def create_ipsec_site_connection(self, context, ipsec_site_connection): LOG.debug('Creating ipsec site connection %(conn_info)s.', {"conn_info": ipsec_site_connection}) new_ipsec = self._convert_ipsec_conn(context, ipsec_site_connection) vpnservice_id = ipsec_site_connection['vpnservice_id'] edge_id = self._get_router_edge_id(context, vpnservice_id)[1] with locking.LockManager.get_lock(edge_id): vse_sites = self._generate_new_sites(edge_id, new_ipsec) ipsec_id = ipsec_site_connection["id"] try: LOG.debug('Updating ipsec vpn configuration %(vse_sites)s.', {'vse_sites': vse_sites}) self._update_ipsec_config(edge_id, vse_sites, enabled=True) except vcns_exc.VcnsApiException: self._update_status(context, vpnservice_id, ipsec_id, "ERROR") msg = (_("Failed to create ipsec site connection " "configuration with %(edge_id)s.") % { 'edge_id': edge_id }) raise nsxv_exc.NsxPluginException(err_msg=msg) LOG.debug('Updating ipsec vpn firewall') try: self._update_firewall_rules(context, vpnservice_id) except vcns_exc.VcnsApiException: self._update_status(context, vpnservice_id, ipsec_id, "ERROR") msg = (_("Failed to update firewall rule for ipsec vpn " "with %(edge_id)s.") % { 'edge_id': edge_id }) raise nsxv_exc.NsxPluginException(err_msg=msg) self._update_status(context, vpnservice_id, ipsec_id, "ACTIVE")
def update_lrouter_port_ips(cluster, lrouter_id, lport_id, ips_to_add, ips_to_remove): uri = nsxlib._build_uri_path(LROUTERPORT_RESOURCE, lport_id, lrouter_id) try: port = nsxlib.do_request(HTTP_GET, uri, cluster=cluster) # TODO(salvatore-orlando): Enforce ips_to_add intersection with # ips_to_remove is empty ip_address_set = set(port['ip_addresses']) ip_address_set = ip_address_set - set(ips_to_remove) ip_address_set = ip_address_set | set(ips_to_add) # Set is not JSON serializable - convert to list port['ip_addresses'] = list(ip_address_set) nsxlib.do_request(HTTP_PUT, uri, jsonutils.dumps(port), cluster=cluster) except exception.NotFound: # FIXME(salv-orlando):avoid raising different exception data = {'lport_id': lport_id, 'lrouter_id': lrouter_id} msg = (_("Router Port %(lport_id)s not found on router " "%(lrouter_id)s") % data) LOG.exception(msg) raise nsx_exc.NsxPluginException(err_msg=msg) except api_exc.NsxApiException as e: msg = _("An exception occurred while updating IP addresses on a " "router logical port:%s") % e LOG.exception(msg) raise nsx_exc.NsxPluginException(err_msg=msg)
def _get_proxy_edges(self, context): proxy_edge_ips = [] db_edge_ips = get_db_internal_edge_ips(context, self.az.name) if len(db_edge_ips) > len(self.az.mgt_net_proxy_ips): error = (_('Number of configured metadata proxy IPs is smaller ' 'than number of Edges which are already provisioned ' 'for availability zone %s'), self.az.name) raise nsxv_exc.NsxPluginException(err_msg=error) pool = eventlet.GreenPool(min(MAX_INIT_THREADS, len(self.az.mgt_net_proxy_ips))) # Edge IPs that exist in both lists have to be validated that their # Edge appliance settings are valid for edge_inner_ip in pool.imap( self._setup_proxy_edge_route_and_connectivity, list(set(db_edge_ips) & set(self.az.mgt_net_proxy_ips))): proxy_edge_ips.append(edge_inner_ip) # Edges that exist only in the CFG list, should be paired with Edges # that exist only in the DB list. The existing Edge from the list will # be reconfigured to match the new config edge_to_convert_ips = ( list(set(db_edge_ips) - set(self.az.mgt_net_proxy_ips))) edge_ip_to_set = ( list(set(self.az.mgt_net_proxy_ips) - set(db_edge_ips))) if edge_to_convert_ips: if cfg.CONF.nsxv.metadata_initializer: for edge_inner_ip in pool.imap( self._setup_proxy_edge_external_interface_ip, zip(edge_to_convert_ips, edge_ip_to_set)): proxy_edge_ips.append(edge_inner_ip) else: error = _('Metadata initialization is incomplete on ' 'initializer node') raise nsxv_exc.NsxPluginException(err_msg=error) # Edges that exist in the CFG list but do not have a matching DB # element will be created. remaining_cfg_ips = edge_ip_to_set[len(edge_to_convert_ips):] if remaining_cfg_ips: if cfg.CONF.nsxv.metadata_initializer: for edge_inner_ip in pool.imap( self._setup_new_proxy_edge, remaining_cfg_ips): proxy_edge_ips.append(edge_inner_ip) pool.waitall() else: error = _('Metadata initialization is incomplete on ' 'initializer node') raise nsxv_exc.NsxPluginException(err_msg=error) return proxy_edge_ips
def validate_nsxv_config_options(): if (cfg.CONF.nsxv.manager_uri is None or cfg.CONF.nsxv.user is None or cfg.CONF.nsxv.password is None): error = _("manager_uri, user, and password must be configured!") raise nsx_exc.NsxPluginException(err_msg=error) if cfg.CONF.nsxv.dvs_id is None: LOG.warning(_LW("dvs_id must be configured to support VLANs!")) if cfg.CONF.nsxv.vdn_scope_id is None: LOG.warning(_LW("vdn_scope_id must be configured to support VXLANs!")) if cfg.CONF.nsxv.use_dvs_features and not dvs_utils.dvs_is_enabled(): error = _("dvs host/vcenter credentials must be defined to use " "dvs features") raise nsx_exc.NsxPluginException(err_msg=error)
def _create_ssl_cert(self, edge_id=None): # Create a self signed certificate in the backend if both Cert details # and private key are not supplied in nsx.ini if (not cfg.CONF.nsxv.metadata_nova_client_cert and not cfg.CONF.nsxv.metadata_nova_client_priv_key): h = self.nsxv_plugin.nsx_v.vcns.create_csr(edge_id)[0] # Extract the CSR ID from header csr_id = lbaas_common.extract_resource_id(h['location']) # Create a self signed certificate cert = self.nsxv_plugin.nsx_v.vcns.create_csr_cert(csr_id)[1] cert_id = cert['objectId'] else: # Raise an error if either the Cert path or the private key is not # configured error = None if not cfg.CONF.nsxv.metadata_nova_client_cert: error = _('Metadata certificate path not configured') elif not cfg.CONF.nsxv.metadata_nova_client_priv_key: error = _('Metadata client private key not configured') if error: raise nsxv_exc.NsxPluginException(err_msg=error) pem_encoding = utils.read_file( cfg.CONF.nsxv.metadata_nova_client_cert) priv_key = utils.read_file( cfg.CONF.nsxv.metadata_nova_client_priv_key) request = { 'pemEncoding': pem_encoding, 'privateKey': priv_key} cert = self.nsxv_plugin.nsx_v.vcns.upload_edge_certificate( edge_id, request)[1] cert_id = cert.get('certificates')[0]['objectId'] return cert_id
def _get_edge_id_or_raise(self, context, router_id): edge_id = edge_utils.get_router_edge_id(context, router_id) if not edge_id: error = (_("Failed to get router %(rid)s edge Id") % {'rid': router_id}) raise nsxv_exc.NsxPluginException(err_msg=error) return edge_id
def delete_nsxv_edge_firewallrule_binding(session, id): with session.begin(subtransactions=True): if not (session.query( nsxv_models.NsxvEdgeFirewallRuleBinding).filter_by( rule_id=id).delete()): msg = _("Rule Resource binding with id:%s not found!") % id raise nsx_exc.NsxPluginException(err_msg=msg)
def lsn_metadata_configure(self, context, subnet_id, is_enabled): """Configure metadata service for the specified subnet.""" subnet = self.plugin.get_subnet(context, subnet_id) network_id = subnet['network_id'] meta_conf = cfg.CONF.NSX_METADATA metadata_options = { 'metadata_server_ip': meta_conf.metadata_server_address, 'metadata_server_port': meta_conf.metadata_server_port, 'metadata_proxy_shared_secret': meta_conf.metadata_shared_secret } try: lsn_id = self.lsn_get(context, network_id) lsn_api.lsn_metadata_configure( self.cluster, lsn_id, is_enabled, metadata_options) except (p_exc.LsnNotFound, api_exc.NsxApiException): err_msg = (_('Unable to configure metadata ' 'for subnet %s') % subnet_id) LOG.error(err_msg) raise p_exc.NsxPluginException(err_msg=err_msg) if is_enabled: try: # test that the lsn port exists self.lsn_port_get(context, network_id, subnet_id) except p_exc.LsnPortNotFound: # this might happen if subnet had dhcp off when created # so create one, and wire it self.lsn_port_metadata_setup(context, lsn_id, subnet) else: self.lsn_port_dispose(context, network_id, const.METADATA_MAC)
def __init__(self, plugin, cluster, state_sync_interval, req_delay, min_chunk_size, max_rand_delay=0, initial_delay=5): random.seed() self._nsx_cache = NsxCache() # Store parameters as instance members # NOTE(salv-orlando): apologies if it looks java-ish self._plugin = plugin self._cluster = cluster self._req_delay = req_delay self._sync_interval = state_sync_interval self._max_rand_delay = max_rand_delay # Validate parameters if self._sync_interval < self._req_delay: err_msg = (_("Minimum request delay:%(req_delay)s must not " "exceed synchronization interval:%(sync_interval)s") % {'req_delay': self._req_delay, 'sync_interval': self._sync_interval}) LOG.error(err_msg) raise nsx_exc.NsxPluginException(err_msg=err_msg) # Backoff time in case of failures while fetching sync data self._sync_backoff = 1 # Store the looping call in an instance variable to allow unit tests # for controlling its lifecycle self._sync_looping_call = _start_loopingcall( min_chunk_size, state_sync_interval, self._synchronize_state, initial_delay=initial_delay)
def _create_local_endpoint(self, context, local_addr, nsx_service_id, router_id, project_id): """Creating an NSX local endpoint for a logical router This endpoint can be reused by other connections, and will be deleted when the router is deleted or gateway is removed """ # Add the neutron router-id to the tags to help search later tags = self._nsxlib.build_v3_tags_payload( { 'id': router_id, 'project_id': project_id }, resource_type='os-neutron-router-id', project_name=context.tenant_name) try: local_endpoint = self._nsx_vpn.local_endpoint.create( 'Local endpoint for OS VPNaaS', local_addr, nsx_service_id, tags=tags) except nsx_lib_exc.ManagerError as e: msg = _("Failed to create a local endpoint: %s") % e raise nsx_exc.NsxPluginException(err_msg=msg) return local_endpoint['id']
def get_plugin_type_from_project(self, context, project_id): """Get the correct plugin type for this project. Look for the project in the DB. If not there - add an entry with the default plugin """ plugin_type = self.default_plugin if not project_id: # if the project_id is empty - return the default one and do not # add to db (used by admin context to get actions) return plugin_type mapping = nsx_db.get_project_plugin_mapping( context.session, project_id) if mapping: plugin_type = mapping['plugin'] else: # add a new entry with the default plugin try: self.create_project_plugin_map( context, {'project_plugin_map': {'plugin': plugin_type, 'project': project_id}}, internal=True) except projectpluginmap.ProjectPluginAlreadyExists: # Maybe added by another thread pass if not self.plugins.get(plugin_type): msg = (_("Cannot use unsupported plugin %(plugin)s for project " "%(project)s") % {'plugin': plugin_type, 'project': project_id}) raise nsx_exc.NsxPluginException(err_msg=msg) LOG.debug("Using %s plugin for project %s", plugin_type, project_id) return plugin_type
def setup_dhcpmeta_access(self): """Initialize support for DHCP and Metadata services.""" self._init_extensions() if cfg.CONF.NSX.agent_mode == config.AgentModes.AGENT: self._setup_rpc_dhcp_metadata() mod = nsx_rpc elif cfg.CONF.NSX.agent_mode == config.AgentModes.AGENTLESS: self._setup_nsx_dhcp_metadata() mod = nsx_svc elif cfg.CONF.NSX.agent_mode == config.AgentModes.COMBINED: notifier = self._setup_nsx_dhcp_metadata() self._setup_rpc_dhcp_metadata(notifier=notifier) mod = combined else: error = _("Invalid agent_mode: %s") % cfg.CONF.NSX.agent_mode LOG.error(error) raise nsx_exc.NsxPluginException(err_msg=error) self.handle_network_dhcp_access_delegate = ( mod.handle_network_dhcp_access ) self.handle_port_dhcp_access_delegate = ( mod.handle_port_dhcp_access ) self.handle_port_metadata_access_delegate = ( mod.handle_port_metadata_access ) self.handle_metadata_access_delegate = ( mod.handle_router_metadata_access )
def _create_ipsec_profile(self, context, connection): """Create an ipsec profile for a connection""" # Note(asarfaty) the NSX profile can be reused, so we can consider # creating it only once in the future, and keeping a use-count for it. # There is no driver callback for profiles creation so it has to be # done on connection creation. ipsec_policy_id = connection['ipsecpolicy_id'] ipsecpolicy = self.vpn_plugin.get_ipsecpolicy(context, ipsec_policy_id) try: profile = self._nsx_vpn.tunnel_profile.create( ipsecpolicy['name'] or ipsecpolicy['id'], description=ipsecpolicy['description'], encryption_algorithm=ipsec_utils.ENCRYPTION_ALGORITHM_MAP[ ipsecpolicy['encryption_algorithm']], digest_algorithm=ipsec_utils.AUTH_ALGORITHM_MAP[ ipsecpolicy['auth_algorithm']], dh_group=ipsec_utils.PFS_MAP[ipsecpolicy['pfs']], pfs=True, sa_life_time=ipsecpolicy['lifetime']['value'], tags=self._nsx_tags(context, connection)) except nsx_lib_exc.ManagerError as e: msg = _("Failed to create a tunnel profile: %s") % e raise nsx_exc.NsxPluginException(err_msg=msg) return profile['id']
def lsn_create(self, context, network_id): """Create a LSN associated to the network.""" try: return lsn_api.lsn_for_network_create(self.cluster, network_id) except api_exc.NsxApiException: err_msg = _('Unable to create LSN for network %s') % network_id raise p_exc.NsxPluginException(err_msg=err_msg)
def lsn_port_dhcp_configure(self, context, lsn_id, lsn_port_id, subnet): """Enable/disable dhcp services with the given config options.""" is_enabled = subnet["enable_dhcp"] dhcp_options = { "domain_name": cfg.CONF.NSX_DHCP.domain_name, "default_lease_time": cfg.CONF.NSX_DHCP.default_lease_time, } dns_servers = cfg.CONF.NSX_DHCP.extra_domain_name_servers or [] dns_servers.extend(subnet["dns_nameservers"]) if subnet['gateway_ip']: dhcp_options["routers"] = subnet["gateway_ip"] if dns_servers: dhcp_options["domain_name_servers"] = ",".join(dns_servers) if subnet["host_routes"]: dhcp_options["classless_static_routes"] = ( ",".join(subnet["host_routes"]) ) try: lsn_api.lsn_port_dhcp_configure( self.cluster, lsn_id, lsn_port_id, is_enabled, dhcp_options) except (n_exc.NotFound, api_exc.NsxApiException): err_msg = (_('Unable to configure dhcp for Logical Service ' 'Node %(lsn_id)s and port %(lsn_port_id)s') % {'lsn_id': lsn_id, 'lsn_port_id': lsn_port_id}) LOG.error(err_msg) raise p_exc.NsxPluginException(err_msg=err_msg)
def allocate_edge_vnic_with_tunnel_index(session, edge_id, network_id, availability_zone): """Allocate an available edge vnic with tunnel index to network.""" # TODO(berlin): temporary solution to let metadata and dhcp use # different vnics int_net = get_nsxv_internal_network( session, constants.InternalEdgePurposes.INTER_EDGE_PURPOSE, availability_zone) metadata_net_id = int_net['network_id'] if int_net else None with session.begin(subtransactions=True): query = session.query(nsxv_models.NsxvEdgeVnicBinding) query = query.filter( nsxv_models.NsxvEdgeVnicBinding.edge_id == edge_id, nsxv_models.NsxvEdgeVnicBinding.network_id == expr.null()) if metadata_net_id: vnic_binding = get_edge_vnic_binding( session, edge_id, metadata_net_id) if vnic_binding: vnic_index = vnic_binding.vnic_index query = query.filter( nsxv_models.NsxvEdgeVnicBinding.vnic_index != vnic_index) binding = query.first() if not binding: msg = (_("Failed to allocate one available vnic on edge_id: " ":%(edge_id)s to network_id: %(network_id)s") % {'edge_id': edge_id, 'network_id': network_id}) LOG.error(msg) raise nsx_exc.NsxPluginException(err_msg=msg) binding['network_id'] = network_id session.add(binding) return binding
def __init__(self): LOG.info(_LI("Loading VMware NSX-V Qos Service Plugin")) super(NsxVQosPlugin, self).__init__() if not cfg.CONF.nsxv.use_dvs_features: error = _("Cannot use the NSX-V QoS plugin without " "enabling the dvs features") raise nsx_exc.NsxPluginException(err_msg=error)
def update_ipsec_site_connection(self, context, old_ipsec_conn, ipsec_site_connection): LOG.debug('Updating ipsec site connection %(site)s.', {"site": ipsec_site_connection}) vpnservice_id = old_ipsec_conn['vpnservice_id'] ipsec_id = old_ipsec_conn['id'] edge_id = self._get_router_edge_id(context, vpnservice_id)[1] with locking.LockManager.get_lock(edge_id): vse_sites = self._update_site_dict(context, edge_id, old_ipsec_conn, ipsec_site_connection) if not vse_sites: self._update_status(context, vpnservice_id, ipsec_id, "ERROR") LOG.error( "Failed to find ipsec_site_connection " "%(ipsec_site_conn)s with %(edge_id)s.", { 'ipsec_site_conn': ipsec_site_connection, 'edge_id': edge_id }) raise nsxv_exc.NsxIPsecVpnMappingNotFound(conn=ipsec_id) try: LOG.debug('Updating ipsec vpn configuration %(vse_sites)s.', {'vse_sites': vse_sites}) self._update_ipsec_config(edge_id, vse_sites) except vcns_exc.VcnsApiException: self._update_status(context, vpnservice_id, ipsec_id, "ERROR") msg = (_("Failed to create ipsec site connection " "configuration with %(edge_id)s.") % { 'edge_id': edge_id }) raise nsxv_exc.NsxPluginException(err_msg=msg) if 'peer_cidrs' in ipsec_site_connection: # Update firewall old_ipsec_conn['peer_cidrs'] = ( ipsec_site_connection['peer_cidrs']) try: self._update_firewall_rules(context, vpnservice_id) except vcns_exc.VcnsApiException: self._update_status(context, vpnservice_id, ipsec_id, "ERROR") msg = (_("Failed to update firewall rule for ipsec " "vpn with %(edge_id)s.") % { 'edge_id': edge_id }) raise nsxv_exc.NsxPluginException(err_msg=msg)
def init_availability_zones(self): # Make sure there are no overlaps between v/t availability zones if (self.plugins.get(projectpluginmap.NsxPlugins.NSX_V) and self.plugins.get(projectpluginmap.NsxPlugins.NSX_T) and bool(set(cfg.CONF.nsxv.availability_zones) & set(cfg.CONF.nsx_v3.availability_zones))): msg = _("Cannot use the same availability zones in NSX-V and T") raise nsx_exc.NsxPluginException(err_msg=msg)
def lsn_save(self, context, network_id, lsn_id): """Save LSN-Network mapping to the DB.""" try: lsn_db.lsn_add(context, network_id, lsn_id) except db_exc.DBError: err_msg = _('Unable to save LSN for network %s') % network_id LOG.exception(err_msg) raise p_exc.NsxPluginException(err_msg=err_msg)
def get_nsxv_edge_firewallrule_binding_by_vseid(session, edge_id, rule_vseid): with session.begin(subtransactions=True): try: return (session.query( nsxv_models.NsxvEdgeFirewallRuleBinding).filter_by( edge_id=edge_id, rule_vse_id=rule_vseid).one()) except exc.NoResultFound: msg = _("Rule Resource binding not found!") raise nsx_exc.NsxPluginException(err_msg=msg)
def create(self, context, pool, completor): lb_id = pool['loadbalancer_id'] pool_client = self.core_plugin.nsxlib.load_balancer.pool pool_name = utils.get_name_and_uuid(pool['name'] or 'pool', pool['id']) tags = self._get_pool_tags(context, pool) description = pool.get('description') lb_algorithm = lb_const.LB_POOL_ALGORITHM_MAP.get(pool['lb_algorithm']) if pool.get('listeners') and len(pool['listeners']) > 1: completor(success=False) msg = (_('Failed to create pool: Multiple listeners are not ' 'supported.')) raise n_exc.BadRequest(resource='lbaas-pool', msg=msg) # NOTE(salv-orlando): Guard against accidental compat breakages try: listener = pool['listener'] or pool['listeners'][0] except IndexError: # If listeners is an empty list we hit this exception listener = None # Perform additional validation for session persistence before # creating resources in the backend lb_common.validate_session_persistence(pool, listener, completor) try: kwargs = self._get_pool_kwargs(pool_name, tags, lb_algorithm, description) lb_pool = pool_client.create(**kwargs) nsx_db.add_nsx_lbaas_pool_binding(context.session, lb_id, pool['id'], lb_pool['id']) except nsxlib_exc.ManagerError: completor(success=False) msg = (_('Failed to create pool on NSX backend: %(pool)s') % { 'pool': pool['id'] }) raise n_exc.BadRequest(resource='lbaas-pool', msg=msg) # The pool object can be created with either --listener or # --loadbalancer option. If listener is present, the virtual server # will be updated with the pool. Otherwise, just return. The binding # will be added later when the pool is associated with layer7 rule. # FIXME(salv-orlando): This two-step process can leave a zombie pool on # NSX if the VS update operation fails if listener: listener_id = listener['id'] binding = nsx_db.get_nsx_lbaas_listener_binding( context.session, lb_id, listener_id) if binding: vs_id = binding['lb_vs_id'] self._process_vs_update(context, pool, listener, lb_pool['id'], vs_id, completor) nsx_db.update_nsx_lbaas_pool_binding(context.session, lb_id, pool['id'], vs_id) else: completor(success=False) msg = (_("Couldn't find binding on the listener: %s") % listener['id']) raise nsx_exc.NsxPluginException(err_msg=msg) completor(success=True)
def lsn_port_save(self, context, lsn_port_id, subnet_id, mac_addr, lsn_id): """Save LSN Port information to the DB.""" try: lsn_db.lsn_port_add_for_lsn( context, lsn_port_id, subnet_id, mac_addr, lsn_id) except db_exc.DBError: err_msg = _('Unable to save LSN port for subnet %s') % subnet_id LOG.exception(err_msg) raise p_exc.NsxPluginException(err_msg=err_msg)
def lsn_port_create(self, context, lsn_id, subnet_info): """Create and return LSN port for associated subnet.""" try: return lsn_api.lsn_port_create(self.cluster, lsn_id, subnet_info) except n_exc.NotFound: raise p_exc.LsnNotFound(entity='', entity_id=lsn_id) except api_exc.NsxApiException: err_msg = _('Unable to create port for LSN %s') % lsn_id raise p_exc.NsxPluginException(err_msg=err_msg)
def _update_ipsec_config(self, edge_id, sites, enabled=True): ipsec_config = {'featureType': "ipsec_4.0", 'enabled': enabled} ipsec_config['sites'] = {'sites': sites} try: self._vcns.update_ipsec_config(edge_id, ipsec_config) except vcns_exc.VcnsApiException: msg = _("Failed to update ipsec vpn configuration with " "edge_id: %s") % edge_id raise nsxv_exc.NsxPluginException(err_msg=msg)
def _get_driver_for_project(self, project): plugin_type = tvd_utils.get_tvd_plugin_type_for_project(project) if not self.drivers.get(plugin_type): msg = (_("Project %(project)s with plugin %(plugin)s has no " "support for VPNaaS"), { 'project': project, 'plugin': plugin_type }) raise nsx_exc.NsxPluginException(err_msg=msg) return self.drivers[plugin_type]
def _get_internal_network_and_subnet(self, context): # Try to find internal net, internal subnet. If not found, create new internal_net = self._get_internal_net_by_az(context) internal_subnet = None if internal_net: internal_subnet = self.nsxv_plugin.get_subnets( context, fields=['id'], filters={'network_id': [internal_net]})[0]['id'] if internal_net is None or internal_subnet is None: if cfg.CONF.nsxv.metadata_initializer: # Couldn't find net, subnet - create new try: internal_net, internal_subnet = ( self._create_metadata_internal_network( context, INTERNAL_SUBNET)) except Exception as e: nsxv_db.delete_nsxv_internal_network( context.session, vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE, internal_net) # if network is created, clean up if internal_net: self.nsxv_plugin.delete_network(context, internal_net) error = (_("Exception %s while creating internal " "network for metadata service") % e) LOG.exception(error) raise nsxv_exc.NsxPluginException(err_msg=error) # Update the new network_id in DB nsxv_db.create_nsxv_internal_network( context.session, nsxv_constants.INTER_EDGE_PURPOSE, self.az.name, internal_net) else: error = _('Metadata initialization is incomplete on ' 'initializer node') raise nsxv_exc.NsxPluginException(err_msg=error) return internal_net, internal_subnet
def _find_vpn_service(self, tier0_uuid): # find the service for the tier0 router in the NSX. # Note(asarfaty) we expect only a small number of services services = self._nsx_vpn.service.list()['results'] for srv in services: if srv['logical_router_id'] == tier0_uuid: # if it exists but disabled: issue an error if not srv.get('enabled', True): msg = _("NSX vpn service %s must be enabled") % srv['id'] raise nsx_exc.NsxPluginException(err_msg=msg) return srv['id']
def _create_vpn_service(self, tier0_uuid): try: service = self._nsx_vpn.service.create( 'Neutron VPN service for T0 router ' + tier0_uuid, tier0_uuid, enabled=True, ike_log_level=ipsec_utils.DEFAULT_LOG_LEVEL, tags=self._nsx_tags_for_reused()) except nsx_lib_exc.ManagerError as e: msg = _("Failed to create vpn service: %s") % e raise nsx_exc.NsxPluginException(err_msg=msg) return service['id']
def _check_services_requirements(self): try: error = None nsx_svc.check_services_requirements(self.cluster) except nsx_exc.InvalidVersion: error = _("Unable to run Neutron with config option '%s', as NSX " "does not support it") % cfg.CONF.NSX.agent_mode except nsx_exc.ServiceClusterUnavailable: error = _("Unmet dependency for config option " "'%s'") % cfg.CONF.NSX.agent_mode if error: LOG.error(error) raise nsx_exc.NsxPluginException(err_msg=error)