29 Commits

Author SHA1 Message Date
Adit Sarfaty
35d13ead0f NSX|v: Support more than 2 hostgroups
If edge_ha=True and ha_placement_random=True
The user can configure more than 2 edge_host_groups globally or
per availability zone.
In this case 2 of those will be randomly selected for each deployed edge.

Change-Id: Iaa673e5acf78ecdf8cbc942499cce70a2fe0546c
2017-05-01 04:19:06 +00:00
Gary Kotton
6228a06399 Drop log translations
Log messages are no longer being translated. This removes all use of
the _LE, _LI, and _LW translation markers to simplify logging and to
avoid confusion with new contributions.

See:
http://lists.openstack.org/pipermail/openstack-i18n/2016-November/002574.html
http://lists.openstack.org/pipermail/openstack-dev/2017-March/113365.html

Change-Id: I9d37ae28a3fecbe910e60dc7f22e229a7b65940c
2017-03-26 05:09:02 -07:00
Adit Sarfaty
43ec4919cf Update api-replay for nsx-v->nsx-v3 migration
- Exclude some newly added NSX-v features from the api-replay
  becasue those are not supported by the NSX-v3 plugin
- Add subnetpools support
- Fix errors handling

Change-Id: I3c75a85ba3a6538d5754db553f816cf818bf9f39
2017-03-14 19:29:37 +02:00
Gary Kotton
a856341b73 NSX|V: add support for VLAN trunk with VLAN network
Completes the VLAN trunk support

Change-Id: Ied8a299428486938d2006badf572c1308ccf1269
2017-02-24 07:38:04 -08:00
Giridhar Jayavelu
cc2dfe2aa4 [dvs] Enable vlan-transparent extension
This patch allows guest vlan tagging with
VMware DVS which is required functionality for many
NFV functions.

Change-Id: I588617e6f87afb2397d37a330e656117209630de
2017-02-22 19:00:19 -08:00
Adit Sarfaty
d9545e0e75 Refactor DvsManager code
The DVS manager code has it's own dvs_id although many of the apis should
use different dvs-ids in different cases.
This patch creates a separate class for a DVS manager with an assigned dvs-id
and keep the original class free of a specific dvs assignment, which is used by
the dvs plugin.

In addition it creates a vc-manager class to replace the old dvs manger.
this class inherits from different vc related classes: dvsManager, VMManager
and ClusterManager.
This way those apis can be consumed separately.

This patch also required some refactoring in the NSX-v qos code, as it did not
support different dvs-es correctly

Change-Id: Iab2159585795207d7a6236c34b91b860cb13cc7c
2017-02-19 09:21:38 +02:00
Gary Kotton
4c9b717e9a NSX|V: ensure that the DRS is 'should' and not 'must'
The host-group rules may conflicts with a NSX anti-affinity rule.
This may occur if there are 3 or less hosts in the cluster.

Change-Id: I5592b48e305a34e3609fcdbf3f5559fb0f1f0bea
2017-02-17 00:02:33 +02:00
Gary Kotton
54682e5ca1 NSX|V: add in a cleanup method for host-groups
There are cases when one may update edge_ha mode or change
hostgroups or want to rebalance things.

Here the admin should do the following:

1. Clean the host groups
2. Create all

For example:
nsxadmin -r edges -o nsx-update --property hostgroup=clean
nsxadmin -r edges -o nsx-update --property hostgroup=all

Change-Id: I4d4302f87e9c8dceaf16e960d0e5c705331088ca
2017-02-16 03:49:33 +02:00
Gary Kotton
102a2c0347 NSX|V: validate that entries exist
The VC does not commit to returning values if data does not exist.
So we need to check prior if the actual values are set prior to
reading

Change-Id: I9d7d4a8420e2f1af1103b8fed27da14075745397
2017-02-16 02:32:22 +02:00
Gary Kotton
da7bf965fa NSX|V: improve host group management
The patch improves the way in which we manage the host groups.
Instead of create a VM group for each active and standby edge we
create two global VM groups. Similarly for the rules. New edge VMS
will be added to VM group.

The improves the management on the VC side. A few additional
enhancements have been made:
1. callbacks will each have their own _dvs object. This is due to
issues with multiple workers
2. no need to do explicit deletion. The edge deletion will delet the
backing VM. The VC will remove the VM from the VM group
3. The addition/creation of the VM group is done atomically.
4. Validations for host_groups are done at init
5. Validations are done with admin utility for existing VMs
6. VM groups created at init

Co-Authored-By: Vishal Agarwal <vishala@vmware.com>

Change-Id: Ib8e8744f858b15da04f57087c8eec92ec1a9bb98
2017-02-15 02:36:05 -08:00
Gary Kotton
338d47e058 NSX|V: add support for host groups for DRS HA
The code adds support for host_groups. This allows the plugin
to place the edge VMs host_groups to provide HA.

In order to get the fire cell anti affinity, we do the following:

1. Admin out of band: create two ‘Virtual machine to Hosts’ rules.
    These are listed in the host_groups parameter(s)
    a. HOST-GROUP-A – all hosts in fire cell A
    b. HOST-GROUP-B – all hosts in fire cell B
2. The plugin does the following:
    a. Create 2 VM groups (each one will be a placeholder for the edges).
    The VM group name is of the following format:
    'neutron-group-%s-%s' % (edge_id, index)
    b. Create 2 VM/Host rules. This will contain the VM group from above
    The Host group name is of the following format:
    'neutron-rule-%s-%s' % (edge_id, index)
    c. Plugin deletes above when the edges are deleted.

An admin utility method has been added that configures the host groups:
nsxadmin -o nsx-update -r edges -p edge-id=edge-55 --property hostgroup=True|False

Depends-On: I494a1d19341f30f22803a3fe6baf020a67ad6b08
Change-Id: I9bf3c280c37c02081c11ac8abacc424db6cac09f
2017-02-12 05:51:50 -08:00
Adit Sarfaty
d81f2f51a5 NSXv| Use the current DVS when creating a teaming policy
When the portgroup teaming policy is updated, the current DVS of
the portgroup should be used, instead of the default one.

Change-Id: Id78542650f58627313050c427543f33417f7c43c
2017-01-30 12:16:23 +02:00
Gary Kotton
456c21fd9a NSX|V: set teaming standby ports
In the event that the active teaming port fails then we will enable
the stanby ports.

Change-Id: If85711b2fae916559c8e1c62a82ed91f8a7e29d4
2017-01-11 04:03:50 -08:00
Gary Kotton
4eaf21c977 NSX|V: ensure correct teaming for port groups
Ensures that port groups created for VLAN's and edges have the
correct teaming policies.

Change-Id: Ie1adfdb216fe8745d0347deba1bb9701a51e6fe3
2016-11-21 06:38:49 -08:00
Adit Sarfaty
a4c8dd570b NSX|v QoS fix DSCP rule creation
Adding a description & qualifier rule to the backend DSCP rule
This affects the view of the rule in vsphere and the possibility
to edit it manually in vsphere.

Change-Id: I1dde630e8130fc347c7aa7aa26d812a9c635b7ea
2016-11-02 11:33:26 +02:00
Adit Sarfaty
213d9ed402 NSX|V QoS fix shaping direction
openstack QoS direction should be egress from the VMs point of view
On the NSX, the point of view is of the vswitch, so it should be incoming

Change-Id: Ib8c7974a2034b47ad4911c91298c0f64d8253f8b
2016-11-02 11:27:16 +02:00
Adit Sarfaty
353be39d92 [Admin-Utils] NSX-V3 upgrade vm ports after migration
After using api_replay to migrate the neutron data from NSX-V to NSX-T
we need to update the VM ports to use OpaqueNetwork instead of
DistributedVirtualPortgroup

Usage: nsxadmin -r ports -o nsx-migrate-v-v3

Output example:
Detaching old interface from VM ad02211d-25a1-4e0b-ab6e-ffee48c77077
Updated VM moref vm-59 spec - detached an interface
Attaching new interface to VM ad02211d-25a1-4e0b-ab6e-ffee48c77077
Updated VM moref vm-59 spec - attached an interface

Change-Id: Ie6b4c929257be9bed9701c9c2073a0e65cab9839
2016-08-29 15:31:46 +03:00
Giridhar Jayavelu
3a453dff48 Fix fetching dvportgroup name
With suds, there is no attribute 'name' on the
managed object reference. The attributes of dvportgroup
has to be fetched separately.

Change-Id: I78368974a1fcded5179377e7413fd24868c3db75
2016-08-25 22:55:28 -07:00
Sidharth Surana
5cbd2831fb Make it possible for DvsManager to manage its own DVS
For the nsxv plugin when using the dvs features, we should not
repeat the dvs name information unless required, as the dvs moref
may be set as part of the nsxv configuration. And if the dvs moref
is set in the nsxv configuration then, we should use that to
initialize DvsManager.

Change-Id: Ibd81190aa91f255237c76f93e0fc15ab2659d6c7
2016-08-16 12:11:07 -07:00
Giridhar Jayavelu
6d368cb55b [dvs] support 'portgroup' provider type
NSX-v plugin has support for provider network type 'portgroup'.
This patch adds support for portgroup type binding in DVS plugin.
Creating a portgroup type network refers to an existing dvportgroup
in vSphere. Deleting this network would not delete the dvportgroup
similar to NSX-v plugin.
This functionality is required to import VMs on vSphere
connected to an existing dvportgroup.

Change-Id: I6fd1f3efdd258b5d4d5042d0f76d0a4b52cd69ee
2016-06-28 00:05:39 -07:00
Adit Sarfaty
14dadb6e3b NSX|V add vm to exclude list when the port has no port security
When a compute port with a device-id has no port security, we should
add the device to the nsx exclude list, so the spoof guard will not block it

When the first port with no security is attached to a device, it will be added
to the exclude list. When the last port is detached from the device (or deleted),
the device will be removed from the exclude list

Managing the exclude list is done by retrieving the vm moref from the DVS,
and adding this moref to the exclude list api.

In addition we now allow creating a port without port security, even if the
on the network port security is enabled.

This feature depends on 3 NSXV configuration flags:
spoofguard_enabled=True
use_dvs_features=True
use_exclude_list=True (new flag, True by default)

DocImpact:New configuration flag for this feature use_exclude_list
(True by default)

Change-Id: I3c93c78f8ceca131ee319237d99a90282ab65a3a
2016-06-19 12:21:20 +00:00
Adit Sarfaty
6ebc74622a NSX|v QoS DSCP marking support
Adding support for the QoS DSCP marking rules for networks, and creating
a matching filter policy on the dvs

Change-Id: I56418ddd9ebbbed9576d41e8fd915b5b8c570283
2016-04-25 13:11:34 +03:00
Adit Sarfaty
24a84004ff NSX|V add qos support for networks
Add support for the qos service in NSX|V, including:
- Attach/Detach qos policy to a new or updated network
- Allow qos configuration on a backend network only,
  and only if use_dvs_features is True
- Update the bw limitations on the edge through the dvs
- Update the networks bw limitations when a policy or rule changes
  through the QoS notification driver

Change-Id: Icee25b59e8e0f3c1c093077b631250a908e127c1
2016-04-06 14:51:57 +03:00
Aaron Rosen
026a656893 fix failing pep8 job
This patch fixes the pep8 job which was failing with:
N341 _ from python builtins module is used. Use _ from vmware_nsx._i18n instead

Change-Id: I5be1646d6505dd3b2383abb28234f3ab612549a6
2016-04-01 10:34:13 -07:00
linb
41a4e118dd Fix cfg_group not found in dvs plugin
commit 61c19f3e9c9314811ea9695690391ef2a018ce6e uses cfg_group to find
corresponding plugin's metadata mode info. But it loses the cfg_group
defination on dvs plugin.

Co-Authored-by: Giridhar Jayavelu <gjayavelu@vmware.com>

Change-Id: Ice19b64d0bfcb663bd882923c35566a4916c06d5
2016-03-07 23:22:42 -08:00
Abhishek Raut
8c61877187 NSX: make use of neutron_lib exceptions
Commit 87a79256c494c36f2d9597313f430b24c0110161 added neutron_lib
for shared exceptions. This patch moves us to make use of the
aforementioned library.

Change-Id: I9fe014c5da85faca87bf88a80c4ee19f7f123123
2016-02-21 22:30:41 -08:00
Gary Kotton
4afa13c3c4 Switch to internal _i18n pattern, as per oslo_i18n guidelines
- Guidelines referenced from:
  http://docs.openstack.org/developer/oslo.i18n/usage.html

Change-Id: I938919958525b2db0c8a517b951a23f974a7762e
2015-12-02 06:59:23 -08:00
Eric Brown
d47ea9da12 Use PortOpt instead of min/max on IntOpt
Newly introduced in oslo.config is the PortOpt which is a subclass
of IntOpt with the min=1 and max=65535.

Change-Id: Ib6a95d738f8604497752daf1f646201ce7d99c30
2015-11-03 14:20:15 -08:00
Shih-Hao Li
d8eeda9baf Move vmware_nsx/neutron/plugins/vmware to vmware_nsx
This is part of new vmware_nsx directory structure proposed in
https://goo.gl/GdWXyH.

Change-Id: I60d6ef62eb724df71dfda90137e00f107e220971
2015-09-14 18:51:57 -07:00