x
/
vmware-nsx
Code Issues Proposed changes

V2T validation: verify external subnets before migration 

Check that the future external networks will not overlap with the tier0 uplinks

Change-Id: I4678f345a8b2e6d10d027d4b109e4604a37f685a
This commit is contained in:
asarfaty 2021-02-09 16:23:10 +02:00 committed by Adit Sarfaty
parent 3da2d4b15f
commit 5a06bdd958
3 changed files with 68 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/source/admin_util.rst
View File

@ -680,6 +680,16 @@ NSX Policy Plugin
nsxadmin -r nsx-migrate-t2p -o clean-all
- Cleanup redundant migrated objects post V2T migration::
nsxadmin -r nsx-migrate-v2t -o clean-all
- Disable/Restore Tier0 redistribution of tier1 routes during the V2T migration::
nsxadmin -r nsx-migrate-v2t -o nsx-redistribute --property action=disable/restore --property tier0s=a,b,c
- Validate external subnets cidrs before V2T migration::
nsxadmin -r nsx-migrate-v2t -o validate --property ext-net=<path> --property ext-cidr=<path>
Client Certificate
~~~~~~~~~~~~~~~~~~
@ -704,12 +714,6 @@ Client Certificate
nsxadmin -r certificate -o nsx-list
- Cleanup redundant migrated objects post V2T migration::
nsxadmin -r nsx-migrate-v2t -o clean-all
- Disable/Restore Tier0 redistribution of tier1 routes during the migration::
nsxadmin -r nsx-migrate-v2t -o nsx-redistribute --property action=disable/restore --property tier0s=a,b,c
Steps to create a TVD admin user
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

57
vmware_nsx/shell/admin/plugins/nsxp/resources/migration.py
View File

@ -13,6 +13,9 @@
# under the License.
import copy
import sys
import netaddr
from neutron_lib.callbacks import registry
from oslo_log import log as logging
@ -154,6 +157,56 @@ def migration_tier0_redistribute(resource, event, trigger, **kwargs):
LOG.error("%s", errmsg)
def _cidrs_overlap(cidr0, cidr1):
return cidr0.first <= cidr1.last and cidr1.first <= cidr0.last
@admin_utils.output_header
def migration_validate_external_cidrs(resource, event, trigger, **kwargs):
"""Before V2T migration, validate that the external subnets cidrs
do not overlap the tier0 uplinks
"""
errmsg = ("Need to specify --property ext-net=<path> --property "
"ext-cidr=<path>")
if not kwargs.get('property'):
LOG.error("%s", errmsg)
return
properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
ext_net_file = properties.get('ext-net')
ext_cidr_file = properties.get('ext-cidr')
if not ext_net_file or not ext_cidr_file:
LOG.error("%s", errmsg)
return
with open(ext_net_file, 'r') as myfile:
# maps external network neutron id to tier0
data = myfile.read()
external_networks = jsonutils.loads(data)
with open(ext_cidr_file, 'r') as myfile:
# maps external network neutron id to its cidr
data = myfile.read()
external_cidrs = jsonutils.loads(data)
nsxpolicy = p_utils.get_connected_nsxpolicy()
for net_id in external_cidrs:
net_cidr = netaddr.IPNetwork(external_cidrs[net_id]).cidr
tier0 = external_networks.get(net_id)
if not tier0:
LOG.warning("Could not find network %s in %s",
net_id, ext_net_file)
else:
tier0_cidrs = nsxpolicy.tier0.get_uplink_cidrs(tier0)
for cidr in tier0_cidrs:
tier0_subnet = netaddr.IPNetwork(cidr).cidr
if _cidrs_overlap(tier0_subnet, net_cidr):
LOG.error("External subnet of network %s cannot overlap "
"with T0 %s uplink cidr %s", net_id, tier0, cidr)
sys.exit(1)
sys.exit(0)
registry.subscribe(cleanup_db_mappings,
constants.NSX_MIGRATE_T_P,
shell.Operations.CLEAN_ALL.value)
@ -165,3 +218,7 @@ registry.subscribe(post_v2t_migration_cleanups,
registry.subscribe(migration_tier0_redistribute,
constants.NSX_MIGRATE_V_T,
shell.Operations.NSX_REDISTRIBUTE.value)
registry.subscribe(migration_validate_external_cidrs,
constants.NSX_MIGRATE_V_T,
shell.Operations.VALIDATE.value)

1
vmware_nsx/shell/resources.py
View File

@ -292,6 +292,7 @@ nsxp_resources = {
[Operations.CLEAN_ALL.value]),
constants.NSX_MIGRATE_V_T: Resource(constants.NSX_MIGRATE_V_T,
[Operations.CLEAN_ALL.value,
Operations.VALIDATE.value,
Operations.NSX_REDISTRIBUTE.value]),
}