A recent change in pep/pycodingchecks introduced new warnings as part of
the pep8 target that causes pep8 to fail now.
This patch fixes code that issued warnings W503,E731,E266,E402
Change-Id: I57c035440bd847193ea5f8a8078016fb9baa3c31
The NSX will not accept 0.0.0.0/0 for remote and local IP
prefixes. This is changed internally to 'ANY'
The 'ANY' will only be internal. The API for the user will not
change, they will stell see the 0.0.0.0/0
Change-Id: I24adc9da9f52d17621117b46d8a535ccedf93227
Since oslo.utils provide the ability to generate the uuid string,
and some others use oslo.utils[0] too. For consistency, this ps
replaces uuid.uuid4() with uuidutils.generate_uuid().
Change-Id: I9b3ebff137d0ffaed8c54031c8587c3bfc1acdce
Bug fix 2082554: handle the exception in neutron side for Qos
since its not supported from NSXT for ENS TZ
Change-Id: I8ca4c7d04286830ce785a60d7a24439b9a39d801
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
When the default TZ is a ENS VLAN TZ then we identify this this
is not a regular overlay network. It is a VLAN network. There was
a missing check for regular networks that were not provider
networks.
Change-Id: I9e4241fd2e1047ba14442babc4677efa4dcab3a5
This patch will allow users to filter ports according
to security_group supplied as a filter.
Code is for V and V3.
Change-Id: I20b4655cb188aae9d031fee20aea917268ebdf48
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
Commit I5867f77fc5aedc169b42f50def0424ff209c164c added new security
groups tests which the MH plugin does not support.
Change-Id: I574f73b77f900e9650f47f806b6928f02883c76a
The nsx-v3 plugin can add default Tier-0 router configuration per
availability zone. The Tier-0 rotuer will be used as a default for
external networks creation in this AZ.
Change-Id: I18e917a6b3deb40429626f7f0018e5da7ab72a8b
When the plugin starts it will check if the global NS group and
OS DFW section are created on the NSX. If not it will create these.
There is a edge case where two servers are started in parallel and
they both create the default section. This will lead to traffic
being dropped.
This is dealt with in the following way:
1. We store the default OS section and NS group in the database
2. If the entries do not exist then we create them, the DB will
indicate if there is a duplicate and then the plugin will do a
cleanup of the incorrect resources.
In order to do this we need asecurity group. A default global one
with ID 00000000-def0-0000-0fed-000000000000 is created.
If the admin wishes to delete the global section then she/he should:
1. delete the NSX section
2. delete the security group
3. restart the neutron service
Change-Id: Ide7a7c75efac3e49d51e522a11c77e754f3d1447
The public APIs that are part of neutron.plugins.common.utils were
rehomed into neutron-lib with Iabb155b5d2d0ec6104ebee5dd42cf292bdf3ec61
and will removed in neutron with commit
I1d63cbea463e92e1d2e053f8e1a564ed52cb84f8
This patch consumes the common plugin utils from neutron-lib
Change-Id: I54ef960de54bc3ae781af7ba9473729c94197d0d
NSX|V3: This feature will enable an admin user to configure a range
of VLAN IDs per VLAN Transport Zone, so when they create a VLAN,
the VLAN tag will be set accordingly.
The configuration is being done in the nsx.ini file, under the relevant
section for nsx-v3, the admin will note the tz-id, with either a
predefined range(s) (min/max values) or only the transport zone itself
(which means that any value can be chosen).
The admin user will create the network noting “provider:physical_network”,
if they select a VLAN ID, than it will be used, if not - one will be
chosen according to the configuration mentioned above.
New configuration variable in nsx.ini under nsx_v3: network_vlan_ranges
network_vlan_ranges=<TZ_UUID>:<min_val>:<max_val>
Change-Id: Id202ca28bda44286deacb5c9969ffd92aa564a90
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
For each router interface subnets, we need to add NO DNAT rule whenever
NAT rules are added, or else internal traffic will be blocked.
Change-Id: I34d72b12289d6f6527bc114a32dac88281dd2cc4
The local address of the local endpoint for the VPN should be an unused
address on the external GW network of the Tier1 router
(and not the GW address itself).
To make sure this IP will not be used for anything else, a neutron port is
created.
The port will be deleted once the router (or its gw) is deleted.
The ip will be used for all the vpn services & connection on this tier1 router.
Change-Id: If956fd08f5c9cfde5cba9326c18d1d489c47a505
Enable IGMP traffic to pass by default. This is added to the default
section created by the plugin.
Change-Id: I0320cc8bf81cda22633637ee9eac4a57fc3b4086
Prevent the creation of a vpn service for a rotuer with SNAT enabled,
and prevent updating the SNAT to enabled for a router with a vpn service.
Change-Id: Ib6bfd9e019b2161245ba4951ef48e84314e0b923
Enable admin to control if ENS networks can be used.
In nsx_v3 section a new flag ens_support is added.
Change-Id: I99b885072964870fe61a26a5bab71c7ed0790c87
The vlantransparent extension's API definition was rehomed into
neutron-lib with commit I78c3e0c0b74dd154b6133963dfc8b65f9527bd2c
This patch consumes it by using neutron-lib's implementation in prep
for Ibfaa1ebf24caec62f5743975b206400fcd30436d
Change-Id: I8e2bf3fb75b3ccbcb269677fb2aa826659fbbdd2
The multiprovidernet API extension's definition was rehomed into
neutron-lib with If3367e6a14074a6225bba527e8f7e38c51280f85 and will be
consumed in neutron via I12c15c360f8bf5a45fbe70e5ed1202ef0e7ec0f0
This patch switches the code over to use neutron-lib's multiprovidernet
API definition rather than neutron's extension.
Change-Id: I6803fdf363a674303f21241a59dc6a281c84d433
Catching up with different VPN api changes done in the NSX
Change-Id: I78263af403056c9282da5799b9f64b3d8f22b80d
Depends-on: I32d6593860844bd23bb251c3fe30957c6efb9c2a
1. Do not allow the same availability zone to be configured for both
NSX-V and NSX-T
2. Adding separate configurations for the nsx-v/t default availability
zones under the tvd configuration section:
[nsx_tvd]
nsx_v_default_availability_zones = zone2
nsx_v3_default_availability_zones = zone1
Change-Id: Ic77dae9398b8281b8ea4d2988447907d1ac55c90
This patch moves the code over to neutron-lib's version of the
RESOURCE_ATTRIBUTE_MAP in prep for neutron commit
Iaacee584d499c4d33d6d2dd9609c7ac0f2cfc386
Change-Id: I09ad5d3a079ffe4494a5f609443be632f1cc9a21
When adding the FWaaS V2 rules to the NSX router, logical router ports
should not be used as source or destination.
Instead the logical swith id sghould be used.
Change-Id: I819127363f58a1fa9e63306ee4dbc7ca0819394f
Today neutron-lib defines the CORE and L3 service plugin aliases in
neutron_lib.constants as well as neutron_lib.plugins.constants. The
later is preferred and the former will be removed.
This patch switches the code to use the plugin constants from
neutron-lib.
Change-Id: Ic41b180cb0e084f271d715d7433e22e1688c6498
New support for VPNaaS on NSX-V3 2.2
Creating a vpn service per neutron service,
and ike/ipsec/dpd policies + endpoints + connection per neutron connection
Change-Id: Iad3778c1d826ae67f1b602625f5be0fe2f4c8fe3
This patch switches callbacks over to the payload object style events
[1] for BEFORE_SPAWN and AFTER_SPAWN based notifications. As no event
data is passed for SPAWN notifications, an actual payload object is
not needed and thus this change uses publish() rather than notify()
and updates and callback receivers to accept the payload parameter.
Depends-On: Ifad4781d82aa07f213f4e075b0c9455aa95e94bb
[1] https://docs.openstack.org/neutron-lib/latest/contributor/callbacks.html#event-payloads
Change-Id: Icca5213d7372ea28204db50108d5f77e1acf400d
Both NSX backend does not support adding a static route with destination
0.0.0.0/#.
Commit Ibb4f81a484de48f7ea65cb2bb6968e55eae087ad failed the request for
destination 0.0.0.0/0, but it should be failed for any prefix size.
Change-Id: Id1c299ad49ef8f34aede9b876f23fdb7ac7203e4
When there is a failure during the recycling of an edge appliace to the
backup pool, the edge at the backend may still be attached to networks
and use IP addresses which are free for reuse by Neutron.
Housekeeping job should address such cases.
Change-Id: I3a8ba622f742064bdc8906ba745da0a54a4576ac
Added import for l2 configuration that was missing and cause the core to
crash on unknown config.
Also added some more v3 unittests for the admin utils to help us catch
similar problems in the future
Change-Id: Ieb2fde77e0be4e32a0976cdeedb9680fda19001d
Commit I0095e160481f1d4572e38ad1d3bbc8e183039b84 introduced some
changes to the VPNaaS driver and validator apis.
This patch closses this gap.
Change-Id: I46d2381e3a0b05551518d41a3f9957a1b9d2b834
