def export_firewall_rules(context, verbose=False):
client.set_context(context, 'nsxmanager')
moidMap = refresh_moid_map(context)
if DEBUG:
pprint(moidMap)
export_nsx_edge_gateway_firewall_rules(context)
def init():
nsx_mgr_ip = os.getenv('nsx_manager_ips_int').split(',')[0].strip()
nsx_mgr_user = os.getenv('nsx_manager_username_int', 'admin')
nsx_mgr_pwd = os.getenv('nsx_manager_password_int')
nsx_mgr_context = {
'admin_user': nsx_mgr_user,
'url': 'https://' + nsx_mgr_ip,
'admin_passwd': nsx_mgr_pwd
}
# TODO: the value of transport zone name is current static, and hidden from user.
# see vars.yml
global_id_map['DEFAULT_TRANSPORT_ZONE_NAME'] = 'overlay-tz'
client.set_context(nsx_mgr_context)
try:
print('Using manager IP address at %s' % nsx_mgr_ip)
client.get(TRANSPORT_ZONES_ENDPOINT)
except requests.exceptions.SSLError:
vip = os.getenv('nsx_manager_virtual_ip_int', '').strip()
if vip == '':
print(
'Manager IP is not accessible and VIP is not set, unable to connect '
'to nsx manager!')
raise
print('Manager IP is not accessible, using cluster vip at %s!' % vip)
cluster_context = {
'admin_user': nsx_mgr_user,
'url': 'https://' + vip,
'admin_passwd': nsx_mgr_pwd
}
client.set_context(cluster_context)
def list(context, verbose=False):
client.set_context(context, 'nsxmanager')
moidMap = refresh_moid_map(context)
if DEBUG:
pprint(moidMap)
reconcile_uplinks(context)
list_logical_switches(context)
list_nsx_edge_gateways(context)
def init():
nsx_mgr_ip = os.getenv('NSX_T_MANAGER_IP')
nsx_mgr_user = os.getenv('NSX_T_MANAGER_ADMIN_USER', 'admin')
nsx_mgr_pwd = os.getenv('NSX_T_MANAGER_ROOT_PWD')
nsx_mgr_context = {
'admin_user' : nsx_mgr_user,
'url': 'https://' + nsx_mgr_ip,
'admin_passwd' : nsx_mgr_pwd
}
client.set_context(nsx_mgr_context)
def delete(context, verbose=False):
client.set_context(context, 'nsxmanager')
refresh_moid_map(context)
delete_nsx_edge_gateways(context)
delete_nsx_dlr_gateways(context)
delete_logical_switches(context, 'logical_switches')
# Run delete once more for hte logical switches just to be safe...
# Sometimes they stay around
delete_logical_switches(context, 'logical_switches')
def build(context, verbose=False):
client.set_context(context, 'nsxmanager')
moidMap = refresh_moid_map(context)
if DEBUG:
pprint(moidMap)
reconcile_uplinks(context)
#build_transport_zone('tz', context, 'transport_zone')
build_logical_switches('lswitch', context, 'logical_switches')
build_nsx_dlrs('dlr', context)
build_nsx_edge_gateways('edge', context)
def init():
nsx_mgr_ip = os.getenv('NSX_T_MANAGER_IP')
nsx_mgr_user = os.getenv('NSX_T_MANAGER_ADMIN_USER', 'admin')
nsx_mgr_pwd = os.getenv('NSX_T_MANAGER_ROOT_PWD')
transport_zone_name = os.getenv('NSX_T_OVERLAY_TRANSPORT_ZONE')
nsx_mgr_context = {
'admin_user': nsx_mgr_user,
'url': 'https://' + nsx_mgr_ip,
'admin_passwd': nsx_mgr_pwd
}
global_id_map['DEFAULT_TRANSPORT_ZONE_NAME'] = transport_zone_name
client.set_context(nsx_mgr_context)
def init():
nsx_mgr_ip = os.getenv('nsx_manager_ips_int').split(',')[0].strip()
nsx_mgr_user = os.getenv('nsx_manager_username_int', 'admin')
nsx_mgr_pwd = os.getenv('nsx_manager_password_int')
nsx_mgr_context = {
'admin_user': nsx_mgr_user,
'url': 'https://' + nsx_mgr_ip,
'admin_passwd': nsx_mgr_pwd
}
# TODO: the value of transport zone name is current static, and hidden from user.
# see vars.yml
global_id_map['DEFAULT_TRANSPORT_ZONE_NAME'] = 'overlay-tz'
client.set_context(nsx_mgr_context)
def init():
global nsx_mgr_ip, validate_for_pas
nsx_mgr_ip = os.getenv('NSX_API_MANAGER')
nsx_mgr_user = os.getenv('NSX_API_USER', 'admin')
nsx_mgr_pwd = os.getenv('NSX_API_PASSWORD')
validate_for_pas = (os.getenv('VALIDATE_FOR_PAS', 'true') == 'true')
nsx_mgr_context = {
'admin_user': nsx_mgr_user,
'url': 'https://' + nsx_mgr_ip,
'admin_passwd': nsx_mgr_pwd
}
#print 'NSX Mgr context: {}'.format(nsx_mgr_context)
client.set_context(nsx_mgr_context)
def configure_self_signed_certs(cluster_cert=False):
def does_comman_name_match(attr_list, common_name):
for attr in attr_list:
if attr.get('key') == 'CN' and attr.get('value') == common_name:
return True
return False
mgr_hostname_prefix = os.getenv('nsx_manager_hostname_prefix_int')
if mgr_hostname_prefix == '' or mgr_hostname_prefix == 'null':
print(
'Value not set for the NSX_T_MANAGER_HOST_NAME, cannot create self-signed cert'
)
return
csr_request = get_rsc_def_if_configured('nsx_t_csr_request_spec_int',
'csr_request')
if not csr_request:
return
fqdn = ''
if not cluster_cert:
fqdn = '{}-1.{}'.format(mgr_hostname_prefix,
os.getenv('dns_domain_int'))
else:
vip_addr = os.getenv('nsx_manager_virtual_ip_int', '').strip()
if vip_addr and vip_addr != '' and vip_addr != 'null':
fqdn = os.getenv('nsx_manager_cluster_fqdn_int', '')
print('Cluster FQDN is set as %s' % fqdn)
if not fqdn or fqdn == '' or fqdn == 'null':
print('No valid FQDN set for generating cluster cert!')
return
api_endpoint = TRUST_MGMT_CSRS_ENDPOINT
existing_csrs_response = client.get(api_endpoint).json()
for csr_resource in existing_csrs_response.get('results', []):
attr_list = csr_resource.get('subject', {}).get('attributes', [])
if does_comman_name_match(attr_list, fqdn):
print(
'CSR with NSX manager / cluster FQDN %s already exists, skip creation!'
% fqdn)
return
signed_cert_id = generate_self_signed_cert(fqdn, csr_request)
if cluster_cert:
cluster_cert_api_point = '%s%s%s' % (
CLUSTER_UPDATE_CERT, '&certificate_id=', signed_cert_id)
cluster_cert_response = client.post(cluster_cert_api_point, '')
print(
'NSX Mgr cluster updated to use newly generated CSR!!' +
'\n Update response code:{}'.format(
cluster_cert_response.status_code))
nsx_mgr_user = os.getenv('nsx_manager_username_int', 'admin')
nsx_mgr_pwd = os.getenv('nsx_manager_password_int')
cluster_context = {
'admin_user': nsx_mgr_user,
'url': 'https://' + vip_addr,
'admin_passwd': nsx_mgr_pwd
}
client.set_context(cluster_context)
else:
update_api_endpint = '%s%s%s' % (TRUST_MGMT_UPDATE_CERT,
'&certificate_id=', signed_cert_id)
update_csr_response = client.post(update_api_endpint, '')
print(
'NSX Mgr updated to use newly generated CSR!!' +
'\n Update response code:{}'.format(
update_csr_response.status_code))
def export_firewall_rules(context):
client.set_context(context, 'nsxmanager')
export_nsx_edge_gateway_firewall_rules(context)
