x/vmware-nsx
Code Issues Proposed changes

NSX-V3 devstack cleanup for VPNaaS

Browse Source 
Delete all NSX VPN objects on devstack cleanup

Change-Id: Ib6f49961e76e648d56f9c4576342bba0a1b9b778
This commit is contained in:
Adit Sarfaty 2018-03-21 08:20:15 +02:00
parent 9d99e2ffb6
commit cec3ed1788
1 changed files with 41 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
devstack/tools/nsxv3_cleanup.py
View File

@ -56,8 +56,8 @@ class NeutronNsxDB(object):
return self.query_all('nsx_service_id', return self.query_all('nsx_service_id',
nsx_models.NeutronNsxServiceBinding) nsx_models.NeutronNsxServiceBinding)
def get_vpn_sessions(self): def get_vpn_objects(self, column_name):
return self.query_all('session_id', return self.query_all(column_name,
nsx_models.NsxVpnConnectionMapping) nsx_models.NsxVpnConnectionMapping)
@ -419,20 +419,32 @@ class NSXClient(object):
print("Successfully deleted logical DHCP server %s" % print("Successfully deleted logical DHCP server %s" %
server['display_name']) server['display_name'])
def get_os_vpn_sessions(self): def get_os_vpn_objects(self, nsxlib_class, db_column_name):
""" """
Retrieve all nsx vpn sessions from nsx and OpenStack Retrieve all nsx vpn sessions from nsx and OpenStack
""" """
sessions = self.get_os_resources( objects = self.get_os_resources(nsxlib_class.list()['results'])
self.nsxlib.vpn_ipsec.session.list()['results'])
if self.neutron_db: if self.neutron_db:
db_sessions = self.neutron_db.get_vpn_sessions() db_objects = self.neutron_db.get_vpn_objects(db_column_name)
sessions = [sess for sess in sessions objects = [obj for obj in objects if obj['id'] in db_objects]
if sess['id'] in db_sessions] return objects
return sessions
def cleanup_vpnaas_objects(self): def clean_vpn_objects(self, obj_name, nsxlib_class, db_column_name):
objects = self.get_os_vpn_objects(nsxlib_class, db_column_name)
print("Number of VPN %(name)ss to be deleted: %(num)s" %
{'name': obj_name, 'num': len(objects)})
for obj in objects:
try:
nsxlib_class.delete(obj['id'])
except Exception as e:
print("ERROR: Failed to delete vpn ipsec %(name)s %(id)s, "
"error %(e)s" % {'name': obj_name, 'id': obj['id'],
'e': e})
else:
print("Successfully deleted vpn ipsec %(name)s %(id)s" %
{'name': obj_name, 'id': obj['id']})
def cleanup_vpnaas(self):
""" """
Cleanup vpn/ipsec nsx objects Cleanup vpn/ipsec nsx objects
""" """
@ -440,18 +452,23 @@ class NSXClient(object):
# no vpn support # no vpn support
return return
# sessions: leftover sessions prevent us from configuring new similar self.clean_vpn_objects('session',
# sessions so it is important to delete them self.nsxlib.vpn_ipsec.session,
sessions = self.get_os_vpn_sessions() 'session_id')
for session in sessions: self.clean_vpn_objects('peer endpoint',
try: self.nsxlib.vpn_ipsec.peer_endpoint,
self.nsxlib.vpn_ipsec.session.delete(session['id']) 'peer_ep_id')
except Exception as e: self.clean_vpn_objects('DPD profile',
print("ERROR: Failed to delete vpn ipsec session %s, " self.nsxlib.vpn_ipsec.dpd_profile,
"error %s" % (session['id'], e)) 'dpd_profile_id')
else: self.clean_vpn_objects('IKE profile',
print("Successfully deleted vpn ipsec session %s" % self.nsxlib.vpn_ipsec.ike_profile,
session['id']) 'ike_profile_id')
self.clean_vpn_objects('tunnel profile',
self.nsxlib.vpn_ipsec.tunnel_profile,
'ipsec_profile_id')
#NOTE(asarfaty): The vpn services are not deleted since we have 1 per
# Tier-0 router, and those can be used outside of openstack too.
def cleanup_logical_router_vpn_sess(self, lr): def cleanup_logical_router_vpn_sess(self, lr):
""" """
@ -498,7 +515,7 @@ class NSXClient(object):
""" """
self.cleanup_os_firewall_sections() self.cleanup_os_firewall_sections()
self.cleanup_os_ns_groups() self.cleanup_os_ns_groups()
self.cleanup_vpnaas_objects() self.cleanup_vpnaas()
self.cleanup_os_logical_routers() self.cleanup_os_logical_routers()
self.cleanup_os_tier0_logical_ports() self.cleanup_os_tier0_logical_ports()
self.cleanup_os_logical_ports() self.cleanup_os_logical_ports()