38 Commits

Author SHA1 Message Date
Adit Sarfaty
4c17c10561 NSX|v3: Use nsxlib features list
Use nsxlib to check if a feature is available at hte current
backend version.

Change-Id: Iabe06f23a6d78c202f2854521565c1f4063cc174
Depends-on: I947d40fbfa574295982744ba06918894b2459fd9
2017-05-28 12:40:19 +03:00
Gary Kotton
11d3da3ef5 NSX|V3: fix issues with exclude list
In NSX 2.0.0 onwards we are able to make use of the tags
for the exclude list. Prior to this we need to make use of the
exclude list directly.

Co-Authored-By: Shih-Hao Li <shihli@vmware.com>

Change-Id: I31fec57ec7db7db5066c446251917720a043339e
2017-04-25 23:27:56 -07:00
Gary Kotton
6228a06399 Drop log translations
Log messages are no longer being translated. This removes all use of
the _LE, _LI, and _LW translation markers to simplify logging and to
avoid confusion with new contributions.

See:
http://lists.openstack.org/pipermail/openstack-i18n/2016-November/002574.html
http://lists.openstack.org/pipermail/openstack-dev/2017-March/113365.html

Change-Id: I9d37ae28a3fecbe910e60dc7f22e229a7b65940c
2017-03-26 05:09:02 -07:00
Gary Kotton
b23b3ae40d NSX|V: transparent support for virtualwires
Leverage the NSX VXLAN support for transparent VLANS. NOTE that the
feature needs the configuration variable cfg.CONF.vlan_transparent
to be set to True (this is in the neutron configuration file)

This is currently only supported with VXLAN backing networks.
This is supported from NSX 6.3 onwards.

Change-Id: I1fe9724b0618e4cc2565d500ea2eb6198e1945ed
2017-02-12 04:34:51 -08:00
Gary Kotton
3a65ce0ae0 NSX|V: fix validations for non-ascii characters
A non-ascii names will be ignored.

Change-Id: Ia7aa1b054f6b01111f7fb25f921a6e3469001395
2016-10-31 00:33:21 -07:00
Adit Sarfaty
028d6a8b68 Replace retrying with tenacity
We are replacing all usages of the retrying package with
tenacity with an end goal of removing the retrying package
from our requirements.

This patch also demonstrate how to use the new api to retry only for some
of the exception error codes

Change-Id: Ie1b082848ac6153d29af7779de914071dc8c1ba5
2016-10-02 08:40:37 +03:00
Adit Sarfaty
a7b5bfafcc nsxlib refactor continue
- separate nsxlib/v3 constants and utils from the common ones
- separate the nsxlib/v3 tests
- update the nsxlib tests to cover create_firewall_rules
- remove all of the DB calls from the nsxlib/v3
- merge security & dfw_api classes

To be done in future patches:
- Avoid using the nsx configuration values directly
- Improve nsxlib interface (as Aaron suggested in If2fe1e014b78703ff0a9cdff1e4e8d45f3a4a16d)

Change-Id: I43257f557ce1e98b4f64b8157d723cc84ea58c2b
2016-09-29 15:59:13 +03:00
Shih-Hao Li
cb2ffa5473 NSX|V3: ensure that octavia ports receive DHCP addresses
Change-Id: Ibca37f98e1dae95a37c31123c38b7cd13908c16a
2016-09-20 18:35:55 +00:00
Roey Chen
4d7b6a305c NSXv - Support provider security-groups
This patch implements the provider security-groups extension for NsxV
Neutron plugin.
For more details, please refer to the feature
change: I57b130437327b0bbe5cc0068695f226b76b4e2ba.

Change-Id: I0efa29893eff7d76ee69496210cda33f79742cfd
2016-08-12 07:14:49 +00:00
Boden R
28c14f567e Update gate logic
As bug 1568706 uncovered, we were using zuul-cloner
in our gate jobs; this was preventing our translation from
syncing.

After digging into this issue a number of changes in this
associated logic were found to not be in sync with neutron.
This patch updates out tox/tools logic to follow that of neutron.
In addition this patch fixes any pylint checks that were failing to
make pep8 pass.

IMPORTANT:
Please review closely, not only to the tools/tox updates but also
to the ignored pylint checks in the code. We only want to disable
checks where appropriate.

Change-Id: I6c5fee3ca3073ad079eac1636cc3b9ec45926a68
Closes-Bug: #1568706
2016-07-12 09:05:22 -06:00
Roey Chen
ddfb880d5a NSXv3: Support CH nsgroup membership using dynamic criteria tags
CH release adds new way to associate resources with nsgroups by
creating specific tags on the resources.
We would like to support this feature in the plugin for better performance.
This patch make use of this feature to associate logical-ports with nsgroups
(Neutron ports with security-groups), for every LP-NSGroup association,
a special tag will be added to the LP.
The plugin will use this NSX feature only when supported by the NSX
version, and given that the designated boolean config option is set to True.

Change-Id: I2a802bc314d98dba9ecc54191fcbd7330f183e12
2016-06-30 01:53:05 -07:00
Jenkins
30a4cf2d5f Merge "[dvs] support 'portgroup' provider type" 2016-06-30 04:13:44 +00:00
Adit Sarfaty
8e12e74538 NSX|V3 utility to identify CrossHairs version
Adding a commin utility to identify CrossHairs by the nsx version,
And use it where needed.

Change-Id: I5e0faa048765c8398267e3fdf8b9be4a9ea86475
2016-06-28 10:11:38 +03:00
Giridhar Jayavelu
6d368cb55b [dvs] support 'portgroup' provider type
NSX-v plugin has support for provider network type 'portgroup'.
This patch adds support for portgroup type binding in DVS plugin.
Creating a portgroup type network refers to an existing dvportgroup
in vSphere. Deleting this network would not delete the dvportgroup
similar to NSX-v plugin.
This functionality is required to import VMs on vSphere
connected to an existing dvportgroup.

Change-Id: I6fd1f3efdd258b5d4d5042d0f76d0a4b52cd69ee
2016-06-28 00:05:39 -07:00
Abhishek Raut
6080794f94 [NSXv3]: Refactor v3 L2 Gateway driver
Commit Ib56ee8bfd182c031e468c503acb0cd75daea8c40 refactored code
in L2 gateway base plugin. This patch makes appropriate changes
in NSX plugin and v3 driver.

Change-Id: I45d546e59e99d49d2a9b18258af94d90e91333ca
Partial-Bug: #1591413
2016-05-09 20:58:57 -07:00
Gary Kotton
0613e7773f Remove deprecated warnings for neutron_lib
neutron_lib should be used instead of the attributes and constants
imports. This patch moves to using neutron_lib. This removes all of
the deprecated warnings (there are still some from neutron and
l2gw - those are addressed in other patches).

Change-Id: I796d749c46a69107a1a484e8774c5d501fc4704f
2016-05-11 19:26:04 -07:00
Gary Kotton
9089b5bc8d NSX: do not block init with security group logging configuration
Ensure that service is not blocked when updating the security group
logging configuration

Change-Id: I76eeeb351a9a7dfb8ded5aa47ae4f29d91fa3939
2016-04-03 01:44:44 -07:00
Abhishek Raut
8c61877187 NSX: make use of neutron_lib exceptions
Commit 87a79256c494c36f2d9597313f430b24c0110161 added neutron_lib
for shared exceptions. This patch moves us to make use of the
aforementioned library.

Change-Id: I9fe014c5da85faca87bf88a80c4ee19f7f123123
2016-02-21 22:30:41 -08:00
Boden R
a59c9c4d0e Address pair validation for NSX v3 plugin
NSX v3 does not support CIDR notated IP addresses for
port IP address bindings; thus something like
9.10.11.12/24 is an invalid IP address to use for an address
pair. This patch adds a check to ensure IP address are
of the proper format.

Additionally this patch adds logic to the port update
flow in the case where a backend error occurs on port
update. The logic contained herein now reverts the
address pairs to ensure they are in sync with neutron.

Unit tests are also included.

Change-Id: Ia0c9187b1f6e304690e1a56e94c47fe069179645
Closes-Bug: #1531558
2016-01-14 10:31:51 -07:00
Gary Kotton
6eccbe5ec7 NSX|V3: fix the router tags for uuid
Ensure that the instance UUID and router UUID are
correctly used.

In addition this also change the router port name to have only
one separating _ and not 2.

Closes-bug: #1531507

Change-Id: I73f76b3a86865b99deb8f7b26fce42983bcb7293
2016-01-13 02:59:55 -08:00
Gary Kotton
4e545c615c NSX|V3: add tag for instance id if possible
When a port is created, for example via nova, the port will contain
the device id. In this case lets add a tag that will help identify
the instance.

Closes-bug: #1530629

Change-Id: I75bd24d4cb3a42e0d4fad00fc9bec05c08b2ccbf
2016-01-05 01:54:57 -08:00
Gary Kotton
ce351637ed NSX|V3: ensure that tag length does not exceed 40 characters
This is alimitation on the backend platforms.

Change-Id: Ic26525a4eca8114d31abe484a1c2c4075889e675
Closes-bug: #1530058
2015-12-30 00:51:09 -08:00
Jenkins
cf31578ac9 Merge "NSX|V3: Rename logical port with router attachment" 2015-12-29 05:17:39 +00:00
Roey Chen
a3d48dc5e6 Ignore NS-Groups that have no "tags"
The NSX plugin adds "tags" for each NS-Group it creates and should
ignore such NS-Groups which doesn't contain tags at all.

Change-Id: I749b0c28a13c771e8778353cbf63ead567b68f1b
Closes-Bug: #1529463
2015-12-27 02:58:02 -08:00
Shih-Hao Li
c3f5e4e95d NSX|V3: Rename logical port with router attachment
Rename logical port with router attachment from <NSX-UUID> to
<OS-Router-Name>_Port_<short-OS-Router-Port-UUID>.

Change-Id: I5f700e008afb9135a052937e6b29329032f34c15
2015-12-25 06:59:38 -08:00
Gary Kotton
b8f6034bd8 NSX|V3: fix short-name notation
Backend platform now supports '.'. So lets move to that format!

Change-Id: I746c80e7303e6a34c72c230329a0b78b612079b1
2015-12-23 07:45:38 -08:00
Roey Chen
052baa8c34 NSX|v3: Scaling security-groups by using multiple nested groups
For Neutron security-group integration we need to be able to configure some
default FW rules which will be enforced on all logical-ports (which are
associated with at least one SG), to achieve that, we place all security-group
objects in a nested NSGroup and apply the default rules on it.
The problem with this strategy is that the nested NSGroup has a
limited capacity and can't contain the expected number of security-group which
exists simultaneously.
To address this issue, we create multiple nested NSGroup (instead of one only)
and evenly distribute security-groups between them, rules in
the default section are applied on these nested groups.

Closes-Bug: #1522021
Change-Id: I78c59a0b58bce14e04f7517e0d0db32cd105ff74
2015-12-22 07:40:02 -08:00
Janet Yu
32d1b92f18 [NSXv3] Add tags to qos switching profile
Add resource type and project name tags to qos switching profile.
Make maximum length of resource type name a constant. Fix some typos.

Change-Id: Ibd793894ca65320fa5fcf49e5dfa1872f534b7fe
2015-12-19 00:40:39 -08:00
Janet Yu
4055680555 [NSXv3] Add os-project-name tag
Add a new tag for the name of the project (tenant) that owns the resource.

Change-Id: I3b554cc40bc10ce058c16d83a564d7d0b80d189e
2015-12-18 03:26:23 -08:00
Gary Kotton
0a88c5d7b0 NSX|V3: add in tag resource
Add in a resource type to the tags. This will enable the
admin to know what the correspoinding neutron resource is.

Th elength of the scope is also validate to not exceed 20.
That is the maximum length on the backend.

Closes-bug: #1527208

Change-Id: I3a9a8cac6e7e42a424717d58380b56d32ce5b4f6
2015-12-18 02:51:12 -08:00
Gary Kotton
ebb39ae938 NSX|V3: provide a unique name for the network on the backend
On the backend we would like the name to be:
name_<5bytesuuid>...<last5byttesuuid>

Problem is that the backend currently does not support ','.

So we will use '_' as a stop gap. This will enable us to be
able to differentiate between networks that have the same name.

Closes-bug: #1527155

Change-Id: I355801ffc2a1d94c2865f5990a74d5e41d7a69fb
2015-12-17 04:22:12 -08:00
Gary Kotton
aa1e1a7b3e NSX|V3: fix tags for internal resoucres
Ensure that internal resource created on the NSX do not have data
that is not relevant, for example tenant_id.

Change-Id: Ib5f32f55d87fe1a41e7aba4550294fbfb6e4d367
Closes-bug: #1527084
2015-12-17 00:42:57 -08:00
Janet Yu
b73715a36b Rename os-tid tag to os-project-id
Align name of tenant/project id tag with how it appears in Horizon and vCenter.

Change-Id: I5cf79b41e0830d22f8fab78c4e04f54a56b0bbe8
2015-12-10 16:13:17 -08:00
Janet Yu
40d5d98eda Rename neutron-id tag to os-neutron-id
Make name of Neutron id tag consistent with other OpenStack related tags.

Change-Id: I2fb6e715d40c3eeb370e42dfa8e4990308360b71
2015-12-08 21:25:07 -08:00
Gary Kotton
4afa13c3c4 Switch to internal _i18n pattern, as per oslo_i18n guidelines
- Guidelines referenced from:
  http://docs.openstack.org/developer/oslo.i18n/usage.html

Change-Id: I938919958525b2db0c8a517b951a23f974a7762e
2015-12-02 06:59:23 -08:00
Abhishek Raut
ea77b5f857 [NSXv] Add SSL support for metadata service in NSX-V plugin
Metadata service in the NSX-V plugin is handled by a Edge DHCP or
router VM. Currently the traffic between nova and the metadata service
is insecure. This patch adds the SSL support for metadata service
which will make the connection secure.

The certificate used for secure communication will be created on the
VC under the edge scope. If user does not supply the certificate and
private key for secure communication, a self signed certificate will be
generated in the backend. This self signed certificate will last for a
period of 10yrs.
A certifcate with the given details will be created in the backend if
such a configuration exists in nsx.ini
Appropriate config is pushed for the loadbalancer with the protocol set
to HTTPS if SSL is enabled for metadata service.

DocImpact

Change-Id: I5582cc1186ef4b8451f999b46e55bc2c684b1be3
2015-11-30 05:55:24 -08:00
Shih-Hao Li
346a0aa5df NSXv3: static route support
Change-Id: I7022e6eab687deea609c5e3ce17995cde3818017
2015-09-29 14:20:04 -07:00
Shih-Hao Li
d8eeda9baf Move vmware_nsx/neutron/plugins/vmware to vmware_nsx
This is part of new vmware_nsx directory structure proposed in
https://goo.gl/GdWXyH.

Change-Id: I60d6ef62eb724df71dfda90137e00f107e220971
2015-09-14 18:51:57 -07:00