If edge_ha=True and ha_placement_random=True
The user can configure more than 2 edge_host_groups globally or
per availability zone.
In this case 2 of those will be randomly selected for each deployed edge.
Change-Id: Iaa673e5acf78ecdf8cbc942499cce70a2fe0546c
- Exclude some newly added NSX-v features from the api-replay
becasue those are not supported by the NSX-v3 plugin
- Add subnetpools support
- Fix errors handling
Change-Id: I3c75a85ba3a6538d5754db553f816cf818bf9f39
This patch allows guest vlan tagging with
VMware DVS which is required functionality for many
NFV functions.
Change-Id: I588617e6f87afb2397d37a330e656117209630de
The DVS manager code has it's own dvs_id although many of the apis should
use different dvs-ids in different cases.
This patch creates a separate class for a DVS manager with an assigned dvs-id
and keep the original class free of a specific dvs assignment, which is used by
the dvs plugin.
In addition it creates a vc-manager class to replace the old dvs manger.
this class inherits from different vc related classes: dvsManager, VMManager
and ClusterManager.
This way those apis can be consumed separately.
This patch also required some refactoring in the NSX-v qos code, as it did not
support different dvs-es correctly
Change-Id: Iab2159585795207d7a6236c34b91b860cb13cc7c
The host-group rules may conflicts with a NSX anti-affinity rule.
This may occur if there are 3 or less hosts in the cluster.
Change-Id: I5592b48e305a34e3609fcdbf3f5559fb0f1f0bea
There are cases when one may update edge_ha mode or change
hostgroups or want to rebalance things.
Here the admin should do the following:
1. Clean the host groups
2. Create all
For example:
nsxadmin -r edges -o nsx-update --property hostgroup=clean
nsxadmin -r edges -o nsx-update --property hostgroup=all
Change-Id: I4d4302f87e9c8dceaf16e960d0e5c705331088ca
The VC does not commit to returning values if data does not exist.
So we need to check prior if the actual values are set prior to
reading
Change-Id: I9d7d4a8420e2f1af1103b8fed27da14075745397
The patch improves the way in which we manage the host groups.
Instead of create a VM group for each active and standby edge we
create two global VM groups. Similarly for the rules. New edge VMS
will be added to VM group.
The improves the management on the VC side. A few additional
enhancements have been made:
1. callbacks will each have their own _dvs object. This is due to
issues with multiple workers
2. no need to do explicit deletion. The edge deletion will delet the
backing VM. The VC will remove the VM from the VM group
3. The addition/creation of the VM group is done atomically.
4. Validations for host_groups are done at init
5. Validations are done with admin utility for existing VMs
6. VM groups created at init
Co-Authored-By: Vishal Agarwal <vishala@vmware.com>
Change-Id: Ib8e8744f858b15da04f57087c8eec92ec1a9bb98
The code adds support for host_groups. This allows the plugin
to place the edge VMs host_groups to provide HA.
In order to get the fire cell anti affinity, we do the following:
1. Admin out of band: create two ‘Virtual machine to Hosts’ rules.
These are listed in the host_groups parameter(s)
a. HOST-GROUP-A – all hosts in fire cell A
b. HOST-GROUP-B – all hosts in fire cell B
2. The plugin does the following:
a. Create 2 VM groups (each one will be a placeholder for the edges).
The VM group name is of the following format:
'neutron-group-%s-%s' % (edge_id, index)
b. Create 2 VM/Host rules. This will contain the VM group from above
The Host group name is of the following format:
'neutron-rule-%s-%s' % (edge_id, index)
c. Plugin deletes above when the edges are deleted.
An admin utility method has been added that configures the host groups:
nsxadmin -o nsx-update -r edges -p edge-id=edge-55 --property hostgroup=True|False
Depends-On: I494a1d19341f30f22803a3fe6baf020a67ad6b08
Change-Id: I9bf3c280c37c02081c11ac8abacc424db6cac09f
When the portgroup teaming policy is updated, the current DVS of
the portgroup should be used, instead of the default one.
Change-Id: Id78542650f58627313050c427543f33417f7c43c
Adding a description & qualifier rule to the backend DSCP rule
This affects the view of the rule in vsphere and the possibility
to edit it manually in vsphere.
Change-Id: I1dde630e8130fc347c7aa7aa26d812a9c635b7ea
openstack QoS direction should be egress from the VMs point of view
On the NSX, the point of view is of the vswitch, so it should be incoming
Change-Id: Ib8c7974a2034b47ad4911c91298c0f64d8253f8b
After using api_replay to migrate the neutron data from NSX-V to NSX-T
we need to update the VM ports to use OpaqueNetwork instead of
DistributedVirtualPortgroup
Usage: nsxadmin -r ports -o nsx-migrate-v-v3
Output example:
Detaching old interface from VM ad02211d-25a1-4e0b-ab6e-ffee48c77077
Updated VM moref vm-59 spec - detached an interface
Attaching new interface to VM ad02211d-25a1-4e0b-ab6e-ffee48c77077
Updated VM moref vm-59 spec - attached an interface
Change-Id: Ie6b4c929257be9bed9701c9c2073a0e65cab9839
With suds, there is no attribute 'name' on the
managed object reference. The attributes of dvportgroup
has to be fetched separately.
Change-Id: I78368974a1fcded5179377e7413fd24868c3db75
For the nsxv plugin when using the dvs features, we should not
repeat the dvs name information unless required, as the dvs moref
may be set as part of the nsxv configuration. And if the dvs moref
is set in the nsxv configuration then, we should use that to
initialize DvsManager.
Change-Id: Ibd81190aa91f255237c76f93e0fc15ab2659d6c7
NSX-v plugin has support for provider network type 'portgroup'.
This patch adds support for portgroup type binding in DVS plugin.
Creating a portgroup type network refers to an existing dvportgroup
in vSphere. Deleting this network would not delete the dvportgroup
similar to NSX-v plugin.
This functionality is required to import VMs on vSphere
connected to an existing dvportgroup.
Change-Id: I6fd1f3efdd258b5d4d5042d0f76d0a4b52cd69ee
When a compute port with a device-id has no port security, we should
add the device to the nsx exclude list, so the spoof guard will not block it
When the first port with no security is attached to a device, it will be added
to the exclude list. When the last port is detached from the device (or deleted),
the device will be removed from the exclude list
Managing the exclude list is done by retrieving the vm moref from the DVS,
and adding this moref to the exclude list api.
In addition we now allow creating a port without port security, even if the
on the network port security is enabled.
This feature depends on 3 NSXV configuration flags:
spoofguard_enabled=True
use_dvs_features=True
use_exclude_list=True (new flag, True by default)
DocImpact:New configuration flag for this feature use_exclude_list
(True by default)
Change-Id: I3c93c78f8ceca131ee319237d99a90282ab65a3a
Adding support for the QoS DSCP marking rules for networks, and creating
a matching filter policy on the dvs
Change-Id: I56418ddd9ebbbed9576d41e8fd915b5b8c570283
Add support for the qos service in NSX|V, including:
- Attach/Detach qos policy to a new or updated network
- Allow qos configuration on a backend network only,
and only if use_dvs_features is True
- Update the bw limitations on the edge through the dvs
- Update the networks bw limitations when a policy or rule changes
through the QoS notification driver
Change-Id: Icee25b59e8e0f3c1c093077b631250a908e127c1
This patch fixes the pep8 job which was failing with:
N341 _ from python builtins module is used. Use _ from vmware_nsx._i18n instead
Change-Id: I5be1646d6505dd3b2383abb28234f3ab612549a6
Commit 87a79256c494c36f2d9597313f430b24c0110161 added neutron_lib
for shared exceptions. This patch moves us to make use of the
aforementioned library.
Change-Id: I9fe014c5da85faca87bf88a80c4ee19f7f123123
Newly introduced in oslo.config is the PortOpt which is a subclass
of IntOpt with the min=1 and max=65535.
Change-Id: Ib6a95d738f8604497752daf1f646201ce7d99c30