The neutron standard-attr-description is not working with NSX
plugins for security group rules. It seems that when the extension
is loaded the relevant DB model class is not yet available.
To address this problem, this change explictly adds a resource
extender function for the NSX plugin to add the description field
to ecurity groups rule responses.
This patch adds an operation for the NSX-V and two operations for
the NSX-T plugin. The goal of these operation are:
- Find routers without any downlink. They cannot be migrated and
should be removed before migration to NSX-T.
- Patch and restore Neutron routers without gateway. For N/S
cutover, each router must have a T0 uplink or an SR. The 'fixup'
operation ensures the NSX T1 routers for these neutron routers
will have a T0 uplink. (They surely do not have a SR).
The 'restore' operation returns T1 routers to their original state.
In some cases deletion might fail because a segment port
is still reported as attached.
This change will ensure the operation is retried so it
This change ensures the LB pool for a router is updated
according to the LB size when attaching a load balancer to
it. Implemented only for API replay cases on NSX Policy.
Add a --ignore-errors CLI options to preserve the current behaviour
where API replays completes all operations and then reports errors.
When --ignore-errors is not set, API replay will fail and quit
at the first error.
Also fixes help string for enable_barbican option.
During port deletion on the backend, we remove profile bindings and
then the actual port. If for any reason a binding is not found, the
process should still proceed to delete remaining resources up to
the segment port.
This change fixes this behaviour, as the code was instead returning
as soon an object was not found.
This change leverages a new NSX client method, patch_entries.
This method does not require all rules to be in the request body.
We can therefore save a DB operation, and submit a much smaller
payload. NSX responses are also much faster.
In addition, this routine ensure the DB record for a security
group rule is removed if the creation of the same rule fails at
the NSX backend.
Add the options to detect and cleanup loadbalancer services which are
allocated in NSX but do not exist in Octavia.
The orphaned loadbalancer services prevents routers from being deleted
and therefore should be cleaned up prior to the router deletion.
Introduce a new configuration option - windows_metadata_route.
Specifies whether an explicit route for metadata proxy access
on windows should be added.
The default value will be True for backward compatibility.
This option will need to be set to False for some guest OSes such
as RHEL8 as a duplicate metadata route can cause failures while
setting up networking.
This change replaces remaining occurences of the notify method with
calls to the publish method.
As NSX admin utilities heavily rely on callbacks, this change also
ensures that all callbacks are now accepting event payloads rather
If a NSX-T segment is not realized, the plugin will currently
return a null value for the corresponding logical switch id.
This leads nova to boot VMs with an incorrect network attachment.
This change ensures the null value is not cached for the neutron
If the multiple address bindings fall in the same CIDR, we should be
careful in verifying that the corresponding entry has not already
been removed from the binding list
When provider security groups are removed, the corresponding
bindings could have already been removed by
This change ensures binding deletion is done only when needed,
and avoids failures in case the bindings have already been
Due to removal of deprecated attributes from NSX APIs, the routine
for checking VLAN overlap with uplink transport needs to be amended
to search for transport zone in host switch info.
This change also optimizes the process by avoiding fetching the same
profile multiple times.
If a tier0 already exists in policy its identifier should still be used
for handling uplinks for tier1 routers.
Currently the routine is simply ignoring these tier0 routers.