From 0ab0652e62037781568d0c90d155b188f6b85f55 Mon Sep 17 00:00:00 2001 From: Adit Sarfaty Date: Mon, 29 Apr 2019 10:55:46 +0300 Subject: [PATCH] NSX|P: Improve router GW setting - combine 2 backends calls into 1 for removing the service router - silent GET actions - get router for gateway-firewall creation only if fwaas is enabled Change-Id: I063a5a7284bcbdf08f00f563aba7285b11a83313 --- vmware_nsx/plugins/nsx_p/plugin.py | 27 +++++++++---------- .../fwaas/nsx_p/fwaas_callbacks_v2.py | 4 +-- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/vmware_nsx/plugins/nsx_p/plugin.py b/vmware_nsx/plugins/nsx_p/plugin.py index e726864994..0453392246 100644 --- a/vmware_nsx/plugins/nsx_p/plugin.py +++ b/vmware_nsx/plugins/nsx_p/plugin.py @@ -1462,18 +1462,17 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): self.update_router_firewall(context, router_id) def delete_service_router(self, router_id): - try: - # Disable standby relocation on this router - self.nsxpolicy.tier1.set_standby_relocation( - router_id, enable_standby_relocation=False) - except Exception as ex: - LOG.warning("Failed to disable standby relocation for router " - "%s: %s", router_id, ex) - - # remove the edge firewall + """Delete the Tier1 service router by removing its edge cluster + Before that - disable all the features that require the service + router to exist. + """ + # remove the gateway firewall policy if self.fwaas_callbacks and self.fwaas_callbacks.fwaas_enabled: self.fwaas_callbacks.delete_router_gateway_policy(router_id) - self.nsxpolicy.tier1.update(router_id, disable_firewall=True) + + # Disable gateway firewall and standby relocation + self.nsxpolicy.tier1.update( + router_id, disable_firewall=True, enable_standby_relocation=False) # remove the edge cluster from the tier1 router self.nsxpolicy.tier1.remove_edge_cluster(router_id) @@ -1569,7 +1568,6 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): # always advertise ipv6 subnets if gateway is set advertise_ipv6_subnets = True if info else False - self._update_router_advertisement_rules(router_id, router_subnets, advertise_ipv6_subnets) @@ -2713,11 +2711,12 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): When FWaaS is disabled, there is no need to update the NSX router FW, as the default rule is allow-all. """ - if not router_db: - router_db = self._get_router(context, router_id) - if (self.fwaas_callbacks and self.fwaas_callbacks.fwaas_enabled): + + if not router_db: + router_db = self._get_router(context, router_id) + # find all the relevant ports of the router for FWaaS v2 # TODO(asarfaty): Add vm ports as well ports = self._get_router_interfaces(context, router_id) diff --git a/vmware_nsx/services/fwaas/nsx_p/fwaas_callbacks_v2.py b/vmware_nsx/services/fwaas/nsx_p/fwaas_callbacks_v2.py index 65803ea9f3..99f9b08541 100644 --- a/vmware_nsx/services/fwaas/nsx_p/fwaas_callbacks_v2.py +++ b/vmware_nsx/services/fwaas/nsx_p/fwaas_callbacks_v2.py @@ -369,7 +369,7 @@ class NsxpFwaasCallbacksV2(com_callbacks.NsxCommonv3FwaasCallbacksV2): # Check if the gateway policy already exists try: self.nsxpolicy.gateway_policy.get(policy_constants.DEFAULT_DOMAIN, - map_id=router_id) + map_id=router_id, silent=True) except nsx_lib_exc.ResourceNotFound: LOG.info("Going to create gateway policy for router %s", router_id) else: @@ -396,7 +396,7 @@ class NsxpFwaasCallbacksV2(com_callbacks.NsxCommonv3FwaasCallbacksV2): """ try: self.nsxpolicy.gateway_policy.get(policy_constants.DEFAULT_DOMAIN, - map_id=router_id) + map_id=router_id, silent=True) except nsx_lib_exc.ResourceNotFound: return self.nsxpolicy.gateway_policy.delete(policy_constants.DEFAULT_DOMAIN,