception
nsxv = utils.get_nsxv_client()
if moref.startswith(PORTGROUP_PREFIX):
# get the dvs id from the backend name:
dvs_id = get_dvs_id_from_backend_name(backend_name)
if not dvs_id:
LOG.error(
_LE("Failed to find the DVS id of backend network "
"%(moref)s"), {'moref': moref})
else:
try:
nsxv.delete_port_group(dvs_id, moref)
except Exception as e:
LOG.error(
_LE("Failed to delete backend network %(moref)s : "
"%(e)s"), {
'moref': moref,
'e': e
})
else:
LOG.info(_LI("Backend network %(moref)s was deleted"),
{'moref': moref})
else:
# Virtual wire
try:
nsxv.delete_virtual_wire(moref)
except Exception as e:
LOG.error(
_LE("Failed to delete backend network %(moref)s : "
"%(e)s"), {
'moref': moref,
'e': e
})
else:
LOG.info(_LI("Backend network %(moref)s was deleted"),
{'moref': moref})
def _get_dhcp_profile_uuid(**kwargs):
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
dhcp_profile_uuid = properties.get('dhcp_profile_uuid')
if dhcp_profile_uuid:
return dhcp_profile_uuid
if cfg.CONF.nsx_v3.dhcp_profile:
return nsxlib.native_dhcp_profile.get_id_by_name_or_id(
cfg.CONF.nsx_v3.dhcp_profile)
def nsx_update_edge(resource, event, trigger, **kwargs):
"""Update edge properties"""
usage_msg = ("Need to specify edge-id parameter and "
"attribute to update. Add --property edge-id=<edge-id> "
"and --property highavailability=<True/False> or "
"--property size=<size> or --property appliances=True. "
"\nFor syslog, add --property syslog-server=<ip>|none and "
"(optional) --property syslog-server2=<ip> and/or "
"(optional) --property syslog-proto=[tcp/udp] "
"\nFor log levels, add --property [routing|dhcp|dns|"
"highavailability|loadbalancer]-log-level="
"[debug|info|warning|error]. To set log level for all "
"modules, add --property log-level=<level> "
"\nFor edge reservations, add "
"--property resource=cpu|memory and "
"(optional) --property limit=<limit> and/or "
"(optional) --property shares=<shares> and/or "
"(optional) --property reservation=<reservation> "
"\nFor hostgroup updates, add "
"--property hostgroup=update/all/clean")
if not kwargs.get('property'):
LOG.error(usage_msg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
if (not properties.get('edge-id')
and not properties.get('hostgroup', '').lower() == "all"
and not properties.get('hostgroup', '').lower() == "clean"):
LOG.error("Need to specify edge-id. "
"Add --property edge-id=<edge-id>")
return
LOG.info("Updating NSXv edge: %(edge)s with properties\n%(prop)s", {
'edge': properties.get('edge-id'),
'prop': properties
})
if properties.get('highavailability'):
change_edge_ha(properties['highavailability'].lower() == "true",
properties['edge-id'])
elif properties.get('size'):
change_edge_appliance_size(properties)
elif (properties.get('appliances')
and properties.get('appliances').lower() == "true"):
change_edge_appliance(properties['edge-id'])
elif properties.get('syslog-server'):
if (properties.get('syslog-server').lower() == "none"):
delete_edge_syslog(properties['edge-id'])
else:
change_edge_syslog(properties)
elif properties.get('resource'):
change_edge_appliance_reservations(properties)
elif properties.get('hostgroup'):
change_edge_hostgroup(properties)
elif change_edge_loglevel(properties):
pass
else:
# no attribute was specified
LOG.error(usage_msg)
def nsx_recreate_dhcp_edge(resource, event, trigger, **kwargs):
"""Recreate a dhcp edge with all the networks n a new NSXv edge"""
if not kwargs.get('property'):
LOG.error(_LE("Need to specify edge-id parameter"))
return
# input validation
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
old_edge_id = properties.get('edge-id')
if not old_edge_id:
LOG.error(_LE("Need to specify edge-id parameter"))
return
LOG.info(_LI("ReCreating NSXv Edge: %s"), old_edge_id)
# init the plugin and edge manager
cfg.CONF.set_override('core_plugin',
'vmware_nsx.shell.admin.plugins.nsxv.resources'
'.utils.NsxVPluginWrapper')
plugin = utils.NsxVPluginWrapper()
nsxv_manager = vcns_driver.VcnsDriver(edge_utils.NsxVCallbacks(plugin))
edge_manager = edge_utils.EdgeManager(nsxv_manager, plugin)
context = n_context.get_admin_context()
# verify that this is a DHCP edge
bindings = nsxv_db.get_nsxv_router_bindings_by_edge(
context.session, old_edge_id)
if (not bindings or
not bindings[0]['router_id'].startswith(
nsxv_constants.DHCP_EDGE_PREFIX)):
LOG.error(_LE("Edge %(edge_id)s is not a DHCP edge"),
{'edge_id': old_edge_id})
return
# find the networks bound to this DHCP edge
networks_binding = nsxv_db.get_edge_vnic_bindings_by_edge(
context.session, old_edge_id)
network_ids = [binding['network_id'] for binding in networks_binding]
# Find out the vdr router, if this is a vdr DHCP edge
vdr_binding = nsxv_db.get_vdr_dhcp_binding_by_edge(
context.session, old_edge_id)
vdr_router_id = vdr_binding['vdr_router_id'] if vdr_binding else None
# Delete the old edge
delete_old_dhcp_edge(context, old_edge_id, bindings)
if vdr_router_id:
# recreate the edge as a VDR DHCP edge
recreate_vdr_dhcp_edge(context, plugin, edge_manager,
old_edge_id, vdr_router_id)
else:
# This is a regular DHCP edge:
# Move all the networks to other (new or existing) edge
for net_id in network_ids:
recreate_network_dhcp(context, plugin, edge_manager,
old_edge_id, net_id)
def get_cert_filename(**kwargs):
filename = cfg.CONF.nsx_v3.nsx_client_cert_file
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
filename = properties.get('filename', filename)
if not filename:
LOG.info("Please specify file containing the certificate "
"using filename property")
return filename
def get_nsx_trust_management(**kwargs):
username, password = None, None
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
username = properties.get('user')
password = properties.get('password')
nsx_client = utils.get_nsxv3_client(username, password, True)
nsx_trust = trust_management.NsxLibTrustManagement(nsx_client, {})
return nsx_trust
def create_redis_rule(resource, event, trigger, **kwargs):
usage = ("nsxadmin -r routing-redistribution-rule -o create "
"--property gw-edge-ids=<GW_EDGE_ID>[,...] "
"[--property prefix=<NAME:CIDR>] "
"--property learn-from=ospf,bgp,connected,static "
"--property action=<permit/deny>")
required_params = ('gw-edge-ids', 'learn-from', 'action')
properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', []))
if not properties or not set(required_params) <= set(properties.keys()):
LOG.error(usage)
return
prefix = properties.get('prefix')
if prefix:
prefix_name, cidr = prefix.split(':')
prefixes = [get_ip_prefix(prefix_name, cidr)] if cidr else []
else:
prefix_name = None
prefixes = []
learn_from = properties['learn-from'].split(',')
rule = get_redistribution_rule(prefix_name, 'bgp' in learn_from, 'ospf'
in learn_from, 'static' in learn_from,
'connected' in learn_from,
properties['action'])
edge_ids = properties['gw-edge-ids'].split(',')
for edge_id in edge_ids:
try:
bgp_config = nsxv.get_routing_bgp_config(edge_id)
if not bgp_config['bgp'].get('enabled'):
LOG.error("BGP is not enabled on edge %s", edge_id)
return
if not bgp_config['bgp']['redistribution']['enabled']:
LOG.error("BGP redistribution is not enabled on edge %s",
edge_id)
return
nsxv.add_bgp_redistribution_rules(edge_id, prefixes, [rule])
except exceptions.ResourceNotFound:
LOG.error("Edge %s was not found", edge_id)
return
res = [{
'edge_id': edge_id,
'prefix': prefix_name if prefix_name else 'ANY',
'learner-protocol': 'bgp',
'learn-from': ', '.join(set(learn_from)),
'action': properties['action']
} for edge_id in edge_ids]
headers = ['edge_id', 'prefix', 'learner-protocol', 'learn-from', 'action']
LOG.info(
formatters.output_formatter('Routing redistribution rule', res,
headers))
def generate_cert(resource, event, trigger, **kwargs):
"""Generate self signed client certificate and private key
"""
if not verify_client_cert_on():
return
if cfg.CONF.nsx_v3.nsx_client_cert_storage.lower() == "none":
LOG.info("Generate operation is not supported "
"with storage type 'none'")
return
# update cert defaults based on user input
properties = CERT_DEFAULTS.copy()
if kwargs.get('property'):
properties.update(
admin_utils.parse_multi_keyval_opt(kwargs['property']))
try:
prop = 'key-size'
key_size = int(properties.get(prop))
prop = 'valid-days'
valid_for_days = int(properties.get(prop))
except ValueError:
LOG.info("%s property must be a number", prop)
return
signature_alg = properties.get('sig-alg')
subject = {}
subject[client_cert.CERT_SUBJECT_COUNTRY] = properties.get('country')
subject[client_cert.CERT_SUBJECT_STATE] = properties.get('state')
subject[client_cert.CERT_SUBJECT_ORG] = properties.get('org')
subject[client_cert.CERT_SUBJECT_UNIT] = properties.get('org')
subject[client_cert.CERT_SUBJECT_HOST] = properties.get('host')
regenerate = False
with get_certificate_manager(**kwargs) as cert:
if cert.exists():
LOG.info("Deleting existing certificate")
# Need to delete cert first
cert.delete()
regenerate = True
try:
cert.generate(subject, key_size, valid_for_days, signature_alg)
except exceptions.NsxLibInvalidInput as e:
LOG.info(e)
return
LOG.info("Client certificate generated successfully")
if not regenerate:
# No certificate existed, so client authentication service was likely
# changed to true just now. The user must restart neutron to avoid
# failures.
LOG.info("Please restart neutron service")
def nsx_update_switch(resource, event, trigger, **kwargs):
nsxv = utils.get_nsxv_client()
if not kwargs.get('property'):
LOG.error(
_LE("Need to specify dvs-id parameter and "
"attribute to update. Add --property dvs-id=<dvs-id> "
"--property teamingpolicy=<policy>"))
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
dvs_id = properties.get('dvs-id')
if not dvs_id:
LOG.error(
_LE("Need to specify dvs-id. "
"Add --property dvs-id=<dvs-id>"))
return
try:
h, switch = nsxv.get_vdn_switch(dvs_id)
except exceptions.ResourceNotFound:
LOG.error(_LE("DVS %s not found"), dvs_id)
return
supported_policies = [
'ETHER_CHANNEL', 'LOADBALANCE_LOADBASED', 'LOADBALANCE_SRCID',
'LOADBALANCE_SRCMAC', 'FAILOVER_ORDER', 'LACP_ACTIVE', 'LACP_PASSIVE',
'LACP_V2'
]
policy = properties.get('teamingpolicy')
if policy in supported_policies:
if switch['teamingPolicy'] == policy:
LOG.info(_LI("Policy already set!"))
return
LOG.info(
_LI("Updating NSXv switch %(dvs)s teaming policy to "
"%(policy)s"), {
'dvs': dvs_id,
'policy': policy
})
switch['teamingPolicy'] = policy
try:
switch = nsxv.update_vdn_switch(switch)
except exceptions.VcnsApiException as e:
desc = jsonutils.loads(e.response)
details = desc.get('details')
if details.startswith("No enum constant"):
LOG.error(_LE("Unknown teaming policy %s"), policy)
else:
LOG.error(_LE("Unexpected error occurred: %s"), details)
return
LOG.info(_LI("Switch value after update: %s"), switch)
else:
LOG.info(_LI("Current switch value is: %s"), switch)
LOG.error(
_LE("Invalid teaming policy. "
"Add --property teamingpolicy=<policy>"))
LOG.error(_LE("Possible values: %s"), ', '.join(supported_policies))
def create_redis_rule(resource, event, trigger, **kwargs):
usage = ("nsxadmin -r routing-redistribution-rule -o create "
"--property gw-edge-ids=<GW_EDGE_ID>[,...] "
"[--property prefix=<NAME:CIDR>] "
"--property learn-from=ospf,bgp,connected,static "
"--property action=<permit/deny>")
required_params = ('gw-edge-ids', 'learn-from', 'action')
properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', []))
if not properties or not set(required_params) <= set(properties.keys()):
LOG.error(usage)
return
prefix = properties.get('prefix')
if prefix:
prefix_name, cidr = prefix.split(':')
prefixes = [get_ip_prefix(prefix_name, cidr)] if cidr else []
else:
prefix_name = None
prefixes = []
learn_from = properties['learn-from'].split(',')
rule = get_redistribution_rule(prefix_name,
'bgp' in learn_from,
'ospf' in learn_from,
'static' in learn_from,
'connected' in learn_from,
properties['action'])
edge_ids = properties['gw-edge-ids'].split(',')
for edge_id in edge_ids:
try:
bgp_config = nsxv.get_routing_bgp_config(edge_id)
if not bgp_config['bgp'].get('enabled'):
LOG.error("BGP is not enabled on edge %s", edge_id)
return
if not bgp_config['bgp']['redistribution']['enabled']:
LOG.error("BGP redistribution is not enabled on edge %s",
edge_id)
return
nsxv.add_bgp_redistribution_rules(edge_id, prefixes, [rule])
except exceptions.ResourceNotFound:
LOG.error("Edge %s was not found", edge_id)
return
res = [{'edge_id': edge_id,
'prefix': prefix_name if prefix_name else 'ANY',
'learner-protocol': 'bgp',
'learn-from': ', '.join(set(learn_from)),
'action': properties['action']} for edge_id in edge_ids]
headers = ['edge_id', 'prefix', 'learner-protocol', 'learn-from', 'action']
LOG.info(formatters.output_formatter(
'Routing redistribution rule', res, headers))
def nsx_update_edge(resource, event, trigger, **kwargs):
"""Update edge properties"""
usage_msg = ("Need to specify edge-id parameter and "
"attribute to update. Add --property edge-id=<edge-id> "
"and --property highavailability=<True/False> or "
"--property size=<size> or --property appliances=True. "
"\nFor syslog, add --property syslog-server=<ip>|none and "
"(optional) --property syslog-server2=<ip> and/or "
"(optional) --property syslog-proto=[tcp/udp] "
"\nFor log levels, add --property [routing|dhcp|dns|"
"highavailability|loadbalancer]-log-level="
"[debug|info|warning|error]. To set log level for all "
"modules, add --property log-level=<level> "
"\nFor edge reservations, add "
"--property resource=cpu|memory and "
"(optional) --property limit=<limit> and/or "
"(optional) --property shares=<shares> and/or "
"(optional) --property reservation=<reservation> "
"\nFor hostgroup updates, add "
"--property hostgroup=update/all/clean")
if not kwargs.get('property'):
LOG.error(usage_msg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
if (not properties.get('edge-id') and
not properties.get('hostgroup', '').lower() == "all" and
not properties.get('hostgroup', '').lower() == "clean"):
LOG.error("Need to specify edge-id. "
"Add --property edge-id=<edge-id>")
return
LOG.info("Updating NSXv edge: %(edge)s with properties\n%(prop)s",
{'edge': properties.get('edge-id'), 'prop': properties})
if properties.get('highavailability'):
change_edge_ha(properties['highavailability'].lower() == "true",
properties['edge-id'])
elif properties.get('size'):
change_edge_appliance_size(properties)
elif (properties.get('appliances') and
properties.get('appliances').lower() == "true"):
change_edge_appliance(properties['edge-id'])
elif properties.get('syslog-server'):
if (properties.get('syslog-server').lower() == "none"):
delete_edge_syslog(properties['edge-id'])
else:
change_edge_syslog(properties)
elif properties.get('resource'):
change_edge_appliance_reservations(properties)
elif properties.get('hostgroup'):
change_edge_hostgroup(properties)
elif change_edge_loglevel(properties):
pass
else:
# no attribute was specified
LOG.error(usage_msg)
def _get_dhcp_profile_uuid(**kwargs):
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
dhcp_profile_uuid = properties.get('dhcp_profile_uuid')
if dhcp_profile_uuid:
return dhcp_profile_uuid
nsxlib = utils.get_connected_nsxlib()
if cfg.CONF.nsx_v3.dhcp_profile:
return nsxlib.native_dhcp_profile.get_id_by_name_or_id(
cfg.CONF.nsx_v3.dhcp_profile)
def nsx_update_metadata_proxy_server_ip(resource, event, trigger, **kwargs):
"""Update Metadata proxy server ip on the nsx."""
nsxlib = utils.get_connected_nsxlib()
nsx_version = nsxlib.get_version()
if not nsx_utils.is_nsx_version_1_1_0(nsx_version):
LOG.error("This utility is not available for NSX version %s",
nsx_version)
return
server_ip = None
az_name = nsx_az.DEFAULT_NAME
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
server_ip = properties.get('server-ip')
az_name = properties.get('availability-zone', az_name)
if not server_ip or not netaddr.valid_ipv4(server_ip):
LOG.error("Need to specify a valid server-ip parameter")
return
config.register_nsxv3_azs(cfg.CONF, cfg.CONF.nsx_v3.availability_zones)
if (az_name != nsx_az.DEFAULT_NAME
and az_name not in cfg.CONF.nsx_v3.availability_zones):
LOG.error("Availability zone %s was not found in the configuration",
az_name)
return
az = nsx_az.NsxV3AvailabilityZones().get_availability_zone(az_name)
az.translate_configured_names_to_uuids(nsxlib)
if (not az.metadata_proxy or not cfg.CONF.nsx_v3.native_dhcp_metadata):
LOG.error(
"Native DHCP metadata is not enabled in the configuration "
"of availability zone %s", az_name)
return
metadata_proxy_uuid = az._native_md_proxy_uuid
try:
mdproxy = nsxlib.native_md_proxy.get(metadata_proxy_uuid)
except nsx_exc.ResourceNotFound:
LOG.error("metadata proxy %s not found", metadata_proxy_uuid)
return
# update the IP in the URL
url = mdproxy.get('metadata_server_url')
url = re.sub(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', server_ip, url)
LOG.info(
"Updating the URL of the metadata proxy server %(uuid)s to "
"%(url)s", {
'uuid': metadata_proxy_uuid,
'url': url
})
nsxlib.native_md_proxy.update(metadata_proxy_uuid, server_url=url)
LOG.info("Done.")
def nsx_recreate_dhcp_edge(resource, event, trigger, **kwargs):
"""Recreate a dhcp edge with all the networks on a new NSXv edge"""
usage_msg = ("Need to specify edge-id or net-id parameter")
if not kwargs.get('property'):
LOG.error(usage_msg)
return
# input validation
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
old_edge_id = properties.get('edge-id')
if not old_edge_id:
# if the net-id property exist - recreate the edge for this network
net_id = properties.get('net-id')
if net_id:
nsx_recreate_dhcp_edge_by_net_id(net_id)
return
LOG.error(usage_msg)
return
LOG.info("ReCreating NSXv Edge: %s", old_edge_id)
context = n_context.get_admin_context()
# verify that this is a DHCP edge
bindings = nsxv_db.get_nsxv_router_bindings_by_edge(
context.session, old_edge_id)
if (not bindings or
not bindings[0]['router_id'].startswith(
nsxv_constants.DHCP_EDGE_PREFIX)):
LOG.error("Edge %(edge_id)s is not a DHCP edge",
{'edge_id': old_edge_id})
return
# init the plugin and edge manager
cfg.CONF.set_override('core_plugin',
'vmware_nsx.shell.admin.plugins.nsxv.resources'
'.utils.NsxVPluginWrapper')
with utils.NsxVPluginWrapper() as plugin:
nsxv_manager = vcns_driver.VcnsDriver(
edge_utils.NsxVCallbacks(plugin))
edge_manager = edge_utils.EdgeManager(nsxv_manager, plugin)
# find the networks bound to this DHCP edge
networks_binding = nsxv_db.get_edge_vnic_bindings_by_edge(
context.session, old_edge_id)
network_ids = [binding['network_id'] for binding in networks_binding]
# Delete the old edge
delete_old_dhcp_edge(context, old_edge_id, bindings)
# Move all the networks to other (new or existing) edge
for net_id in network_ids:
recreate_network_dhcp(context, plugin, edge_manager,
old_edge_id, net_id)
def nsx_recreate_dhcp_edge(resource, event, trigger, **kwargs):
"""Recreate a dhcp edge with all the networks on a new NSXv edge"""
usage_msg = ("Need to specify edge-id or net-id parameter")
if not kwargs.get('property'):
LOG.error(usage_msg)
return
# input validation
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
old_edge_id = properties.get('edge-id')
if not old_edge_id:
# if the net-id property exist - recreate the edge for this network
net_id = properties.get('net-id')
if net_id:
nsx_recreate_dhcp_edge_by_net_id(net_id)
return
LOG.error(usage_msg)
return
LOG.info("ReCreating NSXv Edge: %s", old_edge_id)
context = n_context.get_admin_context()
# verify that this is a DHCP edge
bindings = nsxv_db.get_nsxv_router_bindings_by_edge(
context.session, old_edge_id)
if (not bindings or not bindings[0]['router_id'].startswith(
nsxv_constants.DHCP_EDGE_PREFIX)):
LOG.error("Edge %(edge_id)s is not a DHCP edge",
{'edge_id': old_edge_id})
return
# init the plugin and edge manager
cfg.CONF.set_override(
'core_plugin', 'vmware_nsx.shell.admin.plugins.nsxv.resources'
'.utils.NsxVPluginWrapper')
with utils.NsxVPluginWrapper() as plugin:
nsxv_manager = vcns_driver.VcnsDriver(edge_utils.NsxVCallbacks(plugin))
edge_manager = edge_utils.EdgeManager(nsxv_manager, plugin)
# find the networks bound to this DHCP edge
networks_binding = nsxv_db.get_edge_vnic_bindings_by_edge(
context.session, old_edge_id)
network_ids = [binding['network_id'] for binding in networks_binding]
# Delete the old edge
delete_old_dhcp_edge(context, old_edge_id, bindings)
# Move all the networks to other (new or existing) edge
for net_id in network_ids:
recreate_network_dhcp(context, plugin, edge_manager, old_edge_id,
net_id)
def update_security_groups_logging(resource, event, trigger, **kwargs):
"""Update allowed traffic logging for all neutron security group rules"""
errmsg = ("Need to specify log-allowed-traffic property. Add --property "
"log-allowed-traffic=true/false")
if not kwargs.get('property'):
LOG.error("%s", errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
log_allowed_str = properties.get('log-allowed-traffic')
if not log_allowed_str or log_allowed_str.lower() not in ['true', 'false']:
LOG.error("%s", errmsg)
return
log_allowed = log_allowed_str.lower() == 'true'
context = n_context.get_admin_context()
with utils.NsxVPluginWrapper() as plugin:
vcns = plugin.nsx_v.vcns
sg_utils = plugin. nsx_sg_utils
# If the section/sg is already logged, then no action is
# required.
security_groups = plugin.get_security_groups(context)
LOG.info("Going to update logging of %s sections",
len(security_groups))
for sg in [sg for sg in plugin.get_security_groups(context)
if sg.get(sg_logging.LOGGING) is False]:
if sg.get(sg_policy.POLICY):
# Logging is not relevant with a policy
continue
section_uri = plugin._get_section_uri(context.session,
sg['id'])
if section_uri is None:
continue
# Section/sg is not logged, update rules logging according
# to the 'log_security_groups_allowed_traffic' config
# option.
try:
h, c = vcns.get_section(section_uri)
section = sg_utils.parse_section(c)
section_needs_update = sg_utils.set_rules_logged_option(
section, log_allowed)
if section_needs_update:
vcns.update_section(section_uri,
sg_utils.to_xml_string(section), h)
except Exception as exc:
LOG.error('Unable to update security group %(sg)s '
'section for logging. %(e)s',
{'e': exc, 'sg': sg['id']})
def delete_bgp_gw(resource, event, trigger, **kwargs):
usage = ("nsxadmin -r bgp-gw-edge -o delete "
"--property gw-edge-id=<EDGE_ID>")
required_params = ('gw-edge-id', )
properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', []))
if not properties or not set(required_params) <= set(properties.keys()):
LOG.error(usage)
return
edge_id = properties['gw-edge-id']
try:
nsxv.vcns.delete_edge(edge_id)
except Exception:
LOG.error("Failed to delete edge %s", edge_id)
return
def delete_bgp_gw(resource, event, trigger, **kwargs):
usage = ("nsxadmin -r bgp-gw-edge -o delete "
"--property gw-edge-id=<EDGE_ID>")
required_params = ('gw-edge-id', )
properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', []))
if not properties or not set(required_params) <= set(properties.keys()):
LOG.error(usage)
return
edge_id = properties['gw-edge-id']
try:
nsxv.vcns.delete_edge(edge_id)
except Exception:
LOG.error("Failed to delete edge %s", edge_id)
return
def generate_cert(resource, event, trigger, **kwargs):
"""Generate self signed client certificate and private key
"""
if not verify_client_cert_on():
return
if cfg.CONF.nsx_v3.nsx_client_cert_storage.lower() == "none":
LOG.info("Generate operation is not supported "
"with storage type 'none'")
return
# update cert defaults based on user input
properties = CERT_DEFAULTS.copy()
if kwargs.get('property'):
properties.update(
admin_utils.parse_multi_keyval_opt(kwargs['property']))
try:
prop = 'key-size'
key_size = int(properties.get(prop))
prop = 'valid-days'
valid_for_days = int(properties.get(prop))
except ValueError:
LOG.info("%s property must be a number", prop)
return
signature_alg = properties.get('sig-alg')
# TODO(annak): use nsxlib constants when they land
subject = {}
subject['country'] = properties.get('country')
subject['state'] = properties.get('state')
subject['organization'] = properties.get('org')
subject['unit'] = properties.get('org')
subject['hostname'] = properties.get('host')
with get_certificate_manager(**kwargs) as cert:
if cert.exists():
LOG.info("Deleting existing certificate")
# Need to delete cert first
cert.delete()
try:
cert.generate(subject, key_size, valid_for_days, signature_alg)
except exceptions.InvalidInput as e:
LOG.info(e)
return
LOG.info("Client certificate generated succesfully")
def delete_backend_network(resource, event, trigger, **kwargs):
"""Delete a backend network by its moref
"""
errmsg = ("Need to specify moref property. Add --property moref=<moref>")
if not kwargs.get('property'):
LOG.error("%s", errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
moref = properties.get('moref')
if not moref:
LOG.error("%s", errmsg)
return
backend_name = get_networks_name_map().get(moref)
if not backend_name:
LOG.error("Failed to find the backend network %(moref)s",
{'moref': moref})
return
# Note: in case the backend network is attached to other backend objects,
# like VM, the deleting may fail and through an exception
nsxv = utils.get_nsxv_client()
if moref.startswith(PORTGROUP_PREFIX):
# get the dvs id from the backend name:
dvs_id = get_dvs_id_from_backend_name(backend_name)
if not dvs_id:
LOG.error("Failed to find the DVS id of backend network "
"%(moref)s", {'moref': moref})
else:
try:
nsxv.delete_port_group(dvs_id, moref)
except Exception as e:
LOG.error("Failed to delete backend network %(moref)s : "
"%(e)s", {'moref': moref, 'e': e})
else:
LOG.info("Backend network %(moref)s was deleted",
{'moref': moref})
else:
# Virtual wire
try:
nsxv.delete_virtual_wire(moref)
except Exception as e:
LOG.error("Failed to delete backend network %(moref)s : "
"%(e)s", {'moref': moref, 'e': e})
else:
LOG.info("Backend network %(moref)s was deleted",
{'moref': moref})
def nsx_update_switch(resource, event, trigger, **kwargs):
nsxv = utils.get_nsxv_client()
if not kwargs.get('property'):
LOG.error("Need to specify dvs-id parameter and "
"attribute to update. Add --property dvs-id=<dvs-id> "
"--property teamingpolicy=<policy>")
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
dvs_id = properties.get('dvs-id')
if not dvs_id:
LOG.error("Need to specify dvs-id. "
"Add --property dvs-id=<dvs-id>")
return
try:
h, switch = nsxv.get_vdn_switch(dvs_id)
except exceptions.ResourceNotFound:
LOG.error("DVS %s not found", dvs_id)
return
supported_policies = ['ETHER_CHANNEL', 'LOADBALANCE_LOADBASED',
'LOADBALANCE_SRCID', 'LOADBALANCE_SRCMAC',
'FAILOVER_ORDER', 'LACP_ACTIVE', 'LACP_PASSIVE',
'LACP_V2']
policy = properties.get('teamingpolicy')
if policy in supported_policies:
if switch['teamingPolicy'] == policy:
LOG.info("Policy already set!")
return
LOG.info("Updating NSXv switch %(dvs)s teaming policy to "
"%(policy)s", {'dvs': dvs_id, 'policy': policy})
switch['teamingPolicy'] = policy
try:
switch = nsxv.update_vdn_switch(switch)
except exceptions.VcnsApiException as e:
desc = jsonutils.loads(e.response)
details = desc.get('details')
if details.startswith("No enum constant"):
LOG.error("Unknown teaming policy %s", policy)
else:
LOG.error("Unexpected error occurred: %s", details)
return
LOG.info("Switch value after update: %s", switch)
else:
LOG.info("Current switch value is: %s", switch)
LOG.error("Invalid teaming policy. "
"Add --property teamingpolicy=<policy>")
LOG.error("Possible values: %s", ', '.join(supported_policies))
def nsx_recreate_dhcp_server(resource, event, trigger, **kwargs):
"""Recreate DHCP server & binding for a neutron network"""
if not cfg.CONF.nsx_v3.native_dhcp_metadata:
LOG.error("Native DHCP is disabled.")
return
errmsg = ("Need to specify net-id property. Add --property net-id=<id>")
if not kwargs.get('property'):
LOG.error("%s", errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
net_id = properties.get('net-id')
if not net_id:
LOG.error("%s", errmsg)
return
context = neutron_context.get_admin_context()
with utils.NsxV3PluginWrapper() as plugin:
# verify that this is an existing network with dhcp enabled
try:
network = plugin._get_network(context, net_id)
except exceptions.NetworkNotFound:
LOG.error("Network %s was not found", net_id)
return
if plugin._has_no_dhcp_enabled_subnet(context, network):
LOG.error("Network %s has no DHCP enabled subnet", net_id)
return
dhcp_relay = plugin.get_network_az_by_net_id(
context, net_id).dhcp_relay_service
if dhcp_relay:
LOG.error("Native DHCP should not be enabled with dhcp relay")
return
# find the dhcp subnet of this network
subnet_id = None
for subnet in network.subnets:
if subnet.enable_dhcp:
subnet_id = subnet.id
break
if not subnet_id:
LOG.error("Network %s has no DHCP enabled subnet", net_id)
return
dhcp_subnet = plugin.get_subnet(context, subnet_id)
# disable and re-enable the dhcp
plugin._enable_native_dhcp(context, network, dhcp_subnet)
LOG.info("Done.")
def nsx_update_dhcp_edge_binding(resource, event, trigger, **kwargs):
"""Resync DHCP bindings on NSXv Edge"""
if not kwargs['property']:
LOG.error(_LE("Need to specify edge-id parameter"))
return
else:
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
LOG.info(_LI("Updating NSXv Edge: %s"), properties.get('edge-id'))
# Need to create a NeutronDbPlugin object; so that we are able to
# do neutron list-ports.
plugin = db_base_plugin_v2.NeutronDbPluginV2()
nsxv_manager = vcns_driver.VcnsDriver(
edge_utils.NsxVCallbacks(plugin))
edge_manager = edge_utils.EdgeManager(nsxv_manager, plugin)
edge_manager.update_dhcp_service_config(
neutron_db.context, properties.get('edge-id'))
def delete_backend_router(resource, event, trigger, **kwargs):
nsxlib = utils.get_connected_nsxlib()
errmsg = ("Need to specify nsx-id property. Add --property nsx-id=<id>")
if not kwargs.get('property'):
LOG.error("%s", errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
nsx_id = properties.get('nsx-id')
if not nsx_id:
LOG.error("%s", errmsg)
return
# check if the router exists
try:
nsxlib.logical_router.get(nsx_id, silent=True)
except nsx_exc.ResourceNotFound:
# prevent logger from logging this exception
sys.exc_clear()
LOG.warning("Backend router %s was not found.", nsx_id)
return
# try to delete it
try:
# first delete its ports
ports = nsxlib.logical_router_port.get_by_router_id(nsx_id)
for port in ports:
nsxlib.logical_router_port.delete(port['id'])
nsxlib.logical_router.delete(nsx_id)
except Exception as e:
LOG.error("Failed to delete backend router %(id)s : %(e)s.", {
'id': nsx_id,
'e': e
})
return
# Verify that the router was deleted since the backend does not always
# throws errors
try:
nsxlib.logical_router.get(nsx_id, silent=True)
except nsx_exc.ResourceNotFound:
# prevent logger from logging this exception
sys.exc_clear()
LOG.info("Backend router %s was deleted.", nsx_id)
else:
LOG.error("Failed to delete backend router %s.", nsx_id)
def nsx_update_edge(resource, event, trigger, **kwargs):
"""Update edge properties"""
if not kwargs.get('property'):
LOG.error(_LE("Need to specify edge-id parameter and "
"attribute to update. Add --property edge-id=<edge-id> "
"--property highavailability=True"))
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
if not properties.get('edge-id'):
LOG.error(_LE("Need to specify edge-id. "
"Add --property edge-id=<edge-id>"))
return
LOG.info(_LI("Updating NSXv edge: %(edge)s with properties\n%(prop)s"),
{'edge': properties.get('edge-id'), 'prop': properties})
if properties.get('highavailability'):
change_edge_ha(properties)
elif properties.get('size'):
change_edge_appliance_size(properties)
def nsx_clean_backup_edge(resource, event, trigger, **kwargs):
"""Delete backup edge"""
errmsg = ("Need to specify edge-id property. Add --property "
"edge-id=<edge-id>")
if not kwargs.get('property'):
LOG.error(_LE("%s"), errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
edge_id = properties.get('edge-id')
if not edge_id:
LOG.error(_LE("%s"), errmsg)
return
try:
edge = nsxv.get_edge(edge_id)
except exceptions.NeutronException as x:
LOG.error(_LE("%s"), str(x))
else:
# edge[0] is response status code
# edge[1] is response body
backup_edges = [e['id'] for e in get_nsxv_backup_edges()]
if (not edge[1]['name'].startswith('backup-')
or edge[1]['id'] not in backup_edges):
LOG.error(_LE('Edge: %s is not a backup edge; aborting delete'),
edge_id)
return
confirm = admin_utils.query_yes_no("Do you want to delete edge: %s" %
edge_id,
default="no")
if not confirm:
LOG.info(_LI("Backup edge deletion aborted by user"))
return
try:
with locking.LockManager.get_lock(edge_id):
# Delete from NSXv backend
nsxv.delete_edge(edge_id)
# Remove bindings from Neutron DB
edgeapi = utils.NeutronDbClient()
nsxv_db.delete_nsxv_router_binding(edgeapi.context.session,
edge[1]['name'])
nsxv_db.clean_edge_vnic_binding(edgeapi.context.session,
edge_id)
except Exception as expt:
LOG.error(_LE("%s"), str(expt))
def nsx_clean_backup_edge(resource, event, trigger, **kwargs):
"""Delete backup edge"""
errmsg = ("Need to specify edge-id property. Add --property "
"edge-id=<edge-id>")
if not kwargs.get('property'):
LOG.error(_LE("%s"), errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
edge_id = properties.get('edge-id')
if not edge_id:
LOG.error(_LE("%s"), errmsg)
return
try:
edge = nsxv.get_edge(edge_id)
except exceptions.NeutronException as e:
LOG.error(_LE("%s"), str(e))
else:
# edge[0] is response status code
# edge[1] is response body
backup_edges = [e['id'] for e in get_nsxv_backup_edges()]
if (not edge[1]['name'].startswith('backup-')
or edge[1]['id'] not in backup_edges):
LOG.error(
_LE('Edge: %s is not a backup edge; aborting delete'), edge_id)
return
confirm = admin_utils.query_yes_no(
"Do you want to delete edge: %s" % edge_id, default="no")
if not confirm:
LOG.info(_LI("Backup edge deletion aborted by user"))
return
try:
with locking.LockManager.get_lock(edge_id):
# Delete from NSXv backend
nsxv.delete_edge(edge_id)
# Remove bindings from Neutron DB
edgeapi = utils.NeutronDbClient()
nsxv_db.delete_nsxv_router_binding(
edgeapi.context.session, edge[1]['name'])
nsxv_db.clean_edge_vnic_binding(edgeapi.context.session,
edge_id)
except Exception as e:
LOG.error(_LE("%s"), str(e))
def remove_bgp_neighbour(resource, event, trigger, **kwargs):
usage = ("nsxadmin -r bgp-neighbour -o delete "
"--property gw-edge-ids=<GW_EDGE_ID>[,...] "
"--property ip-address=<IP_ADDRESS>")
required_params = ('gw-edge-ids', 'ip-address')
properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', []))
if not properties or not set(required_params) <= set(properties.keys()):
LOG.error(usage)
return
nbr = nsxv_bgp.gw_bgp_neighbour(properties['ip-address'], '', '')
edge_ids = properties['gw-edge-ids'].split(',')
for edge_id in edge_ids:
try:
nsxv.remove_bgp_neighbours(edge_id, [nbr])
except exceptions.ResourceNotFound:
LOG.error("Edge %s was not found", edge_id)
return
def remove_bgp_neighbour(resource, event, trigger, **kwargs):
usage = ("nsxadmin -r bgp-neighbour -o delete "
"--property gw-edge-ids=<GW_EDGE_ID>[,...] "
"--property ip-address=<IP_ADDRESS>")
required_params = ('gw-edge-ids', 'ip-address')
properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', []))
if not properties or not set(required_params) <= set(properties.keys()):
LOG.error(usage)
return
nbr = nsxv_bgp.gw_bgp_neighbour(properties['ip-address'], '', '')
edge_ids = properties['gw-edge-ids'].split(',')
for edge_id in edge_ids:
try:
nsxv.remove_bgp_neighbours(edge_id, [nbr])
except exceptions.ResourceNotFound:
LOG.error("Edge %s was not found", edge_id)
return
def nsx_list_mismatch_addresses(resource, event, trigger, **kwargs):
"""List missing spoofguard policies approved addresses on NSXv.
Address pairs defined on neutron compute ports that are missing from the
NSX-V spoofguard policy of a specific/all networks.
"""
network_id = None
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
network_id = properties.get('network')
spgapi = utils.NeutronDbClient()
if network_id:
policy_id = nsxv_db.get_spoofguard_policy_id(spgapi.context.session,
network_id)
if not policy_id:
LOG.error(
"Could not find spoofguard policy for neutron network "
"%s", network_id)
return
with utils.NsxVPluginWrapper() as plugin:
missing_data = nsx_list_mismatch_addresses_for_net(
spgapi.context, plugin, network_id, policy_id)
else:
with utils.NsxVPluginWrapper() as plugin:
missing_data = []
# Go over all the networks with spoofguard policies
mappings = get_spoofguard_policy_network_mappings()
for entry in mappings:
missing_data.extend(
nsx_list_mismatch_addresses_for_net(
spgapi.context, plugin, entry['network_id'],
entry['policy_id']))
if missing_data:
LOG.info(
formatters.output_formatter(constants.SPOOFGUARD_POLICY,
missing_data,
['network', 'policy', 'port', 'data']))
else:
LOG.info("No mismatches found.")
def delete_redis_rule(resource, event, trigger, **kwargs):
usage = ("nsxadmin -r routing-redistribution-rule -o delete "
"--property gw-edge-ids=<GW_EDGE_ID>[,...]"
"[--property prefix-name=<NAME>]")
required_params = ('gw-edge-ids', )
properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', []))
if not properties or not set(required_params) <= set(properties.keys()):
LOG.error(usage)
return
edge_ids = properties['gw-edge-ids'].split(',')
# If no prefix-name is given then remove rules configured with default
# prefix.
prefixes = [properties.get('prefix-name')]
for edge_id in edge_ids:
try:
nsxv.remove_bgp_redistribution_rules(edge_id, prefixes)
except exceptions.ResourceNotFound:
LOG.error("Edge %s was not found", edge_id)
return
def nsx_redo_metadata_cfg(resource, event, trigger, **kwargs):
properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property'))
edgeapi = utils.NeutronDbClient()
plugin = utils.NsxVPluginWrapper()
edge_id = properties.get('edge-id')
if properties:
if edge_id:
nsx_redo_metadata_cfg_for_edge(edgeapi.context, plugin, edge_id)
return
else:
# if the net-id property exist - recreate the edge for this network
az_name = properties.get('az-name')
if az_name:
nsx_redo_metadata_cfg_for_az(edgeapi.context, plugin, az_name)
return
LOG.error('Cannot parse properties %s', properties)
return
nsx_redo_metadata_cfg_all(edgeapi.context, plugin)
def nsx_recreate_router_or_edge(resource, event, trigger, **kwargs):
"""Recreate a router edge with all the data on a new NSXv edge"""
if not kwargs.get('property'):
LOG.error("Need to specify edge-id or router-id parameter")
return
# input validation
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
old_edge_id = properties.get('edge-id')
router_id = properties.get('router-id')
if (not old_edge_id and not router_id) or (old_edge_id and router_id):
LOG.error("Need to specify edge-id or router-id parameter")
return
if old_edge_id:
LOG.info("ReCreating NSXv Router Edge: %s", old_edge_id)
return nsx_recreate_router_edge(old_edge_id)
else:
LOG.info("ReCreating NSXv Router: %s", router_id)
return nsx_recreate_router(router_id)
def nsx_update_dhcp_edge_binding(resource, event, trigger, **kwargs):
"""Resync DHCP bindings on NSXv Edge"""
if not kwargs['property']:
LOG.error(_LE("Need to specify edge-id parameter"))
return
else:
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
edge_id = properties.get('edge-id')
LOG.info(_LI("Updating NSXv Edge: %s"), edge_id)
# Need to create a NeutronDbPlugin object; so that we are able to
# do neutron list-ports.
plugin = db_base_plugin_v2.NeutronDbPluginV2()
nsxv_manager = vcns_driver.VcnsDriver(edge_utils.NsxVCallbacks(plugin))
edge_manager = edge_utils.EdgeManager(nsxv_manager, plugin)
try:
edge_manager.update_dhcp_service_config(neutron_db.context,
edge_id)
except exceptions.ResourceNotFound:
LOG.error(_LE("Edge %s not found"), edge_id)
def import_projects(resource, event, trigger, **kwargs):
"""Import existing openstack projects to the current plugin"""
# TODO(asarfaty): get the projects list from keystone
# get the plugin name from the user
if not kwargs.get('property'):
LOG.error("Need to specify plugin and project parameters")
return
else:
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
plugin = properties.get('plugin')
project = properties.get('project')
if not plugin or not project:
LOG.error("Need to specify plugin and project parameters")
return
if plugin not in projectpluginmap.VALID_TYPES:
LOG.error("The supported plugins are %s", projectpluginmap.VALID_TYPES)
return
ctx = n_context.get_admin_context()
if not db.get_project_plugin_mapping(ctx.session, project):
db.add_project_plugin_mapping(ctx.session, project, plugin)
def nsx_list_mismatch_addresses(resource, event, trigger, **kwargs):
"""List missing spoofguard policies approved addresses on NSXv.
Address pairs defined on neutron compute ports that are missing from the
NSX-V spoofguard policy of a specific/all networks.
"""
network_id = None
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
network_id = properties.get('network')
spgapi = utils.NeutronDbClient()
if network_id:
policy_id = nsxv_db.get_spoofguard_policy_id(
spgapi.context.session, network_id)
if not policy_id:
LOG.error("Could not find spoofguard policy for neutron network "
"%s", network_id)
return
with utils.NsxVPluginWrapper() as plugin:
missing_data = nsx_list_mismatch_addresses_for_net(
spgapi.context, plugin, network_id, policy_id)
else:
with utils.NsxVPluginWrapper() as plugin:
missing_data = []
# Go over all the networks with spoofguard policies
mappings = get_spoofguard_policy_network_mappings()
for entry in mappings:
missing_data.extend(nsx_list_mismatch_addresses_for_net(
spgapi.context, plugin, entry['network_id'],
entry['policy_id']))
if missing_data:
LOG.info(formatters.output_formatter(
constants.SPOOFGUARD_POLICY, missing_data,
['network', 'policy', 'port', 'data']))
else:
LOG.info("No mismatches found.")
def delete_backend_network(resource, event, trigger, **kwargs):
errmsg = ("Need to specify nsx-id property. Add --property nsx-id=<id>")
if not kwargs.get('property'):
LOG.error("%s", errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
nsx_id = properties.get('nsx-id')
if not nsx_id:
LOG.error("%s", errmsg)
return
nsxlib = utils.get_connected_nsxlib()
# check if the network exists
try:
nsxlib.logical_switch.get(nsx_id, silent=True)
except nsx_exc.ResourceNotFound:
# prevent logger from logging this exception
sys.exc_clear()
LOG.warning("Backend network %s was not found.", nsx_id)
return
# try to delete it
try:
nsxlib.logical_switch.delete(nsx_id)
except Exception as e:
LOG.error("Failed to delete backend network %(id)s : %(e)s.", {
'id': nsx_id, 'e': e})
return
# Verify that the network was deleted since the backend does not always
# through errors
try:
nsxlib.logical_switch.get(nsx_id, silent=True)
except nsx_exc.ResourceNotFound:
# prevent logger from logging this exception
sys.exc_clear()
LOG.info("Backend network %s was deleted.", nsx_id)
else:
LOG.error("Failed to delete backend network %s.", nsx_id)
def add_bgp_neighbour(resource, event, trigger, **kwargs):
usage = ("nsxadmin -r bgp-neighbour -o create "
"--property gw-edge-ids=<GW_EDGE_ID>[,...] "
"--property ip-address=<IP_ADDRESS> "
"--property remote-as=<AS_NUMBER> "
"--property password=<PASSWORD>")
required_params = ('gw-edge-ids', 'ip-address', 'remote-as', 'password')
properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', []))
if not properties or not set(required_params) <= set(properties.keys()):
LOG.error(usage)
return
remote_as = properties['remote-as']
if not _validate_asn(remote_as):
return
nbr = nsxv_bgp.gw_bgp_neighbour(properties['ip-address'],
properties['remote-as'],
properties['password'])
edge_ids = properties['gw-edge-ids'].split(',')
for edge_id in edge_ids:
try:
nsxv.add_bgp_neighbours(edge_id, [nbr])
except exceptions.ResourceNotFound:
LOG.error("Edge %s was not found", edge_id)
return
res = [{'edge_id': edge_id,
'ip_address': properties['ip-address'],
'remote_as': properties['remote-as'],
'hold_down_timer': cfg.CONF.nsxv.bgp_neighbour_hold_down_timer,
'keep_alive_timer': cfg.CONF.nsxv.bgp_neighbour_keep_alive_timer}
for edge_id in edge_ids]
headers = ['edge_id', 'ip_address', 'remote_as',
'hold_down_timer', 'keep_alive_timer']
LOG.info(formatters.output_formatter('New BPG neighbour',
res, headers))
def nsx_rate_limit_update(resource, event, trigger, **kwargs):
"""Set the NSX rate limit
The default value is 40. 0 means no limit
"""
nsxlib = utils.get_connected_nsxlib()
if not nsxlib.feature_supported(nsx_constants.FEATURE_RATE_LIMIT):
LOG.error("This utility is not available for NSX version %s",
nsxlib.get_version())
return
rate_limit = None
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
rate_limit = properties.get('value', None)
if rate_limit is None or not rate_limit.isdigit():
usage = ("nsxadmin -r rate-limit -o nsx-update "
"--property value=<new limit>")
LOG.error("Missing parameters. Usage: %s", usage)
return
nsxlib.http_services.update_rate_limit(rate_limit)
LOG.info("NSX rate limit was updated to %s", rate_limit)
def nsx_update_dhcp_edge_binding(resource, event, trigger, **kwargs):
"""Resync DHCP bindings on NSXv Edge"""
if not kwargs.get('property'):
LOG.error("Need to specify edge-id parameter")
return
else:
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
edge_id = properties.get('edge-id')
if not edge_id:
LOG.error("Need to specify edge-id parameter")
return
LOG.info("Updating NSXv Edge: %s", edge_id)
# Need to create a plugin object; so that we are able to
# do neutron list-ports.
with utils.NsxVPluginWrapper() as plugin:
nsxv_manager = vcns_driver.VcnsDriver(
edge_utils.NsxVCallbacks(plugin))
edge_manager = edge_utils.EdgeManager(nsxv_manager, plugin)
try:
edge_manager.update_dhcp_service_config(
neutron_db.context, edge_id)
except exceptions.ResourceNotFound:
LOG.error("Edge %s not found", edge_id)
def nsx_update_edges(resource, event, trigger, **kwargs):
"""Update all edges with the given property"""
if not kwargs.get('property'):
usage_msg = ("Need to specify a property to update all edges. "
"Add --property appliances=<True/False>")
LOG.error(usage_msg)
return
edges = utils.get_nsxv_backend_edges()
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
result = 0
for edge in edges:
if properties.get('appliances', 'false').lower() == "true":
try:
change_edge_appliance(edge.get('edge-id'))
except Exception as e:
result += 1
LOG.error("Failed to update edge %(edge)s. Exception: "
"%(e)s", {'edge': edge.get('edge-id'),
'e': str(e)})
if result > 0:
total = len(edges)
LOG.error("%(result)s of %(total)s edges failed "
"to update.", {'result': result, 'total': total})
def nsx_fix_mismatch_addresses(resource, event, trigger, **kwargs):
"""Fix missing spoofguard policies approved addresses for a port."""
port_id = None
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
port_id = properties.get('port')
if not port_id:
usage_msg = ("Need to specify the id of the neutron port. "
"Add --property port=<port_id>")
LOG.error(usage_msg)
return
spgapi = utils.NeutronDbClient()
with utils.NsxVPluginWrapper() as plugin:
try:
port = plugin.get_port(spgapi.context, port_id)
except exceptions.PortNotFound:
LOG.error("Could not find neutron port %s", port_id)
return
vnic_id = get_port_vnic_id(plugin, port)
plugin._update_vnic_assigned_addresses(
spgapi.context.session, port, vnic_id)
LOG.info("Done.")
def nsx_fix_name_mismatch(resource, event, trigger, **kwargs):
errmsg = ("Need to specify edge-id property. Add --property "
"edge-id=<edge-id>")
if not kwargs.get('property'):
LOG.error(_LE("%s"), errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
edgeapi = utils.NeutronDbClient()
edge_id = properties.get('edge-id')
if not edge_id:
LOG.error(_LE("%s"), errmsg)
return
try:
# edge[0] is response status code
# edge[1] is response body
edge = nsxv.get_edge(edge_id)[1]
except exceptions.NeutronException as e:
LOG.error(_LE("%s"), str(e))
else:
if edge['name'].startswith('backup-'):
rtr_binding = nsxv_db.get_nsxv_router_binding_by_edge(
edgeapi.context.session, edge['id'])
if rtr_binding['router_id'] == edge['name']:
LOG.error(
_LE('Edge %s no mismatch with NSX'), edge_id)
return
try:
with locking.LockManager.get_lock(edge_id):
# Update edge at NSXv backend
if rtr_binding['router_id'].startswith('dhcp-'):
# Edge is a DHCP edge - just use router_id as name
edge['name'] = rtr_binding['router_id']
else:
# This is a router - if shared, prefix with 'shared-'
nsx_attr = (edgeapi.context.session.query(
nsxv_models.NsxvRouterExtAttributes).filter_by(
router_id=rtr_binding['router_id']).first())
if nsx_attr and nsx_attr['router_type'] == 'shared':
edge['name'] = ('shared-' + _uuid())[
:vcns_const.EDGE_NAME_LEN]
elif (nsx_attr
and nsx_attr['router_type'] == 'exclusive'):
rtr_db = (edgeapi.context.session.query(
l3_db.Router).filter_by(
id=rtr_binding['router_id']).first())
if rtr_db:
edge['name'] = (
rtr_db['name'][
:nsxv_constants.ROUTER_NAME_LENGTH -
len(rtr_db['id'])] +
'-' + rtr_db['id'])
else:
LOG.error(
_LE('No database entry for router id %s'),
rtr_binding['router_id'])
else:
LOG.error(
_LE('Could not determine the name for '
'Edge %s'), edge_id)
return
confirm = admin_utils.query_yes_no(
"Do you want to rename edge %s to %s" % (edge_id,
edge['name']),
default="no")
if not confirm:
LOG.info(_LI("Edge rename aborted by user"))
return
LOG.info(_LI("Edge rename started"))
# remove some keys that will fail the NSX transaction
edge_utils.remove_irrelevant_keys_from_edge_request(edge)
try:
LOG.error(_LE("Update edge..."))
nsxv.update_edge(edge_id, edge)
except Exception as e:
LOG.error(_LE("Update failed - %s"), (e))
except Exception as e:
LOG.error(_LE("%s"), str(e))
else:
LOG.error(
_LE('Edge %s has no backup prefix on NSX'), edge_id)
return
def migrate_compute_ports_vms(resource, event, trigger, **kwargs):
"""Update the VMs ports on the backend after migrating nsx-v -> nsx-v3
After using api_replay to migrate the neutron data from NSX-V to NSX-T
we need to update the VM ports to use OpaqueNetwork instead of
DistributedVirtualPortgroup
"""
# Connect to the DVS manager, using the configuration parameters
try:
vm_mng = dvs.VMManager()
except Exception as e:
LOG.error("Cannot connect to the DVS: Please update the [dvs] "
"section in the nsx.ini file: %s", e)
return
port_filters = {}
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
project = properties.get('project-id')
if project:
port_filters['project_id'] = [project]
net_name = properties.get('net-name', 'VM Network')
LOG.info("Common network name for migration %s", net_name)
host_moref = properties.get('host-moref')
# TODO(garyk): We can explore the option of passing the cluster
# moref then this will remove the need for the host-moref and the
# resource pool moref.
respool_moref = properties.get('respool-moref')
datastore_moref = properties.get('datastore-moref')
if not host_moref:
LOG.error("Unable to migrate with no host")
return
# Go over all the ports from the plugin
admin_cxt = neutron_context.get_admin_context()
with PortsPlugin() as plugin:
neutron_ports = plugin.get_ports(admin_cxt, filters=port_filters)
for port in neutron_ports:
# skip non compute ports
if (not port.get('device_owner').startswith(
const.DEVICE_OWNER_COMPUTE_PREFIX)):
continue
device_id = port.get('device_id')
# get the vm moref & spec from the DVS
vm_moref = vm_mng.get_vm_moref_obj(device_id)
vm_spec = vm_mng.get_vm_spec(vm_moref)
if not vm_spec:
LOG.error("Failed to get the spec of vm %s", device_id)
continue
# Go over the VM interfaces and check if it should be updated
update_spec = False
for prop in vm_spec.propSet:
if (prop.name == 'network' and
hasattr(prop.val, 'ManagedObjectReference')):
for net in prop.val.ManagedObjectReference:
if (net._type == 'DistributedVirtualPortgroup' or
net._type == 'Network'):
update_spec = True
if not update_spec:
LOG.info("No need to update the spec of vm %s", device_id)
continue
device = get_vm_network_device(vm_mng, vm_moref, port['mac_address'])
if device is None:
LOG.warning("No device with MAC address %s exists on the VM",
port['mac_address'])
continue
# Update interface to be common network
devices = [vm_mng.update_vm_network(device, name=net_name)]
LOG.info("Update instance %s to common network", device_id)
vm_mng.update_vm_interface(vm_moref, devices=devices)
LOG.info("Migrate instance %s to host %s", device_id, host_moref)
vm_mng.relocate_vm(vm_moref, host_moref=host_moref,
datastore_moref=datastore_moref,
respool_moref=respool_moref)
LOG.info("Update instance %s to opaque network", device_id)
device = get_vm_network_device(vm_mng, vm_moref, port['mac_address'])
vif_info = {'nsx_id': get_network_nsx_id(admin_cxt.session,
port['network_id']),
'iface_id': port['id']}
devices = [vm_mng.update_vm_opaque_spec(vif_info, device)]
vm_mng.update_vm_interface(vm_moref, devices=devices)
LOG.info("Instance %s successfully migrated!", device_id)
def migrate_v_project_to_t(resource, event, trigger, **kwargs):
"""Migrate 1 project from v to t with all its resources"""
# filter out the plugins INFO logging
# TODO(asarfaty): Consider this for all admin utils
LOG.logger.setLevel(logging.INFO)
logging.getLogger(None).logger.setLevel(logging.WARN)
# get the configuration: tenant + public network + from file flag
usage = ("Usage: nsxadmin -r projects -o %s --property project-id=<> "
"--property external-net=<NSX-T external network to be used> "
"<--property from-file=True>" %
shell.Operations.NSX_MIGRATE_V_V3.value)
if not kwargs.get('property'):
LOG.error("Missing parameters: %s", usage)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
project = properties.get('project-id')
ext_net_id = properties.get('external-net')
from_file = properties.get('from-file', 'false').lower() == "true"
# TODO(asarfaty): get files path
if not project:
LOG.error("Missing project-id parameter: %s", usage)
return
if not ext_net_id:
LOG.error("Missing external-net parameter: %s", usage)
return
# check if files exist in the current directory
try:
filename = get_resource_file_name(project, 'network')
file = open(filename, 'r')
if file.read():
if not from_file:
from_file = admin_utils.query_yes_no(
"Use existing resources files for this project?",
default="yes")
file.close()
except Exception:
sys.exc_clear()
if from_file:
LOG.error("Cannot run from file: files not found")
return
# validate tenant id and public network
ctx = n_context.get_admin_context()
mapping = db.get_project_plugin_mapping(ctx.session, project)
current_plugin = mapping.plugin
if not mapping:
LOG.error("Project %s is unknown", project)
return
if not from_file and current_plugin != projectpluginmap.NsxPlugins.NSX_V:
LOG.error("Project %s belongs to plugin %s.", project, mapping.plugin)
return
with v3_utils.NsxV3PluginWrapper() as plugin:
try:
plugin.get_network(ctx, ext_net_id)
except exceptions.NetworkNotFound:
LOG.error("Network %s was not found", ext_net_id)
return
if not plugin._network_is_external(ctx, ext_net_id):
LOG.error("Network %s is not external", ext_net_id)
return
if from_file:
# read resources from files
objects = read_v_resources_from_files(project)
else:
# read all V resources and dump to a file
objects = read_v_resources_to_files(ctx, project)
# delete all the V resources (reading it from the files)
if current_plugin == projectpluginmap.NsxPlugins.NSX_V:
delete_v_resources(ctx, objects)
# change the mapping of this tenant to T
db.update_project_plugin_mapping(ctx.session, project,
projectpluginmap.NsxPlugins.NSX_T)
# use api replay flag to allow keeping the IDs
cfg.CONF.set_override('api_replay_mode', True)
# add resources 1 by one after adapting them to T (api-replay code)
create_t_resources(ctx, objects, ext_net_id)
# reset api replay flag to allow keeping the IDs
cfg.CONF.set_override('api_replay_mode', False)
def create_bgp_gw(resource, event, trigger, **kwargs):
"""Creates a new BGP GW edge"""
usage = ("nsxadmin -r bgp-gw-edge -o create "
"--property name=<GW_EDGE_NAME> "
"--property local-as=<LOCAL_AS_NUMBER> "
"--property external-iface=<PORTGROUP>:<IP_ADDRESS/PREFIX_LEN> "
"--property internal-iface=<PORTGROUP>:<IP_ADDRESS/PREFIX_LEN> "
"[--property default-gateway=<IP_ADDRESS>] "
"[--property az-hint=<AZ_HINT>] "
"[--property size=compact,large,xlarge,quadlarge]")
required_params = ('name', 'local-as',
'internal-iface', 'external-iface')
properties = admin_utils.parse_multi_keyval_opt(kwargs.get('property', []))
if not properties or not set(required_params) <= set(properties.keys()):
LOG.error(usage)
return
local_as = properties['local-as']
if not _validate_asn(local_as):
return
size = properties.get('size', nsxv_constants.LARGE)
if size not in vcns_const.ALLOWED_EDGE_SIZES:
msg = ("Property 'size' takes one of the following values: %s."
% ','.join(vcns_const.ALLOWED_EDGE_SIZES))
LOG.error(msg)
return
external_iface_info = _extract_interface_info(properties['external-iface'])
internal_iface_info = _extract_interface_info(properties['internal-iface'])
if not (external_iface_info and internal_iface_info):
return
if 'default-gateway' in properties:
default_gw = _extract_interface_info(properties['default-gateway'])
if not default_gw:
msg = ("Property 'default-gateway' doesn't contain a valid IP "
"address.")
LOG.error(msg)
return
default_gw = default_gw[1]
else:
default_gw = None
config.register_nsxv_azs(cfg.CONF, cfg.CONF.nsxv.availability_zones)
az_hint = properties.get('az-hint', 'default')
az = nsx_az.NsxVAvailabilityZones().get_availability_zone(az_hint)
edge_id, gateway_ip = _assemble_gw_edge(properties['name'],
size,
external_iface_info,
internal_iface_info,
default_gw,
az)
nsxv.add_bgp_speaker_config(edge_id, gateway_ip, local_as,
True, [], [], [], default_originate=True)
res = {'name': properties['name'],
'edge_id': edge_id,
'size': size,
'availability_zone': az.name,
'bgp_identifier': gateway_ip,
'local_as': local_as}
headers = ['name', 'edge_id', 'size', 'bgp_identifier',
'availability_zone', 'local_as']
LOG.info(formatters.output_formatter('BGP GW Edge', [res], headers))
