diff --git a/doc/source/admin_util.rst b/doc/source/admin_util.rst index 5f07ef81df..b784e7b481 100644 --- a/doc/source/admin_util.rst +++ b/doc/source/admin_util.rst @@ -215,7 +215,7 @@ Metadata NSXv3 ----- -The following resources are supported: 'security-groups', 'routers', 'networks', 'nsx-security-groups', 'dhcp-binding', 'metadata-proxy', 'orphaned-dhcp-servers', and 'ports'. +The following resources are supported: 'security-groups', 'routers', 'networks', 'nsx-security-groups', 'dhcp-binding', 'metadata-proxy', 'orphaned-dhcp-servers', 'firewall-sections', 'certificate', and 'ports'. Networks ~~~~~~~~ @@ -242,36 +242,39 @@ Ports nsxadmin -r ports -o nsx-migrate-v-v3 -Security Groups -~~~~~~~~~~~~~~~ +Security Groups & NSX Security Groups +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - List backed security groups:: - nsx -r security-groups -o nsx-list + nsxadmin -r nsx-security-groups -o list -- List neutron DB security groups:: +- List neutron security groups:: - nsx -r security-groups -o neutron-list + nsxadmin -r security-groups -o list -- List both backend and neutron security groups:: +- Fix mismatch sections in security group:: - nsx -r security-groups -o list + nsxadmin -r security-groups -o fix-mismatch -- Cleanup NSX backend sections and nsgroups:: +- List nsx security groups with mismatch sections:: - nsx -r security-groups -o nsx-clean - -- Cleanup Neutron DB security groups:: - - nsx -r security-groups -o neutron-clean - -- Cleanup both Neutron DB security groups and NSX backend sections and nsgroups:: - - nsx -r security-groups -o clean + nsxadmin -r nsx-security-groups -o list-mismatches - Update NSX security groups dynamic criteria for NSXv3 CrossHairs:: - nsx -r nsx-security-groups -o migrate-to-dynamic-criteria + nsxadmin -r nsx-security-groups -o migrate-to-dynamic-criteria + +Firewall Sections +~~~~~~~~~~~~~~~~~ + +- List backed firewall sections:: + + nsxadmin -r firewall-sections -o list + +- List security groups with missing sections:: + + nsxadmin -r firewall-sections -o list-mismatches Metadata Proxy ~~~~~~~~~~~~~~ diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py index 4b09f14214..0143a01f65 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py +++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py @@ -226,8 +226,8 @@ def fix_security_groups(resource, event, trigger, **kwargs): # should already have them. if not utils.is_nsx_version_1_1_0(plugin._nsx_version): members = [] - for port_id in neutron_db.get_ports_in_security_group(sg_id): - lport_id = neutron_db.get_logical_port_id(port_id) + for port_id in neutron_sg.get_ports_in_security_group(sg_id): + lport_id = neutron_sg.get_logical_port_id(port_id) members.append(lport_id) nsxlib.ns_group.add_members( nsgroup['id'], consts.TARGET_TYPE_LOGICAL_PORT, members) @@ -246,8 +246,6 @@ def fix_security_groups(resource, event, trigger, **kwargs): secgroup.get(sg_logging.LOGGING, False), action, secgroup['security_group_rules']) plugin.save_security_group_rule_mappings(context_, rules['rules']) - # Add nsgroup to a nested group - plugin.nsgroup_manager.add_nsgroup(nsgroup['id']) def _update_ports_dynamic_criteria_tags():