vmware-nsx/devstack/tools/nsxv_cleanup.py
Aaron Rosen 97eef172cf Fix typos with topy
$ topy -a vmware-nsx

Change-Id: I681a842b4d9309d499052f33cf756228ad850113
2015-11-19 12:53:12 -08:00

350 lines
13 KiB
Python
Executable File

#!/usr/bin/env python
"""
Purpose: Sometimes NSXv backend are out of sync with OpenStack and all
the objects created by OpenStack needs to be cleaned up.
This is a util script to cleanup NSXv objects created by OpenStack
List of objects to be cleared:
- Edge (Service Edge, DHCP Edge, VDR Edge)
- Logical Switches (Tenant Networks)
- Firewall Rules (Security Group)
Usage:
python nsxv_cleanup.py --vsm-ip <nsx-manager-ip>
--username <nsx-manager-username>
--password <nsx-manager-password>
--force
Note: force is optional. If it is specified, force delete security group
You can also use it in python interactive console by import the module
>>>> import nsxv_cleanup
>>>> vsm = nsxv_cleanup.VSMClient('10.34.57.101', 'admin', 'default')
Cleanup all logical switch
>>>> vsm.cleanup_logical_switch()
Cleanup all firewall section
>>>> vsm.cleanup_firewall_section()
Cleanup all security group
>>>> vsm.cleanup_security_group()
Cleanup all edges
>>>> vsm.cleanup_edge()
Cleanup all
>>>> vsm.cleanup_all()
If you have any comment or find a bug, please contact
Tong Liu <tongl@vmware.com>
"""
import sys
import json
import base64
import requests
requests.packages.urllib3.disable_warnings()
class VSMClient(object):
""" Base VSM REST client """
API_VERSION = "2.0"
def __init__(self, host, username, password, *args, **kwargs):
self.force = True if 'force' in kwargs else False
self.host = host
self.username = username
self.password = password
self.version = None
self.endpoint = None
self.content_type = "application/json"
self.accept_type = "application/json"
self.verify = False
self.secure = True
self.interface = "json"
self.url = None
self.headers = None
self.api_version = VSMClient.API_VERSION
self.__set_headers()
def __set_endpoint(self, endpoint):
self.endpoint = endpoint
def get_endpoint(self):
return self.endpoint
def __set_content_type(self, content_type):
self.content_type = content_type
def get_content_type(self):
return self.content_type
def __set_accept_type(self, accept_type):
self.accept_type = accept_type
def get_accept_type(self):
return self.accept_type
def __set_api_version(self, api_version):
self.api_version = api_version
def get_api_version(self):
return self.api
def __set_url(self, api=None, secure=None, host=None, endpoint=None):
api = self.api_version if api is None else api
secure = self.secure if secure is None else secure
host = self.host if host is None else host
endpoint = self.endpoint if endpoint is None else endpoint
http_type = 'https' if secure else 'http'
self.url = '%s://%s/api/%s%s' % (http_type, host, api, endpoint)
def get_url(self):
return self.url
def __set_headers(self, content=None, accept=None):
content_type = self.content_type if content is None else content
accept_type = self.accept_type if accept is None else accept
auth_cred = self.username + ":" + self.password
auth = base64.b64encode(auth_cred)
headers = {}
headers['Authorization'] = "Basic %s" % auth
headers['Content-Type'] = content_type
headers['Accept'] = accept_type
self.headers = headers
def get(self, endpoint=None, params=None):
"""
Basic query method for json API request
"""
self.__set_url(endpoint=endpoint)
response = requests.get(self.url, headers=self.headers,
verify=self.verify, params=params)
return response
def delete(self, endpoint=None, params=None):
"""
Basic delete API method on endpoint
"""
self.__set_url(endpoint=endpoint)
response = requests.delete(self.url, headers=self.headers,
verify=self.verify, params=params)
return response
def post(self, endpoint=None, body=None):
"""
Basic post API method on endpoint
"""
self.__set_url(endpoint=endpoint)
self.__set_headers()
response = requests.post(self.url, headers=self.headers,
verify=self.verify, data=json.dumps(body))
return response
def get_vdn_scope_id(self):
"""
Retrieve existing network scope id
"""
self.__set_api_version('2.0');
self.__set_endpoint("/vdn/scopes")
response = self.get();
if len(response.json()['allScopes']) == 0:
return
else:
return response.json()['allScopes'][0]['objectId']
def query_all_logical_switches(self):
lswitches = []
self.__set_api_version('2.0')
vdn_scope_id = self.get_vdn_scope_id();
if not vdn_scope_id:
return lswitches
endpoint = "/vdn/scopes/%s/virtualwires" % (vdn_scope_id)
self.__set_endpoint(endpoint)
# Query all logical switches
response = self.get()
paging_info = response.json()['dataPage']['pagingInfo']
page_size = int(paging_info['pageSize'])
total_count = int(paging_info['totalCount'])
print "There are total %s logical switches and page size is %s" % (
total_count, page_size)
pages = ceil(total_count, page_size)
print "Total pages: %s" % pages
for i in range(0, pages):
start_index = page_size * i
params = {'startindex': start_index}
response = self.get(params=params)
temp_lswitches = response.json()['dataPage']['data']
lswitches += temp_lswitches
return lswitches
def cleanup_logical_switch(self):
print "Cleaning up logical switches on NSX manager"
lswitches = self.query_all_logical_switches()
print "There are total %s logical switches" % len(lswitches)
for ls in lswitches:
print "\nDeleting logical switch %s (%s) ..." % (ls['name'],
ls['objectId'])
endpoint = '/vdn/virtualwires/%s' % ls['objectId']
response = self.delete(endpoint=endpoint)
if response.status_code != 200:
print "ERROR: response status code %s" % response.status_code
def query_all_firewall_sections(self):
firewall_sections = []
self.__set_api_version('4.0')
self.__set_endpoint('/firewall/globalroot-0/config')
# Query all firewall sections
response = self.get()
# Get layer3 sections related to security group
if response.status_code is 200:
l3_sections = response.json()['layer3Sections']['layer3Sections']
firewall_sections = [s for s in l3_sections if s['name'] !=
"Default Section Layer3"]
else:
print "ERROR: wrong response status code! Exiting..."
sys.exit()
return firewall_sections
def cleanup_firewall_section(self):
print "\n\nCleaning up firewall sections on NSX manager"
l3_sections = self.query_all_firewall_sections()
print "There are total %s firewall sections" % len(l3_sections)
for l3sec in l3_sections:
print "\nDeleting firewall section %s (%s) ..." % (l3sec['name'],
l3sec['id'])
endpoint = '/firewall/globalroot-0/config/layer3sections/%s' % \
l3sec['id']
response = self.delete(endpoint=endpoint)
if response.status_code != 204:
print "ERROR: response status code %s" % response.status_code
def query_all_security_groups(self):
security_groups = []
self.__set_api_version('2.0')
self.__set_endpoint("/services/securitygroup/scope/globalroot-0")
# Query all security groups
response = self.get()
if response.status_code is 200:
sg_all = response.json()
else:
print "ERROR: wrong response status code! Exiting..."
sys.exit()
# Remove Activity Monitoring Data Collection, which is not
# related to any security group created by OpenStack
security_groups = [sg for sg in sg_all if
sg['name'] != "Activity Monitoring Data Collection"]
return security_groups
def cleanup_security_group(self):
print "\n\nCleaning up security groups on NSX manager"
security_groups = self.query_all_security_groups()
print "There are total %s security groups" % len(security_groups)
for sg in security_groups:
print "\nDeleting security group %s (%s) ..." % (sg['name'],
sg['objectId'])
endpoint = '/services/securitygroup/%s' % sg['objectId']
params = {'force': self.force}
response = self.delete(endpoint=endpoint, params=params)
if response.status_code != 200:
print "ERROR: response status code %s" % response.status_code
def query_all_spoofguard_policies(self):
self.__set_api_version('4.0')
self.__set_endpoint("/services/spoofguard/policies/")
# Query all spoofguard policies
response = self.get()
if response.status_code is not 200:
print "ERROR: Faield to get spoofguard policies"
return
sgp_all = response.json()
policies = [sgp for sgp in sgp_all['policies'] if
sgp['name'] != 'Default Policy']
return policies
def cleanup_spoofguard_policies(self):
print "\n\nCleaning up spoofguard policies"
policies = self.query_all_spoofguard_policies()
print "There are total %s policies" % len(policies)
for spg in policies:
print "\nDeleting spoofguard policy %s (%s) ..." % (spg['name'],
spg['policyId'])
endpoint = '/services/spoofguard/policies/%s' % spg['policyId']
response = self.delete(endpoint=endpoint)
print "Response code: %s" % response.status_code
def query_all_edges(self):
edges = []
self.__set_api_version('4.0')
self.__set_endpoint("/edges")
# Query all edges
response = self.get()
paging_info = response.json()['edgePage']['pagingInfo']
page_size = int(paging_info['pageSize'])
total_count = int(paging_info['totalCount'])
print "There are total %s edges and page size is %s" % (
total_count, page_size)
pages = ceil(total_count, page_size)
print "Total pages: %s" % pages
for i in range(0, pages):
start_index = page_size * i
params = {'startindex': start_index}
response = self.get(params=params)
temp_edges = response.json()['edgePage']['data']
edges += temp_edges
return edges
def cleanup_edge(self):
print "\n\nCleaning up edges on NSX manager"
edges = self.query_all_edges()
for edge in edges:
print "\nDeleting edge %s (%s) ..." % (edge['name'], edge['id'])
endpoint = '/edges/%s' % edge['id']
response = self.delete(endpoint=endpoint)
if response.status_code != 204:
print "ERROR: response status code %s" % response.status_code
def cleanup_all(self):
self.cleanup_firewall_section()
self.cleanup_security_group()
self.cleanup_spoofguard_policies()
self.cleanup_edge()
self.cleanup_logical_switch()
def ceil(a, b):
if b == 0:
return 0
div = a / b
mod = 0 if a % b is 0 else 1
return div + mod
if __name__ == "__main__":
from optparse import OptionParser
parser = OptionParser()
parser.add_option("--vsm-ip", dest="vsm_ip", help="NSX Manager IP address")
parser.add_option("-u", "--username", default="admin", dest="username",
help="NSX Manager username")
parser.add_option("-p", "--password", default="default", dest="password",
help="NSX Manager password")
parser.add_option("-f", "--force", dest="force", action="store_true",
help="Force cleanup option")
(options, args) = parser.parse_args()
print "vsm-ip: %s" % options.vsm_ip
print "username: %s" % options.username
print "password: %s" % options.password
print "force: %s" % options.force
# Get VSM REST client
if options.force:
vsm_client = VSMClient(options.vsm_ip, options.username,
options.password, force=options.force)
else:
vsm_client = VSMClient(options.vsm_ip, options.username,
options.password)
# Clean all objects created by OpenStack
vsm_client.cleanup_all()