x/vmware-nsx
Code Issues Proposed changes

Populate plugin directory to fix port operation in nsxadmin v3

Browse Source 
Following I7331e914234c5f0b7abe836604fdd7e4067551cf, nsxadmin command
"nsxadmin -o list-mismatches -r ports" failed due to absence of core plugin
in plugin directory. Fix this by adding core plugin from the admin code

Change-Id: I4edbe0b413a66c65c7061dee2b478a9db4a13bdb
This commit is contained in:
Anna Khmelnitsky 2016-12-07 17:21:37 -08:00 committed by garyk
parent 27a908ef16
commit 47cd93baaf
1 changed files with 70 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
vmware_nsx/shell/admin/plugins/nsxv3/resources/ports.py
View File

@ -39,6 +39,7 @@ from neutron.db import db_base_plugin_v2
from neutron.db import portsecurity_db from neutron.db import portsecurity_db
from neutron.extensions import allowedaddresspairs from neutron.extensions import allowedaddresspairs
from neutron_lib import constants as const from neutron_lib import constants as const
from neutron_lib.plugins import directory
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -46,7 +47,12 @@ LOG = logging.getLogger(__name__)
class PortsPlugin(db_base_plugin_v2.NeutronDbPluginV2, class PortsPlugin(db_base_plugin_v2.NeutronDbPluginV2,
portsecurity_db.PortSecurityDbMixin, portsecurity_db.PortSecurityDbMixin,
addr_pair_db.AllowedAddressPairsMixin): addr_pair_db.AllowedAddressPairsMixin):
pass def __enter__(self):
directory.add_plugin(const.CORE, self)
return self
def __exit__(self, exc_type, exc_value, traceback):
directory.add_plugin(const.CORE, None)
def get_port_nsx_id(session, neutron_id): def get_port_nsx_id(session, neutron_id):
@ -109,73 +115,74 @@ def list_missing_ports(resource, event, trigger, **kwargs):
"""List neutron ports that are missing the NSX backend port """List neutron ports that are missing the NSX backend port
And ports with wrong switch profiles And ports with wrong switch profiles
""" """
plugin = PortsPlugin()
admin_cxt = neutron_context.get_admin_context() admin_cxt = neutron_context.get_admin_context()
neutron_ports = plugin.get_ports(admin_cxt)
port_client, profile_client = get_port_and_profile_clients()
# get pre-defined profile ids with PortsPlugin() as plugin:
dhcp_profile_id = get_dhcp_profile_id(profile_client) neutron_ports = plugin.get_ports(admin_cxt)
dhcp_profile_key = resources.SwitchingProfileTypes.SWITCH_SECURITY port_client, profile_client = get_port_and_profile_clients()
spoofguard_profile_id = get_spoofguard_profile_id(profile_client)
spoofguard_profile_key = resources.SwitchingProfileTypes.SPOOF_GUARD
qos_profile_key = resources.SwitchingProfileTypes.QOS
problems = [] # get pre-defined profile ids
for port in neutron_ports: dhcp_profile_id = get_dhcp_profile_id(profile_client)
neutron_id = port['id'] dhcp_profile_key = resources.SwitchingProfileTypes.SWITCH_SECURITY
# get the network nsx id from the mapping table spoofguard_profile_id = get_spoofguard_profile_id(profile_client)
nsx_id = get_port_nsx_id(admin_cxt.session, neutron_id) spoofguard_profile_key = resources.SwitchingProfileTypes.SPOOF_GUARD
if not nsx_id: qos_profile_key = resources.SwitchingProfileTypes.QOS
# skip external ports
pass
else:
try:
nsx_port = port_client.get(nsx_id)
except nsx_exc.ResourceNotFound:
problems.append({'neutron_id': neutron_id,
'nsx_id': nsx_id,
'error': _LI('Missing from backend')})
continue
# Port found on backend! problems = []
# Check that it has all the expected switch profiles. for port in neutron_ports:
# create a dictionary of the current profiles: neutron_id = port['id']
profiles_dict = {} # get the network nsx id from the mapping table
for prf in nsx_port['switching_profile_ids']: nsx_id = get_port_nsx_id(admin_cxt.session, neutron_id)
profiles_dict[prf['key']] = prf['value'] if not nsx_id:
# skip external ports
pass
else:
try:
nsx_port = port_client.get(nsx_id)
except nsx_exc.ResourceNotFound:
problems.append({'neutron_id': neutron_id,
'nsx_id': nsx_id,
'error': _LI('Missing from backend')})
continue
# DHCP port: neutron dhcp profile should be attached # Port found on backend!
# to logical ports created for neutron DHCP but not # Check that it has all the expected switch profiles.
# for native DHCP. # create a dictionary of the current profiles:
if (port.get('device_owner') == const.DEVICE_OWNER_DHCP and profiles_dict = {}
not cfg.CONF.nsx_v3.native_dhcp_metadata): for prf in nsx_port['switching_profile_ids']:
prf_id = profiles_dict[dhcp_profile_key] profiles_dict[prf['key']] = prf['value']
if prf_id != dhcp_profile_id:
add_profile_mismatch(problems, neutron_id, nsx_id,
prf_id, "DHCP security")
# Port with QoS policy: a matching profile should be attached # DHCP port: neutron dhcp profile should be attached
qos_policy_id = qos_utils.get_port_policy_id(admin_cxt, # to logical ports created for neutron DHCP but not
neutron_id) # for native DHCP.
if qos_policy_id: if (port.get('device_owner') == const.DEVICE_OWNER_DHCP and
qos_profile_id = nsx_db.get_switch_profile_by_qos_policy( not cfg.CONF.nsx_v3.native_dhcp_metadata):
admin_cxt.session, qos_policy_id) prf_id = profiles_dict[dhcp_profile_key]
prf_id = profiles_dict[qos_profile_key] if prf_id != dhcp_profile_id:
if prf_id != qos_profile_id: add_profile_mismatch(problems, neutron_id, nsx_id,
add_profile_mismatch(problems, neutron_id, nsx_id, prf_id, "DHCP security")
prf_id, "QoS")
# Port with security & fixed ips/address pairs: # Port with QoS policy: a matching profile should be attached
# neutron spoofguard profile should be attached qos_policy_id = qos_utils.get_port_policy_id(admin_cxt,
port_sec, has_ip = plugin._determine_port_security_and_has_ip( neutron_id)
admin_cxt, port) if qos_policy_id:
addr_pair = port.get(allowedaddresspairs.ADDRESS_PAIRS) qos_profile_id = nsx_db.get_switch_profile_by_qos_policy(
if port_sec and (has_ip or addr_pair): admin_cxt.session, qos_policy_id)
prf_id = profiles_dict[spoofguard_profile_key] prf_id = profiles_dict[qos_profile_key]
if prf_id != spoofguard_profile_id: if prf_id != qos_profile_id:
add_profile_mismatch(problems, neutron_id, nsx_id, add_profile_mismatch(problems, neutron_id, nsx_id,
prf_id, "Spoof Guard") prf_id, "QoS")
# Port with security & fixed ips/address pairs:
# neutron spoofguard profile should be attached
port_sec, has_ip = plugin._determine_port_security_and_has_ip(
admin_cxt, port)
addr_pair = port.get(allowedaddresspairs.ADDRESS_PAIRS)
if port_sec and (has_ip or addr_pair):
prf_id = profiles_dict[spoofguard_profile_key]
if prf_id != spoofguard_profile_id:
add_profile_mismatch(problems, neutron_id, nsx_id,
prf_id, "Spoof Guard")
if len(problems) > 0: if len(problems) > 0:
title = _LI("Found internal ports misconfiguration on the " title = _LI("Found internal ports misconfiguration on the "
@ -217,10 +224,10 @@ def migrate_compute_ports_vms(resource, event, trigger, **kwargs):
return return
# Go over all the compute ports from the plugin # Go over all the compute ports from the plugin
plugin = PortsPlugin()
admin_cxt = neutron_context.get_admin_context() admin_cxt = neutron_context.get_admin_context()
port_filters = {'device_owner': ['compute:None']} port_filters = {'device_owner': ['compute:None']}
neutron_ports = plugin.get_ports(admin_cxt, filters=port_filters) with PortsPlugin() as plugin:
neutron_ports = plugin.get_ports(admin_cxt, filters=port_filters)
for port in neutron_ports: for port in neutron_ports:
device_id = port.get('device_id') device_id = port.get('device_id')