def remove_router_interface(self, context, router_id, interface_info):
edge_id = edge_utils.get_router_edge_id(context, router_id)
with locking.LockManager.get_lock(str(edge_id)):
info = super(
nsx_v.NsxVPluginV2, self.plugin).remove_router_interface(
context, router_id, interface_info)
subnet = self.plugin.get_subnet(context, info['subnet_id'])
network_id = subnet['network_id']
router_ids = self.edge_manager.get_routers_on_same_edge(
context, router_id)
self._update_nat_rules_on_routers(context, router_id, router_ids)
self._update_subnets_and_dnat_firewall_on_routers(
context, router_id, router_ids, allow_external=True)
ports = self.plugin._get_router_interface_ports_by_network(
context, router_id, network_id)
if not ports:
edge_utils.delete_interface(self.nsx_v, context,
router_id, network_id)
# unbind all services if no interfaces attached to the router
if not self.plugin._get_internal_network_ids_by_router(
context, router_id):
self._remove_router_services_on_edge(context, router_id)
self._unbind_router_on_edge(context, router_id)
else:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(
self.nsx_v, context, router_id, network_id, address_groups)
return info
def _bind_router_on_available_edge(self, context, router_id, admin_state):
with locking.LockManager.get_lock('nsx-shared-router-pool'):
conflict_network_ids, conflict_router_ids, intf_num = (
self._get_conflict_network_and_router_ids_by_intf(context,
router_id))
conflict_network_ids_by_ext_net = (
self._get_conflict_network_ids_by_ext_net(context, router_id))
conflict_network_ids.extend(conflict_network_ids_by_ext_net)
optional_router_ids, new_conflict_router_ids = (
self._get_available_and_conflicting_ids(context, router_id))
conflict_router_ids.extend(new_conflict_router_ids)
conflict_router_ids = list(set(conflict_router_ids))
new = self.edge_manager.bind_router_on_available_edge(
context, router_id, optional_router_ids,
conflict_router_ids, conflict_network_ids, intf_num)
# configure metadata service on the router.
metadata_proxy_handler = self.plugin.metadata_proxy_handler
if metadata_proxy_handler and new:
metadata_proxy_handler.configure_router_edge(router_id)
edge_id = edge_utils.get_router_edge_id(context, router_id)
with locking.LockManager.get_lock(str(edge_id)):
# add all internal interfaces of the router on edge
intf_net_ids = (
self.plugin._get_internal_network_ids_by_router(context,
router_id))
for network_id in intf_net_ids:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(
self.nsx_v, context, router_id, network_id,
address_groups, admin_state)
def attach_router(self, context, router_id, router, appliance_size=None):
router_db = self.plugin._get_router(context, router_id)
# Add DB attributes to the router data structure
# before creating it as an exclusive router
self._build_router_data_from_db(router_db, router)
self.create_router(context,
router['router'],
allow_metadata=False,
appliance_size=appliance_size)
edge_id = edge_utils.get_router_edge_id(context, router_id)
LOG.debug("Exclusive router %s attached to edge %s",
router_id, edge_id)
# add all internal interfaces of the router on edge
intf_net_ids = (
self.plugin._get_internal_network_ids_by_router(context,
router_id))
for network_id in intf_net_ids:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(
self.nsx_v, context, router_id, network_id,
address_groups, router_db.admin_state_up)
# Update external interface (which also update nat rules, routes, etc)
external_net_id = self._get_external_network_id_by_router(context,
router_id)
gw_info = None
if (external_net_id):
gw_info = {'network_id': external_net_id}
self._update_router_gw_info(
context, router_id, gw_info, force_update=True)
def create_lb_interface(context, plugin, lb_id, subnet_id, tenant_id,
vip_addr=None, subnet=None):
if not subnet:
subnet = plugin.get_subnet(context, subnet_id)
network_id = subnet.get('network_id')
port_dict = {'name': 'lb_if-' + lb_id,
'admin_state_up': True,
'network_id': network_id,
'tenant_id': tenant_id,
'fixed_ips': [{'subnet_id': subnet['id']}],
'device_owner': constants.DEVICE_OWNER_NEUTRON_PREFIX + 'LB',
'device_id': lb_id,
'mac_address': constants.ATTR_NOT_SPECIFIED
}
port = plugin.base_create_port(context, {'port': port_dict})
ip_addr = port['fixed_ips'][0]['ip_address']
net = netaddr.IPNetwork(subnet['cidr'])
resource_id = get_lb_edge_name(context, lb_id)
address_groups = [{'primaryAddress': ip_addr,
'subnetPrefixLength': str(net.prefixlen),
'subnetMask': str(net.netmask)}]
if vip_addr:
address_groups[0]['secondaryAddresses'] = {
'type': 'secondary_addresses', 'ipAddress': [vip_addr]}
edge_utils.update_internal_interface(
plugin.nsx_v, context, resource_id,
network_id, address_groups)
def remove_router_interface(self, context, router_id, interface_info):
edge_id = edge_utils.get_router_edge_id(context, router_id)
with locking.LockManager.get_lock(str(edge_id)):
info = super(nsx_v.NsxVPluginV2,
self.plugin).remove_router_interface(
context, router_id, interface_info)
subnet = self.plugin.get_subnet(context, info['subnet_id'])
network_id = subnet['network_id']
router_ids = self.edge_manager.get_routers_on_same_edge(
context, router_id)
self._update_nat_rules_on_routers(context, router_id, router_ids)
self._update_subnets_and_dnat_firewall_on_routers(
context, router_id, router_ids, allow_external=True)
ports = self.plugin._get_router_interface_ports_by_network(
context, router_id, network_id)
if not ports:
edge_utils.delete_interface(self.nsx_v, context, router_id,
network_id)
# unbind all services if no interfaces attached to the router
if not self.plugin._get_internal_network_ids_by_router(
context, router_id):
self._remove_router_services_on_edge(context, router_id)
self._unbind_router_on_edge(context, router_id)
else:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(self.nsx_v, context,
router_id, network_id,
address_groups)
return info
def create_lb_interface(context, plugin, lb_id, subnet_id, tenant_id,
vip_addr=None, subnet=None):
if not subnet:
subnet = plugin.get_subnet(context, subnet_id)
network_id = subnet.get('network_id')
port_dict = {'name': 'lb_if-' + lb_id,
'admin_state_up': True,
'network_id': network_id,
'tenant_id': tenant_id,
'fixed_ips': [{'subnet_id': subnet['id']}],
'device_owner': constants.DEVICE_OWNER_NEUTRON_PREFIX + 'LB',
'device_id': lb_id,
'mac_address': constants.ATTR_NOT_SPECIFIED
}
port = plugin.base_create_port(context, {'port': port_dict})
ip_addr = port['fixed_ips'][0]['ip_address']
net = netaddr.IPNetwork(subnet['cidr'])
resource_id = get_lb_edge_name(context, lb_id)
address_groups = [{'primaryAddress': ip_addr,
'subnetPrefixLength': str(net.prefixlen),
'subnetMask': str(net.netmask)}]
if vip_addr:
address_groups[0]['secondaryAddresses'] = {
'type': 'secondary_addresses', 'ipAddress': [vip_addr]}
edge_utils.update_internal_interface(
plugin.nsx_v, context, resource_id,
network_id, address_groups)
def _bind_router_on_available_edge(self, context, router_id, admin_state):
with locking.LockManager.get_lock('nsx-shared-router-pool'):
conflict_network_ids, conflict_router_ids, intf_num = (
self._get_conflict_network_and_router_ids_by_intf(
context, router_id))
conflict_network_ids_by_ext_net = (
self._get_conflict_network_ids_by_ext_net(context, router_id))
conflict_network_ids.extend(conflict_network_ids_by_ext_net)
optional_router_ids, new_conflict_router_ids = (
self._get_available_and_conflicting_ids(context, router_id))
conflict_router_ids.extend(new_conflict_router_ids)
conflict_router_ids = list(set(conflict_router_ids))
az = self.get_router_az_by_id(context, router_id)
new = self.edge_manager.bind_router_on_available_edge(
context, router_id, optional_router_ids, conflict_router_ids,
conflict_network_ids, intf_num, az)
# configure metadata service on the router.
metadata_proxy_handler = self.plugin.metadata_proxy_handler
if metadata_proxy_handler and new:
metadata_proxy_handler.configure_router_edge(router_id)
edge_id = edge_utils.get_router_edge_id(context, router_id)
with locking.LockManager.get_lock(str(edge_id)):
# add all internal interfaces of the router on edge
intf_net_ids = (
self.plugin._get_internal_network_ids_by_router(
context, router_id))
for network_id in intf_net_ids:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(
self.nsx_v, context, router_id, network_id,
address_groups, admin_state)
def remove_router_interface(self, context, router_id, interface_info):
# If a loadbalancer is attached to this Edge appliance, we cannot
# detach the subnet from the exclusive router.
subnet = interface_info.get('subnet_id')
if not subnet and interface_info.get('port_id'):
port = self.plugin.get_port(context, interface_info['port_id'])
port_subnets = [
fixed_ip['subnet_id']
for fixed_ip in port.get('fixed_ips', [])
]
subnet = port_subnets[0]
if subnet and self._check_lb_on_subnet(context, subnet):
error = _('Cannot delete router %(rtr)s interface while '
'loadbalancers are provisioned on attached '
'subnet %(subnet)s') % {
'rtr': router_id,
'subnet': subnet
}
raise nsxv_exc.NsxPluginException(err_msg=error)
info = super(nsx_v.NsxVPluginV2, self.plugin).remove_router_interface(
context, router_id, interface_info)
router_db = self.plugin._get_router(context, router_id)
subnet = self.plugin.get_subnet(context, info['subnet_id'])
network_id = subnet['network_id']
with locking.LockManager.get_lock(
self._get_router_edge_id(context, router_id)):
if router_db.gw_port and router_db.enable_snat:
# First update nat rules
self.plugin._update_nat_rules(context, router_db)
ports = self.plugin._get_router_interface_ports_by_network(
context, router_id, network_id)
self.plugin._update_subnets_and_dnat_firewall(context, router_db)
# No subnet on the network connects to the edge vnic
if not ports:
edge_utils.delete_interface(self.nsx_v,
context,
router_id,
network_id,
dist=False)
else:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(self.nsx_v, context,
router_id, network_id,
address_groups)
return info
def _bind_router_on_available_edge(self, context, router_id, admin_state):
with locking.LockManager.get_lock('nsx-shared-router-pool'):
conflict_network_ids, conflict_router_ids, intf_num = (
self._get_conflict_network_and_router_ids_by_intf(
context, router_id))
conflict_network_ids_by_ext_net = (
self._get_conflict_network_ids_by_ext_net(context, router_id))
conflict_network_ids.extend(conflict_network_ids_by_ext_net)
optional_router_ids, new_conflict_router_ids = (
self._get_available_and_conflicting_ids(context, router_id))
conflict_router_ids.extend(new_conflict_router_ids)
conflict_router_ids = list(set(conflict_router_ids))
az, flavor_id = self.get_router_az_and_flavor_by_id(
context, router_id)
new = self.edge_manager.bind_router_on_available_edge(
context, router_id, optional_router_ids, conflict_router_ids,
conflict_network_ids, intf_num, az)
# configure metadata service on the router.
if self.plugin.metadata_proxy_handler and new:
md_proxy_handler = self.plugin.get_metadata_proxy_handler(
az.name)
if md_proxy_handler:
md_proxy_handler.configure_router_edge(context, router_id)
edge_id = edge_utils.get_router_edge_id(context, router_id)
with locking.LockManager.get_lock(str(edge_id)):
# add all internal interfaces of the router on edge
intf_net_ids = (
self.plugin._get_internal_network_ids_by_router(
context, router_id))
for network_id in intf_net_ids:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(
self.nsx_v, context, router_id, network_id,
address_groups, admin_state)
if flavor_id:
# if several routers share same edge, they might have
# different flavors with conflicting syslog settings.
# in this case, each new router association will override
# previous syslog settings on the edge
self.edge_manager.update_syslog_by_flavor(
context, router_id, flavor_id, edge_id)
LOG.info("Binding shared router %(rtr)s: edge %(edge)s", {
'rtr': router_id,
'edge': edge_id
})
def _bind_router_on_available_edge(self, context, router_id, admin_state):
with locking.LockManager.get_lock('nsx-shared-router-pool'):
conflict_network_ids, conflict_router_ids, intf_num = (
self._get_conflict_network_and_router_ids_by_intf(context,
router_id))
conflict_network_ids_by_ext_net = (
self._get_conflict_network_ids_by_ext_net(context, router_id))
conflict_network_ids.extend(conflict_network_ids_by_ext_net)
optional_router_ids, new_conflict_router_ids = (
self._get_available_and_conflicting_ids(context, router_id))
conflict_router_ids.extend(new_conflict_router_ids)
conflict_router_ids = list(set(conflict_router_ids))
az, flavor_id = self.get_router_az_and_flavor_by_id(context,
router_id)
new = self.edge_manager.bind_router_on_available_edge(
context, router_id, optional_router_ids,
conflict_router_ids, conflict_network_ids,
intf_num, az)
# configure metadata service on the router.
if self.plugin.metadata_proxy_handler and new:
md_proxy_handler = self.plugin.get_metadata_proxy_handler(
az.name)
if md_proxy_handler:
md_proxy_handler.configure_router_edge(context, router_id)
edge_id = edge_utils.get_router_edge_id(context, router_id)
with locking.LockManager.get_lock(str(edge_id)):
# add all internal interfaces of the router on edge
intf_net_ids = (
self.plugin._get_internal_network_ids_by_router(context,
router_id))
for network_id in intf_net_ids:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(
self.nsx_v, context, router_id, network_id,
address_groups, admin_state)
if flavor_id:
# if several routers share same edge, they might have
# different flavors with conflicting syslog settings.
# in this case, each new router association will override
# previous syslog settings on the edge
self.edge_manager.update_syslog_by_flavor(context, router_id,
flavor_id, edge_id)
LOG.info("Binding shared router %(rtr)s: edge %(edge)s",
{'rtr': router_id, 'edge': edge_id})
def remove_router_interface(self, context, router_id, interface_info):
# If a loadbalancer is attached to this Edge appliance, we cannot
# detach the subnet from the exclusive router.
subnet = interface_info.get('subnet_id')
if not subnet and interface_info.get('port_id'):
port = self.plugin.get_port(context, interface_info['port_id'])
port_subnets = [
fixed_ip['subnet_id'] for fixed_ip in port.get(
'fixed_ips', [])]
subnet = port_subnets[0]
if subnet and self._check_lb_on_subnet(context, subnet, router_id):
error = _('Cannot delete router %(rtr)s interface while '
'loadbalancers are provisioned on attached '
'subnet %(subnet)s') % {'rtr': router_id,
'subnet': subnet}
raise nsxv_exc.NsxPluginException(err_msg=error)
info = super(nsx_v.NsxVPluginV2, self.plugin).remove_router_interface(
context, router_id, interface_info)
router_db = self.plugin._get_router(context, router_id)
subnet = self.plugin.get_subnet(context, info['subnet_id'])
network_id = subnet['network_id']
with locking.LockManager.get_lock(
self._get_router_edge_id(context, router_id)):
if router_db.gw_port and router_db.enable_snat:
# First update nat rules
self.plugin._update_nat_rules(context, router_db)
ports = self.plugin._get_router_interface_ports_by_network(
context, router_id, network_id)
self.plugin._update_subnets_and_dnat_firewall(context, router_db)
# No subnet on the network connects to the edge vnic
if not ports:
edge_utils.delete_interface(self.nsx_v, context,
router_id, network_id,
dist=False)
else:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(self.nsx_v, context,
router_id, network_id,
address_groups)
return info
def attach_router(self, context, router_id, router, appliance_size=None):
router_db = self.plugin._get_router(context, router_id)
# Add DB attributes to the router data structure
# before creating it as an exclusive router
router_attr = self._build_router_data_from_db(router_db, router)
allow_metadata = True if self.plugin.metadata_proxy_handler else False
self.create_router(context,
router_attr,
allow_metadata=allow_metadata,
appliance_size=appliance_size)
edge_id = edge_utils.get_router_edge_id(context, router_id)
LOG.debug("Exclusive router %s attached to edge %s", router_id,
edge_id)
# add all internal interfaces of the router on edge
intf_net_ids = (self.plugin._get_internal_network_ids_by_router(
context, router_id))
with locking.LockManager.get_lock(edge_id):
for network_id in intf_net_ids:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(self.nsx_v, context,
router_id, network_id,
address_groups,
router_db.admin_state_up)
# Update external interface (which also update nat rules, routes, etc)
external_net_id = self._get_external_network_id_by_router(
context, router_id)
gw_info = None
if (external_net_id):
gw_info = {
'network_id': external_net_id,
'enable_snat': router_db.enable_snat
}
self.plugin._update_router_gw_info(context,
router_id,
gw_info,
force_update=True)
def _safe_remove_router_interface(self, context, router_id,
interface_info):
edge_id = edge_utils.get_router_edge_id(context, router_id)
with locking.LockManager.get_lock('nsx-shared-router-pool'):
info = super(
nsx_v.NsxVPluginV2, self.plugin).remove_router_interface(
context, router_id, interface_info)
subnet = self.plugin.get_subnet(context, info['subnet_id'])
network_id = subnet['network_id']
ports = self.plugin._get_router_interface_ports_by_network(
context, router_id, network_id)
connected_networks = (
self.plugin._get_internal_network_ids_by_router(context,
router_id))
if not ports and not connected_networks:
router = self.plugin._get_router(context, router_id)
self._notify_before_router_edge_association(context, router)
with locking.LockManager.get_lock(str(edge_id)):
router_ids = self.edge_manager.get_routers_on_same_edge(
context, router_id)
self._update_nat_rules_on_routers(context, router_id,
router_ids)
self._update_subnets_and_dnat_firewall_on_routers(
context, router_id, router_ids, allow_external=True)
if not ports:
edge_utils.delete_interface(self.nsx_v, context,
router_id, network_id)
# unbind all services if no interfaces attached to the
# router
if not connected_networks:
self._remove_router_services_on_edge(context,
router_id)
self._unbind_router_on_edge(context, router_id)
else:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(self.nsx_v, context,
router_id,
network_id,
address_groups)
return info
def _safe_remove_router_interface(self, context, router_id,
interface_info):
edge_id = edge_utils.get_router_edge_id(context, router_id)
with locking.LockManager.get_lock('nsx-shared-router-pool'):
info = super(
nsx_v.NsxVPluginV2, self.plugin).remove_router_interface(
context, router_id, interface_info)
subnet = self.plugin.get_subnet(context, info['subnet_id'])
network_id = subnet['network_id']
ports = self.plugin._get_router_interface_ports_by_network(
context, router_id, network_id)
connected_networks = (
self.plugin._get_internal_network_ids_by_router(context,
router_id))
if not ports and not connected_networks:
router = self.plugin._get_router(context, router_id)
self._notify_before_router_edge_association(context, router)
with locking.LockManager.get_lock(str(edge_id)):
router_ids = self.edge_manager.get_routers_on_same_edge(
context, router_id)
self._update_nat_rules_on_routers(context, router_id,
router_ids)
self._update_subnets_and_dnat_firewall_on_routers(
context, router_id, router_ids, allow_external=True)
if not ports:
edge_utils.delete_interface(self.nsx_v, context,
router_id, network_id)
# unbind all services if no interfaces attached to the
# router
if not connected_networks:
self._remove_router_services_on_edge(context,
router_id)
self._unbind_router_on_edge(context, router_id)
else:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(self.nsx_v, context,
router_id,
network_id,
address_groups)
return info
def configure_router_edge(self, context, rtr_id):
ctx = context.elevated()
# Connect router interface to inter-edge network
port_data = {
'port': {
'network_id': self.internal_net,
'name': None,
'admin_state_up': True,
'device_id': rtr_id,
'device_owner': constants.DEVICE_OWNER_ROUTER_GW,
'fixed_ips': constants.ATTR_NOT_SPECIFIED,
'mac_address': constants.ATTR_NOT_SPECIFIED,
'port_security_enabled': False,
'tenant_id': None
}
}
self.nsxv_plugin.base_create_port(ctx, port_data)
address_groups = self._get_address_groups(ctx,
self.internal_net,
rtr_id,
is_proxy=False)
if context is None:
context = self.context
edge_utils.update_internal_interface(self.nsxv_plugin.nsx_v,
context,
rtr_id,
self.internal_net,
address_groups=address_groups)
self._setup_metadata_lb(rtr_id,
METADATA_IP_ADDR,
METADATA_TCP_PORT,
cfg.CONF.nsxv.nova_metadata_port,
self.proxy_edge_ips,
proxy_lb=False,
context=context)
def add_router_interface(self, context, router_id, interface_info):
self.plugin._check_intf_number_of_router(context, router_id)
info = super(nsx_v.NsxVPluginV2, self.plugin).add_router_interface(
context, router_id, interface_info)
router_db = self.plugin._get_router(context, router_id)
subnet = self.plugin.get_subnet(context, info['subnet_id'])
network_id = subnet['network_id']
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
with locking.LockManager.get_lock(
self._get_router_edge_id(context, router_id)):
edge_utils.update_internal_interface(
self.nsx_v, context, router_id, network_id, address_groups,
router_db['admin_state_up'])
# Update edge's firewall rules to accept subnets flows.
self.plugin._update_subnets_and_dnat_firewall(context, router_db)
if router_db.gw_port and router_db.enable_snat:
# Update Nat rules on external edge vnic
self.plugin._update_nat_rules(context, router_db)
return info
def configure_router_edge(self, rtr_id, context=None):
# Connect router interface to inter-edge network
port_data = {
'port': {
'network_id': self.internal_net,
'name': None,
'admin_state_up': True,
'device_id': rtr_id,
'device_owner': constants.DEVICE_OWNER_ROUTER_GW,
'fixed_ips': constants.ATTR_NOT_SPECIFIED,
'mac_address': constants.ATTR_NOT_SPECIFIED,
'port_security_enabled': False,
'tenant_id': None}}
self.nsxv_plugin.create_port(self.context, port_data)
address_groups = self._get_address_groups(
self.context,
self.internal_net,
rtr_id,
is_proxy=False)
if context is None:
context = self.context
edge_utils.update_internal_interface(
self.nsxv_plugin.nsx_v,
context,
rtr_id,
self.internal_net,
address_groups=address_groups)
self._setup_metadata_lb(rtr_id,
METADATA_IP_ADDR,
METADATA_TCP_PORT,
cfg.CONF.nsxv.nova_metadata_port,
self.proxy_edge_ips,
proxy_lb=False,
context=context)
def configure_router_edge(self, context, rtr_id):
LOG.debug('Configuring metadata infrastructure for %s', rtr_id)
ctx = neutron_context.get_admin_context()
# Connect router interface to inter-edge network
port_data = {
'port': {
'network_id': self.internal_net,
'name': None,
'admin_state_up': True,
'device_id': rtr_id,
'device_owner': constants.DEVICE_OWNER_ROUTER_GW,
'fixed_ips': constants.ATTR_NOT_SPECIFIED,
'mac_address': constants.ATTR_NOT_SPECIFIED,
'port_security_enabled': False,
'tenant_id': nsxv_constants.INTERNAL_TENANT_ID}}
self.nsxv_plugin.base_create_port(ctx, port_data)
address_groups = self._get_address_groups(
ctx,
self.internal_net,
rtr_id,
is_proxy=False)
edge_utils.update_internal_interface(
self.nsxv_plugin.nsx_v,
context,
rtr_id,
self.internal_net,
address_groups=address_groups)
self._setup_metadata_lb(rtr_id,
METADATA_IP_ADDR,
METADATA_TCP_PORT,
cfg.CONF.nsxv.nova_metadata_port,
self.proxy_edge_ips,
proxy_lb=False,
context=context)
def add_router_interface(self, context, router_id, interface_info):
self.plugin._check_intf_number_of_router(context, router_id)
info = super(nsx_v.NsxVPluginV2,
self.plugin).add_router_interface(context, router_id,
interface_info)
router_db = self.plugin._get_router(context, router_id)
subnet = self.plugin.get_subnet(context, info['subnet_id'])
network_id = subnet['network_id']
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
with locking.LockManager.get_lock(
self._get_router_edge_id(context, router_id)):
edge_utils.update_internal_interface(self.nsx_v, context,
router_id, network_id,
address_groups,
router_db['admin_state_up'])
# Update edge's firewall rules to accept subnets flows.
self.plugin._update_subnets_and_dnat_firewall(context, router_db)
if router_db.gw_port and router_db.enable_snat:
# Update Nat rules on external edge vnic
self.plugin._update_nat_rules(context, router_db)
return info
def _safe_add_router_interface(self, context, router_id, interface_info):
self.plugin._check_intf_number_of_router(context, router_id)
edge_id = edge_utils.get_router_edge_id(context, router_id)
router_db = self.plugin._get_router(context, router_id)
if edge_id:
is_migrated = False
with locking.LockManager.get_lock('nsx-shared-router-pool'):
info = super(nsx_v.NsxVPluginV2,
self.plugin).add_router_interface(
context, router_id, interface_info)
with locking.LockManager.get_lock(str(edge_id)):
router_ids = self.edge_manager.get_routers_on_same_edge(
context, router_id)
subnet = self.plugin.get_subnet(context, info['subnet_id'])
network_id = subnet['network_id']
# Collect all conflict networks whose cidr are overlapped
# with networks attached to the router and conflict routers
# which has same network with the router's.
conflict_network_ids, conflict_router_ids, _ = (
self._get_conflict_network_and_router_ids_by_intf(
context, router_id))
_, new_conflict_router_ids = (
self._get_available_and_conflicting_ids(
context, router_id))
conflict_router_ids.extend(new_conflict_router_ids)
conflict_router_ids = list(set(conflict_router_ids))
interface_ports = (
self.plugin._get_router_interface_ports_by_network(
context, router_id, network_id))
# Consider whether another subnet of the same network
# has been attached to the router.
if len(interface_ports) > 1:
is_conflict = (
self.edge_manager.is_router_conflict_on_edge(
context, router_id, conflict_router_ids,
conflict_network_ids, 0))
else:
is_conflict = (
self.edge_manager.is_router_conflict_on_edge(
context, router_id, conflict_router_ids,
conflict_network_ids, 1))
if not is_conflict:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(
self.nsx_v, context, router_id, network_id,
address_groups, router_db.admin_state_up)
if router_db.gw_port and router_db.enable_snat:
self._update_nat_rules_on_routers(
context, router_id, router_ids)
self._update_subnets_and_dnat_firewall_on_routers(
context,
router_id,
router_ids,
allow_external=True)
if is_conflict:
self._notify_before_router_edge_association(
context, router_db, edge_id)
with locking.LockManager.get_lock(str(edge_id)):
if len(interface_ports) > 1:
self._remove_router_services_on_edge(
context, router_id)
else:
self._remove_router_services_on_edge(
context, router_id, network_id)
self._unbind_router_on_edge(context, router_id)
is_migrated = True
if is_migrated:
self._bind_router_on_available_edge(context, router_id,
router_db.admin_state_up)
edge_id = edge_utils.get_router_edge_id(context, router_id)
with locking.LockManager.get_lock(str(edge_id)):
self._add_router_services_on_available_edge(
context, router_id)
self._notify_after_router_edge_association(context, router_db)
else:
info = self._base_add_router_interface(context, router_id,
interface_info)
# bind and configure routing service on an available edge
self._bind_router_on_available_edge(context, router_id,
router_db.admin_state_up)
edge_id = edge_utils.get_router_edge_id(context, router_id)
with locking.LockManager.get_lock(str(edge_id)):
self._add_router_services_on_available_edge(context, router_id)
self._notify_after_router_edge_association(context, router_db)
return info
def _setup_new_proxy_edge(self, rtr_ext_ip):
rtr_id = None
try:
router_data = {
'router': {
'name': 'metadata_proxy_router',
'admin_state_up': True,
'router_type': 'exclusive',
'tenant_id': None}}
rtr = self.nsxv_plugin.create_router(
self.context,
router_data,
allow_metadata=False)
rtr_id = rtr['id']
edge_id = self._get_edge_id_by_rtr_id(rtr_id)
self.nsxv_plugin.nsx_v.update_interface(
rtr['id'],
edge_id,
vcns_const.EXTERNAL_VNIC_INDEX,
cfg.CONF.nsxv.mgt_net_moid,
address=rtr_ext_ip,
netmask=cfg.CONF.nsxv.mgt_net_proxy_netmask,
secondary=[])
port_data = {
'port': {
'network_id': self.internal_net,
'name': None,
'admin_state_up': True,
'device_id': rtr_id,
'device_owner': constants.DEVICE_OWNER_ROUTER_INTF,
'fixed_ips': constants.ATTR_NOT_SPECIFIED,
'mac_address': constants.ATTR_NOT_SPECIFIED,
'port_security_enabled': False,
'tenant_id': None}}
port = self.nsxv_plugin.create_port(self.context, port_data)
address_groups = self._get_address_groups(
self.context, self.internal_net, rtr_id, is_proxy=True)
edge_ip = port['fixed_ips'][0]['ip_address']
edge_utils.update_internal_interface(
self.nsxv_plugin.nsx_v, self.context, rtr_id,
self.internal_net, address_groups)
self._setup_metadata_lb(rtr_id,
port['fixed_ips'][0]['ip_address'],
cfg.CONF.nsxv.nova_metadata_port,
cfg.CONF.nsxv.nova_metadata_port,
cfg.CONF.nsxv.nova_metadata_ips,
proxy_lb=True)
firewall_rules = [
DEFAULT_EDGE_FIREWALL_RULE,
{
'action': 'allow',
'enabled': True,
'source_ip_address': [INTERNAL_SUBNET]}]
edge_utils.update_firewall(
self.nsxv_plugin.nsx_v,
self.context,
rtr_id,
{'firewall_rule_list': firewall_rules},
allow_external=False)
if cfg.CONF.nsxv.mgt_net_default_gateway:
self.nsxv_plugin._update_routes(
self.context, rtr_id,
cfg.CONF.nsxv.mgt_net_default_gateway)
nsxv_db.create_nsxv_internal_edge(
self.context.session, rtr_ext_ip,
vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE, rtr_id)
return edge_ip
except Exception as e:
LOG.exception(_LE("Exception %s while creating internal edge "
"for metadata service"), e)
ports = self.nsxv_plugin.get_ports(
self.context, filters={'device_id': [rtr_id]})
for port in ports:
self.nsxv_plugin.delete_port(self.context, port['id'],
l3_port_check=True,
nw_gw_port_check=True)
nsxv_db.delete_nsxv_internal_edge(
self.context.session,
rtr_ext_ip)
if rtr_id:
self.nsxv_plugin.delete_router(self.context, rtr_id)
def _setup_new_proxy_edge(self, rtr_ext_ip):
rtr_id = None
try:
router_data = {
'router': {
'name': 'metadata_proxy_router',
'admin_state_up': True,
'router_type': 'exclusive',
'tenant_id': None
}
}
rtr = self.nsxv_plugin.create_router(self.context,
router_data,
allow_metadata=False)
rtr_id = rtr['id']
edge_id = self._get_edge_id_by_rtr_id(rtr_id)
self.nsxv_plugin.nsx_v.update_interface(
rtr['id'],
edge_id,
vcns_const.EXTERNAL_VNIC_INDEX,
cfg.CONF.nsxv.mgt_net_moid,
address=rtr_ext_ip,
netmask=cfg.CONF.nsxv.mgt_net_proxy_netmask,
secondary=[])
port_data = {
'port': {
'network_id': self.internal_net,
'name': None,
'admin_state_up': True,
'device_id': rtr_id,
'device_owner': constants.DEVICE_OWNER_ROUTER_INTF,
'fixed_ips': constants.ATTR_NOT_SPECIFIED,
'mac_address': constants.ATTR_NOT_SPECIFIED,
'port_security_enabled': False,
'tenant_id': None
}
}
port = self.nsxv_plugin.create_port(self.context, port_data)
address_groups = self._get_address_groups(self.context,
self.internal_net,
rtr_id,
is_proxy=True)
edge_ip = port['fixed_ips'][0]['ip_address']
edge_utils.update_internal_interface(self.nsxv_plugin.nsx_v,
self.context, rtr_id,
self.internal_net,
address_groups)
self._setup_metadata_lb(rtr_id,
port['fixed_ips'][0]['ip_address'],
cfg.CONF.nsxv.nova_metadata_port,
cfg.CONF.nsxv.nova_metadata_port,
cfg.CONF.nsxv.nova_metadata_ips,
proxy_lb=True)
firewall_rules = [
DEFAULT_EDGE_FIREWALL_RULE, {
'action': 'allow',
'enabled': True,
'source_ip_address': [INTERNAL_SUBNET]
}
]
edge_utils.update_firewall(self.nsxv_plugin.nsx_v,
self.context,
rtr_id,
{'firewall_rule_list': firewall_rules},
allow_external=False)
if cfg.CONF.nsxv.mgt_net_default_gateway:
self.nsxv_plugin._update_routes(
self.context, rtr_id,
cfg.CONF.nsxv.mgt_net_default_gateway)
nsxv_db.create_nsxv_internal_edge(
self.context.session, rtr_ext_ip,
vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE, rtr_id)
return edge_ip
except Exception as e:
LOG.exception(
_LE("Exception %s while creating internal edge "
"for metadata service"), e)
ports = self.nsxv_plugin.get_ports(self.context,
filters={'device_id': [rtr_id]})
for port in ports:
self.nsxv_plugin.delete_port(self.context,
port['id'],
l3_port_check=True,
nw_gw_port_check=True)
nsxv_db.delete_nsxv_internal_edge(self.context.session, rtr_ext_ip)
if rtr_id:
self.nsxv_plugin.delete_router(self.context, rtr_id)
def _safe_add_router_interface(self, context, router_id, interface_info):
self.plugin._check_intf_number_of_router(context, router_id)
edge_id = edge_utils.get_router_edge_id(context, router_id)
router_db = self.plugin._get_router(context, router_id)
if edge_id:
is_migrated = False
with locking.LockManager.get_lock('nsx-shared-router-pool'):
info = super(nsx_v.NsxVPluginV2,
self.plugin).add_router_interface(
context, router_id, interface_info)
with locking.LockManager.get_lock(str(edge_id)):
router_ids = self.edge_manager.get_routers_on_same_edge(
context, router_id)
subnet = self.plugin.get_subnet(context, info['subnet_id'])
network_id = subnet['network_id']
# Collect all conflict networks whose cidr are overlapped
# with networks attached to the router and conflict routers
# which has same network with the router's.
conflict_network_ids, conflict_router_ids, _ = (
self._get_conflict_network_and_router_ids_by_intf(
context, router_id))
_, new_conflict_router_ids = (
self._get_available_and_conflicting_ids(context,
router_id))
conflict_router_ids.extend(new_conflict_router_ids)
conflict_router_ids = list(set(conflict_router_ids))
interface_ports = (
self.plugin._get_router_interface_ports_by_network(
context, router_id, network_id))
# Consider whether another subnet of the same network
# has been attached to the router.
if len(interface_ports) > 1:
is_conflict = (
self.edge_manager.is_router_conflict_on_edge(
context, router_id, conflict_router_ids,
conflict_network_ids, 0))
else:
is_conflict = (
self.edge_manager.is_router_conflict_on_edge(
context, router_id, conflict_router_ids,
conflict_network_ids, 1))
if not is_conflict:
address_groups = self.plugin._get_address_groups(
context, router_id, network_id)
edge_utils.update_internal_interface(
self.nsx_v, context, router_id,
network_id, address_groups,
router_db.admin_state_up)
if router_db.gw_port and router_db.enable_snat:
self._update_nat_rules_on_routers(
context, router_id, router_ids)
self._update_subnets_and_dnat_firewall_on_routers(
context, router_id, router_ids,
allow_external=True)
if is_conflict:
self._notify_before_router_edge_association(
context, router_db, edge_id)
with locking.LockManager.get_lock(str(edge_id)):
if len(interface_ports) > 1:
self._remove_router_services_on_edge(
context, router_id)
else:
self._remove_router_services_on_edge(
context, router_id, network_id)
self._unbind_router_on_edge(context, router_id)
is_migrated = True
if is_migrated:
self._bind_router_on_available_edge(
context, router_id, router_db.admin_state_up)
edge_id = edge_utils.get_router_edge_id(context, router_id)
with locking.LockManager.get_lock(str(edge_id)):
self._add_router_services_on_available_edge(context,
router_id)
self._notify_after_router_edge_association(context, router_db)
else:
info = self._base_add_router_interface(context, router_id,
interface_info)
# bind and configure routing service on an available edge
self._bind_router_on_available_edge(
context, router_id, router_db.admin_state_up)
edge_id = edge_utils.get_router_edge_id(context, router_id)
with locking.LockManager.get_lock(str(edge_id)):
self._add_router_services_on_available_edge(context,
router_id)
self._notify_after_router_edge_association(context, router_db)
return info
def _setup_new_proxy_edge(self, rtr_ext_ip):
# Use separate context per each as we use this in tread context
context = neutron_context.get_admin_context()
rtr_id = None
try:
rtr_name = 'metadata_proxy_router'
if not self.az.is_default():
rtr_name = '%s-%s' % (rtr_name, self.az.name)
router_data = {
'router': {
'name': rtr_name,
'admin_state_up': True,
'router_type': 'exclusive',
'availability_zone_hints': [self.az.name],
'tenant_id': nsxv_constants.INTERNAL_TENANT_ID}}
rtr = self.nsxv_plugin.create_router(
context,
router_data,
allow_metadata=False)
rtr_id = rtr['id']
edge_id = self._get_edge_id_by_rtr_id(context, rtr_id)
if not edge_id:
LOG.error('No edge create for router - %s', rtr_id)
if rtr_id:
self.nsxv_plugin.delete_router(context, rtr_id)
return
self.nsxv_plugin.nsx_v.update_interface(
rtr['id'],
edge_id,
vcns_const.EXTERNAL_VNIC_INDEX,
self.az.mgt_net_moid,
address=rtr_ext_ip,
netmask=self.az.mgt_net_proxy_netmask,
secondary=[])
port_data = {
'port': {
'network_id': self.internal_net,
'name': None,
'admin_state_up': True,
'device_id': rtr_id,
'device_owner': (constants.DEVICE_OWNER_NETWORK_PREFIX +
'md_interface'),
'fixed_ips': constants.ATTR_NOT_SPECIFIED,
'mac_address': constants.ATTR_NOT_SPECIFIED,
'port_security_enabled': False,
'tenant_id': nsxv_constants.INTERNAL_TENANT_ID}}
port = self.nsxv_plugin.base_create_port(context, port_data)
address_groups = self._get_address_groups(
context, self.internal_net, rtr_id, is_proxy=True)
edge_ip = port['fixed_ips'][0]['ip_address']
with locking.LockManager.get_lock(edge_id):
edge_utils.update_internal_interface(
self.nsxv_plugin.nsx_v, context, rtr_id,
self.internal_net, address_groups)
self._setup_metadata_lb(rtr_id,
port['fixed_ips'][0]['ip_address'],
cfg.CONF.nsxv.nova_metadata_port,
cfg.CONF.nsxv.nova_metadata_port,
cfg.CONF.nsxv.nova_metadata_ips,
proxy_lb=True)
firewall_rules = [
DEFAULT_EDGE_FIREWALL_RULE,
{
'action': 'allow',
'enabled': True,
'source_ip_address': [INTERNAL_SUBNET]}]
edge_utils.update_firewall(
self.nsxv_plugin.nsx_v,
context,
rtr_id,
{'firewall_rule_list': firewall_rules},
allow_external=False)
if self.az.mgt_net_default_gateway:
self.nsxv_plugin._update_routes(
context, rtr_id,
self.az.mgt_net_default_gateway)
nsxv_db.create_nsxv_internal_edge(
context.session, rtr_ext_ip,
vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE, rtr_id)
return edge_ip
except Exception as e:
LOG.exception("Exception %s while creating internal edge "
"for metadata service", e)
ports = self.nsxv_plugin.get_ports(
context, filters={'device_id': [rtr_id]})
for port in ports:
self.nsxv_plugin.delete_port(context, port['id'],
l3_port_check=True,
nw_gw_port_check=True)
nsxv_db.delete_nsxv_internal_edge(
context.session,
rtr_ext_ip)
if rtr_id:
self.nsxv_plugin.delete_router(context, rtr_id)
def _setup_new_proxy_edge(self, rtr_ext_ip):
# Use separate context per each as we use this in tread context
context = neutron_context.get_admin_context()
rtr_id = None
try:
rtr_name = 'metadata_proxy_router'
if not self.az.is_default():
rtr_name = '%s-%s' % (rtr_name, self.az.name)
router_data = {
'router': {
'name': rtr_name,
'admin_state_up': True,
'router_type': 'exclusive',
'availability_zone_hints': [self.az.name],
'tenant_id': nsxv_constants.INTERNAL_TENANT_ID}}
rtr = self.nsxv_plugin.create_router(
context,
router_data,
allow_metadata=False)
rtr_id = rtr['id']
edge_id = self._get_edge_id_by_rtr_id(context, rtr_id)
if not edge_id:
LOG.error('No edge create for router - %s', rtr_id)
if rtr_id:
self.nsxv_plugin.delete_router(context, rtr_id)
return
self.nsxv_plugin.nsx_v.update_interface(
rtr['id'],
edge_id,
vcns_const.EXTERNAL_VNIC_INDEX,
self.az.mgt_net_moid,
address=rtr_ext_ip,
netmask=self.az.mgt_net_proxy_netmask,
secondary=[])
port_data = {
'port': {
'network_id': self.internal_net,
'name': None,
'admin_state_up': True,
'device_id': rtr_id,
'device_owner': (constants.DEVICE_OWNER_NETWORK_PREFIX +
'md_interface'),
'fixed_ips': constants.ATTR_NOT_SPECIFIED,
'mac_address': constants.ATTR_NOT_SPECIFIED,
'port_security_enabled': False,
'tenant_id': nsxv_constants.INTERNAL_TENANT_ID}}
port = self.nsxv_plugin.base_create_port(context, port_data)
address_groups = self._get_address_groups(
context, self.internal_net, rtr_id, is_proxy=True)
edge_ip = port['fixed_ips'][0]['ip_address']
with locking.LockManager.get_lock(edge_id):
edge_utils.update_internal_interface(
self.nsxv_plugin.nsx_v, context, rtr_id,
self.internal_net, address_groups)
self._setup_metadata_lb(rtr_id,
port['fixed_ips'][0]['ip_address'],
cfg.CONF.nsxv.nova_metadata_port,
cfg.CONF.nsxv.nova_metadata_port,
cfg.CONF.nsxv.nova_metadata_ips,
proxy_lb=True)
firewall_rules = [
DEFAULT_EDGE_FIREWALL_RULE,
{
'action': 'allow',
'enabled': True,
'source_ip_address': [INTERNAL_SUBNET]}]
edge_utils.update_firewall(
self.nsxv_plugin.nsx_v,
context,
rtr_id,
{'firewall_rule_list': firewall_rules},
allow_external=False)
if self.az.mgt_net_default_gateway:
self.nsxv_plugin._update_routes(
context, rtr_id,
self.az.mgt_net_default_gateway)
nsxv_db.create_nsxv_internal_edge(
context.session, rtr_ext_ip,
vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE, rtr_id)
return edge_ip
except Exception as e:
LOG.exception("Exception %s while creating internal edge "
"for metadata service", e)
ports = self.nsxv_plugin.get_ports(
context, filters={'device_id': [rtr_id]})
for port in ports:
self.nsxv_plugin.delete_port(context, port['id'],
l3_port_check=True,
nw_gw_port_check=True,
allow_delete_internal=True)
nsxv_db.delete_nsxv_internal_edge(
context.session,
rtr_ext_ip)
if rtr_id:
self.nsxv_plugin.delete_router(context, rtr_id)