ad425b90b1
Usage for listing the orphaned networks: nsxadmin -r orphaned-networks -o list Output example: ==== [LIST] Orphaned Networks ==== orphaned-networks +-----------------------------+-----------------+------------------------------------------------------+ | type | moref | name | +-----------------------------+-----------------+------------------------------------------------------+ | DistributedVirtualPortgroup | dvportgroup-340 | dvs-22-net-vlan-0d0ad825-4907-4e8f-9bd8-690007dadf3b | | VirtualWire | virtualwire-33 | a7fd0856-923e-43a6-97c7-9980e7fabd08 | +-----------------------------+-----------------+------------------------------------------------------+ Usage for deleting a backend network: nsxadmin -r orphaned-networks -o nsx-clean --property moref=<moref> Output example: ==== [DELETE] Backend Network ==== Backend network dvportgroup-340 was deleted Change-Id: I3141c490dc47b06fd5315b2f4bfb7144360e11ac
5.4 KiB
Admin Utility
The NSXv and the NSXv3 support the nsxadmin utility. This enables and administrator to determine and rectify inconsistencies between the Neutron DB and the NSX. usage: nsxadmin -r <resources> -o <operation>
NSXv
The following resources are supported: 'security-groups', 'edges', 'networks', 'firewall-sections', 'orphaned-edges', 'spoofguard-policy', 'missing-edges', 'backup-edges', 'nsx-security-groups', 'dhcp-binding' and 'metadata'
Edges
NSX list:
nsxadmin -r edges -o nsx-listNeutron list:
nsxadmin -r edges -o neutron-listUpdate Datastore HA of an edge: This admin utility can be used on upgrade after the customer added ha_datastore_id to the nsx.ini configuration, in order to update the deployment of existing edges. The new edge appliances configuration will be taken from the nsx.ini, including the datastrore_id, ha_datastore_id, edge_ha. The edge current resource pool & appliance size will not change:
nsxadmin -r edges -o nsx-update --property edge-id=<edge-id> --property appliances=TrueUpdate the size of an edge:
nsxadmin -r edges -o nsx-update --property edge-id=edge-55 --property size=compactUpdate the high availability of an edge: enable/disable high availability of an edge:
nsxadmin -r edges -o nsx-update --property edge-id=edge-55 --property highavailability=<True/False>
Orphaned Edges
List orphaned edges (exist on NSXv backend but don't have a corresponding binding in Neutron DB):
nsxadmin -r orphaned-edges -o listClean orphaned edges (delete edges from NSXv backend):
nsxadmin -r orphaned-edges -o clean
Missing Edges
List missing edges on NSX. This includes missing networks on those edges:
nsxadmin -r missing-edges -o list
Backup Edges
List backup edges:
nsxadmin -r backup-edges -o listDelete backup edge:
nsxadmin -r backup-edges -o clean --property edge-id=edge-9List Edge name mismatches between DB and backend, and backup edges that are missing from the backend:
nsxadmin -r backup-edges -o list-mismatchesFix Edge name mismatch between DB and backend by updating the name on the backend:
nsxadmin -r backup-edges -o fix-mismatch --property edge-id=edge-9
DHCP Bindings
List missing DHCP bindings: list dhcp edges that are missing from the NSXv backend:
nsxadmin -r dhcp-binding -o listUpdate DHCP bindings on an edge:
nsxadmin -r dhcp-binding -o nsx-update --property edge-id=edge-15
Networks
Ability to update or get the teaming policy for a DVS:
nsxadmin -r networks -o nsx-update --property dvs-id=<id> --property teamingpolicy=<policy>List backend networks and their network morefs:
nsxadmin -r networks -o list
Missing Networks
List networks which are missing from the backend:
nsxadmin -r missing-networks -o list
Orphaned Networks ~~~~~~~~~~~~~~~~
List networks which are missing from the neutron DB:
nsxadmin -r orphaned-networks -o listDelete a backend network by it's moref:
nsxadmin -r orphaned-networks -o nsx-clean --property moref=<moref>
Security Groups, Firewall and Spoofguard
Security groups. This adds support to list security-groups mappings and miss-matches between the mappings and backend resources as: firewall-sections and nsx-security-groups:
nsxadmin --resource security-groups --operation list nsxadmin -r nsx-security-groups -o {list, list-missmatches} nsxadmin -r firewall-sections -o {list, list-missmatches}Spoofguard support:
nsxadmin -r spoofguard-policy -o list-mismatches nsxadmin -r spoofguard-policy -o clean --property policy-id=spoofguardpolicy-10 nsxadmin -r spoofguard-policy -o list --property reverse (entries defined on NSXv and not in Neutron)
Metadata
Update loadbalancer members on router and DHCP edges:
nsxadmin -r metadata -o nsx-updateUpdate shared secret on router and DHCP edges:
nsxadmin -r metadata -o nsx-update-secret
NSXv3
The following resources are supported: 'security-groups', 'routers', 'networks', 'nsx-security-groups', 'dhcp-binding' and 'ports'.
Networks
List missing networks:
nsxadmin -r networks -o list-mismatches
Routers
List missing routers:
nsxadmin -r routers -o list-mismatches
Ports
List missing ports, and ports that exist on backend but without the expected switch profiles:
nsxadmin -r ports -o list-mismatches
Security Groups
List backed security groups:
nsx -r security-groups -o nsx-listList neutron DB security groups:
nsx -r security-groups -o neutron-listList both backend and neutron security groups:
nsx -r security-groups -o listCleanup NSX backend sections and nsgroups:
nsx -r security-groups -o nsx-cleanCleanup Neutron DB security groups:
nsx -r security-groups -o neutron-cleanCleanup both Neutron DB security groups and NSX backend sections and nsgroups:
nsx -r security-groups -o cleanUpdate NSX security groups dynamic criteria for NSXv3 CrossHairs:
nsx -r nsx-security-groups -o migrate-to-dynamic-criteria
DHCP Bindings
List DHCP bindings in Neutron:
nsxadmin -r dhcp-binding -o listResync DHCP bindings for NSXv3 CrossHairs:
nsxadmin -r dhcp-binding -o nsx-update