9c189e303b
subnet['dns_nameservers'] is a list of strings, not dictionaries. Change-Id: I929f5ab4d1eb3d538b9e50d08d13554575eab99b
2677 lines
121 KiB
Python
2677 lines
121 KiB
Python
# Copyright 2014 VMware, Inc.
|
|
# All Rights Reserved
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from distutils import version
|
|
import os
|
|
import random
|
|
import time
|
|
|
|
import eventlet
|
|
import netaddr
|
|
from neutron_lib.api.definitions import extra_dhcp_opt as ext_edo
|
|
from neutron_lib.api import validators
|
|
from neutron_lib import constants
|
|
from neutron_lib import context as q_context
|
|
from neutron_lib.db import api as db_api
|
|
from neutron_lib import exceptions as n_exc
|
|
from neutron_lib.exceptions import l3 as l3_exc
|
|
from oslo_config import cfg
|
|
from oslo_log import helpers as log_helpers
|
|
from oslo_log import log as logging
|
|
from oslo_serialization import jsonutils
|
|
from oslo_utils import excutils
|
|
from oslo_utils import timeutils
|
|
from oslo_utils import uuidutils
|
|
from sqlalchemy import exc as db_base_exc
|
|
from sqlalchemy.orm import exc as sa_exc
|
|
|
|
from vmware_nsx._i18n import _
|
|
from vmware_nsx.common import config as conf
|
|
from vmware_nsx.common import exceptions as nsx_exc
|
|
from vmware_nsx.common import locking
|
|
from vmware_nsx.common import nsxv_constants
|
|
from vmware_nsx.common import utils as c_utils
|
|
from vmware_nsx.db import db as nsx_db
|
|
from vmware_nsx.db import nsxv_db
|
|
from vmware_nsx.dvs import dvs
|
|
from vmware_nsx.plugins.nsx_v import availability_zones as nsx_az
|
|
from vmware_nsx.plugins.nsx_v.vshield.common import (
|
|
constants as vcns_const)
|
|
from vmware_nsx.plugins.nsx_v.vshield.common import exceptions as nsxapi_exc
|
|
from vmware_nsx.plugins.nsx_v.vshield import vcns
|
|
|
|
WORKER_POOL_SIZE = 8
|
|
RP_FILTER_PROPERTY_OFF_TEMPLATE = 'sysctl.net.ipv4.conf.%s.rp_filter=%s'
|
|
MAX_EDGE_PENDING_SEC = 600
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
_uuid = uuidutils.generate_uuid
|
|
|
|
|
|
SUPPORTED_EDGE_LOG_MODULES = ('routing', 'highavailability',
|
|
'dhcp', 'loadbalancer', 'dns')
|
|
|
|
SUPPORTED_EDGE_LOG_LEVELS = ('none', 'debug', 'info', 'warning', 'error')
|
|
|
|
|
|
def parse_service_edge_size():
|
|
edge_size_dict = {}
|
|
if cfg.CONF.nsxv.default_edge_size:
|
|
for purpose_def in cfg.CONF.nsxv.default_edge_size:
|
|
(p, s) = purpose_def.split(':')
|
|
edge_size_dict[p] = s
|
|
return edge_size_dict
|
|
|
|
|
|
def get_service_edge_size(size_dict, purpose):
|
|
return size_dict.get(purpose, vcns_const.SERVICE_SIZE_MAPPING[purpose])
|
|
|
|
|
|
def _get_vdr_transit_network_ipobj():
|
|
transit_net = cfg.CONF.nsxv.vdr_transit_network
|
|
return netaddr.IPNetwork(transit_net)
|
|
|
|
|
|
def get_vdr_transit_network_netmask():
|
|
ip = _get_vdr_transit_network_ipobj()
|
|
return str(ip.netmask)
|
|
|
|
|
|
def get_vdr_transit_network_tlr_address():
|
|
ip = _get_vdr_transit_network_ipobj()
|
|
return str(ip[1])
|
|
|
|
|
|
def get_vdr_transit_network_plr_address():
|
|
ip = _get_vdr_transit_network_ipobj()
|
|
# We need to ensure backwards compatibility. The original edge address
|
|
# was "169.254.2.3"
|
|
if conf.DEFAULT_VDR_TRANSIT_NETWORK == cfg.CONF.nsxv.vdr_transit_network:
|
|
return conf.DEFAULT_PLR_ADDRESS
|
|
return str(ip[2])
|
|
|
|
|
|
def validate_vdr_transit_network():
|
|
try:
|
|
ip = _get_vdr_transit_network_ipobj()
|
|
except Exception:
|
|
raise n_exc.Invalid(_("Invalid VDR transit network"))
|
|
if len(ip) < 4:
|
|
raise n_exc.Invalid(_("VDR transit address range too small"))
|
|
|
|
if is_overlapping_reserved_subnets(cfg.CONF.nsxv.vdr_transit_network,
|
|
nsxv_constants.RESERVED_IPS):
|
|
raise n_exc.Invalid(_("VDR transit network overlaps reserved subnet"))
|
|
|
|
|
|
def is_overlapping_reserved_subnets(cidr, reserved_subnets):
|
|
"""Return True if the subnet overlaps with reserved subnets.
|
|
|
|
For the V plugin we have a limitation that we should not use
|
|
some reserved ranges like: 169.254.128.0/17 and 169.254.1.0/24
|
|
"""
|
|
range = netaddr.IPNetwork(cidr)
|
|
|
|
# Check each reserved subnet for intersection
|
|
for reserved_subnet in reserved_subnets:
|
|
# translate the reserved subnet to a range object
|
|
reserved_range = netaddr.IPNetwork(reserved_subnet)
|
|
# check if new subnet overlaps this reserved subnet
|
|
if (range.first <= reserved_range.last and
|
|
reserved_range.first <= range.last):
|
|
return True
|
|
|
|
return False
|
|
|
|
|
|
def parse_backup_edge_pool_opt_per_az(az):
|
|
"""Parse edge pool opts per AZ and returns result."""
|
|
edge_pool_opts = az.backup_edge_pool
|
|
res = []
|
|
for edge_pool_def in edge_pool_opts:
|
|
split = edge_pool_def.split(':')
|
|
try:
|
|
(edge_type, edge_size, minimum_pooled_edges,
|
|
maximum_pooled_edges) = split[:4]
|
|
except ValueError:
|
|
raise n_exc.Invalid(_("Invalid edge pool format for availability"
|
|
" zone %s") % az.name)
|
|
if edge_type not in vcns_const.ALLOWED_EDGE_TYPES:
|
|
msg = (_("edge type '%(edge_type)s' is not allowed, "
|
|
"allowed types: %(allowed)s for availability zone "
|
|
"%(name)s") %
|
|
{'edge_type': edge_type,
|
|
'allowed': vcns_const.ALLOWED_EDGE_TYPES,
|
|
'name': az.name})
|
|
LOG.error(msg)
|
|
raise n_exc.Invalid(msg)
|
|
edge_size = edge_size or nsxv_constants.COMPACT
|
|
if edge_size not in vcns_const.ALLOWED_EDGE_SIZES:
|
|
msg = (_("edge size '%(edge_size)s' is not allowed, "
|
|
"allowed types: %(allowed)s for availability zone "
|
|
"%(name)s") %
|
|
{'edge_type': edge_size,
|
|
'allowed': vcns_const.ALLOWED_EDGE_SIZES,
|
|
'name': az.name})
|
|
LOG.error(msg)
|
|
raise n_exc.Invalid(msg)
|
|
res.append({'edge_type': edge_type,
|
|
'edge_size': edge_size,
|
|
'minimum_pooled_edges': int(minimum_pooled_edges),
|
|
'maximum_pooled_edges': int(maximum_pooled_edges)})
|
|
|
|
edge_pool_dicts = {}
|
|
for edge_type in vcns_const.ALLOWED_EDGE_TYPES:
|
|
edge_pool_dicts[edge_type] = {}
|
|
for r in res:
|
|
edge_pool_dict = edge_pool_dicts[r['edge_type']]
|
|
if r['edge_size'] in edge_pool_dict.keys():
|
|
raise n_exc.Invalid(_("Duplicate edge pool configuration for "
|
|
"availability zone %s") % az.name)
|
|
edge_pool_dict[r['edge_size']] = {
|
|
'minimum_pooled_edges': r['minimum_pooled_edges'],
|
|
'maximum_pooled_edges': r['maximum_pooled_edges']}
|
|
return edge_pool_dicts
|
|
|
|
|
|
class EdgeManager(object):
|
|
"""Edge Appliance Management.
|
|
EdgeManager provides a pool of edge appliances which we can use
|
|
to support DHCP&metadata, L3&FIP and LB&FW&VPN services.
|
|
"""
|
|
|
|
def __init__(self, nsxv_manager, plugin):
|
|
LOG.debug("Start Edge Manager initialization")
|
|
self._worker_pool_pid = None
|
|
self._worker_pool = None
|
|
self.nsxv_manager = nsxv_manager
|
|
self._availability_zones = nsx_az.NsxVAvailabilityZones()
|
|
self.edge_pool_dicts = self._parse_backup_edge_pool_opt()
|
|
self.nsxv_plugin = nsxv_manager.callbacks.plugin
|
|
self.plugin = plugin
|
|
self.per_interface_rp_filter = self._get_per_edge_rp_filter_state()
|
|
self._check_backup_edge_pools()
|
|
self._service_edge_size_dict = parse_service_edge_size()
|
|
|
|
def get_service_edge_size(self, purpose):
|
|
return get_service_edge_size(self._service_edge_size_dict, purpose)
|
|
|
|
def _parse_backup_edge_pool_opt(self):
|
|
"""Parse edge pool opts for all availability zones."""
|
|
az_list = self._availability_zones.list_availability_zones_objects()
|
|
az_pools = {}
|
|
for az in az_list:
|
|
az_pools[az.name] = parse_backup_edge_pool_opt_per_az(az)
|
|
return az_pools
|
|
|
|
def _get_az_pool(self, az_name):
|
|
return self.edge_pool_dicts[az_name]
|
|
|
|
def _get_worker_pool(self):
|
|
if self._worker_pool_pid != os.getpid():
|
|
self._worker_pool_pid = os.getpid()
|
|
self._worker_pool = eventlet.GreenPool(WORKER_POOL_SIZE)
|
|
return self._worker_pool
|
|
|
|
def _get_per_edge_rp_filter_state(self):
|
|
ver = self.nsxv_manager.vcns.get_version()
|
|
if version.LooseVersion(ver) < version.LooseVersion('6.2.0'):
|
|
return False
|
|
return True
|
|
|
|
def _mark_router_bindings_status_error(self, context, edge_id,
|
|
error_reason="backend error"):
|
|
for binding in nsxv_db.get_nsxv_router_bindings_by_edge(
|
|
context.session, edge_id):
|
|
if binding['status'] == constants.ERROR:
|
|
continue
|
|
LOG.error('Mark router binding ERROR for resource '
|
|
'%(res_id)s on edge %(edge_id)s due to '
|
|
'%(reason)s',
|
|
{'res_id': binding['router_id'],
|
|
'edge_id': edge_id,
|
|
'reason': error_reason})
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, binding['router_id'],
|
|
status=constants.ERROR)
|
|
|
|
def _deploy_edge(self, context, lrouter,
|
|
lswitch=None, appliance_size=nsxv_constants.COMPACT,
|
|
edge_type=nsxv_constants.SERVICE_EDGE,
|
|
availability_zone=None, deploy_metadata=False):
|
|
"""Create an edge for logical router support."""
|
|
if context is None:
|
|
context = q_context.get_admin_context()
|
|
# deploy edge
|
|
return self.nsxv_manager.deploy_edge(context, lrouter['id'],
|
|
lrouter['name'], internal_network=None,
|
|
appliance_size=appliance_size,
|
|
dist=(edge_type == nsxv_constants.VDR_EDGE),
|
|
availability_zone=availability_zone,
|
|
deploy_metadata=deploy_metadata)
|
|
|
|
def _deploy_backup_edges_on_db(self, context, num,
|
|
appliance_size=nsxv_constants.COMPACT,
|
|
edge_type=nsxv_constants.SERVICE_EDGE,
|
|
availability_zone=None):
|
|
router_ids = [(vcns_const.BACKUP_ROUTER_PREFIX +
|
|
_uuid())[:vcns_const.EDGE_NAME_LEN]
|
|
for i in range(num)]
|
|
|
|
for router_id in router_ids:
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session, router_id, None, None,
|
|
constants.PENDING_CREATE,
|
|
appliance_size=appliance_size, edge_type=edge_type,
|
|
availability_zone=availability_zone.name)
|
|
return router_ids
|
|
|
|
def _deploy_backup_edges_at_backend(
|
|
self, context, router_ids,
|
|
appliance_size=nsxv_constants.COMPACT,
|
|
edge_type=nsxv_constants.SERVICE_EDGE,
|
|
availability_zone=None):
|
|
eventlet.spawn_n(self._pool_creator, router_ids, appliance_size,
|
|
edge_type, availability_zone)
|
|
|
|
def _pool_creator(self, router_ids, appliance_size, edge_type,
|
|
availability_zone):
|
|
for router_id in router_ids:
|
|
fake_router = {
|
|
'id': router_id,
|
|
'name': router_id}
|
|
self._get_worker_pool().spawn_n(
|
|
self._deploy_edge, None, fake_router,
|
|
appliance_size=appliance_size, edge_type=edge_type,
|
|
availability_zone=availability_zone)
|
|
|
|
def _delete_edge(self, context, router_binding):
|
|
if router_binding['status'] == constants.ERROR:
|
|
LOG.warning("Start deleting %(router_id)s corresponding "
|
|
"edge: %(edge_id)s due to status error",
|
|
{'router_id': router_binding['router_id'],
|
|
'edge_id': router_binding['edge_id']})
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_binding['router_id'],
|
|
status=constants.PENDING_DELETE)
|
|
self._get_worker_pool().spawn_n(
|
|
self.nsxv_manager.delete_edge, None,
|
|
router_binding['router_id'], router_binding['edge_id'],
|
|
dist=(router_binding['edge_type'] == nsxv_constants.VDR_EDGE))
|
|
|
|
def _delete_backup_edges_on_db(self, context, backup_router_bindings):
|
|
for binding in backup_router_bindings:
|
|
try:
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, binding['router_id'],
|
|
status=constants.PENDING_DELETE)
|
|
except sa_exc.NoResultFound:
|
|
LOG.debug("Router binding %s does not exist.",
|
|
binding['router_id'])
|
|
|
|
def _delete_backup_edges_at_backend(self, context, backup_router_bindings):
|
|
for binding in backup_router_bindings:
|
|
# delete edge
|
|
LOG.debug("Start deleting extra edge: %s in pool",
|
|
binding['edge_id'])
|
|
self._get_worker_pool().spawn_n(
|
|
self.nsxv_manager.delete_edge, None,
|
|
binding['router_id'], binding['edge_id'],
|
|
dist=(binding['edge_type'] == nsxv_constants.VDR_EDGE))
|
|
|
|
def _clean_all_error_edge_bindings(self, context, availability_zone):
|
|
# Find all backup edges in error state &
|
|
# backup edges which are in pending-XXX state for too long
|
|
filters = {'status': [constants.PENDING_CREATE,
|
|
constants.PENDING_UPDATE,
|
|
constants.PENDING_DELETE],
|
|
'availability_zone': [availability_zone.name]}
|
|
if cfg.CONF.nsxv.housekeeping_readonly:
|
|
filters['status'].append(constants.ERROR)
|
|
like_filters = {'router_id': vcns_const.BACKUP_ROUTER_PREFIX + "%"}
|
|
router_bindings = nsxv_db.get_nsxv_router_bindings(
|
|
context.session, filters=filters, like_filters=like_filters)
|
|
# filter only the entries in error state or too long in pending state
|
|
error_router_bindings = []
|
|
for binding in router_bindings:
|
|
to_delete = False
|
|
if binding.status == constants.ERROR:
|
|
to_delete = True
|
|
elif binding.status == constants.PENDING_CREATE:
|
|
# Bindings migrated from older versions have no created_at
|
|
# attribute which should also be deleted.
|
|
if (not binding.created_at or timeutils.is_older_than(
|
|
binding.created_at, MAX_EDGE_PENDING_SEC)):
|
|
to_delete = True
|
|
elif (binding.status == constants.PENDING_UPDATE or
|
|
binding.status == constants.PENDING_DELETE):
|
|
# Bindings migrated from older versions have no updated_at
|
|
# attribute. We will not delete those for now, as it is risky
|
|
# and fails lots of tests.
|
|
if (binding.updated_at and timeutils.is_older_than(
|
|
binding.updated_at, MAX_EDGE_PENDING_SEC)):
|
|
to_delete = True
|
|
if to_delete:
|
|
LOG.warning("Going to delete Erroneous edge: %s", binding)
|
|
error_router_bindings.append(binding)
|
|
|
|
self._delete_backup_edges_on_db(context,
|
|
error_router_bindings)
|
|
self._delete_backup_edges_at_backend(context,
|
|
error_router_bindings)
|
|
|
|
def _get_backup_edge_bindings(self, context,
|
|
appliance_size=nsxv_constants.COMPACT,
|
|
edge_type=nsxv_constants.SERVICE_EDGE,
|
|
db_update_lock=False,
|
|
availability_zone=None):
|
|
filters = {'appliance_size': [appliance_size],
|
|
'edge_type': [edge_type],
|
|
'availability_zone': [availability_zone.name],
|
|
'status': [constants.PENDING_CREATE,
|
|
constants.PENDING_UPDATE,
|
|
constants.ACTIVE]}
|
|
like_filters = {'router_id': vcns_const.BACKUP_ROUTER_PREFIX + "%"}
|
|
return nsxv_db.get_nsxv_router_bindings(
|
|
context.session, filters=filters, like_filters=like_filters)
|
|
|
|
def _check_backup_edge_pools(self):
|
|
admin_ctx = q_context.get_admin_context()
|
|
for az in self._availability_zones.list_availability_zones_objects():
|
|
self._clean_all_error_edge_bindings(admin_ctx, az)
|
|
for edge_type, v in self._get_az_pool(az.name).items():
|
|
for edge_size in vcns_const.ALLOWED_EDGE_SIZES:
|
|
if edge_size in v.keys():
|
|
edge_pool_range = v[edge_size]
|
|
self._check_backup_edge_pool(
|
|
edge_pool_range['minimum_pooled_edges'],
|
|
edge_pool_range['maximum_pooled_edges'],
|
|
appliance_size=edge_size, edge_type=edge_type,
|
|
availability_zone=az)
|
|
else:
|
|
self._check_backup_edge_pool(
|
|
0, 0,
|
|
appliance_size=edge_size, edge_type=edge_type,
|
|
availability_zone=az)
|
|
|
|
def _check_backup_edge_pool(self,
|
|
minimum_pooled_edges,
|
|
maximum_pooled_edges,
|
|
appliance_size=nsxv_constants.COMPACT,
|
|
edge_type=nsxv_constants.SERVICE_EDGE,
|
|
availability_zone=None):
|
|
"""Check edge pool's status and return one available edge for use."""
|
|
admin_ctx = q_context.get_admin_context()
|
|
backup_router_bindings = self._get_backup_edge_bindings(
|
|
admin_ctx, appliance_size=appliance_size, edge_type=edge_type,
|
|
db_update_lock=True, availability_zone=availability_zone)
|
|
backup_num = len(backup_router_bindings)
|
|
if backup_num > maximum_pooled_edges:
|
|
self._delete_backup_edges_on_db(
|
|
admin_ctx,
|
|
backup_router_bindings[:backup_num - maximum_pooled_edges])
|
|
elif backup_num < minimum_pooled_edges:
|
|
new_backup_num = backup_num
|
|
router_ids = []
|
|
while (new_backup_num < minimum_pooled_edges):
|
|
router_ids.extend(
|
|
self._deploy_backup_edges_on_db(
|
|
admin_ctx, 1, appliance_size=appliance_size,
|
|
edge_type=edge_type,
|
|
availability_zone=availability_zone))
|
|
new_backup_num = len(
|
|
self._get_backup_edge_bindings(
|
|
admin_ctx, appliance_size=appliance_size,
|
|
edge_type=edge_type, db_update_lock=True,
|
|
availability_zone=availability_zone))
|
|
if backup_num > maximum_pooled_edges:
|
|
self._delete_backup_edges_at_backend(
|
|
admin_ctx,
|
|
backup_router_bindings[:backup_num - maximum_pooled_edges])
|
|
elif backup_num < minimum_pooled_edges:
|
|
self._deploy_backup_edges_at_backend(
|
|
admin_ctx,
|
|
router_ids,
|
|
appliance_size=appliance_size,
|
|
edge_type=edge_type,
|
|
availability_zone=availability_zone)
|
|
|
|
def check_edge_active_at_backend(self, edge_id):
|
|
try:
|
|
status = self.nsxv_manager.get_edge_status(edge_id)
|
|
return (status == vcns_const.RouterStatus.ROUTER_STATUS_ACTIVE)
|
|
except Exception:
|
|
return False
|
|
|
|
def _get_available_router_binding(self, context,
|
|
appliance_size=nsxv_constants.COMPACT,
|
|
edge_type=nsxv_constants.SERVICE_EDGE,
|
|
availability_zone=None):
|
|
backup_router_bindings = self._get_backup_edge_bindings(
|
|
context, appliance_size=appliance_size, edge_type=edge_type,
|
|
availability_zone=availability_zone)
|
|
while backup_router_bindings:
|
|
router_binding = random.choice(backup_router_bindings)
|
|
if (router_binding['status'] == constants.ACTIVE):
|
|
if not self.check_edge_active_at_backend(
|
|
router_binding['edge_id']):
|
|
LOG.debug("Delete unavailable backup resource "
|
|
"%(router_id)s with edge_id %(edge_id)s",
|
|
{'router_id': router_binding['router_id'],
|
|
'edge_id': router_binding['edge_id']})
|
|
self._delete_edge(context, router_binding)
|
|
else:
|
|
LOG.debug("Get an available backup resource "
|
|
"%(router_id)s with edge_id %(edge_id)s",
|
|
{'router_id': router_binding['router_id'],
|
|
'edge_id': router_binding['edge_id']})
|
|
return router_binding
|
|
backup_router_bindings.remove(router_binding)
|
|
|
|
def _get_physical_provider_network(self, context, network_id, az_dvs):
|
|
bindings = nsxv_db.get_network_bindings(context.session, network_id)
|
|
# Set the return value as the availability zone DVS-ID of the
|
|
# mgmt/edge cluster
|
|
phys_net = az_dvs
|
|
network_type = None
|
|
if bindings:
|
|
binding = bindings[0]
|
|
network_type = binding['binding_type']
|
|
if (network_type == c_utils.NsxVNetworkTypes.VLAN and
|
|
binding['phy_uuid'] != ''):
|
|
if ',' not in binding['phy_uuid']:
|
|
phys_net = binding['phy_uuid']
|
|
# Return user input physical network value for all network types
|
|
# except VXLAN networks. The DVS-ID of the mgmt/edge cluster must
|
|
# be returned for VXLAN network types.
|
|
# We also validate that this binding starts with 'dvs'. If a admin
|
|
# creates a provider portgroup then we need to use the default
|
|
# configured DVS.
|
|
elif (not network_type == c_utils.NsxVNetworkTypes.VXLAN and
|
|
binding['phy_uuid'] != '' and
|
|
binding['phy_uuid'].startswith('dvs')):
|
|
phys_net = binding['phy_uuid']
|
|
return phys_net, network_type
|
|
|
|
def _create_sub_interface(self, context, network_id, network_name,
|
|
tunnel_index, address_groups,
|
|
port_group_id=None):
|
|
az = self.plugin.get_network_az_by_net_id(context, network_id)
|
|
vcns_network_id = _retrieve_nsx_switch_id(context, network_id,
|
|
az.name)
|
|
if port_group_id is None:
|
|
portgroup = {'vlanId': 0,
|
|
'networkName': network_name,
|
|
'networkBindingType': 'Static',
|
|
'networkType': 'Isolation'}
|
|
config_spec = {'networkSpec': portgroup}
|
|
dvs_id, network_type = self._get_physical_provider_network(
|
|
context, network_id, az.dvs_id)
|
|
pg, port_group_id = self.nsxv_manager.vcns.create_port_group(
|
|
dvs_id, config_spec)
|
|
# Ensure that the portgroup has the correct teaming
|
|
self.plugin._update_network_teaming(dvs_id, None, port_group_id)
|
|
interface = {
|
|
'name': _uuid(),
|
|
'tunnelId': tunnel_index,
|
|
'logicalSwitchId': vcns_network_id,
|
|
'isConnected': True
|
|
}
|
|
interface['addressGroups'] = {'addressGroups': address_groups}
|
|
return port_group_id, interface
|
|
|
|
def _getvnic_config(self, edge_id, vnic_index):
|
|
_, vnic_config = self.nsxv_manager.get_interface(edge_id,
|
|
vnic_index)
|
|
return vnic_config
|
|
|
|
def _delete_dhcp_internal_interface(self, context, edge_id, vnic_index,
|
|
tunnel_index, network_id):
|
|
"""Delete the dhcp internal interface."""
|
|
|
|
LOG.debug("Query the vnic %s for DHCP Edge %s", vnic_index, edge_id)
|
|
try:
|
|
vnic_config = self._getvnic_config(edge_id, vnic_index)
|
|
sub_interfaces = (vnic_config['subInterfaces']['subInterfaces'] if
|
|
'subInterfaces' in vnic_config else [])
|
|
port_group_id = (vnic_config['portgroupId'] if 'portgroupId' in
|
|
vnic_config else None)
|
|
for sub_interface in sub_interfaces:
|
|
if tunnel_index == sub_interface['tunnelId']:
|
|
LOG.debug("Delete the tunnel %d on vnic %d",
|
|
tunnel_index, vnic_index)
|
|
(vnic_config['subInterfaces']['subInterfaces'].
|
|
remove(sub_interface))
|
|
break
|
|
|
|
# Clean the vnic if there is no sub-interface attached
|
|
if len(sub_interfaces) == 0:
|
|
header, _ = self.nsxv_manager.vcns.delete_interface(edge_id,
|
|
vnic_index)
|
|
if port_group_id:
|
|
az = self.plugin.get_network_az_by_net_id(
|
|
context, network_id)
|
|
dvs_id, net_type = self._get_physical_provider_network(
|
|
context, network_id, az.dvs_id)
|
|
self.nsxv_manager.delete_port_group(dvs_id,
|
|
port_group_id)
|
|
else:
|
|
self.nsxv_manager.vcns.update_interface(edge_id, vnic_config)
|
|
except nsxapi_exc.VcnsApiException:
|
|
LOG.exception('Failed to delete vnic %(vnic_index)d '
|
|
'tunnel %(tunnel_index)d on edge %(edge_id)s '
|
|
'for network %(net_id)s',
|
|
{'vnic_index': vnic_index,
|
|
'tunnel_index': tunnel_index,
|
|
'net_id': network_id,
|
|
'edge_id': edge_id})
|
|
self._mark_router_bindings_status_error(
|
|
context, edge_id,
|
|
error_reason="delete dhcp internal interface failure")
|
|
|
|
self._delete_dhcp_router_binding(context, network_id, edge_id)
|
|
|
|
def _delete_dhcp_router_binding(self, context, network_id, edge_id):
|
|
"""Delete the router binding or clean the edge appliance."""
|
|
|
|
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
bindings = nsxv_db.get_nsxv_router_bindings_by_edge(
|
|
context.session, edge_id)
|
|
all_edge_dhcp_entries = [binding['router_id'] for
|
|
binding in bindings if binding['router_id'].
|
|
startswith(vcns_const.DHCP_EDGE_PREFIX)]
|
|
for router_id in all_edge_dhcp_entries:
|
|
if (router_id != resource_id):
|
|
# There are additional networks on this DHCP edge.
|
|
# just delete the binding one and not the edge itself
|
|
nsxv_db.delete_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
return
|
|
az_name = bindings[0]['availability_zone'] if bindings else ''
|
|
self._free_dhcp_edge_appliance(context, network_id, az_name)
|
|
|
|
def _addr_groups_convert_to_ipset(self, address_groups):
|
|
cidr_list = []
|
|
for addr_group in address_groups:
|
|
cidr = "/".join([addr_group['primaryAddress'],
|
|
addr_group['subnetPrefixLength']])
|
|
cidr_list.append(cidr)
|
|
return netaddr.IPSet(cidr_list)
|
|
|
|
def _update_dhcp_internal_interface(self, context, edge_id, vnic_index,
|
|
tunnel_index, network_id,
|
|
address_groups):
|
|
"""Update the dhcp internal interface:
|
|
1. Add a new vnic tunnel with the address groups
|
|
2. Update the address groups to an existing tunnel
|
|
"""
|
|
LOG.debug("Query the vnic %s for DHCP Edge %s", vnic_index, edge_id)
|
|
h, vnic_config = self.nsxv_manager.get_interface(edge_id, vnic_index)
|
|
sub_iface_dict = vnic_config.get('subInterfaces')
|
|
port_group_id = vnic_config.get('portgroupId')
|
|
new_tunnel_creation = True
|
|
iface_list = []
|
|
|
|
# Update the sub interface address groups for specific tunnel
|
|
if sub_iface_dict:
|
|
sub_interfaces = sub_iface_dict.get('subInterfaces')
|
|
addr_groups_ipset = self._addr_groups_convert_to_ipset(
|
|
address_groups)
|
|
for sb in sub_interfaces:
|
|
if tunnel_index == sb['tunnelId']:
|
|
new_tunnel_creation = False
|
|
sb['addressGroups']['addressGroups'] = address_groups
|
|
else:
|
|
sb_ipset = self._addr_groups_convert_to_ipset(
|
|
sb['addressGroups']['addressGroups'])
|
|
if addr_groups_ipset & sb_ipset:
|
|
ls_id = sb['logicalSwitchId']
|
|
net_ids = nsx_db.get_net_ids(context.session, ls_id)
|
|
if net_ids:
|
|
# Here should never happen, else one bug occurs
|
|
LOG.error("net %(id)s on edge %(edge_id)s "
|
|
"overlaps with new net %(net_id)s",
|
|
{'id': net_ids[0],
|
|
'edge_id': edge_id,
|
|
'net_id': network_id})
|
|
raise nsx_exc.NsxPluginException(
|
|
err_msg=(_("update dhcp interface for net %s "
|
|
"failed") % network_id))
|
|
# Occurs when there are DB inconsistency
|
|
sb["is_overlapped"] = True
|
|
LOG.error("unexpected sub intf %(id)s on edge "
|
|
"%(edge_id)s overlaps with new net "
|
|
"%(net_id)s. we would update with "
|
|
"deleting it for DB consistency",
|
|
{'id': ls_id,
|
|
'edge_id': edge_id,
|
|
'net_id': network_id})
|
|
iface_list = [sub for sub in sub_interfaces
|
|
if not sub.get('is_overlapped', False)]
|
|
|
|
# The first DHCP service creation, not update
|
|
if new_tunnel_creation:
|
|
network_name_item = [edge_id, str(vnic_index), str(tunnel_index)]
|
|
network_name = ('-'.join(network_name_item) + _uuid())[:36]
|
|
port_group_id, iface = self._create_sub_interface(
|
|
context, network_id, network_name, tunnel_index,
|
|
address_groups, port_group_id)
|
|
|
|
iface_list.append(iface)
|
|
|
|
LOG.debug("Update the vnic %d for DHCP Edge %s", vnic_index, edge_id)
|
|
self.nsxv_manager.update_interface('fake_router_id', edge_id,
|
|
vnic_index, port_group_id,
|
|
tunnel_index,
|
|
address_groups=iface_list)
|
|
|
|
@vcns.retry_upon_exception(db_base_exc.OperationalError, max_delay=10)
|
|
def _allocate_edge_appliance(self, context, resource_id, name,
|
|
appliance_size=nsxv_constants.COMPACT,
|
|
dist=False,
|
|
availability_zone=None,
|
|
deploy_metadata=False):
|
|
"""Try to allocate one available edge from pool."""
|
|
edge_type = (nsxv_constants.VDR_EDGE if dist else
|
|
nsxv_constants.SERVICE_EDGE)
|
|
lrouter = {'id': resource_id,
|
|
'name': name}
|
|
az_pool = self._get_az_pool(availability_zone.name)
|
|
edge_pool_range = az_pool[edge_type].get(appliance_size)
|
|
if edge_pool_range is None:
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session, resource_id, None, None,
|
|
constants.PENDING_CREATE,
|
|
appliance_size=appliance_size,
|
|
edge_type=edge_type,
|
|
availability_zone=availability_zone.name)
|
|
return self._deploy_edge(context, lrouter,
|
|
appliance_size=appliance_size,
|
|
edge_type=edge_type,
|
|
availability_zone=availability_zone,
|
|
deploy_metadata=deploy_metadata)
|
|
|
|
with locking.LockManager.get_lock('nsx-edge-backup-pool'):
|
|
self._clean_all_error_edge_bindings(
|
|
context, availability_zone=availability_zone)
|
|
available_router_binding = self._get_available_router_binding(
|
|
context, appliance_size=appliance_size, edge_type=edge_type,
|
|
availability_zone=availability_zone)
|
|
if available_router_binding:
|
|
# Update the status from ACTIVE to PENDING_UPDATE
|
|
# in case of other threads select the same router binding
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, available_router_binding['router_id'],
|
|
status=constants.PENDING_UPDATE)
|
|
# Synchronously deploy an edge if no available edge in pool.
|
|
if not available_router_binding:
|
|
# store router-edge mapping binding
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session, resource_id, None, None,
|
|
constants.PENDING_CREATE,
|
|
appliance_size=appliance_size,
|
|
edge_type=edge_type,
|
|
availability_zone=availability_zone.name)
|
|
edge_id = self._deploy_edge(context, lrouter,
|
|
appliance_size=appliance_size,
|
|
edge_type=edge_type,
|
|
availability_zone=availability_zone,
|
|
deploy_metadata=deploy_metadata)
|
|
else:
|
|
LOG.debug("Select edge: %(edge_id)s from pool for %(name)s",
|
|
{'edge_id': available_router_binding['edge_id'],
|
|
'name': name})
|
|
# select the first available edge in pool.
|
|
nsxv_db.delete_nsxv_router_binding(
|
|
context.session, available_router_binding['router_id'])
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session,
|
|
lrouter['id'],
|
|
available_router_binding['edge_id'],
|
|
None,
|
|
constants.PENDING_CREATE,
|
|
appliance_size=appliance_size,
|
|
edge_type=edge_type,
|
|
availability_zone=availability_zone.name)
|
|
edge_id = available_router_binding['edge_id']
|
|
LOG.debug("Select edge: %(edge_id)s from pool for %(name)s",
|
|
{'edge_id': edge_id, 'name': name})
|
|
with locking.LockManager.get_lock(str(edge_id)):
|
|
self.nsxv_manager.callbacks.complete_edge_creation(
|
|
context, edge_id, lrouter['name'], lrouter['id'], dist,
|
|
True, availability_zone=availability_zone,
|
|
deploy_metadata=deploy_metadata)
|
|
try:
|
|
self.nsxv_manager.rename_edge(edge_id, name)
|
|
except nsxapi_exc.VcnsApiException as e:
|
|
LOG.error("Failed to update edge: %s",
|
|
e.response)
|
|
self.nsxv_manager.callbacks.complete_edge_update(
|
|
context, edge_id, resource_id, False, set_errors=True)
|
|
|
|
backup_num = len(self._get_backup_edge_bindings(
|
|
context, appliance_size=appliance_size, edge_type=edge_type,
|
|
db_update_lock=True, availability_zone=availability_zone))
|
|
router_ids = self._deploy_backup_edges_on_db(
|
|
context, edge_pool_range['minimum_pooled_edges'] - backup_num,
|
|
appliance_size=appliance_size, edge_type=edge_type,
|
|
availability_zone=availability_zone)
|
|
self._deploy_backup_edges_at_backend(
|
|
context, router_ids,
|
|
appliance_size=appliance_size, edge_type=edge_type,
|
|
availability_zone=availability_zone)
|
|
|
|
return edge_id
|
|
|
|
def _free_edge_appliance(self, context, router_id):
|
|
"""Try to collect one edge to pool."""
|
|
with locking.LockManager.get_lock('nsx-edge-backup-pool'):
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
router_id)
|
|
if not binding:
|
|
LOG.warning("router binding for router: %s "
|
|
"not found", router_id)
|
|
return
|
|
dist = (binding['edge_type'] == nsxv_constants.VDR_EDGE)
|
|
edge_id = binding['edge_id']
|
|
availability_zone_name = nsxv_db.get_edge_availability_zone(
|
|
context.session, edge_id)
|
|
az_pool = self._get_az_pool(availability_zone_name)
|
|
edge_pool_range = az_pool[binding['edge_type']].get(
|
|
binding['appliance_size'])
|
|
|
|
nsxv_db.delete_nsxv_router_binding(
|
|
context.session, router_id)
|
|
backup_router_id = (vcns_const.BACKUP_ROUTER_PREFIX +
|
|
_uuid())[:vcns_const.EDGE_NAME_LEN]
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session,
|
|
backup_router_id,
|
|
edge_id,
|
|
None,
|
|
constants.PENDING_UPDATE,
|
|
appliance_size=binding['appliance_size'],
|
|
edge_type=binding['edge_type'],
|
|
availability_zone=availability_zone_name)
|
|
|
|
router_id = backup_router_id
|
|
if (binding['status'] == constants.ERROR or
|
|
not self.check_edge_active_at_backend(edge_id) or
|
|
not edge_pool_range):
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id,
|
|
status=constants.PENDING_DELETE)
|
|
# delete edge
|
|
self._get_worker_pool().spawn_n(
|
|
self.nsxv_manager.delete_edge,
|
|
None,
|
|
router_id, edge_id, dist=dist)
|
|
return
|
|
|
|
availability_zone = self._availability_zones.get_availability_zone(
|
|
availability_zone_name)
|
|
self._clean_all_error_edge_bindings(
|
|
context, availability_zone=availability_zone)
|
|
backup_router_bindings = self._get_backup_edge_bindings(
|
|
context, appliance_size=binding['appliance_size'],
|
|
edge_type=binding['edge_type'],
|
|
availability_zone=availability_zone)
|
|
backup_num = len(backup_router_bindings)
|
|
# collect the edge to pool if pool not full
|
|
if backup_num < edge_pool_range['maximum_pooled_edges']:
|
|
# change edge's name at backend
|
|
update_result = self.nsxv_manager.update_edge(
|
|
context, backup_router_id, edge_id, backup_router_id, None,
|
|
appliance_size=binding['appliance_size'], dist=dist,
|
|
availability_zone=availability_zone)
|
|
|
|
# Clean all edge vnic bindings
|
|
nsxv_db.clean_edge_vnic_binding(context.session, edge_id)
|
|
# Refresh edge_vnic_bindings for centralized router
|
|
if not dist and edge_id:
|
|
nsxv_db.init_edge_vnic_binding(context.session, edge_id)
|
|
|
|
if update_result:
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, backup_router_id,
|
|
status=constants.ACTIVE)
|
|
LOG.debug("Collect edge: %s to pool", edge_id)
|
|
else:
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id,
|
|
status=constants.PENDING_DELETE)
|
|
# delete edge
|
|
self._get_worker_pool().spawn_n(
|
|
self.nsxv_manager.delete_edge,
|
|
None,
|
|
router_id, edge_id, dist=dist)
|
|
|
|
def _allocate_dhcp_edge_appliance(self, context, resource_id,
|
|
availability_zone):
|
|
resource_name = (vcns_const.DHCP_EDGE_PREFIX +
|
|
_uuid())[:vcns_const.EDGE_NAME_LEN]
|
|
self._allocate_edge_appliance(
|
|
context, resource_id, resource_name,
|
|
appliance_size=self.get_service_edge_size('dhcp'),
|
|
availability_zone=availability_zone,
|
|
deploy_metadata=True)
|
|
|
|
def allocate_lb_edge_appliance(
|
|
self, context, resource_id, availability_zone,
|
|
appliance_size=None):
|
|
|
|
if not appliance_size:
|
|
appliance_size = self.get_service_edge_size('lb')
|
|
return self._allocate_edge_appliance(
|
|
context, resource_id, resource_id,
|
|
appliance_size=appliance_size,
|
|
availability_zone=availability_zone)
|
|
|
|
def _free_dhcp_edge_appliance(self, context, network_id, az_name):
|
|
router_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
|
|
# if there are still metadata ports on this edge - delete them now
|
|
if self.plugin.metadata_proxy_handler:
|
|
metadata_proxy_handler = self.plugin.get_metadata_proxy_handler(
|
|
az_name)
|
|
if metadata_proxy_handler:
|
|
metadata_proxy_handler.cleanup_router_edge(context, router_id,
|
|
warn=True)
|
|
|
|
self._free_edge_appliance(context, router_id)
|
|
|
|
def _build_lrouter_name(self, router_id, router_name):
|
|
return (
|
|
router_name[:nsxv_constants.ROUTER_NAME_LENGTH - len(router_id)] +
|
|
'-' + router_id)
|
|
|
|
def update_syslog_by_flavor(self, context, router_id, flavor_id, edge_id):
|
|
"""Update syslog config on edge according to router flavor."""
|
|
syslog_config = self._get_syslog_config_from_flavor(context,
|
|
router_id,
|
|
flavor_id)
|
|
if syslog_config:
|
|
self.nsxv_manager.update_edge_syslog(edge_id, syslog_config,
|
|
router_id)
|
|
|
|
def create_lrouter(
|
|
self, context, lrouter, lswitch=None, dist=False,
|
|
appliance_size=None,
|
|
availability_zone=None):
|
|
"""Create an edge for logical router support."""
|
|
if not appliance_size:
|
|
appliance_size = self.get_service_edge_size('router')
|
|
router_name = self._build_lrouter_name(lrouter['id'], lrouter['name'])
|
|
|
|
edge_id = self._allocate_edge_appliance(
|
|
context, lrouter['id'], router_name,
|
|
appliance_size=appliance_size,
|
|
dist=dist, availability_zone=availability_zone)
|
|
|
|
if lrouter.get('flavor_id'):
|
|
self.update_syslog_by_flavor(context,
|
|
lrouter['id'], lrouter['flavor_id'], edge_id)
|
|
|
|
return edge_id
|
|
|
|
def delete_lrouter(self, context, router_id, dist=False):
|
|
self._free_edge_appliance(context, router_id)
|
|
|
|
def rename_lrouter(self, context, router_id, new_name):
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
if not binding or not binding['edge_id']:
|
|
LOG.warning("router binding for router: %s "
|
|
"not found", router_id)
|
|
return
|
|
edge_id = binding['edge_id']
|
|
with locking.LockManager.get_lock(str(edge_id)):
|
|
router_name = self._build_lrouter_name(router_id, new_name)
|
|
self.nsxv_manager.rename_edge(edge_id, router_name)
|
|
|
|
def resize_lrouter(self, context, router_id, new_size):
|
|
# get the router edge-id
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
if not binding or not binding['edge_id']:
|
|
LOG.warning("router binding for router: %s "
|
|
"not found", router_id)
|
|
return
|
|
edge_id = binding['edge_id']
|
|
with locking.LockManager.get_lock(str(edge_id)):
|
|
# update the router on backend
|
|
self.nsxv_manager.resize_edge(edge_id, new_size)
|
|
# update the DB
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id, appliance_size=new_size)
|
|
|
|
def update_dhcp_edge_bindings(self, context, network_id):
|
|
"""Reconfigure the DHCP to the edge."""
|
|
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
edge_binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
if not edge_binding:
|
|
return
|
|
with locking.LockManager.get_lock(str(edge_binding['edge_id'])):
|
|
self.update_dhcp_service_config(context, edge_binding['edge_id'])
|
|
|
|
def _add_dhcp_option(self, static_config, opt):
|
|
if 'dhcpOptions' not in static_config:
|
|
static_config['dhcpOptions'] = {}
|
|
opt_name = opt['opt_name']
|
|
opt_val = opt['opt_value']
|
|
if opt_name in vcns_const.SUPPORTED_DHCP_OPTIONS:
|
|
key = vcns_const.SUPPORTED_DHCP_OPTIONS[opt_name]
|
|
if opt_name == 'classless-static-route':
|
|
if 'option121' not in static_config['dhcpOptions']:
|
|
static_config['dhcpOptions']['option121'] = {
|
|
'staticRoutes': []}
|
|
opt121 = static_config['dhcpOptions']['option121']
|
|
net, ip = opt_val.split(',')
|
|
opt121['staticRoutes'].append({'destinationSubnet': net,
|
|
'router': ip})
|
|
elif (opt_name == 'tftp-server-address' or
|
|
opt_name == 'tftp-server'):
|
|
if 'option150' not in static_config['dhcpOptions']:
|
|
static_config['dhcpOptions']['option150'] = {
|
|
'tftpServers': []}
|
|
opt150 = static_config['dhcpOptions']['option150']
|
|
opt150['tftpServers'].append(opt_val)
|
|
else:
|
|
static_config['dhcpOptions'][key] = opt_val
|
|
else:
|
|
if 'other' not in static_config['dhcpOptions']:
|
|
static_config['dhcpOptions']['others'] = []
|
|
static_config['dhcpOptions']['others'].append(
|
|
{'code': opt_name, 'value': opt_val})
|
|
|
|
def create_static_binding(self, context, port):
|
|
"""Create the DHCP Edge static binding configuration
|
|
|
|
<staticBinding>
|
|
<macAddress></macAddress>
|
|
<ipAddress></ipAddress>
|
|
<hostname></hostname> <!--disallow duplicate-->
|
|
<defaultGateway></defaultGateway> <!--optional.-->
|
|
<primaryNameServer></primaryNameServer> <!--optional-->
|
|
<secondaryNameServer></secondaryNameServer> <!--optional-->
|
|
<domainName></domainName> <!--optional-->
|
|
</staticBinding>
|
|
"""
|
|
static_bindings = []
|
|
static_config = {}
|
|
static_config['macAddress'] = port['mac_address']
|
|
static_config['hostname'] = port['id']
|
|
static_config['leaseTime'] = cfg.CONF.nsxv.dhcp_lease_time
|
|
|
|
for fixed_ip in port['fixed_ips']:
|
|
# Query the subnet to get gateway and DNS
|
|
try:
|
|
subnet_id = fixed_ip['subnet_id']
|
|
subnet_obj = self.nsxv_plugin._get_subnet_object(
|
|
context, subnet_id)
|
|
subnet = self.nsxv_plugin._make_subnet_dict(
|
|
subnet_obj, fields=None, context=context)
|
|
except n_exc.SubnetNotFound:
|
|
LOG.debug("No related subnet for port %s", port['id'])
|
|
continue
|
|
# Only configure if subnet has DHCP support
|
|
if not subnet['enable_dhcp']:
|
|
continue
|
|
static_config['ipAddress'] = fixed_ip['ip_address']
|
|
# Set gateway for static binding
|
|
static_config['defaultGateway'] = subnet['gateway_ip']
|
|
# set primary and secondary dns
|
|
name_servers = subnet['dns_nameservers']
|
|
# if no nameservers have been configured then use the ones
|
|
# defined in the configuration
|
|
name_servers = name_servers or cfg.CONF.nsxv.nameservers
|
|
if len(name_servers) == 1:
|
|
static_config['primaryNameServer'] = name_servers[0]
|
|
elif len(name_servers) >= 2:
|
|
static_config['primaryNameServer'] = name_servers[0]
|
|
static_config['secondaryNameServer'] = name_servers[1]
|
|
# Set search domain for static binding
|
|
sub_binding = nsxv_db.get_nsxv_subnet_ext_attributes(
|
|
context.session,
|
|
subnet_id)
|
|
dns_search_domain = None
|
|
if sub_binding and sub_binding.dns_search_domain:
|
|
dns_search_domain = sub_binding.dns_search_domain
|
|
elif cfg.CONF.nsxv.dns_search_domain:
|
|
dns_search_domain = cfg.CONF.nsxv.dns_search_domain
|
|
if dns_search_domain:
|
|
static_config['domainName'] = dns_search_domain
|
|
if sub_binding and sub_binding.dhcp_mtu:
|
|
static_config = self.add_mtu_on_static_binding(
|
|
static_config, sub_binding.dhcp_mtu)
|
|
|
|
self.handle_meta_static_route(
|
|
context, subnet_id, [static_config])
|
|
for host_route in subnet['host_routes']:
|
|
self.add_host_route_on_static_bindings(
|
|
[static_config],
|
|
host_route['destination'],
|
|
host_route['nexthop'])
|
|
|
|
dhcp_opts = port.get(ext_edo.EXTRADHCPOPTS)
|
|
if dhcp_opts is not None:
|
|
for opt in dhcp_opts:
|
|
self._add_dhcp_option(static_config, opt)
|
|
|
|
static_bindings.append(static_config)
|
|
return static_bindings
|
|
|
|
def add_host_route_on_static_bindings(self, static_bindings,
|
|
dest_cidr, nexthop):
|
|
"""Add one host route on a bulk of static bindings config.
|
|
|
|
We can add host route on VM via dhcp option121. this func can only
|
|
works at NSXv version 6.2.3 or higher.
|
|
"""
|
|
for binding in static_bindings:
|
|
if 'dhcpOptions' not in iter(binding):
|
|
binding['dhcpOptions'] = {}
|
|
if 'option121' not in iter(binding['dhcpOptions']):
|
|
binding['dhcpOptions']['option121'] = {'staticRoutes': []}
|
|
binding_opt121 = binding['dhcpOptions']['option121']
|
|
if 'staticRoutes' not in iter(binding_opt121):
|
|
binding_opt121['staticRoutes'] = []
|
|
binding_opt121['staticRoutes'].append({
|
|
'destinationSubnet': dest_cidr,
|
|
'router': nexthop})
|
|
return static_bindings
|
|
|
|
def add_mtu_on_static_binding(self, static_binding, mtu):
|
|
"""Add the pre-configured MTU to a static binding config.
|
|
|
|
We can add the MTU via dhcp option26.
|
|
This func can only works at NSXv version 6.2.3 or higher.
|
|
"""
|
|
if 'dhcpOptions' not in iter(static_binding):
|
|
static_binding['dhcpOptions'] = {}
|
|
static_binding['dhcpOptions']['option26'] = mtu
|
|
return static_binding
|
|
|
|
def handle_meta_static_route(self, context, subnet_id, static_bindings):
|
|
is_dhcp_option121 = self.nsxv_plugin.is_dhcp_metadata(context,
|
|
subnet_id)
|
|
if is_dhcp_option121:
|
|
dhcp_ip = self.nsxv_plugin._get_dhcp_ip_addr_from_subnet(
|
|
context, subnet_id)
|
|
if dhcp_ip:
|
|
self.add_host_route_on_static_bindings(
|
|
static_bindings,
|
|
'169.254.169.254/32',
|
|
dhcp_ip)
|
|
else:
|
|
LOG.error("Failed to find the dhcp port on subnet "
|
|
"%s to do metadata host route insertion",
|
|
subnet_id)
|
|
|
|
def update_dhcp_service_config(self, context, edge_id):
|
|
"""Reconfigure the DHCP to the edge."""
|
|
# Get all networks attached to the edge
|
|
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
|
|
context.session, edge_id)
|
|
dhcp_networks = [edge_vnic_binding.network_id
|
|
for edge_vnic_binding in edge_vnic_bindings]
|
|
|
|
subnets = self.nsxv_plugin.get_subnets(
|
|
context.elevated(), filters={'network_id': dhcp_networks,
|
|
'enable_dhcp': [True]})
|
|
|
|
static_bindings = []
|
|
for subnet in subnets:
|
|
ports = self.nsxv_plugin.get_ports(
|
|
context.elevated(),
|
|
filters={'network_id': [subnet['network_id']],
|
|
'fixed_ips': {'subnet_id': [subnet['id']]}})
|
|
inst_ports = [port for port in ports
|
|
if port['device_owner'].startswith('compute')]
|
|
for port in inst_ports:
|
|
static_bindings.extend(
|
|
self.create_static_binding(
|
|
context.elevated(), port))
|
|
dhcp_request = {
|
|
'featureType': "dhcp_4.0",
|
|
'enabled': True,
|
|
'staticBindings': {'staticBindings': static_bindings}}
|
|
self.nsxv_manager.vcns.reconfigure_dhcp_service(
|
|
edge_id, dhcp_request)
|
|
bindings_get = get_dhcp_binding_mappings(self.nsxv_manager, edge_id)
|
|
# Refresh edge_dhcp_static_bindings attached to edge
|
|
nsxv_db.clean_edge_dhcp_static_bindings_by_edge(
|
|
context.session, edge_id)
|
|
for mac_address, binding_id in bindings_get.items():
|
|
nsxv_db.create_edge_dhcp_static_binding(context.session, edge_id,
|
|
mac_address, binding_id)
|
|
|
|
def _get_random_available_edge(self, available_edge_ids):
|
|
while available_edge_ids:
|
|
# Randomly select an edge ID from the pool.
|
|
new_id = random.choice(available_edge_ids)
|
|
# Validate whether the edge exists on the backend.
|
|
if not self.check_edge_active_at_backend(new_id):
|
|
# Remove edge_id from available edges pool.
|
|
available_edge_ids.remove(new_id)
|
|
LOG.warning("Skipping edge: %s due to inactive status on "
|
|
"the backend.", new_id)
|
|
else:
|
|
return new_id
|
|
|
|
def _get_available_edges(self, context, network_id, conflicting_nets,
|
|
availability_zone):
|
|
if conflicting_nets is None:
|
|
conflicting_nets = []
|
|
conflict_edge_ids = []
|
|
available_edge_ids = []
|
|
filters = {'availability_zone': [availability_zone.name]}
|
|
router_bindings = nsxv_db.get_nsxv_router_bindings(context.session,
|
|
filters=filters)
|
|
all_dhcp_edges = {binding['router_id']: binding['edge_id'] for
|
|
binding in router_bindings if (binding['router_id'].
|
|
startswith(vcns_const.DHCP_EDGE_PREFIX) and
|
|
binding['status'] == constants.ACTIVE)}
|
|
|
|
# Special case if there is more than one subnet per exclusive DHCP
|
|
# network
|
|
if availability_zone.exclusive_dhcp_edge:
|
|
router_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
edge_id = all_dhcp_edges.get(router_id)
|
|
if edge_id:
|
|
LOG.info("Reusing the same DHCP edge for network %s",
|
|
network_id)
|
|
available_edge_ids.append(edge_id)
|
|
return (conflict_edge_ids, available_edge_ids)
|
|
|
|
if all_dhcp_edges:
|
|
for dhcp_edge_id in set(all_dhcp_edges.values()):
|
|
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
|
|
context.session, dhcp_edge_id)
|
|
free_number = ((vcns_const.MAX_VNIC_NUM - 1) *
|
|
vcns_const.MAX_TUNNEL_NUM -
|
|
len(edge_vnic_bindings))
|
|
# metadata internal network will use one vnic or
|
|
# exclusive_dhcp_edge is set for the AZ
|
|
if (free_number <= (vcns_const.MAX_TUNNEL_NUM - 1) or
|
|
availability_zone.exclusive_dhcp_edge):
|
|
conflict_edge_ids.append(dhcp_edge_id)
|
|
|
|
for net_id in conflicting_nets:
|
|
router_id = (vcns_const.DHCP_EDGE_PREFIX + net_id)[:36]
|
|
edge_id = all_dhcp_edges.get(router_id)
|
|
if (edge_id and edge_id not in conflict_edge_ids):
|
|
conflict_edge_ids.append(edge_id)
|
|
|
|
for x in all_dhcp_edges.values():
|
|
if (x not in conflict_edge_ids and
|
|
x not in available_edge_ids):
|
|
available_edge_ids.append(x)
|
|
return (conflict_edge_ids, available_edge_ids)
|
|
|
|
def _get_used_edges(self, context, subnet, availability_zone):
|
|
"""Returns conflicting and available edges for the subnet."""
|
|
conflicting = self.plugin._get_conflicting_networks_for_subnet(
|
|
context, subnet)
|
|
return self._get_available_edges(context, subnet['network_id'],
|
|
conflicting, availability_zone)
|
|
|
|
def remove_network_from_dhcp_edge(self, context, network_id, edge_id):
|
|
# If DHCP edge was created initially for this network, metadata port
|
|
# Might use this network's DHCP router_id as device_id. Call the
|
|
# following to validate this
|
|
self.reconfigure_shared_edge_metadata_port(
|
|
context, (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36])
|
|
|
|
old_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_id, network_id)
|
|
if not old_binding:
|
|
LOG.error("Remove network %(id)s failed since no binding "
|
|
"found on edge %(edge_id)s",
|
|
{'id': network_id,
|
|
'edge_id': edge_id})
|
|
self._delete_dhcp_router_binding(context, network_id, edge_id)
|
|
return
|
|
old_vnic_index = old_binding['vnic_index']
|
|
old_tunnel_index = old_binding['tunnel_index']
|
|
# Cut off the port group/virtual wire connection
|
|
nsxv_db.free_edge_vnic_by_network(context.session,
|
|
edge_id,
|
|
network_id)
|
|
try:
|
|
# update dhcp service config on edge_id
|
|
self.update_dhcp_service_config(context, edge_id)
|
|
|
|
except nsxapi_exc.VcnsApiException:
|
|
LOG.exception('Failed to delete vnic %(vnic_index)d '
|
|
'tunnel %(tunnel_index)d on edge %(edge_id)s',
|
|
{'vnic_index': old_vnic_index,
|
|
'tunnel_index': old_tunnel_index,
|
|
'edge_id': edge_id})
|
|
self._mark_router_bindings_status_error(
|
|
context, edge_id,
|
|
error_reason="remove network from dhcp edge failure")
|
|
except Exception:
|
|
LOG.exception('Failed to delete vnic %(vnic_index)d '
|
|
'tunnel %(tunnel_index)d on edge %(edge_id)s',
|
|
{'vnic_index': old_vnic_index,
|
|
'tunnel_index': old_tunnel_index,
|
|
'edge_id': edge_id})
|
|
self._delete_dhcp_internal_interface(context, edge_id, old_vnic_index,
|
|
old_tunnel_index, network_id)
|
|
|
|
def reuse_existing_dhcp_edge(self, context, edge_id, resource_id,
|
|
network_id, availability_zone):
|
|
app_size = self.get_service_edge_size('dhcp')
|
|
# There may be edge cases when we are waiting for edges to deploy
|
|
# and the underlying db session may hit a timeout. So this creates
|
|
# a new session
|
|
context = q_context.get_admin_context()
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session, resource_id,
|
|
edge_id, None, constants.ACTIVE,
|
|
appliance_size=app_size,
|
|
availability_zone=availability_zone.name)
|
|
nsxv_db.allocate_edge_vnic_with_tunnel_index(
|
|
context.session, edge_id, network_id,
|
|
availability_zone.name)
|
|
|
|
def reconfigure_shared_edge_metadata_port(self, context, org_router_id):
|
|
if not self.plugin.metadata_proxy_handler:
|
|
return
|
|
|
|
org_binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
org_router_id)
|
|
if not org_binding:
|
|
return
|
|
|
|
az_name = org_binding['availability_zone']
|
|
int_net = nsxv_db.get_nsxv_internal_network(
|
|
context.session,
|
|
vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE,
|
|
az_name)
|
|
|
|
if not int_net:
|
|
return
|
|
# Query the ports of this internal network
|
|
internal_nets = [int_net['network_id']]
|
|
ports = self.nsxv_plugin.get_ports(
|
|
context, filters={'device_id': [org_router_id],
|
|
'network_id': internal_nets})
|
|
|
|
if not ports:
|
|
LOG.debug('No metadata ports found for %s', org_router_id)
|
|
return
|
|
if len(ports) > 1:
|
|
LOG.debug('Expecting one metadata port for %s. Found %d ports',
|
|
org_router_id, len(ports))
|
|
|
|
edge_id = org_binding['edge_id']
|
|
bindings = nsxv_db.get_nsxv_router_bindings(
|
|
context.session, filters={'edge_id': [edge_id]})
|
|
for binding in bindings:
|
|
if binding['router_id'] != org_router_id:
|
|
for port in ports:
|
|
self.plugin.update_port(
|
|
context, port['id'],
|
|
{'port': {'device_id': binding['router_id']}})
|
|
return
|
|
|
|
def allocate_new_dhcp_edge(self, context, network_id, resource_id,
|
|
availability_zone):
|
|
self._allocate_dhcp_edge_appliance(context, resource_id,
|
|
availability_zone)
|
|
new_edge = nsxv_db.get_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
nsxv_db.allocate_edge_vnic_with_tunnel_index(
|
|
context.session, new_edge['edge_id'], network_id,
|
|
availability_zone.name)
|
|
return new_edge['edge_id']
|
|
|
|
def create_dhcp_edge_service(self, context, network_id,
|
|
subnet):
|
|
"""
|
|
Create an edge if there is no available edge for dhcp service,
|
|
Update an edge if there is available edge for dhcp service
|
|
|
|
If new edge was allocated, return resource_id, else return None
|
|
"""
|
|
availability_zone = self.plugin.get_network_az_by_net_id(
|
|
context, network_id)
|
|
# Check if the network has one related dhcp edge
|
|
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
dhcp_edge_binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
allocate_new_edge = False
|
|
with locking.LockManager.get_lock('nsx-dhcp-edge-pool'):
|
|
(conflict_edge_ids,
|
|
available_edge_ids) = self._get_used_edges(context, subnet,
|
|
availability_zone)
|
|
LOG.debug("The available edges %s, the conflict edges %s ",
|
|
available_edge_ids, conflict_edge_ids)
|
|
|
|
edge_id = None
|
|
# Check if the network can stay on the existing DHCP edge
|
|
if dhcp_edge_binding:
|
|
edge_id = dhcp_edge_binding['edge_id']
|
|
LOG.debug("At present network %s is using edge %s",
|
|
network_id, edge_id)
|
|
with locking.LockManager.get_lock(str(edge_id)):
|
|
# Delete the existing vnic interface if there is
|
|
# an overlapping subnet or the binding is in ERROR status
|
|
if (edge_id in conflict_edge_ids or
|
|
dhcp_edge_binding['status'] == constants.ERROR):
|
|
LOG.debug("Removing network %s from dhcp edge %s",
|
|
network_id, edge_id)
|
|
self.remove_network_from_dhcp_edge(context,
|
|
network_id, edge_id)
|
|
edge_id = None
|
|
|
|
if not edge_id:
|
|
#Attach the network to a new Edge and update vnic:
|
|
#1. Find an available existing edge or create a new one
|
|
#2. For the existing one, cut off the old port group
|
|
# connection
|
|
#3. Create the new port group connection to an existing one
|
|
#4. Update the address groups to the vnic
|
|
if available_edge_ids:
|
|
new_id = self._get_random_available_edge(
|
|
available_edge_ids)
|
|
if new_id:
|
|
LOG.debug("Select edge %s to support dhcp for "
|
|
"network %s", new_id, network_id)
|
|
self.reuse_existing_dhcp_edge(
|
|
context, new_id, resource_id, network_id,
|
|
availability_zone)
|
|
else:
|
|
allocate_new_edge = True
|
|
else:
|
|
allocate_new_edge = True
|
|
|
|
if allocate_new_edge:
|
|
self.allocate_new_dhcp_edge(context, network_id, resource_id,
|
|
availability_zone)
|
|
|
|
# If a new Edge was allocated, return resource_id
|
|
return resource_id
|
|
|
|
def update_dhcp_edge_service(self, context, network_id,
|
|
address_groups=None):
|
|
"""Update the subnet to the dhcp edge vnic."""
|
|
if address_groups is None:
|
|
address_groups = []
|
|
|
|
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
edge_binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
if not edge_binding:
|
|
LOG.warning('Edge binding does not exist for network %s',
|
|
network_id)
|
|
return
|
|
dhcp_binding = nsxv_db.get_edge_vnic_binding(context.session,
|
|
edge_binding['edge_id'],
|
|
network_id)
|
|
if dhcp_binding:
|
|
edge_id = dhcp_binding['edge_id']
|
|
with locking.LockManager.get_lock(str(edge_id)):
|
|
vnic_index = dhcp_binding['vnic_index']
|
|
tunnel_index = dhcp_binding['tunnel_index']
|
|
LOG.debug('Update the dhcp service for %s on vnic %d tunnel '
|
|
'%d',
|
|
edge_id, vnic_index, tunnel_index)
|
|
try:
|
|
self._update_dhcp_internal_interface(
|
|
context, edge_id, vnic_index, tunnel_index, network_id,
|
|
address_groups)
|
|
ports = self.nsxv_plugin.get_ports(
|
|
context, filters={'network_id': [network_id]})
|
|
inst_ports = [port
|
|
for port in ports
|
|
if port['device_owner'].startswith(
|
|
"compute")]
|
|
if inst_ports:
|
|
# update dhcp service config for the new added network
|
|
self.update_dhcp_service_config(context, edge_id)
|
|
except nsxapi_exc.VcnsApiException:
|
|
with excutils.save_and_reraise_exception():
|
|
LOG.exception(
|
|
'Failed to update the dhcp service for '
|
|
'%(edge_id)s on vnic %(vnic_index)d '
|
|
'tunnel %(tunnel_index)d',
|
|
{'edge_id': edge_id,
|
|
'vnic_index': vnic_index,
|
|
'tunnel_index': tunnel_index})
|
|
self._mark_router_bindings_status_error(
|
|
context, edge_id,
|
|
error_reason="update dhcp edge service")
|
|
except Exception:
|
|
with excutils.save_and_reraise_exception():
|
|
LOG.exception(
|
|
'Failed to update the dhcp service for '
|
|
'%(edge_id)s on vnic %(vnic_index)d '
|
|
'tunnel %(tunnel_index)d',
|
|
{'edge_id': edge_id,
|
|
'vnic_index': vnic_index,
|
|
'tunnel_index': tunnel_index})
|
|
|
|
def delete_dhcp_edge_service(self, context, network_id):
|
|
"""Delete an edge for dhcp service."""
|
|
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
edge_binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
if edge_binding:
|
|
dhcp_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_binding['edge_id'], network_id)
|
|
if dhcp_binding:
|
|
edge_id = dhcp_binding['edge_id']
|
|
with locking.LockManager.get_lock(str(edge_id)):
|
|
vnic_index = dhcp_binding['vnic_index']
|
|
tunnel_index = dhcp_binding['tunnel_index']
|
|
|
|
LOG.debug("Delete the tunnel %d on vnic %d from DHCP Edge "
|
|
"%s", tunnel_index, vnic_index, edge_id)
|
|
nsxv_db.free_edge_vnic_by_network(context.session,
|
|
edge_id,
|
|
network_id)
|
|
try:
|
|
self._delete_dhcp_internal_interface(context, edge_id,
|
|
vnic_index,
|
|
tunnel_index,
|
|
network_id)
|
|
except Exception:
|
|
with excutils.save_and_reraise_exception():
|
|
LOG.exception('Failed to delete the tunnel '
|
|
'%(tunnel_index)d on vnic '
|
|
'%(vnic_index)d'
|
|
'from DHCP Edge %(edge_id)s',
|
|
{'tunnel_index': tunnel_index,
|
|
'vnic_index': vnic_index,
|
|
'edge_id': edge_id})
|
|
|
|
def _update_address_in_dict(self, address_groups, old_ip, new_ip,
|
|
subnet_mask):
|
|
"""Update the address_groups data structure to replace the old ip
|
|
with a new one.
|
|
If the old ip is None - if the ip matches an existing subnet:
|
|
add it as a secondary ip.
|
|
else - add a new address group for the new ip
|
|
If the new ip is none - delete the primary/secondary entry with the
|
|
old ip.
|
|
If the old ip was not found - return False
|
|
Otherwise - return True
|
|
"""
|
|
if old_ip is None:
|
|
# Adding a new IP
|
|
# look for an address group with a primary ip in the same subnet
|
|
# as the new ip
|
|
for address_group in address_groups['addressGroups']:
|
|
if (netaddr.IPAddress(new_ip) in
|
|
netaddr.IPNetwork(address_group['primaryAddress'] + '/' +
|
|
address_group['subnetPrefixLength'])):
|
|
# we should add the new ip as a secondary address in this
|
|
# address group
|
|
if (address_group.get('secondaryAddresses') is not None):
|
|
secondary = address_group['secondaryAddresses']
|
|
secondary['ipAddress'].append(new_ip)
|
|
else:
|
|
address_group['secondaryAddresses'] = {
|
|
'type': 'secondary_addresses',
|
|
'ipAddress': [new_ip]}
|
|
return True
|
|
# Could not find the same subnet - add a new address group
|
|
address_group = {
|
|
'primaryAddress': new_ip,
|
|
'subnetMask': subnet_mask
|
|
}
|
|
address_groups['addressGroups'].append(address_group)
|
|
return True
|
|
for ind, address_group in enumerate(
|
|
address_groups['addressGroups']):
|
|
if address_group['primaryAddress'] == old_ip:
|
|
# this is the one we should update
|
|
if new_ip:
|
|
address_group['primaryAddress'] = new_ip
|
|
else:
|
|
# delete this entry
|
|
address_groups['addressGroups'].pop(ind)
|
|
return True
|
|
# try to find a match in the secondary ips
|
|
if (address_group.get('secondaryAddresses') is not None):
|
|
secondary = address_group['secondaryAddresses']
|
|
secondary_ips = secondary['ipAddress']
|
|
if old_ip in secondary_ips:
|
|
# We should update the secondary addresses
|
|
if new_ip:
|
|
# replace the old with the new
|
|
secondary_ips.remove(old_ip)
|
|
secondary_ips.append(new_ip)
|
|
else:
|
|
# delete this entry
|
|
if len(secondary_ips) == 1:
|
|
# delete the whole structure
|
|
del address_group['secondaryAddresses']
|
|
else:
|
|
secondary_ips.remove(old_ip)
|
|
return True
|
|
|
|
# The old ip was not found
|
|
return False
|
|
|
|
def update_interface_addr(self, context, edge_id, old_ip, new_ip,
|
|
subnet_mask, is_uplink=False):
|
|
with locking.LockManager.get_lock(edge_id):
|
|
# get the current interfaces configuration
|
|
r = self.nsxv_manager.vcns.get_interfaces(edge_id)[1]
|
|
vnics = r.get('vnics', [])
|
|
# Go over the vnics to find the one we should update
|
|
for vnic in vnics:
|
|
if ((is_uplink and vnic['type'] == 'uplink') or
|
|
not is_uplink and vnic['type'] != 'uplink'):
|
|
if self._update_address_in_dict(
|
|
vnic['addressGroups'], old_ip, new_ip, subnet_mask):
|
|
self.nsxv_manager.vcns.update_interface(edge_id, vnic)
|
|
return
|
|
|
|
# If we got here - we didn't find the old ip:
|
|
error = (_("Failed to update interface ip "
|
|
"on edge %(eid)s: Cannot find the previous ip %(ip)s") %
|
|
{'eid': edge_id, 'ip': old_ip})
|
|
raise nsx_exc.NsxPluginException(err_msg=error)
|
|
|
|
def update_vdr_interface_addr(self, context, edge_id, vnic_index,
|
|
old_ip, new_ip, subnet_mask):
|
|
with locking.LockManager.get_lock(edge_id):
|
|
# get the current interfaces configuration
|
|
vnic = self.nsxv_manager.vcns.get_vdr_internal_interface(
|
|
edge_id, vnic_index)[1]
|
|
if self._update_address_in_dict(
|
|
vnic['addressGroups'], old_ip, new_ip, subnet_mask):
|
|
interface_req = {'interface': vnic}
|
|
self.nsxv_manager.vcns.update_vdr_internal_interface(
|
|
edge_id, vnic_index, interface_req)
|
|
return
|
|
|
|
# If we got here - we didn't find the old ip:
|
|
error = (_("Failed to update VDR interface ip "
|
|
"on edge %(eid)s: Cannot find the previous ip %(ip)s") %
|
|
{'eid': edge_id, 'ip': old_ip})
|
|
raise nsx_exc.NsxPluginException(err_msg=error)
|
|
|
|
def get_plr_by_tlr_id(self, context, router_id):
|
|
lswitch_id = None
|
|
binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id)
|
|
if binding:
|
|
lswitch_id = binding.lswitch_id
|
|
if lswitch_id:
|
|
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_int_lswitch(
|
|
context.session, lswitch_id)
|
|
if edge_vnic_bindings:
|
|
for edge_vnic_binding in edge_vnic_bindings:
|
|
plr_router_id = nsxv_db.get_nsxv_router_bindings_by_edge(
|
|
context.session,
|
|
edge_vnic_binding.edge_id)[0].router_id
|
|
if plr_router_id != router_id:
|
|
return plr_router_id
|
|
|
|
def create_plr_with_tlr_id(self, context, router_id, router_name,
|
|
availability_zone):
|
|
# Add an internal network preparing for connecting the VDR
|
|
# to a PLR
|
|
tlr_edge_id = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id).edge_id
|
|
# First create an internal lswitch
|
|
lswitch_name = ('int-' + router_name + router_id)[:36]
|
|
virtual_wire = {"name": lswitch_name,
|
|
"tenantId": "virtual wire tenant"}
|
|
config_spec = {"virtualWireCreateSpec": virtual_wire}
|
|
vdn_scope_id = availability_zone.vdn_scope_id
|
|
h, lswitch_id = self.nsxv_manager.vcns.create_virtual_wire(
|
|
vdn_scope_id, config_spec)
|
|
|
|
# add vdr's external interface to the lswitch
|
|
tlr_vnic_index = self.nsxv_manager.add_vdr_internal_interface(
|
|
tlr_edge_id, lswitch_id,
|
|
address=get_vdr_transit_network_tlr_address(),
|
|
netmask=get_vdr_transit_network_netmask(),
|
|
type="uplink")
|
|
nsxv_db.create_edge_vnic_binding(
|
|
context.session, tlr_edge_id, tlr_vnic_index, lswitch_id)
|
|
# store the lswitch_id into nsxv_router_binding
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id,
|
|
lswitch_id=lswitch_id)
|
|
|
|
# Handle plr relative op
|
|
plr_router = {'name': router_name,
|
|
'id': (vcns_const.PLR_EDGE_PREFIX + _uuid())[:36]}
|
|
self.create_lrouter(
|
|
context, plr_router,
|
|
availability_zone=availability_zone,
|
|
appliance_size=cfg.CONF.nsxv.exclusive_router_appliance_size)
|
|
binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, plr_router['id'])
|
|
plr_edge_id = binding['edge_id']
|
|
plr_vnic_index = nsxv_db.allocate_edge_vnic(
|
|
context.session, plr_edge_id, lswitch_id).vnic_index
|
|
#TODO(berlin): the internal ip should change based on vnic_index
|
|
self.nsxv_manager.update_interface(
|
|
plr_router['id'], plr_edge_id, plr_vnic_index, lswitch_id,
|
|
address=get_vdr_transit_network_plr_address(),
|
|
netmask=get_vdr_transit_network_netmask())
|
|
return plr_router['id']
|
|
|
|
def delete_plr_by_tlr_id(self, context, plr_id, router_id):
|
|
# Delete plr's internal interface which connects to internal switch
|
|
tlr_binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id)
|
|
lswitch_id = tlr_binding.lswitch_id
|
|
tlr_edge_id = tlr_binding.edge_id
|
|
router_binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, plr_id)
|
|
|
|
if router_binding is None:
|
|
LOG.error("Router binding not found for router: %s",
|
|
router_id)
|
|
else:
|
|
plr_edge_id = router_binding.edge_id
|
|
vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, plr_edge_id, lswitch_id)
|
|
if vnic_binding is None:
|
|
LOG.error("Vnic binding not found for router: %s",
|
|
router_id)
|
|
else:
|
|
# Clear static routes before delete internal vnic
|
|
self.nsxv_manager.update_routes(plr_edge_id, None, [])
|
|
|
|
# Delete internal vnic
|
|
self.nsxv_manager.delete_interface(plr_id, plr_edge_id,
|
|
vnic_binding.vnic_index)
|
|
nsxv_db.free_edge_vnic_by_network(
|
|
context.session, plr_edge_id, lswitch_id)
|
|
|
|
# Delete the PLR
|
|
self.delete_lrouter(context, plr_id)
|
|
|
|
# Clear static routes of vdr
|
|
self.nsxv_manager.update_routes(tlr_edge_id, None, [])
|
|
|
|
#First delete the vdr's external interface
|
|
tlr_vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, tlr_edge_id, lswitch_id)
|
|
if tlr_vnic_binding is None:
|
|
LOG.error("Vnic binding not found for router: %s", router_id)
|
|
else:
|
|
self.nsxv_manager.delete_vdr_internal_interface(
|
|
tlr_edge_id, tlr_vnic_binding.vnic_index)
|
|
nsxv_db.delete_edge_vnic_binding_by_network(
|
|
context.session, tlr_edge_id, lswitch_id)
|
|
|
|
try:
|
|
# Then delete the internal lswitch
|
|
self.nsxv_manager.delete_virtual_wire(lswitch_id)
|
|
except Exception:
|
|
LOG.warning("Failed to delete virtual wire: %s", lswitch_id)
|
|
|
|
def get_routers_on_edge(self, context, edge_id):
|
|
router_ids = []
|
|
valid_router_ids = []
|
|
if edge_id:
|
|
router_ids = [
|
|
binding['router_id']
|
|
for binding in nsxv_db.get_nsxv_router_bindings_by_edge(
|
|
context.session, edge_id)]
|
|
if router_ids:
|
|
valid_router_ids = self.plugin.get_routers(
|
|
context.elevated(),
|
|
filters={'id': router_ids},
|
|
fields=['id'])
|
|
valid_router_ids = [ele['id'] for ele in valid_router_ids]
|
|
|
|
if set(valid_router_ids) != set(router_ids):
|
|
LOG.error("Get invalid router bindings with "
|
|
"router ids: %s",
|
|
str(set(router_ids) - set(valid_router_ids)))
|
|
return valid_router_ids
|
|
|
|
def get_routers_on_same_edge(self, context, router_id):
|
|
edge_binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id)
|
|
if edge_binding:
|
|
return self.get_routers_on_edge(context, edge_binding['edge_id'])
|
|
return []
|
|
|
|
def bind_router_on_available_edge(
|
|
self, context, target_router_id,
|
|
optional_router_ids, conflict_router_ids,
|
|
conflict_network_ids, network_number, availability_zone):
|
|
"""Bind logical shared router on an available edge.
|
|
Return True if the logical router is bound to a new edge.
|
|
"""
|
|
with locking.LockManager.get_lock('nsx-edge-router'):
|
|
optional_edge_ids = []
|
|
conflict_edge_ids = []
|
|
for router_id in optional_router_ids:
|
|
binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id)
|
|
if (binding and binding.status == constants.ACTIVE and
|
|
binding.availability_zone == availability_zone.name and
|
|
binding.edge_id not in optional_edge_ids):
|
|
optional_edge_ids.append(binding.edge_id)
|
|
|
|
for router_id in conflict_router_ids:
|
|
binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id)
|
|
if binding and binding.edge_id not in conflict_edge_ids:
|
|
conflict_edge_ids.append(binding.edge_id)
|
|
optional_edge_ids = list(
|
|
set(optional_edge_ids) - set(conflict_edge_ids))
|
|
|
|
max_net_number = 0
|
|
available_edge_id = None
|
|
for edge_id in optional_edge_ids:
|
|
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
|
|
context.session, edge_id)
|
|
# one vnic is used to provide external access.
|
|
net_number = (
|
|
vcns_const.MAX_VNIC_NUM - len(edge_vnic_bindings) - 1)
|
|
if (net_number > max_net_number and
|
|
net_number >= network_number):
|
|
net_ids = [vnic_binding.network_id
|
|
for vnic_binding in edge_vnic_bindings]
|
|
if not (set(conflict_network_ids) & set(net_ids)):
|
|
max_net_number = net_number
|
|
available_edge_id = edge_id
|
|
else:
|
|
# TODO(yangyu): Remove conflict_network_ids
|
|
LOG.warning(
|
|
"Failed to query conflict_router_ids")
|
|
if available_edge_id:
|
|
edge_binding = nsxv_db.get_nsxv_router_bindings_by_edge(
|
|
context.session, available_edge_id)[0]
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session, target_router_id,
|
|
edge_binding.edge_id, None,
|
|
edge_binding.status,
|
|
edge_binding.appliance_size,
|
|
edge_binding.edge_type,
|
|
availability_zone=availability_zone.name)
|
|
else:
|
|
router_name = ('shared' + '-' + _uuid())[
|
|
:vcns_const.EDGE_NAME_LEN]
|
|
self._allocate_edge_appliance(
|
|
context, target_router_id, router_name,
|
|
appliance_size=cfg.CONF.nsxv.shared_router_appliance_size,
|
|
availability_zone=availability_zone)
|
|
return True
|
|
|
|
def unbind_router_on_edge(self, context, router_id):
|
|
"""Unbind a logical router from edge.
|
|
Return True if no logical router bound to the edge.
|
|
"""
|
|
with locking.LockManager.get_lock('nsx-edge-router'):
|
|
# free edge if no other routers bound to the edge
|
|
router_ids = self.get_routers_on_same_edge(context, router_id)
|
|
if router_ids == [router_id]:
|
|
self._free_edge_appliance(context, router_id)
|
|
return True
|
|
nsxv_db.delete_nsxv_router_binding(context.session, router_id)
|
|
|
|
def is_router_conflict_on_edge(self, context, router_id,
|
|
conflict_router_ids,
|
|
conflict_network_ids,
|
|
intf_num=0):
|
|
with locking.LockManager.get_lock('nsx-edge-router'):
|
|
router_ids = self.get_routers_on_same_edge(context, router_id)
|
|
if set(router_ids) & set(conflict_router_ids):
|
|
return True
|
|
router_binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
router_id)
|
|
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
|
|
context.session, router_binding.edge_id)
|
|
if (vcns_const.MAX_VNIC_NUM - len(edge_vnic_bindings
|
|
) - 1 < intf_num):
|
|
LOG.debug("There isn't available edge vnic for the router: %s",
|
|
router_id)
|
|
return True
|
|
for binding in edge_vnic_bindings:
|
|
if binding.network_id in conflict_network_ids:
|
|
return True
|
|
return False
|
|
|
|
def delete_dhcp_binding(self, context, port_id, network_id, mac_address):
|
|
edge_id = get_dhcp_edge_id(context, network_id)
|
|
if edge_id:
|
|
dhcp_binding = nsxv_db.get_edge_dhcp_static_binding(
|
|
context.session, edge_id, mac_address)
|
|
if dhcp_binding:
|
|
with locking.LockManager.get_lock(str(edge_id)):
|
|
# We need to read the binding from the NSX to check that
|
|
# we are not deleting a updated entry. This may be the
|
|
# result of a async nova create and nova delete and the
|
|
# same port IP is selected
|
|
binding = get_dhcp_binding_for_binding_id(
|
|
self.nsxv_manager, edge_id, dhcp_binding.binding_id)
|
|
# The hostname is the port_id so we have a unique
|
|
# identifier
|
|
if binding and binding['hostname'] == port_id:
|
|
self.nsxv_manager.vcns.delete_dhcp_binding(
|
|
edge_id, dhcp_binding.binding_id)
|
|
else:
|
|
LOG.warning("Failed to find binding on edge "
|
|
"%(edge_id)s for port "
|
|
"%(port_id)s with %(binding_id)s",
|
|
{'edge_id': edge_id,
|
|
'port_id': port_id,
|
|
'binding_id': dhcp_binding.binding_id})
|
|
nsxv_db.delete_edge_dhcp_static_binding(
|
|
context.session, edge_id, mac_address)
|
|
else:
|
|
LOG.warning("Failed to find dhcp binding on edge "
|
|
"%(edge_id)s to DELETE for port "
|
|
"%(port_id)s",
|
|
{'edge_id': edge_id,
|
|
'port_id': port_id})
|
|
else:
|
|
# This happens during network/subnet deletion
|
|
LOG.info("Didn't delete dhcp binding for port %(port_id)s: "
|
|
"No edge id", {'port_id': port_id})
|
|
|
|
@vcns.retry_upon_exception(nsxapi_exc.VcnsApiException, max_delay=10)
|
|
def _create_dhcp_binding(self, context, edge_id, binding):
|
|
try:
|
|
h, c = self.nsxv_manager.vcns.create_dhcp_binding(
|
|
edge_id, binding)
|
|
binding_id = h['location'].split('/')[-1]
|
|
nsxv_db.create_edge_dhcp_static_binding(
|
|
context.session, edge_id,
|
|
binding['macAddress'], binding_id)
|
|
except nsxapi_exc.VcnsApiException as e:
|
|
with excutils.save_and_reraise_exception():
|
|
binding_id = None
|
|
if e.response:
|
|
desc = jsonutils.loads(e.response)
|
|
if desc.get('errorCode') == (
|
|
vcns_const.NSX_ERROR_DHCP_DUPLICATE_MAC):
|
|
bindings = get_dhcp_binding_mappings(self.nsxv_manager,
|
|
edge_id)
|
|
binding_id = bindings.get(
|
|
binding['macAddress'].lower())
|
|
LOG.debug("Duplicate MAC for %s with binding %s",
|
|
binding['macAddress'], binding_id)
|
|
elif desc.get('errorCode') == (
|
|
vcns_const.NSX_ERROR_DHCP_OVERLAPPING_IP):
|
|
bindings = get_dhcp_binding_mappings_for_ips(
|
|
self.nsxv_manager, edge_id)
|
|
binding_id = bindings.get(binding['ipAddress'])
|
|
LOG.debug("Overlapping IP %s with binding %s",
|
|
binding['ipAddress'], binding_id)
|
|
elif desc.get('errorCode') == (
|
|
vcns_const.NSX_ERROR_DHCP_DUPLICATE_HOSTNAME):
|
|
bindings = get_dhcp_binding_mappings_for_hostname(
|
|
self.nsxv_manager, edge_id)
|
|
binding_id = bindings.get(binding['hostname'])
|
|
LOG.debug("Overlapping hostname %s with binding %s",
|
|
binding['hostname'], binding_id)
|
|
if binding_id:
|
|
self.nsxv_manager.vcns.delete_dhcp_binding(
|
|
edge_id, binding_id)
|
|
nsxv_db.delete_edge_dhcp_static_binding_id(
|
|
context.session, edge_id, binding_id)
|
|
return binding_id
|
|
|
|
def create_dhcp_bindings(self, context, port_id, network_id, bindings):
|
|
edge_id = get_dhcp_edge_id(context, network_id)
|
|
if edge_id:
|
|
# Check port is still there
|
|
try:
|
|
# Reload port db info
|
|
context.session.expire_all()
|
|
self.plugin.get_port(context, port_id)
|
|
except n_exc.PortNotFound:
|
|
LOG.warning(
|
|
"port %(port_id)s is deleted, so we would pass "
|
|
"creating dhcp binding on edge %(edge_id)s",
|
|
{'port_id': port_id,
|
|
'edge_id': edge_id})
|
|
return
|
|
|
|
configured_bindings = []
|
|
try:
|
|
for binding in bindings:
|
|
with locking.LockManager.get_lock(str(edge_id)):
|
|
binding_id = self._create_dhcp_binding(
|
|
context, edge_id, binding)
|
|
configured_bindings.append((binding_id,
|
|
binding['macAddress']))
|
|
except nsxapi_exc.VcnsApiException:
|
|
with excutils.save_and_reraise_exception():
|
|
for binding_id, mac_address in configured_bindings:
|
|
with locking.LockManager.get_lock(str(edge_id)):
|
|
self.nsxv_manager.vcns.delete_dhcp_binding(
|
|
edge_id, binding_id)
|
|
nsxv_db.delete_edge_dhcp_static_binding(
|
|
context.session, edge_id, mac_address)
|
|
else:
|
|
LOG.warning("Failed to create dhcp bindings since dhcp edge "
|
|
"for net %s not found at the backend",
|
|
network_id)
|
|
|
|
def _get_syslog_config_from_flavor(self, context, router_id, flavor_id):
|
|
if not validators.is_attr_set(flavor_id):
|
|
return
|
|
|
|
metainfo = self.plugin.get_flavor_metainfo(context, flavor_id)
|
|
return metainfo.get('syslog')
|
|
|
|
def update_external_interface(
|
|
self, nsxv_manager, context, router_id, ext_net_id,
|
|
ipaddr, netmask, secondary=None):
|
|
|
|
secondary = secondary or []
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
|
|
# If no binding was found, no interface to update - exit
|
|
if not binding:
|
|
LOG.error('Edge binding not found for router %s', router_id)
|
|
return
|
|
|
|
net_bindings = nsxv_db.get_network_bindings(
|
|
context.session, ext_net_id)
|
|
if not net_bindings:
|
|
az_name = binding.availability_zone
|
|
az = self._availability_zones.get_availability_zone(az_name)
|
|
vcns_network_id = az.external_network
|
|
else:
|
|
vcns_network_id = net_bindings[0].phy_uuid
|
|
|
|
# reorganize external vnic's address groups
|
|
if netmask:
|
|
address_groups = []
|
|
addr_list = []
|
|
for str_cidr in netmask:
|
|
ip_net = netaddr.IPNetwork(str_cidr)
|
|
address_group = {'primaryAddress': None,
|
|
'subnetPrefixLength': str(ip_net.prefixlen)}
|
|
if (ipaddr not in addr_list and
|
|
_check_ipnet_ip(ip_net, ipaddr)):
|
|
address_group['primaryAddress'] = ipaddr
|
|
addr_list.append(ipaddr)
|
|
for sec_ip in secondary:
|
|
if (sec_ip not in addr_list and
|
|
_check_ipnet_ip(ip_net, sec_ip)):
|
|
if not address_group['primaryAddress']:
|
|
address_group['primaryAddress'] = sec_ip
|
|
else:
|
|
if not address_group.get('secondaryAddresses'):
|
|
address_group['secondaryAddresses'] = {
|
|
'ipAddress': [sec_ip],
|
|
'type': 'secondary_addresses'}
|
|
else:
|
|
address_group['secondaryAddresses'][
|
|
'ipAddress'].append(sec_ip)
|
|
addr_list.append(sec_ip)
|
|
if address_group['primaryAddress']:
|
|
address_groups.append(address_group)
|
|
if ipaddr not in addr_list:
|
|
LOG.error("primary address %s of ext vnic is not "
|
|
"configured", ipaddr)
|
|
if secondary:
|
|
missed_ip_sec = set(secondary) - set(addr_list)
|
|
if missed_ip_sec:
|
|
LOG.error("secondary address %s of ext vnic are not "
|
|
"configured", str(missed_ip_sec))
|
|
nsxv_manager.update_interface(router_id, binding['edge_id'],
|
|
vcns_const.EXTERNAL_VNIC_INDEX,
|
|
vcns_network_id,
|
|
address_groups=address_groups)
|
|
|
|
else:
|
|
nsxv_manager.update_interface(router_id, binding['edge_id'],
|
|
vcns_const.EXTERNAL_VNIC_INDEX,
|
|
vcns_network_id,
|
|
address=ipaddr,
|
|
netmask=netmask,
|
|
secondary=secondary)
|
|
|
|
|
|
def create_lrouter(nsxv_manager, context, lrouter, lswitch=None, dist=False,
|
|
availability_zone=None):
|
|
"""Create an edge for logical router support."""
|
|
router_id = lrouter['id']
|
|
router_name = lrouter['name'] + '-' + router_id
|
|
appliance_size = get_service_edge_size(parse_service_edge_size(),
|
|
'router')
|
|
# store router-edge mapping binding
|
|
nsxv_db.add_nsxv_router_binding(
|
|
context.session, router_id, None, None,
|
|
constants.PENDING_CREATE,
|
|
appliance_size=appliance_size,
|
|
availability_zone=availability_zone.name)
|
|
|
|
# deploy edge
|
|
nsxv_manager.deploy_edge(
|
|
context, router_id, router_name, internal_network=None, dist=dist,
|
|
appliance_size=appliance_size, availability_zone=availability_zone)
|
|
|
|
|
|
def delete_lrouter(nsxv_manager, context, router_id, dist=False):
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
if binding:
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id,
|
|
status=constants.PENDING_DELETE)
|
|
edge_id = binding['edge_id']
|
|
# delete edge
|
|
nsxv_manager.delete_edge(context, router_id, edge_id, dist=dist)
|
|
else:
|
|
LOG.warning("router binding for router: %s not found", router_id)
|
|
|
|
|
|
def remove_irrelevant_keys_from_edge_request(edge_request):
|
|
"""Remove some unnecessary keys from the edge request.
|
|
Having these keys fail the update edge NSX transaction
|
|
"""
|
|
for key in ['status', 'datacenterMoid', 'fqdn', 'version',
|
|
'tenant', 'datacenterName',
|
|
'hypervisorAssist', 'universal', 'enableFips']:
|
|
edge_request.pop(key, None)
|
|
|
|
|
|
def _retrieve_nsx_switch_id(context, network_id, az_name):
|
|
"""Helper method to retrieve backend switch ID."""
|
|
bindings = nsxv_db.get_network_bindings(context.session, network_id)
|
|
if bindings:
|
|
binding = bindings[0]
|
|
network_type = binding['binding_type']
|
|
if (network_type == c_utils.NsxVNetworkTypes.VLAN and
|
|
binding['phy_uuid'] != ''):
|
|
if ',' not in binding['phy_uuid']:
|
|
dvs_id = binding['phy_uuid']
|
|
else:
|
|
# If network is of type VLAN and multiple dvs associated with
|
|
# one neutron network, retrieve the logical network id for the
|
|
# edge/mgmt cluster's DVS from the networks availability zone.
|
|
azs = nsx_az.NsxVAvailabilityZones()
|
|
az = azs.get_availability_zone(az_name)
|
|
dvs_id = az.dvs_id
|
|
return nsx_db.get_nsx_switch_id_for_dvs(
|
|
context.session, network_id, dvs_id)
|
|
# Get the physical port group /wire id of the network id
|
|
mappings = nsx_db.get_nsx_switch_ids(context.session, network_id)
|
|
if mappings:
|
|
return mappings[0]
|
|
raise nsx_exc.NsxPluginException(
|
|
err_msg=_("Network %s not found at the backend") % network_id)
|
|
|
|
|
|
def get_dhcp_edge_id(context, network_id):
|
|
# Query edge id
|
|
resource_id = (vcns_const.DHCP_EDGE_PREFIX + network_id)[:36]
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
resource_id)
|
|
if binding:
|
|
edge_id = binding['edge_id']
|
|
return edge_id
|
|
|
|
|
|
def get_dhcp_binding_mappings(nsxv_manager, edge_id):
|
|
dhcp_config = query_dhcp_service_config(nsxv_manager, edge_id)
|
|
bindings_get = {}
|
|
if dhcp_config:
|
|
for binding in dhcp_config['staticBindings']['staticBindings']:
|
|
bindings_get[binding['macAddress'].lower()] = binding['bindingId']
|
|
return bindings_get
|
|
|
|
|
|
def get_dhcp_binding_mappings_for_ips(nsxv_manager, edge_id):
|
|
dhcp_config = query_dhcp_service_config(nsxv_manager, edge_id)
|
|
bindings_get = {}
|
|
if dhcp_config:
|
|
for binding in dhcp_config['staticBindings']['staticBindings']:
|
|
bindings_get[binding['ipAddress']] = binding['bindingId']
|
|
return bindings_get
|
|
|
|
|
|
def get_dhcp_binding_mappings_for_hostname(nsxv_manager, edge_id):
|
|
dhcp_config = query_dhcp_service_config(nsxv_manager, edge_id)
|
|
bindings_get = {}
|
|
if dhcp_config:
|
|
for binding in dhcp_config['staticBindings']['staticBindings']:
|
|
bindings_get[binding['hostname']] = binding['bindingId']
|
|
return bindings_get
|
|
|
|
|
|
def _get_dhcp_binding_for_binding_id(nsxv_manager, edge_id, binding_id):
|
|
dhcp_config = query_dhcp_service_config(nsxv_manager, edge_id)
|
|
if dhcp_config:
|
|
for binding in dhcp_config['staticBindings']['staticBindings']:
|
|
if binding['bindingId'] == binding_id:
|
|
return binding
|
|
|
|
|
|
def _get_dhcp_binding(nsxv_manager, edge_id, binding_id):
|
|
try:
|
|
h, dhcp_binding = nsxv_manager.vcns.get_dhcp_binding(edge_id,
|
|
binding_id)
|
|
return dhcp_binding
|
|
except Exception:
|
|
return
|
|
|
|
|
|
def get_dhcp_binding_for_binding_id(nsxv_manager, edge_id, binding_id):
|
|
# API for specific binding is supported in NSX 6.2.8 and 6.3.3 onwards
|
|
ver = nsxv_manager.vcns.get_version()
|
|
if c_utils.is_nsxv_dhcp_binding_supported(ver):
|
|
return _get_dhcp_binding(nsxv_manager, edge_id, binding_id)
|
|
return _get_dhcp_binding_for_binding_id(nsxv_manager, edge_id, binding_id)
|
|
|
|
|
|
def query_dhcp_service_config(nsxv_manager, edge_id):
|
|
"""Retrieve the current DHCP configuration from the edge."""
|
|
_, dhcp_config = nsxv_manager.vcns.query_dhcp_configuration(edge_id)
|
|
return dhcp_config
|
|
|
|
|
|
def get_router_edge_id(context, router_id):
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
if binding:
|
|
return binding['edge_id']
|
|
|
|
|
|
def update_gateway(nsxv_manager, context, router_id, nexthop, routes=None):
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session,
|
|
router_id)
|
|
edge_id = binding['edge_id']
|
|
if routes is None:
|
|
routes = []
|
|
nsxv_manager.update_routes(edge_id, nexthop, routes)
|
|
|
|
|
|
def get_routes(edge_manager, context, router_id):
|
|
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
if not binding:
|
|
LOG.error('Router binding not found for router %s', router_id)
|
|
return []
|
|
|
|
edge_id = binding['edge_id']
|
|
|
|
vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(context.session,
|
|
edge_id)
|
|
if not vnic_bindings:
|
|
LOG.error('vNic binding not found for edge %s', edge_id)
|
|
return []
|
|
|
|
h, routes = edge_manager.vcns.get_routes(edge_id)
|
|
edge_routes = routes.get('staticRoutes')
|
|
routes = []
|
|
for edge_route in edge_routes.get('staticRoutes'):
|
|
for vnic_binding in vnic_bindings:
|
|
if vnic_binding['vnic_index'] == int(edge_route['vnic']):
|
|
route = {'network_id': vnic_binding['network_id'],
|
|
'nexthop': edge_route['nextHop'],
|
|
'destination': edge_route['network']}
|
|
routes.append(route)
|
|
break
|
|
return routes
|
|
|
|
|
|
def update_routes(edge_manager, context, router_id, routes, nexthop=None):
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
if not binding:
|
|
LOG.error('Router binding not found for router %s', router_id)
|
|
return
|
|
|
|
edge_id = binding['edge_id']
|
|
edge_routes = []
|
|
for route in routes:
|
|
if not route.get('network_id'):
|
|
LOG.warning("There is no network info for the route %s, so "
|
|
"the route entry would not be executed!", route)
|
|
continue
|
|
if route.get('external'):
|
|
edge_routes.append({
|
|
'vnic_index': vcns_const.EXTERNAL_VNIC_INDEX,
|
|
'cidr': route['destination'],
|
|
'nexthop': route['nexthop']})
|
|
else:
|
|
vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_id, route['network_id'])
|
|
if (netaddr.IPAddress(route['nexthop']) in
|
|
netaddr.IPNetwork(route['destination'])):
|
|
# check that the nexthop is not in the destination
|
|
LOG.error("Cannot add route with nexthop %(nexthop)s "
|
|
"contained in the destination: %(dest)s.",
|
|
{'dest': route['destination'],
|
|
'nexthop': route['nexthop']})
|
|
continue
|
|
if vnic_binding and vnic_binding.get('vnic_index'):
|
|
edge_routes.append({
|
|
'vnic_index': vnic_binding['vnic_index'],
|
|
'cidr': route['destination'],
|
|
'nexthop': route['nexthop']})
|
|
else:
|
|
LOG.error("vnic binding on edge %(edge_id)s for network "
|
|
"%(net_id)s not found, so route: destination: "
|
|
"%(dest)s, nexthop: %(nexthop)s can't be "
|
|
"applied!",
|
|
{'edge_id': edge_id,
|
|
'net_id': route['network_id'],
|
|
'dest': route['destination'],
|
|
'nexthop': route['nexthop']})
|
|
edge_manager.update_routes(edge_id, nexthop, edge_routes)
|
|
|
|
|
|
def get_internal_lswitch_id_of_plr_tlr(context, router_id):
|
|
return nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id).lswitch_id
|
|
|
|
|
|
def get_internal_vnic_index_of_plr_tlr(context, router_id):
|
|
router_binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id)
|
|
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, router_binding.edge_id, router_binding.lswitch_id)
|
|
return edge_vnic_binding.vnic_index
|
|
|
|
|
|
def clear_gateway(nsxv_manager, context, router_id):
|
|
return update_gateway(nsxv_manager, context, router_id, None)
|
|
|
|
|
|
def _check_ipnet_ip(ipnet, ip_address):
|
|
"""Check one ip is valid ip from ipnet."""
|
|
ip = netaddr.IPAddress(ip_address)
|
|
if (ip != ipnet.netmask and
|
|
ip != ipnet[-1] and
|
|
ipnet.netmask & ip == ipnet.network):
|
|
return True
|
|
return False
|
|
|
|
|
|
def update_internal_interface(nsxv_manager, context, router_id, int_net_id,
|
|
address_groups, is_connected=True):
|
|
|
|
# Get edge id
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
edge_id = binding['edge_id']
|
|
|
|
# Get the pg/wire id of the network id
|
|
az_name = binding['availability_zone']
|
|
vcns_network_id = _retrieve_nsx_switch_id(context, int_net_id, az_name)
|
|
LOG.debug("Network id %(network_id)s corresponding ref is : "
|
|
"%(net_moref)s", {'network_id': int_net_id,
|
|
'net_moref': vcns_network_id})
|
|
|
|
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_id, int_net_id)
|
|
# if edge_vnic_binding is None, then first select one available
|
|
# internal vnic for connection.
|
|
if not edge_vnic_binding:
|
|
edge_vnic_binding = nsxv_db.allocate_edge_vnic(
|
|
context.session, edge_id, int_net_id)
|
|
|
|
nsxv_manager.update_interface(router_id, edge_id,
|
|
edge_vnic_binding.vnic_index,
|
|
vcns_network_id,
|
|
is_connected=is_connected,
|
|
address_groups=address_groups)
|
|
|
|
|
|
def add_vdr_internal_interface(nsxv_manager, context, router_id,
|
|
int_net_id, address_groups, is_connected=True):
|
|
# Get edge id
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
edge_id = binding['edge_id']
|
|
|
|
# Get the pg/wire id of the network id
|
|
az_name = binding['availability_zone']
|
|
vcns_network_id = _retrieve_nsx_switch_id(context, int_net_id, az_name)
|
|
LOG.debug("Network id %(network_id)s corresponding ref is : "
|
|
"%(net_moref)s", {'network_id': int_net_id,
|
|
'net_moref': vcns_network_id})
|
|
|
|
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_id, int_net_id)
|
|
if not edge_vnic_binding:
|
|
vnic_index = nsxv_manager.add_vdr_internal_interface(
|
|
edge_id, vcns_network_id, address_groups=address_groups,
|
|
is_connected=is_connected)
|
|
nsxv_db.create_edge_vnic_binding(
|
|
context.session, edge_id, vnic_index, int_net_id)
|
|
else:
|
|
msg = (_("Distributed Router doesn't support multiple subnets "
|
|
"with same network attached to it."))
|
|
raise n_exc.BadRequest(resource='vdr', msg=msg)
|
|
|
|
|
|
def update_vdr_internal_interface(nsxv_manager, context, router_id, int_net_id,
|
|
address_groups, is_connected=True):
|
|
# Get edge id
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
edge_id = binding['edge_id']
|
|
|
|
# Get the pg/wire id of the network id
|
|
az_name = binding['availability_zone']
|
|
vcns_network_id = _retrieve_nsx_switch_id(context, int_net_id, az_name)
|
|
LOG.debug("Network id %(network_id)s corresponding ref is : "
|
|
"%(net_moref)s", {'network_id': int_net_id,
|
|
'net_moref': vcns_network_id})
|
|
|
|
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_id, int_net_id)
|
|
nsxv_manager.update_vdr_internal_interface(
|
|
edge_id, edge_vnic_binding.vnic_index, vcns_network_id,
|
|
address_groups=address_groups, is_connected=is_connected)
|
|
|
|
|
|
def delete_interface(nsxv_manager, context, router_id, network_id, dist=False):
|
|
|
|
# Get edge id
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
if not binding:
|
|
LOG.warning("Failed to find the router binding for router %s",
|
|
router_id)
|
|
return
|
|
|
|
edge_id = binding['edge_id']
|
|
|
|
# Get the pg/wire id of the network id
|
|
az_name = binding['availability_zone']
|
|
vcns_network_id = _retrieve_nsx_switch_id(context, network_id, az_name)
|
|
LOG.debug("Network id %(network_id)s corresponding ref is : "
|
|
"%(net_moref)s", {'network_id': network_id,
|
|
'net_moref': vcns_network_id})
|
|
|
|
edge_vnic_binding = nsxv_db.get_edge_vnic_binding(
|
|
context.session, edge_id, network_id)
|
|
if not edge_vnic_binding:
|
|
LOG.warning("Failed to find the network %(net_id)s "
|
|
"corresponding vnic index on edge %(edge_id)s",
|
|
{'net_id': network_id,
|
|
'edge_id': edge_id})
|
|
return
|
|
if not dist:
|
|
nsxv_manager.delete_interface(
|
|
router_id, edge_id, edge_vnic_binding.vnic_index)
|
|
nsxv_db.free_edge_vnic_by_network(
|
|
context.session, edge_id, network_id)
|
|
else:
|
|
nsxv_manager.delete_vdr_internal_interface(
|
|
edge_id, edge_vnic_binding.vnic_index)
|
|
nsxv_db.delete_edge_vnic_binding_by_network(
|
|
context.session, edge_id, network_id)
|
|
|
|
|
|
def update_nat_rules(nsxv_manager, context, router_id, snat, dnat, az=None):
|
|
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
|
|
if binding:
|
|
if not az:
|
|
azs = nsx_az.NsxVAvailabilityZones()
|
|
az = azs.get_availability_zone(binding['availability_zone'])
|
|
bind_to_all = az.bind_floatingip_to_all_interfaces
|
|
|
|
indices = None
|
|
if bind_to_all:
|
|
# from 6.2.4 onwards, unspecified vnic will result
|
|
# in binding the rule to all interfaces
|
|
ver = nsxv_manager.vcns.get_version()
|
|
if version.LooseVersion(ver) < version.LooseVersion('6.2.4'):
|
|
LOG.debug("NSX version %s requires explicit nat rule "
|
|
"for each interface", ver)
|
|
edge_id = binding['edge_id']
|
|
vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
|
|
context.session, edge_id)
|
|
indices = [vnic_binding.vnic_index
|
|
for vnic_binding in vnic_bindings]
|
|
|
|
indices.append(vcns_const.EXTERNAL_VNIC_INDEX)
|
|
else:
|
|
LOG.debug("Configuring nat rules on external "
|
|
"interface only for %s", router_id)
|
|
indices = [vcns_const.EXTERNAL_VNIC_INDEX]
|
|
|
|
nsxv_manager.update_nat_rules(binding['edge_id'], snat, dnat, indices)
|
|
else:
|
|
LOG.warning("Bindings do not exists for %s", router_id)
|
|
|
|
|
|
def clear_nat_rules(nsxv_manager, context, router_id):
|
|
update_nat_rules(nsxv_manager, context, router_id, [], [])
|
|
|
|
|
|
def update_firewall(nsxv_manager, context, router_id, firewall,
|
|
allow_external=True):
|
|
binding = nsxv_db.get_nsxv_router_binding(
|
|
context.session, router_id)
|
|
if binding:
|
|
edge_id = binding['edge_id']
|
|
nsxv_manager.update_firewall(edge_id, firewall, context,
|
|
allow_external=allow_external)
|
|
else:
|
|
LOG.warning("Bindings do not exists for %s", router_id)
|
|
|
|
|
|
def check_network_in_use_at_backend(context, network_id):
|
|
retries = max(cfg.CONF.nsxv.retries, 1)
|
|
delay = 0.5
|
|
for attempt in range(1, retries + 1):
|
|
if attempt != 1:
|
|
time.sleep(delay)
|
|
delay = min(2 * delay, 60)
|
|
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_int_lswitch(
|
|
context.session, network_id)
|
|
if not edge_vnic_bindings:
|
|
return
|
|
LOG.warning('NSXv: network is still in use at the backend')
|
|
LOG.error('NSXv: network is still in use at the backend')
|
|
|
|
|
|
def default_loglevel_modifier(config, level):
|
|
"""Modify log level settings in edge config bulk (standard syntax)"""
|
|
|
|
if 'logging' not in config:
|
|
LOG.error("Logging section missing in configuration")
|
|
return False
|
|
|
|
enable = True
|
|
if level == 'none':
|
|
enable = False
|
|
level = 'info' # default
|
|
|
|
config['logging']['enable'] = enable
|
|
config['logging']['logLevel'] = level
|
|
return True
|
|
|
|
|
|
def routing_loglevel_modifier(config, level):
|
|
"""Modify log level in routing global settings"""
|
|
|
|
if 'routingGlobalConfig' not in config:
|
|
LOG.error("routingGlobalConfig section missing in config")
|
|
return False
|
|
|
|
return default_loglevel_modifier(config['routingGlobalConfig'],
|
|
level)
|
|
|
|
|
|
def get_loglevel_modifier(module, level):
|
|
"""Pick modifier according to module and set log level"""
|
|
special_modifiers = {'routing': routing_loglevel_modifier}
|
|
|
|
modifier = default_loglevel_modifier
|
|
if module in special_modifiers.keys():
|
|
modifier = special_modifiers[module]
|
|
|
|
def wrapper(config):
|
|
return modifier(config, level)
|
|
|
|
return wrapper
|
|
|
|
|
|
def update_edge_loglevel(vcns_obj, edge_id, module, level):
|
|
"""Update loglevel on edge for specified module"""
|
|
if module not in SUPPORTED_EDGE_LOG_MODULES:
|
|
LOG.error("Unrecognized logging module %s - ignored", module)
|
|
return
|
|
|
|
if level not in SUPPORTED_EDGE_LOG_LEVELS:
|
|
LOG.error("Unrecognized log level %s - ignored", level)
|
|
return
|
|
|
|
vcns_obj.update_edge_config_with_modifier(
|
|
edge_id, module, get_loglevel_modifier(module, level))
|
|
|
|
|
|
def update_edge_host_groups(vcns_obj, edge_id, dvs_obj, availability_zone,
|
|
validate=False):
|
|
# Update edge DRS host groups
|
|
h, appliances = vcns_obj.get_edge_appliances(edge_id)
|
|
vms = [appliance['vmId']
|
|
for appliance in appliances['appliances']]
|
|
if validate:
|
|
configured_vms = dvs_obj.get_configured_vms(
|
|
availability_zone.resource_pool,
|
|
availability_zone.edge_host_groups)
|
|
for vm in vms:
|
|
if vm in configured_vms:
|
|
LOG.info('Edge %s already configured', edge_id)
|
|
return
|
|
LOG.info('Create DRS groups for %(vms)s on edge %(edge_id)s',
|
|
{'vms': vms, 'edge_id': edge_id})
|
|
# Ensure random distribution of the VMs
|
|
if availability_zone.ha_placement_random:
|
|
if len(vms) < len(availability_zone.edge_host_groups):
|
|
# add some empty vms to the list, so it will randomize between
|
|
# all host groups
|
|
vms.extend([None] * (len(availability_zone.edge_host_groups) -
|
|
len(vms)))
|
|
random.shuffle(vms)
|
|
try:
|
|
dvs_obj.update_cluster_edge_failover(
|
|
availability_zone.resource_pool,
|
|
vms, availability_zone.edge_host_groups)
|
|
except Exception as e:
|
|
LOG.error('Unable to create DRS groups for '
|
|
'%(vms)s on edge %(edge_id)s. Error: %(e)s',
|
|
{'vms': vms,
|
|
'edge_id': edge_id,
|
|
'e': e})
|
|
|
|
|
|
def clean_host_groups(dvs_obj, availability_zone):
|
|
try:
|
|
LOG.info('Cleaning up host groups for AZ %s',
|
|
availability_zone.name)
|
|
dvs_obj.cluster_host_group_cleanup(
|
|
availability_zone.resource_pool,
|
|
availability_zone.edge_host_groups)
|
|
except Exception as e:
|
|
LOG.error('Unable to cleanup. Error: %s', e)
|
|
|
|
|
|
class NsxVCallbacks(object):
|
|
"""Edge callback implementation Callback functions for
|
|
asynchronous tasks.
|
|
"""
|
|
def __init__(self, plugin):
|
|
self.plugin = plugin
|
|
if cfg.CONF.nsxv.use_dvs_features:
|
|
self._vcm = dvs.VCManager()
|
|
else:
|
|
self._vcm = None
|
|
|
|
@log_helpers.log_method_call
|
|
def complete_edge_creation(self, context, edge_id, name, router_id, dist,
|
|
deploy_successful, availability_zone=None,
|
|
deploy_metadata=False):
|
|
router_db = None
|
|
if uuidutils.is_uuid_like(router_id):
|
|
try:
|
|
router_db = self.plugin._get_router(context, router_id)
|
|
except l3_exc.RouterNotFound:
|
|
# Router might have been deleted before deploy finished
|
|
LOG.warning("Router %s not found", name)
|
|
|
|
if deploy_successful:
|
|
metadata_proxy_handler = self.plugin.get_metadata_proxy_handler(
|
|
availability_zone.name)
|
|
if deploy_metadata and metadata_proxy_handler:
|
|
LOG.debug('Update metadata for resource %s',
|
|
router_id)
|
|
metadata_proxy_handler.configure_router_edge(
|
|
context, router_id)
|
|
|
|
self.plugin.setup_dhcp_edge_fw_rules(context, self.plugin,
|
|
router_id)
|
|
|
|
LOG.debug("Successfully deployed %(edge_id)s for router %(name)s",
|
|
{'edge_id': edge_id,
|
|
'name': name})
|
|
if (router_db and
|
|
router_db['status'] == constants.PENDING_CREATE):
|
|
router_db['status'] = constants.ACTIVE
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id,
|
|
status=constants.ACTIVE)
|
|
if (not dist and
|
|
self._vcm and availability_zone and
|
|
availability_zone.edge_ha and
|
|
availability_zone.edge_host_groups):
|
|
with locking.LockManager.get_lock('nsx-vc-drs-update'):
|
|
update_edge_host_groups(self.plugin.nsx_v.vcns, edge_id,
|
|
self._vcm, availability_zone,
|
|
validate=True)
|
|
else:
|
|
LOG.error("Failed to deploy Edge for router %s", name)
|
|
if router_db:
|
|
router_db['status'] = constants.ERROR
|
|
nsxv_db.update_nsxv_router_binding(
|
|
context.session, router_id,
|
|
status=constants.ERROR)
|
|
if not dist and edge_id:
|
|
nsxv_db.clean_edge_vnic_binding(
|
|
context.session, edge_id)
|
|
|
|
def complete_edge_update(
|
|
self, context, edge_id, router_id, successful, set_errors):
|
|
if successful:
|
|
LOG.debug("Successfully updated %(edge_id)s for router "
|
|
"%(router_id)s",
|
|
{'edge_id': edge_id,
|
|
'router_id': router_id})
|
|
else:
|
|
LOG.error("Failed to update %(edge_id)s for router "
|
|
"%(router_id)s",
|
|
{'edge_id': edge_id,
|
|
'router_id': router_id})
|
|
admin_ctx = q_context.get_admin_context()
|
|
if nsxv_db.get_nsxv_router_binding(admin_ctx.session, router_id):
|
|
nsxv_db.update_nsxv_router_binding(
|
|
admin_ctx.session, router_id,
|
|
status=constants.ERROR)
|
|
if set_errors and context:
|
|
# Set the router status to ERROR
|
|
try:
|
|
with db_api.CONTEXT_WRITER.using(context):
|
|
router_db = self.plugin._get_router(context, router_id)
|
|
router_db['status'] = constants.ERROR
|
|
except l3_exc.RouterNotFound:
|
|
# Router might have been deleted before deploy finished
|
|
LOG.warning("Router %s not found", router_id)
|
|
|
|
def interface_update_result(self, task):
|
|
LOG.debug("interface_update_result %d", task.status)
|