d8eeda9baf
This is part of new vmware_nsx directory structure proposed in https://goo.gl/GdWXyH. Change-Id: I60d6ef62eb724df71dfda90137e00f107e220971
1861 lines
84 KiB
Python
1861 lines
84 KiB
Python
# Copyright 2014 VMware, Inc.
|
|
# All Rights Reserved
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import eventlet
|
|
import netaddr
|
|
import random
|
|
from sqlalchemy import exc as db_base_exc
|
|
import time
|
|
|
|
from oslo_config import cfg
|
|
from oslo_log import log as logging
|
|
from oslo_utils import excutils
|
|
from oslo_utils import uuidutils
|
|
from six import moves
|
|
from sqlalchemy.orm import exc as sa_exc
|
|
|
|
from neutron.common import exceptions as n_exc
|
|
from neutron import context as q_context
|
|
from neutron.extensions import l3
|
|
from neutron.i18n import _LE, _LW
|
|
from neutron.plugins.common import constants as plugin_const
|
|
|
|
from vmware_nsx.common import exceptions as nsx_exc
|
|
from vmware_nsx.common import locking
|
|
from vmware_nsx.common import nsxv_constants
|
|
from vmware_nsx.db import db as nsx_db
|
|
from vmware_nsx.db import nsxv_db
|
|
from vmware_nsx.vshield.common import (
|
|
constants as vcns_const)
|
|
from vmware_nsx.vshield.tasks import (
|
|
constants as task_const)
|
|
from vmware_nsx.vshield.tasks import tasks
|
|
from vmware_nsx.vshield import vcns
|
|
|
|
WORKER_POOL_SIZE = 8
|
|
RP_FILTER_PROPERTY_OFF_TEMPLATE = 'sysctl.net.ipv4.conf.%s.rp_filter=%s'
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
_uuid = uuidutils.generate_uuid
|
|
|
|
|
|
def parse_backup_edge_pool_opt():
|
|
"""Parse edge pool opts and returns result."""
|
|
edge_pool_opts = cfg.CONF.nsxv.backup_edge_pool
|
|
res = []
|
|
for edge_pool_def in edge_pool_opts:
|
|
split = edge_pool_def.split(':')
|
|
try:
|
|
(edge_type, edge_size, minimum_pooled_edges,
|
|
maximum_pooled_edges) = split[:4]
|
|
except ValueError:
|
|
raise n_exc.Invalid(_("Invalid edge pool format"))
|
|
if edge_type not in vcns_const.ALLOWED_EDGE_TYPES:
|
|
msg = (_("edge type '%(edge_type)s' is not allowed, "
|
|
"allowed types: %(allowed)s") %
|
|
{'edge_type': edge_type,
|
|
'allowed': vcns_const.ALLOWED_EDGE_TYPES})
|
|
LOG.error(msg)
|
|
raise n_exc.Invalid(msg)
|
|
edge_size = edge_size or nsxv_constants.LARGE
|
|
if edge_size not in vcns_const.ALLOWED_EDGE_SIZES:
|
|
msg = (_("edge size '%(edge_size)s' is not allowed, "
|
|
"allowed types: %(allowed)s") %
|
|
{'edge_type': edge_size,
|
|
'allowed': vcns_const.ALLOWED_EDGE_SIZES})
|
|
LOG.error(msg)
|
|
raise n_exc.Invalid(msg)
|
|
res.append({'edge_type': edge_type,
|
|
'edge_size': edge_size,
|
|
'minimum_pooled_edges': int(minimum_pooled_edges),
|
|
'maximum_pooled_edges': int(maximum_pooled_edges)})
|
|
|
|
edge_pool_dicts = {}
|
|
for edge_type in vcns_const.ALLOWED_EDGE_TYPES:
|
|
edge_pool_dicts[edge_type] = {}
|
|
for r in res:
|
|
edge_pool_dict = edge_pool_dicts[r['edge_type']]
|
|
if r['edge_size'] in edge_pool_dict.keys():
|
|
raise n_exc.Invalid(_("Duplicate edge pool configuration"))
|
|
else:
|
|
edge_pool_dict[r['edge_size']] = {
|
|
'minimum_pooled_edges': r['minimum_pooled_edges'],
|
|
'maximum_pooled_edges': r['maximum_pooled_edges']}
|
|
return edge_pool_dicts
|
|
|
|
|
|
class EdgeManager(object):
|
|
"""Edge Appliance Management.
|
|
EdgeManager provides a pool of edge appliances which we can use
|
|
to support DHCP&metadata, L3&FIP and LB&FW&VPN services.
|
|
"""
|
|
|
|
def __init__(self, nsxv_manager, plugin):
|
|
LOG.debug("Start Edge Manager initialization")
|
|
self.nsxv_manager = nsxv_manager
|
|
self.dvs_id = cfg.CONF.nsxv.dvs_id
|
|
self.edge_pool_dicts = parse_backup_edge_pool_opt()
|
|
self.nsxv_plugin = nsxv_manager.callbacks.plugin
|
|
self.plugin = plugin
|
|
self.per_interface_rp_filter = self._get_per_edge_rp_filter_state()
|
|
self.worker_pool = eventlet.GreenPool(WORKER_POOL_SIZE)
|
|
self._check_backup_edge_pools()
|
|
|
|
def _get_per_edge_rp_filter_state(self):
|
|
version = self.nsxv_manager.vcns.get_version()
|
|
# TODO(kobis): should have better mapping of versions here for this
|
|
if version[:3] == '6.1':
|
|
return False
|
|
return True
|
|
|
|
def _deploy_edge(self, context, lrouter,
|
|
lswitch=None, appliance_size=nsxv_constants.LARGE,
|
|
edge_type=nsxv_constants.SERVICE_EDGE, async=True):
|
|
"""Create an edge for logical router support."""
|
|
router_id = lrouter['id']
|
|
# deploy edge
|
|
jobdata = {
|
|
'router_id': router_id,
|
|
'lrouter': lrouter,
|
|
'lswitch': lswitch,
|
|
'context': context
|
|
}
|
|
|
|
task = self.nsxv_manager.deploy_edge(
|
|
lrouter['id'], lrouter['name'], internal_network=None,
|
|
jobdata=jobdata, wait_for_exec=True,
|
|
appliance_size=appliance_size,
|
|
dist=(edge_type == nsxv_constants.VDR_EDGE), async=async)
|
|
return task
|
|
|
|
def _deploy_backup_edges_on_db(self, context, num,
|
|
appliance_size=nsxv_constants.LARGE,
|
|
edge_type=nsxv_constants.SERVICE_EDGE):
|
|
router_ids = [(vcns_const.BACKUP_ROUTER_PREFIX +
|
|
_uuid())[:vcns_const.EDGE_NAME_LEN]
|
|
for i in moves.range(num)]
|
|
|
|
for router_id in router_ids:
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session, router_id, None, None,
|
|
plugin_const.PENDING_CREATE,
|
|
appliance_size=appliance_size, edge_type=edge_type)
|
|
return router_ids
|
|
|
|
def _deploy_backup_edges_at_backend(self, context, router_ids,
|
|
appliance_size=nsxv_constants.LARGE,
|
|
edge_type=nsxv_constants.SERVICE_EDGE):
|
|
|
|
eventlet.spawn_n(self._pool_creator, context, router_ids,
|
|
appliance_size, edge_type)
|
|
|
|
def _pool_creator(self, context, router_ids, appliance_size, edge_type):
|
|
pool = self.worker_pool
|
|
for router_id in router_ids:
|
|
fake_router = {
|
|
'id': router_id,
|
|
'name': router_id}
|
|
pool.spawn_n(self._deploy_edge, context, fake_router,
|
|
appliance_size=appliance_size,
|
|
edge_type=edge_type, async=False)
|
|
|
|
def _delete_edge(self, context, router_binding):
|
|
if router_binding['status'] == plugin_const.ERROR:
|
|
LOG.warning(_LW("Start deleting %(router_id)s corresponding"
|
|
"edge: %(edge_id)s due to status error"),
|
|
{'router_id': router_binding['router_id'],
|
|
'edge_id': router_binding['edge_id']})
|
|
jobdata = {'context': context}
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_binding['router_id'],
|
|
status=plugin_const.PENDING_DELETE)
|
|
self.nsxv_manager.delete_edge(
|
|
router_binding['router_id'], router_binding['edge_id'],
|
|
jobdata=jobdata,
|
|
dist=(router_binding['edge_type'] == nsxv_constants.VDR_EDGE))
|
|
|
|
def _delete_backup_edges_on_db(self, context, backup_router_bindings):
|
|
for binding in backup_router_bindings:
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, binding['router_id'],
|
|
status=plugin_const.PENDING_DELETE)
|
|
|
|
def _delete_backup_edges_at_backend(self, context, backup_router_bindings):
|
|
for binding in backup_router_bindings:
|
|
# delete edge
|
|
LOG.debug("Start deleting extra edge: %s in pool",
|
|
binding['edge_id'])
|
|
jobdata = {
|
|
'context': context
|
|
}
|
|
self.nsxv_manager.delete_edge(
|
|
binding['router_id'], binding['edge_id'], jobdata=jobdata,
|
|
dist=(binding['edge_type'] == nsxv_constants.VDR_EDGE))
|
|
|
|
def _clean_all_error_edge_bindings(self, context):
|
|
filters = {'status': [plugin_const.ERROR]}
|
|
like_filters = {'router_id': vcns_const.BACKUP_ROUTER_PREFIX + "%"}
|
|
error_router_bindings = nsxv_db.get_nsxv_router_bindings(
|
|
context.session, filters=filters, like_filters=like_filters)
|
|
self._delete_backup_edges_on_db(context,
|
|
error_router_bindings)
|
|
self._delete_backup_edges_at_backend(context,
|
|
error_router_bindings)
|
|
|
|
def _get_backup_edge_bindings(self, context,
|
|
appliance_size=nsxv_constants.LARGE,
|
|
edge_type=nsxv_constants.SERVICE_EDGE,
|
|
db_update_lock=False):
|
|
filters = {'appliance_size': [appliance_size],
|
|
'edge_type': [edge_type],
|
|
'status': [plugin_const.PENDING_CREATE,
|
|
plugin_const.ACTIVE]}
|
|
like_filters = {'router_id': vcns_const.BACKUP_ROUTER_PREFIX + "%"}
|
|
return nsxv_db.get_nsxv_router_bindings(
|
|
context.session, filters=filters, like_filters=like_filters)
|
|
|
|
def _check_backup_edge_pools(self):
|
|
admin_ctx = q_context.get_admin_context()
|
|
self._clean_all_error_edge_bindings(admin_ctx)
|
|
for edge_type, v in self.edge_pool_dicts.items():
|
|
for edge_size in vcns_const.ALLOWED_EDGE_SIZES:
|
|
if edge_size in v.keys():
|
|
edge_pool_range = v[edge_size]
|
|
self._check_backup_edge_pool(
|
|
edge_pool_range['minimum_pooled_edges'],
|
|
edge_pool_range['maximum_pooled_edges'],
|
|
appliance_size=edge_size, edge_type=edge_type)
|
|
else:
|
|
self._check_backup_edge_pool(
|
|
0, 0,
|
|
appliance_size=edge_size, edge_type=edge_type)
|
|
|
|
def _check_backup_edge_pool(self,
|
|
minimum_pooled_edges,
|
|
maximum_pooled_edges,
|
|
appliance_size=nsxv_constants.LARGE,
|
|
edge_type=nsxv_constants.SERVICE_EDGE):
|
|
"""Check edge pool's status and return one available edge for use."""
|
|
admin_ctx = q_context.get_admin_context()
|
|
backup_router_bindings = self._get_backup_edge_bindings(
|
|
admin_ctx, appliance_size=appliance_size, edge_type=edge_type,
|
|
db_update_lock=True)
|
|
backup_num = len(backup_router_bindings)
|
|
if backup_num > maximum_pooled_edges:
|
|
self._delete_backup_edges_on_db(
|
|
admin_ctx,
|
|
backup_router_bindings[:backup_num - maximum_pooled_edges])
|
|
elif backup_num < minimum_pooled_edges:
|
|
new_backup_num = backup_num
|
|
router_ids = []
|
|
while (new_backup_num < minimum_pooled_edges):
|
|
router_ids.extend(
|
|
self._deploy_backup_edges_on_db(
|
|
admin_ctx, 1, appliance_size=appliance_size,
|
|
edge_type=edge_type))
|
|
new_backup_num = len(
|
|
self._get_backup_edge_bindings(
|
|
admin_ctx, appliance_size=appliance_size,
|
|
edge_type=edge_type, db_update_lock=True))
|
|
|
|
if backup_num > maximum_pooled_edges:
|
|
self._delete_backup_edges_at_backend(
|
|
admin_ctx,
|
|
backup_router_bindings[:backup_num - maximum_pooled_edges])
|
|
elif backup_num < minimum_pooled_edges:
|
|
self._deploy_backup_edges_at_backend(admin_ctx,
|
|
router_ids,
|
|
appliance_size=appliance_size,
|
|
edge_type=edge_type)
|
|
|
|
def check_edge_active_at_backend(self, edge_id):
|
|
try:
|
|
status = self.nsxv_manager.get_edge_status(edge_id)
|
|
return (status == vcns_const.RouterStatus.ROUTER_STATUS_ACTIVE)
|
|
except Exception:
|
|
return False
|
|
|
|
def _get_available_router_binding(self, context,
|
|
appliance_size=nsxv_constants.LARGE,
|
|
edge_type=nsxv_constants.SERVICE_EDGE):
|
|
backup_router_bindings = self._get_backup_edge_bindings(
|
|
context, appliance_size=appliance_size, edge_type=edge_type)
|
|
while backup_router_bindings:
|
|
router_binding = random.choice(backup_router_bindings)
|
|
if (router_binding['status'] == plugin_const.ACTIVE):
|
|
if not self.check_edge_active_at_backend(
|
|
router_binding['edge_id']):
|
|
LOG.debug("Delete unavailable backup resource "
|
|
"%(router_id)s with edge_id %(edge_id)s",
|
|
{'router_id': router_binding['router_id'],
|
|
'edge_id': router_binding['edge_id']})
|
|
self._delete_edge(context, router_binding)
|
|
else:
|
|
LOG.debug("Get an available backup resource "
|
|
"%(router_id)s with edge_id %(edge_id)s",
|
|
{'router_id': router_binding['router_id'],
|
|
'edge_id': router_binding['edge_id']})
|
|
return router_binding
|
|
backup_router_bindings.remove(router_binding)
|
|
|
|
def _get_physical_provider_network(self, context, network_id):
|
|
phy_net = nsxv_db.get_network_bindings(context.session, network_id)
|
|
return (phy_net[0]['phy_uuid'] if (
|
|
phy_net and phy_net[0]['phy_uuid'] != '') else self.dvs_id)
|
|
|
|
def _create_sub_interface(self, context, network_id, network_name,
|
|
tunnel_index, address_groups,
|
|
port_group_id=None):
|
|
# Get the physical port group /wire id of the network id
|
|
mappings = nsx_db.get_nsx_switch_ids(context.session, network_id)
|
|
if mappings:
|
|
vcns_network_id = mappings[0]
|
|
else:
|
|
LOG.error(_LE("Create sub interface failed since network %s not "
|
|
"found at the backend."), network_id)
|
|
raise nsx_exc.NsxPluginException(
|
|
err_msg=_("network %s not found at the backend") % network_id)
|
|
if port_group_id is None:
|
|
portgroup = {'vlanId': 0,
|
|
'networkName': network_name,
|
|
'networkBindingType': 'Static',
|
|
'networkType': 'Isolation'}
|
|
config_spec = {'networkSpec': portgroup}
|
|
dvs_id = self._get_physical_provider_network(context, network_id)
|
|
_, port_group_id = self.nsxv_manager.vcns.create_port_group(
|
|
dvs_id, config_spec)
|
|
|
|
interface = {
|
|
'name': _uuid(),
|
|
'tunnelId': tunnel_index,
|
|
'logicalSwitchId': vcns_network_id,
|
|
'isConnected': True
|
|
}
|
|
interface['addressGroups'] = {'addressGroups': address_groups}
|
|
return port_group_id, interface
|
|
|
|
def _getvnic_config(self, edge_id, vnic_index):
|
|
_, vnic_config = self.nsxv_manager.get_interface(edge_id,
|
|
vnic_index)
|
|
return vnic_config
|
|
|
|
def _delete_dhcp_internal_interface(self, context, edge_id, vnic_index,
|
|
tunnel_index, network_id):
|
|
"""Delete the dhcp internal interface."""
|
|
|
|
LOG.debug("Query the vnic %s for DHCP Edge %s", vnic_index, edge_id)
|
|
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
vnic_config = self._getvnic_config(edge_id, vnic_index)
|
|
sub_interfaces = (vnic_config['subInterfaces']['subInterfaces'] if
|
|
'subInterfaces' in vnic_config else [])
|
|
port_group_id = (vnic_config['portgroupId'] if 'portgroupId' in
|
|
vnic_config else None)
|
|
for sub_interface in sub_interfaces:
|
|
if tunnel_index == sub_interface['tunnelId']:
|
|
LOG.debug("Delete the tunnel %d on vnic %d",
|
|
tunnel_index, vnic_index)
|
|
(vnic_config['subInterfaces']['subInterfaces'].
|
|
remove(sub_interface))
|
|
break
|
|
|
|
# Clean the vnic if there is no sub-interface attached
|
|
if len(sub_interfaces) == 0:
|
|
header, _ = self.nsxv_manager.vcns.delete_interface(edge_id,
|
|
vnic_index)
|
|
if port_group_id:
|
|
objuri = header['location']
|
|
job_id = objuri[objuri.rfind("/") + 1:]
|
|
dvs_id = self._get_physical_provider_network(context,
|
|
network_id)
|
|
self.nsxv_manager.delete_portgroup(dvs_id,
|
|
port_group_id,
|
|
job_id)
|
|
else:
|
|
self.nsxv_manager.vcns.update_interface(edge_id, vnic_config)
|
|
|
|
# Delete the router binding or clean the edge appliance
|
|
bindings = nsxv_db.get_nsxv_router_bindings(context.session)
|
|
all_dhcp_edges = {binding['router_id']: binding['edge_id'] for
|
|
binding in bindings if binding['router_id'].
|
|
startswith(vcns_const.DHCP_EDGE_PREFIX)}
|
|
for router_id in all_dhcp_edges:
|
|
if (router_id != resource_id and
|
|
all_dhcp_edges[router_id] == edge_id):
|
|
nsxv_db.delete_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
return
|
|
self._free_dhcp_edge_appliance(context, network_id)
|
|
|
|
def _addr_groups_convert_to_ipset(self, address_groups):
|
|
cidr_list = []
|
|
for addr_group in address_groups:
|
|
cidr = "/".join([addr_group['primaryAddress'],
|
|
addr_group['subnetPrefixLength']])
|
|
cidr_list.append(cidr)
|
|
return netaddr.IPSet(cidr_list)
|
|
|
|
def _update_dhcp_internal_interface(self, context, edge_id, vnic_index,
|
|
tunnel_index, network_id,
|
|
address_groups):
|
|
"""Update the dhcp internal interface:
|
|
1. Add a new vnic tunnel with the address groups
|
|
2. Update the address groups to an existing tunnel
|
|
"""
|
|
LOG.debug("Query the vnic %s for DHCP Edge %s", vnic_index, edge_id)
|
|
_, vnic_config = self.nsxv_manager.get_interface(edge_id, vnic_index)
|
|
sub_iface_dict = vnic_config.get('subInterfaces')
|
|
port_group_id = vnic_config.get('portgroupId')
|
|
new_tunnel_creation = True
|
|
iface_list = []
|
|
|
|
# Update the sub interface address groups for specific tunnel
|
|
if sub_iface_dict:
|
|
sub_interfaces = sub_iface_dict.get('subInterfaces')
|
|
addr_groups_ipset = self._addr_groups_convert_to_ipset(
|
|
address_groups)
|
|
for sb in sub_interfaces:
|
|
if tunnel_index == sb['tunnelId']:
|
|
new_tunnel_creation = False
|
|
sb['addressGroups']['addressGroups'] = address_groups
|
|
else:
|
|
sb_ipset = self._addr_groups_convert_to_ipset(
|
|
sb['addressGroups']['addressGroups'])
|
|
if addr_groups_ipset & sb_ipset:
|
|
ls_id = sb['logicalSwitchId']
|
|
net_ids = nsx_db.get_net_ids(context.session, ls_id)
|
|
if net_ids:
|
|
# Here should never happen, else one bug occurs
|
|
LOG.error(_LE("net %(id)s on edge %(edge_id)s "
|
|
"overlaps with new net %(net_id)s"),
|
|
{'id': net_ids[0],
|
|
'edge_id': edge_id,
|
|
'net_id': network_id})
|
|
raise nsx_exc.NsxPluginException(
|
|
err_msg=_("update dhcp interface for net %s "
|
|
"failed") % network_id)
|
|
else:
|
|
# Occurs when there are DB inconsistency
|
|
sb["is_overlapped"] = True
|
|
LOG.error(_LE("unexpected sub intf %(id)s on edge "
|
|
"%(edge_id)s overlaps with new net "
|
|
"%(net_id)s. we would update with "
|
|
"deleting it for DB consistency"),
|
|
{'id': net_ids[0],
|
|
'edge_id': edge_id,
|
|
'net_id': network_id})
|
|
iface_list = [sub for sub in sub_interfaces
|
|
if not sub.get('is_overlapped', False)]
|
|
|
|
# The first DHCP service creation, not update
|
|
if new_tunnel_creation:
|
|
network_name_item = [edge_id, str(vnic_index), str(tunnel_index)]
|
|
network_name = ('-'.join(network_name_item) + _uuid())[:36]
|
|
port_group_id, iface = self._create_sub_interface(
|
|
context, network_id, network_name, tunnel_index,
|
|
address_groups, port_group_id)
|
|
|
|
iface_list.append(iface)
|
|
|
|
LOG.debug("Update the vnic %d for DHCP Edge %s", vnic_index, edge_id)
|
|
self.nsxv_manager.update_interface('fake_router_id', edge_id,
|
|
vnic_index, port_group_id,
|
|
tunnel_index,
|
|
address_groups=iface_list)
|
|
|
|
@vcns.retry_upon_exception(db_base_exc.OperationalError, max_delay=10)
|
|
def _allocate_edge_appliance(self, context, resource_id, name,
|
|
appliance_size=nsxv_constants.LARGE,
|
|
dist=False):
|
|
"""Try to allocate one avaliable edge from pool."""
|
|
|
|
edge_type = (nsxv_constants.VDR_EDGE if dist else
|
|
nsxv_constants.SERVICE_EDGE)
|
|
lrouter = {'id': resource_id,
|
|
'name': name}
|
|
edge_pool_range = self.edge_pool_dicts[edge_type].get(appliance_size)
|
|
if edge_pool_range is None:
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session, resource_id, None, None,
|
|
plugin_const.PENDING_CREATE,
|
|
appliance_size=appliance_size,
|
|
edge_type=edge_type)
|
|
task = self._deploy_edge(context, lrouter,
|
|
appliance_size=appliance_size,
|
|
edge_type=edge_type)
|
|
task.wait(task_const.TaskState.RESULT)
|
|
return
|
|
|
|
with locking.LockManager.get_lock(
|
|
'nsx-edge-request', lock_file_prefix='get-', external=True):
|
|
self._clean_all_error_edge_bindings(context)
|
|
available_router_binding = self._get_available_router_binding(
|
|
context, appliance_size=appliance_size, edge_type=edge_type)
|
|
# Synchronously deploy an edge if no avaliable edge in pool.
|
|
if not available_router_binding:
|
|
# store router-edge mapping binding
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session, resource_id, None, None,
|
|
plugin_const.PENDING_CREATE,
|
|
appliance_size=appliance_size,
|
|
edge_type=edge_type)
|
|
task = self._deploy_edge(context, lrouter,
|
|
appliance_size=appliance_size,
|
|
edge_type=edge_type)
|
|
task.wait(task_const.TaskState.RESULT)
|
|
else:
|
|
LOG.debug("Select edge: %(edge_id)s from pool for %(name)s",
|
|
{'edge_id': available_router_binding['edge_id'],
|
|
'name': name})
|
|
# select the first avaliable edge in pool.
|
|
nsxv_db.delete_nsxv_router_binding(
|
|
context.session, available_router_binding['router_id'])
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session,
|
|
lrouter['id'],
|
|
available_router_binding['edge_id'],
|
|
None,
|
|
plugin_const.PENDING_CREATE,
|
|
appliance_size=appliance_size,
|
|
edge_type=edge_type)
|
|
LOG.debug("Select edge: %(edge_id)s from pool for %(name)s",
|
|
{'edge_id': available_router_binding['edge_id'],
|
|
'name': name})
|
|
fake_jobdata = {
|
|
'context': context,
|
|
'router_id': lrouter['id']}
|
|
fake_userdata = {'jobdata': fake_jobdata,
|
|
'router_name': lrouter['name'],
|
|
'edge_id': available_router_binding['edge_id'],
|
|
'dist': dist}
|
|
fake_task = tasks.Task(name='fake-deploy-edge-task',
|
|
resource_id='fake-resource_id',
|
|
execute_callback=None,
|
|
userdata=fake_userdata)
|
|
fake_task.status = task_const.TaskStatus.COMPLETED
|
|
self.nsxv_manager.callbacks.edge_deploy_result(fake_task)
|
|
# change edge's name at backend
|
|
task = self.nsxv_manager.update_edge(
|
|
resource_id, available_router_binding['edge_id'],
|
|
name, None, appliance_size=appliance_size, dist=dist)
|
|
task.wait(task_const.TaskState.RESULT)
|
|
backup_num = len(self._get_backup_edge_bindings(
|
|
context, appliance_size=appliance_size, edge_type=edge_type,
|
|
db_update_lock=True))
|
|
router_ids = self._deploy_backup_edges_on_db(
|
|
context, edge_pool_range['minimum_pooled_edges'] - backup_num,
|
|
appliance_size=appliance_size, edge_type=edge_type)
|
|
self._deploy_backup_edges_at_backend(
|
|
context, router_ids,
|
|
appliance_size=appliance_size, edge_type=edge_type)
|
|
|
|
def _free_edge_appliance(self, context, router_id):
|
|
"""Try to collect one edge to pool."""
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
if not binding:
|
|
LOG.warning(_LW("router binding for router: %s "
|
|
"not found"), router_id)
|
|
return
|
|
dist = (binding['edge_type'] == nsxv_constants.VDR_EDGE)
|
|
edge_pool_range = self.edge_pool_dicts[binding['edge_type']].get(
|
|
binding['appliance_size'])
|
|
if (not self.check_edge_active_at_backend(binding['edge_id']) or
|
|
not edge_pool_range):
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id,
|
|
status=plugin_const.PENDING_DELETE)
|
|
# delete edge
|
|
jobdata = {
|
|
'context': context,
|
|
'router_id': router_id
|
|
}
|
|
self.nsxv_manager.delete_edge(
|
|
router_id, binding['edge_id'], jobdata=jobdata, dist=dist)
|
|
return
|
|
|
|
with locking.LockManager.get_lock(
|
|
'nsx-edge-request', lock_file_prefix='get-', external=True):
|
|
self._clean_all_error_edge_bindings(context)
|
|
backup_router_bindings = self._get_backup_edge_bindings(
|
|
context, appliance_size=binding['appliance_size'],
|
|
edge_type=binding['edge_type'])
|
|
backup_num = len(backup_router_bindings)
|
|
# collect the edge to pool if pool not full
|
|
if backup_num < edge_pool_range['maximum_pooled_edges']:
|
|
LOG.debug("Collect edge: %s to pool", binding['edge_id'])
|
|
nsxv_db.delete_nsxv_router_binding(
|
|
context.session, router_id)
|
|
backup_router_id = (vcns_const.BACKUP_ROUTER_PREFIX +
|
|
_uuid())[:vcns_const.EDGE_NAME_LEN]
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session,
|
|
backup_router_id,
|
|
binding['edge_id'],
|
|
None,
|
|
plugin_const.ACTIVE,
|
|
appliance_size=binding['appliance_size'],
|
|
edge_type=binding['edge_type'])
|
|
# change edge's name at backend
|
|
task = self.nsxv_manager.update_edge(
|
|
router_id, binding['edge_id'], backup_router_id, None,
|
|
appliance_size=binding['appliance_size'], dist=dist)
|
|
task.wait(task_const.TaskState.RESULT)
|
|
|
|
# Refresh edge_vnic_bindings
|
|
if not dist and binding['edge_id']:
|
|
nsxv_db.clean_edge_vnic_binding(
|
|
context.session, binding['edge_id'])
|
|
nsxv_db.init_edge_vnic_binding(
|
|
context.session, binding['edge_id'])
|
|
else:
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id,
|
|
status=plugin_const.PENDING_DELETE)
|
|
# delete edge
|
|
jobdata = {
|
|
'context': context,
|
|
'router_id': router_id
|
|
}
|
|
self.nsxv_manager.delete_edge(
|
|
router_id, binding['edge_id'], jobdata=jobdata, dist=dist)
|
|
|
|
def _allocate_dhcp_edge_appliance(self, context, resource_id):
|
|
resource_name = (vcns_const.DHCP_EDGE_PREFIX +
|
|
_uuid())[:vcns_const.EDGE_NAME_LEN]
|
|
self._allocate_edge_appliance(
|
|
context, resource_id, resource_name,
|
|
appliance_size=vcns_const.SERVICE_SIZE_MAPPING['dhcp'])
|
|
|
|
def _free_dhcp_edge_appliance(self, context, network_id):
|
|
router_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
self._free_edge_appliance(context, router_id)
|
|
|
|
def create_lrouter(self, context, lrouter, lswitch=None, dist=False):
|
|
"""Create an edge for logical router support."""
|
|
router_name = lrouter['name'] + '-' + lrouter['id']
|
|
self._allocate_edge_appliance(
|
|
context, lrouter['id'], router_name,
|
|
appliance_size=vcns_const.SERVICE_SIZE_MAPPING['router'],
|
|
dist=dist)
|
|
|
|
def delete_lrouter(self, context, router_id, dist=False):
|
|
self._free_edge_appliance(context, router_id)
|
|
|
|
def update_dhcp_edge_bindings(self, context, network_id):
|
|
"""Reconfigure the DHCP to the edge."""
|
|
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
edge_binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
if not edge_binding:
|
|
return
|
|
with locking.LockManager.get_lock(
|
|
str(edge_binding['edge_id']),
|
|
lock_file_prefix='nsxv-dhcp-config-',
|
|
external=True):
|
|
self.update_dhcp_service_config(context, edge_binding['edge_id'])
|
|
|
|
def update_dhcp_service_config(self, context, edge_id):
|
|
"""Reconfigure the DHCP to the edge."""
|
|
# Get all networks attached to the edge
|
|
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
|
|
context.session, edge_id)
|
|
dhcp_networks = [edge_vnic_binding.network_id
|
|
for edge_vnic_binding in edge_vnic_bindings]
|
|
ports = self.nsxv_plugin.get_ports(
|
|
context.elevated(), filters={'network_id': dhcp_networks})
|
|
inst_ports = [port
|
|
for port in ports
|
|
if port['device_owner'].startswith("compute")]
|
|
static_bindings = []
|
|
for port in inst_ports:
|
|
static_bindings.extend(
|
|
self.nsxv_plugin._create_static_binding(
|
|
context.elevated(), port))
|
|
dhcp_request = {
|
|
'featureType': "dhcp_4.0",
|
|
'enabled': True,
|
|
'staticBindings': {'staticBindings': static_bindings}}
|
|
self.nsxv_manager.vcns.reconfigure_dhcp_service(
|
|
edge_id, dhcp_request)
|
|
bindings_get = get_dhcp_binding_mappings(self.nsxv_manager, edge_id)
|
|
# Refresh edge_dhcp_static_bindings attached to edge
|
|
nsxv_db.clean_edge_dhcp_static_bindings_by_edge(
|
|
context.session, edge_id)
|
|
for mac_address, binding_id in bindings_get.items():
|
|
nsxv_db.create_edge_dhcp_static_binding(context.session, edge_id,
|
|
mac_address, binding_id)
|
|
|
|
def _get_available_edges(self, context, network_id, conflicting_nets):
|
|
if conflicting_nets is None:
|
|
conflicting_nets = []
|
|
conflict_edge_ids = []
|
|
available_edge_ids = []
|
|
router_bindings = nsxv_db.get_nsxv_router_bindings(context.session)
|
|
vdr_dhcp_bindings = nsxv_db.get_vdr_dhcp_bindings(context.session)
|
|
vdr_dhcp_router_ids = [
|
|
binding['dhcp_router_id'] for binding in vdr_dhcp_bindings]
|
|
all_dhcp_edges = {binding['router_id']: binding['edge_id'] for
|
|
binding in router_bindings if (binding['router_id'].
|
|
startswith(vcns_const.DHCP_EDGE_PREFIX) and
|
|
binding['status'] == plugin_const.ACTIVE and
|
|
binding['router_id'] not in vdr_dhcp_router_ids)}
|
|
|
|
if all_dhcp_edges:
|
|
for dhcp_edge_id in set(all_dhcp_edges.values()):
|
|
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
|
|
context.session, dhcp_edge_id)
|
|
free_number = ((vcns_const.MAX_VNIC_NUM - 1) *
|
|
vcns_const.MAX_TUNNEL_NUM -
|
|
len(edge_vnic_bindings))
|
|
# metadata internal network will use one vnic
|
|
if free_number <= (vcns_const.MAX_TUNNEL_NUM - 1):
|
|
conflict_edge_ids.append(dhcp_edge_id)
|
|
|
|
for net_id in conflicting_nets:
|
|
router_id = (vcns_const.DHCP_EDGE_PREFIX + net_id)[:36]
|
|
edge_id = all_dhcp_edges.get(router_id)
|
|
if (edge_id and edge_id not in conflict_edge_ids):
|
|
conflict_edge_ids.append(edge_id)
|
|
|
|
for x in all_dhcp_edges.values():
|
|
if (x not in conflict_edge_ids and
|
|
x not in available_edge_ids):
|
|
available_edge_ids.append(x)
|
|
return (conflict_edge_ids, available_edge_ids)
|
|
|
|
def _get_used_edges(self, context, subnet):
|
|
"""Returns conflicting and available edges for the subnet."""
|
|
conflicting = self.plugin._get_conflicting_networks_for_subnet(
|
|
context, subnet)
|
|
return self._get_available_edges(context, subnet['network_id'],
|
|
conflicting)
|
|
|
|
def remove_network_from_dhcp_edge(self, context, network_id, edge_id):
|
|
old_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_id, network_id)
|
|
if not old_binding:
|
|
LOG.error(_LE("Remove network %(id)s failed since no binding "
|
|
"found on edge %(edge_id)s"),
|
|
{'id': network_id,
|
|
'edge_id': edge_id})
|
|
return
|
|
old_vnic_index = old_binding['vnic_index']
|
|
old_tunnel_index = old_binding['tunnel_index']
|
|
# Cut off the port group/virtual wire connection
|
|
nsxv_db.free_edge_vnic_by_network(context.session,
|
|
edge_id,
|
|
network_id)
|
|
# update dhcp service config on edge_id
|
|
self.update_dhcp_service_config(context, edge_id)
|
|
|
|
try:
|
|
self._delete_dhcp_internal_interface(
|
|
context, edge_id, old_vnic_index,
|
|
old_tunnel_index, network_id)
|
|
except Exception:
|
|
with excutils.save_and_reraise_exception():
|
|
LOG.exception(
|
|
_('Failed to delete vnic %(vnic_index)d '
|
|
'tunnel %(tunnel_index)d on edge '
|
|
'%(edge_id)s'),
|
|
{'vnic_index': old_vnic_index,
|
|
'tunnel_index': old_tunnel_index,
|
|
'edge_id': edge_id})
|
|
|
|
def reuse_existing_dhcp_edge(self, context, edge_id, resource_id,
|
|
network_id):
|
|
app_size = vcns_const.SERVICE_SIZE_MAPPING['dhcp']
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session, resource_id,
|
|
edge_id, None, plugin_const.ACTIVE,
|
|
appliance_size=app_size)
|
|
nsxv_db.allocate_edge_vnic_with_tunnel_index(
|
|
context.session, edge_id, network_id)
|
|
|
|
def allocate_new_dhcp_edge(self, context, network_id, resource_id):
|
|
self._allocate_dhcp_edge_appliance(context, resource_id)
|
|
with locking.LockManager.get_lock(
|
|
'nsx-edge-pool', lock_file_prefix='edge-bind-', external=True):
|
|
new_edge = nsxv_db.get_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
nsxv_db.allocate_edge_vnic_with_tunnel_index(
|
|
context.session, new_edge['edge_id'], network_id)
|
|
return new_edge['edge_id']
|
|
|
|
def create_dhcp_edge_service(self, context, network_id,
|
|
subnet):
|
|
"""
|
|
Create an edge if there is no available edge for dhcp service,
|
|
Update an edge if there is available edge for dhcp service
|
|
|
|
If new edge was allocated, return resource_id, else return None
|
|
"""
|
|
# Check if the network has one related dhcp edge
|
|
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
dhcp_edge_binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
allocate_new_edge = False
|
|
# case 1: update a subnet to an existing dhcp edge
|
|
if dhcp_edge_binding:
|
|
with locking.LockManager.get_lock(
|
|
'nsx-edge-pool', lock_file_prefix='edge-bind-',
|
|
external=True):
|
|
edge_id = dhcp_edge_binding['edge_id']
|
|
(conflict_edge_ids,
|
|
available_edge_ids) = self._get_used_edges(context, subnet)
|
|
LOG.debug("The available edges %s, the conflict edges %s "
|
|
"at present is using edge %s",
|
|
available_edge_ids, conflict_edge_ids, edge_id)
|
|
with locking.LockManager.get_lock(
|
|
str(edge_id), lock_file_prefix='nsxv-dhcp-config-',
|
|
external=True):
|
|
# Delete the existing vnic interface if there is
|
|
# and overlapping subnet
|
|
if edge_id in conflict_edge_ids:
|
|
self.remove_network_from_dhcp_edge(context,
|
|
network_id, edge_id)
|
|
#Move the network to anther Edge and update vnic:
|
|
#1. Find an available existing edge or create a new one
|
|
#2. For the existing one, cut off the old port group
|
|
# connection
|
|
#3. Create the new port group connection to an existing
|
|
# one
|
|
#4. Update the address groups to the vnic
|
|
if available_edge_ids:
|
|
new_id = random.choice(available_edge_ids)
|
|
LOG.debug("Select edge %s to support dhcp for "
|
|
"network %s", new_id, network_id)
|
|
self.reuse_existing_dhcp_edge(
|
|
context, new_id, resource_id, network_id)
|
|
else:
|
|
allocate_new_edge = True
|
|
# case 2: attach the subnet to a new edge and update vnic
|
|
else:
|
|
with locking.LockManager.get_lock(
|
|
'nsx-edge-pool', lock_file_prefix='edge-bind-',
|
|
external=True):
|
|
(conflict_edge_ids,
|
|
available_edge_ids) = self._get_used_edges(context, subnet)
|
|
LOG.debug('The available edges %s, the conflict edges %s',
|
|
available_edge_ids, conflict_edge_ids)
|
|
# There is available one
|
|
if available_edge_ids:
|
|
new_id = random.choice(available_edge_ids)
|
|
LOG.debug("Select edge %s to support dhcp for network %s",
|
|
new_id, network_id)
|
|
self.reuse_existing_dhcp_edge(
|
|
context, new_id, resource_id, network_id)
|
|
else:
|
|
allocate_new_edge = True
|
|
|
|
if allocate_new_edge:
|
|
self.allocate_new_dhcp_edge(context, network_id, resource_id)
|
|
|
|
# If a new Edge was allocated, return resource_id
|
|
return resource_id
|
|
|
|
def update_dhcp_edge_service(self, context, network_id,
|
|
address_groups=None):
|
|
"""Update the subnet to the dhcp edge vnic."""
|
|
if address_groups is None:
|
|
address_groups = []
|
|
|
|
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
edge_binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
dhcp_binding = nsxv_db.get_edge_vnic_binding(context.session,
|
|
edge_binding['edge_id'],
|
|
network_id)
|
|
if dhcp_binding:
|
|
edge_id = dhcp_binding['edge_id']
|
|
vnic_index = dhcp_binding['vnic_index']
|
|
tunnel_index = dhcp_binding['tunnel_index']
|
|
LOG.debug('Update the dhcp service for %s on vnic %d tunnel %d',
|
|
edge_id, vnic_index, tunnel_index)
|
|
try:
|
|
with locking.LockManager.get_lock(
|
|
str(edge_id), lock_file_prefix='nsxv-dhcp-config-',
|
|
external=True):
|
|
self._update_dhcp_internal_interface(
|
|
context, edge_id, vnic_index, tunnel_index, network_id,
|
|
address_groups)
|
|
except Exception:
|
|
with excutils.save_and_reraise_exception():
|
|
LOG.exception(_LE('Failed to update the dhcp service for '
|
|
'%(edge_id)s on vnic %(vnic_index)d '
|
|
'tunnel %(tunnel_index)d'),
|
|
{'edge_id': edge_id,
|
|
'vnic_index': vnic_index,
|
|
'tunnel_index': tunnel_index})
|
|
with locking.LockManager.get_lock(
|
|
str(edge_id), lock_file_prefix='nsxv-dhcp-config-',
|
|
external=True):
|
|
ports = self.nsxv_plugin.get_ports(
|
|
context, filters={'network_id': [network_id]})
|
|
inst_ports = [port
|
|
for port in ports
|
|
if port['device_owner'].startswith("compute")]
|
|
if inst_ports:
|
|
# update dhcp service config for the new added network
|
|
self.update_dhcp_service_config(context, edge_id)
|
|
|
|
def delete_dhcp_edge_service(self, context, network_id):
|
|
"""Delete an edge for dhcp service."""
|
|
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
edge_binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
if edge_binding:
|
|
dhcp_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_binding['edge_id'], network_id)
|
|
if dhcp_binding:
|
|
edge_id = dhcp_binding['edge_id']
|
|
vnic_index = dhcp_binding['vnic_index']
|
|
tunnel_index = dhcp_binding['tunnel_index']
|
|
|
|
LOG.debug("Delete the tunnel %d on vnic %d from DHCP Edge %s",
|
|
tunnel_index, vnic_index, edge_id)
|
|
nsxv_db.free_edge_vnic_by_network(context.session,
|
|
edge_id,
|
|
network_id)
|
|
try:
|
|
with locking.LockManager.get_lock(
|
|
str(edge_id), lock_file_prefix='nsxv-dhcp-config-',
|
|
external=True):
|
|
self._delete_dhcp_internal_interface(context, edge_id,
|
|
vnic_index,
|
|
tunnel_index,
|
|
network_id)
|
|
except Exception:
|
|
with excutils.save_and_reraise_exception():
|
|
LOG.exception(_LE('Failed to delete the tunnel '
|
|
'%(tunnel_index)d on vnic '
|
|
'%(vnic_index)d'
|
|
'from DHCP Edge %(edge_id)s'),
|
|
{'tunnel_index': tunnel_index,
|
|
'vnic_index': vnic_index,
|
|
'edge_id': edge_id})
|
|
|
|
def configure_dhcp_for_vdr_network(
|
|
self, context, network_id, vdr_router_id):
|
|
|
|
# If network is already attached to a DHCP Edge, detach from it
|
|
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
dhcp_edge_binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
|
|
if dhcp_edge_binding:
|
|
with locking.LockManager.get_lock(
|
|
'nsx-edge-pool', lock_file_prefix='edge-bind-',
|
|
external=True):
|
|
edge_id = dhcp_edge_binding['edge_id']
|
|
with locking.LockManager.get_lock(
|
|
str(edge_id), lock_file_prefix='nsxv-dhcp-config-',
|
|
external=True):
|
|
self.remove_network_from_dhcp_edge(context, network_id,
|
|
edge_id)
|
|
|
|
# Find DHCP Edge which is associated with this VDR
|
|
vdr_dhcp_binding = nsxv_db.get_vdr_dhcp_binding_by_vdr(
|
|
context.session, vdr_router_id)
|
|
if vdr_dhcp_binding:
|
|
dhcp_edge_id = vdr_dhcp_binding['dhcp_edge_id']
|
|
self.reuse_existing_dhcp_edge(
|
|
context, dhcp_edge_id, resource_id, network_id)
|
|
else:
|
|
temp_edge_id = ("fake_id_" + _uuid())[:36]
|
|
nsxv_db.add_vdr_dhcp_binding(context.session, vdr_router_id,
|
|
str(resource_id), temp_edge_id)
|
|
# Attach to DHCP Edge
|
|
dhcp_edge_id = self.allocate_new_dhcp_edge(
|
|
context, network_id, resource_id)
|
|
|
|
self.plugin.metadata_proxy_handler.configure_router_edge(
|
|
resource_id, context)
|
|
self.plugin.setup_dhcp_edge_fw_rules(
|
|
context, self.plugin, resource_id)
|
|
|
|
if not self.per_interface_rp_filter:
|
|
with locking.LockManager.get_lock(
|
|
'nsx-edge-pool', lock_file_prefix='edge-bind-',
|
|
external=True):
|
|
self.nsxv_manager.vcns.set_system_control(
|
|
dhcp_edge_id,
|
|
[RP_FILTER_PROPERTY_OFF_TEMPLATE % ('all', '0')])
|
|
|
|
nsxv_db.update_vdr_dhcp_binding(context.session, vdr_router_id,
|
|
dhcp_edge_id=dhcp_edge_id)
|
|
|
|
address_groups = self.plugin._create_network_dhcp_address_group(
|
|
context, network_id)
|
|
self.update_dhcp_edge_service(
|
|
context, network_id, address_groups=address_groups)
|
|
|
|
self.set_sysctl_rp_filter_for_vdr_dhcp(
|
|
context, dhcp_edge_id, network_id)
|
|
|
|
def _get_sub_interface_id(self, context, edge_id, network_id):
|
|
vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_id, network_id)
|
|
|
|
if vnic_binding:
|
|
_, vnic_config = self.nsxv_manager.get_interface(
|
|
edge_id, vnic_binding.vnic_index)
|
|
sub_iface_dict = vnic_config.get('subInterfaces')
|
|
if sub_iface_dict:
|
|
sub_interfaces = sub_iface_dict.get('subInterfaces', [])
|
|
|
|
for sub_interface in sub_interfaces:
|
|
if sub_interface['tunnelId'] == vnic_binding.tunnel_index:
|
|
return sub_interface['index']
|
|
|
|
def set_sysctl_rp_filter_for_vdr_dhcp(self, context, edge_id, network_id):
|
|
if not self.per_interface_rp_filter:
|
|
return
|
|
|
|
vnic_index = self._get_sub_interface_id(context, edge_id, network_id)
|
|
if vnic_index:
|
|
vnic_id = 'vNic_%d' % vnic_index
|
|
with locking.LockManager.get_lock(
|
|
str(edge_id), lock_file_prefix='nsxv-dhcp-config-',
|
|
external=True):
|
|
sysctl_props = []
|
|
h, sysctl = self.nsxv_manager.vcns.get_system_control(edge_id)
|
|
if sysctl:
|
|
sysctl_props = sysctl['property']
|
|
sysctl_props.append(
|
|
RP_FILTER_PROPERTY_OFF_TEMPLATE % (vnic_id, '0'))
|
|
self.nsxv_manager.vcns.set_system_control(
|
|
edge_id, sysctl_props)
|
|
|
|
def reset_sysctl_rp_filter_for_vdr_dhcp(self, context, edge_id,
|
|
network_id):
|
|
if not self.per_interface_rp_filter:
|
|
return
|
|
|
|
vnic_index = self._get_sub_interface_id(context, edge_id, network_id)
|
|
if vnic_index:
|
|
vnic_id = 'vNic_%d' % vnic_index
|
|
with locking.LockManager.get_lock(
|
|
str(edge_id), lock_file_prefix='nsxv-dhcp-config-',
|
|
external=True):
|
|
h, sysctl = self.nsxv_manager.vcns.get_system_control(edge_id)
|
|
if sysctl:
|
|
sysctl_props = sysctl['property']
|
|
sysctl_props.remove(
|
|
RP_FILTER_PROPERTY_OFF_TEMPLATE % (vnic_id, '0'))
|
|
sysctl_props.append(
|
|
RP_FILTER_PROPERTY_OFF_TEMPLATE % (vnic_id, '1'))
|
|
self.nsxv_manager.vcns.set_system_control(
|
|
edge_id, sysctl_props)
|
|
|
|
def get_plr_by_tlr_id(self, context, router_id):
|
|
lswitch_id = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id).lswitch_id
|
|
if lswitch_id:
|
|
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_int_lswitch(
|
|
context.session, lswitch_id)
|
|
if edge_vnic_bindings:
|
|
for edge_vnic_binding in edge_vnic_bindings:
|
|
plr_router_id = nsxv_db.get_nsxv_router_bindings_by_edge(
|
|
context.session,
|
|
edge_vnic_binding.edge_id)[0].router_id
|
|
if plr_router_id != router_id:
|
|
return plr_router_id
|
|
|
|
def create_plr_with_tlr_id(self, context, router_id, router_name):
|
|
# Add an internal network preparing for connecting the VDR
|
|
# to a PLR
|
|
tlr_edge_id = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id).edge_id
|
|
# First create an internal lswitch
|
|
lswitch_name = ('int-' + router_name + router_id)[:36]
|
|
virtual_wire = {"name": lswitch_name,
|
|
"tenantId": "virtual wire tenant"}
|
|
config_spec = {"virtualWireCreateSpec": virtual_wire}
|
|
vdn_scope_id = cfg.CONF.nsxv.vdn_scope_id
|
|
h, lswitch_id = self.nsxv_manager.vcns.create_virtual_wire(
|
|
vdn_scope_id, config_spec)
|
|
|
|
# add vdr's external interface to the lswitch
|
|
tlr_vnic_index = self.nsxv_manager.add_vdr_internal_interface(
|
|
tlr_edge_id, lswitch_id,
|
|
address=vcns_const.INTEGRATION_LR_IPADDRESS.split('/')[0],
|
|
netmask=vcns_const.INTEGRATION_SUBNET_NETMASK,
|
|
type="uplink")
|
|
nsxv_db.create_edge_vnic_binding(
|
|
context.session, tlr_edge_id, tlr_vnic_index, lswitch_id)
|
|
# store the lswitch_id into nsxv_router_binding
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id,
|
|
lswitch_id=lswitch_id)
|
|
|
|
# Handle plr relative op
|
|
plr_router = {'name': router_name,
|
|
'id': (vcns_const.PLR_EDGE_PREFIX + _uuid())[:36]}
|
|
self.create_lrouter(context, plr_router)
|
|
binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, plr_router['id'])
|
|
plr_edge_id = binding['edge_id']
|
|
plr_vnic_index = nsxv_db.allocate_edge_vnic(
|
|
context.session, plr_edge_id, lswitch_id).vnic_index
|
|
#TODO(berlin): the internal ip should change based on vnic_index
|
|
self.nsxv_manager.update_interface(
|
|
plr_router['id'], plr_edge_id, plr_vnic_index, lswitch_id,
|
|
address=vcns_const.INTEGRATION_EDGE_IPADDRESS,
|
|
netmask=vcns_const.INTEGRATION_SUBNET_NETMASK)
|
|
return plr_router['id']
|
|
|
|
def delete_plr_by_tlr_id(self, context, plr_id, router_id):
|
|
# Delete plr's internal interface which connects to internal switch
|
|
tlr_binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id)
|
|
lswitch_id = tlr_binding.lswitch_id
|
|
tlr_edge_id = tlr_binding.edge_id
|
|
plr_edge_id = nsxv_db.get_nsxv_router_binding(
|
|
context.session, plr_id).edge_id
|
|
plr_vnic_index = nsxv_db.get_edge_vnic_binding(
|
|
context.session, plr_edge_id, lswitch_id).vnic_index
|
|
# Clear static routes before delete internal vnic
|
|
task = self.nsxv_manager.update_routes(
|
|
plr_id, plr_edge_id, None, [])
|
|
task.wait(task_const.TaskState.RESULT)
|
|
# Delete internal vnic
|
|
task = self.nsxv_manager.delete_interface(
|
|
plr_id, plr_edge_id, plr_vnic_index)
|
|
task.wait(task_const.TaskState.RESULT)
|
|
nsxv_db.free_edge_vnic_by_network(
|
|
context.session, plr_edge_id, lswitch_id)
|
|
# Delete the PLR
|
|
self.delete_lrouter(context, plr_id)
|
|
|
|
# Clear static routes of vdr
|
|
task = self.nsxv_manager.update_routes(
|
|
router_id, tlr_edge_id, None, [])
|
|
task.wait(task_const.TaskState.RESULT)
|
|
#First delete the vdr's external interface
|
|
tlr_vnic_index = nsxv_db.get_edge_vnic_binding(
|
|
context.session, tlr_edge_id, lswitch_id).vnic_index
|
|
self.nsxv_manager.delete_vdr_internal_interface(
|
|
tlr_edge_id, tlr_vnic_index)
|
|
nsxv_db.delete_edge_vnic_binding_by_network(
|
|
context.session, tlr_edge_id, lswitch_id)
|
|
try:
|
|
# Then delete the internal lswitch
|
|
self.nsxv_manager.vcns.delete_virtual_wire(lswitch_id)
|
|
except Exception:
|
|
LOG.warning(_LW("Failed to delete virtual wire: %s"), lswitch_id)
|
|
|
|
def get_routers_on_same_edge(self, context, router_id):
|
|
edge_binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id)
|
|
if edge_binding:
|
|
return [
|
|
binding['router_id']
|
|
for binding in nsxv_db.get_nsxv_router_bindings_by_edge(
|
|
context.session, edge_binding['edge_id'])]
|
|
else:
|
|
return []
|
|
|
|
def bind_router_on_available_edge(
|
|
self, context, target_router_id,
|
|
optional_router_ids, conflict_router_ids,
|
|
conflict_network_ids, network_number):
|
|
"""Bind logical router on an available edge.
|
|
Return True if the logical router is bound to a new edge.
|
|
"""
|
|
with locking.LockManager.get_lock(
|
|
"edge-router", lock_file_prefix="bind-", external=True):
|
|
optional_edge_ids = []
|
|
conflict_edge_ids = []
|
|
for router_id in optional_router_ids:
|
|
binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id)
|
|
if (binding and binding.status == plugin_const.ACTIVE and
|
|
binding.edge_id not in optional_edge_ids):
|
|
optional_edge_ids.append(binding.edge_id)
|
|
|
|
for router_id in conflict_router_ids:
|
|
binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id)
|
|
if binding and binding.edge_id not in conflict_edge_ids:
|
|
conflict_edge_ids.append(binding.edge_id)
|
|
optional_edge_ids = list(
|
|
set(optional_edge_ids) - set(conflict_edge_ids))
|
|
|
|
max_net_number = 0
|
|
available_edge_id = None
|
|
for edge_id in optional_edge_ids:
|
|
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
|
|
context.session, edge_id)
|
|
# one vnic is used to provide external access.
|
|
net_number = (
|
|
vcns_const.MAX_VNIC_NUM - len(edge_vnic_bindings) - 1)
|
|
if (net_number > max_net_number
|
|
and net_number >= network_number):
|
|
net_ids = [vnic_binding.network_id
|
|
for vnic_binding in edge_vnic_bindings]
|
|
if not (set(conflict_network_ids) & set(net_ids)):
|
|
max_net_number = net_number
|
|
available_edge_id = edge_id
|
|
else:
|
|
# TODO(yangyu): Remove conflict_network_ids
|
|
LOG.exception(
|
|
_LE("Failed to query conflict_router_ids"))
|
|
if available_edge_id:
|
|
edge_binding = nsxv_db.get_nsxv_router_bindings_by_edge(
|
|
context.session, available_edge_id)[0]
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session, target_router_id,
|
|
edge_binding.edge_id, None,
|
|
edge_binding.status,
|
|
edge_binding.appliance_size,
|
|
edge_binding.edge_type)
|
|
else:
|
|
router_name = ('shared' + '-' + _uuid())[
|
|
:vcns_const.EDGE_NAME_LEN]
|
|
self._allocate_edge_appliance(
|
|
context, target_router_id, router_name,
|
|
appliance_size=vcns_const.SERVICE_SIZE_MAPPING['router'])
|
|
return True
|
|
|
|
def unbind_router_on_edge(self, context, router_id):
|
|
"""Unbind a logical router from edge.
|
|
Return True if no logical router bound to the edge.
|
|
"""
|
|
with locking.LockManager.get_lock(
|
|
"edge-router", lock_file_prefix="bind-", external=True):
|
|
# free edge if no other routers bound to the edge
|
|
router_ids = self.get_routers_on_same_edge(context, router_id)
|
|
if router_ids == [router_id]:
|
|
self._free_edge_appliance(context, router_id)
|
|
return True
|
|
else:
|
|
nsxv_db.delete_nsxv_router_binding(context.session, router_id)
|
|
|
|
def is_router_conflict_on_edge(self, context, router_id,
|
|
conflict_router_ids,
|
|
conflict_network_ids,
|
|
intf_num=0):
|
|
with locking.LockManager.get_lock(
|
|
"edge-router", lock_file_prefix="bind-", external=True):
|
|
router_ids = self.get_routers_on_same_edge(context, router_id)
|
|
if set(router_ids) & set(conflict_router_ids):
|
|
return True
|
|
router_binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
router_id)
|
|
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
|
|
context.session, router_binding.edge_id)
|
|
if (vcns_const.MAX_VNIC_NUM - len(edge_vnic_bindings
|
|
) - 1 < intf_num):
|
|
LOG.debug("There isn't available edge vnic for the router: %s",
|
|
router_id)
|
|
return True
|
|
for binding in edge_vnic_bindings:
|
|
if binding.network_id in conflict_network_ids:
|
|
return True
|
|
return False
|
|
|
|
|
|
def create_lrouter(nsxv_manager, context, lrouter, lswitch=None, dist=False):
|
|
"""Create an edge for logical router support."""
|
|
router_id = lrouter['id']
|
|
router_name = lrouter['name'] + '-' + router_id
|
|
appliance_size = vcns_const.SERVICE_SIZE_MAPPING['router']
|
|
# store router-edge mapping binding
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session, router_id, None, None,
|
|
plugin_const.PENDING_CREATE,
|
|
appliance_size=appliance_size)
|
|
|
|
# deploy edge
|
|
jobdata = {
|
|
'router_id': router_id,
|
|
'lrouter': lrouter,
|
|
'lswitch': lswitch,
|
|
'context': context
|
|
}
|
|
|
|
# deploy and wait until the deploy request has been requested
|
|
# so we will have edge_id ready. The wait here should be fine
|
|
# as we're not in a database transaction now
|
|
task = nsxv_manager.deploy_edge(
|
|
router_id, router_name, internal_network=None,
|
|
dist=dist, jobdata=jobdata, appliance_size=appliance_size)
|
|
task.wait(task_const.TaskState.RESULT)
|
|
|
|
|
|
def delete_lrouter(nsxv_manager, context, router_id, dist=False):
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
if binding:
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id,
|
|
status=plugin_const.PENDING_DELETE)
|
|
edge_id = binding['edge_id']
|
|
# delete edge
|
|
jobdata = {
|
|
'context': context
|
|
}
|
|
task = nsxv_manager.delete_edge(router_id, edge_id,
|
|
jobdata=jobdata, dist=dist)
|
|
task.wait(task_const.TaskState.RESULT)
|
|
else:
|
|
LOG.warning(_LW("router binding for router: %s not found"), router_id)
|
|
|
|
|
|
def create_dhcp_service(context, nsxv_manager, network):
|
|
"""Create an Edge for dhcp service."""
|
|
edge_name = "%s-%s" % (network['name'], network['id'])
|
|
jobdata = {'network_id': network['id'], 'context': context}
|
|
# port group id for vlan or virtual wire id for vxlan
|
|
nsx_network_id = nsx_db.get_nsx_switch_ids(context.session,
|
|
network['id'])[0]
|
|
# Deploy an Edge for dhcp service
|
|
return nsxv_manager.deploy_edge(
|
|
network['id'], edge_name, nsx_network_id, jobdata=jobdata,
|
|
appliance_size=vcns_const.SERVICE_SIZE_MAPPING['dhcp'])
|
|
|
|
|
|
def delete_dhcp_service(context, nsxv_manager, network_id):
|
|
"""Delete the Edge of dhcp service."""
|
|
task = None
|
|
binding = nsxv_db.get_dhcp_edge_network_binding(context.session,
|
|
network_id)
|
|
if binding:
|
|
dhcp_edge_id = binding['edge_id']
|
|
vnic_index = binding['vnic_index']
|
|
jobdata = {'context': context, 'network_id': network_id}
|
|
|
|
edge_id = dhcp_edge_id
|
|
|
|
LOG.debug("Delete the vnic %d from DHCP Edge %s",
|
|
vnic_index, edge_id)
|
|
nsxv_manager.vcns.delete_interface(edge_id, vnic_index)
|
|
nsxv_db.free_edge_vnic_by_network(
|
|
context.session, edge_id, network_id)
|
|
LOG.debug("Delete the DHCP Edge service %s", edge_id)
|
|
task = nsxv_manager.delete_edge(network_id, edge_id, jobdata)
|
|
|
|
return task
|
|
|
|
|
|
def get_dhcp_edge_id(context, network_id):
|
|
# Query edge id
|
|
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
if binding:
|
|
edge_id = binding['edge_id']
|
|
return edge_id
|
|
|
|
|
|
def create_dhcp_bindings(context, nsxv_manager, network_id, bindings):
|
|
edge_id = get_dhcp_edge_id(context, network_id)
|
|
if edge_id:
|
|
with locking.LockManager.get_lock(
|
|
str(edge_id),
|
|
lock_file_prefix='nsxv-dhcp-config-',
|
|
external=True):
|
|
for binding in bindings:
|
|
nsxv_manager.vcns.create_dhcp_binding(edge_id, binding)
|
|
bindings_get = get_dhcp_binding_mappings(nsxv_manager, edge_id)
|
|
mac_address_list = [binding['macAddress'] for binding in bindings]
|
|
for mac_address in mac_address_list:
|
|
binding_id = bindings_get.get(mac_address)
|
|
if binding_id:
|
|
nsxv_db.create_edge_dhcp_static_binding(
|
|
context.session, edge_id,
|
|
mac_address, binding_id)
|
|
else:
|
|
LOG.warning(_LW("Unable to configure binding for: %s"),
|
|
mac_address)
|
|
else:
|
|
LOG.warning(_LW("Failed to create dhcp bindings since dhcp edge "
|
|
"for net %s not found at the backend"),
|
|
network_id)
|
|
|
|
|
|
def get_dhcp_binding_mappings(nsxv_manager, edge_id):
|
|
dhcp_config = query_dhcp_service_config(nsxv_manager, edge_id)
|
|
bindings_get = {}
|
|
if dhcp_config:
|
|
for binding in dhcp_config['staticBindings']['staticBindings']:
|
|
bindings_get[binding['macAddress'].lower()] = binding['bindingId']
|
|
return bindings_get
|
|
|
|
|
|
def delete_dhcp_binding(context, nsxv_manager, network_id, mac_address):
|
|
edge_id = get_dhcp_edge_id(context, network_id)
|
|
dhcp_binding = nsxv_db.get_edge_dhcp_static_binding(
|
|
context.session, edge_id, mac_address)
|
|
if edge_id and dhcp_binding:
|
|
with locking.LockManager.get_lock(
|
|
str(edge_id),
|
|
lock_file_prefix='nsxv-dhcp-config-',
|
|
external=True):
|
|
nsxv_manager.vcns.delete_dhcp_binding(
|
|
edge_id, dhcp_binding.binding_id)
|
|
nsxv_db.delete_edge_dhcp_static_binding(
|
|
context.session, edge_id, mac_address)
|
|
|
|
|
|
def query_dhcp_service_config(nsxv_manager, edge_id):
|
|
"""Retrieve the current DHCP configuration from the edge."""
|
|
_, dhcp_config = nsxv_manager.vcns.query_dhcp_configuration(edge_id)
|
|
return dhcp_config
|
|
|
|
|
|
def update_dhcp_internal_interface(context, nsxv_manager,
|
|
network_id, address_groups, add=True):
|
|
# Get the physical port group /wire id of the network id
|
|
mappings = nsx_db.get_nsx_switch_ids(context.session, network_id)
|
|
if mappings:
|
|
vcns_network_id = mappings[0]
|
|
|
|
# Get the DHCP Edge to update the internal interface
|
|
binding = nsxv_db.get_dhcp_edge_network_binding(context.session,
|
|
network_id)
|
|
if binding:
|
|
dhcp_edge_id = binding['edge_id']
|
|
vnic_index = binding['vnic_index']
|
|
edge_id = dhcp_edge_id
|
|
LOG.debug("Query the vnic %s for DHCP Edge %s",
|
|
vnic_index, edge_id)
|
|
_, vnic_config = nsxv_manager.get_interface(edge_id, vnic_index)
|
|
for addr_group in address_groups:
|
|
vnic_addr_grp = vnic_config['addressGroups']['addressGroups']
|
|
if add:
|
|
vnic_addr_grp.append(addr_group)
|
|
else:
|
|
if addr_group in vnic_addr_grp:
|
|
vnic_addr_grp.remove(addr_group)
|
|
|
|
LOG.debug("Update the vnic %d for DHCP Edge %s", vnic_index, edge_id)
|
|
nsxv_manager.update_interface(
|
|
'fake_router_id', edge_id, vnic_index, vcns_network_id,
|
|
address_groups=vnic_config['addressGroups']['addressGroups'])
|
|
|
|
|
|
def get_router_edge_id(context, router_id):
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
if binding:
|
|
return binding['edge_id']
|
|
|
|
|
|
def update_gateway(nsxv_manager, context, router_id, nexthop, routes=None):
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
router_id)
|
|
edge_id = binding['edge_id']
|
|
if routes is None:
|
|
routes = []
|
|
task = nsxv_manager.update_routes(router_id, edge_id, nexthop, routes)
|
|
task.wait(task_const.TaskState.RESULT)
|
|
|
|
|
|
def get_routes(edge_manager, context, router_id):
|
|
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
edge_id = binding['edge_id']
|
|
|
|
vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(context.session,
|
|
edge_id)
|
|
h, routes = edge_manager.vcns.get_routes(edge_id)
|
|
edge_routes = routes.get('staticRoutes')
|
|
routes = []
|
|
for edge_route in edge_routes.get('staticRoutes'):
|
|
for vnic_binding in vnic_bindings:
|
|
if vnic_binding['vnic_index'] == int(edge_route['vnic']):
|
|
route = {'network_id': vnic_binding['network_id'],
|
|
'nexthop': edge_route['nextHop'],
|
|
'destination': edge_route['network']}
|
|
routes.append(route)
|
|
break
|
|
return routes
|
|
|
|
|
|
def update_routes(edge_manager, context, router_id, routes,
|
|
nexthop=None,
|
|
gateway_vnic_index=vcns_const.EXTERNAL_VNIC_INDEX):
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
edge_id = binding['edge_id']
|
|
edge_routes = []
|
|
for route in routes:
|
|
if not route.get('network_id'):
|
|
LOG.warning(_LW("There is no network info for the route %s, so "
|
|
"the route entry would not be executed!"), route)
|
|
continue
|
|
if route.get('external'):
|
|
edge_routes.append({
|
|
'vnic_index': vcns_const.EXTERNAL_VNIC_INDEX,
|
|
'cidr': route['destination'],
|
|
'nexthop': route['nexthop']})
|
|
else:
|
|
edge_routes.append({
|
|
'vnic_index': nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_id,
|
|
route['network_id'])['vnic_index'],
|
|
'cidr': route['destination'],
|
|
'nexthop': route['nexthop']})
|
|
task = edge_manager.update_routes(router_id, edge_id, nexthop, edge_routes,
|
|
gateway_vnic_index=gateway_vnic_index)
|
|
task.wait(task_const.TaskState.RESULT)
|
|
|
|
|
|
def get_internal_lswitch_id_of_plr_tlr(context, router_id):
|
|
return nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id).lswitch_id
|
|
|
|
|
|
def get_internal_vnic_index_of_plr_tlr(context, router_id):
|
|
router_binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id)
|
|
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, router_binding.edge_id, router_binding.lswitch_id)
|
|
return edge_vnic_binding.vnic_index
|
|
|
|
|
|
def clear_gateway(nsxv_manager, context, router_id):
|
|
return update_gateway(nsxv_manager, context, router_id, None)
|
|
|
|
|
|
def update_external_interface(
|
|
nsxv_manager, context, router_id, ext_net_id,
|
|
ipaddr, netmask, secondary=[]):
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
net_bindings = nsxv_db.get_network_bindings(context.session, ext_net_id)
|
|
if not net_bindings:
|
|
vcns_network_id = nsxv_manager.external_network
|
|
else:
|
|
vcns_network_id = net_bindings[0].phy_uuid
|
|
|
|
nsxv_manager.update_interface(router_id, binding['edge_id'],
|
|
vcns_const.EXTERNAL_VNIC_INDEX,
|
|
vcns_network_id,
|
|
address=ipaddr,
|
|
netmask=netmask,
|
|
secondary=secondary)
|
|
|
|
|
|
def update_internal_interface(nsxv_manager, context, router_id, int_net_id,
|
|
address_groups, is_connected=True):
|
|
# Get the pg/wire id of the network id
|
|
mappings = nsx_db.get_nsx_switch_ids(context.session, int_net_id)
|
|
if mappings:
|
|
vcns_network_id = mappings[0]
|
|
LOG.debug("Network id %(network_id)s corresponding ref is : "
|
|
"%(net_moref)s", {'network_id': int_net_id,
|
|
'net_moref': vcns_network_id})
|
|
|
|
# Get edge id
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
edge_id = binding['edge_id']
|
|
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_id, int_net_id)
|
|
# if edge_vnic_binding is None, then first select one avaliable
|
|
# internal vnic for connection.
|
|
if not edge_vnic_binding:
|
|
edge_vnic_binding = nsxv_db.allocate_edge_vnic(
|
|
context.session, edge_id, int_net_id)
|
|
|
|
nsxv_manager.update_interface(router_id, edge_id,
|
|
edge_vnic_binding.vnic_index,
|
|
vcns_network_id,
|
|
is_connected=is_connected,
|
|
address_groups=address_groups)
|
|
|
|
|
|
def add_vdr_internal_interface(nsxv_manager, context, router_id,
|
|
int_net_id, address_groups, is_connected=True):
|
|
# Get the pg/wire id of the network id
|
|
mappings = nsx_db.get_nsx_switch_ids(context.session, int_net_id)
|
|
if mappings:
|
|
vcns_network_id = mappings[0]
|
|
LOG.debug("Network id %(network_id)s corresponding ref is : "
|
|
"%(net_moref)s", {'network_id': int_net_id,
|
|
'net_moref': vcns_network_id})
|
|
# Get edge id
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
edge_id = binding['edge_id']
|
|
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_id, int_net_id)
|
|
if not edge_vnic_binding:
|
|
vnic_index = nsxv_manager.add_vdr_internal_interface(
|
|
edge_id, vcns_network_id, address_groups=address_groups,
|
|
is_connected=is_connected)
|
|
nsxv_db.create_edge_vnic_binding(
|
|
context.session, edge_id, vnic_index, int_net_id)
|
|
else:
|
|
msg = (_("Distributed Router doesn't support multiple subnets "
|
|
"with same network attached to it."))
|
|
raise n_exc.BadRequest(resource='vdr', msg=msg)
|
|
|
|
|
|
def update_vdr_internal_interface(nsxv_manager, context, router_id, int_net_id,
|
|
address_groups, is_connected=True):
|
|
# Get the pg/wire id of the network id
|
|
mappings = nsx_db.get_nsx_switch_ids(context.session, int_net_id)
|
|
if mappings:
|
|
vcns_network_id = mappings[0]
|
|
LOG.debug("Network id %(network_id)s corresponding ref is : "
|
|
"%(net_moref)s", {'network_id': int_net_id,
|
|
'net_moref': vcns_network_id})
|
|
|
|
# Get edge id
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
edge_id = binding['edge_id']
|
|
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_id, int_net_id)
|
|
nsxv_manager.update_vdr_internal_interface(
|
|
edge_id, edge_vnic_binding.vnic_index, vcns_network_id,
|
|
address_groups=address_groups, is_connected=is_connected)
|
|
|
|
|
|
def delete_interface(nsxv_manager, context, router_id, network_id,
|
|
dist=False, is_wait=True):
|
|
# Get the pg/wire id of the network id
|
|
mappings = nsx_db.get_nsx_switch_ids(context.session, network_id)
|
|
if mappings:
|
|
vcns_network_id = mappings[0]
|
|
LOG.debug("Network id %(network_id)s corresponding ref is : "
|
|
"%(net_moref)s", {'network_id': network_id,
|
|
'net_moref': vcns_network_id})
|
|
|
|
# Get edge id
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
edge_id = binding['edge_id']
|
|
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_id, network_id)
|
|
if not edge_vnic_binding:
|
|
LOG.warning(_LW("Failed to find the network %(net_id)s "
|
|
"corresponding vnic index on edge %(edge_id)s"),
|
|
{'net_id': network_id,
|
|
'edge_id': edge_id})
|
|
return
|
|
if not dist:
|
|
task = nsxv_manager.delete_interface(
|
|
router_id, edge_id, edge_vnic_binding.vnic_index)
|
|
if is_wait:
|
|
task.wait(task_const.TaskState.RESULT)
|
|
nsxv_db.free_edge_vnic_by_network(
|
|
context.session, edge_id, network_id)
|
|
else:
|
|
nsxv_manager.delete_vdr_internal_interface(
|
|
edge_id, edge_vnic_binding.vnic_index)
|
|
nsxv_db.delete_edge_vnic_binding_by_network(
|
|
context.session, edge_id, network_id)
|
|
|
|
|
|
def update_nat_rules(nsxv_manager, context, router_id, snat, dnat):
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
task = nsxv_manager.update_nat_rules(
|
|
router_id, binding['edge_id'], snat, dnat)
|
|
task.wait(task_const.TaskState.RESULT)
|
|
|
|
|
|
def update_dnat_rules(nsxv_manager, context, router_id, dnat_rules):
|
|
rtr_binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
edge_id = rtr_binding['edge_id']
|
|
|
|
for dnat_rule in dnat_rules:
|
|
vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session,
|
|
edge_id,
|
|
dnat_rule['network_id'])
|
|
|
|
vnic_index = vnic_binding['vnic_index']
|
|
dnat_rule['vnic_index'] = vnic_index
|
|
|
|
nsxv_manager.update_dnat_rules(edge_id, dnat_rules)
|
|
|
|
|
|
def clear_nat_rules(nsxv_manager, context, router_id):
|
|
update_nat_rules(nsxv_manager, context, router_id, [], [])
|
|
|
|
|
|
def update_firewall(nsxv_manager, context, router_id, firewall,
|
|
allow_external=True):
|
|
jobdata = {'context': context}
|
|
edge_id = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id)['edge_id']
|
|
task = nsxv_manager.asyn_update_firewall(router_id, edge_id,
|
|
firewall, jobdata=jobdata,
|
|
allow_external=allow_external)
|
|
task.wait(task_const.TaskState.RESULT)
|
|
|
|
|
|
def check_network_in_use_at_backend(context, network_id):
|
|
retries = max(cfg.CONF.nsxv.retries, 1)
|
|
delay = 0.5
|
|
for attempt in range(1, retries + 1):
|
|
if attempt != 1:
|
|
time.sleep(delay)
|
|
delay = min(2 * delay, 60)
|
|
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_int_lswitch(
|
|
context.session, network_id)
|
|
if not edge_vnic_bindings:
|
|
return
|
|
LOG.warning(_LW('NSXv: network is still in use at the backend'))
|
|
LOG.error(_LE('NSXv: network is still in use at the backend'))
|
|
|
|
|
|
class NsxVCallbacks(object):
|
|
"""Edge callback implementation Callback functions for
|
|
asynchronous tasks.
|
|
"""
|
|
def __init__(self, plugin):
|
|
self.plugin = plugin
|
|
|
|
def edge_deploy_started(self, task):
|
|
"""callback when deployment task started."""
|
|
jobdata = task.userdata['jobdata']
|
|
context = jobdata['context']
|
|
router_id = jobdata.get('router_id')
|
|
edge_id = task.userdata.get('edge_id')
|
|
name = task.userdata.get('router_name')
|
|
dist = task.userdata.get('dist')
|
|
self.edge_deploy_started_sync(context, edge_id, name, router_id, dist)
|
|
|
|
def edge_deploy_started_sync(self, context, edge_id, name, router_id,
|
|
dist):
|
|
if edge_id:
|
|
LOG.debug("Start deploying %(edge_id)s for router %(name)s",
|
|
{'edge_id': edge_id,
|
|
'name': name})
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id, edge_id=edge_id)
|
|
if not dist:
|
|
# Init Edge vnic binding
|
|
nsxv_db.init_edge_vnic_binding(
|
|
context.session, edge_id)
|
|
else:
|
|
LOG.debug("Failed to deploy Edge")
|
|
if router_id:
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id,
|
|
status=plugin_const.ERROR)
|
|
|
|
def edge_deploy_result(self, task):
|
|
"""callback when deployment task finished."""
|
|
jobdata = task.userdata['jobdata']
|
|
context = jobdata['context']
|
|
name = task.userdata.get('router_name')
|
|
dist = task.userdata.get('dist')
|
|
router_id = jobdata['router_id']
|
|
edge_id = task.userdata.get('edge_id')
|
|
|
|
self.edge_deploy_result_sync(
|
|
context, edge_id, name, router_id, dist,
|
|
task.status == task_const.TaskStatus.COMPLETED)
|
|
|
|
def edge_deploy_result_sync(self, context, edge_id, name, router_id, dist,
|
|
deploy_successful):
|
|
router_db = None
|
|
if uuidutils.is_uuid_like(router_id):
|
|
try:
|
|
router_db = self.plugin._get_router(
|
|
context, router_id)
|
|
except l3.RouterNotFound:
|
|
# Router might have been deleted before deploy finished
|
|
LOG.warning(_LW("Router %s not found"), name)
|
|
|
|
if deploy_successful:
|
|
LOG.debug("Successfully deployed %(edge_id)s for router %(name)s",
|
|
{'edge_id': edge_id,
|
|
'name': name})
|
|
if (router_db and
|
|
router_db['status'] == plugin_const.PENDING_CREATE):
|
|
router_db['status'] = plugin_const.ACTIVE
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id,
|
|
status=plugin_const.ACTIVE)
|
|
else:
|
|
LOG.debug("Failed to deploy Edge for router %s", name)
|
|
if router_db:
|
|
router_db['status'] = plugin_const.ERROR
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id,
|
|
status=plugin_const.ERROR)
|
|
if not dist and edge_id:
|
|
nsxv_db.clean_edge_vnic_binding(
|
|
context.session, edge_id)
|
|
|
|
def edge_update_result(self, task):
|
|
LOG.debug("edge_update_result %d", task.status)
|
|
|
|
def edge_delete_result(self, task):
|
|
jobdata = task.userdata['jobdata']
|
|
router_id = task.userdata['router_id']
|
|
dist = task.userdata.get('dist')
|
|
edge_id = task.userdata['edge_id']
|
|
context = jobdata['context']
|
|
try:
|
|
nsxv_db.delete_nsxv_router_binding(context.session, router_id)
|
|
if not dist:
|
|
nsxv_db.clean_edge_vnic_binding(context.session, edge_id)
|
|
except sa_exc.NoResultFound:
|
|
LOG.warning(_LW("Router Binding for %s not found"), router_id)
|
|
|
|
def interface_update_result(self, task):
|
|
LOG.debug("interface_update_result %d", task.status)
|
|
|
|
def interface_delete_result(self, task):
|
|
LOG.debug("interface_delete_result %d", task.status)
|
|
|
|
def snat_create_result(self, task):
|
|
LOG.debug("snat_create_result %d", task.status)
|
|
|
|
def snat_delete_result(self, task):
|
|
LOG.debug("snat_delete_result %d", task.status)
|
|
|
|
def dnat_create_result(self, task):
|
|
LOG.debug("dnat_create_result %d", task.status)
|
|
|
|
def dnat_delete_result(self, task):
|
|
LOG.debug("dnat_delete_result %d", task.status)
|
|
|
|
def routes_update_result(self, task):
|
|
LOG.debug("routes_update_result %d", task.status)
|
|
|
|
def nat_update_result(self, task):
|
|
LOG.debug("nat_update_result %d", task.status)
|
|
|
|
def _create_rule_id_mapping(
|
|
self, context, edge_id, firewall, vcns_fw):
|
|
for rule in vcns_fw['firewallRules']['firewallRules']:
|
|
if rule.get('ruleTag'):
|
|
index = rule['ruleTag'] - 1
|
|
#TODO(linb):a simple filter of the retrieved rules which may be
|
|
#created by other operations unintentionally
|
|
if index < len(firewall['firewall_rule_list']):
|
|
rule_vseid = rule['ruleId']
|
|
rule_id = firewall['firewall_rule_list'][index].get('id')
|
|
if rule_id:
|
|
map_info = {
|
|
'rule_id': rule_id,
|
|
'rule_vseid': rule_vseid,
|
|
'edge_id': edge_id
|
|
}
|
|
nsxv_db.add_nsxv_edge_firewallrule_binding(
|
|
context.session, map_info)
|
|
|
|
def firewall_update_result(self, task):
|
|
LOG.debug("firewall_update_result %d", task.status)
|
|
context = task.userdata['jobdata']['context']
|
|
edge_id = task.userdata['edge_id']
|
|
fw_config = task.userdata['fw_config']
|
|
vcns_fw_config = task.userdata['vcns_fw_config']
|
|
nsxv_db.cleanup_nsxv_edge_firewallrule_binding(
|
|
context.session, edge_id)
|
|
self._create_rule_id_mapping(
|
|
context, edge_id, fw_config, vcns_fw_config)
|