In case using the cleantup with a newutron_db, tier0 logical ports
were not deleted, becasue the tier0 routers could not be found in
the neutron DB.
Change-Id: I78e6641f2d94331a081bae218a99bbc2973f2540
Refactor the devstack cleanup script to use nsxlib instead of accessing
the nsxmanager directly.
This patch is needed for the XSRF support.
Change-Id: Ib2e8c4031aae22f97f5a400d9dc5e49a945f7aed
If ports are added to the exclude list directly (not using tags),
they should also be deleted when using devstack cleanup.
Change-Id: Id2bc3690bf11be41a52e6b3301995cd71da0af3b
Commit 3d24d19309 resulted in
networks not being deleted. This is due to the fact that some
ports on a network may not be stored in the DB. For example
a metadata port.
Change-Id: I192b5b85d99e08989bd68ebef73e592d398edbd4
firewall sections were not deleted properly causing other objects not
to be deleted too.
Fixed 2 things:
- backend list results do not always have the cursor field
- delete the fw section with cascade instead of deleting each rule.
Change-Id: Ib96ab16cc49e12111e729ead716953c8114fa99c
When certificate storage is nsx-db and nsx_client_cert_pk_password
is provided in configuration, private key will be stored encrypted.
Change-Id: Id0e6f3b614da9eb2381c80d1a76043e38d2d11ee
Client certificate authentication is disabled by default.
To enable client auth, define the following in nsx.ini:
nsx_use_client_auth = True
nsx_client_cert_storage = nsx-db
nsx_client_cert_file = <file to store certificate and private key>
To enable client auth in devstack, define the following in local.conf:
NSX_USE_CLIENT_CERT_AUTH=True
This commit covers only DB type of cert storage. Barbican storage
and imported cert will be added later. Also planned for near future:
reload cert from DB if NSX connection failes due to bad cert
show warning when cert nears expiration
delete cert file from file system on neutron exit
Change-Id: Ic70a949b740d9149d71187b02640d3071a3e0159
nsxv_cleanup and nsxv3_cleanup scripts are called by unstack.sh and
removes all backend resources, even resources which may have been
created by other devstack deployments using the same backend.
This patch fix this issue, when calling 'unstack.sh' the script will
only remove backend resources that have db record, if 'clean.sh' is
called, then previous behavior is used and all backend resources created
by openstack are removed.
To run the scripts manually, in such way that only backend resources
with db records are cleaned, one must specify '--db-connection' (e.g -
iniget /etc/neutron/neutron.conf database connection) option so the script can
query the DB.
When '--db-connection' option is not specified then all
backend resources are cleaned.
Change-Id: I2283bdb2758c303a46574296e0067f458a6eefcf
NSX-V3 limits get-list APIs to 1000 objects per page.
Before this commit, unstack.sh would not clean up all objects on backend
if more than 1000 objects were present.
Change-Id: I1c5354e5638ad08538477bbba2483dc67e316f38
Add a new function to delete backend logical DHCP servers
created via openstack plugin when running devstack cleanup script.
Change-Id: Ib98c036af2d3e065eb73e9855501262aba30641a
By default, if the NSServiceGroup is consumed in a Firewall rule, it
won't get deleted. In such situations, pass "force=true" as query param
to force delete the NSServiceGroup.
Change-Id: I62be6578c6a70b3b7ae657bd0fa2026fda9ebd56
There are some python files here that we should be running the flake8 on.
This patch updates those files to pass flake8 and enables the checking.
Change-Id: I73b76d2911daaf85282c9f77143f943805a33b03
Besides typical NSGroups which backes Neutron security-group,
the plugin also creates nested NSGroups, these should be deleted as well
when calling unstack.sh.
Change-Id: Id2e803dd29f1cd019eeaf0df7ca6309054fda600