NSX|P: Plugin code cleanup
- create/delete service router functions - remove TODOs that already done - move some code to common Change-Id: If11ff42afb3d6952d52868188224cb6c6b8af132
This commit is contained in:
Adit Sarfaty
parent
b32ba15b0e
commit
662ea91474
@ -20,6 +20,7 @@ from oslo_db import exception as db_exc
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils import excutils
|
||||
from sqlalchemy import exc as sql_exc
|
||||
import webob.exc
|
||||
|
||||
from six import moves
|
||||
|
||||
@ -44,6 +45,7 @@ from neutron_lib.api.definitions import external_net as extnet_apidef
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
from neutron_lib.api.definitions import portbindings as pbin
|
||||
from neutron_lib.api.definitions import provider_net as pnet
|
||||
from neutron_lib.api import faults
|
||||
from neutron_lib.api import validators
|
||||
from neutron_lib.api.validators import availability_zone as az_validator
|
||||
from neutron_lib import constants
|
||||
@ -127,6 +129,26 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
||||
"native DHCP service is not supported",
|
||||
az._native_dhcp_profile_uuid)
|
||||
|
||||
def _extend_fault_map(self):
|
||||
"""Extends the Neutron Fault Map.
|
||||
|
||||
Exceptions specific to the NSX Plugin are mapped to standard
|
||||
HTTP Exceptions.
|
||||
"""
|
||||
faults.FAULT_MAP.update({nsx_lib_exc.ManagerError:
|
||||
webob.exc.HTTPBadRequest,
|
||||
nsx_lib_exc.ServiceClusterUnavailable:
|
||||
webob.exc.HTTPServiceUnavailable,
|
||||
nsx_lib_exc.ClientCertificateNotTrusted:
|
||||
webob.exc.HTTPBadRequest,
|
||||
nsx_exc.SecurityGroupMaximumCapacityReached:
|
||||
webob.exc.HTTPBadRequest,
|
||||
nsx_lib_exc.NsxLibInvalidInput:
|
||||
webob.exc.HTTPBadRequest,
|
||||
nsx_exc.NsxENSPortSecurity:
|
||||
webob.exc.HTTPBadRequest,
|
||||
})
|
||||
|
||||
def _get_conf_attr(self, attr):
|
||||
plugin_cfg = getattr(cfg.CONF, self.cfg_group)
|
||||
return getattr(plugin_cfg, attr)
|
||||
@ -1529,3 +1551,20 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
||||
"router address %s") % ip_address
|
||||
LOG.error(msg)
|
||||
raise n_exc.InvalidInput(error_message=msg)
|
||||
|
||||
def _need_router_snat_rules(self, context, router_id, subnet,
|
||||
gw_address_scope):
|
||||
# if the subnets address scope is the same as the gateways:
|
||||
# no need for SNAT
|
||||
if gw_address_scope:
|
||||
subnet_address_scope = self._get_subnetpool_address_scope(
|
||||
context, subnet['subnetpool_id'])
|
||||
if (gw_address_scope == subnet_address_scope):
|
||||
LOG.info("No need for SNAT rule for router %(router)s "
|
||||
"and subnet %(subnet)s because they use the "
|
||||
"same address scope %(addr_scope)s.",
|
||||
{'router': router_id,
|
||||
'subnet': subnet['id'],
|
||||
'addr_scope': gw_address_scope})
|
||||
return False
|
||||
return True
|
||||
|
||||
@ -20,7 +20,6 @@ from oslo_db import exception as db_exc
|
||||
from oslo_log import log
|
||||
from oslo_utils import excutils
|
||||
from oslo_utils import uuidutils
|
||||
import webob.exc
|
||||
|
||||
from neutron.db import l3_db
|
||||
from neutron.db.models import l3 as l3_db_models
|
||||
@ -35,7 +34,6 @@ from neutron_lib.api.definitions import l3 as l3_apidef
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
from neutron_lib.api.definitions import provider_net as pnet
|
||||
from neutron_lib.api.definitions import vlantransparent as vlan_apidef
|
||||
from neutron_lib.api import faults
|
||||
from neutron_lib.api import validators
|
||||
from neutron_lib.callbacks import events
|
||||
from neutron_lib.callbacks import registry
|
||||
@ -281,25 +279,6 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
|
||||
payload=payload)
|
||||
self.init_is_complete = True
|
||||
|
||||
def _extend_fault_map(self):
|
||||
"""Extends the Neutron Fault Map.
|
||||
|
||||
Exceptions specific to the NSX Plugin are mapped to standard
|
||||
HTTP Exceptions.
|
||||
"""
|
||||
#TODO(asarfaty): consider reusing the nsx-t code here
|
||||
faults.FAULT_MAP.update({nsx_lib_exc.ManagerError:
|
||||
webob.exc.HTTPBadRequest,
|
||||
nsx_lib_exc.ServiceClusterUnavailable:
|
||||
webob.exc.HTTPServiceUnavailable,
|
||||
nsx_lib_exc.ClientCertificateNotTrusted:
|
||||
webob.exc.HTTPBadRequest,
|
||||
nsx_exc.SecurityGroupMaximumCapacityReached:
|
||||
webob.exc.HTTPBadRequest,
|
||||
nsx_lib_exc.NsxLibInvalidInput:
|
||||
webob.exc.HTTPBadRequest,
|
||||
})
|
||||
|
||||
def _create_network_on_backend(self, context, net_data,
|
||||
transparent_vlan,
|
||||
provider_data):
|
||||
@ -582,7 +561,6 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
|
||||
|
||||
def _create_port_on_backend(self, context, port_data, is_psec_on):
|
||||
# TODO(annak): admin_state not supported by policy
|
||||
# TODO(annak): handle exclude list
|
||||
name = self._build_port_name(context, port_data)
|
||||
address_bindings = self._build_port_address_bindings(
|
||||
context, port_data)
|
||||
@ -898,19 +876,8 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
|
||||
|
||||
def _add_subnet_snat_rule(self, context, router_id, subnet,
|
||||
gw_address_scope, gw_ip):
|
||||
# if the subnets address scope is the same as the gateways:
|
||||
# no need for SNAT
|
||||
#TODO(asarfaty): move to common code
|
||||
if gw_address_scope:
|
||||
subnet_address_scope = self._get_subnetpool_address_scope(
|
||||
context, subnet['subnetpool_id'])
|
||||
if (gw_address_scope == subnet_address_scope):
|
||||
LOG.info("No need for SNAT rule for router %(router)s "
|
||||
"and subnet %(subnet)s because they use the "
|
||||
"same address scope %(addr_scope)s.",
|
||||
{'router': router_id,
|
||||
'subnet': subnet['id'],
|
||||
'addr_scope': gw_address_scope})
|
||||
if not self._need_router_snat_rules(context, router_id, subnet,
|
||||
gw_address_scope):
|
||||
return
|
||||
|
||||
self.nsxpolicy.tier1_nat_rule.create_or_overwrite(
|
||||
@ -953,6 +920,27 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
|
||||
router_id,
|
||||
nat_rule_id=self._get_snat_rule_id(subnet))
|
||||
|
||||
def _get_edge_cluster_path(self, tier0_uuid, router):
|
||||
# TODO(asarfaty): Add support for edge cluster from the AZ config
|
||||
return self.nsxpolicy.tier0.get_edge_cluster_path(
|
||||
tier0_uuid)
|
||||
|
||||
def create_service_router(self, context, router_id):
|
||||
router = self._get_router(context, router_id)
|
||||
tier0_uuid = self._get_tier0_uuid_by_router(context, router)
|
||||
edge_cluster_path = self._get_edge_cluster_path(
|
||||
tier0_uuid, router)
|
||||
if edge_cluster_path:
|
||||
self.nsxpolicy.tier1.set_edge_cluster_path(
|
||||
router_id, edge_cluster_path)
|
||||
else:
|
||||
LOG.error("Tier0 %s does not have an edge cluster",
|
||||
tier0_uuid)
|
||||
|
||||
def delete_service_router(self, router_id):
|
||||
# remove the edge cluster from the tier1 router
|
||||
self.nsxpolicy.tier1.remove_edge_cluster(router_id)
|
||||
|
||||
def _update_router_gw_info(self, context, router_id, info):
|
||||
# Get the original data of the router GW
|
||||
router = self._get_router(context, router_id)
|
||||
@ -982,14 +970,7 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
|
||||
lb_exist=False)
|
||||
|
||||
if actions['add_service_router']:
|
||||
edge_cluster = self.nsxpolicy.tier0.get_edge_cluster_path(
|
||||
new_tier0_uuid)
|
||||
if edge_cluster:
|
||||
self.nsxpolicy.tier1.set_edge_cluster_path(
|
||||
router_id, edge_cluster)
|
||||
else:
|
||||
LOG.error("Tier0 %s does not have an edge cluster",
|
||||
new_tier0_uuid)
|
||||
self.create_service_router(context, router_id)
|
||||
|
||||
if actions['remove_snat_rules']:
|
||||
for subnet in router_subnets:
|
||||
@ -1009,8 +990,6 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
|
||||
|
||||
# Set/Unset the router TZ to allow vlan switches traffic
|
||||
if cfg.CONF.nsx_p.allow_passthrough:
|
||||
# TODO(asarfaty) need to wait for realization before using
|
||||
# the passthrough api
|
||||
if new_tier0_uuid:
|
||||
tz_uuid = self.nsxpolicy.tier0.get_overlay_transport_zone(
|
||||
new_tier0_uuid)
|
||||
@ -1040,19 +1019,13 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
|
||||
subnets=actions['advertise_route_connected_flag'])
|
||||
|
||||
if actions['remove_service_router']:
|
||||
# Disable edge firewall before removing the service router
|
||||
#TODO(asarfaty) no api for this yet. Use passthrough api when
|
||||
# adding fwaas support
|
||||
|
||||
# remove the edge cluster
|
||||
self.nsxpolicy.tier1.remove_edge_cluster(router_id)
|
||||
self.delete_service_router(router_id)
|
||||
|
||||
def create_router(self, context, router):
|
||||
r = router['router']
|
||||
gw_info = self._extract_external_gw(context, router, is_extract=True)
|
||||
|
||||
# validate the availability zone, and get the AZ object
|
||||
# TODO(asarfaty): router AZ is not used for anything yet
|
||||
self._validate_obj_az_on_creation(context, r, 'router')
|
||||
|
||||
with db_api.CONTEXT_WRITER.using(context):
|
||||
@ -1473,9 +1446,6 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
|
||||
"%(e)s") % {'e': e})
|
||||
raise nsx_exc.NsxPluginException(err_msg=msg)
|
||||
|
||||
# create exclude port group
|
||||
# TODO(asarfaty): add this while handling port security disabled
|
||||
|
||||
def _create_security_group_backend_resources(self, context, secgroup,
|
||||
domain_id):
|
||||
"""Create communication map (=section) and group (=NS group)
|
||||
|
||||
@ -23,7 +23,6 @@ from neutron_lib.api.definitions import external_net as extnet_apidef
|
||||
from neutron_lib.api.definitions import l3 as l3_apidef
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
from neutron_lib.api import extensions
|
||||
from neutron_lib.api import faults
|
||||
from neutron_lib.db import api as db_api
|
||||
from neutron_lib.db import resource_extend
|
||||
from neutron_lib.db import utils as db_utils
|
||||
@ -63,7 +62,6 @@ from oslo_utils import excutils
|
||||
from oslo_utils import importutils
|
||||
from oslo_utils import uuidutils
|
||||
from sqlalchemy import exc as sql_exc
|
||||
import webob.exc
|
||||
|
||||
from vmware_nsx._i18n import _
|
||||
from vmware_nsx.api_replay import utils as api_replay_utils
|
||||
@ -459,26 +457,6 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
|
||||
def _get_octavia_stats_getter(self):
|
||||
return listener_mgr.stats_getter
|
||||
|
||||
def _extend_fault_map(self):
|
||||
"""Extends the Neutron Fault Map.
|
||||
|
||||
Exceptions specific to the NSX Plugin are mapped to standard
|
||||
HTTP Exceptions.
|
||||
"""
|
||||
faults.FAULT_MAP.update({nsx_lib_exc.ManagerError:
|
||||
webob.exc.HTTPBadRequest,
|
||||
nsx_lib_exc.ServiceClusterUnavailable:
|
||||
webob.exc.HTTPServiceUnavailable,
|
||||
nsx_lib_exc.ClientCertificateNotTrusted:
|
||||
webob.exc.HTTPBadRequest,
|
||||
nsx_exc.SecurityGroupMaximumCapacityReached:
|
||||
webob.exc.HTTPBadRequest,
|
||||
nsx_lib_exc.NsxLibInvalidInput:
|
||||
webob.exc.HTTPBadRequest,
|
||||
nsx_exc.NsxENSPortSecurity:
|
||||
webob.exc.HTTPBadRequest,
|
||||
})
|
||||
|
||||
def _init_fwaas(self):
|
||||
if fwaas_utils.is_fwaas_v1_plugin_enabled():
|
||||
LOG.info("NSXv3 FWaaS v1 plugin enabled")
|
||||
@ -3015,18 +2993,8 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
|
||||
|
||||
def _add_subnet_snat_rule(self, context, router_id, nsx_router_id, subnet,
|
||||
gw_address_scope, gw_ip):
|
||||
# if the subnets address scope is the same as the gateways:
|
||||
# no need for SNAT
|
||||
if gw_address_scope:
|
||||
subnet_address_scope = self._get_subnetpool_address_scope(
|
||||
context, subnet['subnetpool_id'])
|
||||
if (gw_address_scope == subnet_address_scope):
|
||||
LOG.info("No need for SNAT rule for router %(router)s "
|
||||
"and subnet %(subnet)s because they use the "
|
||||
"same address scope %(addr_scope)s.",
|
||||
{'router': router_id,
|
||||
'subnet': subnet['id'],
|
||||
'addr_scope': gw_address_scope})
|
||||
if not self._need_router_snat_rules(context, router_id, subnet,
|
||||
gw_address_scope):
|
||||
return
|
||||
|
||||
self.nsxlib.router.add_gw_snat_rule(nsx_router_id, gw_ip,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user