x/vmware-nsx
Code Issues Proposed changes

NSX|V3: remove checks for features long supported

Browse Source 
Remove check about backend supportability for features that were not
supported only on too-old backend versions

Change-Id: I6d0068c9298e947a8bff564950614e776c696898
This commit is contained in:
asarfaty 2020-03-08 14:15:53 +02:00
parent 722f93b752
commit 9ed80d6ebc
11 changed files with 47 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
vmware_nsx/plugins/common_v3/plugin.py
View File

@ -2617,9 +2617,6 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
msg = (_("DHCP option %s is not supported") % opt_name) msg = (_("DHCP option %s is not supported") % opt_name)
raise n_exc.InvalidInput(error_message=msg) raise n_exc.InvalidInput(error_message=msg)
def _is_vlan_router_interface_supported(self):
"""Should be implemented by each plugin"""
def _is_ddi_supported_on_network(self, context, network_id, network=None): def _is_ddi_supported_on_network(self, context, network_id, network=None):
result, _ = self._is_ddi_supported_on_net_with_type( result, _ = self._is_ddi_supported_on_net_with_type(
context, network_id, network=network) context, network_id, network=network)
@ -2647,8 +2644,7 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
# NSX version # NSX version
is_overlay = self._is_overlay_network(context, network_id) is_overlay = self._is_overlay_network(context, network_id)
net_type = "overlay" if is_overlay else "non-overlay" net_type = "overlay" if is_overlay else "non-overlay"
return (is_overlay or return True, net_type
self._is_vlan_router_interface_supported()), net_type
def _has_no_dhcp_enabled_subnet(self, context, network): def _has_no_dhcp_enabled_subnet(self, context, network):
# Check if there is no DHCP-enabled subnet in the network. # Check if there is no DHCP-enabled subnet in the network.
@ -2789,22 +2785,10 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
if port_id: if port_id:
self.nsxlib.logical_port.delete(port_id) self.nsxlib.logical_port.delete(port_id)
def _support_vlan_router_interfaces(self):
"""Should be implemented by each plugin"""
pass
def _validate_multiple_subnets_routers(self, context, router_id, def _validate_multiple_subnets_routers(self, context, router_id,
net_id, subnet): net_id, subnet):
network = self.get_network(context, net_id) network = self.get_network(context, net_id)
net_type = network.get(pnet.NETWORK_TYPE)
if (net_type and
not self._support_vlan_router_interfaces() and
not self._is_overlay_network(context, net_id)):
err_msg = (_("Only overlay networks can be attached to a logical "
"router. Network %(net_id)s is a %(net_type)s based "
"network") % {'net_id': net_id, 'net_type': net_type})
LOG.error(err_msg)
raise n_exc.InvalidInput(error_message=err_msg)
# Unable to attach a trunked network to a router interface # Unable to attach a trunked network to a router interface
if cfg.CONF.vlan_transparent: if cfg.CONF.vlan_transparent:
if network.get('vlan_transparent') is True: if network.get('vlan_transparent') is True:

6
vmware_nsx/plugins/nsx_p/plugin.py
View File

@ -3666,9 +3666,6 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
# return a list of tier0 uplink ip/prefix addresses # return a list of tier0 uplink ip/prefix addresses
return self.nsxpolicy.tier0.get_uplink_cidrs(tier0_id) return self.nsxpolicy.tier0.get_uplink_cidrs(tier0_id)
def _is_vlan_router_interface_supported(self):
return True
def _get_neutron_net_ids_by_nsx_id(self, context, lswitch_id): def _get_neutron_net_ids_by_nsx_id(self, context, lswitch_id):
"""Translate nsx ls IDs given by Nova to neutron network ids. """Translate nsx ls IDs given by Nova to neutron network ids.
@ -3732,9 +3729,6 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
# No dhcp relay support yet # No dhcp relay support yet
return None return None
def _support_vlan_router_interfaces(self):
return True
def update_router_firewall(self, context, router_id, router_db=None, def update_router_firewall(self, context, router_id, router_db=None,
from_fw=False): from_fw=False):
"""Rewrite all the rules in the router edge firewall """Rewrite all the rules in the router edge firewall

4
vmware_nsx/plugins/nsx_v3/availability_zones.py
View File

@ -19,7 +19,6 @@ from vmware_nsx.common import config
from vmware_nsx.plugins.common_v3 import availability_zones as v3_az from vmware_nsx.plugins.common_v3 import availability_zones as v3_az
from vmware_nsxlib.v3 import core_resources from vmware_nsxlib.v3 import core_resources
from vmware_nsxlib.v3 import nsx_constants as nsxlib_consts
DEFAULT_NAME = common_az.DEFAULT_NAME + 'v3' DEFAULT_NAME = common_az.DEFAULT_NAME + 'v3'
@ -129,8 +128,7 @@ class NsxV3AvailabilityZone(v3_az.NsxV3AvailabilityZone):
nsx_profile.get('id'))) nsx_profile.get('id')))
self.switching_profiles_objs = profiles self.switching_profiles_objs = profiles
if (self.dhcp_relay_service and if self.dhcp_relay_service:
nsxlib.feature_supported(nsxlib_consts.FEATURE_DHCP_RELAY)):
relay_id = None relay_id = None
if search_scope: if search_scope:
# Find the relay service by its tag # Find the relay service by its tag

155
vmware_nsx/plugins/nsx_v3/plugin.py
View File

@ -196,12 +196,7 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
self._extension_manager.extension_aliases()) self._extension_manager.extension_aliases())
self.nsxlib = v3_utils.get_nsxlib_wrapper() self.nsxlib = v3_utils.get_nsxlib_wrapper()
if self.nsxlib.feature_supported(nsxlib_consts.FEATURE_ON_BEHALF_OF): nsxlib_utils.set_inject_headers_callback(v3_utils.inject_headers)
nsxlib_utils.set_inject_headers_callback(
v3_utils.inject_headers)
else:
nsxlib_utils.set_inject_headers_callback(
v3_utils.inject_requestid_header)
registry.subscribe( registry.subscribe(
self.on_subnetpool_address_scope_updated, self.on_subnetpool_address_scope_updated,
@ -245,11 +240,7 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
# supported if the global configuration flag vlan_transparent is # supported if the global configuration flag vlan_transparent is
# True # True
if cfg.CONF.vlan_transparent: if cfg.CONF.vlan_transparent:
if self.nsxlib.feature_supported(nsxlib_consts.FEATURE_TRUNK_VLAN): self.supported_extension_aliases.append(vlan_apidef.ALIAS)
self.supported_extension_aliases.append(vlan_apidef.ALIAS)
else:
LOG.warning("Current NSX version %s doesn't support "
"transparent vlans", self.nsxlib.get_version())
# Register NSXv3 trunk driver to support trunk extensions # Register NSXv3 trunk driver to support trunk extensions
self.trunk_driver = trunk_driver.NsxV3TrunkDriver.create(self) self.trunk_driver = trunk_driver.NsxV3TrunkDriver.create(self)
@ -441,10 +432,6 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
# The TVD plugin will take care of this # The TVD plugin will take care of this
return return
if not self.nsxlib.feature_supported(
nsxlib_consts.FEATURE_LOAD_BALANCER):
return
octavia_objects = self._get_octavia_objects() octavia_objects = self._get_octavia_objects()
self.octavia_listener = octavia_listener.NSXOctaviaListener( self.octavia_listener = octavia_listener.NSXOctaviaListener(
**octavia_objects) **octavia_objects)
@ -501,18 +488,17 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
self._mac_learning_profile = None self._mac_learning_profile = None
self._mac_learning_disabled_profile = None self._mac_learning_disabled_profile = None
# Only create MAC Learning profile when nsxv3 version >= 1.1.0
if self.nsxlib.feature_supported(nsxlib_consts.FEATURE_MAC_LEARNING): # create MAC Learning profile
LOG.debug("Initializing NSX v3 Mac Learning switching profiles") try:
try: self._init_mac_learning_profiles()
self._init_mac_learning_profiles() # Only expose the extension if it is supported
# Only expose the extension if it is supported self.supported_extension_aliases.append(mac_ext.ALIAS)
self.supported_extension_aliases.append(mac_ext.ALIAS) except Exception as e:
except Exception as e: LOG.warning("Unable to initialize NSX v3 MAC Learning "
LOG.warning("Unable to initialize NSX v3 MAC Learning " "profiles: %(name)s. Reason: %(reason)s",
"profiles: %(name)s. Reason: %(reason)s", {'name': NSX_V3_MAC_LEARNING_PROFILE_NAME,
{'name': NSX_V3_MAC_LEARNING_PROFILE_NAME, 'reason': e})
'reason': e})
no_switch_security_prof = profile_client.find_by_display_name( no_switch_security_prof = profile_client.find_by_display_name(
NSX_V3_NON_VIF_PROFILE)[0] NSX_V3_NON_VIF_PROFILE)[0]
@ -525,15 +511,13 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
self.server_ssl_profile = None self.server_ssl_profile = None
self.client_ssl_profile = None self.client_ssl_profile = None
# Only create LB profiles when nsxv3 version >= 2.1.0 LOG.debug("Initializing NSX v3 Load Balancer default profiles")
if self.nsxlib.feature_supported(nsxlib_consts.FEATURE_LOAD_BALANCER): try:
LOG.debug("Initializing NSX v3 Load Balancer default profiles") self._init_lb_profiles()
try: except Exception as e:
self._init_lb_profiles() msg = (_("Unable to initialize NSX v3 lb profiles: "
except Exception as e: "Reason: %(reason)s") % {'reason': str(e)})
msg = (_("Unable to initialize NSX v3 lb profiles: " raise nsx_exc.NsxPluginException(err_msg=msg)
"Reason: %(reason)s") % {'reason': str(e)})
raise nsx_exc.NsxPluginException(err_msg=msg)
def _translate_configured_names_to_uuids(self): def _translate_configured_names_to_uuids(self):
# If using tags to find the objects, make sure tag scope is configured # If using tags to find the objects, make sure tag scope is configured
@ -859,10 +843,6 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
provider_data['vlan_id'], provider_data['vlan_id'],
nsx_id) nsx_id)
def _is_vlan_router_interface_supported(self):
return self.nsxlib.feature_supported(
nsxlib_consts.FEATURE_VLAN_ROUTER_INTERFACE)
def _is_overlay_network(self, context, network_id): def _is_overlay_network(self, context, network_id):
"""Return True if this is an overlay network """Return True if this is an overlay network
@ -1291,15 +1271,9 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
if resource_type: if resource_type:
tags = nsxlib_utils.add_v3_tag(tags, resource_type, device_id) tags = nsxlib_utils.add_v3_tag(tags, resource_type, device_id)
add_to_exclude_list = False
if self._is_excluded_port(device_owner, psec_is_on): if self._is_excluded_port(device_owner, psec_is_on):
if self.nsxlib.feature_supported( tags.append({'scope': security.PORT_SG_SCOPE,
nsxlib_consts.FEATURE_EXCLUDE_PORT_BY_TAG): 'tag': nsxlib_consts.EXCLUDE_PORT})
tags.append({'scope': security.PORT_SG_SCOPE,
'tag': nsxlib_consts.EXCLUDE_PORT})
else:
add_to_exclude_list = True
else: else:
# If port has no security-groups then we don't need to add any # If port has no security-groups then we don't need to add any
# security criteria tag. # security criteria tag.
@ -1417,12 +1391,6 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
port_data['id'], port_data['id'],
qos_policy_id) qos_policy_id)
# Add the port to the exclude list if necessary - this is if
# the version is below 2.0.0
if add_to_exclude_list:
self.nsxlib.firewall_section.add_member_to_fw_exclude_list(
result['id'], nsxlib_consts.TARGET_TYPE_LOGICAL_PORT)
return result return result
def _get_net_tz(self, context, net_id): def _get_net_tz(self, context, net_id):
@ -1675,17 +1643,6 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
_net_id, nsx_port_id = nsx_db.get_nsx_switch_and_port_id( _net_id, nsx_port_id = nsx_db.get_nsx_switch_and_port_id(
context.session, port_id) context.session, port_id)
self.nsxlib.logical_port.delete(nsx_port_id) self.nsxlib.logical_port.delete(nsx_port_id)
if (not self.nsxlib.feature_supported(
nsxlib_consts.FEATURE_EXCLUDE_PORT_BY_TAG) and
self._is_excluded_port(port.get('device_owner'),
port.get('port_security_enabled'))):
fs = self.nsxlib.firewall_section
try:
fs.remove_member_from_fw_exclude_list(
nsx_port_id, nsxlib_consts.TARGET_TYPE_LOGICAL_PORT)
except Exception as e:
LOG.warning("Unable to remove port from exclude list. "
"Reason: %s", e)
self.disassociate_floatingips(context, port_id) self.disassociate_floatingips(context, port_id)
# Remove Mac/IP binding from native DHCP server and neutron DB. # Remove Mac/IP binding from native DHCP server and neutron DB.
@ -1753,22 +1710,12 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
original_excluded = self._is_excluded_port(original_device_owner, original_excluded = self._is_excluded_port(original_device_owner,
original_ps) original_ps)
if updated_excluded != original_excluded: if updated_excluded != original_excluded:
if self.nsxlib.feature_supported( if updated_excluded:
nsxlib_consts.FEATURE_EXCLUDE_PORT_BY_TAG): tags_update.append({'scope': security.PORT_SG_SCOPE,
if updated_excluded: 'tag': nsxlib_consts.EXCLUDE_PORT})
tags_update.append({'scope': security.PORT_SG_SCOPE,
'tag': nsxlib_consts.EXCLUDE_PORT})
else:
tags_update.append({'scope': security.PORT_SG_SCOPE,
'tag': None})
else: else:
fs = self.nsxlib.firewall_section tags_update.append({'scope': security.PORT_SG_SCOPE,
if updated_excluded: 'tag': None})
fs.add_member_to_fw_exclude_list(
lport_id, nsxlib_consts.TARGET_TYPE_LOGICAL_PORT)
else:
fs.remove_member_from_fw_exclude_list(
lport_id, nsxlib_consts.TARGET_TYPE_LOGICAL_PORT)
tags_update += self.nsxlib.ns_group.get_lport_tags( tags_update += self.nsxlib.ns_group.get_lport_tags(
updated_port.get(ext_sg.SECURITYGROUPS, []) + updated_port.get(ext_sg.SECURITYGROUPS, []) +
@ -1779,10 +1726,8 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
'tag': NSX_V3_DEFAULT_SECTION}) 'tag': NSX_V3_DEFAULT_SECTION})
else: else:
# Ensure that the 'exclude' tag is set # Ensure that the 'exclude' tag is set
if self.nsxlib.feature_supported( tags_update.append({'scope': security.PORT_SG_SCOPE,
nsxlib_consts.FEATURE_EXCLUDE_PORT_BY_TAG): 'tag': nsxlib_consts.EXCLUDE_PORT})
tags_update.append({'scope': security.PORT_SG_SCOPE,
'tag': nsxlib_consts.EXCLUDE_PORT})
# Add availability zone profiles first (so that specific profiles will # Add availability zone profiles first (so that specific profiles will
# override them) # override them)
@ -2152,19 +2097,15 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
if actions['remove_router_link_port']: if actions['remove_router_link_port']:
# remove the link port and reset the router transport zone # remove the link port and reset the router transport zone
self.nsxlib.router.remove_router_link_port(nsx_router_id) self.nsxlib.router.remove_router_link_port(nsx_router_id)
if self.nsxlib.feature_supported( self.nsxlib.router.update_router_transport_zone(
nsxlib_consts.FEATURE_ROUTER_TRANSPORT_ZONE): nsx_router_id, None)
self.nsxlib.router.update_router_transport_zone(
nsx_router_id, None)
if actions['add_router_link_port']: if actions['add_router_link_port']:
# Add the overlay transport zone to the router config # Add the overlay transport zone to the router config
if self.nsxlib.feature_supported( tz_uuid = self.nsxlib.router.get_tier0_router_overlay_tz(
nsxlib_consts.FEATURE_ROUTER_TRANSPORT_ZONE): new_tier0_uuid)
tz_uuid = self.nsxlib.router.get_tier0_router_overlay_tz( if tz_uuid:
new_tier0_uuid) self.nsxlib.router.update_router_transport_zone(
if tz_uuid: nsx_router_id, tz_uuid)
self.nsxlib.router.update_router_transport_zone(
nsx_router_id, tz_uuid)
tags = self.nsxlib.build_v3_tags_payload( tags = self.nsxlib.build_v3_tags_payload(
router, resource_type='os-neutron-rport', router, resource_type='os-neutron-rport',
project_name=context.tenant_name) project_name=context.tenant_name)
@ -2210,21 +2151,17 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
return return
# Add NO-DNAT rule to allow internal traffic between VMs, even if # Add NO-DNAT rule to allow internal traffic between VMs, even if
# they have floating ips (Only for routers with snat enabled) # they have floating ips (Only for routers with snat enabled)
if self.nsxlib.feature_supported( self.nsxlib.logical_router.add_nat_rule(
nsxlib_consts.FEATURE_NO_DNAT_NO_SNAT): nsx_router_id, "NO_DNAT", None,
self.nsxlib.logical_router.add_nat_rule( dest_net=subnet['cidr'],
nsx_router_id, "NO_DNAT", None, rule_priority=nsxlib_router.GW_NAT_PRI)
dest_net=subnet['cidr'],
rule_priority=nsxlib_router.GW_NAT_PRI)
def _del_subnet_no_dnat_rule(self, context, nsx_router_id, subnet): def _del_subnet_no_dnat_rule(self, context, nsx_router_id, subnet):
# Delete the previously created NO-DNAT rules # Delete the previously created NO-DNAT rules
if self.nsxlib.feature_supported( self.nsxlib.logical_router.delete_nat_rule_by_values(
nsxlib_consts.FEATURE_NO_DNAT_NO_SNAT): nsx_router_id,
self.nsxlib.logical_router.delete_nat_rule_by_values( action="NO_DNAT",
nsx_router_id, match_destination_network=subnet['cidr'])
action="NO_DNAT",
match_destination_network=subnet['cidr'])
def validate_router_dhcp_relay(self, context): def validate_router_dhcp_relay(self, context):
"""Fail router creation dhcp relay is configured without IPAM""" """Fail router creation dhcp relay is configured without IPAM"""
@ -3352,10 +3289,6 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
return self.get_network_az_by_net_id( return self.get_network_az_by_net_id(
context, net_id).dhcp_relay_service context, net_id).dhcp_relay_service
def _support_vlan_router_interfaces(self):
return self.nsxlib.feature_supported(
nsxlib_consts.FEATURE_VLAN_ROUTER_INTERFACE)
def update_port_nsx_tags(self, context, port_id, tags, is_delete=False): def update_port_nsx_tags(self, context, port_id, tags, is_delete=False):
"""Update backend NSX port with tags from the tagging plugin""" """Update backend NSX port with tags from the tagging plugin"""
ctx = q_context.get_admin_context() ctx = q_context.get_admin_context()

7
vmware_nsx/plugins/nsx_v3/utils.py
View File

@ -542,10 +542,3 @@ def inject_headers():
return {'X-NSX-EUSER': user_id, return {'X-NSX-EUSER': user_id,
'X-NSX-EREQID': ctx_dict.get('request_id')} 'X-NSX-EREQID': ctx_dict.get('request_id')}
return {} return {}
def inject_requestid_header():
ctx = context_utils.get_current()
if ctx:
return {'X-NSX-EREQID': ctx.__dict__.get('request_id')}
return {}

8
vmware_nsx/services/fwaas/nsx_v3/edge_fwaas_driver_base.py
View File

@ -27,7 +27,6 @@ class CommonEdgeFwaasV3Driver(fwaas_driver_base.EdgeFwaasDriverBaseV2):
def __init__(self, driver_name): def __init__(self, driver_name):
super(CommonEdgeFwaasV3Driver, self).__init__(driver_name) super(CommonEdgeFwaasV3Driver, self).__init__(driver_name)
self.backend_support = True
self.driver_exception = exceptions.FirewallInternalDriverError self.driver_exception = exceptions.FirewallInternalDriverError
self._core_plugin = None self._core_plugin = None
@ -36,15 +35,8 @@ class CommonEdgeFwaasV3Driver(fwaas_driver_base.EdgeFwaasDriverBaseV2):
"""Get the core plugin - should be implemented by each driver""" """Get the core plugin - should be implemented by each driver"""
pass pass
def validate_backend_version(self):
"""Validate NSX backend supports FWaaS
Can be implemented by each driver
"""
pass
def _update_backend_routers(self, apply_list, fwg_id): def _update_backend_routers(self, apply_list, fwg_id):
"""Update all the affected router on the backend""" """Update all the affected router on the backend"""
self.validate_backend_version()
LOG.info("Updating routers firewall for firewall group %s", fwg_id) LOG.info("Updating routers firewall for firewall group %s", fwg_id)
context = n_context.get_admin_context() context = n_context.get_admin_context()
routers = set() routers = set()

21
vmware_nsx/services/fwaas/nsx_v3/edge_fwaas_driver_v2.py
View File

@ -15,9 +15,6 @@
import netaddr import netaddr
from neutron_lib.callbacks import events
from neutron_lib.callbacks import registry
from neutron_lib.callbacks import resources
from neutron_lib.plugins import directory from neutron_lib.plugins import directory
from oslo_log import log as logging from oslo_log import log as logging
@ -38,9 +35,6 @@ class EdgeFwaasV3DriverV2(base_driver.CommonEdgeFwaasV3Driver):
def __init__(self): def __init__(self):
super(EdgeFwaasV3DriverV2, self).__init__(FWAAS_DRIVER_NAME) super(EdgeFwaasV3DriverV2, self).__init__(FWAAS_DRIVER_NAME)
registry.subscribe(
self.check_backend_version,
resources.PROCESS, events.BEFORE_SPAWN)
@property @property
def core_plugin(self): def core_plugin(self):
@ -70,15 +64,6 @@ class EdgeFwaasV3DriverV2(base_driver.CommonEdgeFwaasV3Driver):
def nsx_router(self): def nsx_router(self):
return self.nsxlib.logical_router return self.nsxlib.logical_router
def check_backend_version(self, resource, event, trigger, payload=None):
if (self.core_plugin and
not self.nsxlib.feature_supported(consts.FEATURE_ROUTER_FIREWALL)):
# router firewall is not supported
LOG.warning("FWaaS is not supported by the NSX backend (version "
"%s): Router firewall is not supported",
self.nsxlib.get_version())
self.backend_support = False
def _translate_cidr(self, cidr, fwaas_rule_id): def _translate_cidr(self, cidr, fwaas_rule_id):
# Validate that this is a legal & supported ipv4 / ipv6 cidr # Validate that this is a legal & supported ipv4 / ipv6 cidr
error_msg = (_("Unsupported FWAAS cidr %(cidr)s for rule %(id)s") % { error_msg = (_("Unsupported FWAAS cidr %(cidr)s for rule %(id)s") % {
@ -195,12 +180,6 @@ class EdgeFwaasV3DriverV2(base_driver.CommonEdgeFwaasV3Driver):
return translated_rules return translated_rules
def validate_backend_version(self):
# prevent firewall actions if the backend does not support it
if not self.backend_support:
LOG.error("The NSX backend does not support router firewall")
raise self.driver_exception(driver=self.driver_name)
def get_default_backend_rule(self, section_id, allow_all=True): def get_default_backend_rule(self, section_id, allow_all=True):
# Add default allow all rule # Add default allow all rule
old_default_rule = self.nsx_firewall.get_default_rule( old_default_rule = self.nsx_firewall.get_default_rule(

11
vmware_nsx/services/vpnaas/common_v3/ipsec_validator.py
View File

@ -41,13 +41,6 @@ class IPsecCommonValidator(vpn_validator.VpnReferenceValidator):
# TVD currently supports only NSX-T and not NSX-P # TVD currently supports only NSX-T and not NSX-P
self._core_plugin = self._core_plugin.get_plugin_by_type( self._core_plugin = self._core_plugin.get_plugin_by_type(
projectpluginmap.NsxPlugins.NSX_T) projectpluginmap.NsxPlugins.NSX_T)
self.check_backend_version()
def check_backend_version(self):
pass
def _validate_backend_version(self):
pass
def _validate_policy_lifetime(self, policy_info, policy_type): def _validate_policy_lifetime(self, policy_info, policy_type):
"""NSX supports only units=seconds""" """NSX supports only units=seconds"""
@ -289,8 +282,6 @@ class IPsecCommonValidator(vpn_validator.VpnReferenceValidator):
def validate_ipsec_site_connection(self, context, ipsec_site_conn): def validate_ipsec_site_connection(self, context, ipsec_site_conn):
"""Called upon create/update of a connection""" """Called upon create/update of a connection"""
self._validate_backend_version()
self._validate_dpd(ipsec_site_conn) self._validate_dpd(ipsec_site_conn)
self._validate_psk(ipsec_site_conn) self._validate_psk(ipsec_site_conn)
@ -340,8 +331,6 @@ class IPsecCommonValidator(vpn_validator.VpnReferenceValidator):
def validate_vpnservice(self, context, vpnservice): def validate_vpnservice(self, context, vpnservice):
"""Called upon create/update of a service""" """Called upon create/update of a service"""
self._validate_backend_version()
# Call general validations # Call general validations
super(IPsecCommonValidator, self).validate_vpnservice( super(IPsecCommonValidator, self).validate_vpnservice(
context, vpnservice) context, vpnservice)

17
vmware_nsx/services/vpnaas/nsxv3/ipsec_validator.py
View File

@ -19,7 +19,6 @@ from vmware_nsx._i18n import _
from vmware_nsx.common import exceptions as nsx_exc from vmware_nsx.common import exceptions as nsx_exc
from vmware_nsx.services.vpnaas.common_v3 import ipsec_utils from vmware_nsx.services.vpnaas.common_v3 import ipsec_utils
from vmware_nsx.services.vpnaas.common_v3 import ipsec_validator from vmware_nsx.services.vpnaas.common_v3 import ipsec_validator
from vmware_nsxlib.v3 import nsx_constants as consts
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -33,22 +32,6 @@ class IPsecV3Validator(ipsec_validator.IPsecCommonValidator):
def nsxlib(self): def nsxlib(self):
return self._core_plugin.nsxlib return self._core_plugin.nsxlib
def check_backend_version(self):
if not self.nsxlib.feature_supported(consts.FEATURE_IPSEC_VPN):
# ipsec vpn is not supported
LOG.warning("VPNaaS is not supported by the NSX backend (version "
"%s)",
self.nsxlib.get_version())
self.backend_support = False
else:
self.backend_support = True
def _validate_backend_version(self):
if not self.backend_support:
msg = (_("VPNaaS is not supported by the NSX backend "
"(version %s)") % self.nsxlib.get_version())
raise nsx_exc.NsxVpnValidationError(details=msg)
@property @property
def auth_algorithm_map(self): def auth_algorithm_map(self):
return ipsec_utils.AUTH_ALGORITHM_MAP return ipsec_utils.AUTH_ALGORITHM_MAP

11
vmware_nsx/shell/admin/plugins/nsxv3/resources/http_service.py
View File

@ -19,7 +19,6 @@ from vmware_nsx.shell.admin.plugins.common import constants
from vmware_nsx.shell.admin.plugins.common import utils as admin_utils from vmware_nsx.shell.admin.plugins.common import utils as admin_utils
from vmware_nsx.shell.admin.plugins.nsxv3.resources import utils from vmware_nsx.shell.admin.plugins.nsxv3.resources import utils
import vmware_nsx.shell.resources as shell import vmware_nsx.shell.resources as shell
from vmware_nsxlib.v3 import nsx_constants
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
neutron_client = utils.NeutronDbClient() neutron_client = utils.NeutronDbClient()
@ -30,11 +29,6 @@ def nsx_rate_limit_show(resource, event, trigger, **kwargs):
"""Show the current NSX rate limit.""" """Show the current NSX rate limit."""
nsxlib = utils.get_connected_nsxlib() nsxlib = utils.get_connected_nsxlib()
if not nsxlib.feature_supported(nsx_constants.FEATURE_RATE_LIMIT):
LOG.error("This utility is not available for NSX version %s",
nsxlib.get_version())
return
rate_limit = nsxlib.http_services.get_rate_limit() rate_limit = nsxlib.http_services.get_rate_limit()
LOG.info("Current NSX rate limit is %s", rate_limit) LOG.info("Current NSX rate limit is %s", rate_limit)
@ -46,11 +40,6 @@ def nsx_rate_limit_update(resource, event, trigger, **kwargs):
The default value is 40. 0 means no limit The default value is 40. 0 means no limit
""" """
nsxlib = utils.get_connected_nsxlib() nsxlib = utils.get_connected_nsxlib()
if not nsxlib.feature_supported(nsx_constants.FEATURE_RATE_LIMIT):
LOG.error("This utility is not available for NSX version %s",
nsxlib.get_version())
return
rate_limit = None rate_limit = None
if kwargs.get('property'): if kwargs.get('property'):
properties = admin_utils.parse_multi_keyval_opt(kwargs['property']) properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])

26
vmware_nsx/shell/admin/plugins/nsxv3/resources/loadbalancer.py
View File

@ -24,7 +24,6 @@ from vmware_nsx.shell.admin.plugins.common import formatters
from vmware_nsx.shell.admin.plugins.common import utils as admin_utils from vmware_nsx.shell.admin.plugins.common import utils as admin_utils
from vmware_nsx.shell.admin.plugins.nsxv3.resources import utils from vmware_nsx.shell.admin.plugins.nsxv3.resources import utils
from vmware_nsx.shell import resources as shell from vmware_nsx.shell import resources as shell
from vmware_nsxlib.v3 import nsx_constants as consts
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -35,11 +34,6 @@ def nsx_list_lb_services(resource, event, trigger, **kwargs):
"""List LB services on NSX backend""" """List LB services on NSX backend"""
nsxlib = utils.get_connected_nsxlib() nsxlib = utils.get_connected_nsxlib()
if not nsxlib.feature_supported(consts.FEATURE_LOAD_BALANCER):
LOG.error("This utility is not available for NSX version %s",
nsxlib.get_version())
return
lb_services = nsxlib.load_balancer.service.list() lb_services = nsxlib.load_balancer.service.list()
LOG.info(formatters.output_formatter( LOG.info(formatters.output_formatter(
constants.LB_SERVICES, lb_services['results'], constants.LB_SERVICES, lb_services['results'],
@ -53,11 +47,6 @@ def nsx_list_lb_virtual_servers(resource, event, trigger, **kwargs):
"""List LB virtual servers on NSX backend""" """List LB virtual servers on NSX backend"""
nsxlib = utils.get_connected_nsxlib() nsxlib = utils.get_connected_nsxlib()
if not nsxlib.feature_supported(consts.FEATURE_LOAD_BALANCER):
LOG.error("This utility is not available for NSX version %s",
nsxlib.get_version())
return
lb_virtual_servers = nsxlib.load_balancer.virtual_server.list() lb_virtual_servers = nsxlib.load_balancer.virtual_server.list()
LOG.info(formatters.output_formatter( LOG.info(formatters.output_formatter(
constants.LB_VIRTUAL_SERVERS, lb_virtual_servers['results'], constants.LB_VIRTUAL_SERVERS, lb_virtual_servers['results'],
@ -70,11 +59,6 @@ def nsx_list_lb_virtual_servers(resource, event, trigger, **kwargs):
def nsx_list_lb_pools(resource, event, trigger, **kwargs): def nsx_list_lb_pools(resource, event, trigger, **kwargs):
nsxlib = utils.get_connected_nsxlib() nsxlib = utils.get_connected_nsxlib()
if not nsxlib.feature_supported(consts.FEATURE_LOAD_BALANCER):
LOG.error("This utility is not available for NSX version %s",
nsxlib.get_version())
return
lb_pools = nsxlib.load_balancer.pool.list() lb_pools = nsxlib.load_balancer.pool.list()
LOG.info(formatters.output_formatter( LOG.info(formatters.output_formatter(
constants.LB_POOLS, lb_pools['results'], constants.LB_POOLS, lb_pools['results'],
@ -87,11 +71,6 @@ def nsx_list_lb_pools(resource, event, trigger, **kwargs):
def nsx_list_lb_monitors(resource, event, trigger, **kwargs): def nsx_list_lb_monitors(resource, event, trigger, **kwargs):
nsxlib = utils.get_connected_nsxlib() nsxlib = utils.get_connected_nsxlib()
if not nsxlib.feature_supported(consts.FEATURE_LOAD_BALANCER):
LOG.error("This utility is not available for NSX version %s",
nsxlib.get_version())
return
lb_monitors = nsxlib.load_balancer.monitor.list() lb_monitors = nsxlib.load_balancer.monitor.list()
LOG.info(formatters.output_formatter( LOG.info(formatters.output_formatter(
constants.LB_MONITORS, lb_monitors['results'], constants.LB_MONITORS, lb_monitors['results'],
@ -106,11 +85,6 @@ def nsx_update_router_lb_advertisement(resource, event, trigger, **kwargs):
This utility will update existing LB/routers This utility will update existing LB/routers
""" """
nsxlib = utils.get_connected_nsxlib() nsxlib = utils.get_connected_nsxlib()
if not nsxlib.feature_supported(consts.FEATURE_LOAD_BALANCER):
LOG.error("This utility is not available for NSX version %s",
nsxlib.get_version())
return
# Get the list of neutron routers used by LB # Get the list of neutron routers used by LB
lb_services = nsxlib.load_balancer.service.list()['results'] lb_services = nsxlib.load_balancer.service.list()['results']
lb_routers = [] lb_routers = []