Browse Source

AdminUtils NSXv3: Fix SG admin utils and their documantation

The nsxv3 security groups documentation was wrong.
In addition, fixed some function calls.

Change-Id: I38a0013775c848ff41fb0771a2114730e1d59cbe
changes/64/436364/5
Adit Sarfaty 5 years ago
parent
commit
4f929e8fdb
  1. 35
      doc/source/admin_util.rst
  2. 6
      vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py

35
doc/source/admin_util.rst

@ -215,7 +215,7 @@ Metadata
NSXv3
-----
The following resources are supported: 'security-groups', 'routers', 'networks', 'nsx-security-groups', 'dhcp-binding', 'metadata-proxy', 'orphaned-dhcp-servers', and 'ports'.
The following resources are supported: 'security-groups', 'routers', 'networks', 'nsx-security-groups', 'dhcp-binding', 'metadata-proxy', 'orphaned-dhcp-servers', 'firewall-sections', 'certificate', and 'ports'.
Networks
~~~~~~~~
@ -242,36 +242,39 @@ Ports
nsxadmin -r ports -o nsx-migrate-v-v3
Security Groups
~~~~~~~~~~~~~~~
Security Groups & NSX Security Groups
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- List backed security groups::
nsx -r security-groups -o nsx-list
nsxadmin -r nsx-security-groups -o list
- List neutron DB security groups::
- List neutron security groups::
nsx -r security-groups -o neutron-list
nsxadmin -r security-groups -o list
- List both backend and neutron security groups::
- Fix mismatch sections in security group::
nsx -r security-groups -o list
nsxadmin -r security-groups -o fix-mismatch
- Cleanup NSX backend sections and nsgroups::
- List nsx security groups with mismatch sections::
nsx -r security-groups -o nsx-clean
nsxadmin -r nsx-security-groups -o list-mismatches
- Cleanup Neutron DB security groups::
- Update NSX security groups dynamic criteria for NSXv3 CrossHairs::
nsxadmin -r nsx-security-groups -o migrate-to-dynamic-criteria
nsx -r security-groups -o neutron-clean
Firewall Sections
~~~~~~~~~~~~~~~~~
- Cleanup both Neutron DB security groups and NSX backend sections and nsgroups::
- List backed firewall sections::
nsx -r security-groups -o clean
nsxadmin -r firewall-sections -o list
- Update NSX security groups dynamic criteria for NSXv3 CrossHairs::
- List security groups with missing sections::
nsx -r nsx-security-groups -o migrate-to-dynamic-criteria
nsxadmin -r firewall-sections -o list-mismatches
Metadata Proxy
~~~~~~~~~~~~~~

6
vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py

@ -226,8 +226,8 @@ def fix_security_groups(resource, event, trigger, **kwargs):
# should already have them.
if not utils.is_nsx_version_1_1_0(plugin._nsx_version):
members = []
for port_id in neutron_db.get_ports_in_security_group(sg_id):
lport_id = neutron_db.get_logical_port_id(port_id)
for port_id in neutron_sg.get_ports_in_security_group(sg_id):
lport_id = neutron_sg.get_logical_port_id(port_id)
members.append(lport_id)
nsxlib.ns_group.add_members(
nsgroup['id'], consts.TARGET_TYPE_LOGICAL_PORT, members)
@ -246,8 +246,6 @@ def fix_security_groups(resource, event, trigger, **kwargs):
secgroup.get(sg_logging.LOGGING, False), action,
secgroup['security_group_rules'])
plugin.save_security_group_rule_mappings(context_, rules['rules'])
# Add nsgroup to a nested group
plugin.nsgroup_manager.add_nsgroup(nsgroup['id'])
def _update_ports_dynamic_criteria_tags():

Loading…
Cancel
Save