vmware-nsx/vmware_nsx/shell/resources.py
Salvatore Orlando f177d2923d [V2T] Helper admin utils for validation and N/S cutover
This patch adds an operation for the NSX-V and two operations for
the NSX-T plugin. The goal of these operation are:

- Find routers without any downlink. They cannot be migrated and
  should be removed before migration to NSX-T.
- Patch and restore Neutron routers without gateway. For N/S
  cutover, each router must have a T0 uplink or an SR. The 'fixup'
  operation ensures the NSX T1 routers for these neutron routers
  will have a T0 uplink. (They surely do not have a SR).
  The 'restore' operation returns T1 routers to their original state.

Change-Id: Iffd1a5e43e08fdc997a591829c87bcc0bb806c77
2021-11-25 14:56:32 -08:00

444 lines
21 KiB
Python

# Copyright 2015 VMware, Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import enum
import glob
import importlib
import os
from oslo_config import cfg
from oslo_log import log as logging
import requests
from vmware_nsx.common import config # noqa
from vmware_nsx.shell.admin.plugins.common import constants
# Suppress the Insecure request warning
requests.packages.urllib3.disable_warnings()
LOG = logging.getLogger(__name__)
class Operations(enum.Enum):
LIST = 'list'
SET = 'set'
CLEAN = 'clean'
CLEAN_ALL = 'clean-all'
CREATE = 'create'
DELETE = 'delete'
LIST_MISMATCHES = 'list-mismatches'
FIX_MISMATCH = 'fix-mismatch'
LIST_UNUSED = 'list-unused'
LIST_ORPHANED = 'list-orphaned'
CLEAN_ORPHANED = 'clean-orphaned'
NEUTRON_LIST = 'neutron-list'
NEUTRON_CLEAN = 'neutron-clean'
NEUTRON_UPDATE = 'neutron-update'
NSX_LIST = 'nsx-list'
NSX_CLEAN = 'nsx-clean'
NSX_UPDATE = 'nsx-update'
NSX_UPDATE_ALL = 'nsx-update-all'
NSX_UPDATE_SECRET = 'nsx-update-secret'
NSX_UPDATE_RULES = 'nsx-update-rules'
NSX_UPDATE_DHCP_RELAY = 'nsx-update-dhcp-relay'
NSX_UPDATE_STATE = 'nsx-update-state'
NSX_ENABLE_STANDBY_RELOCATION = 'nsx-enable-standby-relocation'
NSX_UPDATE_IP = 'nsx-update-ip'
NSX_UPDATE_TAGS = 'nsx-update-tags'
NSX_UPDATE_FW = 'nsx-update-fw'
NSX_RECREATE = 'nsx-recreate'
NSX_REDISTRIBUTE = 'nsx-redistribute'
NSX_REORDER = 'nsx-reorder'
NSX_DISCONNECT = 'nsx-disconnect'
NSX_RECONNECT = 'nsx-reconnect'
NSX_TAG_DEFAULT = 'nsx-tag-default'
NSX_MIGRATE_V_V3 = 'nsx-migrate-v-v3'
MIGRATE_TO_POLICY = 'migrate-to-policy'
LIST_POLICIES = 'list-policies'
UPDATE_LOGGING = 'update-logging'
NSX_MIGRATE_EXCLUDE_PORTS = 'migrate-exclude-ports'
MIGRATE_VDR_DHCP = 'migrate-vdr-dhcp'
STATUS = 'status'
GENERATE = 'generate'
IMPORT = 'import'
SHOW = 'show'
VALIDATE = 'validate'
REUSE = 'reuse'
UPDATE_TIER0 = 'update-tier0'
RECOVER_TIER0 = 'recover-tier0'
UPDATE_METADATA = 'update-metadata'
UPDATE_DHCP_EDGE = 'update-dhcp-profile-edge'
UPDATE_FIREWALL_MATCH = 'update-nat-firewall-match'
SET_STATUS_ERROR = 'set-status-error'
CHECK_COMPUTE_CLUSTERS = 'check-compute-clusters'
CUTOVER_MAPPINGS = 'mappings-for-edge-cutover'
LIST_RTR_NO_IFACE = 'list-routers-no-interfaces'
PATCH_RTR_NOGW = 'cutover-fixup-router-nogw'
RESTORE_RTR_NOGW = 'cutover-restore-router-nogw'
ops = [op.value for op in Operations]
class Resource(object):
def __init__(self, name, ops_obj):
self.name = name
self.supported_ops = ops_obj
# Add supported NSX-V3 resources in this dictionary
nsxv3_resources = {
constants.SECURITY_GROUPS: Resource(constants.SECURITY_GROUPS,
[Operations.LIST.value,
Operations.FIX_MISMATCH.value,
Operations.UPDATE_LOGGING.value]),
constants.FIREWALL_SECTIONS: Resource(constants.FIREWALL_SECTIONS,
[Operations.LIST.value,
Operations.LIST_MISMATCHES.value,
Operations.REUSE.value]),
constants.FIREWALL_NSX_GROUPS: Resource(
constants.FIREWALL_NSX_GROUPS, [
Operations.LIST.value,
Operations.LIST_MISMATCHES.value]),
constants.ORPHANED_FIREWALL_SECTIONS: Resource(
constants.ORPHANED_FIREWALL_SECTIONS, [
Operations.NSX_LIST.value,
Operations.NSX_CLEAN.value]),
constants.NETWORKS: Resource(constants.NETWORKS,
[Operations.LIST_MISMATCHES.value]),
constants.PORTS: Resource(constants.PORTS,
[Operations.LIST_MISMATCHES.value,
Operations.NSX_TAG_DEFAULT.value,
Operations.NSX_MIGRATE_V_V3.value,
Operations.NSX_MIGRATE_EXCLUDE_PORTS.value]),
constants.ROUTERS: Resource(
constants.ROUTERS, [
Operations.LIST_MISMATCHES.value,
Operations.NSX_UPDATE_RULES.value,
Operations.NSX_UPDATE_DHCP_RELAY.value,
Operations.NSX_ENABLE_STANDBY_RELOCATION.value,
Operations.UPDATE_TIER0.value,
Operations.RECOVER_TIER0.value]),
constants.DHCP_BINDING: Resource(constants.DHCP_BINDING,
[Operations.LIST.value,
Operations.NSX_RECREATE.value]),
constants.METADATA_PROXY: Resource(constants.METADATA_PROXY,
[Operations.LIST.value,
Operations.NSX_UPDATE_IP.value]),
constants.ORPHANED_DHCP_SERVERS: Resource(constants.ORPHANED_DHCP_SERVERS,
[Operations.NSX_LIST.value,
Operations.NSX_CLEAN.value]),
constants.CERTIFICATE: Resource(constants.CERTIFICATE,
[Operations.GENERATE.value,
Operations.SHOW.value,
Operations.CLEAN.value,
Operations.IMPORT.value,
Operations.NSX_LIST.value]),
constants.CONFIG: Resource(constants.CONFIG,
[Operations.VALIDATE.value]),
constants.ORPHANED_NETWORKS: Resource(constants.ORPHANED_NETWORKS,
[Operations.LIST.value,
Operations.NSX_CLEAN.value]),
constants.ORPHANED_ROUTERS: Resource(constants.ORPHANED_ROUTERS,
[Operations.LIST.value,
Operations.NSX_CLEAN.value]),
constants.LB_SERVICES: Resource(constants.LB_SERVICES,
[Operations.LIST.value,
Operations.LIST_ORPHANED.value,
Operations.CLEAN_ORPHANED.value]),
constants.LB_VIRTUAL_SERVERS: Resource(constants.LB_VIRTUAL_SERVERS,
[Operations.LIST.value]),
constants.LB_POOLS: Resource(constants.LB_POOLS,
[Operations.LIST.value]),
constants.LB_MONITORS: Resource(constants.LB_MONITORS,
[Operations.LIST.value]),
constants.RATE_LIMIT: Resource(constants.RATE_LIMIT,
[Operations.SHOW.value,
Operations.NSX_UPDATE.value]),
constants.LB_ADVERTISEMENT: Resource(constants.LB_ADVERTISEMENT,
[Operations.NSX_UPDATE.value]),
constants.CLUSTER: Resource(constants.CLUSTER,
[Operations.SHOW.value]),
constants.NSX_MIGRATE_T_P: Resource(constants.NSX_MIGRATE_T_P,
[Operations.IMPORT.value,
Operations.CLEAN_ALL.value,
Operations.VALIDATE.value]),
constants.LOADBALANCERS: Resource(constants.LOADBALANCERS,
[Operations.SET_STATUS_ERROR.value]),
}
# Add supported NSX-V resources in this dictionary
nsxv_resources = {
constants.EDGES: Resource(constants.EDGES,
[Operations.NSX_LIST.value,
Operations.NEUTRON_LIST.value,
Operations.NSX_UPDATE.value,
Operations.NSX_UPDATE_ALL.value,
Operations.NSX_DISCONNECT.value,
Operations.NSX_RECONNECT.value]),
constants.BACKUP_EDGES: Resource(constants.BACKUP_EDGES,
[Operations.LIST.value,
Operations.CLEAN.value,
Operations.CLEAN_ALL.value,
Operations.LIST_MISMATCHES.value,
Operations.FIX_MISMATCH.value,
Operations.NEUTRON_CLEAN.value]),
constants.ORPHANED_EDGES: Resource(constants.ORPHANED_EDGES,
[Operations.LIST.value,
Operations.CLEAN.value]),
constants.ORPHANED_BINDINGS: Resource(constants.ORPHANED_BINDINGS,
[Operations.LIST.value,
Operations.CLEAN.value]),
constants.MISSING_EDGES: Resource(constants.MISSING_EDGES,
[Operations.LIST.value]),
constants.SPOOFGUARD_POLICY: Resource(constants.SPOOFGUARD_POLICY,
[Operations.LIST.value,
Operations.CLEAN.value,
Operations.LIST_MISMATCHES.value,
Operations.FIX_MISMATCH.value]),
constants.DHCP_BINDING: Resource(constants.DHCP_BINDING,
[Operations.LIST.value,
Operations.NSX_UPDATE.value,
Operations.NSX_REDISTRIBUTE.value,
Operations.NSX_RECREATE.value]),
constants.NETWORKS: Resource(constants.NETWORKS,
[Operations.LIST.value,
Operations.NSX_UPDATE.value]),
constants.MISSING_NETWORKS: Resource(constants.MISSING_NETWORKS,
[Operations.LIST.value]),
constants.ORPHANED_NETWORKS: Resource(constants.ORPHANED_NETWORKS,
[Operations.LIST.value,
Operations.NSX_CLEAN.value]),
constants.NSX_PORTGROUPS: Resource(constants.NSX_PORTGROUPS,
[Operations.LIST.value,
Operations.NSX_CLEAN.value]),
constants.NSX_VIRTUALWIRES: Resource(constants.NSX_VIRTUALWIRES,
[Operations.LIST.value]),
constants.SECURITY_GROUPS: Resource(constants.SECURITY_GROUPS,
[Operations.LIST.value,
Operations.FIX_MISMATCH.value,
Operations.MIGRATE_TO_POLICY.value,
Operations.LIST_POLICIES.value,
Operations.UPDATE_LOGGING.value]),
constants.FIREWALL_NSX_GROUPS: Resource(
constants.FIREWALL_NSX_GROUPS, [Operations.LIST.value,
Operations.LIST_MISMATCHES.value]),
constants.FIREWALL_SECTIONS: Resource(constants.FIREWALL_SECTIONS,
[Operations.LIST.value,
Operations.LIST_MISMATCHES.value,
Operations.NSX_UPDATE.value,
Operations.NSX_REORDER.value,
Operations.LIST_UNUSED.value,
Operations.NSX_CLEAN.value]),
constants.ORPHANED_RULES: Resource(constants.ORPHANED_RULES,
[Operations.LIST.value,
Operations.NSX_CLEAN.value]),
constants.METADATA: Resource(
constants.METADATA, [Operations.NSX_UPDATE.value,
Operations.NSX_UPDATE_SECRET.value,
Operations.STATUS.value]),
constants.ROUTERS: Resource(constants.ROUTERS,
[Operations.NSX_RECREATE.value,
Operations.NSX_REDISTRIBUTE.value,
Operations.MIGRATE_VDR_DHCP.value,
Operations.NSX_UPDATE_FW.value]),
constants.ORPHANED_VNICS: Resource(constants.ORPHANED_VNICS,
[Operations.NSX_LIST.value,
Operations.NSX_CLEAN.value]),
constants.CONFIG: Resource(constants.CONFIG,
[Operations.VALIDATE.value,
Operations.CHECK_COMPUTE_CLUSTERS.value]),
constants.BGP_GW_EDGE: Resource(constants.BGP_GW_EDGE,
[Operations.CREATE.value,
Operations.DELETE.value,
Operations.LIST.value]),
constants.ROUTING_REDIS_RULE: Resource(constants.ROUTING_REDIS_RULE,
[Operations.CREATE.value,
Operations.DELETE.value]),
constants.BGP_NEIGHBOUR: Resource(constants.BGP_NEIGHBOUR,
[Operations.CREATE.value,
Operations.DELETE.value]),
constants.NSX_MIGRATE_V_T: Resource(constants.NSX_MIGRATE_V_T,
[Operations.VALIDATE.value,
Operations.CUTOVER_MAPPINGS.value,
Operations.LIST_RTR_NO_IFACE.value]),
constants.PORTS: Resource(constants.PORTS,
[Operations.LIST.value]),
constants.LOADBALANCERS: Resource(constants.LOADBALANCERS,
[Operations.SET_STATUS_ERROR.value]),
}
# Add supported NSX-TVD resources in this dictionary
nsxtvd_resources = {
constants.PROJECTS: Resource(constants.PROJECTS,
[Operations.IMPORT.value,
Operations.NSX_MIGRATE_V_V3.value]),
}
nsxp_resources = {
constants.SECURITY_GROUPS: Resource(constants.SECURITY_GROUPS,
[Operations.LIST.value]),
constants.NETWORKS: Resource(constants.NETWORKS,
[Operations.LIST.value,
Operations.NSX_UPDATE_STATE.value,
Operations.UPDATE_METADATA.value]),
constants.DHCP_BINDING: Resource(constants.DHCP_BINDING,
[Operations.MIGRATE_TO_POLICY.value,
Operations.UPDATE_DHCP_EDGE.value]),
constants.ROUTERS: Resource(constants.ROUTERS,
[Operations.LIST.value,
Operations.UPDATE_TIER0.value,
Operations.RECOVER_TIER0.value,
Operations.UPDATE_FIREWALL_MATCH.value]),
constants.LB_SERVICES: Resource(constants.LB_SERVICES,
[Operations.NSX_UPDATE_TAGS.value,
Operations.LIST_ORPHANED.value,
Operations.CLEAN_ORPHANED.value]),
constants.CERTIFICATE: Resource(constants.CERTIFICATE,
[Operations.GENERATE.value,
Operations.SHOW.value,
Operations.CLEAN.value,
Operations.IMPORT.value,
Operations.NSX_LIST.value]),
constants.SYSTEM: Resource(constants.SYSTEM,
[Operations.SET.value]),
constants.NSX_MIGRATE_T_P: Resource(constants.NSX_MIGRATE_T_P,
[Operations.CLEAN_ALL.value]),
constants.NSX_MIGRATE_V_T: Resource(constants.NSX_MIGRATE_V_T,
[Operations.CLEAN_ALL.value,
Operations.VALIDATE.value,
Operations.NSX_REDISTRIBUTE.value,
Operations.PATCH_RTR_NOGW.value,
Operations.RESTORE_RTR_NOGW.value]),
constants.LOADBALANCERS: Resource(constants.LOADBALANCERS,
[Operations.SET_STATUS_ERROR.value]),
}
nsxv3_resources_names = list(nsxv3_resources.keys())
nsxv_resources_names = list(nsxv_resources.keys())
nsxtvd_resources_names = list(nsxtvd_resources.keys())
nsxp_resources_names = list(nsxp_resources.keys())
def get_resources(plugin_dir):
modules = glob.glob(plugin_dir + "/*.py")
return map(lambda module: os.path.splitext(os.path.basename(module))[0],
modules)
def get_plugin():
plugin = cfg.CONF.core_plugin
plugin_name = ''
if plugin in (constants.NSXV3_PLUGIN, constants.VMWARE_NSXV3):
plugin_name = 'nsxv3'
elif plugin in (constants.NSXV_PLUGIN, constants.VMWARE_NSXV):
plugin_name = 'nsxv'
elif plugin in (constants.NSXTVD_PLUGIN, constants.VMWARE_NSXTVD):
plugin_name = 'nsxtvd'
elif plugin in (constants.NSXP_PLUGIN, constants.VMWARE_NSXP):
plugin_name = 'nsxp'
return plugin_name
def _get_choices():
plugin = get_plugin()
if plugin == 'nsxv3':
return nsxv3_resources_names
if plugin == 'nsxv':
return nsxv_resources_names
if plugin == 'nsxtvd':
return nsxtvd_resources_names
def _get_resources():
plugin = get_plugin()
if plugin == 'nsxv3':
return f"NSX-V3 resources: {(', '.join(nsxv3_resources_names))}"
if plugin == 'nsxv':
return f"NSX-V resources: {(', '.join(nsxv_resources_names))}"
if plugin == 'nsxtvd':
return f"NSX-TVD resources: {(', '.join(nsxtvd_resources_names))}"
cli_opts = [cfg.StrOpt('fmt',
short='f',
default='psql',
choices=['psql', 'json'],
help='Supported output formats: json, psql'),
cfg.StrOpt('resource',
short='r',
choices=_get_choices(),
help=_get_resources()),
cfg.StrOpt('operation',
short='o',
help=f"Supported list of operations:"
f" {(', '.join(ops))}"),
cfg.StrOpt('plugin',
help='nsxv or nsxv3 if the tvd plugin is used'),
cfg.BoolOpt('force',
default=False,
help='Enables \'force\' mode. No confirmations will '
'be made before deletions.'),
cfg.MultiStrOpt('property',
short='p',
help='Key-value pair containing the information '
'to be updated. For ex: key=value.'),
cfg.BoolOpt('verbose',
short='v',
default=False,
help='Triggers detailed output for some commands')
]
# Describe dependencies between admin utils resources and external libraries
# that are not always installed
resources_dependencies = {
'nsxv': {'gw_edges': ['neutron_dynamic_routing.extensions']}}
def verify_external_dependencies(plugin_name, resource):
if plugin_name in resources_dependencies:
deps = resources_dependencies[plugin_name]
if resource in deps:
for d in deps[resource]:
try:
importlib.import_module(d)
except ImportError:
return False
return True
def init_resource_plugin(plugin_name, plugin_dir):
plugin_resources = get_resources(plugin_dir)
for resource in plugin_resources:
if (resource != '__init__'):
# skip unsupported resources
if not verify_external_dependencies(plugin_name, resource):
LOG.info("Skipping resource %s because of dependencies",
resource)
continue
# load the resource
importlib.import_module(
f"vmware_nsx.shell.admin.plugins."
f"{plugin_name}.resources." + resource)
def get_plugin_dir(plugin_name):
plugin_dir = (os.path.dirname(os.path.realpath(__file__)) +
"/admin/plugins")
return f"{plugin_dir}/{plugin_name}/resources"