From 1b6d00ac663856abe842f110c7373fadb0c9daf8 Mon Sep 17 00:00:00 2001
From: Adit Sarfaty <asarfaty@vmware.com>
Date: Mon, 21 Aug 2017 17:27:08 +0300
Subject: [PATCH] AdminUtils:NSX|V3: Add orphaned routers list & clean

Add admin utilities to list and clean backend logical routers that does
not exist in neutron.

Usage:
    nsxadmin -r orphaned-routers -o list
    nsxadmin -r orphaned-routers -o nsx-clean --property nsx-id=<id>

Change-Id: I69dcb2abcf798c3c35f7ddde1c8a10a16a44cc3e
---
 doc/source/admin_util.rst                     | 14 +++-
 vmware_nsx/db/db.py                           |  9 +++
 .../shell/admin/plugins/common/constants.py   |  3 +-
 .../admin/plugins/nsxv3/resources/routers.py  | 77 ++++++++++++++++++-
 .../admin/plugins/nsxv3/resources/utils.py    |  4 +
 vmware_nsx/shell/resources.py                 |  3 +
 6 files changed, 106 insertions(+), 4 deletions(-)

diff --git a/doc/source/admin_util.rst b/doc/source/admin_util.rst
index dbda2f1466..cc1105eb13 100644
--- a/doc/source/admin_util.rst
+++ b/doc/source/admin_util.rst
@@ -234,7 +234,8 @@ Config
 NSXv3
 -----
 
-The following resources are supported: 'security-groups', 'routers', 'networks', 'nsx-security-groups', 'dhcp-binding', 'metadata-proxy', 'orphaned-dhcp-servers', 'firewall-sections', 'certificate', and 'ports'.
+The following resources are supported: 'security-groups', 'routers', 'networks', 'nsx-security-groups', 'dhcp-binding', 'metadata-proxy', 'orphaned-dhcp-servers', 'firewall-sections', 'certificate', 'orphaned-networks', 'orphaned-routers',
+and 'ports'.
 
 Networks
 ~~~~~~~~
@@ -266,6 +267,17 @@ Routers
 
     nsxadmin -r routers -o nsx-update-rules
 
+Orphaned Routers
+~~~~~~~~~~~~~~~~~
+
+- List logical routers which are missing from the neutron DB::
+
+    nsxadmin -r orphaned-routers -o list
+
+- Delete a backend logical router by it's nsx-id::
+
+    nsxadmin -r orphaned-routers -o nsx-clean --property nsx-id=<id>
+
 Ports
 ~~~~~
 
diff --git a/vmware_nsx/db/db.py b/vmware_nsx/db/db.py
index c0868da9a0..85ffe16570 100644
--- a/vmware_nsx/db/db.py
+++ b/vmware_nsx/db/db.py
@@ -275,6 +275,15 @@ def get_nsx_router_id(session, neutron_id):
                   "stored in Neutron DB", neutron_id)
 
 
+def get_neutron_from_nsx_router_id(session, nsx_router_id):
+    try:
+        mapping = (session.query(nsx_models.NeutronNsxRouterMapping).
+                   filter_by(nsx_id=nsx_router_id).one())
+        return mapping['neutron_id']
+    except exc.NoResultFound:
+        LOG.debug("Couldn't find router with nsx id  %s", nsx_router_id)
+
+
 def get_nsx_security_group_id(session, neutron_id):
     """Return the id of a security group in the NSX backend.
 
diff --git a/vmware_nsx/shell/admin/plugins/common/constants.py b/vmware_nsx/shell/admin/plugins/common/constants.py
index 0d3a63336b..c916e77e81 100644
--- a/vmware_nsx/shell/admin/plugins/common/constants.py
+++ b/vmware_nsx/shell/admin/plugins/common/constants.py
@@ -30,6 +30,8 @@ FIREWALL_SECTIONS = 'firewall-sections'
 FIREWALL_NSX_GROUPS = 'nsx-security-groups'
 SECURITY_GROUPS = 'security-groups'
 CONFIG = 'config'
+ORPHANED_NETWORKS = 'orphaned-networks'
+ORPHANED_ROUTERS = 'orphaned-routers'
 
 # NSXV3 only Resource Constants
 PORTS = 'ports'
@@ -49,7 +51,6 @@ ORPHANED_EDGES = 'orphaned-edges'
 MISSING_EDGES = 'missing-edges'
 METADATA = 'metadata'
 MISSING_NETWORKS = 'missing-networks'
-ORPHANED_NETWORKS = 'orphaned-networks'
 LBAAS = 'lbaas'
 BGP_GW_EDGE = 'bgp-gw-edge'
 ROUTING_REDIS_RULE = 'routing-redistribution-rule'
diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/routers.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/routers.py
index dc17bafad9..4115dff4c6 100644
--- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/routers.py
+++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/routers.py
@@ -12,6 +12,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import sys
 
 from vmware_nsx.common import utils as nsx_utils
 from vmware_nsx.db import db as nsx_db
@@ -29,6 +30,7 @@ from neutron_lib import context as neutron_context
 from oslo_log import log as logging
 
 LOG = logging.getLogger(__name__)
+neutron_client = utils.NeutronDbClient()
 nsxlib = utils.get_connected_nsxlib()
 
 
@@ -47,7 +49,7 @@ def list_missing_routers(resource, event, trigger, **kwargs):
     routers = []
     for router in neutron_routers:
         neutron_id = router['id']
-        # get the network nsx id from the mapping table
+        # get the router nsx id from the mapping table
         nsx_id = nsx_db.get_nsx_router_id(admin_cxt.session,
                                           neutron_id)
         if not nsx_id:
@@ -89,7 +91,7 @@ def update_nat_rules(resource, event, trigger, **kwargs):
     num_of_updates = 0
     for router in neutron_routers:
         neutron_id = router['id']
-        # get the network nsx id from the mapping table
+        # get the router nsx id from the mapping table
         nsx_id = nsx_db.get_nsx_router_id(admin_cxt.session,
                                           neutron_id)
         if nsx_id:
@@ -106,6 +108,69 @@ def update_nat_rules(resource, event, trigger, **kwargs):
         LOG.info("Did not find any NAT rule to update")
 
 
+@admin_utils.output_header
+def list_orphaned_routers(resource, event, trigger, **kwargs):
+    nsx_routers = nsxlib.logical_router.list()['results']
+    missing_routers = []
+    for nsx_router in nsx_routers:
+        # check if it exists in the neutron DB
+        if not neutron_client.lrouter_id_to_router_id(nsx_router['id']):
+            # Skip non-neutron routers, by tags
+            for tag in nsx_router.get('tags', []):
+                if tag.get('scope') == 'os-neutron-router-id':
+                    missing_routers.append(nsx_router)
+                    break
+
+    LOG.info(formatters.output_formatter(constants.ORPHANED_ROUTERS,
+                                         missing_routers,
+                                         ['id', 'display_name']))
+
+
+@admin_utils.output_header
+def delete_backend_router(resource, event, trigger, **kwargs):
+    errmsg = ("Need to specify nsx-id property. Add --property nsx-id=<id>")
+    if not kwargs.get('property'):
+        LOG.error("%s", errmsg)
+        return
+    properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
+    nsx_id = properties.get('nsx-id')
+    if not nsx_id:
+        LOG.error("%s", errmsg)
+        return
+
+    # check if the router exists
+    try:
+        nsxlib.logical_router.get(nsx_id, silent=True)
+    except nsx_exc.BackendResourceNotFound:
+        # prevent logger from logging this exception
+        sys.exc_clear()
+        LOG.warning("Backend router %s was not found.", nsx_id)
+        return
+
+    # try to delete it
+    try:
+        # first delete its ports
+        ports = nsxlib.logical_router_port.get_by_router_id(nsx_id)
+        for port in ports:
+            nsxlib.logical_router_port.delete(port['id'])
+        nsxlib.logical_router.delete(nsx_id)
+    except Exception as e:
+        LOG.error("Failed to delete backend router %(id)s : %(e)s.", {
+            'id': nsx_id, 'e': e})
+        return
+
+    # Verify that the router was deleted since the backend does not always
+    # throws errors
+    try:
+        nsxlib.logical_router.get(nsx_id, silent=True)
+    except nsx_exc.BackendResourceNotFound:
+        # prevent logger from logging this exception
+        sys.exc_clear()
+        LOG.info("Backend router %s was deleted.", nsx_id)
+    else:
+        LOG.error("Failed to delete backend router %s.", nsx_id)
+
+
 registry.subscribe(list_missing_routers,
                    constants.ROUTERS,
                    shell.Operations.LIST_MISMATCHES.value)
@@ -113,3 +178,11 @@ registry.subscribe(list_missing_routers,
 registry.subscribe(update_nat_rules,
                    constants.ROUTERS,
                    shell.Operations.NSX_UPDATE_RULES.value)
+
+registry.subscribe(list_orphaned_routers,
+                   constants.ORPHANED_ROUTERS,
+                   shell.Operations.LIST.value)
+
+registry.subscribe(delete_backend_router,
+                   constants.ORPHANED_ROUTERS,
+                   shell.Operations.NSX_CLEAN.value)
diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py
index e9cd36a4a4..253a419527 100644
--- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py
+++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py
@@ -75,6 +75,10 @@ class NeutronDbClient(db_base_plugin_v2.NeutronDbPluginV2):
         net_ids = nsx_db.get_net_ids(self.context.session, lswitch_id)
         return net_ids[0] if net_ids else None
 
+    def lrouter_id_to_router_id(self, lrouter_id):
+        return nsx_db.get_neutron_from_nsx_router_id(self.context.session,
+                                                     lrouter_id)
+
     def net_id_to_lswitch_id(self, net_id):
         lswitch_ids = nsx_db.get_nsx_switch_ids(self.context.session, net_id)
         return lswitch_ids[0] if lswitch_ids else None
diff --git a/vmware_nsx/shell/resources.py b/vmware_nsx/shell/resources.py
index 29135fd5b2..c1cc5b985e 100644
--- a/vmware_nsx/shell/resources.py
+++ b/vmware_nsx/shell/resources.py
@@ -115,6 +115,9 @@ nsxv3_resources = {
     constants.ORPHANED_NETWORKS: Resource(constants.ORPHANED_NETWORKS,
                                  [Operations.LIST.value,
                                   Operations.NSX_CLEAN.value]),
+    constants.ORPHANED_ROUTERS: Resource(constants.ORPHANED_ROUTERS,
+                                [Operations.LIST.value,
+                                 Operations.NSX_CLEAN.value]),
     constants.LB_SERVICES: Resource(constants.LB_SERVICES,
                                     [Operations.LIST.value]),
     constants.LB_VIRTUAL_SERVERS: Resource(constants.LB_VIRTUAL_SERVERS,