x/vmware-nsx
Code Issues Proposed changes
759f015542
vmware-nsx/doc/source/housekeeper.rst
Adit Sarfaty f2589aefb2 NSX|V3: Add housekeeping jobs 
Adding houskeeper for NSX V3 including handling orphaned DHCP server,
logical swithces, firewall sections & logical routers, and handling
mismatched logical ports.

Change-Id: Id5e038a5c713796a83e485343cdc1672d0c1fd24
2018-07-20 12:30:17 +03:00

91 lines
3.4 KiB
ReStructuredText
Raw Blame History

Plugin Housekeeper
==================
During the Neutron plugin's operation, system may enter an inconsistent state
due to synchronization issues between different components, e.g Neutron and NSX
or NSX and vCenter.
Some of these inconsistencies may impact the operation of various system
elements.
The Housekeeping mechanism should:
a) Detect such inconsistencies and warn about them.
b) Resolve inconsistencies when possible.
Some of these inconsistencies can be resolved using the Admin utility, yet it
requires manual operation by the administrator while the housekeeping mechanism
should be automatic.
Configuration
-------------
Housekeeping mechanism uses two configuration parameters:
nsxv/v3.housekeeping_jobs: The housekeeper can be configured which tasks to
execute and which should be skipped.
nsxv/v3.housekeeping_readonly: Housekeeper may attempt to fix a broken environment
when this flag is set to False, or otherwise will just warn about
inconsistencies.
Operation
---------
The housekeeping mechanism is an extension to the Neutron plugin. Therefore
it can be triggered by accessing the extension's URL with an administrator
context.
A naive devstack example could be::
source devstack/openrc admin demo
export AUTH_TOKEN=`openstack token issue | awk '/ id /{print $4}'`
curl -X GET -s -H "X-Auth-Token: $AUTH_TOKEN" -H 'Content-Type: application/json' -d '{"housekeeper": {}}' http://<IP address>:9696/v2.0/housekeepers/all
curl -X PUT -s -H "X-Auth-Token: $AUTH_TOKEN" -H 'Content-Type: application/json' -d '{"housekeeper": {}}' http://<IP address>:9696/v2.0/housekeepers/all
Where <IP address> would be the Neutron controller's IP or the virtual IP of
the load balancer which manages the Neutron controllers.
It is important to use the virtual IP in case of a load balanced active-backup
Neutron servers, as otherwise the housekeeping request may be handled by the
wrong controller.
The GET curl call will run all jobs in readonly mode
the PUT curl call will run all jobs in readwrite mode (for that the housekeeping_readonly should be set to False)
To operate the housekeeper periodically as it should, it should be scheduled
via a timing mechanism such as Linux cron.
Plugin Jobs
-----------
NSX-V
~~~~~
error_dhcp_edge: scans for DHCP Edge appliances which are in ERROR state.
When in non-readonly mode, the job will attempt recovery of the DHCP edges by
removing stale elements from the Neutron DB and reconfigure the interfaces at
the backend when required.
error_backup_edge: scans from backup Edge appliances which are in ERROR state.
When in non-readonly mode, the job will reset the Edge appliance configuration.
lbaas_pending: scans the neutron DB for LBaaS objects which are pending for too
long. Report it, and if in non-readonly mode change its status to ERROR
NSX-v3
~~~~~~
orphaned_logical_router: scans the NSX backend for logical routers which are
missing from the neutron DB. Report it, and if in non-readonly mode delete them.
orphaned_logical_swithces: scans the NSX backend for logical switches which are
missing from the neutron DB. Report it, and if in non-readonly mode delete them.
orphaned_dhcp_server: scans the NSX backend for DHCP servers which are
missing a matching network in the neutron DB. Report it, and if in non-readonly
mode delete them.
orphaned_firewall_section: scans the NSX backend for firewall sections which are
missing a matching security group in the neutron DB. Report it, and if in non-readonly
mode delete them.
View Git Blame Copy Permalink