x
/
vmware-nsx
Code Issues Proposed changes

Merge "NSXV: protect against stale LB bindings" into stable/victoria

This commit is contained in:
Zuul 2021-04-28 09:14:41 +00:00 committed by Gerrit Code Review
parent fd735e8c33 bfe663d99d
commit 995f42ab39
2 changed files with 36 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
vmware_nsx/plugins/nsx_v/drivers/exclusive_router_driver.py
View File

@ -12,6 +12,7 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
from oslo_config import cfg
from oslo_log import log as logging from oslo_log import log as logging
from neutron_lib import constants as n_consts from neutron_lib import constants as n_consts
@ -138,14 +139,30 @@ class RouterExclusiveDriver(router_driver.RouterBaseDriver):
context, router_id, gw_info, force_update=True) context, router_id, gw_info, force_update=True)
def delete_router(self, context, router_id): def delete_router(self, context, router_id):
edge_id, az_name = self.plugin._get_edge_id_and_az_by_rtr_id(
context, router_id)
if self.plugin.metadata_proxy_handler: if self.plugin.metadata_proxy_handler:
# The neutron router was already deleted, so we cannot get the AZ # The neutron router was already deleted, so we cannot get the AZ
# from it. Get it from the router-bindings DB # from it. Get it from the router-bindings DB
edge_id, az_name = self.plugin._get_edge_id_and_az_by_rtr_id(
context, router_id)
md_proxy = self.plugin.get_metadata_proxy_handler(az_name) md_proxy = self.plugin.get_metadata_proxy_handler(az_name)
if md_proxy: if md_proxy:
md_proxy.cleanup_router_edge(context, router_id) md_proxy.cleanup_router_edge(context, router_id)
# When LBs are hosted on router edges, there are cases where LB binding
# remains even though the LB is gone. While the router is protected
# from deletion when an LB exists, there's no proper cleanup for this
# binding entry so we clean it up here
if cfg.CONF.nsxv.use_routers_as_lbaas_platform:
lb_bindings = nsxv_db.get_nsxv_lbaas_loadbalancer_binding_by_edge(
context.session, edge_id)
for lb_binding in lb_bindings:
LOG.warning("Deleting stale LB binding for LB %s on edge %s",
lb_binding['loadbalancer_id'],
edge_id)
nsxv_db.del_nsxv_lbaas_loadbalancer_binding(
context.session, lb_binding['loadbalancer_id'])
self.edge_manager.delete_lrouter(context, router_id, dist=False) self.edge_manager.delete_lrouter(context, router_id, dist=False)
def update_routes(self, context, router_id, nexthop): def update_routes(self, context, router_id, nexthop):

9
vmware_nsx/plugins/nsx_v/plugin.py
View File

@ -4334,12 +4334,19 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
lb_rules = nsxv_db.get_nsxv_lbaas_loadbalancer_binding_by_edge( lb_rules = nsxv_db.get_nsxv_lbaas_loadbalancer_binding_by_edge(
context.session, edge_id) context.session, edge_id)
for rule in lb_rules: for rule in lb_rules:
vsm_rule = None
try:
vsm_rule = self.nsx_v.vcns.get_firewall_rule( vsm_rule = self.nsx_v.vcns.get_firewall_rule(
edge_id, rule['edge_fw_rule_id'])[1] edge_id, rule['edge_fw_rule_id'])[1]
except vsh_exc.ResourceNotFound:
LOG.error("LB firewall rule %s for edge %s exists in DB but "
"not in backend", rule['edge_fw_rule_id'], edge_id)
if vsm_rule:
lb_fw_rule = { lb_fw_rule = {
'action': edge_firewall_driver.FWAAS_ALLOW, 'action': edge_firewall_driver.FWAAS_ALLOW,
'enabled': vsm_rule['enabled'], 'enabled': vsm_rule['enabled'],
'destination_ip_address': vsm_rule['destination']['ipAddress'], 'destination_ip_address':
vsm_rule['destination']['ipAddress'],
'name': vsm_rule['name'], 'name': vsm_rule['name'],
'ruleId': vsm_rule['ruleId'] 'ruleId': vsm_rule['ruleId']
} }