diff --git a/vmware_nsx/db/db.py b/vmware_nsx/db/db.py index 4a3c8be47e..7b655997aa 100644 --- a/vmware_nsx/db/db.py +++ b/vmware_nsx/db/db.py @@ -694,6 +694,11 @@ def get_project_plugin_mappings(session): return session.query(nsx_models.NsxProjectPluginMapping).all() +def get_project_plugin_mappings_by_plugin(session, plugin): + return session.query(nsx_models.NsxProjectPluginMapping).filter_by( + plugin=plugin).all() + + def add_nsx_vpn_connection_mapping(session, neutron_id, session_id, dpd_profile_id, ike_profile_id, ipsec_profile_id, peer_ep_id): diff --git a/vmware_nsx/shell/admin/plugins/common/utils.py b/vmware_nsx/shell/admin/plugins/common/utils.py index 8da7bb1772..7c6232b2ee 100644 --- a/vmware_nsx/shell/admin/plugins/common/utils.py +++ b/vmware_nsx/shell/admin/plugins/common/utils.py @@ -16,6 +16,7 @@ import sys import six from vmware_nsx._i18n import _ +from vmware_nsx.db import db from vmware_nsx.shell import resources as nsxadmin from neutron.common import profiler # noqa @@ -112,3 +113,16 @@ def fix_mismatches_handler(resource): nsxadmin.Operations.FIX_MISMATCH.value) return func return wrap + + +def get_plugin_filters(context, plugin): + # Return filters for the neutron list apis so that only resources from + # a specific plugin will be returned. + filters = {} + core_plugin = nsxadmin.get_plugin() + if core_plugin == 'nsxtvd': + maps = db.get_project_plugin_mappings_by_plugin( + context.session, plugin) + if maps: + filters['project_id'] = [m.project for m in maps] + return filters diff --git a/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py b/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py index 52f5aca3c4..b91aacbe61 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py +++ b/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py @@ -73,8 +73,9 @@ class NeutronSecurityGroupDB( self.context, sg_id) def get_security_groups(self): + filters = utils.get_plugin_filters(self.context) return super(NeutronSecurityGroupDB, - self).get_security_groups(self.context) + self).get_security_groups(self.context, filters=filters) def get_security_group_id_by_section_id(self, section_id): section_url = ("/api/4.0/firewall/globalroot-0/config/layer3sections" diff --git a/vmware_nsx/shell/admin/plugins/nsxv/resources/utils.py b/vmware_nsx/shell/admin/plugins/nsxv/resources/utils.py index f3b25170b0..b8f2152f1f 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv/resources/utils.py +++ b/vmware_nsx/shell/admin/plugins/nsxv/resources/utils.py @@ -22,8 +22,10 @@ from neutron_lib import context as neutron_context from neutron_lib.plugins import directory from vmware_nsx.common import config +from vmware_nsx.extensions import projectpluginmap from vmware_nsx import plugin from vmware_nsx.plugins.nsx_v.vshield import vcns +from vmware_nsx.shell.admin.plugins.common import utils as admin_utils LOG = logging.getLogger(__name__) @@ -37,6 +39,11 @@ def get_nsxv_client(): insecure=cfg.CONF.nsxv.insecure) +def get_plugin_filters(context): + return admin_utils.get_plugin_filters( + context, projectpluginmap.NsxPlugins.NSX_V) + + class NeutronDbClient(common_db.CommonDbMixin): def __init__(self): super(NeutronDbClient, self) @@ -47,6 +54,8 @@ class NsxVPluginWrapper(plugin.NsxVPlugin): def __init__(self): config.register_nsxv_azs(cfg.CONF, cfg.CONF.nsxv.availability_zones) + self.context = neutron_context.get_admin_context() + self.filters = get_plugin_filters(self.context) super(NsxVPluginWrapper, self).__init__() # Make this the core plugin directory.add_plugin('CORE', self) @@ -98,6 +107,32 @@ class NsxVPluginWrapper(plugin.NsxVPlugin): LOG.warning("Sorry. Waited for too long. Some jobs are still " "running.") + def _update_filters(self, requested_filters): + filters = self.filters.copy() + if requested_filters: + filters.update(requested_filters) + return filters + + def get_networks(self, context, filters=None, fields=None): + filters = self._update_filters(filters) + return super(NsxVPluginWrapper, self).get_networks( + context, filters=filters, fields=fields) + + def get_subnets(self, context, filters=None, fields=None): + filters = self._update_filters(filters) + return super(NsxVPluginWrapper, self).get_subnets( + context, filters=filters, fields=fields) + + def get_ports(self, context, filters=None, fields=None): + filters = self._update_filters(filters) + return super(NsxVPluginWrapper, self).get_ports( + self.context, filters=filters, fields=fields) + + def get_routers(self, context, filters=None, fields=None): + filters = self._update_filters(filters) + return super(NsxVPluginWrapper, self).get_routers( + self.context, filters=filters, fields=fields) + def get_nsxv_backend_edges(): """Get a list of all the backend edges and some of their attributes diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/networks.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/networks.py index a1ec9a8625..0d40e25c40 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/networks.py +++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/networks.py @@ -45,7 +45,8 @@ def list_missing_networks(resource, event, trigger, **kwargs): nsxlib = utils.get_connected_nsxlib() plugin = db_base_plugin_v2.NeutronDbPluginV2() admin_cxt = neutron_context.get_admin_context() - neutron_networks = plugin.get_networks(admin_cxt) + filters = utils.get_plugin_filters(admin_cxt) + neutron_networks = plugin.get_networks(admin_cxt, filters=filters) networks = [] for net in neutron_networks: neutron_id = net['id'] diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/ports.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/ports.py index 5b4b024278..2a4024faf8 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/ports.py +++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/ports.py @@ -119,9 +119,9 @@ def list_missing_ports(resource, event, trigger, **kwargs): And ports with wrong switch profiles """ admin_cxt = neutron_context.get_admin_context() - + filters = v3_utils.get_plugin_filters(admin_cxt) with PortsPlugin() as plugin: - neutron_ports = plugin.get_ports(admin_cxt) + neutron_ports = plugin.get_ports(admin_cxt, filters=filters) port_client, profile_client = get_port_and_profile_clients() # get pre-defined profile ids @@ -228,7 +228,8 @@ def migrate_compute_ports_vms(resource, event, trigger, **kwargs): # Go over all the compute ports from the plugin admin_cxt = neutron_context.get_admin_context() - port_filters = {'device_owner': ['compute:None']} + port_filters = v3_utils.get_plugin_filters(admin_cxt) + port_filters['device_owner'] = ['compute:None'] with PortsPlugin() as plugin: neutron_ports = plugin.get_ports(admin_cxt, filters=port_filters) @@ -325,11 +326,12 @@ def migrate_exclude_ports(resource, event, trigger, **kwargs): def tag_default_ports(resource, event, trigger, **kwargs): nsxlib = v3_utils.get_connected_nsxlib() admin_cxt = neutron_context.get_admin_context() + filters = v3_utils.get_plugin_filters(admin_cxt) # the plugin creation below will create the NS group and update the default # OS section to have the correct applied to group with v3_utils.NsxV3PluginWrapper() as _plugin: - neutron_ports = _plugin.get_ports(admin_cxt) + neutron_ports = _plugin.get_ports(admin_cxt, filters=filters) for port in neutron_ports: neutron_id = port['id'] # get the network nsx id from the mapping table diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/routers.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/routers.py index 350f92eb92..d26af9d693 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/routers.py +++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/routers.py @@ -14,7 +14,6 @@ import sys -from vmware_nsx.common import config # noqa from vmware_nsx.common import utils as nsx_utils from vmware_nsx.db import db as nsx_db from vmware_nsx.shell.admin.plugins.common import constants @@ -29,7 +28,6 @@ from neutron.db import db_base_plugin_v2 from neutron.db import l3_db from neutron_lib.callbacks import registry from neutron_lib import context as neutron_context -from oslo_config import cfg from oslo_log import log as logging LOG = logging.getLogger(__name__) @@ -48,7 +46,8 @@ def list_missing_routers(resource, event, trigger, **kwargs): nsxlib = utils.get_connected_nsxlib() plugin = RoutersPlugin() admin_cxt = neutron_context.get_admin_context() - neutron_routers = plugin.get_routers(admin_cxt) + filters = utils.get_plugin_filters(admin_cxt) + neutron_routers = plugin.get_routers(admin_cxt, filters=filters) routers = [] for router in neutron_routers: neutron_id = router['id'] @@ -90,7 +89,8 @@ def update_nat_rules(resource, event, trigger, **kwargs): # Go over all neutron routers plugin = RoutersPlugin() admin_cxt = neutron_context.get_admin_context() - neutron_routers = plugin.get_routers(admin_cxt) + filters = utils.get_plugin_filters(admin_cxt) + neutron_routers = plugin.get_routers(admin_cxt, filters=filters) num_of_updates = 0 for router in neutron_routers: neutron_id = router['id'] @@ -185,21 +185,19 @@ def update_dhcp_relay(resource, event, trigger, **kwargs): LOG.error("DHCP relay is not supported by NSX version %s", version) return - # initialize the availability zones and nsxlib - config.register_nsxv3_azs(cfg.CONF, cfg.CONF.nsx_v3.availability_zones) - admin_cxt = neutron_context.get_admin_context() + filters = utils.get_plugin_filters(admin_cxt) with utils.NsxV3PluginWrapper() as plugin: # Make sure FWaaS was initialized plugin.init_fwaas_for_admin_utils() # get all neutron routers and interfaces ports - routers = plugin.get_routers(admin_cxt) + routers = plugin.get_routers(admin_cxt, filters=filters) for router in routers: LOG.info("Updating router %s", router['id']) - filters = {'device_owner': [l3_db.DEVICE_OWNER_ROUTER_INTF], - 'device_id': [router['id']]} - ports = plugin.get_ports(admin_cxt, filters=filters) + port_filters = {'device_owner': [l3_db.DEVICE_OWNER_ROUTER_INTF], + 'device_id': [router['id']]} + ports = plugin.get_ports(admin_cxt, filters=port_filters) for port in ports: # get the backend router port by the tag nsx_port_id = nsxlib.get_id_by_resource_and_tag( @@ -217,7 +215,10 @@ def update_dhcp_relay(resource, event, trigger, **kwargs): nsx_port_id, relay_service_uuid=az.dhcp_relay_service) # if FWaaS is enables, also update the firewall rules - plugin.update_router_firewall(admin_cxt, router['id']) + try: + plugin.update_router_firewall(admin_cxt, router['id']) + except Exception: + pass LOG.info("Done.") diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py index 40aa736f07..ef5af386c3 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py +++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py @@ -41,10 +41,12 @@ class NeutronSecurityGroupApi(securitygroups_db.SecurityGroupDbMixin, def __init__(self): super(NeutronSecurityGroupApi, self) self.context = neutron_context.get_admin_context() + self.filters = v3_utils.get_plugin_filters(self.context) def get_security_groups(self): return super(NeutronSecurityGroupApi, - self).get_security_groups(self.context) + self).get_security_groups(self.context, + filters=self.filters) def delete_security_group(self, sg_id): return super(NeutronSecurityGroupApi, diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py index c47c147c1a..36e425d61e 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py +++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py @@ -25,11 +25,14 @@ from neutron_lib.plugins import directory from neutron_fwaas.services.firewall import fwaas_plugin as fwaas_plugin_v1 from neutron_fwaas.services.firewall import fwaas_plugin_v2 +from vmware_nsx.common import config from vmware_nsx.db import db as nsx_db +from vmware_nsx.extensions import projectpluginmap from vmware_nsx.plugins.nsx_v3 import plugin from vmware_nsx.plugins.nsx_v3 import utils as v3_utils from vmware_nsx.services.fwaas.nsx_v3 import fwaas_callbacks_v1 from vmware_nsx.services.fwaas.nsx_v3 import fwaas_callbacks_v2 +from vmware_nsx.shell.admin.plugins.common import utils as admin_utils from vmware_nsxlib.v3 import nsx_constants _NSXLIB = None @@ -57,16 +60,30 @@ def get_connected_nsxlib(nsx_username=None, nsx_password=None, return _NSXLIB +def get_plugin_filters(context): + return admin_utils.get_plugin_filters( + context, projectpluginmap.NsxPlugins.NSX_T) + + class NeutronDbClient(db_base_plugin_v2.NeutronDbPluginV2): def __init__(self): super(NeutronDbClient, self).__init__() self.context = context.get_admin_context() + self.filters = get_plugin_filters(self.context) + + def _update_filters(self, requested_filters): + filters = self.filters.copy() + if requested_filters: + filters.update(requested_filters) + return filters def get_ports(self, filters=None, fields=None): + filters = self._update_filters(filters) return super(NeutronDbClient, self).get_ports( self.context, filters=filters, fields=fields) def get_networks(self, filters=None, fields=None): + filters = self._update_filters(filters) return super(NeutronDbClient, self).get_networks( self.context, filters=filters, fields=fields) @@ -106,6 +123,8 @@ class NeutronDbClient(db_base_plugin_v2.NeutronDbPluginV2): class NsxV3PluginWrapper(plugin.NsxV3Plugin): def __init__(self): + # initialize the availability zones + config.register_nsxv3_azs(cfg.CONF, cfg.CONF.nsx_v3.availability_zones) super(NsxV3PluginWrapper, self).__init__() self.context = context.get_admin_context()