NSX|P: Support segment & port admin state

Before NSX 3.0 the passthrough api was used to update the admin state.
With NSX 3.0 it can be updated using the policy api.

In addition, adding a new admin utility to update this field when
upgrading to NSX 3.0

Change-Id: I4020c07db0f595b1f46014a409a585188c88454e
This commit is contained in:
asarfaty 2020-01-14 10:43:57 +02:00 committed by Adit Sarfaty
parent f3c4d8330c
commit f60bdef4c9
5 changed files with 84 additions and 15 deletions

View File

@ -626,6 +626,10 @@ NSX Policy Plugin
nsxadmin -r networks -o list
- Sync admin state of networks and ports (Once upgraded to NSX 3.0 which supports policy admin state)::
nsxadmin -r networks -o nsx-update-state
- List all the neutron routers together with their NSX Policy objects and realization state::
nsxadmin -r routers -o list

View File

@ -100,6 +100,11 @@ def is_nsx_version_2_5_0(nsx_version):
version.LooseVersion(v3_const.NSX_VERSION_2_5_0))
def is_nsx_version_3_0_0(nsx_version):
return (version.LooseVersion(nsx_version) >=
version.LooseVersion(v3_const.NSX_VERSION_3_0_0))
def is_nsxv_version_6_2(nsx_version):
return (version.LooseVersion(nsx_version) >=
version.LooseVersion('6.2'))

View File

@ -628,13 +628,20 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
'transport_zone_id': provider_data['physical_net'],
'tags': tags}
if (not admin_state and
self.nsxpolicy.feature_supported(
nsxlib_consts.FEATURE_NSX_POLICY_ADMIN_STATE)):
kwargs['admin_state'] = admin_state
if az.use_policy_md:
kwargs['metadata_proxy_id'] = az._native_md_proxy_uuid
self.nsxpolicy.segment.create_or_overwrite(
net_name, **kwargs)
if not admin_state and cfg.CONF.nsx_p.allow_passthrough:
if (not admin_state and cfg.CONF.nsx_p.allow_passthrough and
not self.nsxpolicy.feature_supported(
nsxlib_consts.FEATURE_NSX_POLICY_ADMIN_STATE)):
# This api uses the passthrough api
self.nsxpolicy.segment.set_admin_state(
net_data['id'], admin_state)
@ -878,14 +885,25 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
# Update the backend segment
if (not extern_net and not is_nsx_net and
('name' in net_data or 'description' in net_data)):
('name' in net_data or 'description' in net_data or
'admin_state_up' in net_data)):
net_name = utils.get_name_and_uuid(
updated_net['name'] or 'network', network_id)
kwargs = {'name': net_name,
'description': updated_net.get('description', '')}
if 'admin_state_up' in net_data:
if (self.nsxpolicy.feature_supported(
nsxlib_consts.FEATURE_NSX_POLICY_ADMIN_STATE)):
kwargs['admin_state'] = net_data['admin_state_up']
elif cfg.CONF.nsx_p.allow_passthrough:
# Update admin state using the passthrough api
self.nsxpolicy.segment.set_admin_state(
network_id, net_data['admin_state_up'])
try:
self.nsxpolicy.segment.update(
network_id,
name=net_name,
description=updated_net.get('description', ''))
self.nsxpolicy.segment.update(network_id, **kwargs)
except nsx_lib_exc.ManagerError:
LOG.exception("Unable to update NSX backend, rolling "
"back changes on neutron")
@ -897,13 +915,6 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
super(NsxPolicyPlugin, self).update_network(
context, network_id, {'network': original_net})
if (not extern_net and not is_nsx_net and
'admin_state_up' in net_data and
cfg.CONF.nsx_p.allow_passthrough):
# Update admin state using the passthrough api
self.nsxpolicy.segment.set_admin_state(
network_id, net_data['admin_state_up'])
return updated_net
def _update_slaac_on_router(self, context, router_id,
@ -1111,6 +1122,11 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
if vif_id:
kwargs['vif_id'] = vif_id
if (self.nsxpolicy.feature_supported(
nsxlib_consts.FEATURE_NSX_POLICY_ADMIN_STATE) and
'admin_state_up' in port_data):
kwargs['admin_state'] = port_data['admin_state_up']
# Create/ update the backend port in a single transaction
with policy_trans.NsxPolicyTransaction():
self.nsxpolicy.segment_port.create_or_overwrite(
@ -1135,7 +1151,10 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
# Update port admin status using passthrough api, only if it changed
# or new port with disabled admin state
if cfg.CONF.nsx_p.allow_passthrough and 'admin_state_up' in port_data:
if (not self.nsxpolicy.feature_supported(
nsxlib_consts.FEATURE_NSX_POLICY_ADMIN_STATE) and
cfg.CONF.nsx_p.allow_passthrough and
'admin_state_up' in port_data):
new_state = port_data['admin_state_up']
if ((is_create and new_state is False) or
(is_update and

View File

@ -12,11 +12,17 @@
# License for the specific language governing permissions and limitations
# under the License.
from neutron_lib.callbacks import registry
from neutron_lib import context
from oslo_log import log as logging
from vmware_nsx.shell.admin.plugins.common import constants
from vmware_nsx.shell.admin.plugins.common import utils as admin_utils
from vmware_nsx.shell.admin.plugins.nsxp.resources import utils as p_utils
import vmware_nsx.shell.resources as shell
from vmware_nsxlib.v3 import nsx_constants
LOG = logging.getLogger(__name__)
@admin_utils.list_handler(constants.NETWORKS)
@ -46,3 +52,36 @@ def list_networks(resource, event, trigger, **kwargs):
mappings,
attrs=['Project', 'Name', 'ID', 'NSX status'])
return bool(mappings)
@admin_utils.output_header
def update_admin_state(resource, event, trigger, **kwargs):
"""Upon upgrade to NSX3 update policy segments & ports
So that the neutron admin state will match the policy one
"""
nsxpolicy = p_utils.get_connected_nsxpolicy()
if not nsxpolicy.feature_supported(
nsx_constants.FEATURE_NSX_POLICY_ADMIN_STATE):
LOG.error("This utility is not available for NSX version %s",
nsxpolicy.get_version())
return
ctx = context.get_admin_context()
with p_utils.NsxPolicyPluginWrapper() as plugin:
# Inconsistencies can happen only if the neutron state is Down
filters = {'admin_state_up': [False]}
nets = plugin.get_networks(ctx, filters=filters)
for net in nets:
seg_id = plugin._get_network_nsx_segment_id(ctx, net['id'])
nsxpolicy.segment.set_admin_state(seg_id, False)
ports = plugin.get_ports(ctx, filters=filters)
for port in ports:
seg_id = plugin._get_network_nsx_segment_id(
ctx, port['network_id'])
nsxpolicy.segment_port.set_admin_state(seg_id, port['id'], False)
registry.subscribe(update_admin_state,
constants.NETWORKS,
shell.Operations.NSX_UPDATE_STATE.value)

View File

@ -52,6 +52,7 @@ class Operations(enum.Enum):
NSX_UPDATE_SECRET = 'nsx-update-secret'
NSX_UPDATE_RULES = 'nsx-update-rules'
NSX_UPDATE_DHCP_RELAY = 'nsx-update-dhcp-relay'
NSX_UPDATE_STATE = 'nsx-update-state'
NSX_ENABLE_STANDBY_RELOCATION = 'nsx-enable-standby-relocation'
NSX_UPDATE_IP = 'nsx-update-ip'
NSX_RECREATE = 'nsx-recreate'
@ -260,7 +261,8 @@ nsxp_resources = {
constants.SECURITY_GROUPS: Resource(constants.SECURITY_GROUPS,
[Operations.LIST.value]),
constants.NETWORKS: Resource(constants.NETWORKS,
[Operations.LIST.value]),
[Operations.LIST.value,
Operations.NSX_UPDATE_STATE.value]),
constants.ROUTERS: Resource(constants.ROUTERS,
[Operations.LIST.value,
Operations.UPDATE_TIER0.value,