a7b5bfafcc
- separate nsxlib/v3 constants and utils from the common ones - separate the nsxlib/v3 tests - update the nsxlib tests to cover create_firewall_rules - remove all of the DB calls from the nsxlib/v3 - merge security & dfw_api classes To be done in future patches: - Avoid using the nsx configuration values directly - Improve nsxlib interface (as Aaron suggested in If2fe1e014b78703ff0a9cdff1e4e8d45f3a4a16d) Change-Id: I43257f557ce1e98b4f64b8157d723cc84ea58c2b |
||
---|---|---|
.. | ||
plugins | ||
__init__.py | ||
README.rst | ||
version.py |
Admin Utility
Introduction
Purpose of this script is to build a framework which can be leveraged to build utilities to help the on-field ops in system debugging.
Adding custom functions
Refer to the security groups example for reference implementation under, admin/plugins/nsx_v3/resources/securitygroups.py
Adding new functions is fairly straightforward:
- Define the function under appropriate package. We use neutron callbacks to provide hooks. So your function definition should be like,
- ::
-
def function(resource, event, trigger, **kwargs)
- Add the Resources and Operations enums if they don't exist.
- ::
-
- class Operations(object):
-
NEUTRON_CLEAN = 'neutron_clean'
- ::
-
- nsxv3_resources = {
-
constants.SECURITY_GROUPS: Resource(constants.SECURITY_GROUPS, ops)
}
- In resource.py, add the function to the callback registry.
- ::
-
- registry.subscribe(neutron_clean_security_groups,
-
Resources.SECURITY_GROUPS.value, Operations.NEUTRON_CLEAN.value)
- To test, do
- ::
-
cd python-nsxadmin/
sudo pip install -e .
nsxadmin -r <resource_name_you_added> -o <operation_you_added>
TODO
- Use Cliff
- Auto complete command line args.
Directory Structure
admin/
- plugins/
- common/
Contains code specific to different plugin versions.
- nsx_v3/
- resources/
Contains modules for various resources supported by the admin utility. These modules contains methods to perform operations on these resources.
Installation
- ::
-
sudo pip install -e .
Usage
- ::
-
nsxadmin -r <resource> -o <operation>
Example
- ::
-
$ nsxadmin -r security-groups -o list ==== [NSX] List Security Groups ==== Firewall Sections +------------------------------------------------+--------------------------------------+ | display_name | id | | default - 261343f8-4f35-4e57-9cc7-6c4fc7723b72 | 91a05fbd-054a-48b6-8e60-3b5d445be8c7 | | default - 823247b6-bdb3-47be-8bac-0d1114fc1ad7 | 78116d4a-de77-4a8f-b3e5-e76f458840ea | | OS default section for security-groups | 10a2fc6c-29c9-4d8d-ac2c-b24aafa15c79 | | Default Layer3 Section | e479e404-e712-4adb-879c-e432d510c056 | +------------------------------------------------+--------------------------------------+ Firewall NS Groups +------------------------------------------------+--------------------------------------+ | display_name | id | | NSGroup Container | c0b26e82-d49b-49f0-b68e-7449a59366e9 | | default - 261343f8-4f35-4e57-9cc7-6c4fc7723b72 | 2e5b5ca1-f687-4556-8130-9524b313474b | | default - 823247b6-bdb3-47be-8bac-0d1114fc1ad7 | b5cd9ae4-42b5-47a7-a1bf-9767ac62466e | +------------------------------------------------+--------------------------------------+ ==== [NEUTRON] List Security Groups ==== Security Groups +--------+------+ | name | id | +--------+------+
$ nsxadmin -r security-groups -o list -f json ==== [NSX] List Security Groups ==== { "Firewall Sections": [ { "display_name": "default - 261343f8-4f35-4e57-9cc7-6c4fc7723b72", "id": "91a05fbd-054a-48b6-8e60-3b5d445be8c7" }, { "display_name": "default - 823247b6-bdb3-47be-8bac-0d1114fc1ad7", "id": "78116d4a-de77-4a8f-b3e5-e76f458840ea" }, { "display_name": "OS default section for security-groups", "id": "10a2fc6c-29c9-4d8d-ac2c-b24aafa15c79" }, { "display_name": "Default Layer3 Section", "id": "e479e404-e712-4adb-879c-e432d510c056" } ] } { "Firewall NS Groups": [ { "display_name": "NSGroup Container", "id": "c0b26e82-d49b-49f0-b68e-7449a59366e9" }, { "display_name": "default - 261343f8-4f35-4e57-9cc7-6c4fc7723b72", "id": "2e5b5ca1-f687-4556-8130-9524b313474b" }, { "display_name": "default - 823247b6-bdb3-47be-8bac-0d1114fc1ad7", "id": "b5cd9ae4-42b5-47a7-a1bf-9767ac62466e" } ] } ==== [NEUTRON] List Security Groups ==== { "Security Groups": [] }
Upgrade Steps (Version 1.0.0 to Version 1.1.0)
- Upgrade NSX backend from version 1.0.0 to version 1.1.0
- Create a DHCP-Profile and a Metadata-Proxy in NSX backend
- Stop Neutron
- Install version 1.1.0 Neutron plugin
- Run admin tools to migrate version 1.0.0 objects to version 1.1.0
objects
- nsxadmin -r metadata-proxy -o nsx-update --property metadata_proxy_uuid=<UUID of Metadata-Proxy created in Step 2>
- nsxadmin -r dhcp-binding -o nsx-update --property dhcp_profile_uuid=<UUID of DHCP-Profile created in Step 2>
- Start Neutron
- Make sure /etc/nova/nova.conf has metadata_proxy_shared_secret = <Secret of Metadata-Proxy created in Step 2>
- Restart VMs or ifdown/ifup their network interface to get new DHCP options
Help
- ::
-
$ nsxadmin --help