NSX|V: provide admin utility to update default cluster section

Have an admin utility to update the default cluster section. This will save restarting neutron every time a cluster is added/deleted. Admin utility command is: nsxadmin -r firewall-sections -o nsx-update The cluster modefs still need to be updated in the nsx.ini file Change-Id: If750c150a1b624b5a321dc744e0f538b3a58c5b5
2017-04-09 06:26:09 -07:00 · 2017-04-09 06:26:09 -07:00 · d85dd105b8
commit d85dd105b8
parent 228181c7da
3 changed files with 20 additions and 0 deletions
--- a/doc/source/admin_util.rst
+++ b/doc/source/admin_util.rst
@ -197,6 +197,10 @@ Security Groups, Firewall and Spoofguard

    nsxadmin -r firewall-sections -o nsx-reorder

+- Update the default cluster section
+
+    nsxadmin -r firewall-sections -o nsx-update
+
 Metadata
 ~~~~~~~~

--- a/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py
+++ b/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py
@ -406,6 +406,14 @@ def migrate_sg_to_policy(resource, event, trigger, **kwargs):
        LOG.info("Done.")


+@admin_utils.output_header
+def firewall_update_cluster_default_fw_section(resource, event, trigger,
+                                               **kwargs):
+    with utils.NsxVPluginWrapper() as plugin:
+        plugin._create_cluster_default_fw_section()
+        LOG.info("Cluster default FW section updated.")
+
+
 registry.subscribe(migrate_sg_to_policy,
                   constants.SECURITY_GROUPS,
                   shell.Operations.MIGRATE_TO_POLICY.value)
@ -413,3 +421,7 @@ registry.subscribe(migrate_sg_to_policy,
 registry.subscribe(reorder_firewall_sections,
                   constants.FIREWALL_SECTIONS,
                   shell.Operations.NSX_REORDER.value)
+
+registry.subscribe(firewall_update_cluster_default_fw_section,
+                   constants.FIREWALL_SECTIONS,
+                   shell.Operations.NSX_UPDATE.value)
--- a/vmware_nsx/shell/resources.py
+++ b/vmware_nsx/shell/resources.py
@ -150,6 +150,10 @@ nsxv_resources = {
    constants.FIREWALL_NSX_GROUPS: Resource(
        constants.FIREWALL_NSX_GROUPS, [Operations.LIST.value,
                                        Operations.LIST_MISMATCHES.value]),
+    constants.FIREWALL_SECTIONS: Resource(constants.FIREWALL_SECTIONS,
+                                          [Operations.LIST.value,
+                                           Operations.LIST_MISMATCHES.value,
+                                           Operations.NSX_UPDATE.value]),
    constants.METADATA: Resource(
        constants.METADATA, [Operations.NSX_UPDATE.value,
                             Operations.NSX_UPDATE_SECRET.value,