x/vmware-nsx
Code Issues Proposed changes

NSX|P: Policy plugin use passthrough api

Browse Source 
Adding a configuration flag (True by default) to allow the
passthrough api usage.
Using this plag for the nsxpolicy initialization and for calling
the specific apis.

Change-Id: Ie574d56af6258726f774d623e5cce25aa5f20ead
This commit is contained in:
Adit Sarfaty 2018-12-06 10:59:15 +02:00
parent 77a9571925
commit 0fc5c7a5a3
4 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
vmware_nsx/common/config.py
View File

@ -505,6 +505,10 @@ nsx_p_opts = nsx_v3_and_p + [
"specified. If only one VLAN transport zone is present " "specified. If only one VLAN transport zone is present "
"on backend, it will be assumed as default unless this " "on backend, it will be assumed as default unless this "
"value is provided")), "value is provided")),
cfg.BoolOpt('allow_passthrough',
default=True,
help=_("If True, use nsx manager api for cases which are not "
"supported by the policy manager api")),
] ]

20
vmware_nsx/plugins/nsx_p/plugin.py
View File

@ -212,6 +212,7 @@ class NsxPolicyPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
return None return None
def _init_default_config(self): def _init_default_config(self):
"""Validate the configuration & initialize default values"""
# Default Tier0 router # Default Tier0 router
self.default_tier0_router = self._init_default_resource( self.default_tier0_router = self._init_default_resource(
self.nsxpolicy.tier0, self.nsxpolicy.tier0,
@ -980,7 +981,19 @@ class NsxPolicyPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
tier0=new_tier0_uuid) tier0=new_tier0_uuid)
# Set/Unset the router TZ to allow vlan switches traffic # Set/Unset the router TZ to allow vlan switches traffic
#TODO(asarfaty) no api for this yet if cfg.CONF.nsx_p.allow_passthrough:
# TODO(asarfaty) need to wait for realization before using
# the passthrough api
if new_tier0_uuid:
tz_uuid = self.nsxpolicy.tier0.get_overlay_transport_zone(
new_tier0_uuid)
else:
tz_uuid = None
self.nsxpolicy.tier1.update_transport_zone(
router_id, tz_uuid)
else:
LOG.debug("Not adding transport-zone to tier1 router %s as "
"passthrough api is disabled", router_id)
if actions['add_snat_rules']: if actions['add_snat_rules']:
# Add SNAT rules for all the subnets which are in different scope # Add SNAT rules for all the subnets which are in different scope
@ -1002,8 +1015,9 @@ class NsxPolicyPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
# TODO(asarfaty): handle enable/disable snat, router adv flags, etc. # TODO(asarfaty): handle enable/disable snat, router adv flags, etc.
if actions['remove_service_router']: if actions['remove_service_router']:
# disable edge firewall before removing the service router # Disable edge firewall before removing the service router
#TODO(asarfaty) no api for this yet #TODO(asarfaty) no api for this yet. Use passthrough api when
# adding fwaas support
# remove the edge cluster # remove the edge cluster
self.nsxpolicy.tier1.remove_edge_cluster(router_id) self.nsxpolicy.tier1.remove_edge_cluster(router_id)

5
vmware_nsx/plugins/nsx_v3/utils.py
View File

@ -170,7 +170,7 @@ def get_nsxlib_wrapper(nsx_username=None, nsx_password=None, basic_auth=False,
def get_nsxpolicy_wrapper(nsx_username=None, nsx_password=None, def get_nsxpolicy_wrapper(nsx_username=None, nsx_password=None,
basic_auth=False): basic_auth=False):
#TODO(asarfaty) move to a different file? #TODO(asarfaty) move to a different file? (under common_v3)
client_cert_provider = None client_cert_provider = None
if not basic_auth: if not basic_auth:
# if basic auth requested, dont use cert file even if provided # if basic auth requested, dont use cert file even if provided
@ -193,7 +193,8 @@ def get_nsxpolicy_wrapper(nsx_username=None, nsx_password=None,
nsx_api_managers=cfg.CONF.nsx_p.nsx_api_managers, nsx_api_managers=cfg.CONF.nsx_p.nsx_api_managers,
plugin_scope=OS_NEUTRON_ID_SCOPE, plugin_scope=OS_NEUTRON_ID_SCOPE,
plugin_tag=NSX_NEUTRON_PLUGIN, plugin_tag=NSX_NEUTRON_PLUGIN,
plugin_ver=n_version.version_info.release_string()) plugin_ver=n_version.version_info.release_string(),
allow_passthrough=cfg.CONF.nsx_p.allow_passthrough)
return v3.NsxPolicyLib(nsxlib_config) return v3.NsxPolicyLib(nsxlib_config)

7
vmware_nsx/tests/unit/nsx_p/test_plugin.py
View File

@ -40,6 +40,7 @@ from vmware_nsx.common import utils
from vmware_nsx.tests.unit.common_plugin import common_v3 from vmware_nsx.tests.unit.common_plugin import common_v3
from vmware_nsxlib.v3 import exceptions as nsxlib_exc from vmware_nsxlib.v3 import exceptions as nsxlib_exc
from vmware_nsxlib.v3 import nsx_constants from vmware_nsxlib.v3 import nsx_constants
from vmware_nsxlib.v3 import policy_constants
PLUGIN_NAME = 'vmware_nsx.plugin.NsxPolicyPlugin' PLUGIN_NAME = 'vmware_nsx.plugin.NsxPolicyPlugin'
NSX_OVERLAY_TZ_NAME = 'OVERLAY_TZ' NSX_OVERLAY_TZ_NAME = 'OVERLAY_TZ'
@ -85,6 +86,12 @@ class NsxPPluginTestCaseMixin(
mock.patch("vmware_nsxlib.v3.policy_resources." mock.patch("vmware_nsxlib.v3.policy_resources."
"NsxPolicyCommunicationMapApi._get_last_seq_num", "NsxPolicyCommunicationMapApi._get_last_seq_num",
return_value=-1).start() return_value=-1).start()
mock.patch("vmware_nsxlib.v3.policy_resources."
"NsxPolicyResourceBase._wait_until_realized",
return_value={'state': policy_constants.STATE_REALIZED}
).start()
mock.patch("vmware_nsxlib.v3.policy_resources."
"NsxPolicyTier1Api.update_transport_zone").start()
def setup_conf_overrides(self): def setup_conf_overrides(self):
cfg.CONF.set_override('default_overlay_tz', NSX_OVERLAY_TZ_NAME, cfg.CONF.set_override('default_overlay_tz', NSX_OVERLAY_TZ_NAME,