MP2P Migration: select a working nsx node to work with

Change-Id: Ic608e167a0e15eb4dcfb4c73deac8588c017233a

vmware_nsx/shell/admin/plugins/nsxv3/resources/migration.py

@@ -12,6 +12,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import copy
 import time
 
 import logging
@@ -1442,6 +1443,61 @@ def MP2Policy_pre_migration_check(resource, event, trigger, **kwargs):
             exit(1)
 
 
+def _get_nsxlib_from_config(verbose):
+    """Update the current config and return a working nsxlib
+    or exit with error
+    """
+
+    if (not len(cfg.CONF.nsx_v3.nsx_api_user) or
+        not len(cfg.CONF.nsx_v3.nsx_api_password)):
+        LOG.error("T2P migration cannot run. Please provide nsx_api_user and "
+                  "nsx_api_password in the configuration.")
+        exit(1)
+
+    retriables = [nsxlib_exc.APITransactionAborted,
+                  nsxlib_exc.ServerBusy]
+
+    # Initialize the nsxlib objects, using just one of the managers because
+    # the migration will be enabled only on one
+    nsx_api_managers = copy.copy(cfg.CONF.nsx_v3.nsx_api_managers)
+    nsx_api_user = copy.copy(cfg.CONF.nsx_v3.nsx_api_user)
+    nsx_api_password = copy.copy(cfg.CONF.nsx_v3.nsx_api_password)
+
+    for ind in range(len(nsx_api_managers)):
+        # update the config to use this one manager only
+        cfg.CONF.set_override(
+            'nsx_api_managers', [nsx_api_managers[ind]], 'nsx_v3')
+        if len(nsx_api_user) > ind:
+            cfg.CONF.set_override(
+                'nsx_api_user', [nsx_api_user[ind]], 'nsx_v3')
+        else:
+            cfg.CONF.set_override(
+                'nsx_api_user', [nsx_api_user[0]], 'nsx_v3')
+        if len(nsx_api_password) > ind:
+            cfg.CONF.set_override(
+                'nsx_api_password', [nsx_api_password[ind]], 'nsx_v3')
+        else:
+            cfg.CONF.set_override(
+                'nsx_api_password', [nsx_api_password[0]], 'nsx_v3')
+            utils.reset_global_nsxlib()
+        nsxlib = utils.get_connected_nsxlib(verbose=verbose,
+                                            allow_overwrite_header=True,
+                                            retriable_exceptions=retriables)
+        try:
+            # test connectivity
+            nsxlib.get_version()
+        except Exception:
+            LOG.warning("Failed to connect to NSX manager %s",
+                        nsx_api_managers[ind])
+        else:
+            # Found a working manager
+            return nsxlib
+
+    LOG.error("T2P migration failed. Cannot connect to NSX with managers %s",
+              nsx_api_managers)
+    exit(1)
+
+
 @admin_utils.output_header
 def MP2Policy_migration(resource, event, trigger, **kwargs):
     """Migrate NSX resources and neutron DB from NSX-T (MP) to Policy"""
@@ -1464,44 +1520,22 @@ def MP2Policy_migration(resource, event, trigger, **kwargs):
             f_handler.setFormatter(f_formatter)
             LOG.addHandler(f_handler)
 
-    # Initialize the nsxlib objects, using just one of the managers because
+    nsxlib = _get_nsxlib_from_config(verbose)
-    # the migration will be enabled only on one
-    if len(cfg.CONF.nsx_v3.nsx_api_managers) > 1:
-        cfg.CONF.set_override(
-            'nsx_api_managers',
-            [cfg.CONF.nsx_v3.nsx_api_managers[0]],
-            'nsx_v3')
-    # Make sure user & password are set in the config
-    if (len(cfg.CONF.nsx_v3.nsx_api_user) and
-        len(cfg.CONF.nsx_v3.nsx_api_password)):
-        cfg.CONF.set_override(
-            'nsx_api_user',
-            [cfg.CONF.nsx_v3.nsx_api_user[0]],
-            'nsx_v3')
-        cfg.CONF.set_override(
-            'nsx_api_password',
-            [cfg.CONF.nsx_v3.nsx_api_password[0]],
-            'nsx_v3')
-    else:
-        LOG.error("Please provide nsx_api_user and nsx_api_password "
-                  "in the configuration")
-        exit(1)
-
-    retriables = [nsxlib_exc.APITransactionAborted,
-                  nsxlib_exc.ServerBusy]
-    nsxlib = utils.get_connected_nsxlib(verbose=verbose,
-                                        allow_overwrite_header=True,
-                                        retriable_exceptions=retriables)
     nsxpolicy = p_utils.get_connected_nsxpolicy(
-        conf_path=cfg.CONF.nsx_v3, retriable_exceptions=retriables)
+        conf_path=cfg.CONF.nsx_v3, verbose=verbose)
-    # Also create a policy manager with admin user to manipulate admin-defined
+
-    # resources which should not have neutron principal identity
+    if cfg.CONF.nsx_v3.nsx_use_client_auth:
+        # Also create a policy manager with admin user to manipulate
+        # admin-defined resources which should not have neutron principal
+        # identity
         nsxpolicy_admin = p_utils.get_connected_nsxpolicy(
             conf_path=cfg.CONF.nsx_v3,
             use_basic_auth=True,
             nsx_username=cfg.CONF.nsx_v3.nsx_api_user,
             nsx_password=cfg.CONF.nsx_v3.nsx_api_password,
-        retriable_exceptions=retriables)
+            verbose=verbose)
+    else:
+        nsxpolicy_admin = nsxpolicy
 
     with utils.NsxV3PluginWrapper(verbose=verbose) as plugin:
         # Make sure FWaaS was initialized

vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py

@@ -45,6 +45,11 @@ def get_nsxv3_client(nsx_username=None, nsx_password=None,
                                 plugin_conf).client
 
 
+def reset_global_nsxlib():
+    global _NSXLIB
+    _NSXLIB = None
+
+
 def get_connected_nsxlib(nsx_username=None, nsx_password=None,
                          use_basic_auth=False,
                          plugin_conf=None,