- Support NSX 3.2 which force all the ports of a network to be migrated togather
- Improve documentation
- Optionally skip enabling & disabling the migration coordinator service
Change-Id: I91900f040e22c336e7b8cc13bc8ed2f30452c80e
Since py2 is no longer supported, built in methods can replace the
six package usage, as been done in the neutron project
Change-Id: I922963fbbcc0ab263e1f6e56907b73b007015a75
This patch will allow moving neutron from using the nsx_v3 plugin to the nsx_p plugin.
This includes:
- admin utility to move all resources to the policy api:
nsxadmin -r nsx-migrate-t2p -o import (--verbose)
This utility will:
-- Migrate all neutron used & created resource using the nsx migration api
-- roll back all resources in case it failed
-- post migration fix some of the policy resources to better match the expectation
of the policy plugin
- admin utility that will cleanup left overs in the nsx_v3 db:
nsxadmin -r nsx-migrate-t2p -o clean-all
(can be used, but everything should work without calling it as well)
- Some minor changes to the policy plugin and drivers to allow it to handle migrated resource
which are a bit different than those created with the policy plugin
-- Delete DHCP server config once a migrated network is deleted
-- Update LB L7 rules by their name suffix as their full display name is unknown
Change-Id: Ic17e0de1f4b2a2d95afa61ce33ffb0bc9e667b89
Before NSX 3.0 the passthrough api was used to update the admin state.
With NSX 3.0 it can be updated using the policy api.
In addition, adding a new admin utility to update this field when
upgrading to NSX 3.0
Change-Id: I4020c07db0f595b1f46014a409a585188c88454e
For each availability zone, check that all the resources in the configuration
and connected on teh NSX
Change-Id: I60551294c4f2d1d9d43032ac64468e5915e1f09d
Some tenacity apis now get a single retry_state parameter which contain
all the previous information.
Change-Id: I3e34949dfb9a72ef30706f91beef079894d26201
Enabling Standby relocation in the plugin
and adding adminUtil to enable it on routers
that were created without it.
Change-Id: I6e8525ba06f03ac6c593922f271f10052cb3fdf7
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
Supporting provider networks including:
- Creating a base plugin for T & P plugins (separate from V)
- Moving some nsx-T code to the common plugin after stripping
it from v3 specific code
- Reusing the nsx-T DB table for keeping the provider network
configurations
- Support for vlan transparent
- Support for update network action
Also adding unit tests for provider networks and enabing tempest
tests for networks
Change-Id: I505ef65f2ee6bfba78dadff62c4c06463ebffff0
This patch is part of the community goals to enable python 3 first, and
only use python 2 when explict.
To do so, this patch:
- Makes python 3 the default env for non py27 tox targets.
- Adds a py3-dev target for running py3 locally.
- Refactors the pip install commands for stable dependency install into
their own target and refs them where needed.
- Updates the code to pass pep8 in python 3.
- Bumps the version of pylint to 1.7.1 to address some py3 issues in
earlier versions.
As part of this effort we should also look into making python 3 the
default for our VMware NSX 3rd party CI jobs.
Change-Id: Ibaa3e9d717f32ffb6479346163c14d4be7df50cf
Commit a97627ac51 caused a
degradation with external network creation. Prior to this
patch a external network could be created in horizon with
type 'local.
That support needs to be continued for backwards compatibility.
Change-Id: Id0e891842c1d4e63c522a82b09beeeeca6fdbb7b
- Deprecate the "vxlan" type
- Add the "geneve" type: with overlay transport zone
- Add the "nsx-net" type: attach an existing nsx logical switch
(vlan or overlay) to a neutron network.
In addition, this patch adds unit tests to all provider networks types.
Change-Id: I48a35c913c08ea4afcca64ed2e13db41260b95a3
Adding log messages before & after each retry call, to help debugging.
The before message (will not appear before the first call):
Retrying call to 'func-name' for the #th time:[Last exception here]
The after message:
Finished retry number #th to 'func-name' after X(s) with args: (...):
[Last exception here]
Change-Id: I4f716675d72905a0251afc8b7708cbe3dadbd171
NSX 6.2.8 and 6.3.3 support the granular API:
New GET api:
GET https://<nsxmanagerIp>/api/4.0/edges/<edge-id>/dhcp/config/bindings/<binding-id>
RESPONSE:
<staticBinding>
<autoConfigureDNS>false</autoConfigureDNS>
<leaseTime>86400</leaseTime>
<subnetMask>255.255.255.0</subnetMask>
<bindingId>binding-1</bindingId>
<vmId>vm-34</vmId>
<vnicId>1</vnicId>
<hostname>test</hostname>
<vmName>3-vm_ubuntu_1404_srv_64-shared-1668-02458540-04f1-4508-8037-2f2ce5542b91</vmName>
<ipAddress>12.12.12.1</ipAddress>
</staticBinding>
2) Quering a binding with a invalid ID:
GET https://<nsxmanagerIp>/api/4.0/edges/<edge-id>/dhcp/config/bindings/<binding-id>
RESPONSE:
<error>
<details>[Dhcp] Static binding is not found: binding-2</details>
<errorCode>12510</errorCode>
<moduleName>vShield Edge</moduleName>
</error>
Change-Id: If1049035797c525344c46e1ae7f664a7b9daa4a1
Add another common util function to check if backend version is
greater or equal to 2.1.0.
Depends-on: Id8fd9d6ee2ce376a2d1b5e393a28fa3a063b181f
Change-Id: I037ea69f979e509db17197faa9affbdcfcc2e0b3
Use nsxlib to check if a feature is available at hte current
backend version.
Change-Id: Iabe06f23a6d78c202f2854521565c1f4063cc174
Depends-on: I947d40fbfa574295982744ba06918894b2459fd9
In NSX 2.0.0 onwards we are able to make use of the tags
for the exclude list. Prior to this we need to make use of the
exclude list directly.
Co-Authored-By: Shih-Hao Li <shihli@vmware.com>
Change-Id: I31fec57ec7db7db5066c446251917720a043339e
Leverage the NSX VXLAN support for transparent VLANS. NOTE that the
feature needs the configuration variable cfg.CONF.vlan_transparent
to be set to True (this is in the neutron configuration file)
This is currently only supported with VXLAN backing networks.
This is supported from NSX 6.3 onwards.
Change-Id: I1fe9724b0618e4cc2565d500ea2eb6198e1945ed
We are replacing all usages of the retrying package with
tenacity with an end goal of removing the retrying package
from our requirements.
This patch also demonstrate how to use the new api to retry only for some
of the exception error codes
Change-Id: Ie1b082848ac6153d29af7779de914071dc8c1ba5
- separate nsxlib/v3 constants and utils from the common ones
- separate the nsxlib/v3 tests
- update the nsxlib tests to cover create_firewall_rules
- remove all of the DB calls from the nsxlib/v3
- merge security & dfw_api classes
To be done in future patches:
- Avoid using the nsx configuration values directly
- Improve nsxlib interface (as Aaron suggested in If2fe1e014b78703ff0a9cdff1e4e8d45f3a4a16d)
Change-Id: I43257f557ce1e98b4f64b8157d723cc84ea58c2b
This patch implements the provider security-groups extension for NsxV
Neutron plugin.
For more details, please refer to the feature
change: I57b130437327b0bbe5cc0068695f226b76b4e2ba.
Change-Id: I0efa29893eff7d76ee69496210cda33f79742cfd
As bug 1568706 uncovered, we were using zuul-cloner
in our gate jobs; this was preventing our translation from
syncing.
After digging into this issue a number of changes in this
associated logic were found to not be in sync with neutron.
This patch updates out tox/tools logic to follow that of neutron.
In addition this patch fixes any pylint checks that were failing to
make pep8 pass.
IMPORTANT:
Please review closely, not only to the tools/tox updates but also
to the ignored pylint checks in the code. We only want to disable
checks where appropriate.
Change-Id: I6c5fee3ca3073ad079eac1636cc3b9ec45926a68
Closes-Bug: #1568706
CH release adds new way to associate resources with nsgroups by
creating specific tags on the resources.
We would like to support this feature in the plugin for better performance.
This patch make use of this feature to associate logical-ports with nsgroups
(Neutron ports with security-groups), for every LP-NSGroup association,
a special tag will be added to the LP.
The plugin will use this NSX feature only when supported by the NSX
version, and given that the designated boolean config option is set to True.
Change-Id: I2a802bc314d98dba9ecc54191fcbd7330f183e12
NSX-v plugin has support for provider network type 'portgroup'.
This patch adds support for portgroup type binding in DVS plugin.
Creating a portgroup type network refers to an existing dvportgroup
in vSphere. Deleting this network would not delete the dvportgroup
similar to NSX-v plugin.
This functionality is required to import VMs on vSphere
connected to an existing dvportgroup.
Change-Id: I6fd1f3efdd258b5d4d5042d0f76d0a4b52cd69ee
Commit Ib56ee8bfd182c031e468c503acb0cd75daea8c40 refactored code
in L2 gateway base plugin. This patch makes appropriate changes
in NSX plugin and v3 driver.
Change-Id: I45d546e59e99d49d2a9b18258af94d90e91333ca
Partial-Bug: #1591413
neutron_lib should be used instead of the attributes and constants
imports. This patch moves to using neutron_lib. This removes all of
the deprecated warnings (there are still some from neutron and
l2gw - those are addressed in other patches).
Change-Id: I796d749c46a69107a1a484e8774c5d501fc4704f
Commit 87a79256c494c36f2d9597313f430b24c0110161 added neutron_lib
for shared exceptions. This patch moves us to make use of the
aforementioned library.
Change-Id: I9fe014c5da85faca87bf88a80c4ee19f7f123123
NSX v3 does not support CIDR notated IP addresses for
port IP address bindings; thus something like
9.10.11.12/24 is an invalid IP address to use for an address
pair. This patch adds a check to ensure IP address are
of the proper format.
Additionally this patch adds logic to the port update
flow in the case where a backend error occurs on port
update. The logic contained herein now reverts the
address pairs to ensure they are in sync with neutron.
Unit tests are also included.
Change-Id: Ia0c9187b1f6e304690e1a56e94c47fe069179645
Closes-Bug: #1531558
Ensure that the instance UUID and router UUID are
correctly used.
In addition this also change the router port name to have only
one separating _ and not 2.
Closes-bug: #1531507
Change-Id: I73f76b3a86865b99deb8f7b26fce42983bcb7293
When a port is created, for example via nova, the port will contain
the device id. In this case lets add a tag that will help identify
the instance.
Closes-bug: #1530629
Change-Id: I75bd24d4cb3a42e0d4fad00fc9bec05c08b2ccbf
The NSX plugin adds "tags" for each NS-Group it creates and should
ignore such NS-Groups which doesn't contain tags at all.
Change-Id: I749b0c28a13c771e8778353cbf63ead567b68f1b
Closes-Bug: #1529463
Rename logical port with router attachment from <NSX-UUID> to
<OS-Router-Name>_Port_<short-OS-Router-Port-UUID>.
Change-Id: I5f700e008afb9135a052937e6b29329032f34c15
For Neutron security-group integration we need to be able to configure some
default FW rules which will be enforced on all logical-ports (which are
associated with at least one SG), to achieve that, we place all security-group
objects in a nested NSGroup and apply the default rules on it.
The problem with this strategy is that the nested NSGroup has a
limited capacity and can't contain the expected number of security-group which
exists simultaneously.
To address this issue, we create multiple nested NSGroup (instead of one only)
and evenly distribute security-groups between them, rules in
the default section are applied on these nested groups.
Closes-Bug: #1522021
Change-Id: I78c59a0b58bce14e04f7517e0d0db32cd105ff74
Add resource type and project name tags to qos switching profile.
Make maximum length of resource type name a constant. Fix some typos.
Change-Id: Ibd793894ca65320fa5fcf49e5dfa1872f534b7fe
Add in a resource type to the tags. This will enable the
admin to know what the correspoinding neutron resource is.
Th elength of the scope is also validate to not exceed 20.
That is the maximum length on the backend.
Closes-bug: #1527208
Change-Id: I3a9a8cac6e7e42a424717d58380b56d32ce5b4f6