Merge "NSXv BGP: Use BGP peering password correctly"

vmware_nsx/services/dynamic_routing/nsx_v/driver.py

@@ -83,7 +83,6 @@ class NSXvBgpDriver(object):
 
     def __init__(self, plugin):
         super(NSXvBgpDriver, self).__init__()
-        self._edge_password = cfg.CONF.nsxv.edge_appliance_password
         self._plugin = plugin
         self._core_plugin = directory.get_plugin()
         self._nsxv = self._core_plugin.nsx_v
@@ -310,7 +309,7 @@ class NSXvBgpDriver(object):
             else:
                 gw_nbr = gw_bgp_neighbour(binding['bgp_identifier'],
                                           speaker['local_as'],
-                                          self._edge_password)
+                                          bgp_peer_obj['password'])
                 neighbours.append(gw_nbr)
                 LOG.debug("Succesfully added BGP neighbor '%s' on '%s'",
                           bgp_peer_obj['peer_ip'], binding['edge_id'])
@@ -343,7 +342,7 @@ class NSXvBgpDriver(object):
             else:
                 gw_nbr = gw_bgp_neighbour(binding['bgp_identifier'],
                                           speaker['local_as'],
-                                          self._edge_password)
+                                          bgp_peer_obj['password'])
                 neighbours.append(gw_nbr)
                 LOG.debug("Succesfully removed BGP neighbor '%s' on '%s'",
                           bgp_peer_obj['peer_ip'], binding['edge_id'])
@@ -388,7 +387,8 @@ class NSXvBgpDriver(object):
         speaker = self._plugin.get_bgp_speaker(context, bgp_speaker_id)
         bgp_peers = self._plugin.get_bgp_peers_by_bgp_speaker(
             context, bgp_speaker_id)
-        neighbours = []
+        local_as = speaker['local_as']
+        peers = []
         for edge_id, edge_router_config in edge_router_dict.items():
             router_ids = edge_router_config['no_snat_routers']
             advertise_static_routes = (
@@ -405,12 +405,12 @@ class NSXvBgpDriver(object):
                 LOG.error("Failed to configure BGP speaker %s on edge '%s'.",
                           bgp_speaker_id, edge_id)
             else:
-                nbr = gw_bgp_neighbour(bgp_identifier, speaker['local_as'],
+                peers.append(bgp_identifier)
-                                       self._edge_password)
-                neighbours.append(nbr)
 
-        for edge_gw in [peer['esg_id'] for peer in bgp_peers
+        for edge_gw, password in [(peer['esg_id'], peer['password'])
-                        if peer.get('esg_id')]:
+                                  for peer in bgp_peers if peer.get('esg_id')]:
+            neighbours = [gw_bgp_neighbour(bgp_id, local_as, password)
+                          for bgp_id in peers]
             try:
                 self._nsxv.add_bgp_neighbours(edge_gw, neighbours)
             except vcns_exc.VcnsApiException:
@@ -439,8 +439,9 @@ class NSXvBgpDriver(object):
                                                  speaker['id'], bgp_identifier)
 
     def _stop_bgp_on_edges(self, context, bgp_bindings, speaker_id):
-        neighbours_to_remove = []
+        peers_to_remove = []
         speaker = self._plugin.get_bgp_speaker(context, speaker_id)
+        local_as = speaker['local_as']
         for bgp_binding in bgp_bindings:
             edge_id = bgp_binding['edge_id']
             try:
@@ -451,18 +452,20 @@ class NSXvBgpDriver(object):
             else:
                 nsxv_db.delete_nsxv_bgp_speaker_binding(context.session,
                                                         edge_id)
-                nbr = gw_bgp_neighbour(bgp_binding['bgp_identifier'],
+                peers_to_remove.append(bgp_binding['bgp_identifier'])
-                                       speaker['local_as'],
-                                       self._edge_password)
-                neighbours_to_remove.append(nbr)
 
         # We should also remove all bgp neighbours on gw-edges which
         # corresponds with tenant routers that are associated with this bgp
         # speaker.
         bgp_peers = self._plugin.get_bgp_peers_by_bgp_speaker(context,
                                                               speaker_id)
-        gw_edges = [peer['esg_id'] for peer in bgp_peers if peer.get('esg_id')]
+        gw_edges = [(peer['esg_id'], peer['password'])
-        for gw_edge in gw_edges:
+                    for peer in bgp_peers if peer.get('esg_id')]
+        for gw_edge, password in gw_edges:
+            neighbours_to_remove = [gw_bgp_neighbour(bgp_identifier,
+                                                     local_as,
+                                                     password)
+                                    for bgp_identifier in peers_to_remove]
             try:
                 self._nsxv.remove_bgp_neighbours(gw_edge, neighbours_to_remove)
             except vcns_exc.VcnsApiException:
@@ -476,16 +479,16 @@ class NSXvBgpDriver(object):
 
     def _update_edge_bgp_identifier(self, context, bgp_binding, speaker,
                                     new_bgp_identifier):
+        local_as = speaker['local_as']
         bgp_peers = self._plugin.get_bgp_peers_by_bgp_speaker(context,
                                                               speaker['id'])
         self._nsxv.update_router_id(bgp_binding['edge_id'], new_bgp_identifier)
-        nbr_to_remove = gw_bgp_neighbour(bgp_binding['bgp_identifier'],
+        for gw_edge_id, password in [(peer['esg_id'], peer['password'])
-                                         speaker['local_as'],
+                                     for peer in bgp_peers if peer['esg_id']]:
-                                         self._edge_password)
+            nbr_to_remove = gw_bgp_neighbour(bgp_binding['bgp_identifier'],
-        nbr_to_add = gw_bgp_neighbour(new_bgp_identifier, speaker['local_as'],
+                                             local_as, password)
-                                      self._edge_password)
+            nbr_to_add = gw_bgp_neighbour(new_bgp_identifier, local_as,
-        for gw_edge_id in [peer['esg_id'] for peer in bgp_peers
+                                          password)
-                           if peer['esg_id']]:
             self._nsxv.update_bgp_neighbours(gw_edge_id,
                                              [nbr_to_add],
                                              [nbr_to_remove])
@@ -528,6 +531,7 @@ class NSXvBgpDriver(object):
                                                      new_fixed_ip)
 
     def enable_bgp_on_router(self, context, speaker, router_id):
+        local_as = speaker['local_as']
         edge_id, advertise_static_routes = (
             self._get_router_edge_info(context, router_id))
         if not edge_id:
@@ -561,10 +565,10 @@ class NSXvBgpDriver(object):
             self._start_bgp_on_edge(context, edge_id, speaker, bgp_peers,
                                     bgp_identifier, subnets,
                                     advertise_static_routes)
-            nbr = gw_bgp_neighbour(bgp_identifier, speaker['local_as'],
+            for gw_edge_id, password in [(peer['esg_id'], peer['password'])
-                                   self._edge_password)
+                                         for peer in bgp_peers
-            for gw_edge_id in [peer['esg_id'] for peer in bgp_peers
+                                         if peer['esg_id']]:
-                               if peer['esg_id']]:
+                nbr = gw_bgp_neighbour(bgp_identifier, local_as, password)
                 self._nsxv.add_bgp_neighbours(gw_edge_id, [nbr])
 
     def disable_bgp_on_router(self, context, speaker, router_id, gw_ip,