From 2601960690a3ca9ce739066b28c4ae7dc8a930a1 Mon Sep 17 00:00:00 2001 From: Adit Sarfaty Date: Mon, 4 Feb 2019 14:42:42 +0200 Subject: [PATCH] Add disable_firewall attribute to tier0/1 & fix set_standby_relocation The disable_firewall flag needs to be set to False before removing the edge cluster. In addition, set_standby_relocation should wait for edge cluster to exist on the nsx logical router Change-Id: I199e2d21d9239d7e8d3fb696b45dbc8988fbb96e --- vmware_nsxlib/v3/policy/core_defs.py | 3 +- vmware_nsxlib/v3/policy/core_resources.py | 45 +++++++++++++++++++++-- 2 files changed, 43 insertions(+), 5 deletions(-) diff --git a/vmware_nsxlib/v3/policy/core_defs.py b/vmware_nsxlib/v3/policy/core_defs.py index 831dcffd..d1f4c0b5 100644 --- a/vmware_nsxlib/v3/policy/core_defs.py +++ b/vmware_nsxlib/v3/policy/core_defs.py @@ -281,7 +281,8 @@ class RouterDef(ResourceDef): self._set_attrs_if_specified(body, ['failover_mode', 'force_whitelisting', - 'default_rule_logging']) + 'default_rule_logging', + 'disable_firewall']) # Add dhcp relay config # TODO(asarfaty): this can be either dhcp or dhcp relay config diff --git a/vmware_nsxlib/v3/policy/core_resources.py b/vmware_nsxlib/v3/policy/core_resources.py index 08820db3..c50eb708 100644 --- a/vmware_nsxlib/v3/policy/core_resources.py +++ b/vmware_nsxlib/v3/policy/core_resources.py @@ -706,6 +706,7 @@ class NsxPolicyTier1Api(NsxPolicyResourceBase): failover_mode=constants.NON_PREEMPTIVE, route_advertisement=IGNORE, dhcp_config=IGNORE, + disable_firewall=IGNORE, tags=IGNORE, tenant=constants.POLICY_INFRA_TENANT): tier1_id = self._init_obj_uuid(tier1_id) @@ -718,6 +719,7 @@ class NsxPolicyTier1Api(NsxPolicyResourceBase): failover_mode=failover_mode, route_advertisement=route_advertisement, dhcp_config=dhcp_config, + disable_firewall=disable_firewall, tenant=tenant) self._create_or_store(tier1_def) @@ -740,6 +742,7 @@ class NsxPolicyTier1Api(NsxPolicyResourceBase): force_whitelisting=IGNORE, failover_mode=IGNORE, tier0=IGNORE, dhcp_config=IGNORE, tags=IGNORE, + disable_firewall=IGNORE, tenant=constants.POLICY_INFRA_TENANT): # Note(asarfaty): L2/L3 PATCH APIs don't support partial updates yet # TODO(asarfaty): Remove this when supported @@ -753,6 +756,7 @@ class NsxPolicyTier1Api(NsxPolicyResourceBase): failover_mode=failover_mode, dhcp_config=dhcp_config, tier0=tier0, + disable_firewall=disable_firewall, tags=tags, tenant=tenant) @@ -904,7 +908,8 @@ class NsxPolicyTier1Api(NsxPolicyResourceBase): @check_allowed_passthrough def set_standby_relocation(self, tier1_id, enable_standby_relocation=True, - tenant=constants.POLICY_INFRA_TENANT): + tenant=constants.POLICY_INFRA_TENANT, + sleep=None, max_attempts=None): """Set the flag for standby relocation on the nsx logical router port Using passthrough api, as the policy api does not support this yet @@ -914,9 +919,37 @@ class NsxPolicyTier1Api(NsxPolicyResourceBase): nsx_router_uuid = self.get_realized_id( tier1_id, tenant=tenant, realization_info=realization_info) - self.nsx_api.logical_router.update( - nsx_router_uuid, - enable_standby_relocation=enable_standby_relocation) + + if enable_standby_relocation: + # wait until the logical router has the edge_cluster + # even after it is realized, the edge cluster can still be missing + # TODO(asarfaty): remove this loop once NSX is fixed + if sleep is None: + sleep = 0.5 + if max_attempts is None: + max_attempts = self.nsxlib_config.realization_max_attempts + test_num = 0 + while test_num < max_attempts: + lr = self.nsx_api.logical_router.get(nsx_router_uuid) + if lr.get('edge_cluster_id'): + self.nsx_api.logical_router.update( + nsx_router_uuid, + enable_standby_relocation=True) + return + eventlet.sleep(sleep) + test_num += 1 + + err_msg = (_("Could not find edge cluster on logical router " + "%(lr)s after %(attempts)s " + "attempts with %(sleep)s seconds sleep") % + {'lr': nsx_router_uuid, + 'attempts': max_attempts, + 'sleep': sleep}) + raise exceptions.ManagerError(details=err_msg) + else: + self.nsx_api.logical_router.update( + nsx_router_uuid, + enable_standby_relocation=False) class NsxPolicyTier0Api(NsxPolicyResourceBase): @@ -933,6 +966,7 @@ class NsxPolicyTier0Api(NsxPolicyResourceBase): force_whitelisting=IGNORE, default_rule_logging=IGNORE, transit_subnets=IGNORE, + disable_firewall=IGNORE, tags=IGNORE, tenant=constants.POLICY_INFRA_TENANT): @@ -946,6 +980,7 @@ class NsxPolicyTier0Api(NsxPolicyResourceBase): force_whitelisting=force_whitelisting, default_rule_logging=default_rule_logging, transit_subnets=transit_subnets, + disable_firewall=disable_firewall, tags=tags, tenant=tenant) self.policy_api.create_or_update(tier0_def) @@ -970,6 +1005,7 @@ class NsxPolicyTier0Api(NsxPolicyResourceBase): force_whitelisting=IGNORE, default_rule_logging=IGNORE, transit_subnets=IGNORE, + disable_firewall=IGNORE, tags=IGNORE, tenant=constants.POLICY_INFRA_TENANT): @@ -981,6 +1017,7 @@ class NsxPolicyTier0Api(NsxPolicyResourceBase): force_whitelisting=force_whitelisting, default_rule_logging=default_rule_logging, transit_subnets=transit_subnets, + disable_firewall=disable_firewall, tags=tags, tenant=tenant)