Browse Source

NSX|P: Support segment & port admin state

Before NSX 3.0 the passthrough api was used to update the admin state.
With NSX 3.0 it can be updated using the policy api.

In addition, adding a new admin utility to update this field when
upgrading to NSX 3.0

Change-Id: I4020c07db0f595b1f46014a409a585188c88454e
changes/49/705349/2
asarfaty 1 month ago
parent
commit
a20d2efded
5 changed files with 84 additions and 15 deletions
  1. +4
    -0
      doc/source/admin_util.rst
  2. +5
    -0
      vmware_nsx/common/utils.py
  3. +33
    -14
      vmware_nsx/plugins/nsx_p/plugin.py
  4. +39
    -0
      vmware_nsx/shell/admin/plugins/nsxp/resources/networks.py
  5. +3
    -1
      vmware_nsx/shell/resources.py

+ 4
- 0
doc/source/admin_util.rst View File

@@ -626,6 +626,10 @@ NSX Policy Plugin

nsxadmin -r networks -o list

- Sync admin state of networks and ports (Once upgraded to NSX 3.0 which supports policy admin state)::

nsxadmin -r networks -o nsx-update-state

- List all the neutron routers together with their NSX Policy objects and realization state::

nsxadmin -r routers -o list

+ 5
- 0
vmware_nsx/common/utils.py View File

@@ -100,6 +100,11 @@ def is_nsx_version_2_5_0(nsx_version):
version.LooseVersion(v3_const.NSX_VERSION_2_5_0))


def is_nsx_version_3_0_0(nsx_version):
return (version.LooseVersion(nsx_version) >=
version.LooseVersion(v3_const.NSX_VERSION_3_0_0))


def is_nsxv_version_6_2(nsx_version):
return (version.LooseVersion(nsx_version) >=
version.LooseVersion('6.2'))

+ 33
- 14
vmware_nsx/plugins/nsx_p/plugin.py View File

@@ -628,13 +628,20 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
'transport_zone_id': provider_data['physical_net'],
'tags': tags}

if (not admin_state and
self.nsxpolicy.feature_supported(
nsxlib_consts.FEATURE_NSX_POLICY_ADMIN_STATE)):
kwargs['admin_state'] = admin_state

if az.use_policy_md:
kwargs['metadata_proxy_id'] = az._native_md_proxy_uuid

self.nsxpolicy.segment.create_or_overwrite(
net_name, **kwargs)

if not admin_state and cfg.CONF.nsx_p.allow_passthrough:
if (not admin_state and cfg.CONF.nsx_p.allow_passthrough and
not self.nsxpolicy.feature_supported(
nsxlib_consts.FEATURE_NSX_POLICY_ADMIN_STATE)):
# This api uses the passthrough api
self.nsxpolicy.segment.set_admin_state(
net_data['id'], admin_state)
@@ -878,14 +885,25 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):

# Update the backend segment
if (not extern_net and not is_nsx_net and
('name' in net_data or 'description' in net_data)):
('name' in net_data or 'description' in net_data or
'admin_state_up' in net_data)):
net_name = utils.get_name_and_uuid(
updated_net['name'] or 'network', network_id)

kwargs = {'name': net_name,
'description': updated_net.get('description', '')}

if 'admin_state_up' in net_data:
if (self.nsxpolicy.feature_supported(
nsxlib_consts.FEATURE_NSX_POLICY_ADMIN_STATE)):
kwargs['admin_state'] = net_data['admin_state_up']
elif cfg.CONF.nsx_p.allow_passthrough:
# Update admin state using the passthrough api
self.nsxpolicy.segment.set_admin_state(
network_id, net_data['admin_state_up'])

try:
self.nsxpolicy.segment.update(
network_id,
name=net_name,
description=updated_net.get('description', ''))
self.nsxpolicy.segment.update(network_id, **kwargs)
except nsx_lib_exc.ManagerError:
LOG.exception("Unable to update NSX backend, rolling "
"back changes on neutron")
@@ -897,13 +915,6 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
super(NsxPolicyPlugin, self).update_network(
context, network_id, {'network': original_net})

if (not extern_net and not is_nsx_net and
'admin_state_up' in net_data and
cfg.CONF.nsx_p.allow_passthrough):
# Update admin state using the passthrough api
self.nsxpolicy.segment.set_admin_state(
network_id, net_data['admin_state_up'])

return updated_net

def _update_slaac_on_router(self, context, router_id,
@@ -1111,6 +1122,11 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
if vif_id:
kwargs['vif_id'] = vif_id

if (self.nsxpolicy.feature_supported(
nsxlib_consts.FEATURE_NSX_POLICY_ADMIN_STATE) and
'admin_state_up' in port_data):
kwargs['admin_state'] = port_data['admin_state_up']

# Create/ update the backend port in a single transaction
with policy_trans.NsxPolicyTransaction():
self.nsxpolicy.segment_port.create_or_overwrite(
@@ -1135,7 +1151,10 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):

# Update port admin status using passthrough api, only if it changed
# or new port with disabled admin state
if cfg.CONF.nsx_p.allow_passthrough and 'admin_state_up' in port_data:
if (not self.nsxpolicy.feature_supported(
nsxlib_consts.FEATURE_NSX_POLICY_ADMIN_STATE) and
cfg.CONF.nsx_p.allow_passthrough and
'admin_state_up' in port_data):
new_state = port_data['admin_state_up']
if ((is_create and new_state is False) or
(is_update and

+ 39
- 0
vmware_nsx/shell/admin/plugins/nsxp/resources/networks.py View File

@@ -12,11 +12,17 @@
# License for the specific language governing permissions and limitations
# under the License.

from neutron_lib.callbacks import registry
from neutron_lib import context
from oslo_log import log as logging

from vmware_nsx.shell.admin.plugins.common import constants
from vmware_nsx.shell.admin.plugins.common import utils as admin_utils
from vmware_nsx.shell.admin.plugins.nsxp.resources import utils as p_utils
import vmware_nsx.shell.resources as shell
from vmware_nsxlib.v3 import nsx_constants

LOG = logging.getLogger(__name__)


@admin_utils.list_handler(constants.NETWORKS)
@@ -46,3 +52,36 @@ def list_networks(resource, event, trigger, **kwargs):
mappings,
attrs=['Project', 'Name', 'ID', 'NSX status'])
return bool(mappings)


@admin_utils.output_header
def update_admin_state(resource, event, trigger, **kwargs):
"""Upon upgrade to NSX3 update policy segments & ports
So that the neutron admin state will match the policy one
"""
nsxpolicy = p_utils.get_connected_nsxpolicy()
if not nsxpolicy.feature_supported(
nsx_constants.FEATURE_NSX_POLICY_ADMIN_STATE):
LOG.error("This utility is not available for NSX version %s",
nsxpolicy.get_version())
return

ctx = context.get_admin_context()
with p_utils.NsxPolicyPluginWrapper() as plugin:
# Inconsistencies can happen only if the neutron state is Down
filters = {'admin_state_up': [False]}
nets = plugin.get_networks(ctx, filters=filters)
for net in nets:
seg_id = plugin._get_network_nsx_segment_id(ctx, net['id'])
nsxpolicy.segment.set_admin_state(seg_id, False)

ports = plugin.get_ports(ctx, filters=filters)
for port in ports:
seg_id = plugin._get_network_nsx_segment_id(
ctx, port['network_id'])
nsxpolicy.segment_port.set_admin_state(seg_id, port['id'], False)


registry.subscribe(update_admin_state,
constants.NETWORKS,
shell.Operations.NSX_UPDATE_STATE.value)

+ 3
- 1
vmware_nsx/shell/resources.py View File

@@ -52,6 +52,7 @@ class Operations(enum.Enum):
NSX_UPDATE_SECRET = 'nsx-update-secret'
NSX_UPDATE_RULES = 'nsx-update-rules'
NSX_UPDATE_DHCP_RELAY = 'nsx-update-dhcp-relay'
NSX_UPDATE_STATE = 'nsx-update-state'
NSX_ENABLE_STANDBY_RELOCATION = 'nsx-enable-standby-relocation'
NSX_UPDATE_IP = 'nsx-update-ip'
NSX_RECREATE = 'nsx-recreate'
@@ -260,7 +261,8 @@ nsxp_resources = {
constants.SECURITY_GROUPS: Resource(constants.SECURITY_GROUPS,
[Operations.LIST.value]),
constants.NETWORKS: Resource(constants.NETWORKS,
[Operations.LIST.value]),
[Operations.LIST.value,
Operations.NSX_UPDATE_STATE.value]),
constants.ROUTERS: Resource(constants.ROUTERS,
[Operations.LIST.value,
Operations.UPDATE_TIER0.value,

Loading…
Cancel
Save