def nsx_update_metadata_proxy(resource, event, trigger, **kwargs):
"""Update Metadata proxy for NSXv3 CrossHairs."""
nsx_version = utils.get_connected_nsxlib().get_version()
if not nsx_utils.is_nsx_version_1_1_0(nsx_version):
LOG.info(_LI("This utility is not available for NSX version %s"),
nsx_version)
return
metadata_proxy_uuid = None
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
metadata_proxy_uuid = properties.get('metadata_proxy_uuid')
if not metadata_proxy_uuid:
LOG.error(_LE("metadata_proxy_uuid is not defined"))
return
cfg.CONF.set_override('dhcp_agent_notification', False)
cfg.CONF.set_override('native_dhcp_metadata', True, 'nsx_v3')
cfg.CONF.set_override('metadata_proxy_uuid', metadata_proxy_uuid, 'nsx_v3')
plugin = utils.NsxV3PluginWrapper()
nsx_client = utils.get_nsxv3_client()
port_resource = resources.LogicalPort(nsx_client)
# For each Neutron network, check if it is an internal metadata network.
# If yes, delete the network and associated router interface.
# Otherwise, create a logical switch port with MD-Proxy attachment.
for network in neutron_client.get_networks():
if _is_metadata_network(network):
# It is a metadata network, find the attached router,
# remove the router interface and the network.
filters = {'device_owner': const.ROUTER_INTERFACE_OWNERS,
'fixed_ips': {
'subnet_id': [network['subnets'][0]],
'ip_address': [nsx_rpc.METADATA_GATEWAY_IP]}}
ports = neutron_client.get_ports(filters=filters)
if not ports:
continue
router_id = ports[0]['device_id']
interface = {'subnet_id': network['subnets'][0]}
plugin.remove_router_interface(router_id, interface)
LOG.info(_LI("Removed metadata interface on router %s"), router_id)
plugin.delete_network(network['id'])
LOG.info(_LI("Removed metadata network %s"), network['id'])
else:
lswitch_id = neutron_client.net_id_to_lswitch_id(network['id'])
if not lswitch_id:
continue
tags = nsx_utils.build_v3_tags_payload(
network, resource_type='os-neutron-net-id',
project_name='admin')
name = nsx_utils.get_name_and_uuid('%s-%s' % (
'mdproxy', network['name'] or 'network'), network['id'])
port_resource.create(
lswitch_id, metadata_proxy_uuid, tags=tags, name=name,
attachment_type=nsx_constants.ATTACHMENT_MDPROXY)
LOG.info(_LI("Enabled native metadata proxy for network %s"),
network['id'])
def get_nsx_trust_management(**kwargs):
username, password = None, None
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
username = properties.get('user')
password = properties.get('password')
nsx_client = utils.get_nsxv3_client(username, password, True)
nsx_trust = trust_management.NsxLibTrustManagement(nsx_client, {})
return nsx_trust
def migrate_exclude_ports(resource, event, trigger, **kwargs):
_nsx_client = v3_utils.get_nsxv3_client()
nsxlib = v3_utils.get_connected_nsxlib()
version = nsxlib.get_version()
if not nsx_utils.is_nsx_version_2_0_0(version):
LOG.info("Migration only supported from 2.0 onwards")
LOG.info("Version is %s", version)
return
admin_cxt = neutron_context.get_admin_context()
plugin = PortsPlugin()
_port_client = resources.LogicalPort(_nsx_client)
exclude_list = nsxlib.firewall_section.get_excludelist()
for member in exclude_list['members']:
if member['target_type'] == 'LogicalPort':
port_id = member['target_id']
# Get port
try:
nsx_port = _port_client.get(port_id)
except nsx_exc.ResourceNotFound:
LOG.info("Port %s not found", port_id)
continue
# Validate its a neutron port
is_neutron_port = False
for tag in nsx_port['tags']:
if tag['scope'] == 'os-neutron-port-id':
is_neutron_port = True
neutron_port_id = tag['tag']
break
if not is_neutron_port:
LOG.info("Port %s is not a neutron port", port_id)
continue
# Check if this port exists in the DB
try:
plugin.get_port(admin_cxt, neutron_port_id)
except Exception:
LOG.info("Port %s is not defined in DB", neutron_port_id)
continue
# Update tag for the port
tags_update = [{
'scope': security.PORT_SG_SCOPE,
'tag': nsxlib_consts.EXCLUDE_PORT
}]
_port_client.update(port_id, None, tags_update=tags_update)
# Remove port from the exclude list
nsxlib.firewall_section.remove_member_from_fw_exclude_list(
port_id, nsxlib_consts.TARGET_TYPE_LOGICAL_PORT)
LOG.info("Port %s successfully updated", port_id)
def migrate_exclude_ports(resource, event, trigger, **kwargs):
_nsx_client = v3_utils.get_nsxv3_client()
nsxlib = v3_utils.get_connected_nsxlib()
version = nsxlib.get_version()
if not nsx_utils.is_nsx_version_2_0_0(version):
LOG.info("Migration only supported from 2.0 onwards")
LOG.info("Version is %s", version)
return
admin_cxt = neutron_context.get_admin_context()
plugin = PortsPlugin()
_port_client = resources.LogicalPort(_nsx_client)
exclude_list = nsxlib.firewall_section.get_excludelist()
for member in exclude_list['members']:
if member['target_type'] == 'LogicalPort':
port_id = member['target_id']
# Get port
try:
nsx_port = _port_client.get(port_id)
except nsx_exc.ResourceNotFound:
LOG.info("Port %s not found", port_id)
continue
# Validate its a neutron port
is_neutron_port = False
for tag in nsx_port.get('tags', []):
if tag['scope'] == 'os-neutron-port-id':
is_neutron_port = True
neutron_port_id = tag['tag']
break
if not is_neutron_port:
LOG.info("Port %s is not a neutron port", port_id)
continue
# Check if this port exists in the DB
try:
plugin.get_port(admin_cxt, neutron_port_id)
except Exception:
LOG.info("Port %s is not defined in DB", neutron_port_id)
continue
# Update tag for the port
tags_update = [{'scope': security.PORT_SG_SCOPE,
'tag': nsxlib_consts.EXCLUDE_PORT}]
_port_client.update(port_id, None,
tags_update=tags_update)
# Remove port from the exclude list
nsxlib.firewall_section.remove_member_from_fw_exclude_list(
port_id, nsxlib_consts.TARGET_TYPE_LOGICAL_PORT)
LOG.info("Port %s successfully updated", port_id)
def get_port_and_profile_clients():
_nsx_client = v3_utils.get_nsxv3_client()
return (resources.LogicalPort(_nsx_client),
resources.SwitchingProfile(_nsx_client))
def nsx_update_dhcp_bindings(resource, event, trigger, **kwargs):
"""Resync DHCP bindings for NSXv3 CrossHairs."""
nsx_version = nsxlib.get_version()
if not nsx_utils.is_nsx_version_1_1_0(nsx_version):
LOG.error(_LE("This utility is not available for NSX version %s"),
nsx_version)
return
dhcp_profile_uuid = None
if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
dhcp_profile_uuid = properties.get('dhcp_profile_uuid')
if not dhcp_profile_uuid:
LOG.error(_LE("dhcp_profile_uuid is not defined"))
return
cfg.CONF.set_override('dhcp_agent_notification', False)
cfg.CONF.set_override('native_dhcp_metadata', True, 'nsx_v3')
cfg.CONF.set_override('dhcp_profile', dhcp_profile_uuid, 'nsx_v3')
nsx_client = utils.get_nsxv3_client()
port_resource = resources.LogicalPort(nsx_client)
dhcp_server_resource = resources.LogicalDhcpServer(nsx_client)
port_bindings = {} # lswitch_id: [(port_id, mac, ip), ...]
server_bindings = {} # lswitch_id: dhcp_server_id
ports = neutron_client.get_ports()
for port in ports:
device_owner = port['device_owner']
if (device_owner != const.DEVICE_OWNER_DHCP
and not nsx_utils.is_port_dhcp_configurable(port)):
continue
for fixed_ip in port['fixed_ips']:
if netaddr.IPNetwork(fixed_ip['ip_address']).version == 6:
continue
network_id = port['network_id']
subnet = neutron_client.get_subnet(fixed_ip['subnet_id'])
if device_owner == const.DEVICE_OWNER_DHCP:
# For each DHCP-enabled network, create a logical DHCP server
# and update the attachment type to DHCP on the corresponding
# logical port of the Neutron DHCP port.
network = neutron_client.get_network(port['network_id'])
net_tags = nsxlib.build_v3_tags_payload(
network,
resource_type='os-neutron-net-id',
project_name='admin')
server_data = nsxlib.native_dhcp.build_server_config(
network, subnet, port, net_tags)
server_data['dhcp_profile_id'] = dhcp_profile_uuid
dhcp_server = dhcp_server_resource.create(**server_data)
LOG.info(
_LI("Created logical DHCP server %(server)s for "
"network %(network)s"), {
'server': dhcp_server['id'],
'network': port['network_id']
})
# Add DHCP service binding in neutron DB.
neutron_client.add_dhcp_service_binding(
network['id'], port['id'], dhcp_server['id'])
# Update logical port for DHCP purpose.
lswitch_id, lport_id = (
neutron_client.get_lswitch_and_lport_id(port['id']))
port_resource.update(
lport_id,
dhcp_server['id'],
attachment_type=nsx_constants.ATTACHMENT_DHCP)
server_bindings[lswitch_id] = dhcp_server['id']
LOG.info(
_LI("Updated DHCP logical port %(port)s for "
"network %(network)s"), {
'port': lport_id,
'network': port['network_id']
})
elif subnet['enable_dhcp']:
# Store (mac, ip) binding of each compute port in a
# DHCP-enabled subnet.
lswitch_id = neutron_client.net_id_to_lswitch_id(network_id)
bindings = port_bindings.get(lswitch_id, [])
bindings.append(
(port['id'], port['mac_address'], fixed_ip['ip_address'],
fixed_ip['subnet_id']))
port_bindings[lswitch_id] = bindings
break # process only the first IPv4 address
# Populate mac/IP bindings in each logical DHCP server.
for lswitch_id, bindings in port_bindings.items():
dhcp_server_id = server_bindings.get(lswitch_id)
if not dhcp_server_id:
continue
for (port_id, mac, ip, subnet_id) in bindings:
hostname = 'host-%s' % ip.replace('.', '-')
options = {
'option121': {
'static_routes': [{
'network':
'%s' % cfg.CONF.nsx_v3.native_metadata_route,
'next_hop': ip
}]
}
}
binding = dhcp_server_resource.create_binding(
dhcp_server_id, mac, ip, hostname,
cfg.CONF.nsx_v3.dhcp_lease_time, options)
# Add DHCP static binding in neutron DB.
neutron_client.add_dhcp_static_binding(port_id, subnet_id, ip,
dhcp_server_id,
binding['id'])
LOG.info(
_LI("Added DHCP binding (mac: %(mac)s, ip: %(ip)s) "
"for neutron port %(port)s"), {
'mac': mac,
'ip': ip,
'port': port_id
})
def get_router_client():
_nsx_client = utils.get_nsxv3_client()
return nsx_resources.LogicalRouter(_nsx_client)
