diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/migration.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/migration.py index 73b8cb7ef4..70b1e387db 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/migration.py +++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/migration.py @@ -12,6 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. +import copy import time import logging @@ -1442,6 +1443,61 @@ def MP2Policy_pre_migration_check(resource, event, trigger, **kwargs): exit(1) +def _get_nsxlib_from_config(verbose): + """Update the current config and return a working nsxlib + or exit with error + """ + + if (not len(cfg.CONF.nsx_v3.nsx_api_user) or + not len(cfg.CONF.nsx_v3.nsx_api_password)): + LOG.error("T2P migration cannot run. Please provide nsx_api_user and " + "nsx_api_password in the configuration.") + exit(1) + + retriables = [nsxlib_exc.APITransactionAborted, + nsxlib_exc.ServerBusy] + + # Initialize the nsxlib objects, using just one of the managers because + # the migration will be enabled only on one + nsx_api_managers = copy.copy(cfg.CONF.nsx_v3.nsx_api_managers) + nsx_api_user = copy.copy(cfg.CONF.nsx_v3.nsx_api_user) + nsx_api_password = copy.copy(cfg.CONF.nsx_v3.nsx_api_password) + + for ind in range(len(nsx_api_managers)): + # update the config to use this one manager only + cfg.CONF.set_override( + 'nsx_api_managers', [nsx_api_managers[ind]], 'nsx_v3') + if len(nsx_api_user) > ind: + cfg.CONF.set_override( + 'nsx_api_user', [nsx_api_user[ind]], 'nsx_v3') + else: + cfg.CONF.set_override( + 'nsx_api_user', [nsx_api_user[0]], 'nsx_v3') + if len(nsx_api_password) > ind: + cfg.CONF.set_override( + 'nsx_api_password', [nsx_api_password[ind]], 'nsx_v3') + else: + cfg.CONF.set_override( + 'nsx_api_password', [nsx_api_password[0]], 'nsx_v3') + utils.reset_global_nsxlib() + nsxlib = utils.get_connected_nsxlib(verbose=verbose, + allow_overwrite_header=True, + retriable_exceptions=retriables) + try: + # test connectivity + nsxlib.get_version() + except Exception: + LOG.warning("Failed to connect to NSX manager %s", + nsx_api_managers[ind]) + else: + # Found a working manager + return nsxlib + + LOG.error("T2P migration failed. Cannot connect to NSX with managers %s", + nsx_api_managers) + exit(1) + + @admin_utils.output_header def MP2Policy_migration(resource, event, trigger, **kwargs): """Migrate NSX resources and neutron DB from NSX-T (MP) to Policy""" @@ -1464,44 +1520,22 @@ def MP2Policy_migration(resource, event, trigger, **kwargs): f_handler.setFormatter(f_formatter) LOG.addHandler(f_handler) - # Initialize the nsxlib objects, using just one of the managers because - # the migration will be enabled only on one - if len(cfg.CONF.nsx_v3.nsx_api_managers) > 1: - cfg.CONF.set_override( - 'nsx_api_managers', - [cfg.CONF.nsx_v3.nsx_api_managers[0]], - 'nsx_v3') - # Make sure user & password are set in the config - if (len(cfg.CONF.nsx_v3.nsx_api_user) and - len(cfg.CONF.nsx_v3.nsx_api_password)): - cfg.CONF.set_override( - 'nsx_api_user', - [cfg.CONF.nsx_v3.nsx_api_user[0]], - 'nsx_v3') - cfg.CONF.set_override( - 'nsx_api_password', - [cfg.CONF.nsx_v3.nsx_api_password[0]], - 'nsx_v3') - else: - LOG.error("Please provide nsx_api_user and nsx_api_password " - "in the configuration") - exit(1) - - retriables = [nsxlib_exc.APITransactionAborted, - nsxlib_exc.ServerBusy] - nsxlib = utils.get_connected_nsxlib(verbose=verbose, - allow_overwrite_header=True, - retriable_exceptions=retriables) + nsxlib = _get_nsxlib_from_config(verbose) nsxpolicy = p_utils.get_connected_nsxpolicy( - conf_path=cfg.CONF.nsx_v3, retriable_exceptions=retriables) - # Also create a policy manager with admin user to manipulate admin-defined - # resources which should not have neutron principal identity - nsxpolicy_admin = p_utils.get_connected_nsxpolicy( - conf_path=cfg.CONF.nsx_v3, - use_basic_auth=True, - nsx_username=cfg.CONF.nsx_v3.nsx_api_user, - nsx_password=cfg.CONF.nsx_v3.nsx_api_password, - retriable_exceptions=retriables) + conf_path=cfg.CONF.nsx_v3, verbose=verbose) + + if cfg.CONF.nsx_v3.nsx_use_client_auth: + # Also create a policy manager with admin user to manipulate + # admin-defined resources which should not have neutron principal + # identity + nsxpolicy_admin = p_utils.get_connected_nsxpolicy( + conf_path=cfg.CONF.nsx_v3, + use_basic_auth=True, + nsx_username=cfg.CONF.nsx_v3.nsx_api_user, + nsx_password=cfg.CONF.nsx_v3.nsx_api_password, + verbose=verbose) + else: + nsxpolicy_admin = nsxpolicy with utils.NsxV3PluginWrapper(verbose=verbose) as plugin: # Make sure FWaaS was initialized diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py index 9235f77a6e..032189f635 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py +++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py @@ -45,6 +45,11 @@ def get_nsxv3_client(nsx_username=None, nsx_password=None, plugin_conf).client +def reset_global_nsxlib(): + global _NSXLIB + _NSXLIB = None + + def get_connected_nsxlib(nsx_username=None, nsx_password=None, use_basic_auth=False, plugin_conf=None,