1. new config class was added to allow all the classes to use the same object
2. removing dependencies of the neutron project in nsxlib code & tests
Change-Id: I15ace2ab60c1e4307d7076426c48ecc7a242e792
Separating the nsxlib apis into sub classed like
firewall, nsgroup, logical router, in order to make the api simpler
Change-Id: If67fae83515bd9e72aba116a78bb6afce1fe1ab9
- separate nsxlib/v3 constants and utils from the common ones
- separate the nsxlib/v3 tests
- update the nsxlib tests to cover create_firewall_rules
- remove all of the DB calls from the nsxlib/v3
- merge security & dfw_api classes
To be done in future patches:
- Avoid using the nsx configuration values directly
- Improve nsxlib interface (as Aaron suggested in If2fe1e014b78703ff0a9cdff1e4e8d45f3a4a16d)
Change-Id: I43257f557ce1e98b4f64b8157d723cc84ea58c2b
This patch adds support for trunk extensions in the NSXv3
plugin.
Now you can create trunk and subports which map to CIF
on the backend.
i.e. trunk port <-> parent port and subport <-> child port
on the backend.
If backend fails to update subports, the status of trunk will be set
to ERROR.
Use OSC commands for trunk CRUD operations.
For e.g.
Create trunk with a subport:
openstack network trunk create --parent-port <parent-port>
--subport port=child-port,segmentation-type=vlan,segmentation-id=200
TRUNK_NAME
Delete trunk:
openstack network trunk delete TRUNK_NAME
Change-Id: Iedd47d868d803ca8c52856554885fd7d14668924
Filters accept list of ports in the query instead of a single
port id. This led to get_floatingips returning empty list
even if a floating ip exists for a given port.
This patch removes the redundant get_floatingips method and
passes a list instead of a single item in TaaS driver.
Change-Id: I349f9ad16edb4e5069c70d209ccd7537f59620ec
For IPv4 external networks and provider networks, NSX-V plugin will use
the NSX-V backend IPAM.
To enable this option set 'ipam_driver = vmware_nsxv_ipam' in the
neutron.conf
Change-Id: Icdc3e7d24dac08a29f045f10fcea9ec4496b8446
Recent change If2fe1e014b78703ff0a9cdff1e4e8d45f3a4a16d
broke L2GW driver for NSXv3. This patch makes sure that the driver
starts and creates bridge clusters using the new nsxlib.
This patch adds a callback to create default l2 gw after the core
plugin is initialized.
Change-Id: Iced699b13e265f515c23fcc952ba9bb1e64b5762
This patch changes the workflow for L3 SPAN such that the destination
port must have a L3 reachable IP address i.e. a floating IP so that
L3 SPAN can work. Unit tests will be added in a separate patch.
Change-Id: Ie0c2aed71988cbbd9cba60bb1fcb1ec30d0b4bc4
Copy QoS policies and rules from source setup to destination (NSX-V3) client
And also copy network/port policy-id.
Change-Id: I76ec0ceefe618e9bf6ea7cf61bcdb07c4edbdddb
For the initialization of the service insertion, we need the
"before spawn" callback added in I249ba32dede16e61b1c757a8010dac610484da4f
Change-Id: Ifde507b7c9be7f6a12c02ca3a93079751d803b1a
This patch refactors the current codebase to be more modular
and testable. The main changes are:
- pull out all of the profile setup logic from the __init__
method to it's own method _init_nsx_profiles method to make
testing the code easier.
- refactors the nsxlib.v3 code to break out all neutron related
exceptions and cleans up the interface so we can make nsxlib.v3
it's own standalone library eventually.
To improve:
- Currently we have nsxlib.v3.dfw_api and nsxlib.v3.firewall,
we should refactor this code and merge them into one file.
- refactor nsxlib to section of each api component to it's own
subclass. For example, nsxlib().port.create() rather than
nsxlib().create_port(). I think this would be most useful
for the security group/firewall integration as there are many
methods there that are needed to interface with nsx as the security
group feature is requires the most orchestration with nsx.
Breaking them into a sub class will make things more easy to understand.
Change-Id: If2fe1e014b78703ff0a9cdff1e4e8d45f3a4a16d
Patch I1117925360a29ecbd1902fa527b2f24f94ce81ec changed the QoS
callbacks api - instead of a single policy, it now receives a list
Change-Id: Icd598fca250aa6812066a816b82b6930cd8a0283
This patch adds support for L3SPAN to the existing tap as a service
NSXv3 driver.
If the source and destination port are not on the same host,
the mirror session is L3SPAN. Backend supports L3SPAN with
SwitchingProfiles of type PortMirroring. Hence, creation of a
tap-flow will result in creation of a switching profile with the
destination port's IP address and then updates the source port
with this newly created switching profile.
Change-Id: I74ea40f8b9c9d1c343a4d9681c3a9ec77b521b6e
The service insertion utils used the networking-sfc for one constant only.
Removing this makes NSX|V3 and also NSX|V that doesn't use the service
insertion driver to not need to clone the networking-sfc code.
Change-Id: Id3cd19e91547b92f90117a716d2f40a835c0922b
The NSX backend supports configuration of Peak Bandwidth, but if it is the same
as the average bandwidth, bursts are not allowed.
To fix this, we added a new configuration multiplier that will be used to
calculate the peak bw out of the neutron max bw.
Change-Id: I38ca66dfccdf09aca2ea31015174f0615cf83656
L2 gateway router creation needs to get the default availability zone
Also added missing tests for this router creation
Change-Id: I27e519f016d6f0da513d6baedaaff441a99ca7dc
When the service insertion is first enabled, and a security group is created,
the plugin should do 2 things to allow the user to start working with service
insertion immediately:
1. Add all the current compute ports (VMs) to service insertion security group.
2. Depending on the configuration, the driver will create any->any flow classifier entry,
and any->any redirect rule at the backend so all the traffic will be redirected
to the security partner.
DocImpact: new nsxv configuration: service_insertion_redirect_all
In True the plugin will create a rule to redirect all the traffic to the security partner.
Change-Id: I2d45f4db821e205ccb09f02e2579d05c938c2658
The service insertion feature allows us to redirect some of the NSX traffic to an external
security vendor like Palo-Alto or checkpoint for advanced inspection.
The implementation contains:
Enable the flow classifier plugin, and use it to create redirect rules on NSX
When the flow classifier plugin is initialized a new security group is created
and added to the configured service profile
When a vm port with port security is created/updated, it is added to this security group
When the admin user create a flow classifier entry, a backed redirect rule will be created.
DocImpact: new NSXV Configuration parameters:
service_insertion_profile_id = <service profile id, i.e. serviceprofile-1>
DocImpact: The flow classifier methods should be added to the policy.json as admin only
Change-Id: I67a132d4b35764c6940516a8365a2749d574aad2
As bug 1568706 uncovered, we were using zuul-cloner
in our gate jobs; this was preventing our translation from
syncing.
After digging into this issue a number of changes in this
associated logic were found to not be in sync with neutron.
This patch updates out tox/tools logic to follow that of neutron.
In addition this patch fixes any pylint checks that were failing to
make pep8 pass.
IMPORTANT:
Please review closely, not only to the tools/tox updates but also
to the ignored pylint checks in the code. We only want to disable
checks where appropriate.
Change-Id: I6c5fee3ca3073ad079eac1636cc3b9ec45926a68
Closes-Bug: #1568706
This patch adds support for Port Mirroring feature for
NSXv3 plugin. This driver implements the Tap-as-a-Service
APIs and maps the tap-flow and tap-service resources
to backend PortMirroring objects.
Closes-Bug: #1598318
Change-Id: I5719fbbacfd3ec39250c59ec73cac2dc84af596d
When LBaaS attempts to find an Edge which can host a loadbalancer,
it fails when a network is attached to a VDR, since VDRs have no
router_type attribute.
Change-Id: Ib54728158d438fc0284756d20e8e5e28ddd60986
Commit Ib56ee8bfd182c031e468c503acb0cd75daea8c40 refactored code
in L2 gateway base plugin. This patch removes unused NSX plugin
code and makes appropriate changes to NSX-V driver.
This patch also adds a couple of update_l2_gateway methods to
both NSX|V and NSX|V3 L2GW drivers. These methods are added
since the base plugin expects the driver to define them.
Change-Id: Ifda5401ec5134268b8a9c3276ed7abf4cf8874aa
Partial-Bug: #1591413
Commit Ib56ee8bfd182c031e468c503acb0cd75daea8c40 refactored code
in L2 gateway base plugin. This patch makes appropriate changes
in NSX plugin and v3 driver.
Change-Id: I45d546e59e99d49d2a9b18258af94d90e91333ca
Partial-Bug: #1591413
When backend if inconsistent with the Neutron DB, we should still be
able to delete the pool, VIP bojects, while posting a proper error
message.
Change-Id: Ib08148dcc7219077920bc4629b99e13c4447f345
When backend if inconsistent with the Neutron DB, we should still be
able to delete the LB, while posting a proper error message.
Change-Id: Ice5b2bba255297711a620f61e75cafce0115ae93
Fixes-bug: #1663602
Adding support for the QoS DSCP marking rules for ports & networks,
and updating the backend QoS switching profile
Change-Id: I852ad20965c78c2d6011d350ca4f226f462d03fd