92 Commits

Author SHA1 Message Date
Adit Sarfaty
34f3ee275e nsxlib refactor: config + neutron deps
1. new config class was added to allow all the classes to use the same object
2. removing dependencies of the neutron project in nsxlib code & tests

Change-Id: I15ace2ab60c1e4307d7076426c48ecc7a242e792
2016-09-30 21:00:52 +03:00
Adit Sarfaty
701de5c48f nsxlib refactor - add hierarchy to the nsxlib apis
Separating the nsxlib apis into sub classed like
firewall, nsgroup, logical router, in order to make the api simpler

Change-Id: If67fae83515bd9e72aba116a78bb6afce1fe1ab9
2016-09-30 20:44:32 +03:00
Adit Sarfaty
40e5810d1d nsxlib refactor - remove cfg usage
Accessing the nsx configuration should be done only outside of the nsxlib
or nsxlib tests

Change-Id: I8dc1079c11212e4d5691c07e88338f49cfa89430
2016-09-30 20:20:42 +03:00
Adit Sarfaty
a7b5bfafcc nsxlib refactor continue
- separate nsxlib/v3 constants and utils from the common ones
- separate the nsxlib/v3 tests
- update the nsxlib tests to cover create_firewall_rules
- remove all of the DB calls from the nsxlib/v3
- merge security & dfw_api classes

To be done in future patches:
- Avoid using the nsx configuration values directly
- Improve nsxlib interface (as Aaron suggested in If2fe1e014b78703ff0a9cdff1e4e8d45f3a4a16d)

Change-Id: I43257f557ce1e98b4f64b8157d723cc84ea58c2b
2016-09-29 15:59:13 +03:00
Abhishek Raut
ff5ebec12c NSXv3: Add support for trunk service driver
This patch adds support for trunk extensions in the NSXv3
plugin.
Now you can create trunk and subports which map to CIF
on the backend.
i.e. trunk port <-> parent port and subport <-> child port
on the backend.
If backend fails to update subports, the status of trunk will be set
to ERROR.

Use OSC commands for trunk CRUD operations.
For e.g.
Create trunk with a subport:
openstack network trunk create --parent-port <parent-port>
    --subport port=child-port,segmentation-type=vlan,segmentation-id=200
    TRUNK_NAME

Delete trunk:
openstack network trunk delete TRUNK_NAME

Change-Id: Iedd47d868d803ca8c52856554885fd7d14668924
2016-09-11 04:03:12 -07:00
Adit Sarfaty
1735b290b2 NSX|V fix IPAM driver log message format
Change-Id: I6064e78b1b970b853b8030dab8e9ba5b2d7fefda
2016-09-09 05:15:59 +00:00
Jenkins
00392d196a Merge "[NSXv3]: get_floatingips filter must pass a list of ports" 2016-09-08 04:47:52 +00:00
Abhishek Raut
3a1c0daab4 [NSXv3]: get_floatingips filter must pass a list of ports
Filters accept list of ports in the query instead of a single
port id. This led to get_floatingips returning empty list
even if a floating ip exists for a given port.
This patch removes the redundant get_floatingips method and
passes a list instead of a single item in TaaS driver.

Change-Id: I349f9ad16edb4e5069c70d209ccd7537f59620ec
2016-09-07 01:10:40 -07:00
Adit Sarfaty
d2e50bdfb7 NSX|v IPAM support for external & provider networks
For IPv4 external networks and provider networks, NSX-V plugin will use
the NSX-V backend IPAM.
To enable this option set 'ipam_driver = vmware_nsxv_ipam' in the
neutron.conf

Change-Id: Icdc3e7d24dac08a29f045f10fcea9ec4496b8446
2016-09-06 12:32:57 +03:00
Abhishek Raut
c3b287d4b8 [NSX|v3]: L2gateway fails to start when Bridge cluster configured
Recent change If2fe1e014b78703ff0a9cdff1e4e8d45f3a4a16d
broke L2GW driver for NSXv3. This patch makes sure that the driver
starts and creates bridge clusters using the new nsxlib.
This patch adds a callback to create default l2 gw after the core
plugin is initialized.

Change-Id: Iced699b13e265f515c23fcc952ba9bb1e64b5762
2016-08-28 04:12:09 -07:00
Abhishek Raut
58dc54f52a NSXv3: Fix tap-flow-create to use floating IP of destination port
This patch changes the workflow for L3 SPAN such that the destination
port must have a L3 reachable IP address i.e. a floating IP so that
L3 SPAN can work. Unit tests will be added in a separate patch.

Change-Id: Ie0c2aed71988cbbd9cba60bb1fcb1ec30d0b4bc4
2016-08-27 10:06:15 -07:00
Jenkins
f41ef9b532 Merge "QoS integration - callbacks should support a list of policies" 2016-08-25 12:28:46 +00:00
Kobi Samoray
0397bf4b61 NSXv: remove LBaaSv1 code
LBaaSv1 has been removed in the N cycle and therefore we can drop the
driver code.

Change-Id: I47c928ede14695b4a793aaf3beedc88ff27186a1
2016-08-25 12:47:57 +03:00
Jenkins
ae99f81100 Merge "NSX-V service insertion fix callback registry" 2016-08-24 21:23:19 +00:00
Jenkins
b9110c70e1 Merge "NSXv: LBaaSv2 shared pools" 2016-08-23 05:14:51 +00:00
Kobi Samoray
4383b9d391 NSXv: LBaaSv2 shared pools
Support shared pool fuctionality of LBaaSv2 for NSXv driver.

Change-Id: If3368b341658fe0f6073d19e6d2ca2eadb2222d3
2016-08-22 10:09:30 +03:00
Adit Sarfaty
1e2ba282ce api_reply support for QoS migration
Copy QoS policies and rules from source setup to destination (NSX-V3) client
And also copy network/port policy-id.

Change-Id: I76ec0ceefe618e9bf6ea7cf61bcdb07c4edbdddb
2016-08-22 08:14:38 +03:00
Adit Sarfaty
fc26f83d5d NSX-V service insertion fix callback registry
For the initialization of the service insertion, we need the
"before spawn" callback added in I249ba32dede16e61b1c757a8010dac610484da4f

Change-Id: Ifde507b7c9be7f6a12c02ca3a93079751d803b1a
2016-08-21 08:23:28 +00:00
Aaron Rosen
86118f6692 nxv3: mass refactor of nsxlib
This patch refactors the current codebase to be more modular
and testable. The main changes are:

  - pull out all of the profile setup logic from the __init__
    method to it's own method _init_nsx_profiles method to make
    testing the code easier.

  - refactors the nsxlib.v3 code to break out all neutron related
    exceptions and cleans up the interface so we can make nsxlib.v3
    it's own standalone library eventually.

To improve:

  - Currently we have nsxlib.v3.dfw_api and nsxlib.v3.firewall,
    we should refactor this code and merge them into one file.

  - refactor nsxlib to section of each api component to it's own
    subclass. For example, nsxlib().port.create() rather than
    nsxlib().create_port(). I think this would be most useful
    for the security group/firewall integration as there are many
    methods there that are needed to interface with nsx as the security
    group feature is requires the most orchestration with nsx.
    Breaking them into a sub class will make things more easy to understand.

Change-Id: If2fe1e014b78703ff0a9cdff1e4e8d45f3a4a16d
2016-08-19 12:28:20 +00:00
Adit Sarfaty
466bde4b40 QoS integration - callbacks should support a list of policies
Patch I1117925360a29ecbd1902fa527b2f24f94ce81ec changed the QoS
callbacks api - instead of a single policy, it now receives a list

Change-Id: Icd598fca250aa6812066a816b82b6930cd8a0283
2016-08-12 07:14:39 +00:00
Jenkins
458a652fc2 Merge "[NSXv3]: Add support for L3SPAN" 2016-08-09 07:01:59 +00:00
Jenkins
64bf0e0b87 Merge "NSX|V+V3: Fix QoS peak bandwidth calculation" 2016-08-05 05:18:30 +00:00
Abhishek Raut
3eb8e148d4 [NSXv3]: Add support for L3SPAN
This patch adds support for L3SPAN to the existing tap as a service
NSXv3 driver.
If the source and destination port are not on the same host,
the mirror session is L3SPAN. Backend supports L3SPAN with
SwitchingProfiles of type PortMirroring. Hence, creation of a
tap-flow will result in creation of a switching profile with the
destination port's IP address and then updates the source port
with this newly created switching profile.

Change-Id: I74ea40f8b9c9d1c343a4d9681c3a9ec77b521b6e
2016-07-29 07:55:06 -07:00
Adit Sarfaty
1ace535aa8 Service Insertion remove networking-sfc import
The service insertion utils used the networking-sfc for one constant only.
Removing this makes NSX|V3 and also NSX|V that doesn't use the service
insertion driver to not need to clone the networking-sfc code.

Change-Id: Id3cd19e91547b92f90117a716d2f40a835c0922b
2016-07-21 09:29:02 +03:00
Adit Sarfaty
2576e7dddd NSX|V+V3: Fix QoS peak bandwidth calculation
The NSX backend supports configuration of Peak Bandwidth, but if it is the same
as the average bandwidth, bursts are not allowed.
To fix this, we added a new configuration multiplier that will be used to
calculate the peak bw out of the neutron max bw.

Change-Id: I38ca66dfccdf09aca2ea31015174f0615cf83656
2016-07-20 17:19:03 +00:00
Adit Sarfaty
2f2d770b9b NSX|V add edge_ha per availability zone
Support different edge_ha flag per availability zone

Change-Id: Iff1b9d76a62d23d600b57ad83d868c4de2b04ee9
2016-07-20 10:58:49 +03:00
Jenkins
c2084fa43b Merge "NSX|v service insertion handle upgrade" 2016-07-19 20:05:51 +00:00
Jenkins
21001d4174 Merge "NSX-V Service insertion support" 2016-07-19 20:05:45 +00:00
Adit Sarfaty
7a260dd549 NSX|v Add default availability zone to l2 gateway router creation
L2 gateway router creation needs to get the default availability zone
Also added missing tests for this router creation

Change-Id: I27e519f016d6f0da513d6baedaaff441a99ca7dc
2016-07-19 15:20:42 +03:00
Jenkins
24ecb6d26a Merge "[NSXv3]: Tap-as-a-Service NSXv3 driver" 2016-07-14 20:48:05 +00:00
Adit Sarfaty
8451309333 NSX|v service insertion handle upgrade
When the service insertion is first enabled, and a security group is created,
the plugin should do 2 things to allow the user to start working with service
insertion immediately:
1. Add all the current compute ports (VMs) to service insertion security group.
2. Depending on the configuration, the driver will create any->any flow classifier entry,
   and any->any redirect rule at the backend so all the traffic will be redirected
   to the security partner.

DocImpact: new nsxv configuration: service_insertion_redirect_all
In True the plugin will create a rule to redirect all the traffic to the security partner.

Change-Id: I2d45f4db821e205ccb09f02e2579d05c938c2658
2016-07-13 11:29:58 +03:00
Adit Sarfaty
ce9003f498 NSX-V Service insertion support
The service insertion feature allows us to redirect some of the NSX traffic to an external
security vendor like Palo-Alto or checkpoint for advanced inspection.

The implementation contains:
Enable the flow classifier plugin, and use it to create redirect rules on NSX
When the flow classifier plugin is initialized a new security group is created
and added to the configured service profile

When a vm port with port security is created/updated, it is added to this security group
When the admin user create a flow classifier entry, a backed redirect rule will be created.

DocImpact: new NSXV Configuration parameters:
service_insertion_profile_id = <service profile id, i.e. serviceprofile-1>

DocImpact: The flow classifier methods should be added to the policy.json as admin only

Change-Id: I67a132d4b35764c6940516a8365a2749d574aad2
2016-07-13 11:29:05 +03:00
Jenkins
e64909eac9 Merge "Update gate logic" 2016-07-13 07:37:47 +00:00
Adit Sarfaty
ffacfe0b24 Integrate QoS constants change
patch I4f10ef3c1cbaa2a868de2b8e3abc4c39eb1f44c7 broke our code

Change-Id: Ib24866e9e2f4d3f0412cc2e793ecb4711cb10732
2016-07-13 08:22:08 +03:00
Boden R
28c14f567e Update gate logic
As bug 1568706 uncovered, we were using zuul-cloner
in our gate jobs; this was preventing our translation from
syncing.

After digging into this issue a number of changes in this
associated logic were found to not be in sync with neutron.
This patch updates out tox/tools logic to follow that of neutron.
In addition this patch fixes any pylint checks that were failing to
make pep8 pass.

IMPORTANT:
Please review closely, not only to the tools/tox updates but also
to the ignored pylint checks in the code. We only want to disable
checks where appropriate.

Change-Id: I6c5fee3ca3073ad079eac1636cc3b9ec45926a68
Closes-Bug: #1568706
2016-07-12 09:05:22 -06:00
Abhishek Raut
f0de138e87 Fix README file for better readability
TrivialFix

Change-Id: Ia1b5ea2eb23ca0636a116c12dc6015e24383a9f0
2016-07-09 21:55:43 -07:00
Abhishek Raut
00610df088 [NSXv3]: Tap-as-a-Service NSXv3 driver
This patch adds support for Port Mirroring feature for
NSXv3 plugin. This driver implements the Tap-as-a-Service
APIs and maps the tap-flow and tap-service resources
to backend PortMirroring objects.

Closes-Bug: #1598318
Change-Id: I5719fbbacfd3ec39250c59ec73cac2dc84af596d
2016-07-09 13:41:39 -07:00
Aaron Rosen
c7ac488a5f python3: make unit tests pass
now all tests pass with tox -epy34

Depends-On: I5894485e55c04a8ca69825128798227714550c9d

Change-Id: I719a6cddcbe7f2b7a15bcd35375075affc2513b8
2016-07-07 14:42:35 -07:00
Kobi Samoray
1f8c1d6e3b NSXv: Fix failure in lbaas edge selection
When LBaaS attempts to find an Edge which can host a loadbalancer,
it fails when a network is attached to a VDR, since VDRs have no
router_type attribute.

Change-Id: Ib54728158d438fc0284756d20e8e5e28ddd60986
2016-07-07 15:45:53 +03:00
Abhishek Raut
ecbed5d940 [NSX|V|V3]: Refactor NSX-V L2 Gateway driver
Commit Ib56ee8bfd182c031e468c503acb0cd75daea8c40 refactored code
in L2 gateway base plugin. This patch removes unused NSX plugin
code and makes appropriate changes to NSX-V driver.

This patch also adds a couple of update_l2_gateway methods to
both NSX|V and NSX|V3 L2GW drivers. These methods are added
since the base plugin expects the driver to define them.

Change-Id: Ifda5401ec5134268b8a9c3276ed7abf4cf8874aa
Partial-Bug: #1591413
2016-05-13 07:15:50 -07:00
Adit Sarfaty
2adc6d8c61 NSX-v QoS - fix refactor integration to use the correct api
Commit b3ca00f7a603d3f1763c7a031baf476b85f790bc used the wrong api to get
the Qos policy rules

Change-Id: Id1fcfb0b7fd363442615271530b9040329b792c5
2016-06-23 06:33:20 +00:00
Abhishek Raut
6080794f94 [NSXv3]: Refactor v3 L2 Gateway driver
Commit Ib56ee8bfd182c031e468c503acb0cd75daea8c40 refactored code
in L2 gateway base plugin. This patch makes appropriate changes
in NSX plugin and v3 driver.

Change-Id: I45d546e59e99d49d2a9b18258af94d90e91333ca
Partial-Bug: #1591413
2016-05-09 20:58:57 -07:00
Jenkins
a7c423ef58 Merge "NSX-V: support qos policy in network get" 2016-06-05 19:40:12 +00:00
Jenkins
3cd42d8af7 Merge "LBaaSv1: Delete LB objects when backend is broken" 2016-06-05 15:48:30 +00:00
Kobi Samoray
a635d0291d LBaaSv1: Delete LB objects when backend is broken
When backend if inconsistent with the Neutron DB, we should still be
able to delete the pool, VIP bojects, while posting a proper error
message.

Change-Id: Ib08148dcc7219077920bc4629b99e13c4447f345
2016-06-05 11:09:41 +00:00
Kobi Samoray
5a3008b75b LBaaSv2: Delete LB even when backend is broken
When backend if inconsistent with the Neutron DB, we should still be
able to delete the LB, while posting a proper error message.

Change-Id: Ice5b2bba255297711a620f61e75cafce0115ae93
Fixes-bug: #1663602
2016-06-05 11:09:25 +00:00
Adit Sarfaty
b05f9d533c NSX-V: support qos policy in network get
Return the policy id when getting a network

Change-Id: Ib3dbf3910dc1299a8b916788810d3e7ef024a4e8
2016-06-05 11:07:51 +00:00
Gary Kotton
584b2bd6a3 QoS refactor required changes
Commit b3ca00f7a603d3f1763c7a031baf476b85f790bc broke the
implementation.

Change-Id: Id8d686658c8943ccc3ab2c643f84aae83bdbdef1
2016-05-28 23:44:57 -07:00
Adit Sarfaty
b939e84255 Add README for the NSX QoS service
To make the integration easier, also add translation
for the use_dvs_features from the local.conf

Change-Id: I9ac7c06171f3055d52ba28de05afd09bcaa6f5ba
2016-05-19 09:30:25 +03:00
Adit Sarfaty
16200ab377 NSX|V3 QoS DSCP marking support
Adding support for the QoS DSCP marking rules for ports & networks,
and updating the backend QoS switching profile

Change-Id: I852ad20965c78c2d6011d350ca4f226f462d03fd
2016-05-15 09:15:02 +03:00