def _remove_router_services_on_edge(self, context, router_id, intf_net_id=None): router_ids = self.edge_manager.get_routers_on_same_edge( context, router_id) router_ids.remove(router_id) # Refresh firewall, nats, ext_vnic as well as static routes self._update_routes_on_routers(context, router_id, router_ids, only_if_target_routes=True) self._update_subnets_and_dnat_firewall_on_routers(context, router_id, router_ids, allow_external=True) self._update_nat_rules_on_routers(context, router_id, router_ids) self._update_external_interface_on_routers(context, router_id, router_ids) intf_net_ids = (self.plugin._get_internal_network_ids_by_router( context, router_id)) if intf_net_id: intf_net_ids.remove(intf_net_id) for net_id in intf_net_ids: edge_utils.delete_interface(self.nsx_v, context, router_id, net_id)
def remove_router_interface(self, context, router_id, interface_info): edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock(str(edge_id)): info = super(nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] router_ids = self.edge_manager.get_routers_on_same_edge( context, router_id) self._update_nat_rules_on_routers(context, router_id, router_ids) self._update_subnets_and_dnat_firewall_on_routers( context, router_id, router_ids, allow_external=True) ports = self.plugin._get_router_interface_ports_by_network( context, router_id, network_id) if not ports: edge_utils.delete_interface(self.nsx_v, context, router_id, network_id) # unbind all services if no interfaces attached to the router if not self.plugin._get_internal_network_ids_by_router( context, router_id): self._remove_router_services_on_edge(context, router_id) self._unbind_router_on_edge(context, router_id) else: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface(self.nsx_v, context, router_id, network_id, address_groups) return info
def remove_router_interface(self, context, router_id, interface_info): info = super(nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) router_db = self.plugin._get_router(context, router_id) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] with locking.LockManager.get_lock(self._get_edge_id(context, router_id)): if router_db.gw_port and router_db.enable_snat: plr_id = self.edge_manager.get_plr_by_tlr_id( context, router_id) self.plugin._update_nat_rules(context, router_db, plr_id) # Open firewall flows on plr self.plugin._update_subnets_and_dnat_firewall( context, router_db, router_id=plr_id) # Update static routes of plr nexthop = self.plugin._get_external_attachment_info( context, router_db)[2] self._update_routes(context, router_id, nexthop) self.plugin._update_subnets_and_dnat_firewall(context, router_db) # Safely remove interface, VDR can have interface to only one # subnet in a given network. edge_utils.delete_interface( self.nsx_v, context, router_id, network_id, dist=True) return info
def remove_router_interface(self, context, router_id, interface_info): edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock(str(edge_id)): info = super( nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] router_ids = self.edge_manager.get_routers_on_same_edge( context, router_id) self._update_nat_rules_on_routers(context, router_id, router_ids) self._update_subnets_and_dnat_firewall_on_routers( context, router_id, router_ids, allow_external=True) ports = self.plugin._get_router_interface_ports_by_network( context, router_id, network_id) if not ports: edge_utils.delete_interface(self.nsx_v, context, router_id, network_id) # unbind all services if no interfaces attached to the router if not self.plugin._get_internal_network_ids_by_router( context, router_id): self._remove_router_services_on_edge(context, router_id) self._unbind_router_on_edge(context, router_id) else: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface( self.nsx_v, context, router_id, network_id, address_groups) return info
def delete_lb_interface(context, plugin, lb_id, subnet_id): resource_id = get_lb_edge_name(context, lb_id) subnet = plugin.get_subnet(context, subnet_id) network_id = subnet.get('network_id') lb_ports = get_lb_interface(context, plugin, lb_id, subnet_id) for lb_port in lb_ports: plugin.delete_port(context, lb_port['id']) edge_utils.delete_interface(plugin.nsx_v, context, resource_id, network_id, dist=False)
def remove_router_interface(self, context, router_id, interface_info): # If a loadbalancer is attached to this Edge appliance, we cannot # detach the subnet from the exclusive router. subnet = interface_info.get('subnet_id') if not subnet and interface_info.get('port_id'): port = self.plugin.get_port(context, interface_info['port_id']) port_subnets = [ fixed_ip['subnet_id'] for fixed_ip in port.get('fixed_ips', []) ] subnet = port_subnets[0] if subnet and self._check_lb_on_subnet(context, subnet): error = _('Cannot delete router %(rtr)s interface while ' 'loadbalancers are provisioned on attached ' 'subnet %(subnet)s') % { 'rtr': router_id, 'subnet': subnet } raise nsxv_exc.NsxPluginException(err_msg=error) info = super(nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) router_db = self.plugin._get_router(context, router_id) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] with locking.LockManager.get_lock( self._get_router_edge_id(context, router_id)): if router_db.gw_port and router_db.enable_snat: # First update nat rules self.plugin._update_nat_rules(context, router_db) ports = self.plugin._get_router_interface_ports_by_network( context, router_id, network_id) self.plugin._update_subnets_and_dnat_firewall(context, router_db) # No subnet on the network connects to the edge vnic if not ports: edge_utils.delete_interface(self.nsx_v, context, router_id, network_id, dist=False) else: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface(self.nsx_v, context, router_id, network_id, address_groups) return info
def remove_router_interface(self, context, router_id, interface_info): info = super(nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) router_db = self.plugin._get_router(context, router_id) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] vdr_dhcp_binding = nsxv_db.get_vdr_dhcp_binding_by_vdr( context.session, router_id) sids = self.plugin.get_subnets(context, filters={'network_id': [network_id], 'enable_dhcp': [True]}, fields=['id']) is_dhcp_network = len(sids) > 0 with locking.LockManager.get_lock(self._get_edge_id(context, router_id)): if router_db.gw_port and router_db.enable_snat: plr_id = self.edge_manager.get_plr_by_tlr_id( context, router_id) self.plugin._update_nat_rules(context, router_db, plr_id) # Open firewall flows on plr self.plugin._update_subnets_and_dnat_firewall( context, router_db, router_id=plr_id) # Update static routes of plr nexthop = self.plugin._get_external_attachment_info( context, router_db)[2] md_gw_data = self._get_metadata_gw_data(context, router_id) self._update_routes(context, router_id, nexthop, md_gw_data) # If DHCP is disabled, this remove cannot trigger metadata change # as metadata is served via DHCP Edge elif (is_dhcp_network and self.plugin.metadata_proxy_handler): md_gw_data = self._get_metadata_gw_data(context, router_id) if self._metadata_cfg_required_after_port_remove( context, router_id, subnet): self._metadata_route_update(context, router_id) self.plugin._update_subnets_and_dnat_firewall(context, router_db) # Safly remove interface, VDR can have interface to only one subnet # in a given network. edge_utils.delete_interface( self.nsx_v, context, router_id, network_id, dist=True) if self.plugin.metadata_proxy_handler and subnet['enable_dhcp']: self._attach_network_to_regular_dhcp( context, router_id, network_id, subnet, vdr_dhcp_binding) return info
def remove_router_interface(self, context, router_id, interface_info): # If a loadbalancer is attached to this Edge appliance, we cannot # detach the subnet from the exclusive router. subnet = interface_info.get('subnet_id') if not subnet and interface_info.get('port_id'): port = self.plugin.get_port(context, interface_info['port_id']) port_subnets = [ fixed_ip['subnet_id'] for fixed_ip in port.get( 'fixed_ips', [])] subnet = port_subnets[0] if subnet and self._check_lb_on_subnet(context, subnet, router_id): error = _('Cannot delete router %(rtr)s interface while ' 'loadbalancers are provisioned on attached ' 'subnet %(subnet)s') % {'rtr': router_id, 'subnet': subnet} raise nsxv_exc.NsxPluginException(err_msg=error) info = super(nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) router_db = self.plugin._get_router(context, router_id) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] with locking.LockManager.get_lock( self._get_router_edge_id(context, router_id)): if router_db.gw_port and router_db.enable_snat: # First update nat rules self.plugin._update_nat_rules(context, router_db) ports = self.plugin._get_router_interface_ports_by_network( context, router_id, network_id) self.plugin._update_subnets_and_dnat_firewall(context, router_db) # No subnet on the network connects to the edge vnic if not ports: edge_utils.delete_interface(self.nsx_v, context, router_id, network_id, dist=False) else: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface(self.nsx_v, context, router_id, network_id, address_groups) return info
def _remove_router_services_on_edge(self, context, router_id, intf_net_id=None): router_ids = self.edge_manager.get_routers_on_same_edge( context, router_id) router_ids.remove(router_id) # Refresh firewall, nats, ext_vnic as well as static routes self._update_routes_on_routers(context, router_id, router_ids, only_if_target_routes=True) self._update_subnets_and_dnat_firewall_on_routers( context, router_id, router_ids, allow_external=True) self._update_nat_rules_on_routers(context, router_id, router_ids) self._update_external_interface_on_routers( context, router_id, router_ids) intf_net_ids = ( self.plugin._get_internal_network_ids_by_router(context, router_id)) if intf_net_id: intf_net_ids.remove(intf_net_id) for net_id in intf_net_ids: edge_utils.delete_interface(self.nsx_v, context, router_id, net_id)
def _safe_remove_router_interface(self, context, router_id, interface_info): edge_id = edge_utils.get_router_edge_id(context, router_id) with locking.LockManager.get_lock('nsx-shared-router-pool'): info = super( nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] ports = self.plugin._get_router_interface_ports_by_network( context, router_id, network_id) connected_networks = ( self.plugin._get_internal_network_ids_by_router(context, router_id)) if not ports and not connected_networks: router = self.plugin._get_router(context, router_id) self._notify_before_router_edge_association(context, router) with locking.LockManager.get_lock(str(edge_id)): router_ids = self.edge_manager.get_routers_on_same_edge( context, router_id) self._update_nat_rules_on_routers(context, router_id, router_ids) self._update_subnets_and_dnat_firewall_on_routers( context, router_id, router_ids, allow_external=True) if not ports: edge_utils.delete_interface(self.nsx_v, context, router_id, network_id) # unbind all services if no interfaces attached to the # router if not connected_networks: self._remove_router_services_on_edge(context, router_id) self._unbind_router_on_edge(context, router_id) else: address_groups = self.plugin._get_address_groups( context, router_id, network_id) edge_utils.update_internal_interface(self.nsx_v, context, router_id, network_id, address_groups) return info
def remove_router_interface(self, context, router_id, interface_info): info = super(nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) router_db = self.plugin._get_router(context, router_id) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] with locking.LockManager.get_lock(self._get_edge_id(context, router_id)): if router_db.gw_port and router_db.enable_snat: plr_id = self.edge_manager.get_plr_by_tlr_id( context, router_id) self.plugin._update_nat_rules(context, router_db, plr_id) # Open firewall flows on plr self.plugin._update_subnets_and_dnat_firewall( context, router_db, router_id=plr_id) # Update static routes of plr nexthop = self.plugin._get_external_attachment_info( context, router_db)[2] md_gw_data = self._get_metadata_gw_data(context, router_id) self._update_routes(context, router_id, nexthop, md_gw_data) if (subnet['enable_dhcp'] and self.plugin.metadata_proxy_handler and not md_gw_data): # No more DHCP interfaces on VDR. Remove DHCP binding nsxv_db.delete_vdr_dhcp_binding(context.session, router_id) # If DHCP is disabled, this remove cannot trigger metadata change # as metadata is served via DHCP Edge elif (subnet['enable_dhcp'] and self.plugin.metadata_proxy_handler): md_gw_data = self._get_metadata_gw_data(context, router_id) if self._metadata_cfg_required_after_port_remove( context, router_id, subnet): self._metadata_route_update(context, router_id) self.plugin._update_subnets_and_dnat_firewall(context, router_db) # Safly remove interface, VDR can have interface to only one subnet # in a given network. edge_utils.delete_interface( self.nsx_v, context, router_id, network_id, dist=True) # The network would be the last one attached to the VDR if # md_gw_data is None. For such condition, we just keep network # attached to the dhcp edge since the dhcp edge is a pure dhcp # support edge now if (self.plugin.metadata_proxy_handler and subnet['enable_dhcp'] and md_gw_data): # Detach network from VDR-dedicated DHCP Edge vdr_dhcp_binding = nsxv_db.get_vdr_dhcp_binding_by_vdr( context.session, router_id) # A case where we do not have a vdr_dhcp_binding indicates a DB # inconsistency. We check for this anyway, in case that # something is broken. if vdr_dhcp_binding: self.edge_manager.reset_sysctl_rp_filter_for_vdr_dhcp( context, vdr_dhcp_binding['dhcp_edge_id'], network_id) self.edge_manager.remove_network_from_dhcp_edge( context, network_id, vdr_dhcp_binding['dhcp_edge_id']) else: LOG.error(_LE('VDR DHCP binding is missing for %s'), router_id) # Reattach to regular DHCP Edge self.edge_manager.create_dhcp_edge_service( context, network_id, subnet) address_groups = ( self.plugin._create_network_dhcp_address_group(context, network_id)) self.edge_manager.update_dhcp_edge_service( context, network_id, address_groups=address_groups) return info
def remove_router_interface(self, context, router_id, interface_info): info = super(nsx_v.NsxVPluginV2, self.plugin).remove_router_interface( context, router_id, interface_info) router_db = self.plugin._get_router(context, router_id) subnet = self.plugin.get_subnet(context, info['subnet_id']) network_id = subnet['network_id'] with locking.LockManager.get_lock(self._get_edge_id( context, router_id)): if router_db.gw_port and router_db.enable_snat: plr_id = self.edge_manager.get_plr_by_tlr_id( context, router_id) self.plugin._update_nat_rules(context, router_db, plr_id) # Open firewall flows on plr self.plugin._update_subnets_and_dnat_firewall(context, router_db, router_id=plr_id) # Update static routes of plr nexthop = self.plugin._get_external_attachment_info( context, router_db)[2] md_gw_data = self._get_metadata_gw_data(context, router_id) self._update_routes(context, router_id, nexthop, md_gw_data) if (subnet['enable_dhcp'] and self.plugin.metadata_proxy_handler and not md_gw_data): # No more DHCP interfaces on VDR. Remove DHCP binding nsxv_db.delete_vdr_dhcp_binding(context.session, router_id) # If DHCP is disabled, this remove cannot trigger metadata change # as metadata is served via DHCP Edge elif (subnet['enable_dhcp'] and self.plugin.metadata_proxy_handler): md_gw_data = self._get_metadata_gw_data(context, router_id) if self._metadata_cfg_required_after_port_remove( context, router_id, subnet): self._metadata_route_update(context, router_id) self.plugin._update_subnets_and_dnat_firewall(context, router_db) # Safly remove interface, VDR can have interface to only one subnet # in a given network. edge_utils.delete_interface(self.nsx_v, context, router_id, network_id, dist=True) # The network would be the last one attached to the VDR if # md_gw_data is None. For such condition, we just keep network # attached to the dhcp edge since the dhcp edge is a pure dhcp # support edge now if (self.plugin.metadata_proxy_handler and subnet['enable_dhcp'] and md_gw_data): # Detach network from VDR-dedicated DHCP Edge vdr_dhcp_binding = nsxv_db.get_vdr_dhcp_binding_by_vdr( context.session, router_id) # A case where we do not have a vdr_dhcp_binding indicates a DB # inconsistency. We check for this anyway, in case that # something is broken. if vdr_dhcp_binding: self.edge_manager.reset_sysctl_rp_filter_for_vdr_dhcp( context, vdr_dhcp_binding['dhcp_edge_id'], network_id) self.edge_manager.remove_network_from_dhcp_edge( context, network_id, vdr_dhcp_binding['dhcp_edge_id']) else: LOG.error(_LE('VDR DHCP binding is missing for %s'), router_id) # Reattach to regular DHCP Edge self.edge_manager.create_dhcp_edge_service( context, network_id, subnet) address_groups = ( self.plugin._create_network_dhcp_address_group( context, network_id)) self.edge_manager.update_dhcp_edge_service( context, network_id, address_groups=address_groups) return info