x/vmware-nsx
Code Issues Proposed changes
aba3ade22f
vmware-nsx/doc/source/admin_util.rst
Adit Sarfaty aba3ade22f [Admin-Util] recreate NSX|v router edge 
Delete a backend router edge, and move its' router/s to other edges.
Currently this utility does not support distributed routers

usage:
nsxadmin -r routers -o nsx-recreate --property edge-id=edge-307

Change-Id: Ib1ab84120aaae42dba884d4ba964a3bdd82df2fb
2016-07-19 08:24:01 +03:00

5.6 KiB
Raw Blame History

Admin Utility

The NSXv and the NSXv3 support the nsxadmin utility. This enables and administrator to determine and rectify inconsistencies between the Neutron DB and the NSX. usage: nsxadmin -r <resources> -o <operation>

NSXv

The following resources are supported: 'security-groups', 'edges', 'networks', 'firewall-sections', 'orphaned-edges', 'spoofguard-policy', 'missing-edges', 'backup-edges', 'nsx-security-groups', 'dhcp-binding' and 'metadata'

Edges

  • NSX list:

    nsxadmin -r edges -o nsx-list

  • Neutron list:

    nsxadmin -r edges -o neutron-list

  • Update Datastore HA of an edge: This admin utility can be used on upgrade after the customer added ha_datastore_id to the nsx.ini configuration, in order to update the deployment of existing edges. The new edge appliances configuration will be taken from the nsx.ini, including the datastrore_id, ha_datastore_id, edge_ha. The edge current resource pool & appliance size will not change:

    nsxadmin -r edges -o nsx-update --property edge-id=<edge-id> --property appliances=True

  • Update the size of an edge:

    nsxadmin -r edges -o nsx-update --property edge-id=edge-55 --property size=compact

  • Update the high availability of an edge: enable/disable high availability of an edge:

    nsxadmin -r edges -o nsx-update --property edge-id=edge-55 --property highavailability=<True/False>

Orphaned Edges

  • List orphaned edges (exist on NSXv backend but don't have a corresponding binding in Neutron DB):

    nsxadmin -r orphaned-edges -o list

  • Clean orphaned edges (delete edges from NSXv backend):

    nsxadmin -r orphaned-edges -o clean

Missing Edges

  • List missing edges on NSX. This includes missing networks on those edges:

    nsxadmin -r missing-edges -o list

Backup Edges

  • List backup edges:

    nsxadmin -r backup-edges -o list

  • Delete backup edge:

    nsxadmin -r backup-edges -o clean --property edge-id=edge-9

  • List Edge name mismatches between DB and backend, and backup edges that are missing from the backend:

    nsxadmin -r backup-edges -o list-mismatches

  • Fix Edge name mismatch between DB and backend by updating the name on the backend:

    nsxadmin -r backup-edges -o fix-mismatch --property edge-id=edge-9

DHCP Bindings

  • List missing DHCP bindings: list dhcp edges that are missing from the NSXv backend:

    nsxadmin -r dhcp-binding -o list

  • Update DHCP bindings on an edge:

    nsxadmin -r dhcp-binding -o nsx-update --property edge-id=edge-15

  • Recreate DHCP edge by moving all the networks to other edges:

    nsxadmin -r dhcp-binding -o nsx-recreate --property edge-id=edge-222

Routers

  • Recreate a router edge by moving the router/s to other edge/s:

    nsxadmin -r routers -o nsx-recreate --property edge-id=edge-308

Networks

  • Ability to update or get the teaming policy for a DVS:

    nsxadmin -r networks -o nsx-update --property dvs-id=<id> --property teamingpolicy=<policy>

  • List backend networks and their network morefs:

    nsxadmin -r networks -o list

Missing Networks

  • List networks which are missing from the backend:

    nsxadmin -r missing-networks -o list

Orphaned Networks ~~~~~~~~~~~~~~~~

  • List networks which are missing from the neutron DB:

    nsxadmin -r orphaned-networks -o list

  • Delete a backend network by it's moref:

    nsxadmin -r orphaned-networks -o nsx-clean --property moref=<moref>

Security Groups, Firewall and Spoofguard

  • Security groups. This adds support to list security-groups mappings and miss-matches between the mappings and backend resources as: firewall-sections and nsx-security-groups:

    nsxadmin --resource security-groups --operation list
nsxadmin -r nsx-security-groups -o {list, list-missmatches}
nsxadmin -r firewall-sections -o {list, list-missmatches}

  • Spoofguard support:

    nsxadmin -r spoofguard-policy -o list-mismatches
nsxadmin -r spoofguard-policy -o clean --property policy-id=spoofguardpolicy-10
nsxadmin -r spoofguard-policy -o list --property reverse (entries defined on NSXv and not in Neutron)

Metadata

  • Update loadbalancer members on router and DHCP edges:

    nsxadmin -r metadata -o nsx-update

  • Update shared secret on router and DHCP edges:

    nsxadmin -r metadata -o nsx-update-secret

NSXv3

The following resources are supported: 'security-groups', 'routers', 'networks', 'nsx-security-groups', 'dhcp-binding' and 'ports'.

Networks

  • List missing networks:

    nsxadmin -r networks -o list-mismatches

Routers

  • List missing routers:

    nsxadmin -r routers -o list-mismatches

Ports

  • List missing ports, and ports that exist on backend but without the expected switch profiles:

    nsxadmin -r ports -o list-mismatches

Security Groups

  • List backed security groups:

    nsx -r security-groups -o nsx-list

  • List neutron DB security groups:

    nsx -r security-groups -o neutron-list

  • List both backend and neutron security groups:

    nsx -r security-groups -o list

  • Cleanup NSX backend sections and nsgroups:

    nsx -r security-groups -o nsx-clean

  • Cleanup Neutron DB security groups:

    nsx -r security-groups -o neutron-clean

  • Cleanup both Neutron DB security groups and NSX backend sections and nsgroups:

    nsx -r security-groups -o clean

  • Update NSX security groups dynamic criteria for NSXv3 CrossHairs:

    nsx -r nsx-security-groups -o migrate-to-dynamic-criteria

DHCP Bindings

  • List DHCP bindings in Neutron:

    nsxadmin -r dhcp-binding -o list

  • Resync DHCP bindings for NSXv3 CrossHairs:

    nsxadmin -r dhcp-binding -o nsx-update