Adding service plugins for QoS, VPNaaS and L2Gateway
and updating the BGP plugin
to prevent users from getting objects belonging to a different
plugin
Change-Id: I3545c3acefaf50ca6937a0b7a65c131c569317cd
This change removes the now unused "warnerrors" setting, which is
replaced by "warning-is-error" in sphinx releases >= 1.5 [1].
[1] http://lists.openstack.org/pipermail/openstack-dev/ 2017-March/113085.html
Change-Id: Ie82fce03c73f4a78b557caecc5bcf4ad9c8b7cb1
Closes-Bug:#1693670
Adding FWaaS v1/v2 plugins to be used with the TVD core plugin.
The plugins will make sure to separate the v/t returned lists
using the same solution that was introduced for the LBass, now as a
general class decorator.
Change-Id: I5f01b8cf093d5ef3b340dce2d12fc41031dd12e9
The patch ensures that only a V tenant can see v resources and the
same for a T tenant/project.
NOTES:
1. In the neutron configuration file a new service plugin is created.
So we need the following:
[DEFAULT]
service_plugins = vmware_nsxtvd_lbaasv2
2. The extensions path needs to be updated so that the default LBaaS
extensions can be loaded.
So for example in the devstack case we need to configure:
[DEFAULT]
api_extensions_path = /opt/stack/neutron-lbaas/neutron_lbaas/extensions
Change-Id: Iea497cbb150048bedf712a195c7854e4836ad4a5
When there is a failure during the recycling of an edge appliace to the
backup pool, the edge at the backend may still be attached to networks
and use IP addresses which are free for reuse by Neutron.
Housekeeping job should address such cases.
Change-Id: I3a8ba622f742064bdc8906ba745da0a54a4576ac
Implements a generic mechanism to cleanup and fix various breakages and
issues between neutron, plugin and backend.
Also adds a housekeeping job which detects and handles broken DHCP edge
issues.
Change-Id: I5324befbe2c7740b8ed47e0a20586f8aca0726f1
Drivers for FWaaS V1/V2 for the NSX-TV plugin
Those drivers are just wrappers calling the right driver according to
the project of the firewall object.
Change-Id: Ia073da9c91cb4d69d772b3e0d0ab6f5c3fd60795
Introduce a plugin that can work with all of the VC and NSX
offerings under the same umbrella of a single plugin.
Co-Authored-By: Adit Sarfaty <asarfaty@vmware.com>
Change-Id: I0449d64e3cf79b7a3a846dacba95e8854d53bdf8
One can enable DNS integration for the upstream neutron
DNS integration extension by setting:
nsx_extension_drivers = vmware_dvs_dns
Closes-Bug: #1727626
Change-Id: If776d21679acfa2abf8018a8f6f19b58be24cb4b
For DHCP relay support, and possibly other features, there is a need to
add specific allow rules to the router firewall between the FWaas v1/v2
rules, and the default drop rule.
This patch set the structure to do that, without actually adding new rules.
In case of FWaaS v2 the additional rules are per router interface.
Change-Id: I63d754495f56ec9081d84dcea6fb688ee1c41dbd
FWaaS V2 support in NSX-v3.
Support different firewall group per router interface port for
igress/egress.
limitation: cannot support egress rules with source ip, or ingress
rules with destination ips.
Depends-on: I2a37be5518bfc8124ffca2ab05f684d8c1c3d673
Change-Id: I3ed70fa48d078bed15f30e855b73bdfb11d11c6e
In vmware_nsx/plugin.py, NSX|mh plugin has been defined as
NsxPlugin and there is no NsxMhPlugin. To use alias for NSX|mh
plugin, vmware_nsx should be used instead of vmware.
Change-Id: Iff5cfe5a60809cf3c26d4445f0c3fb4b89db968f
This now existsin the vmware_nsx_tempest_plugin
Change-Id: I76e5856deeeb06b87675314635d06aa0291143eb
Depends-On: I804c3fd1e0c9cbeb454677e7951072ad74391fec
Adding FW rules to protect the traffic north-south behind a T1 router.
This will be done only if a firewall was attached to the router.
This includes:
- FWaaS rules
- Drop all default rule
When the firewall is deleted or the router removed from it,
a default allow all rule will be set.
For the rotuer firewall to work, the rotuer NAT rules should set
nat-bypass=False.
Change-Id: Iba03db8ca67ee10d1c54b96fb41a888cb549684d
* Added vmware_nsx_tempest under packages in setup.cfg so that
tempest can discovers it.
* Removed pbr version from vmware_nsx_tempest (in-tree tempest plugin)
as it causes versioning issue with the main package vmware_nsx.
* Added all sections and options defined in tempest plugin conf
so that tempest can retrive all the tempest sample configurations.
Depends-on: Iab0202a28bfa525c4cd91e776ac2bdba56a807f6
Change-Id: I2f706b8cdb31c53d951b059f939fb0d6afc32958
Closes-Bug: #1691122
If config neutron.core_plugins values for vmware_nsx.plugin.NsxVPlugin.
It throw warning for 'stevedore.named [-] Could not load vmware_nsx.plugin.NsxVPlugin'.
So,Add vmware_nsx vmware_nsxv vmware_nsxv3 and vmware_dvs entry_point in neutron.conre_plugins group.
Change-Id: Ie2a5a4d00bd15ad838737948e2eb8eec69f3303b
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.
Change-Id: I0448c7bc0294db867bc1766da7aaf07912575dbe
One can enable DNS integration for the upstream neutron
DNS integration extension by setting:
nsx_extension_drivers = vmware_nsxv_dns (for NSXV)
nsx_extension_drivers = vmware_nsxv3_dns (for NSXV3)
Change-Id: Id100f8034e602d92310d22f900c48d9dfbe59a8d
The NSX-V3 plugin will use the NSX-V3 backend IPAM.
An IP pool will be created for each subnet, and port IPs will be allocated
from this pool.
The current backend limitation is that we cannot allocate a specific IP,
so port create/update with fixed_ips will fail, unless the requested ip
is the subnet gateway ip.
To enable this option set 'ipam_driver = vmware_nsxv3_ipam' in the
neutron.conf
Change-Id: I5263555cbb776018a5d01f19d0997fd2adf6483d
Now that there exists only a gate job for Python 3.5 and not 3.4,
we should remove those references to the 3.4 that is untested.
Change-Id: Idb66d124611de879b33c0f8bd20f37f24da443b4
Create an openstack client plugin for vmware nsx, and add the some of
the extensions suport: router-type, router-size, subnet dhcp-mtu and
dns-search-domain and port provider security groups and vnic index
Work for future patches:
- More unit tests (provider-security-groups)
- Add the rest of the extensions
Change-Id: I5b335de000b310cbcbb9a2f81483fd28f8d9afea
The service insertion feature allows us to redirect some of the NSX traffic to an external
security vendor like Palo-Alto or checkpoint for advanced inspection.
The implementation contains:
Enable the flow classifier plugin, and use it to create redirect rules on NSX
When the flow classifier plugin is initialized a new security group is created
and added to the configured service profile
When a vm port with port security is created/updated, it is added to this security group
When the admin user create a flow classifier entry, a backed redirect rule will be created.
DocImpact: new NSXV Configuration parameters:
service_insertion_profile_id = <service profile id, i.e. serviceprofile-1>
DocImpact: The flow classifier methods should be added to the policy.json as admin only
Change-Id: I67a132d4b35764c6940516a8365a2749d574aad2
Now that there is a passing gate job, we can claim support for
Python 3.5 in the classifier. This patch also adds the convenience
py35 venv.
Change-Id: I14f4f90ca0f0c863f9175934f63c95b9115f9b8c
As per [1] the next version of pbr will properly support pbr/Sphinx
warnerrors during doc builds. We should enable warnerrors upon
the next pbr release and verify our doc build completes successfully.
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-June/097849.html
Change-Id: I20cbbefb9dce05770dafa37a6ee1a59afc29c218
Tempest plugin breaks the CI due to changes to upstream tempest project.
This patch disables the tempest plugin to allow the CI to work.
Plugin should be re-enabled once issues are resolved.
Change-Id: I52bc8309d6b75f91ec66b3c11d10d1527da0177e
This tool reads from one neutron server and then replays all the
of the api calls required to create the resources on another server.
It requires the dest-neutron service to be in api-replay-mode to allow
us to specify the ids of resources.
This patch migrates all resources expect for floatingips and uplinking
the router.
This patch also makes some modifications to the plugin code to make migating
security groups especially the default security group and rules that
users have added possible.
Change-Id: Id79c880317bfbb45c4edad7cdb1e95a6c8dc21e6
Change: Ib56ee8bfd182c031e468c503acb0cd75daea8c40 broke vmware-nsx
L2 gateway plugin for master and mitaka release. Due to this the
l2 gateway plugin for vmware-nsx would not load.
This patch makes the required changes in vmware-nsx to load l2gw
plugin.
This patch also adds a README file to include steps to bring up
L2 gateway plugin with devstack.
Closes-Bug: #1573327
Change-Id: I433c7f51df80ff6ea4250e38c981ffb363cf1b17
Add support for the qos service in NSX|V3, including:
- Attach/Detach qos policy to a new or updated port
- Allow qos configuration on ports with internal networks only
- Update the switch profile with the BW limitations and tags
through the qos notification driver
- Add a new mapping db table to link the policy id and the
nsx-v3 switch profile id
For this to work, the following configuration should appear under the 'qos' section in the neutron.conf:
notification_drivers = vmware_nsxv3_message_queue
Change-Id: I4016de756cebe0032e61d3c2a5250527e44b49e4
This patch is a follow up to the auto generate config file patch[1]
which removes the static example nsx.ini file from the repo as
it is now redundant.
[1]: https://review.openstack.org/#/c/303673/
Depends-On: Iff4ea37b52616295b262ead53947acb5b0cd9cd7
Change-Id: I61ee6fe873cfeac9dfe6d9eb7b0f90dd7c251d51
Partial-bug: #1568215
This patch adds support to automatically generate config files
for vmware-nsx repo using oslo config generator[1] for all
VMware plugins.
Tox can be used to generate a sample config file using the
following command:
tox -e genconfig
This will generate a config file "nsx.ini.sample" under
vmware-nsx/etc/ folder.
This patch also modifies devstack scripts to use the
auto-generated config files and adds more information to help
texts in config modules.
[1] http://docs.openstack.org/developer/oslo.config/generator.html
Change-Id: Iff4ea37b52616295b262ead53947acb5b0cd9cd7
Partial-Bug: #1568215
Add support for the qos service in NSX|V, including:
- Attach/Detach qos policy to a new or updated network
- Allow qos configuration on a backend network only,
and only if use_dvs_features is True
- Update the bw limitations on the edge through the dvs
- Update the networks bw limitations when a policy or rule changes
through the QoS notification driver
Change-Id: Icee25b59e8e0f3c1c093077b631250a908e127c1
Follow new infra setup for translations, see spec
http://specs.openstack.org/openstack-infra/infra-specs/specs/translation_setup.html
for full details.
This basically renames
vmware-nsx/locale/vmware-nsx.pot to
vmware_nsx/locale/vmware_nsx.pot. For this we need to update
setup.cfg.
Update also domain name in _i18n.py.
Let's remove the po and pot files in the outdated paths.
The updated scripts work without them. So, we can just
delete the files and once the infra script runs,
an updated pot file together with translations
will be imported automatically.
Change-Id: Id4bade9ffd23c57153b415514c82b384fd0977aa
installation procedure & tech-notes at vmware_nsx_tempest/README.rst
With this plugin method, vmware_nsx_tempest tests can be treated as
tempest tests and executed under tempest environment.
Fix nsxv_client to support multiple transport zones.
Change-Id: Id103c0ce03d75749fe6295108db48493f565b05a
Implements: blueprint vmware-nsx-tempest-plugin
It is not a good idea to have a top-level "tools" namespace, this
name is too generic and already taken in PyPi (see
https://pypi.python.org/pypi/tools).
This patch moves python_nsxadmin to the vmware_nsx.tools namespace,
adjusting all imports and making sure setup.cfg is adapted
accordingly.
Change-Id: I75922db2010194fe59db424cc4615c7ba57c1b81
Previously we have tools/python_nsxadmin folder get added
to /usr/local/lib/python2.7/dist-packages, however this didn't
capture the __init__.py file in tools folder. The __init__.py
is needed for any pakcage to be imported without that
import tools.python_nsxadmin would fail, since python won't recognize
tools as a module.
Original intention to have tools/python_nsxadmin was towards having
python_nsxadmin in the dist-packages instead of tools. But haven't yet
figured out how to do that in setuptools (setup.cfg)
Change-Id: I3641235e462866ccb85b7ada625f8ccaa282e1ba
It wasn't working because of two reasons:
1. The packages filed in setup.cfg takes a directory name.
so specifying tools.python_nsxadmin.admin didn't put the py files
in /usr/local/lib/python2.7/dist-packages when we pip installed
vmware-nsx package. (sudo pip install .). So changing it to tools
installs all the code in tools including python_nsxadmin there. Read
2 to know why we need this.
2. To enable admin utility to dynamically pick up any hooks that users
might add we use the importlib module. The bug was here, as the path was
absolute tools/python_nsxadmin/.... So when we executed it from other
diretory those modules were not imported. So I changed that to relative
path. Though, over here there could be a case where the hooks location
directory path contains a '-' / dash, which will cause it to fail.
>>> import
>>> home.gangil.t1-review.e_nsx.tools.python_nsxadmin.admin.plugins.nsxv.resources.edges
File "<stdin>", line 1
import
home.gangil.t1-review.vmware_nsx.tools.python_nsxadmin.admin.plugins.nsxv.resources.edges
^
SyntaxError: invalid syntax
So we install the tools code using setup.cfg and then just import
resources from there.
Now it works from any directory.
Change-Id: Idc414fabc769d0503974e8f77b84d32008b3c08a
To start translation, we need to initially import the
translation file - and place it at the proper place so that
the usual CI scripts can handle it.
The proper place is for all python projects
$PROJECT/locale/$PROJECT.pot - see setup.cfg.
Further imports will be done by the OpenStack Proposal bot.
Setup also setup.cfg with the usual babel commands and add the default
babel.cfg file.
Change-Id: I2c0350e15c68bcae2a0611dade5f5a0705a9387d
This patch will create:
vmware_nsx/plugins/dvs for DVS specific files
vmware_nsx/plugins/nsx_mh for MH specific files
vmware_nsx/plugins/nsx_v for nsx_v specific files
vmware_nsx/plugins/nsx_v3 for nsx_v3 specific files
also move vmware_nsx/vsphere/ to vmware_nsx/plugins/nsx_v/vsphere/.
This is part of new vmware_nsx directory structure proposed in
https://goo.gl/GdWXyH.
Change-Id: I00ee12da2eea0add988bae3d4f3e12940ea829bb
