From 662ea914741a41c0e9a673f8a0d451b2babefb58 Mon Sep 17 00:00:00 2001 From: Adit Sarfaty Date: Mon, 31 Dec 2018 13:43:07 +0200 Subject: [PATCH] NSX|P: Plugin code cleanup - create/delete service router functions - remove TODOs that already done - move some code to common Change-Id: If11ff42afb3d6952d52868188224cb6c6b8af132 --- vmware_nsx/plugins/common_v3/plugin.py | 39 ++++++++++++ vmware_nsx/plugins/nsx_p/plugin.py | 82 ++++++++------------------ vmware_nsx/plugins/nsx_v3/plugin.py | 38 +----------- 3 files changed, 68 insertions(+), 91 deletions(-) diff --git a/vmware_nsx/plugins/common_v3/plugin.py b/vmware_nsx/plugins/common_v3/plugin.py index 21f78401b8..1c775db0e1 100644 --- a/vmware_nsx/plugins/common_v3/plugin.py +++ b/vmware_nsx/plugins/common_v3/plugin.py @@ -20,6 +20,7 @@ from oslo_db import exception as db_exc from oslo_log import log as logging from oslo_utils import excutils from sqlalchemy import exc as sql_exc +import webob.exc from six import moves @@ -44,6 +45,7 @@ from neutron_lib.api.definitions import external_net as extnet_apidef from neutron_lib.api.definitions import port_security as psec from neutron_lib.api.definitions import portbindings as pbin from neutron_lib.api.definitions import provider_net as pnet +from neutron_lib.api import faults from neutron_lib.api import validators from neutron_lib.api.validators import availability_zone as az_validator from neutron_lib import constants @@ -127,6 +129,26 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, "native DHCP service is not supported", az._native_dhcp_profile_uuid) + def _extend_fault_map(self): + """Extends the Neutron Fault Map. + + Exceptions specific to the NSX Plugin are mapped to standard + HTTP Exceptions. + """ + faults.FAULT_MAP.update({nsx_lib_exc.ManagerError: + webob.exc.HTTPBadRequest, + nsx_lib_exc.ServiceClusterUnavailable: + webob.exc.HTTPServiceUnavailable, + nsx_lib_exc.ClientCertificateNotTrusted: + webob.exc.HTTPBadRequest, + nsx_exc.SecurityGroupMaximumCapacityReached: + webob.exc.HTTPBadRequest, + nsx_lib_exc.NsxLibInvalidInput: + webob.exc.HTTPBadRequest, + nsx_exc.NsxENSPortSecurity: + webob.exc.HTTPBadRequest, + }) + def _get_conf_attr(self, attr): plugin_cfg = getattr(cfg.CONF, self.cfg_group) return getattr(plugin_cfg, attr) @@ -1529,3 +1551,20 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, "router address %s") % ip_address LOG.error(msg) raise n_exc.InvalidInput(error_message=msg) + + def _need_router_snat_rules(self, context, router_id, subnet, + gw_address_scope): + # if the subnets address scope is the same as the gateways: + # no need for SNAT + if gw_address_scope: + subnet_address_scope = self._get_subnetpool_address_scope( + context, subnet['subnetpool_id']) + if (gw_address_scope == subnet_address_scope): + LOG.info("No need for SNAT rule for router %(router)s " + "and subnet %(subnet)s because they use the " + "same address scope %(addr_scope)s.", + {'router': router_id, + 'subnet': subnet['id'], + 'addr_scope': gw_address_scope}) + return False + return True diff --git a/vmware_nsx/plugins/nsx_p/plugin.py b/vmware_nsx/plugins/nsx_p/plugin.py index c14d5829ea..0196698135 100644 --- a/vmware_nsx/plugins/nsx_p/plugin.py +++ b/vmware_nsx/plugins/nsx_p/plugin.py @@ -20,7 +20,6 @@ from oslo_db import exception as db_exc from oslo_log import log from oslo_utils import excutils from oslo_utils import uuidutils -import webob.exc from neutron.db import l3_db from neutron.db.models import l3 as l3_db_models @@ -35,7 +34,6 @@ from neutron_lib.api.definitions import l3 as l3_apidef from neutron_lib.api.definitions import port_security as psec from neutron_lib.api.definitions import provider_net as pnet from neutron_lib.api.definitions import vlantransparent as vlan_apidef -from neutron_lib.api import faults from neutron_lib.api import validators from neutron_lib.callbacks import events from neutron_lib.callbacks import registry @@ -281,25 +279,6 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): payload=payload) self.init_is_complete = True - def _extend_fault_map(self): - """Extends the Neutron Fault Map. - - Exceptions specific to the NSX Plugin are mapped to standard - HTTP Exceptions. - """ - #TODO(asarfaty): consider reusing the nsx-t code here - faults.FAULT_MAP.update({nsx_lib_exc.ManagerError: - webob.exc.HTTPBadRequest, - nsx_lib_exc.ServiceClusterUnavailable: - webob.exc.HTTPServiceUnavailable, - nsx_lib_exc.ClientCertificateNotTrusted: - webob.exc.HTTPBadRequest, - nsx_exc.SecurityGroupMaximumCapacityReached: - webob.exc.HTTPBadRequest, - nsx_lib_exc.NsxLibInvalidInput: - webob.exc.HTTPBadRequest, - }) - def _create_network_on_backend(self, context, net_data, transparent_vlan, provider_data): @@ -582,7 +561,6 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): def _create_port_on_backend(self, context, port_data, is_psec_on): # TODO(annak): admin_state not supported by policy - # TODO(annak): handle exclude list name = self._build_port_name(context, port_data) address_bindings = self._build_port_address_bindings( context, port_data) @@ -898,20 +876,9 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): def _add_subnet_snat_rule(self, context, router_id, subnet, gw_address_scope, gw_ip): - # if the subnets address scope is the same as the gateways: - # no need for SNAT - #TODO(asarfaty): move to common code - if gw_address_scope: - subnet_address_scope = self._get_subnetpool_address_scope( - context, subnet['subnetpool_id']) - if (gw_address_scope == subnet_address_scope): - LOG.info("No need for SNAT rule for router %(router)s " - "and subnet %(subnet)s because they use the " - "same address scope %(addr_scope)s.", - {'router': router_id, - 'subnet': subnet['id'], - 'addr_scope': gw_address_scope}) - return + if not self._need_router_snat_rules(context, router_id, subnet, + gw_address_scope): + return self.nsxpolicy.tier1_nat_rule.create_or_overwrite( 'snat for subnet %s' % subnet['id'], @@ -953,6 +920,27 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): router_id, nat_rule_id=self._get_snat_rule_id(subnet)) + def _get_edge_cluster_path(self, tier0_uuid, router): + # TODO(asarfaty): Add support for edge cluster from the AZ config + return self.nsxpolicy.tier0.get_edge_cluster_path( + tier0_uuid) + + def create_service_router(self, context, router_id): + router = self._get_router(context, router_id) + tier0_uuid = self._get_tier0_uuid_by_router(context, router) + edge_cluster_path = self._get_edge_cluster_path( + tier0_uuid, router) + if edge_cluster_path: + self.nsxpolicy.tier1.set_edge_cluster_path( + router_id, edge_cluster_path) + else: + LOG.error("Tier0 %s does not have an edge cluster", + tier0_uuid) + + def delete_service_router(self, router_id): + # remove the edge cluster from the tier1 router + self.nsxpolicy.tier1.remove_edge_cluster(router_id) + def _update_router_gw_info(self, context, router_id, info): # Get the original data of the router GW router = self._get_router(context, router_id) @@ -982,14 +970,7 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): lb_exist=False) if actions['add_service_router']: - edge_cluster = self.nsxpolicy.tier0.get_edge_cluster_path( - new_tier0_uuid) - if edge_cluster: - self.nsxpolicy.tier1.set_edge_cluster_path( - router_id, edge_cluster) - else: - LOG.error("Tier0 %s does not have an edge cluster", - new_tier0_uuid) + self.create_service_router(context, router_id) if actions['remove_snat_rules']: for subnet in router_subnets: @@ -1009,8 +990,6 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): # Set/Unset the router TZ to allow vlan switches traffic if cfg.CONF.nsx_p.allow_passthrough: - # TODO(asarfaty) need to wait for realization before using - # the passthrough api if new_tier0_uuid: tz_uuid = self.nsxpolicy.tier0.get_overlay_transport_zone( new_tier0_uuid) @@ -1040,19 +1019,13 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): subnets=actions['advertise_route_connected_flag']) if actions['remove_service_router']: - # Disable edge firewall before removing the service router - #TODO(asarfaty) no api for this yet. Use passthrough api when - # adding fwaas support - - # remove the edge cluster - self.nsxpolicy.tier1.remove_edge_cluster(router_id) + self.delete_service_router(router_id) def create_router(self, context, router): r = router['router'] gw_info = self._extract_external_gw(context, router, is_extract=True) # validate the availability zone, and get the AZ object - # TODO(asarfaty): router AZ is not used for anything yet self._validate_obj_az_on_creation(context, r, 'router') with db_api.CONTEXT_WRITER.using(context): @@ -1473,9 +1446,6 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): "%(e)s") % {'e': e}) raise nsx_exc.NsxPluginException(err_msg=msg) - # create exclude port group - # TODO(asarfaty): add this while handling port security disabled - def _create_security_group_backend_resources(self, context, secgroup, domain_id): """Create communication map (=section) and group (=NS group) diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py index db188747f5..4c68e392cb 100644 --- a/vmware_nsx/plugins/nsx_v3/plugin.py +++ b/vmware_nsx/plugins/nsx_v3/plugin.py @@ -23,7 +23,6 @@ from neutron_lib.api.definitions import external_net as extnet_apidef from neutron_lib.api.definitions import l3 as l3_apidef from neutron_lib.api.definitions import port_security as psec from neutron_lib.api import extensions -from neutron_lib.api import faults from neutron_lib.db import api as db_api from neutron_lib.db import resource_extend from neutron_lib.db import utils as db_utils @@ -63,7 +62,6 @@ from oslo_utils import excutils from oslo_utils import importutils from oslo_utils import uuidutils from sqlalchemy import exc as sql_exc -import webob.exc from vmware_nsx._i18n import _ from vmware_nsx.api_replay import utils as api_replay_utils @@ -459,26 +457,6 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base, def _get_octavia_stats_getter(self): return listener_mgr.stats_getter - def _extend_fault_map(self): - """Extends the Neutron Fault Map. - - Exceptions specific to the NSX Plugin are mapped to standard - HTTP Exceptions. - """ - faults.FAULT_MAP.update({nsx_lib_exc.ManagerError: - webob.exc.HTTPBadRequest, - nsx_lib_exc.ServiceClusterUnavailable: - webob.exc.HTTPServiceUnavailable, - nsx_lib_exc.ClientCertificateNotTrusted: - webob.exc.HTTPBadRequest, - nsx_exc.SecurityGroupMaximumCapacityReached: - webob.exc.HTTPBadRequest, - nsx_lib_exc.NsxLibInvalidInput: - webob.exc.HTTPBadRequest, - nsx_exc.NsxENSPortSecurity: - webob.exc.HTTPBadRequest, - }) - def _init_fwaas(self): if fwaas_utils.is_fwaas_v1_plugin_enabled(): LOG.info("NSXv3 FWaaS v1 plugin enabled") @@ -3015,19 +2993,9 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base, def _add_subnet_snat_rule(self, context, router_id, nsx_router_id, subnet, gw_address_scope, gw_ip): - # if the subnets address scope is the same as the gateways: - # no need for SNAT - if gw_address_scope: - subnet_address_scope = self._get_subnetpool_address_scope( - context, subnet['subnetpool_id']) - if (gw_address_scope == subnet_address_scope): - LOG.info("No need for SNAT rule for router %(router)s " - "and subnet %(subnet)s because they use the " - "same address scope %(addr_scope)s.", - {'router': router_id, - 'subnet': subnet['id'], - 'addr_scope': gw_address_scope}) - return + if not self._need_router_snat_rules(context, router_id, subnet, + gw_address_scope): + return self.nsxlib.router.add_gw_snat_rule(nsx_router_id, gw_ip, source_net=subnet['cidr'],