Invert the order of operation in order to ensure DB entry is not
removed is operations fails in unexpected way
Change-Id: I77c1a48ac59ab577ed284d40e2a90fc44fe32b10
In some cases deletion might fail because a segment port
is still reported as attached.
This change will ensure the operation is retried so it
eventually succeeds.
Change-Id: Ic40f8162f127414653ebeebca4cae5481b01585f
During port deletion on the backend, we remove profile bindings and
then the actual port. If for any reason a binding is not found, the
process should still proceed to delete remaining resources up to
the segment port.
This change fixes this behaviour, as the code was instead returning
as soon an object was not found.
Change-Id: I529ce34db323f900129865befc6bd64e1ff4f5ff
This change leverages a new NSX client method, patch_entries.
This method does not require all rules to be in the request body.
We can therefore save a DB operation, and submit a much smaller
payload. NSX responses are also much faster.
In addition, this routine ensure the DB record for a security
group rule is removed if the creation of the same rule fails at
the NSX backend.
Change-Id: I5c97c3042f8f740cac211314e11ce01e03beaa7e
Introduce a new configuration option - windows_metadata_route.
Specifies whether an explicit route for metadata proxy access
on windows should be added.
The default value will be True for backward compatibility.
This option will need to be set to False for some guest OSes such
as RHEL8 as a duplicate metadata route can cause failures while
setting up networking.
Change-Id: If7507d0d4242cce2c73c7a2239149ec35fef232f
This change replaces remaining occurences of the notify method with
calls to the publish method.
As NSX admin utilities heavily rely on callbacks, this change also
ensures that all callbacks are now accepting event payloads rather
thank kwargs.
Change-Id: I0450fff486898d6ab74086b7952dc27134cb77e2
For some dual-stack use cases it will be mandatory to disable multicast
routing on NSX-T segments.
Change-Id: I821b6038ec4b0404d54c03c8802bdbbf8d211ed4
When an AZ is configured with a non-default DVS id, it must have a
metadata configuration as well.
The minimum required is the metadata edge IPs.
Change-Id: Iebbbf6e73975c67876a925a4d54a6a263c4da10f
If a NSX-T segment is not realized, the plugin will currently
return a null value for the corresponding logical switch id.
This leads nova to boot VMs with an incorrect network attachment.
This change ensures the null value is not cached for the neutron
network.
Change-Id: I7ef3fc8e13777e5fcdc53bd84d5dc235f7e8686c
If the multiple address bindings fall in the same CIDR, we should be
careful in verifying that the corresponding entry has not already
been removed from the binding list
Change-Id: I4e8ace9c3a4f6a09246038fec09d3040b8b93e74
Due to removal of deprecated attributes from NSX APIs, the routine
for checking VLAN overlap with uplink transport needs to be amended
to search for transport zone in host switch info.
This change also optimizes the process by avoiding fetching the same
profile multiple times.
Change-Id: I3af3c0f2bef1041c18c1b9d84aaa5ca7bd7638bf
In some cases - such as isolated segments - multicast cannot
be enabled. Leaving it to default settings will avoid error
responses from the NSX-T backend.
Change-Id: I65beefc574f0167e9679c873c99e48173999741c
Every time a segment is updated with subnet, we need to explicitly
set the multicast setting to ensure it is disabled when only an
IPv6 subnet is present on the segment.
Change-Id: Ie75c87ac56f7d690c1dd6453001affcc7b1a035a
When a LB exists in Octavia DB, but missing in NSX, its status is never
updated.
The following addresses this condition by collecting the LBs from
Octavia and validating them periodically.
Change-Id: I3c42a934a47532968c65aaeade8210364167f35a
The constrains where T0 uplinks must not overlap anymore
with external subnets does not apply anymore.
Therefore this change removes the validation check upon subnet
creation, thus saving a round trip to the NSX backend.
Unit tests for validating this specific constraint are removed as
well.
Change-Id: I65cb6ae7822e9a03f05fba5d4fd4d4dc5202526a
As these profiles have hardcoded Ids, it is much safer and efficient
to use directly the resource Ids rather than fetching resources by
name.
Change-Id: Iba462a1fe1209f5e31be93eef3ecd450e16a5138
In NSX, a service router is required when attaching a VLAN interface
to a router.
This change ensures the service router is set before attaching the
interface. This allow for the interface to be attached even before
setting a gateway for the router.
Change-Id: Ia070aed9c97f3c87615b9c7e0b084f2edb26e0a9
This will simplify the N/S cutover process, allowing it to run
smoothly also for routers with no downlink interfaces
Change-Id: Ida4f2ba787c5bb897b6d2f479b32f715b1e83713
When allowed address pairs are specified they can overlap with
fixed IPs, especially when they specify CIDRs.
The plugin should not fail to create/update neutron ports in this
case, but should instead properly handle NSX address bindings.
Change-Id: I145950ebe5769490f1c05729d94869dfa2e7d856
Extend validation relaxation introduced by commit 607afed94, by
allowing for multiple IPs for a given port also on DHCP and IPv6
subnets.
In order to ensure correct processing of DHCP bindings, the
process a binding is created only for the first IP address
allocated in the subnet; the process also ensures that the
address associated with the DHCP binding does not change unless
removed from the port's fixed_ips.
This change applies only to the nsx_p plugin, and the other
constraints on port IP allocation are still in place.
Change-Id: I0271b9be8e73e8e6b9d1b3b51bebc1542efd3d29
When a Neutron port is deleted, the DNS entry in Designate should be
deleted as well.
This is done by triggering a BEFORE_DELETE event in delete_port()
Change-Id: I341824b813bed11de2428238a0952626d1edb02e
NSXV distributed routers cannot be attached to flat networks. Yet
OpenStack should fail with an error instead of letting the backend
transaction fail.
Change-Id: If2f0c4c47d049ec37348d6cea32f0bb069a0c9b2
Allow for setting multiple IPs from the same subnet, only if
the subnet is v4 and DHCP is disabled for the subnet.
Still make sure at most 1 IPv4 and 1 IPv6 subnet can be
configured.
Change-Id: I1113a24fa8cc09892bc89917d50c64f6a72c0dab
Upon startup, the plugin validates that configured default tzs
exist on backend, however does not validate their type. This
change adds type validation (OVERLAY or VLAN), and throws startup
exception if type is incorrect.
In addition, this change adds null validation and removes dead
code.
Change-Id: Ibeff164eb03fec9141326c24b0c069f0e16a1e7b
When creating rules, the plugin fetches the SG mapping from Neutron DB.
If this mapping is missing, the plugin should issue a proper error and
fail.
Change-Id: Icd00116dc6e81949513db18f16eced8a2b125c7d
Allow updates in physical network id for network of type l3_ext
in order to allow for re-wiring an external network to a different
NSX Tier-0 GW router.
Change-Id: I1e3dc1ed874c78d9db43a31ddf29f413e530a808
DNS failures cause requests module to raise a ConnectionError exception.
We should issue a retry upon this exception as DNS erros within a
network are normal.
Change-Id: Id543a55fbd7002f839981ba47909546ef229f5f9
Perform operations to check if network has DHCP enabled in elevated
context. In this way info will always be retrieved even if the port
delete operation is performed in a context different than the one
of the network owner.
Also adding unit test to validate the scenario.
Change-Id: I25da68d61afbe85687a040d449869b47e61073d4