Now that we are python3 only, we should move to using the built
in version of mock that supports all of our testing needs and
remove the dependency on the "mock" package.
Also see commit: Ifcaf1c21bea0ec3c35278e49cecc90a101a82113
Change-Id: I11dc8a80471be347f89a30f59c1cc14cdb879726
JWT token used to authenticate with NSX can become invalid before
expiration due to VC service account credentials refresh. When this
case happens nsxlib should immediately re-get-token using the latest
creds and refresh request headers.
Change-Id: I1e3415379926f07e7b30eeaf44e9bcc7e2a26e9e
When endpoint goes down, the user should see same exception as
when the cluster is already down (detected by earlier activity).
For this purpose, translate grounding exception to
ServiceClusterUnavaliable.
In addition, display a warning if amount of retries is less than
amount of endpoints, since in this case not all endpoints will be
probed.
Change-Id: Ib4aa5eb95069b917c989b1f6dcd3535880b5a038
The user will be able to specify exception config object, that
defines which exceptions bring endpoint down, and which exceptions
trigger retry.
This change removes exception handling from the client class, which
hopefully makes the code more readable and easier to follow.
Change-Id: If4dd5c01e4bc83c9704347c2c7c8638c5ac1d72c
Currently in nsxlib, there's no client side API rate throttling. In a
scale setup it is deemed to easily overwhelm NSX backend. This patch
introduces a per-endpoint rate limiter that blocks over-limit calls.
Change-Id: Iccd1d2675bed16833d36fa40cc2ef56cf3464652
Before this change, keepalive probe consisted of two separate
configurable roundrip - one based on keepalive_section attribute,
and one on validation_method.
The recommended way to probe NSX appliance is using node/health API,
and tests show that it has best roundtrip time. This nsxlib will
switch to this healthcheck, and not expose keepalive methology to
clients any longer.
Change-Id: Ia972ef3d087fd01fa18d5a4e9dc9c32fbed0eb40
This can help distinguishing which requests have been
quened waiting for available connection or been retried.
Change-Id: I197ae819afde9333a2969472ba716694893298bd
Endpoint validation was two-fold - first validation_connection_method
was invoked, and then get for keepalive section, if configured.
This change suggest to run only one validation, but makes sure one
is always run:
if keepalive section is configured, validation will be based on it,
otherwise default validation (validation_connection_method) is used.
For policy, suggested default validation is via infra API.
Change-Id: Ib53d09ba6b2d70f99d5dba781950975c3d7195b6
For the case of no validation, endpoint state should be assumed to
be UP.
This is a quick fix to unblock no-validation scenarios. Next patch
will deal with cluster DOWN->UP transition.
Change-Id: Ia2a47e1a8d8aeb0174377b24b469613d866fc805
1. Support tags in detach
2. Support setting vif_id in detach (reset other attachment
attributes)
3. Use update instead of create for attach, to keep original
port attributes
Change-Id: I7093fbf70a76a7560c9174b209259f167b21f74f
This change reduces retries during cluster health validation. There are
multiple retry levels today:
* retry on urllib3 http level
* retry in validating cluster health
* retry in _proxy_internal
This causes retry storm, which brings significant delays to API calls.
This is especially relevant when nsxlib is configured with
cluster_unavailable_retry = True (this is always the case with single
endpoint).
This change reduces configurable retry attempts in cluster health
validation to single retry per endpoint.
In addition, this change fixes scenario when client configures nsxlib
with no validation, in which case cluster should not mark endpoint as
UP in validation related code.
Change-Id: I33b4101a0e0c0f4088e10776e126cc495dabd89c
NSX will reject expression list of a group if defined like follows:
---
"expression":
[{"expressions": [
{"member_type": "LogicalPort", "operator": "EQUALS", "value": "tag1|x"},
{"conjunction_operator": "AND", "resource_type": "ConjunctionOperator"},
{member_type": "LogicalPort", "operator": "EQUALS", "value": "tag2|y"}
], "resource_type": "NestedExpression"},
{"conjunction_operator": "OR", "resource_type": "ConjunctionOperator"},
{"expressions": [
{"member_type": "LogicalPort", "operator": "EQUALS", "value": "tag1|x"},
{"conjunction_operator": "AND", "resource_type": "ConjunctionOperator"},
{member_type": "LogicalPort", "operator": "EQUALS", "value": "tag2|y"}
], "resource_type": "NestedExpression"},
"resource_type": "NestedExpression"}
]
---
Because the two NestedExpressions are identical. If patch a group with the
spec above, 'Duplicate expressions specified' error will be returned. This
patch ensures that before a union condition is built, all conditions are
first dedupped.
Change-Id: I0d2d93f6ade992582ad931b3622354e5b9398a1d
Signed-off-by: Yang Ding <dingyang@vmware.com>
Currently nsxlib will generate bad request if ip_pool_id=None
BEFORE: {'address_pool_paths': ['/infra/ip-pools/']}
AFTER: {'address_pool_paths': []}
Change-Id: I10d653abfdb26f919f9a356c2a1e83752b659619
Keepalive can pose an extra load on the backend, especially
when client spawn multiple processes. In addition, some
deployments are using external load balancer with its
own monitoring mechanism, in which case nsxlib probing is
redundant.
Thsi change suggests to avoid keepalive probing in case
only one backend is configured. If cluster is DOWN,
connection will always be retried upon API call.
Change-Id: If6b5542f0444f5bb72c0d60e90942a7819c5d72e
Previously nsxlib uses operation/application/status for nsx
connection status check if nsx version is <= 2.3. This endpoint
is known to be of high overhead in scale environments.
Furthermore, since self.nsx_version is not initialized during
the initialization phase, the validate_connection_method tend
to always use the v1 version of check.
Since nsx 2.3 is now out of the support matrix, nsxlib can simply
use reverse-proxy/node/health endpoint to verify connection to
nsx is up, which is very lightweighted.
Change-Id: Ife48d5c357e8afe416e2ad772e5bbb0616089b36
Signed-off-by: Yang Ding <dingyang@vmware.com>
In case validate_connection_method already has the effect to keep alive,
it should be allowed to not perform any extra keep-alive requests.
Currently in MP the default keepalive section is transport-zones, which
is deemed to degrade in performance a lot in scale setup. As a more
light-weighted path reverse-proxy/node/health is already used, we should
allow configuring keepalive section to be disabled.
Change-Id: I26c0af67f90b62533a39827ca5111832d306a153
Since lb services list is called often by the vmware_nsx neutron plugin,
adding an option to suppress empty results logging to make logs cleaner
Change-Id: I95e7c20569e87bc2c184965a14a3ceec56e8f8ad
When updating group with empty conditions list, "expression" list
should be explicitly setting to empty list instead of ignored,
so that group gets updated properly with empty expressions.
Change-Id: I779dca3587721f7d9b0da83385a243e3a1132f7c
