This change replaces remaining occurences of the notify method with
calls to the publish method.
As NSX admin utilities heavily rely on callbacks, this change also
ensures that all callbacks are now accepting event payloads rather
thank kwargs.
Change-Id: I0450fff486898d6ab74086b7952dc27134cb77e2
When an AZ is configured with a non-default DVS id, it must have a
metadata configuration as well.
The minimum required is the metadata edge IPs.
Change-Id: Iebbbf6e73975c67876a925a4d54a6a263c4da10f
When a LB exists in Octavia DB, but missing in NSX, its status is never
updated.
The following addresses this condition by collecting the LBs from
Octavia and validating them periodically.
Change-Id: I3c42a934a47532968c65aaeade8210364167f35a
NSXV distributed routers cannot be attached to flat networks. Yet
OpenStack should fail with an error instead of letting the backend
transaction fail.
Change-Id: If2f0c4c47d049ec37348d6cea32f0bb069a0c9b2
When creating rules, the plugin fetches the SG mapping from Neutron DB.
If this mapping is missing, the plugin should issue a proper error and
fail.
Change-Id: Icd00116dc6e81949513db18f16eced8a2b125c7d
DNS failures cause requests module to raise a ConnectionError exception.
We should issue a retry upon this exception as DNS erros within a
network are normal.
Change-Id: Id543a55fbd7002f839981ba47909546ef229f5f9
Edge firewall might contain FW rules which are originated from various
sources, e.g FWaaS rules, subnet rules, LB rules etc.
When a non-admin user applies a change to the FW config by changing any
of the above, the new FW config should still include resources which
aren't visible to the user. Therefore the context should be elevated.
Change-Id: I8cd3310976708b0bbf1442de7f38ebc06dc8506a
When a stale load balancer binding remains in the Neutron DB while the
load balancer was deleted, it causes FWaaS failures.
To protect agains, we take the following measures:
- Use try-catch to ignore the LB edge firewall rule while performing
FWaaS transactions.
- Delete the LB binding while deleting the router, while routers are
used as LB platform.
Change-Id: I3ab60093e3ac8ce6ff1d3557622745484d43b759
In case the physical network is not assigned, the db query
should be skipped or else it fails and raise.
Change-Id: Ief5af76f47e6b037e5fdda707f7fa75f73b0653f
NSX|V3: fix call to _confirm_router_interface_not_in_use
Commit Iea58177cce30d7ce6ba7b36ce5f8375c0985179e changed the api
NSX|V: Fix _make_port_dict api
Commit Ic08e4049f6156c0700ca3c7aee251b6eb0eb97da added bulk argument
to this api.
Change-Id: I6bbe34cfedf731f0711fee45800d9f78247bc6ba
1. NSX|V admin utils: Add utility to list virtual wires
2. Add network vni field to the api_repaly extension
3. Let policy plugin set the vni value on the new segment
while working in api-replay mode.
Change-Id: I872edd03cdd1a7ff1422cdc12ea2a1d75b5d0bcb
integrate with neutron patch Id3f09b78c8d0a8daa7ec4fa6f5bf79f7d5ab8f8b
And also skip new tests added in I99681736d05eefd82bdba72b3866eab9468ef5dd
Change-Id: I8b119bc69cc87185ea77646e70135c5984200038
1.Upgrade pylint to 2.4.4, add exclusions to the tests, and
fix some lint errors in the code
2. Fix user creation with GRANT in MySQL 8.0(Ubuntu Focal)
In Ubuntu Bionic (18.04) mysql 5.7 version used to create
the user implicitly when using using the GRANT.
Ubuntu Focal (20.04) has mysql 8.0 and with mysql 8.0 there
is no implicit user creation with GRANT. We need to
create the user first before using GRANT command.
See also commit I97b0dcbb88c6ef7c22e3c55970211bed792bbd0d
3. Remove fwaas from the zuul.yaml
4. Remove DB migration test which is failing ue to FWaaS migration
with py38
5. Fix cover tests python version in .tox
6. fix requirememnts
Change-Id: I22654a5d5ccaad3185ae3365a90afba1ce870695
Since py2 is no longer supported, built in methods can replace the
six package usage, as been done in the neutron project
Change-Id: I922963fbbcc0ab263e1f6e56907b73b007015a75
Vsphere7 started to block this traffic so adding those rules to be
backwards compatible.
In addition, add admin utility to fix existing edge firewalls:
nsxadmin -r routers -o nsx-update-fw
Change-Id: Ia5c2832e377a1a17ef279191ee91b6fec8f65443
NSX version retrieval may fail due to various reasons. It is incorrect
to cache this value as failure might (and probably) could be temporary.
Change-Id: Ifdd572579b3c52afc24107e147e483188e8030a7
1. Make the validation optional (If False - only log the warnings)
2. Validate each resource against all clusters and fail only if not
connected to any
Change-Id: I9abd091fc42d4dbe22e1b806df4d9131ab054726
In addition to the fix introduced in I31141eb7a05ff508acb3cea12d7bdd7d8695d9e1
the icmpcode 0 should also be removed from the rule creation
Change-Id: I380d5e45235fd0033bba924b42c6b83104f17241
FWaaS V2 cannot be supported for distributed routers since the
FW rules are on the PLR, but only the TLR has the subnets interfaces.
This patch adds a partial support, assuming all interface ports
have the same policy & rules (as it was in FWaaSv1) by ignoring the vnic-id.
This way customers with distributed routers can migrate to FWaaS v2.
Change-Id: Ieaaf4149d5daa07341effdc480ae453a67d5b6bb
1. No need to rollback the interface creation in teh distributed router
driver. It is rolled back on the plugin level. the Double rollback causes
a new error to be raised.
2. In the plugin level - do not alert on the rollback faliure.
It may be legit
2. In the plugin level raise a proper error to neutron, instead of the
internal one.
Change-Id: I129f595d6cd17cd0af62fc9e2855451b97e73ff0
Non-admin users could not set static routes as neutron didn't fetch the
port info for the external network.
Change-Id: Ib266b6348d450b6b73064aeaf0b79a443c46a1ee