2611 Commits

Author SHA1 Message Date
Boden R
c35d717a88 use external net api def from lib
The external network extension's API definition was rehomed into
neutron-lib with I9933b91d1e82db3891b3b72f06e94316e56a4f15. This patch
consumes it, switch over to neutron-lib's modules in prep for
I696b52265b9528082cd2524f05febe2338376488

Change-Id: I338af67ad05827d6a770bebe0600e9d08e37afae
2017-10-22 08:50:21 -06:00
Zuul
fb9f324039 Merge "NSX|V: Fix vcns timeout exception" 2017-10-19 21:48:30 +00:00
Zuul
bcfee7c122 Merge "NSX|V add more details to vcns debug logs" 2017-10-19 08:31:43 +00:00
Adit Sarfaty
dc8290a195 NSX|V add more details to vcns debug logs
Adding the method and uri called to the reply log to help us
filter the results

Change-Id: I8aeb7c1f8e07320c20c34787890f0f3c6a7008b0
2017-10-18 18:38:38 +03:00
Adit Sarfaty
de1de539fb NSX|V: Fix vcns timeout exception
Using a dedicated timeout exception for vcns calls timeout
The exception used before was logged as 'unprintable' since it didn't
include the relevant parameters

Change-Id: I706f3819ecaa180752e7c1926f7ec63510962f3a
2017-10-17 20:17:01 +00:00
Zuul
14399bdf0b Merge "NSX|V fix exclude list counting" 2017-10-17 16:29:21 +00:00
Zuul
df834c9980 Merge "NSX|V Do not share edges between tenants" 2017-10-17 15:33:36 +00:00
Zuul
354b39dc8f Merge "NSX|V3: ensure that DHCP profile is not created for ENS port" 2017-10-16 23:24:51 +00:00
Zuul
ae73677ccd Merge "NSXv3: Update router advertise_lb_vip" 2017-10-16 22:09:21 +00:00
Adit Sarfaty
5d934b23fd NSX|V Do not share edges between tenants
Adding a configuration option to prevent DHCP/Router edges sharing between
different tenants.
Also adding admin utilities for upgrade - redistribute the dhcp edges and
router edges if the configuration changed:
nsxadmin -r dhcp-binding -o nsx-redistribute
nsxadmin -r routers -o nsx-redistribute

Change-Id: I0d669c60413172a94ea5fc0beba0035df72c62ac
2017-10-17 00:09:47 +03:00
Adit Sarfaty
479e76c1f5 NSX|V fix exclude list counting
When adding/removing a port to the exclude list, we check if there
are other ports of the same device there.
this test was done is a wrong way expecting the device owner to be
'compute:none', instead of starting with 'compute'

Change-Id: I5c6ed8f3c5cf0d4ebb63e1a9ec36614fa4c4f15b
2017-10-16 19:17:42 +03:00
Gary Kotton
4be174ea26 NSX|V3: ensure that DHCP profile is not created for ENS port
Unable to create a DHCP switch profile for a ENS port

Change-Id: Ia9de30d4651b11ebdfb1be4a8499f18ad24cae73
2017-10-16 15:30:39 +00:00
Kobi Samoray
b2b29416b3 NSXv: Recover from LBaaSv2 HM inconsistency
Neutron LBaaSv2 should be able to delete a healthmonitor even when
NSX is inconsistent with Neutron DB.

Change-Id: I62c0b34e68dbc4415cc679d30a9316a55525437d
2017-10-16 12:43:28 +03:00
Jenkins
4e5550d198 Merge "NSX|V3: Disallow port-security on port/net on ENS TZ" 2017-10-14 16:01:08 +00:00
Adit Sarfaty
530df9b2c0 NSX|v: fix broken unittests
Commit I5ea01a24b4327a6aba0d6270bc5278324972871c added a new unittest
which the md proxy tests cannot support due to having additional
subnets configured.
This patch will skip the new test.

Change-Id: Ib02758fc824e6c397f833481ca02ba559b3b2164
2017-10-14 09:18:19 +03:00
Tong Liu
fe61c6f7c7 NSXv3: Update router advertise_lb_vip
If there is any lb service attach to the router, LB VIP needs to
be advertised on the router. Enable advertise_lb_vip flag when
lb service is attached to the rouer. Disable the flag when lb
service is deleted and detached from the router.

Change-Id: If291d5e9e52959ea0eaf4f75dd6c6505a4f48562
2017-10-13 11:31:39 -07:00
Adit Sarfaty
bc5ceb6ac8 NSX|V3: Disallow port-security on port/net on ENS TZ
Raise an exception if a port or a network creation/update enables
port security on an ENS transport zone.

Change-Id: Ifbffec35c321d1ccf8c1aa00b4b3ed33140fb218
2017-10-10 14:49:11 +00:00
Jenkins
c8b940ce3c Merge "NSX|V3: allow VLAN router interfaces if nsx supports it" 2017-10-06 06:45:44 +00:00
Jenkins
8f7af6f42e Merge "NSX|V3: nsx-provider network bugs fixing" 2017-10-06 06:34:50 +00:00
Jenkins
57b1ca6d64 Merge "NSX|V3: Add DHCP relay firewall rules" 2017-10-05 07:56:09 +00:00
Adit Sarfaty
3642c34436 NSX|V3: allow VLAN router interfaces if nsx supports it
Change-Id: I0f102d84383de25663f055eb192a96f603615ca3
2017-10-05 07:21:48 +00:00
Jenkins
ab048f384c Merge "NSX|V3 refactor fwaas to support plugin rules" 2017-10-04 22:15:39 +00:00
Adit Sarfaty
96c1e57a7f NSX|V3: Add DHCP relay firewall rules
When FWaaS v1 or v2 are used, there is a need to add FW rules
to allow the dhcp traffic to the relay server.
Those rules are added to the firewall before the default deny rule.
In case of FWaaS v2 - for each port separately.
The admin utility handling a change in the DHCP relay configuration
will now update the rules as well.

Change-Id: I30e666085fe5cdf17d48984518c73f79bf8cdf55
2017-10-04 18:19:35 +00:00
Adit Sarfaty
afdb9ea7ac NSX|V3 refactor fwaas to support plugin rules
For DHCP relay support, and possibly other features, there is a need to
add specific allow rules to the router firewall between the FWaas v1/v2
rules, and the default drop rule.
This patch set the structure to do that, without actually adding new rules.
In case of FWaaS v2 the additional rules are per router interface.

Change-Id: I63d754495f56ec9081d84dcea6fb688ee1c41dbd
2017-10-04 18:19:17 +00:00
Jenkins
e844e2204b Merge "NSXv3: Fix LB pool algorithm" 2017-10-04 11:12:59 +00:00
Tong Liu
178c59d65b NSXv3: Fix LB pool algorithm
Fix LBaaS pool algorithm to NSXv3 backend mapping based on platform
finalized load balancing algorithm naming.

Change-Id: I91c0b5c09c9bfaf34cd027049b8c2ba8d3efd5c4
2017-10-04 10:02:34 +00:00
Tong Liu
05dbe6be4e NSXv3: Change reponse code for L7 redirect and reject
Upstream only supports the following the following response code:
 - REDIRECT_TO_URL: 302
 - REJECT: 403
Change in driver to use these code only.

Also, this patch fixes LB HTTP phase for redirect based on nsxv3
platform enforcement.

Change-Id: I25d0e5e7165200f2f6c56bea848a0318560bca1b
2017-10-04 10:02:22 +00:00
Gary Kotton
54a809c4fa Fix typo
Change-Id: I4ffc65ce89ea0cd894ef28804e98f4291daddeca
2017-10-04 06:55:11 +03:00
Jenkins
68f843fe4f Merge "NSX|V raise error on mdproxy init" 2017-09-27 21:00:00 +00:00
Jenkins
b443bcbdf3 Merge "NSX|V: check md proxy handler exists before usage" 2017-09-27 20:59:53 +00:00
Jenkins
9ef0f469c0 Merge "NSXv3: Handle floating ip for loadbalancer VIP" 2017-09-27 15:20:24 +00:00
Jenkins
c1a7d0a60f Merge "NSX|V: do not build NAT rules for v6 networks" 2017-09-27 15:20:03 +00:00
Jenkins
45f3b1c85b Merge "NSX|V3 indentation & typo fixing in client certificate" 2017-09-27 15:19:55 +00:00
Jenkins
60d8086302 Merge "NSX|V3 make certificate unittests inherit from sql tests" 2017-09-27 15:19:48 +00:00
Adit Sarfaty
5d83af29c5 NSX|V Fix warning when disabling network port security
The warning log was missing the network id.

Change-Id: Ife34ae118873d59aba4d09726237961d21121213
2017-09-27 14:56:03 +03:00
Tong Liu
d462fc50e2 NSXv3: Handle floating ip for loadbalancer VIP
Currently NSXv3 has a limitation that it doesn't support FIP for
loadbalancer VIP. If user creates a floating ip for a port, we
will first check if this port belongs to loadbalancer. If so,
don't add SNAT/DNAT rules for this port.

Also added code to handle update/delete floating ip if the port
is a loadbalancer port.

Change-Id: Idea8aa9b381071678b00c238eba1f127b56968b1
2017-09-27 00:10:13 -07:00
Adit Sarfaty
561276f33d NSX|V3 indentation & typo fixing in client certificate
Change-Id: Ia624c545d0ec93349128bf36387d26d13dc9305f
2017-09-27 09:28:23 +03:00
Adit Sarfaty
22442f1728 NSX|V3 make certificate unittests inherit from sql tests
The client certificate unittests should inherit from SqlTestCase.
This may solve some errors we encountered in those tests recently.

Change-Id: If1f3c5bae58c5adc9fc8a78f6b2fded1bfd9294e
2017-09-27 09:26:43 +03:00
Adit Sarfaty
cd06cd21c4 NSX|V3: nsx-provider network bugs fixing
1. If the nsx-network is a vlan one, the plugin should not allow
attaching it to a router.
2. If the creation of the network fails, the plugin should try to delete
the dhcp port even though the logical switch will not be deleted,
just like it is done when delete-network is performed.
3. The neutron network id is initialized early if the network is to be
created on the nsx backend.
For nsx-network it is not the case, so the create_network method should
take the id from the neutron created-network instead of the net_data.

Change-Id: I9a31641c1838c3762241d2c668634f18d19b0adc
2017-09-26 09:29:15 +00:00
Jenkins
25a19ec04b Merge "NSX|V3 Add validations to DHCP relay" 2017-09-25 15:02:51 +00:00
Adit Sarfaty
f08cd2e31c NSX|V raise error on mdproxy init
When failing to create internal network or subnet, the mdproxy
handler should raise an error, or else it will fail when returning
None.

Change-Id: I09e7eb13d9c76f9f3faa6a7ef50d6d8432225bd2
2017-09-24 12:51:33 +03:00
Jenkins
b7f2389deb Merge "NSXv3: Change LB rule match type to REGEX" 2017-09-24 09:27:52 +00:00
Adit Sarfaty
ff0fc94abe NSX|V: check md proxy handler exists before usage
When something fails during the init_complete process, the plugins
md_proxy data is not fully initialized, so it is possible that even the default
handler was not set yet.
This patch ensures that the relevant md-proxy handler exists before using it.

Change-Id: I1db84c0abc30d8ea3d601f26b5b852a254a6036c
2017-09-24 11:42:43 +03:00
Jenkins
26bb6966c0 Merge "use common constants from lib" 2017-09-24 07:48:29 +00:00
Gary Kotton
57010acc3a NSX|V: do not build NAT rules for v6 networks
NSX does not support IPv6 NAT rules

Change-Id: I50d3ebc6c27cc0afeb7d148c941ad5fa1b365e49
2017-09-24 00:21:56 -07:00
Adit Sarfaty
8a9aac3917 NSX|V3 Add validations to DHCP relay
1. add relay service only if the subnet is with dhcp
2. do not add native dhcp if dhcp relay is configured for this subnet
3. do not allow router creation with dhcp relay and without IPAM
4. do not allow creation of VM port from a network with dhcp relay and
without a router.

Change-Id: I05fa71f69ded69ea58a4e4df0a1f20c963cb3fc5
2017-09-24 06:48:45 +00:00
Jenkins
5a8b1c0131 Merge "NSXv3: Fix loadbalancer stats exception" 2017-09-24 06:14:37 +00:00
Tong Liu
47b334b7b2 NSXv3: Change LB rule match type to REGEX
NSXv3 backend just changed lb rule match_type from PATTERN to
REGEX. Change in our vmware-nsx to refect that.

Change-Id: I72416b49a25d25179dccf97e238dea078eabdff0
2017-09-23 17:06:50 +00:00
Boden R
06bf8d1186 use common constants from lib
neutron-lib contains the neutron.common.constants.
This patch switches references over to use the lib version of them.

Change-Id: I0354c84bd85e20ff4ea7ba392bf9ebfc2e7ac70e
2017-09-22 15:55:08 -06:00
Tong Liu
c0ef8d8771 NSXv3: Fix loadbalancer stats exception
NSXv3 platform changed API of LB service statistics which results
in exception of LBaaS loadbalancer stats. This patch fixes stats
based on the latest platform change.

Note that multiple LBaaS loadbalancers may share the same LB service
on NSXv3 backend. Only statistics belong to this loadbalancer
should be returned.

Change-Id: I097b42d55b178d153f142aa7de3675655ec373fb
Closes-Bug: #1718062
2017-09-19 10:04:32 -07:00