46 Commits

Author SHA1 Message Date
Adit Sarfaty
dddce2f9fb NSX|V3: Simplify LBaaS implementation
Until know, for scale issues, the creation of some NSX backend resources
for loadbalancing was postpone until the first member creation.
This complicates the code unnecessarily, since the scale issues were
already resolved.

The new code will create the matching backend objects for each
LBaaS/Octavia object upon creation.
In case external vip loadbalancer - the service will be created without an attachement,
which will be added upon member creation.

In addition a DB migration is added to mark as ERROR old incomplete load
balancers.

Depends-on: Ic4e604883a7b1437af995110d2d684c0bd396a52
Change-Id: Ib478c336840c2e441bbaeffe94700a5e267c6bef
2019-03-27 08:36:32 +00:00
Adit Sarfaty
4de8f1ee66 Revert "NSX|V3: Simplify LBaaS implementation"
This reverts commit 31770cf52a2583fbf012b99e08fe7f068bdef166.

Change-Id: Ibbd1ffdea6de5d64dec0ad4eac94185aa5c7de77
2019-03-19 08:31:59 +00:00
Adit Sarfaty
31770cf52a NSX|V3: Simplify LBaaS implementation
Until know, for scale issues, the creation of some NSX backend resources
for loadbalancing was postpone until the first member creation.
This complicates the code unnecessarily, since the scale issues were already resolved.

The new code will create the matching backend objects for each LBaaS/Octavia object upon creation.
In addition a DB migration is added to mark as ERROR old incomlete load balancers.

Change-Id: I2d1b9046a262fb43fd4b05e378dcf00f7f80adc0
2019-03-07 15:11:59 +02:00
Adit Sarfaty
a36a1dba74 NSX|V: FWaaS-V2 driver
This patch adds a driver for FWaaS V2 support in the NSX-V plugin.
It supports setting firewall rules per router interface port on the router
edge firewall.

In addition, the FWaaS TVD driver will now support NSX-V as well.

The driver code is a combination of the NSX-V3 FWaas-V2 code, and the old
NSX-V FWaaS-V1 code that is being deleted.

Change-Id: Iacc7eaff0c70b68156516008cf0277c154edd76b
2019-02-11 09:09:44 +00:00
Kobi Samoray
83d9b3abdd NSX|V+V3: Octavia driver
Implementing the Octavia support for NSX-V & NSX-T.
Follow up patches will handle the TVD plugin, Status updates,
and migration.

Since Octavia is not (yet?) in the requirements, using a hack to allow unittests
to be skipped.

Co-Authored-by: Adit Sarfaty <asarfaty@vmware.com>
Change-Id: Iadb24e7eadcab658faf3e646cc528c2a8a6976e5
2018-10-02 11:19:55 +03:00
sunqingliang6
946c16c4d1 modify grammatical errors
Change-Id: I6021f3ec0d7c06ed5fc63b175ea0995bb25013b4
2018-06-19 19:15:45 +08:00
Adit Sarfaty
3e6b548984 NSX-v3: Add default tier0 router to AZ config
The nsx-v3 plugin can add default Tier-0 router configuration per
availability zone. The Tier-0 rotuer will be used as a default for
external networks creation in this AZ.

Change-Id: I18e917a6b3deb40429626f7f0018e5da7ab72a8b
2018-03-07 10:31:16 +02:00
Michal Kelner Mishali
ab622863d5 Enable configuration to decide on vlan tag per TZ
NSX|V3: This feature will enable an admin user to configure a range
of VLAN IDs per VLAN Transport Zone, so when they create a VLAN,
the VLAN tag will be set accordingly.
The configuration is being done in the nsx.ini file, under the relevant
section for nsx-v3, the admin will note the tz-id, with either a
predefined range(s) (min/max values) or only the transport zone itself
(which means that any value can be chosen).
The admin user will create the network noting “provider:physical_network”,
if they select a VLAN ID, than it will be used, if not - one will be
chosen according to the configuration mentioned above.
New configuration variable in nsx.ini under nsx_v3: network_vlan_ranges
network_vlan_ranges=<TZ_UUID>:<min_val>:<max_val>

Change-Id: Id202ca28bda44286deacb5c9969ffd92aa564a90
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2018-02-28 09:51:17 +02:00
Gary Kotton
6362e710d9 NSX|V: ensure that no sec groups and port sec will discard traffic
Traffic to ports that have port security and port security enabled
will by default be discarded. A configuration variable has been added
with default False so that there is not a degradation with the current
behaviour.

The variable is use_default_block_all.

Change-Id: I5569234de01c116d1ad3161cfaf54404467f6816
2018-02-17 01:12:12 +02:00
Gary Kotton
8b91fd814d NSX_V3: add flag to indicate if ENS networks can be created
Enable admin to control if ENS networks can be used.
In nsx_v3 section a new flag ens_support is added.

Change-Id: I99b885072964870fe61a26a5bab71c7ed0790c87
2018-01-24 02:44:35 -08:00
Gary Kotton
b448aba9b8 NSX|V: enable binding floating ip's per AZ
Enable admin to enable this config variable per AZ.

Change-Id: I19ee2b4adf49e9bcd3e6004dc76d61761bb81b92
2018-01-15 22:09:08 -08:00
Adit Sarfaty
b993b7f4c0 NSX|V3: VPNaaS support
New support for VPNaaS on NSX-V3 2.2
Creating a vpn service per neutron service,
and ike/ipsec/dpd policies + endpoints + connection per neutron connection

Change-Id: Iad3778c1d826ae67f1b602625f5be0fe2f4c8fe3
2018-01-04 14:38:20 +00:00
Adit Sarfaty
c45004d4b7 NSX|V3: transparent support for logical switches
Leverage the NSX networks support for transparent VLANS.
NOTE that the feature needs the configuration variable
cfg.CONF.vlan_transparent to be set to True.
(this is in the neutron configuration file)

This is currently only supported with overlay backing networks.
This is supported from NSX 2.2 onwards.

Change-Id: I4195a4fade42f798689ef19e6d6b59209547beaa
2017-12-12 10:33:21 +02:00
Pierre Hanselmann
1d9d363bba DVS: Add support for dns-integration extension
One can enable DNS integration for the upstream neutron
DNS integration extension by setting:
nsx_extension_drivers = vmware_dvs_dns

Closes-Bug: #1727626
Change-Id: If776d21679acfa2abf8018a8f6f19b58be24cb4b
2017-10-30 15:45:17 +00:00
Adit Sarfaty
32e95f47b5 NSX|v3: FWaaS v2 support
FWaaS V2 support in NSX-v3.
Support different firewall group per router interface port for
igress/egress.
limitation: cannot support egress rules with source ip, or ingress
rules with destination ips.

Depends-on: I2a37be5518bfc8124ffca2ab05f684d8c1c3d673
Change-Id: I3ed70fa48d078bed15f30e855b73bdfb11d11c6e
2017-09-18 07:42:30 +00:00
Jenkins
bd6de55f7c Merge "NSX|v3: provider networks updates" 2017-09-12 15:56:58 +00:00
Adit Sarfaty
5dac3f4a4c NSX|v3: DHCP Relay support
Support DHCP relay by configuring the relay service per
network availability zone, or globally.
When a router interface port is created, the relay service
will be added to it.
DHCP traffic on the subnet will go through the DHCP server
configured in the dhcp relay service on the NSX, if it is
connected to the router.

Also add admin utility to update exsiting router ports when the
dhcp relay configuration changes.

A future patch will take care of firewall rules allowint the dhcp traffic.

Change-Id: I626b3377e71c269600a47b3bd805eed9d58bad82
2017-09-12 11:49:26 +03:00
Adit Sarfaty
445384dde7 NSX|v3: provider networks updates
- Deprecate the "vxlan" type
- Add the "geneve" type: with overlay transport zone
- Add the "nsx-net" type: attach an existing nsx logical switch
(vlan or overlay) to a neutron network.

In addition, this patch adds unit tests to all provider networks types.

Change-Id: I48a35c913c08ea4afcca64ed2e13db41260b95a3
2017-09-12 09:40:55 +03:00
Jenkins
470ca96ec1 Merge "NSX|v3: configure additional switching profiles per AZ" 2017-08-10 12:11:19 +00:00
Adit Sarfaty
ef3db6aba7 NSX|v3: configure additional switching profiles per AZ
New configuration option is added to the nsx-v3 plugin: switching_profiles.
It will contain a list of switching profiles uuids that will be added to
NSX ports created by neutron.
The configuration is global or per availability zone.
In case the port should contain a different profile of some type,
the port-specific profile will be used, since the backend takes the last
one of each type.

Change-Id: Ifa1dba2250b224201e6f81816feb536a35b642a5
2017-08-10 05:34:10 +00:00
Tong Liu
2d0aab3129 NSXv3: Add release note for LBaaS
Change-Id: Ib3e54c727373c0fdba25ffc7152671e179c45f7f
2017-08-08 10:21:19 +00:00
Adit Sarfaty
d55047bbac Add Pike release notes
Change-Id: I4ede61fee4f4cecb91f562cebc7369d638d4fb38
2017-08-07 15:08:24 +03:00
Adit Sarfaty
28e2c22939 NSX|V3: Configure TZ, router and profiles using tags
New configuration option for the transport zones, tier0 router, dhcp
profile and md-proxy in the nsx ini file.
If init_objects_by_tags is True, the user should add a tag with a scope
(whose name will be set in search_objects_by_tags) to the overlay
transportzone, vlan transportzone and tier0 router on the nsx.
In the nsx ini file the user should configure the value of this tag for
each object instead of the object name or uuid.

Example:
[nsx_v3]
init_objects_by_tags = True
search_objects_scope = ini-scope
default_overlay_tz = ini-tag-tz
default_vlan_tz = ini-tag-tz2
default_tier0_router = ini-tag-rtr
metadata_proxy = ini-tag-md
dhcp_profile = ini-tag-dhcp

Depends-on: If05390d3b58b84290e1f306f03c5ba3654bd1fad
Change-Id: Icb66f42939e41eb32c8485f80f4e5d24cf172023
2017-07-12 12:04:01 +00:00
Tong Liu
4f1c85ab96 NSXv3: Default native_dhcp_metadata to True
Starting newton we added support for native DHCP and metadata
provided by NSX. Since now most of the NSXv3 deployment are using
native DHCP/Metadata, default this option to True.

Change-Id: Id16fb64d898a46016f1e8e929a914d347b659458
2017-04-27 10:32:17 +00:00
Adit Sarfaty
f10dcfe82d NSX-V FWaaS(V1) support
The nsx-v FWaaS driver will add the configured firewall rules to
the router edges.
Currently there is not support for shared routers.
The rules will be edded after the current rules (NAT, LBaaS, external traffic)
for exclusive routers edges and distributed routers PLR edged.

Change-Id: I82ba90070ef4e739a0b5c4463ef03a807e26adfb
2017-04-04 11:15:49 +03:00
Adit Sarfaty
84be0ea6a5 NSX-V3| network availability zones support
Adding availability zones for nsx-v3 for native dhcp parameters

configuration:

[nsx_v3]
availability_zones = zone1,zone2,zone3

[az:zone1]
metadata_proxy = a87d92f3-0106-47dc-a494-de68345fecc8 <profile-name-or-uuid, mandatory>
dhcp_profile = 8a4fb2ca-60aa-4291-aab8-d0d6b7790292 profile-name-or-uuid <mandatory>
native_metadata_route = 179.254.169.254/31 <optional>
dns_domain = aaa.com <optional>
nameservers = 1.1.1.1, 2.2.2.2 <optional>

Change-Id: I006d922908d5a061480f43eeb92d373fcb4db616
2017-03-14 19:28:31 +02:00
Gary Kotton
c33810b865 NSX|V: add in exclusive DHCP support
Via the configuration variable exclusive_dhcp_edge enable a tenant
to create a exclusive DHCP edge. This can be global or via AZ.

DocImpact

Change-Id: Ia5220302114d73fa89b3f3ea86141cb3208fe885
2017-03-12 10:00:08 +00:00
Adit Sarfaty
2256459aa1 NSX-v| LBAAS L7 support
Supporting L7 policies and rules in LBAAS-v2
Including a new db table nsxv_lbaas_l7policy_bindings
for mapping between the lbaas policy ID and the nsx application rules.

Depends-on: I3b14d107dbe0a72a6e24239f06bd6c3ac597cfbb
Change-Id: Ic760be8956cea00b972b5f11f6acff294630892d
2017-02-07 11:33:17 +02:00
Adit Sarfaty
3ac633ec68 NSXv: Edge random placement
Support randomly selecting which will be the primary datastore and which
will be the secondary one when deplying an edge, in order to balance the
load.
This new option is available globally as well as per availability_zone
via a new configuration parameter edge_placement_random which will be
False by default.

Change-Id: I5bf8f8999100c4c6da4645bda6e74165575c3818
2017-01-31 12:38:11 +02:00
Shih-Hao Li
64dec92beb NSXV+NSXV3: Add support for dns-integration extension
One can enable DNS integration for the upstream neutron
DNS integration extension by setting:
nsx_extension_drivers = vmware_nsxv_dns (for NSXV)
nsx_extension_drivers = vmware_nsxv3_dns (for NSXV3)

Change-Id: Id100f8034e602d92310d22f900c48d9dfbe59a8d
2017-01-15 09:06:09 -08:00
Jenkins
55168e957e Merge "NSXV+NSXV3: add support for pluggable extensions" 2017-01-15 16:32:34 +00:00
Shih-Hao Li
8c77175ee9 NSXV+NSXV3: add support for pluggable extensions
A new configuration variable nsx_extension_drivers
has been added. This is in the DEFAULT section. This enable us
to code support to add via configurations extensions, for
example dns_integration.

Co-authored-by: Shih-Hao Li <shihli@vmware.com>

Change-Id: Iea4715522d9c7cf327b7f1a751b78f14d5e06e75
2017-01-15 12:54:00 +00:00
Adit Sarfaty
1266099049 NSX|V3 IPAM support
The NSX-V3 plugin will use the NSX-V3 backend IPAM.
An IP pool will be created for each subnet, and port IPs will be allocated
from this pool.
The current backend limitation is that we cannot allocate a specific IP,
so port create/update with fixed_ips will fail, unless the requested ip
is the subnet gateway ip.

To enable this option set 'ipam_driver = vmware_nsxv3_ipam' in the
neutron.conf

Change-Id: I5263555cbb776018a5d01f19d0997fd2adf6483d
2017-01-15 12:49:00 +00:00
Gary Kotton
8cca87ed98 NSX|V: add configuration variable for dns_search_domain
Enable a admin to configure a global search domain. That is, if a
subnet is not created with a search domain (commit
d9f3ee826acf3fc5a1c436361790940237ef9784) then is a domain is
defined in the configuration file then we can use that one.

In the nsxv section there will be a new variable
 - dns_search_domain

Change-Id: I112a00dbc89b1c7702e82ecfa6ec974b7b9cce8d
2016-12-13 04:55:44 -08:00
Adit Sarfaty
c646af86c8 Add release notes for NSX-V policy support
Change-Id: I13977606c9d14ff8eafdd14505a7aa32907dcb95
2016-11-10 15:59:08 +02:00
Zhenmei
074edfefa5 NSX|v3 replace dhcp profile and metadata proxy uuids with names
Support configuration of name or uuid (instead of only uuid) for
2 nsx_v3 parameters: dhcp_profile, metadata_proxy.

Assert on init if the uuid or name was no found on the backend,
or if the name is not unique.

Change-Id: Ife6263b7cf1759a2fc309205552eb79138d512a1
2016-10-10 20:59:49 -04:00
Jenkins
a3b17e2441 Merge "NSX|V3 support different credentials for the NSX manages" 2016-09-29 11:47:00 +00:00
Adit Sarfaty
367d511068 NSX|V3 support different credentials for the NSX manages
In case of multiple NSX managers in the nsx_api_managers configuration,
it is now possible to configure a different username/password/ca_file for each
of the managers.
The nsxv3 configuration parameters ca_file, nsx_api_user & nsx_api_password are
now lists.
If they contain only 1 value, it will be used for all the managers.
Else, the order of of the values is expected to match the order of the
nsx_api_managers.

Change-Id: I31b955c9ee449126acde96de48a1887b94c38e29
2016-09-22 08:18:07 +03:00
Abhishek Raut
ff5ebec12c NSXv3: Add support for trunk service driver
This patch adds support for trunk extensions in the NSXv3
plugin.
Now you can create trunk and subports which map to CIF
on the backend.
i.e. trunk port <-> parent port and subport <-> child port
on the backend.
If backend fails to update subports, the status of trunk will be set
to ERROR.

Use OSC commands for trunk CRUD operations.
For e.g.
Create trunk with a subport:
openstack network trunk create --parent-port <parent-port>
    --subport port=child-port,segmentation-type=vlan,segmentation-id=200
    TRUNK_NAME

Delete trunk:
openstack network trunk delete TRUNK_NAME

Change-Id: Iedd47d868d803ca8c52856554885fd7d14668924
2016-09-11 04:03:12 -07:00
Abhishek Raut
0364fcd1a0 Add releasenotes for NSXv3 TaaS driver
Change-Id: I892cdc9c17ebe1f6d7cea8ee4af1da71f2bd90b1
2016-09-09 05:29:19 -07:00
Shih-Hao Li
5e0cc2bd77 Add release note for native DHCP/Metadata support
Change-Id: Icb59afa1e5eb6a21149d4d7c06fcfc57b16c71cd
2016-09-15 07:59:39 -07:00
Jenkins
8c2c6395d4 Merge "Adding release notes for new feature - provider security-groups" 2016-09-13 21:10:31 +00:00
Roey Chen
0243c2f56b Adding release notes for new feature - provider security-groups
Change-Id: I949b2ac1b8233b7f600533e182e93cf54536096c
2016-09-13 20:17:17 +00:00
Adit Sarfaty
09b57b6e78 Add release notes for the Newton features
Change-Id: Idf97041b6a35f2a91d1ee562e618eba8a0bc6a09
2016-09-08 15:15:52 +03:00
Adit Sarfaty
a88b99b6c9 NSX|v3 replace configuration uuids with names
Support configuration of name or uuid (instead of only uuid) for 4 nsx_v3
parameters: default_overlay_tz, default_vlan_tz, default_bridge_cluster
and default_tier0_router.

Assert on init if the uuid or name was no found on the backend, or if the
name is not unique.

DocImpact: Configuration options default_overlay_tz_uuid, default_vlan_tz_uuid,
           default_bridge_cluster_uuid and default_tier0_router_uuid were
           replaced with default_overlay_tz, default_vlan_tz, default_bridge_cluster
           and default_tier0_router and support name or uuid now.

Change-Id: Id153d4d69165b161c04c403b578657c51af20e9c
2016-04-18 16:28:09 +03:00
Abhishek Raut
82a4e247bf Add reno for release notes management
Release management team has modified the way it releases
projects and a new process and guideline has been established.
This change adds support for the same. More information on
this can be found at [1].

Within OpenStack, reno can be used to create release notes
using the following command:
tox -e venv -- reno new slug-goes-here
where slug-goes-here is a prefix to your notes.
More info on reno usage can be found at [2].

[1]: http://lists.openstack.org/pipermail/openstack-dev/2015-November/078301.html
[2]: http://docs.openstack.org/developer/reno/usage.html

Change-Id: Ic4c1d246b0c9dda7c4c3901ed9527481b6f8f3e3
2015-12-03 00:08:14 -08:00