NSX|V3: admin util for migrating exlcude list ports

NSX version 2.0.0 support ns groups for ports that are in the
exclude list. This means that we need to migrate all neutron
ports from the exclude list to the NSX group.

The command to do this is:
    nsxadmin -r ports -o migrate-exclude-ports

This should be done after the platform is upgraded to 2.0.0 and before
neutron ports are added/deleted.

Depends-On: I6707b8b3e9d7895fdaa10a2a0ca491c5016a32e4
Change-Id: I3cc3aa2b64e6a8416ae17d651d7438bc7d747c8a
This commit is contained in:
Gary Kotton 2017-04-14 19:33:36 +03:00
parent 1c4a66ea31
commit 624ee9b0d4
3 changed files with 63 additions and 1 deletions

View File

@ -253,6 +253,10 @@ Ports
nsxadmin -r ports -o nsx-migrate-v-v3 nsxadmin -r ports -o nsx-migrate-v-v3
- Migrate exclude ports to use tags::
nsxadmin -r ports -o migrate-exclude-ports
Security Groups & NSX Security Groups Security Groups & NSX Security Groups
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

View File

@ -17,6 +17,7 @@ from oslo_config import cfg
from oslo_log import log as logging from oslo_log import log as logging
from sqlalchemy.orm import exc from sqlalchemy.orm import exc
from vmware_nsx.common import utils as nsx_utils
from vmware_nsx.db import db as nsx_db from vmware_nsx.db import db as nsx_db
from vmware_nsx.db import nsx_models from vmware_nsx.db import nsx_models
from vmware_nsx.dvs import dvs from vmware_nsx.dvs import dvs
@ -28,7 +29,9 @@ from vmware_nsx.shell.admin.plugins.common import utils as admin_utils
from vmware_nsx.shell.admin.plugins.nsxv3.resources import utils as v3_utils from vmware_nsx.shell.admin.plugins.nsxv3.resources import utils as v3_utils
from vmware_nsx.shell import resources as shell from vmware_nsx.shell import resources as shell
from vmware_nsxlib.v3 import exceptions as nsx_exc from vmware_nsxlib.v3 import exceptions as nsx_exc
from vmware_nsxlib.v3 import nsx_constants as nsxlib_consts
from vmware_nsxlib.v3 import resources from vmware_nsxlib.v3 import resources
from vmware_nsxlib.v3 import security
from neutron.db import allowedaddresspairs_db as addr_pair_db from neutron.db import allowedaddresspairs_db as addr_pair_db
from neutron.db import db_base_plugin_v2 from neutron.db import db_base_plugin_v2
@ -268,6 +271,55 @@ def migrate_compute_ports_vms(resource, event, trigger, **kwargs):
nsx_net_id, device_type) nsx_net_id, device_type)
def migrate_exclude_ports(resource, event, trigger, **kwargs):
_nsx_client = v3_utils.get_nsxv3_client()
nsxlib = v3_utils.get_connected_nsxlib()
version = nsxlib.get_version()
if not nsx_utils.is_nsx_version_2_0_0(version):
LOG.info("Migration only supported from 2.0 onwards")
LOG.info("Version is %s", version)
return
admin_cxt = neutron_context.get_admin_context()
plugin = PortsPlugin()
_port_client = resources.LogicalPort(_nsx_client)
exclude_list = nsxlib.firewall_section.get_excludelist()
for member in exclude_list['members']:
if member['target_type'] == 'LogicalPort':
port_id = member['target_id']
# Get port
try:
nsx_port = _port_client.get(port_id)
except nsx_exc.ResourceNotFound:
LOG.info("Port %s not found", port_id)
continue
# Validate its a neutron port
is_neutron_port = False
for tag in nsx_port['tags']:
if tag['scope'] == 'os-neutron-port-id':
is_neutron_port = True
neutron_port_id = tag['tag']
break
if not is_neutron_port:
LOG.info("Port %s is not a neutron port", port_id)
continue
# Check if this port exists in the DB
try:
plugin.get_port(admin_cxt, neutron_port_id)
except Exception:
LOG.info("Port %s is not defined in DB", neutron_port_id)
continue
# Update tag for the port
tags_update = [{'scope': security.PORT_SG_SCOPE,
'tag': nsxlib_consts.EXCLUDE_PORT}]
_port_client.update(port_id, None,
tags_update=tags_update)
# Remove port from the exclude list
nsxlib.firewall_section.remove_member_from_fw_exclude_list(
port_id, nsxlib_consts.TARGET_TYPE_LOGICAL_PORT)
LOG.info("Port %s successfully updated", port_id)
registry.subscribe(list_missing_ports, registry.subscribe(list_missing_ports,
constants.PORTS, constants.PORTS,
shell.Operations.LIST_MISMATCHES.value) shell.Operations.LIST_MISMATCHES.value)
@ -275,3 +327,7 @@ registry.subscribe(list_missing_ports,
registry.subscribe(migrate_compute_ports_vms, registry.subscribe(migrate_compute_ports_vms,
constants.PORTS, constants.PORTS,
shell.Operations.NSX_MIGRATE_V_V3.value) shell.Operations.NSX_MIGRATE_V_V3.value)
registry.subscribe(migrate_exclude_ports,
constants.PORTS,
shell.Operations.NSX_MIGRATE_EXCLUDE_PORTS.value)

View File

@ -51,6 +51,7 @@ class Operations(enum.Enum):
MIGRATE_TO_DYNAMIC_CRITERIA = 'migrate-to-dynamic-criteria' MIGRATE_TO_DYNAMIC_CRITERIA = 'migrate-to-dynamic-criteria'
NSX_MIGRATE_V_V3 = 'nsx-migrate-v-v3' NSX_MIGRATE_V_V3 = 'nsx-migrate-v-v3'
MIGRATE_TO_POLICY = 'migrate-to-policy' MIGRATE_TO_POLICY = 'migrate-to-policy'
NSX_MIGRATE_EXCLUDE_PORTS = 'migrate-exclude-ports'
STATUS = 'status' STATUS = 'status'
GENERATE = 'generate' GENERATE = 'generate'
IMPORT = 'import' IMPORT = 'import'
@ -83,7 +84,8 @@ nsxv3_resources = {
[Operations.LIST_MISMATCHES.value]), [Operations.LIST_MISMATCHES.value]),
constants.PORTS: Resource(constants.PORTS, constants.PORTS: Resource(constants.PORTS,
[Operations.LIST_MISMATCHES.value, [Operations.LIST_MISMATCHES.value,
Operations.NSX_MIGRATE_V_V3.value]), Operations.NSX_MIGRATE_V_V3.value,
Operations.NSX_MIGRATE_EXCLUDE_PORTS.value]),
constants.ROUTERS: Resource(constants.ROUTERS, constants.ROUTERS: Resource(constants.ROUTERS,
[Operations.LIST_MISMATCHES.value]), [Operations.LIST_MISMATCHES.value]),
constants.DHCP_BINDING: Resource(constants.DHCP_BINDING, constants.DHCP_BINDING: Resource(constants.DHCP_BINDING,