x/vmware-nsx
Code Issues Proposed changes

AdminUtils NSXv3: Fix SG admin utils and their documantation

Browse Source 
The nsxv3 security groups documentation was wrong.
In addition, fixed some function calls.

Change-Id: I38a0013775c848ff41fb0771a2114730e1d59cbe
This commit is contained in:
Adit Sarfaty 2017-02-21 11:06:52 +02:00
parent abb76b430a
commit 4f929e8fdb
2 changed files with 24 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
doc/source/admin_util.rst
View File

@ -215,7 +215,7 @@ Metadata
NSXv3 NSXv3
----- -----
The following resources are supported: 'security-groups', 'routers', 'networks', 'nsx-security-groups', 'dhcp-binding', 'metadata-proxy', 'orphaned-dhcp-servers', and 'ports'. The following resources are supported: 'security-groups', 'routers', 'networks', 'nsx-security-groups', 'dhcp-binding', 'metadata-proxy', 'orphaned-dhcp-servers', 'firewall-sections', 'certificate', and 'ports'.
Networks Networks
~~~~~~~~ ~~~~~~~~
@ -242,36 +242,39 @@ Ports
nsxadmin -r ports -o nsx-migrate-v-v3 nsxadmin -r ports -o nsx-migrate-v-v3
Security Groups Security Groups & NSX Security Groups
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- List backed security groups:: - List backed security groups::
nsx -r security-groups -o nsx-list nsxadmin -r nsx-security-groups -o list
- List neutron DB security groups:: - List neutron security groups::
nsx -r security-groups -o neutron-list nsxadmin -r security-groups -o list
- List both backend and neutron security groups:: - Fix mismatch sections in security group::
nsx -r security-groups -o list nsxadmin -r security-groups -o fix-mismatch
- Cleanup NSX backend sections and nsgroups:: - List nsx security groups with mismatch sections::
nsx -r security-groups -o nsx-clean nsxadmin -r nsx-security-groups -o list-mismatches
- Cleanup Neutron DB security groups::
nsx -r security-groups -o neutron-clean
- Cleanup both Neutron DB security groups and NSX backend sections and nsgroups::
nsx -r security-groups -o clean
- Update NSX security groups dynamic criteria for NSXv3 CrossHairs:: - Update NSX security groups dynamic criteria for NSXv3 CrossHairs::
nsx -r nsx-security-groups -o migrate-to-dynamic-criteria nsxadmin -r nsx-security-groups -o migrate-to-dynamic-criteria
Firewall Sections
~~~~~~~~~~~~~~~~~
- List backed firewall sections::
nsxadmin -r firewall-sections -o list
- List security groups with missing sections::
nsxadmin -r firewall-sections -o list-mismatches
Metadata Proxy Metadata Proxy
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~

6
vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py
View File

@ -226,8 +226,8 @@ def fix_security_groups(resource, event, trigger, **kwargs):
# should already have them. # should already have them.
if not utils.is_nsx_version_1_1_0(plugin._nsx_version): if not utils.is_nsx_version_1_1_0(plugin._nsx_version):
members = [] members = []
for port_id in neutron_db.get_ports_in_security_group(sg_id): for port_id in neutron_sg.get_ports_in_security_group(sg_id):
lport_id = neutron_db.get_logical_port_id(port_id) lport_id = neutron_sg.get_logical_port_id(port_id)
members.append(lport_id) members.append(lport_id)
nsxlib.ns_group.add_members( nsxlib.ns_group.add_members(
nsgroup['id'], consts.TARGET_TYPE_LOGICAL_PORT, members) nsgroup['id'], consts.TARGET_TYPE_LOGICAL_PORT, members)
@ -246,8 +246,6 @@ def fix_security_groups(resource, event, trigger, **kwargs):
secgroup.get(sg_logging.LOGGING, False), action, secgroup.get(sg_logging.LOGGING, False), action,
secgroup['security_group_rules']) secgroup['security_group_rules'])
plugin.save_security_group_rule_mappings(context_, rules['rules']) plugin.save_security_group_rule_mappings(context_, rules['rules'])
# Add nsgroup to a nested group
plugin.nsgroup_manager.add_nsgroup(nsgroup['id'])
def _update_ports_dynamic_criteria_tags(): def _update_ports_dynamic_criteria_tags():