If the LB has an external vip, the member must have a local subnet-id
connected to a router with an uplink,
or the member must have an IP which is a FIP address
In addition, remove one leftover log, and remove a lock on router
id when it is None
Change-Id: Iefb492e43b5cc47a84ce82e4dfbcb0d1e5e6bffe
Before starting the migration, check for unsupported configurations
that will fail the migration.
Currently those include:
- Tier0 with BGP disabled and BGP rules
- DFW/Edge firewall sections witl 1500 rules or more
Change-Id: I702417c287b629844f2b8e1adda98b137e1ee9ff
This patch will allow moving neutron from using the nsx_v3 plugin to the nsx_p plugin.
This includes:
- admin utility to move all resources to the policy api:
nsxadmin -r nsx-migrate-t2p -o import (--verbose)
This utility will:
-- Migrate all neutron used & created resource using the nsx migration api
-- roll back all resources in case it failed
-- post migration fix some of the policy resources to better match the expectation
of the policy plugin
- admin utility that will cleanup left overs in the nsx_v3 db:
nsxadmin -r nsx-migrate-t2p -o clean-all
(can be used, but everything should work without calling it as well)
- Some minor changes to the policy plugin and drivers to allow it to handle migrated resource
which are a bit different than those created with the policy plugin
-- Delete DHCP server config once a migrated network is deleted
-- Update LB L7 rules by their name suffix as their full display name is unknown
Change-Id: Ic17e0de1f4b2a2d95afa61ce33ffb0bc9e667b89
1. Make the validation optional (If False - only log the warnings)
2. Validate each resource against all clusters and fail only if not
connected to any
Change-Id: I9abd091fc42d4dbe22e1b806df4d9131ab054726
The admin utilities usually run with the default config files:
/etc/neutron/neutron.conf and /etc/neutron/plugins/vmware/nsx.ini
In order to run it with custom files you can use:
nsxadmin --config-file <neutron conf path> --config-file <nsx conf path>
Change-Id: I0c75f0a616d8016a840611edab1e3b3edb53c4ad
Commit I475a5c984aed7b6cae26951e64971ec463a43c5e
changed the error handling of this api, so the plugin will need to handle the errors
Change-Id: I1ba3d0a64793674c97c62f6ff26fa00e34a7c4fe
In some cases the edge policy ids are different from the nsx ids.
Since validation is using those ids with the nsxlib objects, the nsx ids
should be used.
In addition - Do not fail plugin init or neutron action when failing to get
the transport nodes. Just issue a warning
Change-Id: I080ac86b1cebf66f11749c5256d1885a9bc7ef9f
Make sure to set the DHCP config only if there is a dhcp server ip.
Missing ip can happen during the process of deleting a subnet.
Change-Id: I1e8071935a01a7e07732c5033744f74769210043
When deleting a listener which doesn't exist in the backend, the call
shouldn't fail but delete from OpenStack DB and issue an error to the
log file.
Change-Id: I1ee816d82986a651ea2889b1a4a74889e8724dbb
Upon sunbet update and create, validate that the GW:
- has the same ip versions the network
- is part of the network
- In case of ipv6, match the NSX limitations
Change-Id: I21ef0a313569e8d025fe31c934c57ce2d54f2fec
The loadbalancers using the router LB service will be marked on
a new tag on the NSX service.
Also adin an admin utility to update existing Lb services with the tag.
Change-Id: I6c38b45e4d683681a6915fd07ca296264c7d2495
There is no need to validate the nsx provider network
(LS/segment already created on the NSX) against the MDproxy
Change-Id: I375c2cf81a3cf82c5954b6f5898e51e9fde661e9
Commit I7e68c9d0e40e03c0e3e708e04c996fdceed56df4 fixed the sg rule quota
issue in the admin utilities tests, instead of in their mock plugins
Change-Id: I95b6411e960c62def3bbc6a9d7b6cdd92fc4aa92
The default block rules rule has a group to match the network ips.
In case config firewall_match_internal_addr=False (match external)
we need to add the fip addresses as well.
Change-Id: Iec87b0032705811b81e02396137a183bc6a7c26c
Now that we are python3 only, we should move to using the built
in version of mock that supports all of our testing needs and
remove the dependency on the "mock" package.
Also see commit: Ifcaf1c21bea0ec3c35278e49cecc90a101a82113
Change-Id: I58da980351fe14357c210c02eb167a6c0af9d09e
Monkey patch the original current_thread to use the up-to-date _active
global variable. This solution is based on that documented at:
https://github.com/eventlet/eventlet/issues/592
Change-Id: Ia2dd231f4b8cb6f8876cf54671529095a9d11fc6
Closes-Bug: #1863021
When adding a vlan interface to a tier1 router, the edge cluster
must also be set, so that a service router will exist.
When removing a vlan interface, check if the service router is still
needed.
Change-Id: I73b3b02b876eea3d3247487fd12b542b637b6e0b