The patch does the following:
1. set instance vNIC to a common network interface
2. Live migrates to T cluster
3. Updates the instance vNIC to opaque network
Example:
nsxadmin -r ports -o nsx-migrate-v-v3 \
--property project-id=01dd52ff4c7047f79f6259f916c83790 \
--property host-moref=host-11 --property respool-moref=resgroup-9 \
--property datastore-moref=datastore-22 \
--plugin nsxv3
There is also an option to use net-name. The default here is 'VM Network'
Change-Id: I24d9df3f7a3dbd11dffb86427367b809e2b49409
1. Better explain the security groups / nsx security groups / firewall sections
admiun utilities.
2. Also remove the unrelated firewall sections reorder form the fix-mismatch utility
3. fix some warnings that appeared when runnin g the utilities
4. Add new utilities to list/clean unused NSX sections:
- List NSX firewall sections that does not have a matching neutron security group::
nsxadmin -r firewall-section -o list-unused
- Delete NSX firewall sections that does not have a matching neutron security group::
nsxadmin -r firewall-section -o nsx-clean
Change-Id: Ie9868d1fb196964ce479bca2c42d4a6eea7ef427
Initial version for an admin utility for migration of a project
from V to T
This code will first dump all the objects to a file, so the data
will not be lost.
Then it will delete each object using the V plugin,
move the project to the T plugin and recreate each object.
Usage:
nsxadmin -r projects -o nsx-migrate-v-v3 --property project-id=<V project to be migrated>
--property external-net=<T external network to be used>
Change-Id: I816b63f40ada945d321db4566224f8a964a39a8f
Adding service plugins for QoS, VPNaaS and L2Gateway
and updating the BGP plugin
to prevent users from getting objects belonging to a different
plugin
Change-Id: I3545c3acefaf50ca6937a0b7a65c131c569317cd
Adding FWaaS v1/v2 plugins to be used with the TVD core plugin.
The plugins will make sure to separate the v/t returned lists
using the same solution that was introduced for the LBass, now as a
general class decorator.
Change-Id: I5f01b8cf093d5ef3b340dce2d12fc41031dd12e9
The user of the TVD plugin can use the admin utilities of the nsxv/nsxv3 plugins
by calling:
nsxadmin --plugin nsxv -r <> -o <>
or:
nsxadmin --plugin nsxv3 -r <> -o <>
A separate patch will make sure that only the relevant neutron objects are being
retrived when using those utilities.
Change-Id: I813f69bf2e08f3845f0135fdb00666746f5d20c6
New support for VPNaaS on NSX-V3 2.2
Creating a vpn service per neutron service,
and ike/ipsec/dpd policies + endpoints + connection per neutron connection
Change-Id: Iad3778c1d826ae67f1b602625f5be0fe2f4c8fe3
When there is a failure during the recycling of an edge appliace to the
backup pool, the edge at the backend may still be attached to networks
and use IP addresses which are free for reuse by Neutron.
Housekeeping job should address such cases.
Change-Id: I3a8ba622f742064bdc8906ba745da0a54a4576ac
Implements a generic mechanism to cleanup and fix various breakages and
issues between neutron, plugin and backend.
Also adds a housekeeping job which detects and handles broken DHCP edge
issues.
Change-Id: I5324befbe2c7740b8ed47e0a20586f8aca0726f1
Adding admin utility to map projects to a plugin.
when starting to use the TVD plugin, you should use this utility for all the old
projects/tenants.
New projects/tenants will later be added to the nsx-t plugin as default
usage:
nsxadmin -r projects -o import --property plugin=nsx-v --property project=<>
to automatically add all existing projects, run this command as an admin user:
for project in `openstack project list | grep -v Name | awk '{print $2}'`;
do nsxadmin -r projects -o import --property plugin=nsx-v --property project=$project;
done
Change-Id: I15e0cbe731628829af436ed265fbaa85f1c4d439
Using Q_SERVICE_PLUGIN_CLASSES insead of the neutron service_plugin
allows using multiple plugins at once
Change-Id: Idd9a0a05eb4dab0ed6c5612335e4a28ac80808e3
Adding a configuration option to prevent DHCP/Router edges sharing between
different tenants.
Also adding admin utilities for upgrade - redistribute the dhcp edges and
router edges if the configuration changed:
nsxadmin -r dhcp-binding -o nsx-redistribute
nsxadmin -r routers -o nsx-redistribute
Change-Id: I0d669c60413172a94ea5fc0beba0035df72c62ac
For DHCP relay support, and possibly other features, there is a need to
add specific allow rules to the router firewall between the FWaas v1/v2
rules, and the default drop rule.
This patch set the structure to do that, without actually adding new rules.
In case of FWaaS v2 the additional rules are per router interface.
Change-Id: I63d754495f56ec9081d84dcea6fb688ee1c41dbd
FWaaS V2 support in NSX-v3.
Support different firewall group per router interface port for
igress/egress.
limitation: cannot support egress rules with source ip, or ingress
rules with destination ips.
Depends-on: I2a37be5518bfc8124ffca2ab05f684d8c1c3d673
Change-Id: I3ed70fa48d078bed15f30e855b73bdfb11d11c6e
Support DHCP relay by configuring the relay service per
network availability zone, or globally.
When a router interface port is created, the relay service
will be added to it.
DHCP traffic on the subnet will go through the DHCP server
configured in the dhcp relay service on the NSX, if it is
connected to the router.
Also add admin utility to update exsiting router ports when the
dhcp relay configuration changes.
A future patch will take care of firewall rules allowint the dhcp traffic.
Change-Id: I626b3377e71c269600a47b3bd805eed9d58bad82
If deleting a router interface in the backend fails, the neutron port is
deleted, but the NSX backend interface and the vnic DB entry are not
deleted.
This new admin utility will list and clean those.
Change-Id: I002cac9c04f844c798097cf79d31dcefdea976ed
New Admin utility to be used during upgrade if it is necessary
to change the ip of the Nova server in the metadata proxy server.
Usage:
nsxadmin -r metadata-proxy -o nsx-update-ip --property server-ip=<server-ip>
you can optionally add the availability zone:
--property availability-zone=<name>
Depends-on: I702398f254a1329299ec2cb82e214caf0ae59a9c
Change-Id: I3b9b3cf3de7c0a5009da11abb69155b1d9c63eb7
New utilities to list/delete orphaned router binding entries,
meaning entries that the object behind them (router, loadbalancer
or network) does not exist on neutron.
Change-Id: I8a239b9d33a4900e2e90035111899015d68d30bb
Add admin utilities to list and clean backend logical routers that does
not exist in neutron.
Usage:
nsxadmin -r orphaned-routers -o list
nsxadmin -r orphaned-routers -o nsx-clean --property nsx-id=<id>
Change-Id: I69dcb2abcf798c3c35f7ddde1c8a10a16a44cc3e
Update utility for DHCP and metadata are only for migrating from
upstream DHCP and metadata to native support.
Change-Id: I150b5e7451bf114a5f965505d92515906f37df07
New option to recreate a single router by it's id
This can be useful if for some reason the current router was not attached
to an edge because of an error, so recreate by edge id is useless.
Change-Id: I1d6bf6ef96c19b80f32e9ac5227b52aa099afe01
VDR-connected networks were using designated DHCP Edge appliances
to provide metadata.
That was necessary before we introduced option 121 - which can be
used for route injection, which directs metadata traffic towards the
DHCP Edge.
This change removes some redundant code which is supporting metadata
in the old manner.
The patch deprecates supports of older versions of NSX which do not
support insertion of host routes which is required for the change.
Therefore dhcp_force_metadata config parameter has been deprecated.
Change-Id: I6b5e2acf09ce61c87d8ae97471955599cddf320b
