4253 Commits

Author SHA1 Message Date
Kobi Samoray
2d5b7422ed NSXP: Update Octavia with object statuses
Send object updates about statuses: loadbalancers, listeners, pools, and members.

Change-Id: Ifd893818c2ddb1325f3bed9f618b72754ed0689f
2020-07-02 08:33:14 +00:00
Zuul
d366383af6 Merge "NSX|P: Fix listener create & update" 2020-07-02 07:50:23 +00:00
asarfaty
1aa1013e8e MP2P migration: Few fixes
- Migrate MDproxy with admin user
- When creating the dhcp server config post migration it should be done with
with the admin uer and not the openstack principle identity
- Select Tier1 locale-service id even if there is no edge cluster

Change-Id: I68c184d245e50e363bcf5b53ea71cce661ee7aa3
2020-07-01 17:13:33 +00:00
asarfaty
321d5f440d NSX|P: Fix listener create & update
Use tags to find the lb service id from the loadbalancer id

Change-Id: Ic6a756aaa98c27362d34f3eff488864a4eedd036
2020-07-01 16:46:42 +02:00
Zuul
b662977ca2 Merge "NSX|P: fix vlan interface removal" 2020-07-01 04:50:09 +00:00
Zuul
5e0c3bf18a Merge "NSX|P: Support update of listener with certificate" 2020-06-30 21:14:14 +00:00
asarfaty
99deb2275a NSX|P: fix vlan interface removal
replace indirect call the SR removal with a direct one
(The indirect call via _core_plugin also works)

Change-Id: Ie379cbda369f7d45818275294f10e05cb9a7ef3b
2020-06-30 15:12:01 +00:00
Zuul
f5fb20d1cd Merge "NSX|P: Fix handling LB member on external subnet" 2020-06-30 13:18:41 +00:00
asarfaty
b0550ef194 NSX|P: Fix handling LB member on external subnet
If the LB has an external vip, the member must have a local subnet-id
connected to a router with an uplink,
or the member must have an IP which is a FIP address

In addition, remove one leftover log, and remove a lock on router
id when it is None

Change-Id: Iefb492e43b5cc47a84ce82e4dfbcb0d1e5e6bffe
2020-06-30 08:26:58 +02:00
asarfaty
311eb4e175 NSX|P: Support update of listener with certificate
Change-Id: Ia32a61eae8456a6c8f0f475e9bcc58da88af29e1
2020-06-30 05:43:46 +00:00
asarfaty
60939ea1d0 MP2P migration: Add pre migration check
Before starting the migration, check for unsupported configurations
that will fail the migration.
Currently those include:
- Tier0 with BGP disabled and BGP rules
- DFW/Edge firewall sections witl 1500 rules or more

Change-Id: I702417c287b629844f2b8e1adda98b137e1ee9ff
2020-06-29 13:21:01 +02:00
asarfaty
b95e53a28d MP2P migration: improve logging
Add logfile option, use verbose to decide on logging level, and
add timestamp to logfile lines

Change-Id: I26a1d41b321044e7ba93a44f4ae6f083af3fe1ed
2020-06-29 11:56:59 +02:00
asarfaty
1891dbc1dd MP2P migration support for LB certificates
Add migration of LB certificates + some more minor fixing

Change-Id: I67dc0dc5f7b09c147a2a4715f6240a8a0556e565
2020-06-28 12:33:21 +02:00
Adit Sarfaty
0bad4876dc T2P migration
This patch will allow moving neutron from using the nsx_v3 plugin to the nsx_p plugin.
This includes:
- admin utility to move all resources to the policy api:
  nsxadmin -r nsx-migrate-t2p -o import (--verbose)
  This utility will:
  -- Migrate all neutron used & created resource using the nsx migration api
  -- roll back all resources in case it failed
  -- post migration fix some of the policy resources to better match the expectation
     of the policy plugin
- admin utility that will cleanup left overs in the nsx_v3 db:
  nsxadmin -r nsx-migrate-t2p -o clean-all
  (can be used, but everything should work without calling it as well)
- Some minor changes to the policy plugin and drivers to allow it to handle migrated resource
  which are a bit different than those created with the policy plugin
  -- Delete DHCP server config once a migrated network is deleted
  -- Update LB L7 rules by their name suffix as their full display name is unknown

Change-Id: Ic17e0de1f4b2a2d95afa61ce33ffb0bc9e667b89
2020-06-23 09:03:23 +00:00
Zuul
bc54e93478 Merge "NSX|V: Fix init connectivity validation" 2020-06-22 15:01:29 +00:00
asarfaty
4effe88ac6 NSX|V: Fix init connectivity validation
1. Make the validation optional (If False - only log the warnings)
2. Validate each resource against all clusters and fail only if not
   connected to any

Change-Id: I9abd091fc42d4dbe22e1b806df4d9131ab054726
2020-06-22 11:46:05 +02:00
asarfaty
3f6653d7f9 NSX|V3+P: prevent overlapping address pairs
Change-Id: Ic5c1cad47a5b646a1404b3bd94f11922598268c4
2020-06-21 16:15:18 +00:00
asarfaty
419b3b56c1 Fix default args in nsxadmin
Commit I0c75f0a616d8016a840611edab1e3b3edb53c4ad removed
the selected -r / -o by mistake

Change-Id: I2b017e3642f07908086a46baf9fe1c6cc8544fb1
2020-06-21 10:22:01 +02:00
Zuul
d8aa8db80c Merge "Support custom config files in admin utilities" 2020-06-20 05:08:05 +00:00
Zuul
367773a8e5 Merge "NSX|V3+P: Fix listener creation when LB has no name" 2020-06-19 14:36:09 +00:00
Zuul
23d54dae93 Merge "Catch nsgroup deletion exceptions and log" 2020-06-19 09:45:55 +00:00
Zuul
2ec54160a2 Merge "NSX|P: Use silent gets for neutron nsx profiles get" 2020-06-19 09:45:54 +00:00
Zuul
9bcbee31bc Merge "NSX|P: use edge nodes nsx ids for validation" 2020-06-18 14:36:40 +00:00
asarfaty
fdd9681740 NSX|V3+P: Fix listener creation when LB has no name
Change-Id: Idaa39e140a724d01892e6c29a914d47ec4f5b18a
2020-06-18 15:36:55 +02:00
asarfaty
8f23198533 NSX|P: Use silent gets for neutron nsx profiles get
Change-Id: Id461029d07d217f1cc7e0ef52f9fcfefc604f71c
2020-06-18 12:34:39 +00:00
asarfaty
ed6bd1f4e9 Support custom config files in admin utilities
The admin utilities usually run with the default config files:
/etc/neutron/neutron.conf and /etc/neutron/plugins/vmware/nsx.ini

In order to run it with custom files you can use:
nsxadmin --config-file <neutron conf path> --config-file <nsx conf path>

Change-Id: I0c75f0a616d8016a840611edab1e3b3edb53c4ad
2020-06-18 13:37:50 +02:00
asarfaty
2866341f7c NSX|P: Remove redundent logs when updating fwaas groups
Change-Id: Ia814adae63c76c1e54c55ba98ea51a4d569eeeb1
2020-06-16 09:35:26 +02:00
asarfaty
4a0b872d77 Catch nsgroup deletion exceptions and log
Commit I475a5c984aed7b6cae26951e64971ec463a43c5e
changed the error handling of this api, so the plugin  will need to handle the errors

Change-Id: I1ba3d0a64793674c97c62f6ff26fa00e34a7c4fe
2020-06-15 16:31:24 +02:00
asarfaty
f741e10ba4 Remove FWaas rules table from migration unit tests
Change-Id: I4d9480f1e4d9b71c0afebe6c9fa4b067f7bc5bc4
2020-06-15 11:11:29 +02:00
asarfaty
b132650794 NSX|P: use edge nodes nsx ids for validation
In some cases the edge policy ids are different from the nsx ids.
Since validation is using those ids with the nsxlib objects, the nsx ids
should be used.

In addition - Do not fail plugin init or neutron action when failing to get
the transport nodes. Just issue a warning

Change-Id: I080ac86b1cebf66f11749c5256d1885a9bc7ef9f
2020-06-10 10:43:00 +02:00
asarfaty
04c79ec662 NSX|P: update dhcp config on segent subnet
Make sure to set the DHCP config only if there is a dhcp server ip.
Missing ip can happen during the process of deleting a subnet.

Change-Id: I1e8071935a01a7e07732c5033744f74769210043
2020-06-09 11:51:11 +02:00
asarfaty
a29d498b49 NSX|V3+P: Support ipv4 CIDR in allowed address pairs
Change-Id: Ifabf9451cd0d530677c8cb7da7d76a6878e5fae5
2020-06-07 10:37:43 +00:00
Zuul
8a7ec0d50b Merge "NSXV: allow DHCP reply on DHCP edges" 2020-06-04 06:34:06 +00:00
Kobi Samoray
279b3ef225 NSXT LB: handle listener deletion failures
When deleting a listener which doesn't exist in the backend, the call
shouldn't fail but delete from OpenStack DB and issue an error to the
log file.

Change-Id: I1ee816d82986a651ea2889b1a4a74889e8724dbb
2020-06-02 08:31:45 +00:00
Zuul
edee4c60cf Merge "NSX|P: Add validation for subnet GW" 2020-06-01 08:50:00 +00:00
asarfaty
4cd75be66f NSX|P: Add validation for subnet GW
Upon sunbet update and create, validate that the GW:
- has the same ip versions the network
- is part of the network
- In case of ipv6, match the NSX limitations

Change-Id: I21ef0a313569e8d025fe31c934c57ce2d54f2fec
2020-06-01 07:07:44 +00:00
asarfaty
4c18521905 NSX|V3+P: Validate allowed address pairs ipv6 cidr
Change-Id: Ib9085da9ff64c81d45d7e2a2c1a5542ab69bcaa9
2020-05-28 11:59:50 +02:00
Zuul
2918ce6e52 Merge "NSX|P: Support different mac format in address pairs" 2020-05-25 06:50:35 +00:00
asarfaty
0da0159c38 Remove some unused DB modles and apis
Change-Id: If03beaecf596f4cb1b02f6059f6db2b9e88d913e
2020-05-24 11:31:03 +02:00
asarfaty
78bc475584 NSX|P: Support different mac format in address pairs
Change-Id: I33b161a67c7eed0f13405e508919650ebc9a31f1
2020-05-24 11:14:42 +02:00
Kobi Samoray
22e494f2b5 NSXV: allow DHCP reply on DHCP edges
Work around DHCP edge's behavior where firewall is blocking DHCP unicast
replies.

Change-Id: I2ed3de8d665166fed3bc42da56d2a180b070ca0d
2020-05-21 18:47:54 +03:00
asarfaty
97c00a3ebb NSX|P: support multiple loadbalancers on a router
The loadbalancers using the router LB service will be marked on
a new tag on the NSX service.

Also adin an admin utility to update existing Lb services with the tag.

Change-Id: I6c38b45e4d683681a6915fd07ca296264c7d2495
2020-05-17 05:03:21 +00:00
asarfaty
12391dfc56 NSX|V3+P: Fix nsx-net provider network creation
There is no need to validate the nsx provider network
(LS/segment already created on the NSX) against the MDproxy

Change-Id: I375c2cf81a3cf82c5954b6f5898e51e9fde661e9
2020-05-14 06:02:17 +02:00
Zuul
2488822f65 Merge "Fix admin utils quota issue" 2020-05-13 11:02:33 +00:00
asarfaty
00f7facea9 Fix admin utils quota issue
Commit I7e68c9d0e40e03c0e3e708e04c996fdceed56df4 fixed the sg rule quota
issue in the admin utilities tests, instead of in their mock plugins

Change-Id: I95b6411e960c62def3bbc6a9d7b6cdd92fc4aa92
2020-05-13 05:49:16 +02:00
Zuul
72f8b3ae51 Merge "Update DB migrations & release notes for releasing Ussuri" 2020-05-12 16:36:28 +00:00
Zuul
851cae9b05 Merge "Monkey patch original current_thread _active" 2020-05-12 16:36:26 +00:00
Zuul
d830e5569b Merge "NSX|P: Support fip ips in FWaaS groups" 2020-05-12 13:34:33 +00:00
asarfaty
55692f6534 Update DB migrations & release notes for releasing Ussuri
Change-Id: I9c8868ddcc744b2f38457af7560d10bcf44ab507
2020-05-12 08:40:45 +00:00
asarfaty
de74c89efb Fix pep8 issues
Change-Id: Ic22f30bb19ed23bafbdd2fbbe514d9286b418cab
2020-05-12 08:09:36 +02:00