12362 Commits

Author SHA1 Message Date
Adit Sarfaty
b1034df467 NSX|V: Validate DVS Id when creating flat/vlan network
Change-Id: Id56f27644271b103509a90a1a92145a1a1c69010
2018-09-20 11:46:51 +03:00
Michal Kelner Mishali
5724c77254 NSX|V3: Restrict update of LB port with fixed IP
Setting a fixed IP on the LB port should be avoided,
restricting and sending a message to the user.

Change-Id: I90567591e269b356af03d1abe854c08829e8d954
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2018-09-17 07:03:02 +00:00
Zuul
e2c939c2c0 Merge "NSX|V: Fix devstack cleanup for python 3" 2018-09-17 07:02:15 +00:00
Michal Kelner Mishali
a0bef7a6de NSX|V3: Fix bug in checking lbaas port dev-owner
Fix bug in checking for using allowed-address-pairs
on a LBAAS port

Change-Id: Ie4f80c3bea7c9e4779b979e41cbb8530ce91803c
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2018-09-16 10:10:21 +03:00
Adit Sarfaty
958b196601 NSX|V: Fix devstack cleanup for python 3
fix base 64 encodeing and integer casting for python3

Change-Id: I3c9bcc41ac1c18b4754465de0e95e42ea0825c81
2018-09-16 09:37:55 +03:00
Michal Kelner Mishali
8f39db15b8 NSX|V3: restrict allowed-address-pairs on LB port
allowed-address-pairs is not supported on LB port

Change-Id: I7588a14b94886e25354a900c4fc0b77cf5e03154
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2018-09-12 13:57:22 +03:00
Adit Sarfaty
3be8af0c37 NSX-Policy: Skeleton for the new NSX Policy plugin
Change-Id: Ia3195293270ceb3af1f14fa280de43019ca44b7f
2018-09-12 08:52:41 +03:00
Zuul
dcc3e697d1 Merge "NSX|V3: Refactor network & port validations" 2018-09-10 17:46:41 +00:00
Adit Sarfaty
7ebfb1062e NSX|V3: Refactor network & port validations
refactor the validation code for network & port create & update operations
and moce those to the common plugin code.
This will be used later by the policy plugin code.

Change-Id: Ia461851022a20f07cb50d05dc73cc37f48752164
2018-09-06 09:06:19 +03:00
Adit Sarfaty
cbbb24f638 NSX|V3: Fix returned network type is ddi check
Change-Id: I4c7849f620d0b8402aafbcdb976d6d7adb6a82e8
2018-09-06 09:04:06 +03:00
Zuul
48481fdd6d Merge "NSX|V3: Add support for 'direct' vnic types" 2018-09-05 16:16:17 +00:00
Zuul
a652994939 Merge "NSX|V3: read original subnet only once during update" 2018-09-04 06:57:47 +00:00
Adit Sarfaty
183aa01f84 NSX|V3: read original subnet only once during update
A small refactor to the subnet update code, in order to not reading
the original subnet twice.

Change-Id: Ib97a427ebfc6a8c5a251a3c55f47e9b4897f3d88
2018-09-02 08:08:22 +00:00
Zuul
e5a1acdf29 Merge "NSX|V3: Check specific exception when deleting dhcp port" 2018-09-02 07:52:41 +00:00
Zuul
f0a8363a4d Merge "NSX|V3 adminUtils: Use nsx plugin to get ports" 2018-08-30 11:14:12 +00:00
Adit Sarfaty
6e19bffb4e NSX|V3: Add support for 'direct' vnic types
The NSX|V3 will support a direct vnic types for VLAN/FLAT networks, without
portsecurity.
This this case the port VIF type will be DVS, and the network segmentation ID
will be added to the VIF details.

Change-Id: I4c40485c35c2804465240302023e667fc4642664
2018-08-30 07:37:37 +00:00
Adit Sarfaty
93ff4deb05 NSX|V3: Check specific exception when deleting dhcp port
When deleting a DHCP port while disabling subnet-dhcp, the plugin
should ignore the port deletion failure only if it was caused by port not founb

Change-Id: Ibbdf315cf0e23666ab58853de4fb7d26e71a21c6
2018-08-30 10:21:30 +03:00
Adit Sarfaty
ec9c7465bc NSX|V3 Validate rate-limit value in admin utilitiy
Change-Id: Id516e068cec06973fe670a2956d762b26ace7e6a
2018-08-30 09:14:12 +03:00
Zuul
494356cb1c Merge "NSX|V3: Fail on unsupported QoS rules" 2018-08-29 13:22:28 +00:00
Adit Sarfaty
bad230ba26 NSX|V3 adminUtils: Use nsx plugin to get ports
While lising the neutron ports to seach for mismatches, the NSX plugin
should be used so all the attributes are populated.

Change-Id: I2ffa8204d8c1c419b8c7b9066f5e7b29fb1bc71a
2018-08-28 09:33:46 +03:00
Zuul
9d99f0f06d Merge "NSX|V3: VPN connection status update" 2018-08-27 08:43:00 +00:00
Zuul
7b12570a7a Merge "NSX|V3 update port revision on update_port response" 2018-08-27 06:06:45 +00:00
Adit Sarfaty
5a52317eac NSX|V3: Fail on unsupported QoS rules
The NSX plugin does not support minimum BW rules.
This patch fails validation to prevent the creation of such rules.

Change-Id: I293dd5b6c659855bb939912370d72cdfd228a338
2018-08-26 12:07:54 +03:00
Zuul
18fac22e9f Merge "NSX|V3: LBaaS operating status support" 2018-08-26 08:34:46 +00:00
Adit Sarfaty
f9aa6bd805 NSX|V: Avoid updating the default section at init
During plugin init the default firewall section is created.
If it already exists, it will be updated, which causes race condition
in case of multiple controllers.
There is no need to update the default section during init, unless the
nsx.ini configuration changed, in which case admin utility should be used
to update the section: nsxadmin -r firewall-sections -o nsx-update

In addition, catch exceptions when creating the section, as there also might
be a race condition there.

Change-Id: I19b238a561af95e856d9dae32764ce4d484df767
2018-08-25 15:19:16 +00:00
Zuul
04bd9c0b55 Merge "NSX-V3| Fix port MAC learning flag handling" 2018-08-24 16:58:12 +00:00
Zuul
000f8f65c7 Merge "Update UPPER_CONSTRAINTS_FILE for stable/rocky" 2018-08-24 16:58:11 +00:00
Adit Sarfaty
18494b4c28 NSX|V3: Fix external LB member create
fixed_ip & router_id parameters were swapped, causing external network member
creation to fail.

Change-Id: I57e5bfa91e49ad22425e91ad61b9bff2563a81d0
2018-08-22 12:14:34 +00:00
Adit Sarfaty
772f1c78ea Update UPPER_CONSTRAINTS_FILE for stable/rocky
The new stable upper-constraints file is only available
after the openstack/requirements repository is branched.
This will happen around the RC1 timeframe.

Recheck and merge this change once the requirements
repository has been branched.

The CI system will work with this patch before the requirements
repository is branched because zuul configues the job to run
with a local copy of the file and defaults to the master branch.
However, accepting the patch will break the test configuration
on developers' local systems, so please wait until after the
requirements repository is branched to merge the patch.

Change-Id: I7ae697a8023c76ec352616b269150633acdea119
2018-08-22 09:39:59 +03:00
Zuul
7c539f664c Merge "NSX|V: Fix host groups for DRS HA for AZ" into stable/rocky 2018-08-21 07:37:24 +00:00
Adit Sarfaty
0d5d025acf NSX-V3| Fix port MAC learning flag handling
The MAC learning flag is saved in the DB and displayed only if it
was set by the user, or by the plugin (in case of ENS support).
If the value was unset - it is not added to the DB, and not displayed.

This patch fixes 2 issues with this logic:
1. Make sure False value is also saved in the DB
2. Make sure False value is also returned in show port command

Change-Id: Ifb167c192bf5001ac7415d32be5a382782a44708
2018-08-21 09:36:33 +03:00
Zuul
5c26bf99a2 Merge "NSX|V+V3 QoS rbac support" into stable/rocky 2018-08-21 06:10:05 +00:00
Adit Sarfaty
9b35b4cb6e NSX|V: Fix host groups for DRS HA for AZ
For the fire cell anti affinity to work as designed, there is a need to use different
groups & rules per host group, since those hostgroups can be different for differnet
availability zones

Change-Id: I092f5c228489a3a0d73f060380f1a1a6c526fb00
(cherry picked from commit cda47aa304121281920ec120e4d0cca9ae6ea657)
2018-08-21 05:09:53 +00:00
Zuul
783dc4edf7 Merge "NSX|V+V3 QoS rbac support" 2018-08-20 14:46:35 +00:00
Zuul
ade673bc58 Merge "NSX|V: Fix host groups for DRS HA for AZ" 2018-08-20 14:34:25 +00:00
Adit Sarfaty
e3f103f269 NSX|V3: VPN connection status update
The VPNaaS plugin expects the driver to update the connection status
from a separate process/thread/agent.
When the user requests a connection/list, the status is retrived from the VPNaaS DB,
without calling the driver.

To avoid adding a process to actively query and update all connections statuses, this
patch creates a new VPNaaS plugin, to be used instead of hte default one.
This plugin (vmware_nsx_vpnaas) will issue a get-statuses call to the driver,
update the current statuses in the DB, and call the original plugin.

Change-Id: Ib750bfb8f0c8ad12265fa71506182ff5d7e8030a
2018-08-20 14:21:24 +03:00
Adit Sarfaty
bb0ea37a57 NSX|V3: LBaaS operating status support
The LBaaS V2 plugin expects the driver to update the LB objects operating
status from a separate process/thread.
When the user requests the LB status (or just the LB object itself with GET),
the operating status is retrived from the LBaaS DB, without calling the driver.

To avoid adding a process to actively query and update all objects statuses,
this patch creates a new LBaaSV2 plugin, to be used instead of the default one.
This plugin (vmware_nsx_lbaasv2) will issue a get-statuses call to the driver,
update the current statuses in the DB, and call the original plugin.

Depends-on: I71a56b87144aad743795ad1295ec636b17429035
Change-Id: I3c4e75d92a1bacdb14292a8db727deb4923a85d9
2018-08-20 11:13:30 +00:00
Adit Sarfaty
246f01a8de NSX|V3 update port revision on update_port response
Change-Id: I0e8ea977b277fb0bc72e33dbdb0da62c02fa6c0e
2018-08-20 11:58:26 +03:00
Adit Sarfaty
94e773881c NSX|V Fix policy security group update
Updating the policy of the security group was not reflected in the DB

Change-Id: I83ce48404722df67daa00e3df703c6902a5ef84d
2018-08-19 08:50:44 +00:00
Adit Sarfaty
62bb92d4ef NSX|V Fix policy security group update
Updating the policy of the security group was not reflected in the DB

Change-Id: I83ce48404722df67daa00e3df703c6902a5ef84d
2018-08-19 11:47:06 +03:00
Adit Sarfaty
0eef1d664b NSX|V+V3 QoS rbac support
When the network or port has qos-poliy-id, the plugin needs to
validate this ID is real and accessable for this project.
Until now this was done only when setting the policy id in teh network/port
mapping table, which just ignored errors.
This patch adds the validation early in the create/update process.

Change-Id: If8ad0ce844cbf4706793a45f8698031b5eaf7e3d
2018-08-19 07:09:06 +00:00
Adit Sarfaty
03292930f5 NSX|V+V3 QoS rbac support
When the network or port has qos-poliy-id, the plugin needs to
validate this ID is real and accessable for this project.
Until now this was done only when setting the policy id in teh network/port
mapping table, which just ignored errors.
This patch adds the validation early in the create/update process.

Change-Id: If8ad0ce844cbf4706793a45f8698031b5eaf7e3d
2018-08-19 06:48:19 +00:00
Zuul
8c3d0efe0a Merge "NSX|V3 update port binding for callbacks notifications" into stable/rocky 2018-08-19 06:18:35 +00:00
Zuul
2e8c80eb0f Merge "NSX|V3 update port binding for callbacks notifications" 2018-08-19 06:18:27 +00:00
Zuul
81dc562d3e Merge "Devstack: Use the right python version in cleanup" 2018-08-17 21:32:03 +00:00
Zuul
19457094d5 Merge "NSX|V3: Add VPNaaS driver tests" 2018-08-16 13:32:49 +00:00
Adit Sarfaty
8d5632d0b9 Devstack: Use the right python version in cleanup
Change-Id: I498de68226789bb6c33df4caf51bec56c6335a45
2018-08-16 14:13:50 +03:00
Adit Sarfaty
cda47aa304 NSX|V: Fix host groups for DRS HA for AZ
For the fire cell anti affinity to work as designed, there is a need to use different
groups & rules per host group, since those hostgroups can be different for differnet
availability zones

Change-Id: I092f5c228489a3a0d73f060380f1a1a6c526fb00
2018-08-16 13:08:39 +03:00
inspurericzhang
fb3baeac73 fix misspelling 'configuration' of functions
Change-Id: I2038d9796c8f63e4fa6577d7bd9360cf97aa05c9
2018-08-15 16:16:11 +08:00
Adit Sarfaty
88cbf05d0e NSX|V3 update port binding for callbacks notifications
When updating a port, the original port used in notifications should
have the port binding fields, or else some services (like FWaaS)
might fail.

Change-Id: I3a0d66b2741504903c9df92fcdd8520765d73f9d
2018-08-15 07:21:56 +00:00