vmware-nsx/vmware_nsx/plugins/nsx_v/vshield/edge_utils.py
Kobi Samoray 9c189e303b NSXV: retrieve DNS IPs from subnet correctly
subnet['dns_nameservers'] is a list of strings, not dictionaries.

Change-Id: I929f5ab4d1eb3d538b9e50d08d13554575eab99b
2021-06-02 08:28:13 +00:00

2677 lines
121 KiB
Python

# Copyright 2014 VMware, Inc.
# All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from distutils import version
import os
import random
import time
import eventlet
import netaddr
from neutron_lib.api.definitions import extra_dhcp_opt as ext_edo
from neutron_lib.api import validators
from neutron_lib import constants
from neutron_lib import context as q_context
from neutron_lib.db import api as db_api
from neutron_lib import exceptions as n_exc
from neutron_lib.exceptions import l3 as l3_exc
from oslo_config import cfg
from oslo_log import helpers as log_helpers
from oslo_log import log as logging
from oslo_serialization import jsonutils
from oslo_utils import excutils
from oslo_utils import timeutils
from oslo_utils import uuidutils
from sqlalchemy import exc as db_base_exc
from sqlalchemy.orm import exc as sa_exc
from vmware_nsx._i18n import _
from vmware_nsx.common import config as conf
from vmware_nsx.common import exceptions as nsx_exc
from vmware_nsx.common import locking
from vmware_nsx.common import nsxv_constants
from vmware_nsx.common import utils as c_utils
from vmware_nsx.db import db as nsx_db
from vmware_nsx.db import nsxv_db
from vmware_nsx.dvs import dvs
from vmware_nsx.plugins.nsx_v import availability_zones as nsx_az
from vmware_nsx.plugins.nsx_v.vshield.common import (
constants as vcns_const)
from vmware_nsx.plugins.nsx_v.vshield.common import exceptions as nsxapi_exc
from vmware_nsx.plugins.nsx_v.vshield import vcns
WORKER_POOL_SIZE = 8
RP_FILTER_PROPERTY_OFF_TEMPLATE = 'sysctl.net.ipv4.conf.%s.rp_filter=%s'
MAX_EDGE_PENDING_SEC = 600
LOG = logging.getLogger(__name__)
_uuid = uuidutils.generate_uuid
SUPPORTED_EDGE_LOG_MODULES = ('routing', 'highavailability',
'dhcp', 'loadbalancer', 'dns')
SUPPORTED_EDGE_LOG_LEVELS = ('none', 'debug', 'info', 'warning', 'error')
def parse_service_edge_size():
edge_size_dict = {}
if cfg.CONF.nsxv.default_edge_size:
for purpose_def in cfg.CONF.nsxv.default_edge_size:
(p, s) = purpose_def.split(':')
edge_size_dict[p] = s
return edge_size_dict
def get_service_edge_size(size_dict, purpose):
return size_dict.get(purpose, vcns_const.SERVICE_SIZE_MAPPING[purpose])
def _get_vdr_transit_network_ipobj():
transit_net = cfg.CONF.nsxv.vdr_transit_network
return netaddr.IPNetwork(transit_net)
def get_vdr_transit_network_netmask():
ip = _get_vdr_transit_network_ipobj()
return str(ip.netmask)
def get_vdr_transit_network_tlr_address():
ip = _get_vdr_transit_network_ipobj()
return str(ip[1])
def get_vdr_transit_network_plr_address():
ip = _get_vdr_transit_network_ipobj()
# We need to ensure backwards compatibility. The original edge address
# was "169.254.2.3"
if conf.DEFAULT_VDR_TRANSIT_NETWORK == cfg.CONF.nsxv.vdr_transit_network:
return conf.DEFAULT_PLR_ADDRESS
return str(ip[2])
def validate_vdr_transit_network():
try:
ip = _get_vdr_transit_network_ipobj()
except Exception:
raise n_exc.Invalid(_("Invalid VDR transit network"))
if len(ip) < 4:
raise n_exc.Invalid(_("VDR transit address range too small"))
if is_overlapping_reserved_subnets(cfg.CONF.nsxv.vdr_transit_network,
nsxv_constants.RESERVED_IPS):
raise n_exc.Invalid(_("VDR transit network overlaps reserved subnet"))
def is_overlapping_reserved_subnets(cidr, reserved_subnets):
"""Return True if the subnet overlaps with reserved subnets.
For the V plugin we have a limitation that we should not use
some reserved ranges like: 169.254.128.0/17 and 169.254.1.0/24
"""
range = netaddr.IPNetwork(cidr)
# Check each reserved subnet for intersection
for reserved_subnet in reserved_subnets:
# translate the reserved subnet to a range object
reserved_range = netaddr.IPNetwork(reserved_subnet)
# check if new subnet overlaps this reserved subnet
if (range.first <= reserved_range.last and
reserved_range.first <= range.last):
return True
return False
def parse_backup_edge_pool_opt_per_az(az):
"""Parse edge pool opts per AZ and returns result."""
edge_pool_opts = az.backup_edge_pool
res = []
for edge_pool_def in edge_pool_opts:
split = edge_pool_def.split(':')
try:
(edge_type, edge_size, minimum_pooled_edges,
maximum_pooled_edges) = split[:4]
except ValueError:
raise n_exc.Invalid(_("Invalid edge pool format for availability"
" zone %s") % az.name)
if edge_type not in vcns_const.ALLOWED_EDGE_TYPES:
msg = (_("edge type '%(edge_type)s' is not allowed, "
"allowed types: %(allowed)s for availability zone "
"%(name)s") %
{'edge_type': edge_type,
'allowed': vcns_const.ALLOWED_EDGE_TYPES,
'name': az.name})
LOG.error(msg)
raise n_exc.Invalid(msg)
edge_size = edge_size or nsxv_constants.COMPACT
if edge_size not in vcns_const.ALLOWED_EDGE_SIZES:
msg = (_("edge size '%(edge_size)s' is not allowed, "
"allowed types: %(allowed)s for availability zone "
"%(name)s") %
{'edge_type': edge_size,
'allowed': vcns_const.ALLOWED_EDGE_SIZES,
'name': az.name})
LOG.error(msg)
raise n_exc.Invalid(msg)
res.append({'edge_type': edge_type,
'edge_size': edge_size,
'minimum_pooled_edges': int(minimum_pooled_edges),
'maximum_pooled_edges': int(maximum_pooled_edges)})
edge_pool_dicts = {}
for edge_type in vcns_const.ALLOWED_EDGE_TYPES:
edge_pool_dicts[edge_type] = {}
for r in res:
edge_pool_dict = edge_pool_dicts[r['edge_type']]
if r['edge_size'] in edge_pool_dict.keys():
raise n_exc.Invalid(_("Duplicate edge pool configuration for "
"availability zone %s") % az.name)
edge_pool_dict[r['edge_size']] = {
'minimum_pooled_edges': r['minimum_pooled_edges'],
'maximum_pooled_edges': r['maximum_pooled_edges']}
return edge_pool_dicts
class EdgeManager(object):
"""Edge Appliance Management.
EdgeManager provides a pool of edge appliances which we can use
to support DHCP&metadata, L3&FIP and LB&FW&VPN services.
"""
def __init__(self, nsxv_manager, plugin):
LOG.debug("Start Edge Manager initialization")
self._worker_pool_pid = None
self._worker_pool = None
self.nsxv_manager = nsxv_manager
self._availability_zones = nsx_az.NsxVAvailabilityZones()
self.edge_pool_dicts = self._parse_backup_edge_pool_opt()
self.nsxv_plugin = nsxv_manager.callbacks.plugin
self.plugin = plugin
self.per_interface_rp_filter = self._get_per_edge_rp_filter_state()
self._check_backup_edge_pools()
self._service_edge_size_dict = parse_service_edge_size()
def get_service_edge_size(self, purpose):
return get_service_edge_size(self._service_edge_size_dict, purpose)
def _parse_backup_edge_pool_opt(self):
"""Parse edge pool opts for all availability zones."""
az_list = self._availability_zones.list_availability_zones_objects()
az_pools = {}
for az in az_list:
az_pools[az.name] = parse_backup_edge_pool_opt_per_az(az)
return az_pools
def _get_az_pool(self, az_name):
return self.edge_pool_dicts[az_name]
def _get_worker_pool(self):
if self._worker_pool_pid != os.getpid():
self._worker_pool_pid = os.getpid()
self._worker_pool = eventlet.GreenPool(WORKER_POOL_SIZE)
return self._worker_pool
def _get_per_edge_rp_filter_state(self):
ver = self.nsxv_manager.vcns.get_version()
if version.LooseVersion(ver) < version.LooseVersion('6.2.0'):
return False
return True
def _mark_router_bindings_status_error(self, context, edge_id,
error_reason="backend error"):
for binding in nsxv_db.get_nsxv_router_bindings_by_edge(
context.session, edge_id):
if binding['status'] == constants.ERROR:
continue
LOG.error('Mark router binding ERROR for resource '
'%(res_id)s on edge %(edge_id)s due to '
'%(reason)s',
{'res_id': binding['router_id'],
'edge_id': edge_id,
'reason': error_reason})
nsxv_db.update_nsxv_router_binding(
context.session, binding['router_id'],
status=constants.ERROR)
def _deploy_edge(self, context, lrouter,
lswitch=None, appliance_size=nsxv_constants.COMPACT,
edge_type=nsxv_constants.SERVICE_EDGE,
availability_zone=None, deploy_metadata=False):
"""Create an edge for logical router support."""
if context is None:
context = q_context.get_admin_context()
# deploy edge
return self.nsxv_manager.deploy_edge(context, lrouter['id'],
lrouter['name'], internal_network=None,
appliance_size=appliance_size,
dist=(edge_type == nsxv_constants.VDR_EDGE),
availability_zone=availability_zone,
deploy_metadata=deploy_metadata)
def _deploy_backup_edges_on_db(self, context, num,
appliance_size=nsxv_constants.COMPACT,
edge_type=nsxv_constants.SERVICE_EDGE,
availability_zone=None):
router_ids = [(vcns_const.BACKUP_ROUTER_PREFIX +
_uuid())[:vcns_const.EDGE_NAME_LEN]
for i in range(num)]
for router_id in router_ids:
nsxv_db.add_nsxv_router_binding(
context.session, router_id, None, None,
constants.PENDING_CREATE,
appliance_size=appliance_size, edge_type=edge_type,
availability_zone=availability_zone.name)
return router_ids
def _deploy_backup_edges_at_backend(
self, context, router_ids,
appliance_size=nsxv_constants.COMPACT,
edge_type=nsxv_constants.SERVICE_EDGE,
availability_zone=None):
eventlet.spawn_n(self._pool_creator, router_ids, appliance_size,
edge_type, availability_zone)
def _pool_creator(self, router_ids, appliance_size, edge_type,
availability_zone):
for router_id in router_ids:
fake_router = {
'id': router_id,
'name': router_id}
self._get_worker_pool().spawn_n(
self._deploy_edge, None, fake_router,
appliance_size=appliance_size, edge_type=edge_type,
availability_zone=availability_zone)
def _delete_edge(self, context, router_binding):
if router_binding['status'] == constants.ERROR:
LOG.warning("Start deleting %(router_id)s corresponding "
"edge: %(edge_id)s due to status error",
{'router_id': router_binding['router_id'],
'edge_id': router_binding['edge_id']})
nsxv_db.update_nsxv_router_binding(
context.session, router_binding['router_id'],
status=constants.PENDING_DELETE)
self._get_worker_pool().spawn_n(
self.nsxv_manager.delete_edge, None,
router_binding['router_id'], router_binding['edge_id'],
dist=(router_binding['edge_type'] == nsxv_constants.VDR_EDGE))
def _delete_backup_edges_on_db(self, context, backup_router_bindings):
for binding in backup_router_bindings:
try:
nsxv_db.update_nsxv_router_binding(
context.session, binding['router_id'],
status=constants.PENDING_DELETE)
except sa_exc.NoResultFound:
LOG.debug("Router binding %s does not exist.",
binding['router_id'])
def _delete_backup_edges_at_backend(self, context, backup_router_bindings):
for binding in backup_router_bindings:
# delete edge
LOG.debug("Start deleting extra edge: %s in pool",
binding['edge_id'])
self._get_worker_pool().spawn_n(
self.nsxv_manager.delete_edge, None,
binding['router_id'], binding['edge_id'],
dist=(binding['edge_type'] == nsxv_constants.VDR_EDGE))
def _clean_all_error_edge_bindings(self, context, availability_zone):
# Find all backup edges in error state &
# backup edges which are in pending-XXX state for too long
filters = {'status': [constants.PENDING_CREATE,
constants.PENDING_UPDATE,
constants.PENDING_DELETE],
'availability_zone': [availability_zone.name]}
if cfg.CONF.nsxv.housekeeping_readonly:
filters['status'].append(constants.ERROR)
like_filters = {'router_id': vcns_const.BACKUP_ROUTER_PREFIX + "%"}
router_bindings = nsxv_db.get_nsxv_router_bindings(
context.session, filters=filters, like_filters=like_filters)
# filter only the entries in error state or too long in pending state
error_router_bindings = []
for binding in router_bindings:
to_delete = False
if binding.status == constants.ERROR:
to_delete = True
elif binding.status == constants.PENDING_CREATE:
# Bindings migrated from older versions have no created_at
# attribute which should also be deleted.
if (not binding.created_at or timeutils.is_older_than(
binding.created_at, MAX_EDGE_PENDING_SEC)):
to_delete = True
elif (binding.status == constants.PENDING_UPDATE or
binding.status == constants.PENDING_DELETE):
# Bindings migrated from older versions have no updated_at
# attribute. We will not delete those for now, as it is risky
# and fails lots of tests.
if (binding.updated_at and timeutils.is_older_than(
binding.updated_at, MAX_EDGE_PENDING_SEC)):
to_delete = True
if to_delete:
LOG.warning("Going to delete Erroneous edge: %s", binding)
error_router_bindings.append(binding)
self._delete_backup_edges_on_db(context,
error_router_bindings)
self._delete_backup_edges_at_backend(context,
error_router_bindings)
def _get_backup_edge_bindings(self, context,
appliance_size=nsxv_constants.COMPACT,
edge_type=nsxv_constants.SERVICE_EDGE,
db_update_lock=False,
availability_zone=None):
filters = {'appliance_size': [appliance_size],
'edge_type': [edge_type],
'availability_zone': [availability_zone.name],
'status': [constants.PENDING_CREATE,
constants.PENDING_UPDATE,
constants.ACTIVE]}
like_filters = {'router_id': vcns_const.BACKUP_ROUTER_PREFIX + "%"}
return nsxv_db.get_nsxv_router_bindings(
context.session, filters=filters, like_filters=like_filters)
def _check_backup_edge_pools(self):
admin_ctx = q_context.get_admin_context()
for az in self._availability_zones.list_availability_zones_objects():
self._clean_all_error_edge_bindings(admin_ctx, az)
for edge_type, v in self._get_az_pool(az.name).items():
for edge_size in vcns_const.ALLOWED_EDGE_SIZES:
if edge_size in v.keys():
edge_pool_range = v[edge_size]
self._check_backup_edge_pool(
edge_pool_range['minimum_pooled_edges'],
edge_pool_range['maximum_pooled_edges'],
appliance_size=edge_size, edge_type=edge_type,
availability_zone=az)
else:
self._check_backup_edge_pool(
0, 0,
appliance_size=edge_size, edge_type=edge_type,
availability_zone=az)
def _check_backup_edge_pool(self,
minimum_pooled_edges,
maximum_pooled_edges,
appliance_size=nsxv_constants.COMPACT,
edge_type=nsxv_constants.SERVICE_EDGE,
availability_zone=None):
"""Check edge pool's status and return one available edge for use."""
admin_ctx = q_context.get_admin_context()
backup_router_bindings = self._get_backup_edge_bindings(
admin_ctx, appliance_size=appliance_size, edge_type=edge_type,
db_update_lock=True, availability_zone=availability_zone)
backup_num = len(backup_router_bindings)
if backup_num > maximum_pooled_edges:
self._delete_backup_edges_on_db(
admin_ctx,
backup_router_bindings[:backup_num - maximum_pooled_edges])
elif backup_num < minimum_pooled_edges:
new_backup_num = backup_num
router_ids = []
while (new_backup_num < minimum_pooled_edges):
router_ids.extend(
self._deploy_backup_edges_on_db(
admin_ctx, 1, appliance_size=appliance_size,
edge_type=edge_type,
availability_zone=availability_zone))
new_backup_num = len(
self._get_backup_edge_bindings(
admin_ctx, appliance_size=appliance_size,
edge_type=edge_type, db_update_lock=True,
availability_zone=availability_zone))
if backup_num > maximum_pooled_edges:
self._delete_backup_edges_at_backend(
admin_ctx,
backup_router_bindings[:backup_num - maximum_pooled_edges])
elif backup_num < minimum_pooled_edges:
self._deploy_backup_edges_at_backend(
admin_ctx,
router_ids,
appliance_size=appliance_size,
edge_type=edge_type,
availability_zone=availability_zone)
def check_edge_active_at_backend(self, edge_id):
try:
status = self.nsxv_manager.get_edge_status(edge_id)
return (status == vcns_const.RouterStatus.ROUTER_STATUS_ACTIVE)
except Exception:
return False
def _get_available_router_binding(self, context,
appliance_size=nsxv_constants.COMPACT,
edge_type=nsxv_constants.SERVICE_EDGE,
availability_zone=None):
backup_router_bindings = self._get_backup_edge_bindings(
context, appliance_size=appliance_size, edge_type=edge_type,
availability_zone=availability_zone)
while backup_router_bindings:
router_binding = random.choice(backup_router_bindings)
if (router_binding['status'] == constants.ACTIVE):
if not self.check_edge_active_at_backend(
router_binding['edge_id']):
LOG.debug("Delete unavailable backup resource "
"%(router_id)s with edge_id %(edge_id)s",
{'router_id': router_binding['router_id'],
'edge_id': router_binding['edge_id']})
self._delete_edge(context, router_binding)
else:
LOG.debug("Get an available backup resource "
"%(router_id)s with edge_id %(edge_id)s",
{'router_id': router_binding['router_id'],
'edge_id': router_binding['edge_id']})
return router_binding
backup_router_bindings.remove(router_binding)
def _get_physical_provider_network(self, context, network_id, az_dvs):
bindings = nsxv_db.get_network_bindings(context.session, network_id)
# Set the return value as the availability zone DVS-ID of the
# mgmt/edge cluster
phys_net = az_dvs
network_type = None
if bindings:
binding = bindings[0]
network_type = binding['binding_type']
if (network_type == c_utils.NsxVNetworkTypes.VLAN and
binding['phy_uuid'] != ''):
if ',' not in binding['phy_uuid']:
phys_net = binding['phy_uuid']
# Return user input physical network value for all network types
# except VXLAN networks. The DVS-ID of the mgmt/edge cluster must
# be returned for VXLAN network types.
# We also validate that this binding starts with 'dvs'. If a admin
# creates a provider portgroup then we need to use the default
# configured DVS.
elif (not network_type == c_utils.NsxVNetworkTypes.VXLAN and
binding['phy_uuid'] != '' and
binding['phy_uuid'].startswith('dvs')):
phys_net = binding['phy_uuid']
return phys_net, network_type
def _create_sub_interface(self, context, network_id, network_name,
tunnel_index, address_groups,
port_group_id=None):
az = self.plugin.get_network_az_by_net_id(context, network_id)
vcns_network_id = _retrieve_nsx_switch_id(context, network_id,
az.name)
if port_group_id is None:
portgroup = {'vlanId': 0,
'networkName': network_name,
'networkBindingType': 'Static',
'networkType': 'Isolation'}
config_spec = {'networkSpec': portgroup}
dvs_id, network_type = self._get_physical_provider_network(
context, network_id, az.dvs_id)
pg, port_group_id = self.nsxv_manager.vcns.create_port_group(
dvs_id, config_spec)
# Ensure that the portgroup has the correct teaming
self.plugin._update_network_teaming(dvs_id, None, port_group_id)
interface = {
'name': _uuid(),
'tunnelId': tunnel_index,
'logicalSwitchId': vcns_network_id,
'isConnected': True
}
interface['addressGroups'] = {'addressGroups': address_groups}
return port_group_id, interface
def _getvnic_config(self, edge_id, vnic_index):
_, vnic_config = self.nsxv_manager.get_interface(edge_id,
vnic_index)
return vnic_config
def _delete_dhcp_internal_interface(self, context, edge_id, vnic_index,
tunnel_index, network_id):
"""Delete the dhcp internal interface."""
LOG.debug("Query the vnic %s for DHCP Edge %s", vnic_index, edge_id)
try:
vnic_config = self._getvnic_config(edge_id, vnic_index)
sub_interfaces = (vnic_config['subInterfaces']['subInterfaces'] if
'subInterfaces' in vnic_config else [])
port_group_id = (vnic_config['portgroupId'] if 'portgroupId' in
vnic_config else None)
for sub_interface in sub_interfaces:
if tunnel_index == sub_interface['tunnelId']:
LOG.debug("Delete the tunnel %d on vnic %d",
tunnel_index, vnic_index)
(vnic_config['subInterfaces']['subInterfaces'].
remove(sub_interface))
break
# Clean the vnic if there is no sub-interface attached
if len(sub_interfaces) == 0:
header, _ = self.nsxv_manager.vcns.delete_interface(edge_id,
vnic_index)
if port_group_id:
az = self.plugin.get_network_az_by_net_id(
context, network_id)
dvs_id, net_type = self._get_physical_provider_network(
context, network_id, az.dvs_id)
self.nsxv_manager.delete_port_group(dvs_id,
port_group_id)
else:
self.nsxv_manager.vcns.update_interface(edge_id, vnic_config)
except nsxapi_exc.VcnsApiException:
LOG.exception('Failed to delete vnic %(vnic_index)d '
'tunnel %(tunnel_index)d on edge %(edge_id)s '
'for network %(net_id)s',
{'vnic_index': vnic_index,
'tunnel_index': tunnel_index,
'net_id': network_id,
'edge_id': edge_id})
self._mark_router_bindings_status_error(
context, edge_id,
error_reason="delete dhcp internal interface failure")
self._delete_dhcp_router_binding(context, network_id, edge_id)
def _delete_dhcp_router_binding(self, context, network_id, edge_id):
"""Delete the router binding or clean the edge appliance."""
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
bindings = nsxv_db.get_nsxv_router_bindings_by_edge(
context.session, edge_id)
all_edge_dhcp_entries = [binding['router_id'] for
binding in bindings if binding['router_id'].
startswith(vcns_const.DHCP_EDGE_PREFIX)]
for router_id in all_edge_dhcp_entries:
if (router_id != resource_id):
# There are additional networks on this DHCP edge.
# just delete the binding one and not the edge itself
nsxv_db.delete_nsxv_router_binding(context.session,
resource_id)
return
az_name = bindings[0]['availability_zone'] if bindings else ''
self._free_dhcp_edge_appliance(context, network_id, az_name)
def _addr_groups_convert_to_ipset(self, address_groups):
cidr_list = []
for addr_group in address_groups:
cidr = "/".join([addr_group['primaryAddress'],
addr_group['subnetPrefixLength']])
cidr_list.append(cidr)
return netaddr.IPSet(cidr_list)
def _update_dhcp_internal_interface(self, context, edge_id, vnic_index,
tunnel_index, network_id,
address_groups):
"""Update the dhcp internal interface:
1. Add a new vnic tunnel with the address groups
2. Update the address groups to an existing tunnel
"""
LOG.debug("Query the vnic %s for DHCP Edge %s", vnic_index, edge_id)
h, vnic_config = self.nsxv_manager.get_interface(edge_id, vnic_index)
sub_iface_dict = vnic_config.get('subInterfaces')
port_group_id = vnic_config.get('portgroupId')
new_tunnel_creation = True
iface_list = []
# Update the sub interface address groups for specific tunnel
if sub_iface_dict:
sub_interfaces = sub_iface_dict.get('subInterfaces')
addr_groups_ipset = self._addr_groups_convert_to_ipset(
address_groups)
for sb in sub_interfaces:
if tunnel_index == sb['tunnelId']:
new_tunnel_creation = False
sb['addressGroups']['addressGroups'] = address_groups
else:
sb_ipset = self._addr_groups_convert_to_ipset(
sb['addressGroups']['addressGroups'])
if addr_groups_ipset & sb_ipset:
ls_id = sb['logicalSwitchId']
net_ids = nsx_db.get_net_ids(context.session, ls_id)
if net_ids:
# Here should never happen, else one bug occurs
LOG.error("net %(id)s on edge %(edge_id)s "
"overlaps with new net %(net_id)s",
{'id': net_ids[0],
'edge_id': edge_id,
'net_id': network_id})
raise nsx_exc.NsxPluginException(
err_msg=(_("update dhcp interface for net %s "
"failed") % network_id))
# Occurs when there are DB inconsistency
sb["is_overlapped"] = True
LOG.error("unexpected sub intf %(id)s on edge "
"%(edge_id)s overlaps with new net "
"%(net_id)s. we would update with "
"deleting it for DB consistency",
{'id': ls_id,
'edge_id': edge_id,
'net_id': network_id})
iface_list = [sub for sub in sub_interfaces
if not sub.get('is_overlapped', False)]
# The first DHCP service creation, not update
if new_tunnel_creation:
network_name_item = [edge_id, str(vnic_index), str(tunnel_index)]
network_name = ('-'.join(network_name_item) + _uuid())[:36]
port_group_id, iface = self._create_sub_interface(
context, network_id, network_name, tunnel_index,
address_groups, port_group_id)
iface_list.append(iface)
LOG.debug("Update the vnic %d for DHCP Edge %s", vnic_index, edge_id)
self.nsxv_manager.update_interface('fake_router_id', edge_id,
vnic_index, port_group_id,
tunnel_index,
address_groups=iface_list)
@vcns.retry_upon_exception(db_base_exc.OperationalError, max_delay=10)
def _allocate_edge_appliance(self, context, resource_id, name,
appliance_size=nsxv_constants.COMPACT,
dist=False,
availability_zone=None,
deploy_metadata=False):
"""Try to allocate one available edge from pool."""
edge_type = (nsxv_constants.VDR_EDGE if dist else
nsxv_constants.SERVICE_EDGE)
lrouter = {'id': resource_id,
'name': name}
az_pool = self._get_az_pool(availability_zone.name)
edge_pool_range = az_pool[edge_type].get(appliance_size)
if edge_pool_range is None:
nsxv_db.add_nsxv_router_binding(
context.session, resource_id, None, None,
constants.PENDING_CREATE,
appliance_size=appliance_size,
edge_type=edge_type,
availability_zone=availability_zone.name)
return self._deploy_edge(context, lrouter,
appliance_size=appliance_size,
edge_type=edge_type,
availability_zone=availability_zone,
deploy_metadata=deploy_metadata)
with locking.LockManager.get_lock('nsx-edge-backup-pool'):
self._clean_all_error_edge_bindings(
context, availability_zone=availability_zone)
available_router_binding = self._get_available_router_binding(
context, appliance_size=appliance_size, edge_type=edge_type,
availability_zone=availability_zone)
if available_router_binding:
# Update the status from ACTIVE to PENDING_UPDATE
# in case of other threads select the same router binding
nsxv_db.update_nsxv_router_binding(
context.session, available_router_binding['router_id'],
status=constants.PENDING_UPDATE)
# Synchronously deploy an edge if no available edge in pool.
if not available_router_binding:
# store router-edge mapping binding
nsxv_db.add_nsxv_router_binding(
context.session, resource_id, None, None,
constants.PENDING_CREATE,
appliance_size=appliance_size,
edge_type=edge_type,
availability_zone=availability_zone.name)
edge_id = self._deploy_edge(context, lrouter,
appliance_size=appliance_size,
edge_type=edge_type,
availability_zone=availability_zone,
deploy_metadata=deploy_metadata)
else:
LOG.debug("Select edge: %(edge_id)s from pool for %(name)s",
{'edge_id': available_router_binding['edge_id'],
'name': name})
# select the first available edge in pool.
nsxv_db.delete_nsxv_router_binding(
context.session, available_router_binding['router_id'])
nsxv_db.add_nsxv_router_binding(
context.session,
lrouter['id'],
available_router_binding['edge_id'],
None,
constants.PENDING_CREATE,
appliance_size=appliance_size,
edge_type=edge_type,
availability_zone=availability_zone.name)
edge_id = available_router_binding['edge_id']
LOG.debug("Select edge: %(edge_id)s from pool for %(name)s",
{'edge_id': edge_id, 'name': name})
with locking.LockManager.get_lock(str(edge_id)):
self.nsxv_manager.callbacks.complete_edge_creation(
context, edge_id, lrouter['name'], lrouter['id'], dist,
True, availability_zone=availability_zone,
deploy_metadata=deploy_metadata)
try:
self.nsxv_manager.rename_edge(edge_id, name)
except nsxapi_exc.VcnsApiException as e:
LOG.error("Failed to update edge: %s",
e.response)
self.nsxv_manager.callbacks.complete_edge_update(
context, edge_id, resource_id, False, set_errors=True)
backup_num = len(self._get_backup_edge_bindings(
context, appliance_size=appliance_size, edge_type=edge_type,
db_update_lock=True, availability_zone=availability_zone))
router_ids = self._deploy_backup_edges_on_db(
context, edge_pool_range['minimum_pooled_edges'] - backup_num,
appliance_size=appliance_size, edge_type=edge_type,
availability_zone=availability_zone)
self._deploy_backup_edges_at_backend(
context, router_ids,
appliance_size=appliance_size, edge_type=edge_type,
availability_zone=availability_zone)
return edge_id
def _free_edge_appliance(self, context, router_id):
"""Try to collect one edge to pool."""
with locking.LockManager.get_lock('nsx-edge-backup-pool'):
binding = nsxv_db.get_nsxv_router_binding(context.session,
router_id)
if not binding:
LOG.warning("router binding for router: %s "
"not found", router_id)
return
dist = (binding['edge_type'] == nsxv_constants.VDR_EDGE)
edge_id = binding['edge_id']
availability_zone_name = nsxv_db.get_edge_availability_zone(
context.session, edge_id)
az_pool = self._get_az_pool(availability_zone_name)
edge_pool_range = az_pool[binding['edge_type']].get(
binding['appliance_size'])
nsxv_db.delete_nsxv_router_binding(
context.session, router_id)
backup_router_id = (vcns_const.BACKUP_ROUTER_PREFIX +
_uuid())[:vcns_const.EDGE_NAME_LEN]
nsxv_db.add_nsxv_router_binding(
context.session,
backup_router_id,
edge_id,
None,
constants.PENDING_UPDATE,
appliance_size=binding['appliance_size'],
edge_type=binding['edge_type'],
availability_zone=availability_zone_name)
router_id = backup_router_id
if (binding['status'] == constants.ERROR or
not self.check_edge_active_at_backend(edge_id) or
not edge_pool_range):
nsxv_db.update_nsxv_router_binding(
context.session, router_id,
status=constants.PENDING_DELETE)
# delete edge
self._get_worker_pool().spawn_n(
self.nsxv_manager.delete_edge,
None,
router_id, edge_id, dist=dist)
return
availability_zone = self._availability_zones.get_availability_zone(
availability_zone_name)
self._clean_all_error_edge_bindings(
context, availability_zone=availability_zone)
backup_router_bindings = self._get_backup_edge_bindings(
context, appliance_size=binding['appliance_size'],
edge_type=binding['edge_type'],
availability_zone=availability_zone)
backup_num = len(backup_router_bindings)
# collect the edge to pool if pool not full
if backup_num < edge_pool_range['maximum_pooled_edges']:
# change edge's name at backend
update_result = self.nsxv_manager.update_edge(
context, backup_router_id, edge_id, backup_router_id, None,
appliance_size=binding['appliance_size'], dist=dist,
availability_zone=availability_zone)
# Clean all edge vnic bindings
nsxv_db.clean_edge_vnic_binding(context.session, edge_id)
# Refresh edge_vnic_bindings for centralized router
if not dist and edge_id:
nsxv_db.init_edge_vnic_binding(context.session, edge_id)
if update_result:
nsxv_db.update_nsxv_router_binding(
context.session, backup_router_id,
status=constants.ACTIVE)
LOG.debug("Collect edge: %s to pool", edge_id)
else:
nsxv_db.update_nsxv_router_binding(
context.session, router_id,
status=constants.PENDING_DELETE)
# delete edge
self._get_worker_pool().spawn_n(
self.nsxv_manager.delete_edge,
None,
router_id, edge_id, dist=dist)
def _allocate_dhcp_edge_appliance(self, context, resource_id,
availability_zone):
resource_name = (vcns_const.DHCP_EDGE_PREFIX +
_uuid())[:vcns_const.EDGE_NAME_LEN]
self._allocate_edge_appliance(
context, resource_id, resource_name,
appliance_size=self.get_service_edge_size('dhcp'),
availability_zone=availability_zone,
deploy_metadata=True)
def allocate_lb_edge_appliance(
self, context, resource_id, availability_zone,
appliance_size=None):
if not appliance_size:
appliance_size = self.get_service_edge_size('lb')
return self._allocate_edge_appliance(
context, resource_id, resource_id,
appliance_size=appliance_size,
availability_zone=availability_zone)
def _free_dhcp_edge_appliance(self, context, network_id, az_name):
router_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
# if there are still metadata ports on this edge - delete them now
if self.plugin.metadata_proxy_handler:
metadata_proxy_handler = self.plugin.get_metadata_proxy_handler(
az_name)
if metadata_proxy_handler:
metadata_proxy_handler.cleanup_router_edge(context, router_id,
warn=True)
self._free_edge_appliance(context, router_id)
def _build_lrouter_name(self, router_id, router_name):
return (
router_name[:nsxv_constants.ROUTER_NAME_LENGTH - len(router_id)] +
'-' + router_id)
def update_syslog_by_flavor(self, context, router_id, flavor_id, edge_id):
"""Update syslog config on edge according to router flavor."""
syslog_config = self._get_syslog_config_from_flavor(context,
router_id,
flavor_id)
if syslog_config:
self.nsxv_manager.update_edge_syslog(edge_id, syslog_config,
router_id)
def create_lrouter(
self, context, lrouter, lswitch=None, dist=False,
appliance_size=None,
availability_zone=None):
"""Create an edge for logical router support."""
if not appliance_size:
appliance_size = self.get_service_edge_size('router')
router_name = self._build_lrouter_name(lrouter['id'], lrouter['name'])
edge_id = self._allocate_edge_appliance(
context, lrouter['id'], router_name,
appliance_size=appliance_size,
dist=dist, availability_zone=availability_zone)
if lrouter.get('flavor_id'):
self.update_syslog_by_flavor(context,
lrouter['id'], lrouter['flavor_id'], edge_id)
return edge_id
def delete_lrouter(self, context, router_id, dist=False):
self._free_edge_appliance(context, router_id)
def rename_lrouter(self, context, router_id, new_name):
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
if not binding or not binding['edge_id']:
LOG.warning("router binding for router: %s "
"not found", router_id)
return
edge_id = binding['edge_id']
with locking.LockManager.get_lock(str(edge_id)):
router_name = self._build_lrouter_name(router_id, new_name)
self.nsxv_manager.rename_edge(edge_id, router_name)
def resize_lrouter(self, context, router_id, new_size):
# get the router edge-id
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
if not binding or not binding['edge_id']:
LOG.warning("router binding for router: %s "
"not found", router_id)
return
edge_id = binding['edge_id']
with locking.LockManager.get_lock(str(edge_id)):
# update the router on backend
self.nsxv_manager.resize_edge(edge_id, new_size)
# update the DB
nsxv_db.update_nsxv_router_binding(
context.session, router_id, appliance_size=new_size)
def update_dhcp_edge_bindings(self, context, network_id):
"""Reconfigure the DHCP to the edge."""
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
edge_binding = nsxv_db.get_nsxv_router_binding(context.session,
resource_id)
if not edge_binding:
return
with locking.LockManager.get_lock(str(edge_binding['edge_id'])):
self.update_dhcp_service_config(context, edge_binding['edge_id'])
def _add_dhcp_option(self, static_config, opt):
if 'dhcpOptions' not in static_config:
static_config['dhcpOptions'] = {}
opt_name = opt['opt_name']
opt_val = opt['opt_value']
if opt_name in vcns_const.SUPPORTED_DHCP_OPTIONS:
key = vcns_const.SUPPORTED_DHCP_OPTIONS[opt_name]
if opt_name == 'classless-static-route':
if 'option121' not in static_config['dhcpOptions']:
static_config['dhcpOptions']['option121'] = {
'staticRoutes': []}
opt121 = static_config['dhcpOptions']['option121']
net, ip = opt_val.split(',')
opt121['staticRoutes'].append({'destinationSubnet': net,
'router': ip})
elif (opt_name == 'tftp-server-address' or
opt_name == 'tftp-server'):
if 'option150' not in static_config['dhcpOptions']:
static_config['dhcpOptions']['option150'] = {
'tftpServers': []}
opt150 = static_config['dhcpOptions']['option150']
opt150['tftpServers'].append(opt_val)
else:
static_config['dhcpOptions'][key] = opt_val
else:
if 'other' not in static_config['dhcpOptions']:
static_config['dhcpOptions']['others'] = []
static_config['dhcpOptions']['others'].append(
{'code': opt_name, 'value': opt_val})
def create_static_binding(self, context, port):
"""Create the DHCP Edge static binding configuration
<staticBinding>
<macAddress></macAddress>
<ipAddress></ipAddress>
<hostname></hostname> <!--disallow duplicate-->
<defaultGateway></defaultGateway> <!--optional.-->
<primaryNameServer></primaryNameServer> <!--optional-->
<secondaryNameServer></secondaryNameServer> <!--optional-->
<domainName></domainName> <!--optional-->
</staticBinding>
"""
static_bindings = []
static_config = {}
static_config['macAddress'] = port['mac_address']
static_config['hostname'] = port['id']
static_config['leaseTime'] = cfg.CONF.nsxv.dhcp_lease_time
for fixed_ip in port['fixed_ips']:
# Query the subnet to get gateway and DNS
try:
subnet_id = fixed_ip['subnet_id']
subnet_obj = self.nsxv_plugin._get_subnet_object(
context, subnet_id)
subnet = self.nsxv_plugin._make_subnet_dict(
subnet_obj, fields=None, context=context)
except n_exc.SubnetNotFound:
LOG.debug("No related subnet for port %s", port['id'])
continue
# Only configure if subnet has DHCP support
if not subnet['enable_dhcp']:
continue
static_config['ipAddress'] = fixed_ip['ip_address']
# Set gateway for static binding
static_config['defaultGateway'] = subnet['gateway_ip']
# set primary and secondary dns
name_servers = subnet['dns_nameservers']
# if no nameservers have been configured then use the ones
# defined in the configuration
name_servers = name_servers or cfg.CONF.nsxv.nameservers
if len(name_servers) == 1:
static_config['primaryNameServer'] = name_servers[0]
elif len(name_servers) >= 2:
static_config['primaryNameServer'] = name_servers[0]
static_config['secondaryNameServer'] = name_servers[1]
# Set search domain for static binding
sub_binding = nsxv_db.get_nsxv_subnet_ext_attributes(
context.session,
subnet_id)
dns_search_domain = None
if sub_binding and sub_binding.dns_search_domain:
dns_search_domain = sub_binding.dns_search_domain
elif cfg.CONF.nsxv.dns_search_domain:
dns_search_domain = cfg.CONF.nsxv.dns_search_domain
if dns_search_domain:
static_config['domainName'] = dns_search_domain
if sub_binding and sub_binding.dhcp_mtu:
static_config = self.add_mtu_on_static_binding(
static_config, sub_binding.dhcp_mtu)
self.handle_meta_static_route(
context, subnet_id, [static_config])
for host_route in subnet['host_routes']:
self.add_host_route_on_static_bindings(
[static_config],
host_route['destination'],
host_route['nexthop'])
dhcp_opts = port.get(ext_edo.EXTRADHCPOPTS)
if dhcp_opts is not None:
for opt in dhcp_opts:
self._add_dhcp_option(static_config, opt)
static_bindings.append(static_config)
return static_bindings
def add_host_route_on_static_bindings(self, static_bindings,
dest_cidr, nexthop):
"""Add one host route on a bulk of static bindings config.
We can add host route on VM via dhcp option121. this func can only
works at NSXv version 6.2.3 or higher.
"""
for binding in static_bindings:
if 'dhcpOptions' not in iter(binding):
binding['dhcpOptions'] = {}
if 'option121' not in iter(binding['dhcpOptions']):
binding['dhcpOptions']['option121'] = {'staticRoutes': []}
binding_opt121 = binding['dhcpOptions']['option121']
if 'staticRoutes' not in iter(binding_opt121):
binding_opt121['staticRoutes'] = []
binding_opt121['staticRoutes'].append({
'destinationSubnet': dest_cidr,
'router': nexthop})
return static_bindings
def add_mtu_on_static_binding(self, static_binding, mtu):
"""Add the pre-configured MTU to a static binding config.
We can add the MTU via dhcp option26.
This func can only works at NSXv version 6.2.3 or higher.
"""
if 'dhcpOptions' not in iter(static_binding):
static_binding['dhcpOptions'] = {}
static_binding['dhcpOptions']['option26'] = mtu
return static_binding
def handle_meta_static_route(self, context, subnet_id, static_bindings):
is_dhcp_option121 = self.nsxv_plugin.is_dhcp_metadata(context,
subnet_id)
if is_dhcp_option121:
dhcp_ip = self.nsxv_plugin._get_dhcp_ip_addr_from_subnet(
context, subnet_id)
if dhcp_ip:
self.add_host_route_on_static_bindings(
static_bindings,
'169.254.169.254/32',
dhcp_ip)
else:
LOG.error("Failed to find the dhcp port on subnet "
"%s to do metadata host route insertion",
subnet_id)
def update_dhcp_service_config(self, context, edge_id):
"""Reconfigure the DHCP to the edge."""
# Get all networks attached to the edge
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
context.session, edge_id)
dhcp_networks = [edge_vnic_binding.network_id
for edge_vnic_binding in edge_vnic_bindings]
subnets = self.nsxv_plugin.get_subnets(
context.elevated(), filters={'network_id': dhcp_networks,
'enable_dhcp': [True]})
static_bindings = []
for subnet in subnets:
ports = self.nsxv_plugin.get_ports(
context.elevated(),
filters={'network_id': [subnet['network_id']],
'fixed_ips': {'subnet_id': [subnet['id']]}})
inst_ports = [port for port in ports
if port['device_owner'].startswith('compute')]
for port in inst_ports:
static_bindings.extend(
self.create_static_binding(
context.elevated(), port))
dhcp_request = {
'featureType': "dhcp_4.0",
'enabled': True,
'staticBindings': {'staticBindings': static_bindings}}
self.nsxv_manager.vcns.reconfigure_dhcp_service(
edge_id, dhcp_request)
bindings_get = get_dhcp_binding_mappings(self.nsxv_manager, edge_id)
# Refresh edge_dhcp_static_bindings attached to edge
nsxv_db.clean_edge_dhcp_static_bindings_by_edge(
context.session, edge_id)
for mac_address, binding_id in bindings_get.items():
nsxv_db.create_edge_dhcp_static_binding(context.session, edge_id,
mac_address, binding_id)
def _get_random_available_edge(self, available_edge_ids):
while available_edge_ids:
# Randomly select an edge ID from the pool.
new_id = random.choice(available_edge_ids)
# Validate whether the edge exists on the backend.
if not self.check_edge_active_at_backend(new_id):
# Remove edge_id from available edges pool.
available_edge_ids.remove(new_id)
LOG.warning("Skipping edge: %s due to inactive status on "
"the backend.", new_id)
else:
return new_id
def _get_available_edges(self, context, network_id, conflicting_nets,
availability_zone):
if conflicting_nets is None:
conflicting_nets = []
conflict_edge_ids = []
available_edge_ids = []
filters = {'availability_zone': [availability_zone.name]}
router_bindings = nsxv_db.get_nsxv_router_bindings(context.session,
filters=filters)
all_dhcp_edges = {binding['router_id']: binding['edge_id'] for
binding in router_bindings if (binding['router_id'].
startswith(vcns_const.DHCP_EDGE_PREFIX) and
binding['status'] == constants.ACTIVE)}
# Special case if there is more than one subnet per exclusive DHCP
# network
if availability_zone.exclusive_dhcp_edge:
router_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
edge_id = all_dhcp_edges.get(router_id)
if edge_id:
LOG.info("Reusing the same DHCP edge for network %s",
network_id)
available_edge_ids.append(edge_id)
return (conflict_edge_ids, available_edge_ids)
if all_dhcp_edges:
for dhcp_edge_id in set(all_dhcp_edges.values()):
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
context.session, dhcp_edge_id)
free_number = ((vcns_const.MAX_VNIC_NUM - 1) *
vcns_const.MAX_TUNNEL_NUM -
len(edge_vnic_bindings))
# metadata internal network will use one vnic or
# exclusive_dhcp_edge is set for the AZ
if (free_number <= (vcns_const.MAX_TUNNEL_NUM - 1) or
availability_zone.exclusive_dhcp_edge):
conflict_edge_ids.append(dhcp_edge_id)
for net_id in conflicting_nets:
router_id = (vcns_const.DHCP_EDGE_PREFIX + net_id)[:36]
edge_id = all_dhcp_edges.get(router_id)
if (edge_id and edge_id not in conflict_edge_ids):
conflict_edge_ids.append(edge_id)
for x in all_dhcp_edges.values():
if (x not in conflict_edge_ids and
x not in available_edge_ids):
available_edge_ids.append(x)
return (conflict_edge_ids, available_edge_ids)
def _get_used_edges(self, context, subnet, availability_zone):
"""Returns conflicting and available edges for the subnet."""
conflicting = self.plugin._get_conflicting_networks_for_subnet(
context, subnet)
return self._get_available_edges(context, subnet['network_id'],
conflicting, availability_zone)
def remove_network_from_dhcp_edge(self, context, network_id, edge_id):
# If DHCP edge was created initially for this network, metadata port
# Might use this network's DHCP router_id as device_id. Call the
# following to validate this
self.reconfigure_shared_edge_metadata_port(
context, (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36])
old_binding = nsxv_db.get_edge_vnic_binding(
context.session, edge_id, network_id)
if not old_binding:
LOG.error("Remove network %(id)s failed since no binding "
"found on edge %(edge_id)s",
{'id': network_id,
'edge_id': edge_id})
self._delete_dhcp_router_binding(context, network_id, edge_id)
return
old_vnic_index = old_binding['vnic_index']
old_tunnel_index = old_binding['tunnel_index']
# Cut off the port group/virtual wire connection
nsxv_db.free_edge_vnic_by_network(context.session,
edge_id,
network_id)
try:
# update dhcp service config on edge_id
self.update_dhcp_service_config(context, edge_id)
except nsxapi_exc.VcnsApiException:
LOG.exception('Failed to delete vnic %(vnic_index)d '
'tunnel %(tunnel_index)d on edge %(edge_id)s',
{'vnic_index': old_vnic_index,
'tunnel_index': old_tunnel_index,
'edge_id': edge_id})
self._mark_router_bindings_status_error(
context, edge_id,
error_reason="remove network from dhcp edge failure")
except Exception:
LOG.exception('Failed to delete vnic %(vnic_index)d '
'tunnel %(tunnel_index)d on edge %(edge_id)s',
{'vnic_index': old_vnic_index,
'tunnel_index': old_tunnel_index,
'edge_id': edge_id})
self._delete_dhcp_internal_interface(context, edge_id, old_vnic_index,
old_tunnel_index, network_id)
def reuse_existing_dhcp_edge(self, context, edge_id, resource_id,
network_id, availability_zone):
app_size = self.get_service_edge_size('dhcp')
# There may be edge cases when we are waiting for edges to deploy
# and the underlying db session may hit a timeout. So this creates
# a new session
context = q_context.get_admin_context()
nsxv_db.add_nsxv_router_binding(
context.session, resource_id,
edge_id, None, constants.ACTIVE,
appliance_size=app_size,
availability_zone=availability_zone.name)
nsxv_db.allocate_edge_vnic_with_tunnel_index(
context.session, edge_id, network_id,
availability_zone.name)
def reconfigure_shared_edge_metadata_port(self, context, org_router_id):
if not self.plugin.metadata_proxy_handler:
return
org_binding = nsxv_db.get_nsxv_router_binding(context.session,
org_router_id)
if not org_binding:
return
az_name = org_binding['availability_zone']
int_net = nsxv_db.get_nsxv_internal_network(
context.session,
vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE,
az_name)
if not int_net:
return
# Query the ports of this internal network
internal_nets = [int_net['network_id']]
ports = self.nsxv_plugin.get_ports(
context, filters={'device_id': [org_router_id],
'network_id': internal_nets})
if not ports:
LOG.debug('No metadata ports found for %s', org_router_id)
return
if len(ports) > 1:
LOG.debug('Expecting one metadata port for %s. Found %d ports',
org_router_id, len(ports))
edge_id = org_binding['edge_id']
bindings = nsxv_db.get_nsxv_router_bindings(
context.session, filters={'edge_id': [edge_id]})
for binding in bindings:
if binding['router_id'] != org_router_id:
for port in ports:
self.plugin.update_port(
context, port['id'],
{'port': {'device_id': binding['router_id']}})
return
def allocate_new_dhcp_edge(self, context, network_id, resource_id,
availability_zone):
self._allocate_dhcp_edge_appliance(context, resource_id,
availability_zone)
new_edge = nsxv_db.get_nsxv_router_binding(context.session,
resource_id)
nsxv_db.allocate_edge_vnic_with_tunnel_index(
context.session, new_edge['edge_id'], network_id,
availability_zone.name)
return new_edge['edge_id']
def create_dhcp_edge_service(self, context, network_id,
subnet):
"""
Create an edge if there is no available edge for dhcp service,
Update an edge if there is available edge for dhcp service
If new edge was allocated, return resource_id, else return None
"""
availability_zone = self.plugin.get_network_az_by_net_id(
context, network_id)
# Check if the network has one related dhcp edge
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
dhcp_edge_binding = nsxv_db.get_nsxv_router_binding(context.session,
resource_id)
allocate_new_edge = False
with locking.LockManager.get_lock('nsx-dhcp-edge-pool'):
(conflict_edge_ids,
available_edge_ids) = self._get_used_edges(context, subnet,
availability_zone)
LOG.debug("The available edges %s, the conflict edges %s ",
available_edge_ids, conflict_edge_ids)
edge_id = None
# Check if the network can stay on the existing DHCP edge
if dhcp_edge_binding:
edge_id = dhcp_edge_binding['edge_id']
LOG.debug("At present network %s is using edge %s",
network_id, edge_id)
with locking.LockManager.get_lock(str(edge_id)):
# Delete the existing vnic interface if there is
# an overlapping subnet or the binding is in ERROR status
if (edge_id in conflict_edge_ids or
dhcp_edge_binding['status'] == constants.ERROR):
LOG.debug("Removing network %s from dhcp edge %s",
network_id, edge_id)
self.remove_network_from_dhcp_edge(context,
network_id, edge_id)
edge_id = None
if not edge_id:
#Attach the network to a new Edge and update vnic:
#1. Find an available existing edge or create a new one
#2. For the existing one, cut off the old port group
# connection
#3. Create the new port group connection to an existing one
#4. Update the address groups to the vnic
if available_edge_ids:
new_id = self._get_random_available_edge(
available_edge_ids)
if new_id:
LOG.debug("Select edge %s to support dhcp for "
"network %s", new_id, network_id)
self.reuse_existing_dhcp_edge(
context, new_id, resource_id, network_id,
availability_zone)
else:
allocate_new_edge = True
else:
allocate_new_edge = True
if allocate_new_edge:
self.allocate_new_dhcp_edge(context, network_id, resource_id,
availability_zone)
# If a new Edge was allocated, return resource_id
return resource_id
def update_dhcp_edge_service(self, context, network_id,
address_groups=None):
"""Update the subnet to the dhcp edge vnic."""
if address_groups is None:
address_groups = []
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
edge_binding = nsxv_db.get_nsxv_router_binding(context.session,
resource_id)
if not edge_binding:
LOG.warning('Edge binding does not exist for network %s',
network_id)
return
dhcp_binding = nsxv_db.get_edge_vnic_binding(context.session,
edge_binding['edge_id'],
network_id)
if dhcp_binding:
edge_id = dhcp_binding['edge_id']
with locking.LockManager.get_lock(str(edge_id)):
vnic_index = dhcp_binding['vnic_index']
tunnel_index = dhcp_binding['tunnel_index']
LOG.debug('Update the dhcp service for %s on vnic %d tunnel '
'%d',
edge_id, vnic_index, tunnel_index)
try:
self._update_dhcp_internal_interface(
context, edge_id, vnic_index, tunnel_index, network_id,
address_groups)
ports = self.nsxv_plugin.get_ports(
context, filters={'network_id': [network_id]})
inst_ports = [port
for port in ports
if port['device_owner'].startswith(
"compute")]
if inst_ports:
# update dhcp service config for the new added network
self.update_dhcp_service_config(context, edge_id)
except nsxapi_exc.VcnsApiException:
with excutils.save_and_reraise_exception():
LOG.exception(
'Failed to update the dhcp service for '
'%(edge_id)s on vnic %(vnic_index)d '
'tunnel %(tunnel_index)d',
{'edge_id': edge_id,
'vnic_index': vnic_index,
'tunnel_index': tunnel_index})
self._mark_router_bindings_status_error(
context, edge_id,
error_reason="update dhcp edge service")
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception(
'Failed to update the dhcp service for '
'%(edge_id)s on vnic %(vnic_index)d '
'tunnel %(tunnel_index)d',
{'edge_id': edge_id,
'vnic_index': vnic_index,
'tunnel_index': tunnel_index})
def delete_dhcp_edge_service(self, context, network_id):
"""Delete an edge for dhcp service."""
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
edge_binding = nsxv_db.get_nsxv_router_binding(context.session,
resource_id)
if edge_binding:
dhcp_binding = nsxv_db.get_edge_vnic_binding(
context.session, edge_binding['edge_id'], network_id)
if dhcp_binding:
edge_id = dhcp_binding['edge_id']
with locking.LockManager.get_lock(str(edge_id)):
vnic_index = dhcp_binding['vnic_index']
tunnel_index = dhcp_binding['tunnel_index']
LOG.debug("Delete the tunnel %d on vnic %d from DHCP Edge "
"%s", tunnel_index, vnic_index, edge_id)
nsxv_db.free_edge_vnic_by_network(context.session,
edge_id,
network_id)
try:
self._delete_dhcp_internal_interface(context, edge_id,
vnic_index,
tunnel_index,
network_id)
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception('Failed to delete the tunnel '
'%(tunnel_index)d on vnic '
'%(vnic_index)d'
'from DHCP Edge %(edge_id)s',
{'tunnel_index': tunnel_index,
'vnic_index': vnic_index,
'edge_id': edge_id})
def _update_address_in_dict(self, address_groups, old_ip, new_ip,
subnet_mask):
"""Update the address_groups data structure to replace the old ip
with a new one.
If the old ip is None - if the ip matches an existing subnet:
add it as a secondary ip.
else - add a new address group for the new ip
If the new ip is none - delete the primary/secondary entry with the
old ip.
If the old ip was not found - return False
Otherwise - return True
"""
if old_ip is None:
# Adding a new IP
# look for an address group with a primary ip in the same subnet
# as the new ip
for address_group in address_groups['addressGroups']:
if (netaddr.IPAddress(new_ip) in
netaddr.IPNetwork(address_group['primaryAddress'] + '/' +
address_group['subnetPrefixLength'])):
# we should add the new ip as a secondary address in this
# address group
if (address_group.get('secondaryAddresses') is not None):
secondary = address_group['secondaryAddresses']
secondary['ipAddress'].append(new_ip)
else:
address_group['secondaryAddresses'] = {
'type': 'secondary_addresses',
'ipAddress': [new_ip]}
return True
# Could not find the same subnet - add a new address group
address_group = {
'primaryAddress': new_ip,
'subnetMask': subnet_mask
}
address_groups['addressGroups'].append(address_group)
return True
for ind, address_group in enumerate(
address_groups['addressGroups']):
if address_group['primaryAddress'] == old_ip:
# this is the one we should update
if new_ip:
address_group['primaryAddress'] = new_ip
else:
# delete this entry
address_groups['addressGroups'].pop(ind)
return True
# try to find a match in the secondary ips
if (address_group.get('secondaryAddresses') is not None):
secondary = address_group['secondaryAddresses']
secondary_ips = secondary['ipAddress']
if old_ip in secondary_ips:
# We should update the secondary addresses
if new_ip:
# replace the old with the new
secondary_ips.remove(old_ip)
secondary_ips.append(new_ip)
else:
# delete this entry
if len(secondary_ips) == 1:
# delete the whole structure
del address_group['secondaryAddresses']
else:
secondary_ips.remove(old_ip)
return True
# The old ip was not found
return False
def update_interface_addr(self, context, edge_id, old_ip, new_ip,
subnet_mask, is_uplink=False):
with locking.LockManager.get_lock(edge_id):
# get the current interfaces configuration
r = self.nsxv_manager.vcns.get_interfaces(edge_id)[1]
vnics = r.get('vnics', [])
# Go over the vnics to find the one we should update
for vnic in vnics:
if ((is_uplink and vnic['type'] == 'uplink') or
not is_uplink and vnic['type'] != 'uplink'):
if self._update_address_in_dict(
vnic['addressGroups'], old_ip, new_ip, subnet_mask):
self.nsxv_manager.vcns.update_interface(edge_id, vnic)
return
# If we got here - we didn't find the old ip:
error = (_("Failed to update interface ip "
"on edge %(eid)s: Cannot find the previous ip %(ip)s") %
{'eid': edge_id, 'ip': old_ip})
raise nsx_exc.NsxPluginException(err_msg=error)
def update_vdr_interface_addr(self, context, edge_id, vnic_index,
old_ip, new_ip, subnet_mask):
with locking.LockManager.get_lock(edge_id):
# get the current interfaces configuration
vnic = self.nsxv_manager.vcns.get_vdr_internal_interface(
edge_id, vnic_index)[1]
if self._update_address_in_dict(
vnic['addressGroups'], old_ip, new_ip, subnet_mask):
interface_req = {'interface': vnic}
self.nsxv_manager.vcns.update_vdr_internal_interface(
edge_id, vnic_index, interface_req)
return
# If we got here - we didn't find the old ip:
error = (_("Failed to update VDR interface ip "
"on edge %(eid)s: Cannot find the previous ip %(ip)s") %
{'eid': edge_id, 'ip': old_ip})
raise nsx_exc.NsxPluginException(err_msg=error)
def get_plr_by_tlr_id(self, context, router_id):
lswitch_id = None
binding = nsxv_db.get_nsxv_router_binding(
context.session, router_id)
if binding:
lswitch_id = binding.lswitch_id
if lswitch_id:
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_int_lswitch(
context.session, lswitch_id)
if edge_vnic_bindings:
for edge_vnic_binding in edge_vnic_bindings:
plr_router_id = nsxv_db.get_nsxv_router_bindings_by_edge(
context.session,
edge_vnic_binding.edge_id)[0].router_id
if plr_router_id != router_id:
return plr_router_id
def create_plr_with_tlr_id(self, context, router_id, router_name,
availability_zone):
# Add an internal network preparing for connecting the VDR
# to a PLR
tlr_edge_id = nsxv_db.get_nsxv_router_binding(
context.session, router_id).edge_id
# First create an internal lswitch
lswitch_name = ('int-' + router_name + router_id)[:36]
virtual_wire = {"name": lswitch_name,
"tenantId": "virtual wire tenant"}
config_spec = {"virtualWireCreateSpec": virtual_wire}
vdn_scope_id = availability_zone.vdn_scope_id
h, lswitch_id = self.nsxv_manager.vcns.create_virtual_wire(
vdn_scope_id, config_spec)
# add vdr's external interface to the lswitch
tlr_vnic_index = self.nsxv_manager.add_vdr_internal_interface(
tlr_edge_id, lswitch_id,
address=get_vdr_transit_network_tlr_address(),
netmask=get_vdr_transit_network_netmask(),
type="uplink")
nsxv_db.create_edge_vnic_binding(
context.session, tlr_edge_id, tlr_vnic_index, lswitch_id)
# store the lswitch_id into nsxv_router_binding
nsxv_db.update_nsxv_router_binding(
context.session, router_id,
lswitch_id=lswitch_id)
# Handle plr relative op
plr_router = {'name': router_name,
'id': (vcns_const.PLR_EDGE_PREFIX + _uuid())[:36]}
self.create_lrouter(
context, plr_router,
availability_zone=availability_zone,
appliance_size=cfg.CONF.nsxv.exclusive_router_appliance_size)
binding = nsxv_db.get_nsxv_router_binding(
context.session, plr_router['id'])
plr_edge_id = binding['edge_id']
plr_vnic_index = nsxv_db.allocate_edge_vnic(
context.session, plr_edge_id, lswitch_id).vnic_index
#TODO(berlin): the internal ip should change based on vnic_index
self.nsxv_manager.update_interface(
plr_router['id'], plr_edge_id, plr_vnic_index, lswitch_id,
address=get_vdr_transit_network_plr_address(),
netmask=get_vdr_transit_network_netmask())
return plr_router['id']
def delete_plr_by_tlr_id(self, context, plr_id, router_id):
# Delete plr's internal interface which connects to internal switch
tlr_binding = nsxv_db.get_nsxv_router_binding(
context.session, router_id)
lswitch_id = tlr_binding.lswitch_id
tlr_edge_id = tlr_binding.edge_id
router_binding = nsxv_db.get_nsxv_router_binding(
context.session, plr_id)
if router_binding is None:
LOG.error("Router binding not found for router: %s",
router_id)
else:
plr_edge_id = router_binding.edge_id
vnic_binding = nsxv_db.get_edge_vnic_binding(
context.session, plr_edge_id, lswitch_id)
if vnic_binding is None:
LOG.error("Vnic binding not found for router: %s",
router_id)
else:
# Clear static routes before delete internal vnic
self.nsxv_manager.update_routes(plr_edge_id, None, [])
# Delete internal vnic
self.nsxv_manager.delete_interface(plr_id, plr_edge_id,
vnic_binding.vnic_index)
nsxv_db.free_edge_vnic_by_network(
context.session, plr_edge_id, lswitch_id)
# Delete the PLR
self.delete_lrouter(context, plr_id)
# Clear static routes of vdr
self.nsxv_manager.update_routes(tlr_edge_id, None, [])
#First delete the vdr's external interface
tlr_vnic_binding = nsxv_db.get_edge_vnic_binding(
context.session, tlr_edge_id, lswitch_id)
if tlr_vnic_binding is None:
LOG.error("Vnic binding not found for router: %s", router_id)
else:
self.nsxv_manager.delete_vdr_internal_interface(
tlr_edge_id, tlr_vnic_binding.vnic_index)
nsxv_db.delete_edge_vnic_binding_by_network(
context.session, tlr_edge_id, lswitch_id)
try:
# Then delete the internal lswitch
self.nsxv_manager.delete_virtual_wire(lswitch_id)
except Exception:
LOG.warning("Failed to delete virtual wire: %s", lswitch_id)
def get_routers_on_edge(self, context, edge_id):
router_ids = []
valid_router_ids = []
if edge_id:
router_ids = [
binding['router_id']
for binding in nsxv_db.get_nsxv_router_bindings_by_edge(
context.session, edge_id)]
if router_ids:
valid_router_ids = self.plugin.get_routers(
context.elevated(),
filters={'id': router_ids},
fields=['id'])
valid_router_ids = [ele['id'] for ele in valid_router_ids]
if set(valid_router_ids) != set(router_ids):
LOG.error("Get invalid router bindings with "
"router ids: %s",
str(set(router_ids) - set(valid_router_ids)))
return valid_router_ids
def get_routers_on_same_edge(self, context, router_id):
edge_binding = nsxv_db.get_nsxv_router_binding(
context.session, router_id)
if edge_binding:
return self.get_routers_on_edge(context, edge_binding['edge_id'])
return []
def bind_router_on_available_edge(
self, context, target_router_id,
optional_router_ids, conflict_router_ids,
conflict_network_ids, network_number, availability_zone):
"""Bind logical shared router on an available edge.
Return True if the logical router is bound to a new edge.
"""
with locking.LockManager.get_lock('nsx-edge-router'):
optional_edge_ids = []
conflict_edge_ids = []
for router_id in optional_router_ids:
binding = nsxv_db.get_nsxv_router_binding(
context.session, router_id)
if (binding and binding.status == constants.ACTIVE and
binding.availability_zone == availability_zone.name and
binding.edge_id not in optional_edge_ids):
optional_edge_ids.append(binding.edge_id)
for router_id in conflict_router_ids:
binding = nsxv_db.get_nsxv_router_binding(
context.session, router_id)
if binding and binding.edge_id not in conflict_edge_ids:
conflict_edge_ids.append(binding.edge_id)
optional_edge_ids = list(
set(optional_edge_ids) - set(conflict_edge_ids))
max_net_number = 0
available_edge_id = None
for edge_id in optional_edge_ids:
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
context.session, edge_id)
# one vnic is used to provide external access.
net_number = (
vcns_const.MAX_VNIC_NUM - len(edge_vnic_bindings) - 1)
if (net_number > max_net_number and
net_number >= network_number):
net_ids = [vnic_binding.network_id
for vnic_binding in edge_vnic_bindings]
if not (set(conflict_network_ids) & set(net_ids)):
max_net_number = net_number
available_edge_id = edge_id
else:
# TODO(yangyu): Remove conflict_network_ids
LOG.warning(
"Failed to query conflict_router_ids")
if available_edge_id:
edge_binding = nsxv_db.get_nsxv_router_bindings_by_edge(
context.session, available_edge_id)[0]
nsxv_db.add_nsxv_router_binding(
context.session, target_router_id,
edge_binding.edge_id, None,
edge_binding.status,
edge_binding.appliance_size,
edge_binding.edge_type,
availability_zone=availability_zone.name)
else:
router_name = ('shared' + '-' + _uuid())[
:vcns_const.EDGE_NAME_LEN]
self._allocate_edge_appliance(
context, target_router_id, router_name,
appliance_size=cfg.CONF.nsxv.shared_router_appliance_size,
availability_zone=availability_zone)
return True
def unbind_router_on_edge(self, context, router_id):
"""Unbind a logical router from edge.
Return True if no logical router bound to the edge.
"""
with locking.LockManager.get_lock('nsx-edge-router'):
# free edge if no other routers bound to the edge
router_ids = self.get_routers_on_same_edge(context, router_id)
if router_ids == [router_id]:
self._free_edge_appliance(context, router_id)
return True
nsxv_db.delete_nsxv_router_binding(context.session, router_id)
def is_router_conflict_on_edge(self, context, router_id,
conflict_router_ids,
conflict_network_ids,
intf_num=0):
with locking.LockManager.get_lock('nsx-edge-router'):
router_ids = self.get_routers_on_same_edge(context, router_id)
if set(router_ids) & set(conflict_router_ids):
return True
router_binding = nsxv_db.get_nsxv_router_binding(context.session,
router_id)
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
context.session, router_binding.edge_id)
if (vcns_const.MAX_VNIC_NUM - len(edge_vnic_bindings
) - 1 < intf_num):
LOG.debug("There isn't available edge vnic for the router: %s",
router_id)
return True
for binding in edge_vnic_bindings:
if binding.network_id in conflict_network_ids:
return True
return False
def delete_dhcp_binding(self, context, port_id, network_id, mac_address):
edge_id = get_dhcp_edge_id(context, network_id)
if edge_id:
dhcp_binding = nsxv_db.get_edge_dhcp_static_binding(
context.session, edge_id, mac_address)
if dhcp_binding:
with locking.LockManager.get_lock(str(edge_id)):
# We need to read the binding from the NSX to check that
# we are not deleting a updated entry. This may be the
# result of a async nova create and nova delete and the
# same port IP is selected
binding = get_dhcp_binding_for_binding_id(
self.nsxv_manager, edge_id, dhcp_binding.binding_id)
# The hostname is the port_id so we have a unique
# identifier
if binding and binding['hostname'] == port_id:
self.nsxv_manager.vcns.delete_dhcp_binding(
edge_id, dhcp_binding.binding_id)
else:
LOG.warning("Failed to find binding on edge "
"%(edge_id)s for port "
"%(port_id)s with %(binding_id)s",
{'edge_id': edge_id,
'port_id': port_id,
'binding_id': dhcp_binding.binding_id})
nsxv_db.delete_edge_dhcp_static_binding(
context.session, edge_id, mac_address)
else:
LOG.warning("Failed to find dhcp binding on edge "
"%(edge_id)s to DELETE for port "
"%(port_id)s",
{'edge_id': edge_id,
'port_id': port_id})
else:
# This happens during network/subnet deletion
LOG.info("Didn't delete dhcp binding for port %(port_id)s: "
"No edge id", {'port_id': port_id})
@vcns.retry_upon_exception(nsxapi_exc.VcnsApiException, max_delay=10)
def _create_dhcp_binding(self, context, edge_id, binding):
try:
h, c = self.nsxv_manager.vcns.create_dhcp_binding(
edge_id, binding)
binding_id = h['location'].split('/')[-1]
nsxv_db.create_edge_dhcp_static_binding(
context.session, edge_id,
binding['macAddress'], binding_id)
except nsxapi_exc.VcnsApiException as e:
with excutils.save_and_reraise_exception():
binding_id = None
if e.response:
desc = jsonutils.loads(e.response)
if desc.get('errorCode') == (
vcns_const.NSX_ERROR_DHCP_DUPLICATE_MAC):
bindings = get_dhcp_binding_mappings(self.nsxv_manager,
edge_id)
binding_id = bindings.get(
binding['macAddress'].lower())
LOG.debug("Duplicate MAC for %s with binding %s",
binding['macAddress'], binding_id)
elif desc.get('errorCode') == (
vcns_const.NSX_ERROR_DHCP_OVERLAPPING_IP):
bindings = get_dhcp_binding_mappings_for_ips(
self.nsxv_manager, edge_id)
binding_id = bindings.get(binding['ipAddress'])
LOG.debug("Overlapping IP %s with binding %s",
binding['ipAddress'], binding_id)
elif desc.get('errorCode') == (
vcns_const.NSX_ERROR_DHCP_DUPLICATE_HOSTNAME):
bindings = get_dhcp_binding_mappings_for_hostname(
self.nsxv_manager, edge_id)
binding_id = bindings.get(binding['hostname'])
LOG.debug("Overlapping hostname %s with binding %s",
binding['hostname'], binding_id)
if binding_id:
self.nsxv_manager.vcns.delete_dhcp_binding(
edge_id, binding_id)
nsxv_db.delete_edge_dhcp_static_binding_id(
context.session, edge_id, binding_id)
return binding_id
def create_dhcp_bindings(self, context, port_id, network_id, bindings):
edge_id = get_dhcp_edge_id(context, network_id)
if edge_id:
# Check port is still there
try:
# Reload port db info
context.session.expire_all()
self.plugin.get_port(context, port_id)
except n_exc.PortNotFound:
LOG.warning(
"port %(port_id)s is deleted, so we would pass "
"creating dhcp binding on edge %(edge_id)s",
{'port_id': port_id,
'edge_id': edge_id})
return
configured_bindings = []
try:
for binding in bindings:
with locking.LockManager.get_lock(str(edge_id)):
binding_id = self._create_dhcp_binding(
context, edge_id, binding)
configured_bindings.append((binding_id,
binding['macAddress']))
except nsxapi_exc.VcnsApiException:
with excutils.save_and_reraise_exception():
for binding_id, mac_address in configured_bindings:
with locking.LockManager.get_lock(str(edge_id)):
self.nsxv_manager.vcns.delete_dhcp_binding(
edge_id, binding_id)
nsxv_db.delete_edge_dhcp_static_binding(
context.session, edge_id, mac_address)
else:
LOG.warning("Failed to create dhcp bindings since dhcp edge "
"for net %s not found at the backend",
network_id)
def _get_syslog_config_from_flavor(self, context, router_id, flavor_id):
if not validators.is_attr_set(flavor_id):
return
metainfo = self.plugin.get_flavor_metainfo(context, flavor_id)
return metainfo.get('syslog')
def update_external_interface(
self, nsxv_manager, context, router_id, ext_net_id,
ipaddr, netmask, secondary=None):
secondary = secondary or []
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
# If no binding was found, no interface to update - exit
if not binding:
LOG.error('Edge binding not found for router %s', router_id)
return
net_bindings = nsxv_db.get_network_bindings(
context.session, ext_net_id)
if not net_bindings:
az_name = binding.availability_zone
az = self._availability_zones.get_availability_zone(az_name)
vcns_network_id = az.external_network
else:
vcns_network_id = net_bindings[0].phy_uuid
# reorganize external vnic's address groups
if netmask:
address_groups = []
addr_list = []
for str_cidr in netmask:
ip_net = netaddr.IPNetwork(str_cidr)
address_group = {'primaryAddress': None,
'subnetPrefixLength': str(ip_net.prefixlen)}
if (ipaddr not in addr_list and
_check_ipnet_ip(ip_net, ipaddr)):
address_group['primaryAddress'] = ipaddr
addr_list.append(ipaddr)
for sec_ip in secondary:
if (sec_ip not in addr_list and
_check_ipnet_ip(ip_net, sec_ip)):
if not address_group['primaryAddress']:
address_group['primaryAddress'] = sec_ip
else:
if not address_group.get('secondaryAddresses'):
address_group['secondaryAddresses'] = {
'ipAddress': [sec_ip],
'type': 'secondary_addresses'}
else:
address_group['secondaryAddresses'][
'ipAddress'].append(sec_ip)
addr_list.append(sec_ip)
if address_group['primaryAddress']:
address_groups.append(address_group)
if ipaddr not in addr_list:
LOG.error("primary address %s of ext vnic is not "
"configured", ipaddr)
if secondary:
missed_ip_sec = set(secondary) - set(addr_list)
if missed_ip_sec:
LOG.error("secondary address %s of ext vnic are not "
"configured", str(missed_ip_sec))
nsxv_manager.update_interface(router_id, binding['edge_id'],
vcns_const.EXTERNAL_VNIC_INDEX,
vcns_network_id,
address_groups=address_groups)
else:
nsxv_manager.update_interface(router_id, binding['edge_id'],
vcns_const.EXTERNAL_VNIC_INDEX,
vcns_network_id,
address=ipaddr,
netmask=netmask,
secondary=secondary)
def create_lrouter(nsxv_manager, context, lrouter, lswitch=None, dist=False,
availability_zone=None):
"""Create an edge for logical router support."""
router_id = lrouter['id']
router_name = lrouter['name'] + '-' + router_id
appliance_size = get_service_edge_size(parse_service_edge_size(),
'router')
# store router-edge mapping binding
nsxv_db.add_nsxv_router_binding(
context.session, router_id, None, None,
constants.PENDING_CREATE,
appliance_size=appliance_size,
availability_zone=availability_zone.name)
# deploy edge
nsxv_manager.deploy_edge(
context, router_id, router_name, internal_network=None, dist=dist,
appliance_size=appliance_size, availability_zone=availability_zone)
def delete_lrouter(nsxv_manager, context, router_id, dist=False):
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
if binding:
nsxv_db.update_nsxv_router_binding(
context.session, router_id,
status=constants.PENDING_DELETE)
edge_id = binding['edge_id']
# delete edge
nsxv_manager.delete_edge(context, router_id, edge_id, dist=dist)
else:
LOG.warning("router binding for router: %s not found", router_id)
def remove_irrelevant_keys_from_edge_request(edge_request):
"""Remove some unnecessary keys from the edge request.
Having these keys fail the update edge NSX transaction
"""
for key in ['status', 'datacenterMoid', 'fqdn', 'version',
'tenant', 'datacenterName',
'hypervisorAssist', 'universal', 'enableFips']:
edge_request.pop(key, None)
def _retrieve_nsx_switch_id(context, network_id, az_name):
"""Helper method to retrieve backend switch ID."""
bindings = nsxv_db.get_network_bindings(context.session, network_id)
if bindings:
binding = bindings[0]
network_type = binding['binding_type']
if (network_type == c_utils.NsxVNetworkTypes.VLAN and
binding['phy_uuid'] != ''):
if ',' not in binding['phy_uuid']:
dvs_id = binding['phy_uuid']
else:
# If network is of type VLAN and multiple dvs associated with
# one neutron network, retrieve the logical network id for the
# edge/mgmt cluster's DVS from the networks availability zone.
azs = nsx_az.NsxVAvailabilityZones()
az = azs.get_availability_zone(az_name)
dvs_id = az.dvs_id
return nsx_db.get_nsx_switch_id_for_dvs(
context.session, network_id, dvs_id)
# Get the physical port group /wire id of the network id
mappings = nsx_db.get_nsx_switch_ids(context.session, network_id)
if mappings:
return mappings[0]
raise nsx_exc.NsxPluginException(
err_msg=_("Network %s not found at the backend") % network_id)
def get_dhcp_edge_id(context, network_id):
# Query edge id
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
binding = nsxv_db.get_nsxv_router_binding(context.session,
resource_id)
if binding:
edge_id = binding['edge_id']
return edge_id
def get_dhcp_binding_mappings(nsxv_manager, edge_id):
dhcp_config = query_dhcp_service_config(nsxv_manager, edge_id)
bindings_get = {}
if dhcp_config:
for binding in dhcp_config['staticBindings']['staticBindings']:
bindings_get[binding['macAddress'].lower()] = binding['bindingId']
return bindings_get
def get_dhcp_binding_mappings_for_ips(nsxv_manager, edge_id):
dhcp_config = query_dhcp_service_config(nsxv_manager, edge_id)
bindings_get = {}
if dhcp_config:
for binding in dhcp_config['staticBindings']['staticBindings']:
bindings_get[binding['ipAddress']] = binding['bindingId']
return bindings_get
def get_dhcp_binding_mappings_for_hostname(nsxv_manager, edge_id):
dhcp_config = query_dhcp_service_config(nsxv_manager, edge_id)
bindings_get = {}
if dhcp_config:
for binding in dhcp_config['staticBindings']['staticBindings']:
bindings_get[binding['hostname']] = binding['bindingId']
return bindings_get
def _get_dhcp_binding_for_binding_id(nsxv_manager, edge_id, binding_id):
dhcp_config = query_dhcp_service_config(nsxv_manager, edge_id)
if dhcp_config:
for binding in dhcp_config['staticBindings']['staticBindings']:
if binding['bindingId'] == binding_id:
return binding
def _get_dhcp_binding(nsxv_manager, edge_id, binding_id):
try:
h, dhcp_binding = nsxv_manager.vcns.get_dhcp_binding(edge_id,
binding_id)
return dhcp_binding
except Exception:
return
def get_dhcp_binding_for_binding_id(nsxv_manager, edge_id, binding_id):
# API for specific binding is supported in NSX 6.2.8 and 6.3.3 onwards
ver = nsxv_manager.vcns.get_version()
if c_utils.is_nsxv_dhcp_binding_supported(ver):
return _get_dhcp_binding(nsxv_manager, edge_id, binding_id)
return _get_dhcp_binding_for_binding_id(nsxv_manager, edge_id, binding_id)
def query_dhcp_service_config(nsxv_manager, edge_id):
"""Retrieve the current DHCP configuration from the edge."""
_, dhcp_config = nsxv_manager.vcns.query_dhcp_configuration(edge_id)
return dhcp_config
def get_router_edge_id(context, router_id):
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
if binding:
return binding['edge_id']
def update_gateway(nsxv_manager, context, router_id, nexthop, routes=None):
binding = nsxv_db.get_nsxv_router_binding(context.session,
router_id)
edge_id = binding['edge_id']
if routes is None:
routes = []
nsxv_manager.update_routes(edge_id, nexthop, routes)
def get_routes(edge_manager, context, router_id):
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
if not binding:
LOG.error('Router binding not found for router %s', router_id)
return []
edge_id = binding['edge_id']
vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(context.session,
edge_id)
if not vnic_bindings:
LOG.error('vNic binding not found for edge %s', edge_id)
return []
h, routes = edge_manager.vcns.get_routes(edge_id)
edge_routes = routes.get('staticRoutes')
routes = []
for edge_route in edge_routes.get('staticRoutes'):
for vnic_binding in vnic_bindings:
if vnic_binding['vnic_index'] == int(edge_route['vnic']):
route = {'network_id': vnic_binding['network_id'],
'nexthop': edge_route['nextHop'],
'destination': edge_route['network']}
routes.append(route)
break
return routes
def update_routes(edge_manager, context, router_id, routes, nexthop=None):
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
if not binding:
LOG.error('Router binding not found for router %s', router_id)
return
edge_id = binding['edge_id']
edge_routes = []
for route in routes:
if not route.get('network_id'):
LOG.warning("There is no network info for the route %s, so "
"the route entry would not be executed!", route)
continue
if route.get('external'):
edge_routes.append({
'vnic_index': vcns_const.EXTERNAL_VNIC_INDEX,
'cidr': route['destination'],
'nexthop': route['nexthop']})
else:
vnic_binding = nsxv_db.get_edge_vnic_binding(
context.session, edge_id, route['network_id'])
if (netaddr.IPAddress(route['nexthop']) in
netaddr.IPNetwork(route['destination'])):
# check that the nexthop is not in the destination
LOG.error("Cannot add route with nexthop %(nexthop)s "
"contained in the destination: %(dest)s.",
{'dest': route['destination'],
'nexthop': route['nexthop']})
continue
if vnic_binding and vnic_binding.get('vnic_index'):
edge_routes.append({
'vnic_index': vnic_binding['vnic_index'],
'cidr': route['destination'],
'nexthop': route['nexthop']})
else:
LOG.error("vnic binding on edge %(edge_id)s for network "
"%(net_id)s not found, so route: destination: "
"%(dest)s, nexthop: %(nexthop)s can't be "
"applied!",
{'edge_id': edge_id,
'net_id': route['network_id'],
'dest': route['destination'],
'nexthop': route['nexthop']})
edge_manager.update_routes(edge_id, nexthop, edge_routes)
def get_internal_lswitch_id_of_plr_tlr(context, router_id):
return nsxv_db.get_nsxv_router_binding(
context.session, router_id).lswitch_id
def get_internal_vnic_index_of_plr_tlr(context, router_id):
router_binding = nsxv_db.get_nsxv_router_binding(
context.session, router_id)
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
context.session, router_binding.edge_id, router_binding.lswitch_id)
return edge_vnic_binding.vnic_index
def clear_gateway(nsxv_manager, context, router_id):
return update_gateway(nsxv_manager, context, router_id, None)
def _check_ipnet_ip(ipnet, ip_address):
"""Check one ip is valid ip from ipnet."""
ip = netaddr.IPAddress(ip_address)
if (ip != ipnet.netmask and
ip != ipnet[-1] and
ipnet.netmask & ip == ipnet.network):
return True
return False
def update_internal_interface(nsxv_manager, context, router_id, int_net_id,
address_groups, is_connected=True):
# Get edge id
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
edge_id = binding['edge_id']
# Get the pg/wire id of the network id
az_name = binding['availability_zone']
vcns_network_id = _retrieve_nsx_switch_id(context, int_net_id, az_name)
LOG.debug("Network id %(network_id)s corresponding ref is : "
"%(net_moref)s", {'network_id': int_net_id,
'net_moref': vcns_network_id})
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
context.session, edge_id, int_net_id)
# if edge_vnic_binding is None, then first select one available
# internal vnic for connection.
if not edge_vnic_binding:
edge_vnic_binding = nsxv_db.allocate_edge_vnic(
context.session, edge_id, int_net_id)
nsxv_manager.update_interface(router_id, edge_id,
edge_vnic_binding.vnic_index,
vcns_network_id,
is_connected=is_connected,
address_groups=address_groups)
def add_vdr_internal_interface(nsxv_manager, context, router_id,
int_net_id, address_groups, is_connected=True):
# Get edge id
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
edge_id = binding['edge_id']
# Get the pg/wire id of the network id
az_name = binding['availability_zone']
vcns_network_id = _retrieve_nsx_switch_id(context, int_net_id, az_name)
LOG.debug("Network id %(network_id)s corresponding ref is : "
"%(net_moref)s", {'network_id': int_net_id,
'net_moref': vcns_network_id})
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
context.session, edge_id, int_net_id)
if not edge_vnic_binding:
vnic_index = nsxv_manager.add_vdr_internal_interface(
edge_id, vcns_network_id, address_groups=address_groups,
is_connected=is_connected)
nsxv_db.create_edge_vnic_binding(
context.session, edge_id, vnic_index, int_net_id)
else:
msg = (_("Distributed Router doesn't support multiple subnets "
"with same network attached to it."))
raise n_exc.BadRequest(resource='vdr', msg=msg)
def update_vdr_internal_interface(nsxv_manager, context, router_id, int_net_id,
address_groups, is_connected=True):
# Get edge id
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
edge_id = binding['edge_id']
# Get the pg/wire id of the network id
az_name = binding['availability_zone']
vcns_network_id = _retrieve_nsx_switch_id(context, int_net_id, az_name)
LOG.debug("Network id %(network_id)s corresponding ref is : "
"%(net_moref)s", {'network_id': int_net_id,
'net_moref': vcns_network_id})
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
context.session, edge_id, int_net_id)
nsxv_manager.update_vdr_internal_interface(
edge_id, edge_vnic_binding.vnic_index, vcns_network_id,
address_groups=address_groups, is_connected=is_connected)
def delete_interface(nsxv_manager, context, router_id, network_id, dist=False):
# Get edge id
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
if not binding:
LOG.warning("Failed to find the router binding for router %s",
router_id)
return
edge_id = binding['edge_id']
# Get the pg/wire id of the network id
az_name = binding['availability_zone']
vcns_network_id = _retrieve_nsx_switch_id(context, network_id, az_name)
LOG.debug("Network id %(network_id)s corresponding ref is : "
"%(net_moref)s", {'network_id': network_id,
'net_moref': vcns_network_id})
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
context.session, edge_id, network_id)
if not edge_vnic_binding:
LOG.warning("Failed to find the network %(net_id)s "
"corresponding vnic index on edge %(edge_id)s",
{'net_id': network_id,
'edge_id': edge_id})
return
if not dist:
nsxv_manager.delete_interface(
router_id, edge_id, edge_vnic_binding.vnic_index)
nsxv_db.free_edge_vnic_by_network(
context.session, edge_id, network_id)
else:
nsxv_manager.delete_vdr_internal_interface(
edge_id, edge_vnic_binding.vnic_index)
nsxv_db.delete_edge_vnic_binding_by_network(
context.session, edge_id, network_id)
def update_nat_rules(nsxv_manager, context, router_id, snat, dnat, az=None):
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
if binding:
if not az:
azs = nsx_az.NsxVAvailabilityZones()
az = azs.get_availability_zone(binding['availability_zone'])
bind_to_all = az.bind_floatingip_to_all_interfaces
indices = None
if bind_to_all:
# from 6.2.4 onwards, unspecified vnic will result
# in binding the rule to all interfaces
ver = nsxv_manager.vcns.get_version()
if version.LooseVersion(ver) < version.LooseVersion('6.2.4'):
LOG.debug("NSX version %s requires explicit nat rule "
"for each interface", ver)
edge_id = binding['edge_id']
vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
context.session, edge_id)
indices = [vnic_binding.vnic_index
for vnic_binding in vnic_bindings]
indices.append(vcns_const.EXTERNAL_VNIC_INDEX)
else:
LOG.debug("Configuring nat rules on external "
"interface only for %s", router_id)
indices = [vcns_const.EXTERNAL_VNIC_INDEX]
nsxv_manager.update_nat_rules(binding['edge_id'], snat, dnat, indices)
else:
LOG.warning("Bindings do not exists for %s", router_id)
def clear_nat_rules(nsxv_manager, context, router_id):
update_nat_rules(nsxv_manager, context, router_id, [], [])
def update_firewall(nsxv_manager, context, router_id, firewall,
allow_external=True):
binding = nsxv_db.get_nsxv_router_binding(
context.session, router_id)
if binding:
edge_id = binding['edge_id']
nsxv_manager.update_firewall(edge_id, firewall, context,
allow_external=allow_external)
else:
LOG.warning("Bindings do not exists for %s", router_id)
def check_network_in_use_at_backend(context, network_id):
retries = max(cfg.CONF.nsxv.retries, 1)
delay = 0.5
for attempt in range(1, retries + 1):
if attempt != 1:
time.sleep(delay)
delay = min(2 * delay, 60)
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_int_lswitch(
context.session, network_id)
if not edge_vnic_bindings:
return
LOG.warning('NSXv: network is still in use at the backend')
LOG.error('NSXv: network is still in use at the backend')
def default_loglevel_modifier(config, level):
"""Modify log level settings in edge config bulk (standard syntax)"""
if 'logging' not in config:
LOG.error("Logging section missing in configuration")
return False
enable = True
if level == 'none':
enable = False
level = 'info' # default
config['logging']['enable'] = enable
config['logging']['logLevel'] = level
return True
def routing_loglevel_modifier(config, level):
"""Modify log level in routing global settings"""
if 'routingGlobalConfig' not in config:
LOG.error("routingGlobalConfig section missing in config")
return False
return default_loglevel_modifier(config['routingGlobalConfig'],
level)
def get_loglevel_modifier(module, level):
"""Pick modifier according to module and set log level"""
special_modifiers = {'routing': routing_loglevel_modifier}
modifier = default_loglevel_modifier
if module in special_modifiers.keys():
modifier = special_modifiers[module]
def wrapper(config):
return modifier(config, level)
return wrapper
def update_edge_loglevel(vcns_obj, edge_id, module, level):
"""Update loglevel on edge for specified module"""
if module not in SUPPORTED_EDGE_LOG_MODULES:
LOG.error("Unrecognized logging module %s - ignored", module)
return
if level not in SUPPORTED_EDGE_LOG_LEVELS:
LOG.error("Unrecognized log level %s - ignored", level)
return
vcns_obj.update_edge_config_with_modifier(
edge_id, module, get_loglevel_modifier(module, level))
def update_edge_host_groups(vcns_obj, edge_id, dvs_obj, availability_zone,
validate=False):
# Update edge DRS host groups
h, appliances = vcns_obj.get_edge_appliances(edge_id)
vms = [appliance['vmId']
for appliance in appliances['appliances']]
if validate:
configured_vms = dvs_obj.get_configured_vms(
availability_zone.resource_pool,
availability_zone.edge_host_groups)
for vm in vms:
if vm in configured_vms:
LOG.info('Edge %s already configured', edge_id)
return
LOG.info('Create DRS groups for %(vms)s on edge %(edge_id)s',
{'vms': vms, 'edge_id': edge_id})
# Ensure random distribution of the VMs
if availability_zone.ha_placement_random:
if len(vms) < len(availability_zone.edge_host_groups):
# add some empty vms to the list, so it will randomize between
# all host groups
vms.extend([None] * (len(availability_zone.edge_host_groups) -
len(vms)))
random.shuffle(vms)
try:
dvs_obj.update_cluster_edge_failover(
availability_zone.resource_pool,
vms, availability_zone.edge_host_groups)
except Exception as e:
LOG.error('Unable to create DRS groups for '
'%(vms)s on edge %(edge_id)s. Error: %(e)s',
{'vms': vms,
'edge_id': edge_id,
'e': e})
def clean_host_groups(dvs_obj, availability_zone):
try:
LOG.info('Cleaning up host groups for AZ %s',
availability_zone.name)
dvs_obj.cluster_host_group_cleanup(
availability_zone.resource_pool,
availability_zone.edge_host_groups)
except Exception as e:
LOG.error('Unable to cleanup. Error: %s', e)
class NsxVCallbacks(object):
"""Edge callback implementation Callback functions for
asynchronous tasks.
"""
def __init__(self, plugin):
self.plugin = plugin
if cfg.CONF.nsxv.use_dvs_features:
self._vcm = dvs.VCManager()
else:
self._vcm = None
@log_helpers.log_method_call
def complete_edge_creation(self, context, edge_id, name, router_id, dist,
deploy_successful, availability_zone=None,
deploy_metadata=False):
router_db = None
if uuidutils.is_uuid_like(router_id):
try:
router_db = self.plugin._get_router(context, router_id)
except l3_exc.RouterNotFound:
# Router might have been deleted before deploy finished
LOG.warning("Router %s not found", name)
if deploy_successful:
metadata_proxy_handler = self.plugin.get_metadata_proxy_handler(
availability_zone.name)
if deploy_metadata and metadata_proxy_handler:
LOG.debug('Update metadata for resource %s',
router_id)
metadata_proxy_handler.configure_router_edge(
context, router_id)
self.plugin.setup_dhcp_edge_fw_rules(context, self.plugin,
router_id)
LOG.debug("Successfully deployed %(edge_id)s for router %(name)s",
{'edge_id': edge_id,
'name': name})
if (router_db and
router_db['status'] == constants.PENDING_CREATE):
router_db['status'] = constants.ACTIVE
nsxv_db.update_nsxv_router_binding(
context.session, router_id,
status=constants.ACTIVE)
if (not dist and
self._vcm and availability_zone and
availability_zone.edge_ha and
availability_zone.edge_host_groups):
with locking.LockManager.get_lock('nsx-vc-drs-update'):
update_edge_host_groups(self.plugin.nsx_v.vcns, edge_id,
self._vcm, availability_zone,
validate=True)
else:
LOG.error("Failed to deploy Edge for router %s", name)
if router_db:
router_db['status'] = constants.ERROR
nsxv_db.update_nsxv_router_binding(
context.session, router_id,
status=constants.ERROR)
if not dist and edge_id:
nsxv_db.clean_edge_vnic_binding(
context.session, edge_id)
def complete_edge_update(
self, context, edge_id, router_id, successful, set_errors):
if successful:
LOG.debug("Successfully updated %(edge_id)s for router "
"%(router_id)s",
{'edge_id': edge_id,
'router_id': router_id})
else:
LOG.error("Failed to update %(edge_id)s for router "
"%(router_id)s",
{'edge_id': edge_id,
'router_id': router_id})
admin_ctx = q_context.get_admin_context()
if nsxv_db.get_nsxv_router_binding(admin_ctx.session, router_id):
nsxv_db.update_nsxv_router_binding(
admin_ctx.session, router_id,
status=constants.ERROR)
if set_errors and context:
# Set the router status to ERROR
try:
with db_api.CONTEXT_WRITER.using(context):
router_db = self.plugin._get_router(context, router_id)
router_db['status'] = constants.ERROR
except l3_exc.RouterNotFound:
# Router might have been deleted before deploy finished
LOG.warning("Router %s not found", router_id)
def interface_update_result(self, task):
LOG.debug("interface_update_result %d", task.status)