NSX|P: use edge nodes nsx ids for validation

In some cases the edge policy ids are different from the nsx ids.
Since validation is using those ids with the nsxlib objects, the nsx ids
should be used.

In addition - Do not fail plugin init or neutron action when failing to get
the transport nodes. Just issue a warning

Change-Id: I080ac86b1cebf66f11749c5256d1885a9bc7ef9f
This commit is contained in:
asarfaty 2020-06-08 10:46:51 +02:00
parent 828ebac314
commit 5392b3e6a9
4 changed files with 52 additions and 20 deletions

View File

@ -20,6 +20,7 @@ from vmware_nsx.common import availability_zones as common_az
from vmware_nsx.common import config
from vmware_nsx.common import exceptions as nsx_exc
from vmware_nsx.plugins.common_v3 import availability_zones as v3_az
from vmware_nsx.plugins.nsx_p import utils
from vmware_nsxlib.v3 import exceptions as nsx_lib_exc
from vmware_nsxlib.v3 import nsx_constants
from vmware_nsxlib.v3.policy import utils as p_utils
@ -181,16 +182,15 @@ class NsxPAvailabilityZone(v3_az.NsxV3AvailabilityZone):
else:
self._native_md_proxy_uuid = None
def _get_edge_cluster_tzs(self, nsxpolicy, nsxlib, ec_uuid):
ec_nodes = nsxpolicy.edge_cluster.get_edge_node_ids(ec_uuid)
ec_tzs = []
for tn_uuid in ec_nodes:
ec_tzs.extend(nsxlib.transport_node.get_transport_zones(
tn_uuid))
return ec_tzs
def _validate_tz(self, nsxpolicy, nsxlib, obj_type, obj_id, ec_uuid):
obj_tzs = self._get_edge_cluster_tzs(nsxpolicy, nsxlib, ec_uuid)
try:
obj_tzs = utils.get_edge_cluster_tzs(nsxpolicy, nsxlib, ec_uuid)
except nsx_lib_exc.ResourceNotFound as e:
# Do not fail plugin init if this code fails
LOG.warning("Failed to get edge cluster %s transport zones: %s",
ec_uuid, e)
return
if self._default_overlay_tz_uuid not in obj_tzs:
msg = (_("%(type)s %(id)s of availability zone %(az)s with edge "
"cluster %(ec)s does not match the default overlay tz "

View File

@ -76,6 +76,7 @@ from vmware_nsx.extensions import secgroup_rule_local_ip_prefix as sg_prefix
from vmware_nsx.extensions import securitygrouplogging as sg_logging
from vmware_nsx.plugins.common_v3 import plugin as nsx_plugin_common
from vmware_nsx.plugins.nsx_p import availability_zones as nsxp_az
from vmware_nsx.plugins.nsx_p import utils as plugin_utils
from vmware_nsx.plugins.nsx_v3 import utils as v3_utils
from vmware_nsx.services.fwaas.common import utils as fwaas_utils
from vmware_nsx.services.fwaas.nsx_p import fwaas_callbacks_v2
@ -1017,11 +1018,16 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
dhcp_ec_path = self.nsxpolicy.dhcp_server_config.get(
az._policy_dhcp_server_config).get('edge_cluster_path')
ec_id = p_utils.path_to_id(dhcp_ec_path)
ec_nodes = self.nsxlib.edge_cluster.get_transport_nodes(ec_id)
ec_tzs = []
for tn_uuid in ec_nodes:
ec_tzs.extend(self.nsxlib.transport_node.get_transport_zones(
tn_uuid))
try:
ec_tzs = plugin_utils.get_edge_cluster_tzs(
self.nsxpolicy, self.nsxlib, ec_id)
except nsx_lib_exc.ResourceNotFound as e:
# Do not fail neutron action init if this code fails
LOG.warning("Failed to get edge cluster %s transport zones: %s",
ec_id, e)
return
if net_tz not in ec_tzs:
msg = (_('Network TZ %(tz)s does not match DHCP server '
'edge cluster %(ec)s') %
@ -4197,11 +4203,15 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
md_ec = self.nsxlib.native_md_proxy.get(
mdproxy_uuid).get('edge_cluster_id')
ec_nodes = self.nsxpolicy.edge_cluster.get_edge_node_ids(md_ec)
ec_tzs = []
for tn_uuid in ec_nodes:
ec_tzs.extend(self.nsxlib.transport_node.get_transport_zones(
tn_uuid))
try:
ec_tzs = plugin_utils.get_edge_cluster_tzs(
self.nsxpolicy, self.nsxlib, md_ec)
except nsx_lib_exc.ResourceNotFound as e:
# Do not fail neutron action init if this code fails
LOG.warning("Failed to get edge cluster %s transport zones: %s",
md_ec, e)
return True
if tz_uuid not in ec_tzs:
return False
return True

View File

@ -0,0 +1,22 @@
# Copyright 2020 VMware, Inc.
# All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
def get_edge_cluster_tzs(nsxpolicy, nsxlib, ec_uuid):
ec_nodes = nsxpolicy.edge_cluster.get_edge_node_nsx_ids(ec_uuid)
ec_tzs = []
for tn_uuid in ec_nodes:
ec_tzs.extend(nsxlib.transport_node.get_transport_zones(
tn_uuid))
return ec_tzs

View File

@ -137,7 +137,7 @@ class NsxPPluginTestCaseMixin(
mock.patch("vmware_nsxlib.v3.policy.core_resources.NsxPolicyTier0Api."
"get_edge_cluster_path", return_value="x/1").start()
mock.patch("vmware_nsxlib.v3.policy.core_resources."
"NsxPolicyEdgeClusterApi.get_edge_node_ids",
"NsxPolicyEdgeClusterApi.get_edge_node_nsx_ids",
return_value=["node1"]).start()
mock.patch("vmware_nsxlib.v3.NsxLib.get_tag_limits",
return_value=nsxlib_utils.TagLimits(20, 40, 15)).start()