def initialize(self): super(NsxPolicyMappingDriver, self).initialize() self._gbp_plugin = None self.nsx_policy = self.get_nsxpolicy_lib() self.policy_api = self.nsx_policy.policy_api nsx_manager_client = self.get_nsxmanager_client() self.nsx_port = nsx_resources.LogicalPort(nsx_manager_client) self._verify_enforcement_point()
def migrate_exclude_ports(resource, event, trigger, **kwargs): _nsx_client = v3_utils.get_nsxv3_client() nsxlib = v3_utils.get_connected_nsxlib() version = nsxlib.get_version() if not nsx_utils.is_nsx_version_2_0_0(version): LOG.info("Migration only supported from 2.0 onwards") LOG.info("Version is %s", version) return admin_cxt = neutron_context.get_admin_context() plugin = PortsPlugin() _port_client = resources.LogicalPort(_nsx_client) exclude_list = nsxlib.firewall_section.get_excludelist() for member in exclude_list['members']: if member['target_type'] == 'LogicalPort': port_id = member['target_id'] # Get port try: nsx_port = _port_client.get(port_id) except nsx_exc.ResourceNotFound: LOG.info("Port %s not found", port_id) continue # Validate its a neutron port is_neutron_port = False for tag in nsx_port['tags']: if tag['scope'] == 'os-neutron-port-id': is_neutron_port = True neutron_port_id = tag['tag'] break if not is_neutron_port: LOG.info("Port %s is not a neutron port", port_id) continue # Check if this port exists in the DB try: plugin.get_port(admin_cxt, neutron_port_id) except Exception: LOG.info("Port %s is not defined in DB", neutron_port_id) continue # Update tag for the port tags_update = [{ 'scope': security.PORT_SG_SCOPE, 'tag': nsxlib_consts.EXCLUDE_PORT }] _port_client.update(port_id, None, tags_update=tags_update) # Remove port from the exclude list nsxlib.firewall_section.remove_member_from_fw_exclude_list( port_id, nsxlib_consts.TARGET_TYPE_LOGICAL_PORT) LOG.info("Port %s successfully updated", port_id)
def initialize(self): super(NsxPolicyMappingDriver, self).initialize() self._gbp_plugin = None self.nsx_policy = self.get_nsxpolicy_lib() # reinitialize the cluster upon fork for api workers to ensure each # process has its own keepalive loops + state registry.subscribe(self.nsx_policy.reinitialize_cluster, resources.PROCESS, events.AFTER_INIT) self.policy_api = self.nsx_policy.policy_api self.nsx_manager = self.get_nsxmanager_lib() registry.subscribe(self.nsx_manager.reinitialize_cluster, resources.PROCESS, events.AFTER_INIT) self.nsx_port = nsx_resources.LogicalPort(self.nsx_manager.client) self._verify_enforcement_point()
def nsx_update_metadata_proxy(resource, event, trigger, **kwargs): """Update Metadata proxy for NSXv3 CrossHairs.""" nsx_version = nsxlib.get_version() if not nsx_utils.is_nsx_version_1_1_0(nsx_version): LOG.error(_LE("This utility is not available for NSX version %s"), nsx_version) return metadata_proxy_uuid = None if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) metadata_proxy_uuid = properties.get('metadata_proxy_uuid') if not metadata_proxy_uuid: LOG.error(_LE("metadata_proxy_uuid is not defined")) return cfg.CONF.set_override('dhcp_agent_notification', False) cfg.CONF.set_override('native_dhcp_metadata', True, 'nsx_v3') cfg.CONF.set_override('metadata_proxy', metadata_proxy_uuid, 'nsx_v3') plugin = utils.NsxV3PluginWrapper() nsx_client = utils.get_nsxv3_client() port_resource = resources.LogicalPort(nsx_client) # For each Neutron network, check if it is an internal metadata network. # If yes, delete the network and associated router interface. # Otherwise, create a logical switch port with MD-Proxy attachment. for network in neutron_client.get_networks(): if _is_metadata_network(network): # It is a metadata network, find the attached router, # remove the router interface and the network. filters = { 'device_owner': const.ROUTER_INTERFACE_OWNERS, 'fixed_ips': { 'subnet_id': [network['subnets'][0]], 'ip_address': [nsx_rpc.METADATA_GATEWAY_IP] } } ports = neutron_client.get_ports(filters=filters) if not ports: continue router_id = ports[0]['device_id'] interface = {'subnet_id': network['subnets'][0]} plugin.remove_router_interface(router_id, interface) LOG.info(_LI("Removed metadata interface on router %s"), router_id) plugin.delete_network(network['id']) LOG.info(_LI("Removed metadata network %s"), network['id']) else: lswitch_id = neutron_client.net_id_to_lswitch_id(network['id']) if not lswitch_id: continue tags = nsxlib.build_v3_tags_payload( network, resource_type='os-neutron-net-id', project_name='admin') name = nsx_utils.get_name_and_uuid( '%s-%s' % ('mdproxy', network['name'] or 'network'), network['id']) port_resource.create( lswitch_id, metadata_proxy_uuid, tags=tags, name=name, attachment_type=nsx_constants.ATTACHMENT_MDPROXY) LOG.info(_LI("Enabled native metadata proxy for network %s"), network['id'])
def get_port_and_profile_clients(): _nsx_client = v3_utils.get_nsxv3_client() return (resources.LogicalPort(_nsx_client), resources.SwitchingProfile(_nsx_client))
def nsx_update_dhcp_bindings(resource, event, trigger, **kwargs): """Resync DHCP bindings for NSXv3 CrossHairs.""" nsx_version = nsxlib.get_version() if not nsx_utils.is_nsx_version_1_1_0(nsx_version): LOG.error(_LE("This utility is not available for NSX version %s"), nsx_version) return dhcp_profile_uuid = None if kwargs.get('property'): properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) dhcp_profile_uuid = properties.get('dhcp_profile_uuid') if not dhcp_profile_uuid: LOG.error(_LE("dhcp_profile_uuid is not defined")) return cfg.CONF.set_override('dhcp_agent_notification', False) cfg.CONF.set_override('native_dhcp_metadata', True, 'nsx_v3') cfg.CONF.set_override('dhcp_profile', dhcp_profile_uuid, 'nsx_v3') nsx_client = utils.get_nsxv3_client() port_resource = resources.LogicalPort(nsx_client) dhcp_server_resource = resources.LogicalDhcpServer(nsx_client) port_bindings = {} # lswitch_id: [(port_id, mac, ip), ...] server_bindings = {} # lswitch_id: dhcp_server_id ports = neutron_client.get_ports() for port in ports: device_owner = port['device_owner'] if (device_owner != const.DEVICE_OWNER_DHCP and not nsx_utils.is_port_dhcp_configurable(port)): continue for fixed_ip in port['fixed_ips']: if netaddr.IPNetwork(fixed_ip['ip_address']).version == 6: continue network_id = port['network_id'] subnet = neutron_client.get_subnet(fixed_ip['subnet_id']) if device_owner == const.DEVICE_OWNER_DHCP: # For each DHCP-enabled network, create a logical DHCP server # and update the attachment type to DHCP on the corresponding # logical port of the Neutron DHCP port. network = neutron_client.get_network(port['network_id']) net_tags = nsxlib.build_v3_tags_payload( network, resource_type='os-neutron-net-id', project_name='admin') server_data = nsxlib.native_dhcp.build_server_config( network, subnet, port, net_tags) server_data['dhcp_profile_id'] = dhcp_profile_uuid dhcp_server = dhcp_server_resource.create(**server_data) LOG.info( _LI("Created logical DHCP server %(server)s for " "network %(network)s"), { 'server': dhcp_server['id'], 'network': port['network_id'] }) # Add DHCP service binding in neutron DB. neutron_client.add_dhcp_service_binding( network['id'], port['id'], dhcp_server['id']) # Update logical port for DHCP purpose. lswitch_id, lport_id = ( neutron_client.get_lswitch_and_lport_id(port['id'])) port_resource.update( lport_id, dhcp_server['id'], attachment_type=nsx_constants.ATTACHMENT_DHCP) server_bindings[lswitch_id] = dhcp_server['id'] LOG.info( _LI("Updated DHCP logical port %(port)s for " "network %(network)s"), { 'port': lport_id, 'network': port['network_id'] }) elif subnet['enable_dhcp']: # Store (mac, ip) binding of each compute port in a # DHCP-enabled subnet. lswitch_id = neutron_client.net_id_to_lswitch_id(network_id) bindings = port_bindings.get(lswitch_id, []) bindings.append( (port['id'], port['mac_address'], fixed_ip['ip_address'], fixed_ip['subnet_id'])) port_bindings[lswitch_id] = bindings break # process only the first IPv4 address # Populate mac/IP bindings in each logical DHCP server. for lswitch_id, bindings in port_bindings.items(): dhcp_server_id = server_bindings.get(lswitch_id) if not dhcp_server_id: continue for (port_id, mac, ip, subnet_id) in bindings: hostname = 'host-%s' % ip.replace('.', '-') options = { 'option121': { 'static_routes': [{ 'network': '%s' % cfg.CONF.nsx_v3.native_metadata_route, 'next_hop': ip }] } } binding = dhcp_server_resource.create_binding( dhcp_server_id, mac, ip, hostname, cfg.CONF.nsx_v3.dhcp_lease_time, options) # Add DHCP static binding in neutron DB. neutron_client.add_dhcp_static_binding(port_id, subnet_id, ip, dhcp_server_id, binding['id']) LOG.info( _LI("Added DHCP binding (mac: %(mac)s, ip: %(ip)s) " "for neutron port %(port)s"), { 'mac': mac, 'ip': ip, 'port': port_id })
def init_api(self): self.port_mirror = core_resources.NsxLibPortMirror( self.client, self.nsxlib_config, nsxlib=self) self.bridge_endpoint = core_resources.NsxLibBridgeEndpoint( self.client, self.nsxlib_config, nsxlib=self) self.bridge_endpoint_profile = ( core_resources.NsxLibBridgeEndpointProfile( self.client, self.nsxlib_config, nsxlib=self)) self.logical_switch = core_resources.NsxLibLogicalSwitch( self.client, self.nsxlib_config, nsxlib=self) self.logical_router = core_resources.NsxLibLogicalRouter( self.client, self.nsxlib_config, nsxlib=self) self.switching_profile = core_resources.NsxLibSwitchingProfile( self.client, self.nsxlib_config, nsxlib=self) self.qos_switching_profile = core_resources.NsxLibQosSwitchingProfile( self.client, self.nsxlib_config, nsxlib=self) self.edge_cluster = core_resources.NsxLibEdgeCluster( self.client, self.nsxlib_config, nsxlib=self) self.bridge_cluster = core_resources.NsxLibBridgeCluster( self.client, self.nsxlib_config, nsxlib=self) self.transport_zone = core_resources.NsxLibTransportZone( self.client, self.nsxlib_config, nsxlib=self) self.transport_node = core_resources.NsxLibTransportNode( self.client, self.nsxlib_config, nsxlib=self) self.relay_service = core_resources.NsxLibDhcpRelayService( self.client, self.nsxlib_config, nsxlib=self) self.relay_profile = core_resources.NsxLibDhcpRelayProfile( self.client, self.nsxlib_config, nsxlib=self) self.native_dhcp_profile = core_resources.NsxLibDhcpProfile( self.client, self.nsxlib_config, nsxlib=self) self.native_md_proxy = core_resources.NsxLibMetadataProxy( self.client, self.nsxlib_config, nsxlib=self) self.firewall_section = security.NsxLibFirewallSection( self.client, self.nsxlib_config, nsxlib=self) self.ns_group = security.NsxLibNsGroup( self.client, self.nsxlib_config, self.firewall_section, nsxlib=self) self.native_dhcp = native_dhcp.NsxLibNativeDhcp( self.client, self.nsxlib_config, nsxlib=self) self.ip_block_subnet = core_resources.NsxLibIpBlockSubnet( self.client, self.nsxlib_config, nsxlib=self) self.ip_block = core_resources.NsxLibIpBlock( self.client, self.nsxlib_config, nsxlib=self) self.ip_set = security.NsxLibIPSet( self.client, self.nsxlib_config, nsxlib=self) self.logical_port = resources.LogicalPort( self.client, self.nsxlib_config, nsxlib=self) self.logical_router_port = resources.LogicalRouterPort( self.client, self.nsxlib_config, nsxlib=self) self.dhcp_server = resources.LogicalDhcpServer( self.client, self.nsxlib_config, nsxlib=self) self.ip_pool = resources.IpPool( self.client, self.nsxlib_config, nsxlib=self) self.load_balancer = load_balancer.LoadBalancer( self.client, self.nsxlib_config) self.trust_management = trust_management.NsxLibTrustManagement( self.client, self.nsxlib_config) self.router = router.RouterLib( self.logical_router, self.logical_router_port, self) self.virtual_machine = core_resources.NsxLibFabricVirtualMachine( self.client, self.nsxlib_config, nsxlib=self) self.vif = core_resources.NsxLibFabricVirtualInterface( self.client, self.nsxlib_config, nsxlib=self) self.vpn_ipsec = vpn_ipsec.VpnIpSec( self.client, self.nsxlib_config, nsxlib=self) self.http_services = resources.NodeHttpServiceProperties( self.client, self.nsxlib_config, nsxlib=self) self.cluster_nodes = resources.NsxlibClusterNodesConfig( self.client, self.nsxlib_config, nsxlib=self) self.global_routing = core_resources.NsxLibGlobalRoutingConfig( self.client, self.nsxlib_config, nsxlib=self) # Update tag limits self.tag_limits = self.get_tag_limits() utils.update_tag_limits(self.tag_limits)