refactor the validation code for network & port create & update operations
and moce those to the common plugin code.
This will be used later by the policy plugin code.
Change-Id: Ia461851022a20f07cb50d05dc73cc37f48752164
Raise an exception if a port or a network creation/update enables
port security on an ENS transport zone.
Change-Id: Ifbffec35c321d1ccf8c1aa00b4b3ed33140fb218
This reverts commit 2dd98c36652ed9c216992c37172af055f5ad7370.
And uses the neutron-fwaas exception instead.
Change-Id: I3934f4f0b6e4df3e51ad3038ba6c8a5c528697c2
As of patch I677721aeada6fd74e8201c7f308771c887b2a1e9, the exception
module has been removed from upstream neutron-fwaas repo. This
breaks our neutron_fwaas driver and unit tests. Remove dependency
of that module in this patch and use the exception defined in
vmware_nsx common instead.
Change-Id: I9fb9df6505fb7493be98723988dc4f6288af1603
Validate each moref in the availability zones specifically by the plugin.
Also - do not validate the same morefs multiple times,
in order to reduce the number of backend calls at init.
Change-Id: I161a118c9d4f7a4d38745ef5e056a001c6d13614
Client certificate authentication is disabled by default.
To enable client auth, define the following in nsx.ini:
nsx_use_client_auth = True
nsx_client_cert_storage = nsx-db
nsx_client_cert_file = <file to store certificate and private key>
To enable client auth in devstack, define the following in local.conf:
NSX_USE_CLIENT_CERT_AUTH=True
This commit covers only DB type of cert storage. Barbican storage
and imported cert will be added later. Also planned for near future:
reload cert from DB if NSX connection failes due to bad cert
show warning when cert nears expiration
delete cert file from file system on neutron exit
Change-Id: Ic70a949b740d9149d71187b02640d3071a3e0159
This patch refactors the current codebase to be more modular
and testable. The main changes are:
- pull out all of the profile setup logic from the __init__
method to it's own method _init_nsx_profiles method to make
testing the code easier.
- refactors the nsxlib.v3 code to break out all neutron related
exceptions and cleans up the interface so we can make nsxlib.v3
it's own standalone library eventually.
To improve:
- Currently we have nsxlib.v3.dfw_api and nsxlib.v3.firewall,
we should refactor this code and merge them into one file.
- refactor nsxlib to section of each api component to it's own
subclass. For example, nsxlib().port.create() rather than
nsxlib().create_port(). I think this would be most useful
for the security group/firewall integration as there are many
methods there that are needed to interface with nsx as the security
group feature is requires the most orchestration with nsx.
Breaking them into a sub class will make things more easy to understand.
Change-Id: If2fe1e014b78703ff0a9cdff1e4e8d45f3a4a16d
This patch adds support for Port Mirroring feature for
NSXv3 plugin. This driver implements the Tap-as-a-Service
APIs and maps the tap-flow and tap-service resources
to backend PortMirroring objects.
Closes-Bug: #1598318
Change-Id: I5719fbbacfd3ec39250c59ec73cac2dc84af596d
CH release adds new way to associate resources with nsgroups by
creating specific tags on the resources.
We would like to support this feature in the plugin for better performance.
This patch make use of this feature to associate logical-ports with nsgroups
(Neutron ports with security-groups), for every LP-NSGroup association,
a special tag will be added to the LP.
The plugin will use this NSX feature only when supported by the NSX
version, and given that the designated boolean config option is set to True.
Change-Id: I2a802bc314d98dba9ecc54191fcbd7330f183e12
The backed does not allow max bandwidth < 1M.
Since the switch update is done from a notification callback,
we cannot fail the user action.
Instead, we log a warning, and use the minimal possible value.
Change-Id: Ic5aa7f933d7faf959bafd7f3f589fe29d6ded06d
Add support for the qos service in NSX|V3, including:
- Attach/Detach qos policy to a new or updated port
- Allow qos configuration on ports with internal networks only
- Update the switch profile with the BW limitations and tags
through the qos notification driver
- Add a new mapping db table to link the policy id and the
nsx-v3 switch profile id
For this to work, the following configuration should appear under the 'qos' section in the neutron.conf:
notification_drivers = vmware_nsxv3_message_queue
Change-Id: I4016de756cebe0032e61d3c2a5250527e44b49e4
Commit 87a79256c494c36f2d9597313f430b24c0110161 added neutron_lib
for shared exceptions. This patch moves us to make use of the
aforementioned library.
Change-Id: I9fe014c5da85faca87bf88a80c4ee19f7f123123
When running the test
...test_cluster.ClusteredAPITestCase.test_cluster_proxy_stale_revision
we get the exception below:
Traceback (most recent call last):
File "/usr/lib/python2.7/logging/__init__.py", line 851, in emit
msg = self.format(record)
File "/usr/lib/python2.7/logging/__init__.py", line 724, in format
return fmt.format(record)
File "/usr/lib/python2.7/logging/__init__.py", line 464, in format
record.message = record.getMessage()
File "/usr/lib/python2.7/logging/__init__.py", line 328, in getMessage
msg = msg % self.args
File "/home/gkotton/vmware-nsx/.tox/py27/local/lib/python2.7/site-packages/neutron_lib/exceptions.py", line 48, in __unicode__
return unicode(self.msg)
AttributeError: 'StaleRevision' object has no attribute 'msg'
Logged from file cluster.py, line 418
Change-Id: I4ce6b90b3dbd2fd1a2987fafb1034fdd0cd05a60
Use NsxResourceNotFound exception to detail the resource name and
resource ID not found on backend.
Change-Id: Ib7749380672e54f452b5721da2dd2d92feceb618
Depends-On: Ibba7b4997b89ecabfe5fba162f7b60c3c9a889c8
This patch proposes the addition of new exception in vmware-nsx
repo for Resources not found on the backend. Now we can pass the
resource name and resource ID to this exception. This patch
specifically fixes the error message for physical network not
found on the backend.
See bug 1604490 on bugzilla for more details.
Change-Id: Ibba7b4997b89ecabfe5fba162f7b60c3c9a889c8
Fixes-bug: bug/1604490
NSX v3 does not support CIDR notated IP addresses for
port IP address bindings; thus something like
9.10.11.12/24 is an invalid IP address to use for an address
pair. This patch adds a check to ensure IP address are
of the proper format.
Additionally this patch adds logic to the port update
flow in the case where a backend error occurs on port
update. The logic contained herein now reverts the
address pairs to ensure they are in sync with neutron.
Unit tests are also included.
Change-Id: Ia0c9187b1f6e304690e1a56e94c47fe069179645
Closes-Bug: #1531558
Only single vlan is supported for one l2 gateway edge, so only one bridge can be created
in one edge. If user tried to connect multiple network to one l2gw
, the exception will be raised.
Change-Id: Ib17174b9735ca536b3701fdba4212123d51a0b23
Currently the NSX v3 REST API client masks the
backend NSX API error upon and invalid response.
This results in a very generic error message to consumers
(including the CLI) when a backend error happens.
This patch exposes the backend error message if
possible which provides more details of the issue
to consumers.
Change-Id: I215352d649b6579d6075cb104a7d311a7f1ffa66
This patch adds the backend driver to support Layer 2 gateway
API calls for NSXv.
Partial-bug: #1481087
Change-Id: Iea8b5390300dfd653b275c4389bc0d12bc4cc59f
