The neutron standard-attr-description is not working with NSX
plugins for security group rules. It seems that when the extension
is loaded the relevant DB model class is not yet available.
To address this problem, this change explictly adds a resource
extender function for the NSX plugin to add the description field
to ecurity groups rule responses.
Change-Id: I4d8b2629660f9e33401ce6b011b1784a6ec66aac
This change replaces remaining occurences of the notify method with
calls to the publish method.
As NSX admin utilities heavily rely on callbacks, this change also
ensures that all callbacks are now accepting event payloads rather
thank kwargs.
Change-Id: I0450fff486898d6ab74086b7952dc27134cb77e2
When provider security groups are removed, the corresponding
bindings could have already been removed by
_update_port_preprocess_security.
This change ensures binding deletion is done only when needed,
and avoids failures in case the bindings have already been
removed.
Change-Id: Iaccf4f3ddb9fef6d8dcb254bc978883b99c947f3
1) Use registry_publish in place of registry_notify
2) Fix usage of dict() [R1735]
3) Ignore unspecified-encoding [W1514]
Change-Id: I1c7b34bf43b947a25bf72ba32db0ce142a4bcc01
The check was comparing neutron security group objects with
security group ids. This change ensures comparison is made only
between security group ids.
Change-Id: Iaeeae58bd19136f96046f2552f05bdced5766046
integrate with neutron patch Id3f09b78c8d0a8daa7ec4fa6f5bf79f7d5ab8f8b
And also skip new tests added in I99681736d05eefd82bdba72b3866eab9468ef5dd
Change-Id: I8b119bc69cc87185ea77646e70135c5984200038
1.Upgrade pylint to 2.4.4, add exclusions to the tests, and
fix some lint errors in the code
2. Fix user creation with GRANT in MySQL 8.0(Ubuntu Focal)
In Ubuntu Bionic (18.04) mysql 5.7 version used to create
the user implicitly when using using the GRANT.
Ubuntu Focal (20.04) has mysql 8.0 and with mysql 8.0 there
is no implicit user creation with GRANT. We need to
create the user first before using GRANT command.
See also commit I97b0dcbb88c6ef7c22e3c55970211bed792bbd0d
3. Remove fwaas from the zuul.yaml
4. Remove DB migration test which is failing ue to FWaaS migration
with py38
5. Fix cover tests python version in .tox
6. fix requirememnts
Change-Id: I22654a5d5ccaad3185ae3365a90afba1ce870695
Since py2 is no longer supported, built in methods can replace the
six package usage, as been done in the neutron project
Change-Id: I922963fbbcc0ab263e1f6e56907b73b007015a75
As a first step add coverage test as non-voting with a low threshold,
and exclude older plugins.
Also removing some unused code, and relocating tests-only code, and adding
some unit tests to improve coverage.
Change-Id: Ib7af0b5de49e1a0ee2927b01f2a5f71acf633fb5
Dynamic createria for security groups are supported since NSX 1.1
Commit Iae39a89b762786e4f05aa61aa0db634941806d41 broke this code
but since it is no longer in use this patch removes it.
Change-Id: I1ff5174d03c0e53796054a14a1f0f0ad5c6cceea
Edge appliances with different number of tunnels per vnic might exit
within the system.
That could happen due to a change in the config file after the system
has been running for a while and edge appliances already exist.
The router interface allocation logic should support this edge case.
Change-Id: I47b72072a44ad40225714295aabcc5b7198eb71f
Remove spoofguard mappings along with spoofguard on backend
when network is set without port security.
Change-Id: I03eac35ae0dfae1c716c54d972a2441c1d98f50a
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
A neutron router can be attached to multiple loadbalancers.
So the DB query to check if it has any loadbalancers should
epect more than one result.
Change-Id: I5a2aab53cd1e925f8e75d98cb15b979e1cf88c57
This patch retires the NSX MH plugin by:
- Deleting the nsx_mh plugin and unit test code.
- Using the NSX-V and V3 plugin test base classes where needed.
- Removing any extensions that are MH specific.
Change-Id: Idf65e44c301e790ca4ea69a6a8735aa0309a0dcc
Commit Ia4f4b335295c0e6add79fe0db5dd31b4327fdb54 removed all the
neutron-lbaas code from the master (Train) branch
Change-Id: I9035f6238773aad0591436c856550b7a5e01e687
To support the case of 2 instalations on teh same NSX backend,
The newer installation should reuse the default Os section & NS group.
Usage:
nsxadmin -r firewall-sections -o reuse
Change-Id: I0e187cea6ffa9ca3cdb6d215530426e611c8ae20
Until know, for scale issues, the creation of some NSX backend resources
for loadbalancing was postpone until the first member creation.
This complicates the code unnecessarily, since the scale issues were
already resolved.
The new code will create the matching backend objects for each
LBaaS/Octavia object upon creation.
In case external vip loadbalancer - the service will be created without an attachement,
which will be added upon member creation.
In addition a DB migration is added to mark as ERROR old incomplete load
balancers.
Depends-on: Ic4e604883a7b1437af995110d2d684c0bd396a52
Change-Id: Ib478c336840c2e441bbaeffe94700a5e267c6bef
Replace NSX bridge cluster with bridge endpoint profiles as the
backend resource used to implement L2 gateways.
The logic for creating a gateway connection is not changed,
with the only exception that bridge endpoints now have a reference
to a bridge endpoint profile.
Connections created using bridge clusters can be safely removed,
while creation of new connection on gateways leveraging bridge
clusters will fail.
Change-Id: I29cd9a2501ab4b7dd226729f33ab962bbba2dfff
Until know, for scale issues, the creation of some NSX backend resources
for loadbalancing was postpone until the first member creation.
This complicates the code unnecessarily, since the scale issues were already resolved.
The new code will create the matching backend objects for each LBaaS/Octavia object upon creation.
In addition a DB migration is added to mark as ERROR old incomlete load balancers.
Change-Id: I2d1b9046a262fb43fd4b05e378dcf00f7f80adc0
1. List spoofguard policies with mismatching ips or mac, globally or for a specific network
nsxadmin -r spoofguard-policy -o list-mismatches (--property network=<neutron net id>)
2. Fix the spoofguard ips of a neutron port
nsxadmin -r spoofguard-policy -o fix-mismatch --property port=<neutron port id>
Change-Id: I18723007fff89ffd4a250106fed1b7ea615eb648
This patch switches the code over to the payload style of callbacks [1]
for SECURITY_GROUP BEFORE_CREATE events.
Depends-On: Id48d1d0ec429011310571a7b43ffbb4a6d9f1610
[1] https://docs.openstack.org/neutron-lib/latest/contributor/callbacks.html
Change-Id: I061aa6f8cffb1ae6bfe2dab4e19fce7f080d2f6e
If for some reason during update-port the original port does not have the
provider security groups attribute, it may fail.
Change-Id: Id6af4c714fd3dfd5fe8958b1f061d313c14d0f46
1. Do not allow creating a connection with the same seg-id & bridge cluster again
as the NSX fails it
2. In case creation failed, allow delete to succedd (for rollback of the create)
Change-Id: I9db62a2b895bfac93381ba5200f96c96163e39a5
The neutron code is already shimmed to use neutron-lib for the
neutron.db._resource_extend module [1].
This patch switches the code over to use neutron-lib for resource_extend
rather than neutron.
[1] https://review.openstack.org/#/c/624179/
Change-Id: I594dab9e0d207d2565eb70093163b9d8a90602e1
Ensure that if a neutron router does not provide any service
which requires an edge appliance - no SR is created.
If a service is being removed - the SR will also be removed.
Change-Id: Ia1b24900acc5526e732c414682fa906c34860653
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
The _get_collection_query of CommonDbMixin is available via the
model_query module in neutron-lib. This patch switches over to
neutron-lib's implementation rather than using it from neutron's
CommonDbMixin
Change-Id: Iab35080ac9f1ad49e4d8dabf44980a9c4d32bac2
The model_query module is in neutron-lib and the CommonDBMixin will
eventually be removed. This patch swiches use of the _model_query
method over to query_with_hooks from neutron-lib.
Change-Id: I5f626c4aef1fba38c42a17c14861645f8c5d2129
The neutron.db._model_query modules was rehomed into neutron-lib and
also shimmed in neutron with https://review.openstack.org/#/c/591852/
This patch switches the imports over to use neutron-libs model_query
rather than neutrons.
Change-Id: I2e460e3cb93309e2539f94658d60c4ffca572e50
Access to neutron.db.api's context manager is already in neutron-lib
and in fact neutron is already using it as a shim. This patch switches
over context manager access to use neutron-lib's accessors.
Also see https://review.openstack.org/#/c/613122
Change-Id: I13eb3a25a5bd83bb00dfa4a7430324551fea0f2e
Implementing the Octavia support for NSX-V & NSX-T.
Follow up patches will handle the TVD plugin, Status updates,
and migration.
Since Octavia is not (yet?) in the requirements, using a hack to allow unittests
to be skipped.
Co-Authored-by: Adit Sarfaty <asarfaty@vmware.com>
Change-Id: Iadb24e7eadcab658faf3e646cc528c2a8a6976e5
- Prevent non-admin user from changing a provider SG (in addition to delete,
add rule & delete rule which were already prevented)
- rename the validation method and error
(please note - preventing SG creation is done with a policy.json rule)
Change-Id: Idcd1c6c7082b1bd26d0fbc19a399e01ecbf2fb0f
The NSX|V3 will support a direct vnic types for VLAN/FLAT networks, without
portsecurity.
This this case the port VIF type will be DVS, and the network segmentation ID
will be added to the VIF details.
Change-Id: I4c40485c35c2804465240302023e667fc4642664
The MAC learning flag is saved in the DB and displayed only if it
was set by the user, or by the plugin (in case of ENS support).
If the value was unset - it is not added to the DB, and not displayed.
This patch fixes 2 issues with this logic:
1. Make sure False value is also saved in the DB
2. Make sure False value is also returned in show port command
Change-Id: Ifb167c192bf5001ac7415d32be5a382782a44708
The LBaaS V2 plugin expects the driver to update the LB objects operating
status from a separate process/thread.
When the user requests the LB status (or just the LB object itself with GET),
the operating status is retrived from the LBaaS DB, without calling the driver.
To avoid adding a process to actively query and update all objects statuses,
this patch creates a new LBaaSV2 plugin, to be used instead of the default one.
This plugin (vmware_nsx_lbaasv2) will issue a get-statuses call to the driver,
update the current statuses in the DB, and call the original plugin.
Depends-on: I71a56b87144aad743795ad1295ec636b17429035
Change-Id: I3c4e75d92a1bacdb14292a8db727deb4923a85d9