def esg_clear_interface(client_session, esg_name, ifindex): """ This function resets the vnic configuration of an ESG to its default state :param client_session: An instance of an NsxClient Session :param esg_name: The name of the ESG to configure interfaces on :param ifindex: The vnic index, e.g. vnic3 and the index 3 :return: Returns True on successful configuration of the Interface """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False vnic_config = client_session.read('vnic', uri_parameters={'index': ifindex, 'edgeId': esg_id})['body'] vnic_config['vnic']['mtu'] = '1500' vnic_config['vnic']['type'] = 'internal' vnic_config['vnic']['name'] = 'vnic{}'.format(ifindex) vnic_config['vnic']['addressGroups'] = None vnic_config['vnic']['portgroupId'] = None vnic_config['vnic']['portgroupName'] = None vnic_config['vnic']['enableProxyArp'] = 'false' vnic_config['vnic']['enableSendRedirects'] = 'false' vnic_config['vnic']['isConnected'] = 'false' cfg_result = client_session.update('vnic', uri_parameters={'index': ifindex, 'edgeId': esg_id}, request_body_dict=vnic_config) if cfg_result['status'] == 204: return True else: return False
def create_self_signed_cert(client_session, scope_id, cert, private_key): """ This function adds an Load Balancer Application profile to an ESG :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type scope_id: str :param scope_id: The display name of a Edge Service Gateway used for Load Balancing :type cert: file :param cert: Cert file with PEM Encoding :type private_key: file :param private_key: Private key file :return: Returns the Object Id of the newly created Cert, False on a failure, and None if the ESG was not found in NSX :rtype: str """ esg_id, esg_params = get_edge(client_session, scope_id) if not esg_id: return None cert_dict = client_session.extract_resource_body_example('certificateSelfSigned', 'create') cert_dict['trustObject']['pemEncoding'] = cert.read() cert_dict['trustObject']['privateKey'] = private_key.read() result = client_session.create('certificateSelfSigned', uri_parameters={'scopeId': esg_id}, request_body_dict=cert_dict) # print result['body']['certificates']['certificate']['subjectCn'] if result['status'] != 200: return None else: return result['body']['certificates']['certificate']['objectId']
def esg_route_del(client_session, esg_name, network, next_hop): """ This function deletes a static route to an ESG :param client_session: An instance of an NsxClient Session :param esg_name: The name of the ESG where the route should be deleted :param network: The routes network in the x.x.x.x/yy format, e.g. 192.168.1.0/24 :param next_hop: The next hop ip :return: True on success, False on failure """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False rtg_cfg = client_session.read('routingConfigStatic', uri_parameters={'edgeId': esg_id})['body'] if rtg_cfg['staticRouting']['staticRoutes']: routes = client_session.normalize_list_return(rtg_cfg['staticRouting']['staticRoutes']['route']) else: return False routes_filtered = [route for route in routes if not (route['network'] == network and route['nextHop'] == next_hop)] if len(routes_filtered) == len(routes): return False rtg_cfg['staticRouting']['staticRoutes'] = {'route': routes_filtered} cfg_result = client_session.update('routingConfigStatic', uri_parameters={'edgeId': esg_id}, request_body_dict=rtg_cfg) if cfg_result['status'] == 204: return True else: return False
def esg_route_list(client_session, esg_name): """ This function return the configured static routes :param client_session: An instance of an NsxClient Session :param esg_name: The name of the ESG of which the routes should be listed :return: returns a tuple, the firt item of the tuple contains a list of 1 tuple with item 0 containing the routes network, item 1 containing the next hop IP as string, item 2 containing the vnic used by the route as string, item 3 containing the admin distance of the route as string, item 4 containing the mtu of the route as string The second item in the tuple contains a dict with all the static routing config details """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False rtg_cfg = client_session.read('routingConfigStatic', uri_parameters={'edgeId': esg_id})['body'] if not rtg_cfg['staticRouting']['staticRoutes']: return [()], {} routes = [] routes_api = client_session.normalize_list_return(rtg_cfg['staticRouting']['staticRoutes']['route']) for route in routes_api: if 'vnic' in route.keys(): vnic = route['vnic'] else: vnic = '' add_route = (route['network'], route['nextHop'], vnic, route['adminDistance'], route['mtu']) routes.append(add_route) return routes, rtg_cfg['staticRouting']['staticRoutes']
def get_nat_rules_with_ip(client_session, esg_name, original_ip, translated_ip): """ This function returns all NAT rules on an esg with the specified original and translated IPs :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for Load Balancing :type original_ip: str :param esg_name: The original IP in the NAT rule :type translated_ip: str :param esg_name: The translated IP in the NAT rule """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None result = client_session.read('edgeNat', uri_parameters={'edgeId': esg_id}) if result['status'] != 200: return None else: rules = [] nats = result['body']['nat']['natRules']['natRule'] for i in nats: if original_ip in i['originalAddress'] and translated_ip in i['translatedAddress'] and i['ruleType'] == 'user': rules.append(i['ruleId']) # returns a list of ruleIDs return rules
def esg_fw_default_set(client_session, esg_name, def_action, logging_enabled=None): """ This function sets the default firewall rule to accept or deny :param client_session: An instance of an NsxClient Session :param esg_name: The name of the ESG to which you want to apply the default firewall rule: :param def_action: Default firewall action, values are either accept or deny :param logging_enabled: (Optional) Is logging enabled by default (true/false) :return: True on success, False on failure """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False if not logging_enabled: logging_enabled = 'false' def_policy_body = client_session.extract_resource_body_example('defaultFirewallPolicy', 'update') def_policy_body['firewallDefaultPolicy']['action'] = def_action def_policy_body['firewallDefaultPolicy']['loggingEnabled'] = logging_enabled cfg_result = client_session.update('defaultFirewallPolicy', uri_parameters={'edgeId': esg_id}, request_body_dict=def_policy_body) if cfg_result['status'] == 204: return True else: return False
def esg_dgw_read(client_session, esg_name): """ This function return the default gateway configuration :param client_session: An instance of an NsxClient Session :param esg_name: The name of the ESG to return the default gateway configuration from :return: returns a tuple, the firt item of the tuple contains a list of 1 tuple with item 0 containing the vnic used by the default route as string, item 1 containing the gateway IP as string, item 2 containing the admin distance of the default route as string, item 3 containing the mtu of the gateway as string The second item in the tuple contains a dict with all the default gateway config details """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False rtg_cfg = client_session.read('routingConfigStatic', uri_parameters={'edgeId': esg_id})['body'] if 'defaultRoute' not in rtg_cfg['staticRouting'].keys(): return [()], {} mtu = rtg_cfg['staticRouting']['defaultRoute']['mtu'] try: admin_distance = rtg_cfg['staticRouting']['defaultRoute']['adminDistance'] except KeyError: admin_distance = '1' try: vnic = rtg_cfg['staticRouting']['defaultRoute']['vnic'] except KeyError: vnic = '' dgw_cfg_tpl = [(vnic, rtg_cfg['staticRouting']['defaultRoute']['gatewayAddress'], admin_distance, mtu)] return dgw_cfg_tpl, rtg_cfg['staticRouting']['defaultRoute']
def create_ipset(client_session, esg_name, ipset_name, ipset_value): """ This function creates an IPset on the edge :param client_session: An instance of an NsxClient Session :param ipset_name: Name of the ipset to be created :param ipset_value: value of the IPset to be created :return: ??? """ ipset_dict = client_session.extract_resource_body_example('ipsetCreate', 'create') ipset_dict['ipset']['inheritanceAllowed'] = 'false' ipset_dict['ipset']['name'] = ipset_name ipset_dict['ipset']['objectTypeName'] = 'IPSet' ipset_dict['ipset']['type']['typeName'] = 'IPSet' ipset_dict['ipset']['value']= ipset_value esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False, None new_ipset = client_session.create('ipsetCreate', request_body_dict=ipset_dict, uri_parameters={'scopeMoref':esg_id}) if new_ipset['status'] == 201: return True, esg_id else: return False, esg_id
def esg_dgw_set(client_session, esg_name, dgw_ip, vnic, mtu=None, admin_distance=None): """ This function sets the default gateway on an ESG :param client_session: An instance of an NsxClient Session :param esg_name: The name of the ESG to list interfaces of :param dgw_ip: The default gateway ip (next hop) :param vnic: (Optional) The vnic index of were the default gateway is reachable on :param mtu: (Optional) The MTU of the defautl gateway (default=1500) :param admin_distance: (OIptional) Admin distance of the defautl route (default=1) :return: True on success, False on failure """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False if not mtu: mtu = '1500' if not admin_distance: admin_distance = '1' rtg_cfg = client_session.read('routingConfigStatic', uri_parameters={'edgeId': esg_id})['body'] rtg_cfg['staticRouting']['defaultRoute'] = {'vnic': vnic, 'gatewayAddress': dgw_ip, 'adminDistance': admin_distance, 'mtu': mtu} cfg_result = client_session.update('routingConfigStatic', uri_parameters={'edgeId': esg_id}, request_body_dict=rtg_cfg) if cfg_result['status'] == 204: return True else: return False
def delete_dhcp_binding(client_session, esg_name, binding_id): """ This function deletes a DHCP binding from an edge DHCP Server :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for DHCP :type binding_id: str :param binding_id: The Id of the binding to be deleted (e.g. binding-3) :rtype: bool :return: Returns None if Edge was not found or the operation failed, returns true on success """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None result = client_session.delete('dhcpStaticBindingID', uri_parameters={ 'edgeId': esg_id, 'bindingID': binding_id }) if result['status'] == 204: return True else: return None
def esg_fw_default_set(client_session, esg_name, def_action, logging_enabled=None): """ This function sets the default firewall rule to accept or deny :param client_session: An instance of an NsxClient Session :param esg_name: The name of the ESG to which you want to apply the default firewall rule: :param def_action: Default firewall action, values are either accept or deny :param logging_enabled: (Optional) Is logging enabled by default (true/false) :return: True on success, False on failure """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False #if not logging_enabled: # logging_enabled = 'false' def_policy_body = client_session.extract_resource_body_example('defaultFirewallPolicy', 'update') def_policy_body['firewallDefaultPolicy']['action'] = def_action def_policy_body['firewallDefaultPolicy']['loggingEnabled'] = logging_enabled cfg_result = client_session.update('defaultFirewallPolicy', uri_parameters={'edgeId': esg_id}, request_body_dict=def_policy_body) if cfg_result['status'] == 204: return True else: return False
def add_dhcp_pool(client_session, esg_name, ip_range, default_gateway=None, subnet_mask=None, domain_name=None, dns_server_1=None, dns_server_2=None, lease_time=None, auto_dns=None): """ This function adds a DHCP Pool to an edge DHCP Server :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for DHCP :type ip_range: str :param ip_range: An IP range, e.g. 192.168.178.10-192.168.178.100 for this IP Pool :type default_gateway: str :param default_gateway: The default gateway for the specified subnet :type subnet_mask: str :param subnet_mask: The subnet mask (e.g. 255.255.255.0) for the specified subnet :type domain_name: str :param domain_name: The DNS domain name (e.g. vmware.com) for the specified subnet :type dns_server_1: str :param dns_server_1: The primary DNS Server :type dns_server_2: str :param dns_server_2: The secondary DNS Server :type lease_time: str :param lease_time: The lease time in seconds, use 'infinite' to disable expiry of DHCP leases :type auto_dns: str :param auto_dns: ('true'/'false') If set to true, the DNS servers and domain name set for NSX-Manager will be used :rtype: str :return: Returns a string containing the pool id of the created DHCP Pool """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None dhcp_pool_dict = { 'ipRange': ip_range, 'defaultGateway': default_gateway, 'subnetMask': subnet_mask, 'domainName': domain_name, 'primaryNameServer': dns_server_1, 'secondaryNameServer': dns_server_2, 'leaseTime': lease_time, 'autoConfigureDNS': auto_dns } result = client_session.create( 'dhcpPool', uri_parameters={'edgeId': esg_id}, request_body_dict={'ipPool': dhcp_pool_dict}) if result['status'] != 204: return None else: return result['objectId']
def dhcp_server(client_session, esg_name, enabled=None, syslog_enabled=None, syslog_level=None): """ This function enables/disables the DHCP server on an Edge Gateway and sets the logging status and Level :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for DHCP :type enabled: bool :param enabled: True/False The desired state of the DHCP Server :type syslog_enabled: str :param syslog_enabled: ('true'/'false') The desired logging state of the DHCP Server :type syslog_level: str :param syslog_level: The logging level for DHCP on this Edge (INFO/WARNING/etc.) :rtype: bool :return: Return True on success of the operation """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None change_needed = False current_dhcp_config = client_session.read('dhcp', uri_parameters={'edgeId': esg_id})['body'] new_dhcp_config = current_dhcp_config if enabled: if current_dhcp_config['dhcp']['enabled'] == 'false': new_dhcp_config['dhcp']['enabled'] = 'true' change_needed = True else: if current_dhcp_config['dhcp']['enabled'] == 'true': new_dhcp_config['dhcp']['enabled'] = 'false' change_needed = True if syslog_enabled == 'true': if current_dhcp_config['dhcp']['logging']['enable'] == 'false': new_dhcp_config['dhcp']['logging']['enable'] = 'true' change_needed = True elif syslog_enabled == 'false': if current_dhcp_config['dhcp']['logging']['enable'] == 'true': new_dhcp_config['dhcp']['logging']['enable'] = 'false' change_needed = True if syslog_level: if current_dhcp_config['dhcp']['logging']['logLevel'] != syslog_level: new_dhcp_config['dhcp']['logging']['logLevel'] = syslog_level change_needed = True if not change_needed: return True else: result = client_session.update('dhcp', uri_parameters={'edgeId': esg_id}, request_body_dict=new_dhcp_config) if result['status'] == 204: return True else: return False
def dlr_read(client_session, dlr_name): """ This funtions retrieves details of a dlr in NSX :param client_session: An instance of an NsxClient Session :param dlr_name: The name of the dlr to retrieve details from :return: returns a tuple, the first item is a string containing the dlr ID, the second is a dictionary containing the dlr details retrieved from the API """ dlr_id, dlr_params = get_edge(client_session, dlr_name) return dlr_id, dlr_params
def add_nat_rule(client_session, esg_name, nat_type, nat_vnic, original_ip, translated_ip, original_port, translated_port, protocol, description): #def add_nat_rule(client_session, esg_name, nat_type, original_ip, translated_ip): """ This function adds an NAT to an ESG :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for Load Balancing :type original_ip: str :param original_ip: Original IP Address :type translated_ip: str :param translated_ip: Translated IP Address :return: Returns the Object Id of the newly created NAT Rule and None if the ESG was not found in NSX :rtype: str """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None # PEZ Changes nat_dict = client_session.extract_resource_body_example( 'edgeNatRules', 'create') #{'natRules': {'natRule': {'vnic': None, 'protocol': None, 'description': None, #'loggingEnabled': None, 'translatedAddress': None, 'enabled': None, 'originalAddress': None, #'translatedPort': None, 'action': None, 'originalPort': None}}} nat_dict['natRules']['natRule']['vnic'] = nat_vnic nat_dict['natRules']['natRule']['protocol'] = protocol nat_dict['natRules']['natRule']['description'] = description nat_dict['natRules']['natRule']['loggingEnabled'] = 'true' # nat_dict['natRules']['natRule']['vnic'] = '0' # nat_dict['natRules']['natRule']['protocol'] = 'any' # nat_dict['natRules']['natRule']['description'] = '' # nat_dict['natRules']['natRule']['loggingEnabled'] = 'false' nat_dict['natRules']['natRule']['translatedAddress'] = translated_ip nat_dict['natRules']['natRule']['enabled'] = 'true' nat_dict['natRules']['natRule']['originalAddress'] = original_ip nat_dict['natRules']['natRule']['action'] = nat_type nat_dict['natRules']['natRule']['translatedPort'] = translated_port nat_dict['natRules']['natRule']['originalPort'] = original_port result = client_session.create('edgeNatRules', uri_parameters={'edgeId': esg_id}, request_body_dict=nat_dict) if result['status'] != 201: return None else: return result['objectId']
def dlr_delete(client_session, dlr_name): """ This function will delete a dlr in NSX :param client_session: An instance of an NsxClient Session :param dlr_name: The name of the dlr to delete :return: returns a tuple, the first item is a boolean indicating success or failure to delete the dlr, the second item is a string containing to dlr id of the deleted dlr """ dlr_id, dlr_params = get_edge(client_session, dlr_name) if not dlr_id: return False, None client_session.delete('nsxEdge', uri_parameters={'edgeId': dlr_id}) return True, dlr_id
def esg_delete(client_session, esg_name): """ This function will delete a esg in NSX :param client_session: An instance of an NsxClient Session :param esg_name: The name of the ESG to delete :return: returns a tuple, the first item is a boolean indicating success or failure to delete the ESG, the second item is a string containing to ESG id of the deleted ESG """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False, None client_session.delete('nsxEdge', uri_parameters={'edgeId': esg_id}) return True, esg_id
def esg_read(client_session, esg_name): """ This funtions retrieves details of a ESG in NSX :param client_session: An instance of an NsxClient Session :param esg_name: The name of the esg to retrieve details from :return: returns a tuple, the first item is a string containing the ESG ID, the second is a dictionary containing the ESG details retrieved from the API """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None, None read_result = client_session.read('nsxEdge', uri_parameters={'edgeId': esg_id}) esg_params = read_result['body'] return esg_id, esg_params
def list_dhcp_bindings(client_session, esg_name): """ This function lists all static bindings on an edge DHCP Server :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for DHCP :rtype: tuple :return: Returns a tuple with the first item being a list of tuples containing: [0] Binding Id [1] MAC Address if MAC based entry is used [2] VM Moid if VM based entry is used [3] vnic index of the attached VM if VM based entry is used [4] Hostname [5] IP Address [6] Default Gateway [7] Subnet Mask [8] Domain Name [9] Primary DNS Server [10] Secondary DNS Server [11] Lease Time [12] Autoconfigure DNS (true/false), The second item contains a list of dicts with all the pool details as returned by the NSX API """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None, None result = client_session.read('dhcp', uri_parameters={'edgeId': esg_id}) if not result['body']['dhcp']['staticBindings']: return [], [] bindings = client_session.normalize_list_return( result['body']['dhcp']['staticBindings']['staticBinding']) bindings_list = [ (binding.get('bindingId'), binding.get('macAddress'), binding.get('vmId'), binding.get('vnicId'), binding.get('hostname'), binding.get('ipAddress'), binding.get('defaultGateway'), binding.get('subnetMask'), binding.get('domainName'), binding.get('primaryNameServer'), binding.get('secondaryNameServer'), binding.get('leaseTime'), binding.get('autoConfigureDNS')) for binding in bindings ] bindings_list_verbose = [binding for binding in bindings] return bindings_list, bindings_list_verbose
def routing_ospf(client_session, esg_name, vnic_ip, area_id, auth_type, auth_value): """ This function configures the edge for OSPF routing :param client_session: An instance of an NsxClient Session :param area_id: The id of the vCenter vLAN to use for uplink :param auth_type: The type of auth to do (MD5 or password) :param auth_value: The MD5 value or password based on auth_type :return: ??? """ routing_dict = client_session.extract_resource_body_example('routingConfig', 'update') del routing_dict['routing']['bgp'] del routing_dict['routing']['staticRouting']['staticRoutes'] del routing_dict['routing']['routingGlobalConfig']['ipPrefixes'] routing_dict['routing']['staticRouting']['defaultRoute']['gatewayAddress'] = '10.193.252.1' routing_dict['routing']['staticRouting']['defaultRoute']['vnic'] = '0' routing_dict['routing']['routingGlobalConfig']['routerId'] = vnic_ip routing_dict['routing']['ospf']['enabled'] = 'true' routing_dict['routing']['ospf']['gracefulRestart'] = 'true' routing_dict['routing']['ospf']['defaultOriginate'] = 'false' routing_dict['routing']['ospf']['ospfAreas']['ospfArea']['areaId'] = area_id routing_dict['routing']['ospf']['ospfAreas']['ospfArea']['type'] = 'Normal' routing_dict['routing']['ospf']['ospfAreas']['ospfArea']['authentication']['type'] = auth_type routing_dict['routing']['ospf']['ospfAreas']['ospfArea']['authentication']['value'] = auth_value routing_dict['routing']['ospf']['ospfInterfaces']['ospfInterface']['vnic'] = '0' routing_dict['routing']['ospf']['ospfInterfaces']['ospfInterface']['areaId'] = area_id routing_dict['routing']['ospf']['ospfInterfaces']['ospfInterface']['helloInterval'] = '10' routing_dict['routing']['ospf']['ospfInterfaces']['ospfInterface']['deadInterval'] = '40' routing_dict['routing']['ospf']['ospfInterfaces']['ospfInterface']['priority'] = '128' routing_dict['routing']['ospf']['ospfInterfaces']['ospfInterface']['cost'] = '1' routing_dict['routing']['ospf']['redistribution']['enabled'] = 'true' routing_dict['routing']['ospf']['redistribution']['rules']['rule']['from']['connected'] = 'true' routing_dict['routing']['ospf']['redistribution']['rules']['rule']['from']['static'] = 'true' routing_dict['routing']['ospf']['redistribution']['rules']['rule']['action'] = 'permit' esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False, None new_esg = client_session.update('routingConfig', uri_parameters={'edgeId': esg_id}, request_body_dict=routing_dict) if new_esg['status'] == 204: return True, esg_id else: return False, esg_id
def add_vm_binding(client_session, esg_name, vm_id, vnic_id, hostname, ip, default_gateway=None, subnet_mask=None, domain_name=None, dns_server_1=None, dns_server_2=None, lease_time=None, auto_dns=None): """ This function add a VM based static binding entry to an edge DHCP Server :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for DHCP :type vm_id: str :param vm_id: The VM managed object Id in vCenter for the VM to be attached to this binding entry :type vnic_id: str :param vnic_id: The vnic index for the VM interface attached to this binding entry (e.g. vnic0 has index 0) :type hostname: str :param hostname: The hostname for this static binding :type ip: str :param ip: The IP Address for this static binding :type default_gateway: str :param default_gateway: The default gateway for the specified binding :type subnet_mask: str :param subnet_mask: The subnet mask (e.g. 255.255.255.0) for the specified binding :type domain_name: str :param domain_name: The DNS domain name (e.g. vmware.com) for the specified binding :type dns_server_1: str :param dns_server_1: The primary DNS Server :type dns_server_2: str :param dns_server_2: The secondary DNS Server :type lease_time: str :param lease_time: The lease time in seconds, use 'infinite' to disable expiry of DHCP leases :type auto_dns: str :param auto_dns: ('true'/'false') If set to true, the DNS servers and domain name set for NSX-Manager will be used :rtype: str :return: Returns a string containing the binding id of the created DHCP binding """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None binding_dict = {'vmId': vm_id, 'vnicId': vnic_id, 'hostname': hostname, 'ipAddress': ip, 'defaultGateway': default_gateway, 'subnetMask': subnet_mask, 'domainName': domain_name, 'primaryNameServer': dns_server_1, 'secondaryNameServer': dns_server_2, 'leaseTime': lease_time, 'autoConfigureDNS': auto_dns} result = client_session.create('dhcpStaticBinding', uri_parameters={'edgeId': esg_id}, request_body_dict={'staticBinding': binding_dict}) if result['status'] != 204: return None else: return result['objectId']
def add_dhcp_pool(client_session, esg_name, ip_range, default_gateway=None, subnet_mask=None, domain_name=None, dns_server_1=None, dns_server_2=None, lease_time=None, auto_dns=None): """ This function adds a DHCP Pool to an edge DHCP Server :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for DHCP :type ip_range: str :param ip_range: An IP range, e.g. 192.168.178.10-192.168.178.100 for this IP Pool :type default_gateway: str :param default_gateway: The default gateway for the specified subnet :type subnet_mask: str :param subnet_mask: The subnet mask (e.g. 255.255.255.0) for the specified subnet :type domain_name: str :param domain_name: The DNS domain name (e.g. vmware.com) for the specified subnet :type dns_server_1: str :param dns_server_1: The primary DNS Server :type dns_server_2: str :param dns_server_2: The secondary DNS Server :type lease_time: str :param lease_time: The lease time in seconds, use 'infinite' to disable expiry of DHCP leases :type auto_dns: str :param auto_dns: ('true'/'false') If set to true, the DNS servers and domain name set for NSX-Manager will be used :rtype: str :return: Returns a string containing the pool id of the created DHCP Pool """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None dhcp_pool_dict = {'ipRange': ip_range, 'defaultGateway': default_gateway, 'subnetMask': subnet_mask, 'domainName': domain_name, 'primaryNameServer': dns_server_1, 'secondaryNameServer': dns_server_2, 'leaseTime': lease_time, 'autoConfigureDNS': auto_dns} result = client_session.create('dhcpPool', uri_parameters={'edgeId': esg_id}, request_body_dict={'ipPool': dhcp_pool_dict}) if result['status'] != 204: return None else: return result['objectId']
def read(client_session, esg_name): """ This function returns the configuration of the DHCP server on an Edge Gateway :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for DHCP :rtype: dict :return: A dict containing the configuration information of DHCP on the specified Edge Gateway """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None dhcp_status = client_session.read('dhcp', uri_parameters={'edgeId': esg_id})['body'] return dhcp_status
def list_dhcp_bindings(client_session, esg_name): """ This function lists all static bindings on an edge DHCP Server :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for DHCP :rtype: tuple :return: Returns a tuple with the first item being a list of tuples containing: [0] Binding Id [1] MAC Address if MAC based entry is used [2] VM Moid if VM based entry is used [3] vnic index of the attached VM if VM based entry is used [4] Hostname [5] IP Address [6] Default Gateway [7] Subnet Mask [8] Domain Name [9] Primary DNS Server [10] Secondary DNS Server [11] Lease Time [12] Autoconfigure DNS (true/false), The second item contains a list of dicts with all the pool details as returned by the NSX API """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None, None result = client_session.read('dhcp', uri_parameters={'edgeId': esg_id}) if not result['body']['dhcp']['staticBindings']: return [], [] bindings = client_session.normalize_list_return(result['body']['dhcp']['staticBindings']['staticBinding']) bindings_list = [(binding.get('bindingId'), binding.get('macAddress'), binding.get('vmId'), binding.get('vnicId'), binding.get('hostname'), binding.get('ipAddress'), binding.get('defaultGateway'), binding.get('subnetMask'), binding.get('domainName'), binding.get('primaryNameServer'), binding.get('secondaryNameServer'), binding.get('leaseTime'), binding.get('autoConfigureDNS')) for binding in bindings] bindings_list_verbose = [binding for binding in bindings] return bindings_list, bindings_list_verbose
def delete_nat_rule(client_session, esg_name, rule_id): """ This function deletes the NAT rule with ID rule_id :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway :param rule_id: The ID of the NAT rules """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None result = client_session.delete('edgeNatRule', uri_parameters={'edgeId': esg_id, 'ruleID':rule_id}) if result['status'] != 204: return None else: return result
def list_dhcp_pools(client_session, esg_name): """ This function lists all DHCP Pools on an edge DHCP Server :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for DHCP :rtype: tuple :return: Returns a tuple with the first item being a list of tuples containing: [0] Pool Id [1] IP Range [2] Default Gateway [3] Subnet Mask [4] Domain Name [5] Primary DNS Server [6] Secondary DNS Server [7] Lease Time [8] Autoconfigure DNS (true/false), The second item contains a list of dicts with all the pool details as returned by the NSX API """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None, None result = client_session.read('dhcp', uri_parameters={'edgeId': esg_id}) if not result['body']['dhcp']['ipPools']: return [], [] ip_pools = client_session.normalize_list_return( result['body']['dhcp']['ipPools']['ipPool']) pool_list = [(pool.get('poolId'), pool.get('ipRange'), pool.get('defaultGateway'), pool.get('subnetMask'), pool.get('domainName'), pool.get('primaryNameServer'), pool.get('secondaryNameServer'), pool.get('leaseTime'), pool.get('autoConfigureDNS')) for pool in ip_pools] pool_list_verbose = [pool for pool in ip_pools] return pool_list, pool_list_verbose
def esg_dgw_clear(client_session, esg_name): """ This function clears the default gateway config on an ESG :param client_session: An instance of an NsxClient Session :param esg_name: The name of the ESG to list interfaces of :return: True on success, False on failure """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False rtg_cfg = client_session.read('routingConfigStatic', uri_parameters={'edgeId': esg_id})['body'] rtg_cfg['staticRouting']['defaultRoute'] = None cfg_result = client_session.update('routingConfigStatic', uri_parameters={'edgeId': esg_id}, request_body_dict=rtg_cfg) if cfg_result['status'] == 204: return True else: return False
def list_dhcp_pools(client_session, esg_name): """ This function lists all DHCP Pools on an edge DHCP Server :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for DHCP :rtype: tuple :return: Returns a tuple with the first item being a list of tuples containing: [0] Pool Id [1] IP Range [2] Default Gateway [3] Subnet Mask [4] Domain Name [5] Primary DNS Server [6] Secondary DNS Server [7] Lease Time [8] Autoconfigure DNS (true/false), The second item contains a list of dicts with all the pool details as returned by the NSX API """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None, None result = client_session.read('dhcp', uri_parameters={'edgeId': esg_id}) if not result['body']['dhcp']['ipPools']: return [], [] ip_pools = client_session.normalize_list_return(result['body']['dhcp']['ipPools']['ipPool']) pool_list = [(pool.get('poolId'), pool.get('ipRange'), pool.get('defaultGateway'), pool.get('subnetMask'), pool.get('domainName'), pool.get('primaryNameServer'), pool.get('secondaryNameServer'), pool.get('leaseTime'), pool.get('autoConfigureDNS')) for pool in ip_pools] pool_list_verbose = [pool for pool in ip_pools] return pool_list, pool_list_verbose
def esg_list_interfaces(client_session, esg_name): """ :param client_session: An instance of an NsxClient Session :param esg_name: The name of the ESG to list interfaces of :return: returns two tuples, the first is a list of tuples with item 0 containing the vnic Name as string, item 1 containing the vnic index as string, item 2 containing the ip as string, item 3 containing the secondary ip as list of strings item 4 containing the netmask as string, item 5 containing the 'connected-to' portgroup as string, The second item contains a list of dictionaries containing all ESG vnic details """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None, None all_int_response = client_session.read('vnics', uri_parameters={'edgeId': esg_id}) all_int = client_session.normalize_list_return(all_int_response['body']['vnics']['vnic']) esg_int_list = [] esg_int_list_verbose = [] for interface in all_int: try: ip = interface['addressGroups']['addressGroup']['primaryAddress'] snmask = interface['addressGroups']['addressGroup']['subnetMask'] except TypeError: ip = '' snmask = '' try: pgname = interface['portgroupName'] except KeyError: pgname = '' try: secondary_ips = interface['addressGroups']['addressGroup']['secondaryAddresses']['ipAddress'] except: secondary_ips = None esg_int_list.append((interface['name'], interface['index'], ip, snmask, pgname, secondary_ips)) esg_int_list_verbose.append(interface) return esg_int_list, esg_int_list_verbose
def esg_route_add(client_session, esg_name, network, next_hop, vnic=None, mtu=None, admin_distance=None, description=None): """ This function adds a static route to an ESG :param client_session: An instance of an NsxClient Session :param esg_name: The name of the ESG where the route should be added :param network: The routes network in the x.x.x.x/yy format, e.g. 192.168.1.0/24 :param next_hop: The next hop ip :param vnic: (Optional) The vnic index of were this route is reachable on :param mtu: (Optional) The MTU of the route (default=1500) :param admin_distance: (Optional) Admin distance of the defautl route (default=1) :param description: (Optional) A description for this route :return: True on success, False on failure """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False if not mtu: mtu = '1500' if not admin_distance: admin_distance = '1' rtg_cfg = client_session.read('routingConfigStatic', uri_parameters={'edgeId': esg_id})['body'] if rtg_cfg['staticRouting']['staticRoutes']: routes = client_session.normalize_list_return(rtg_cfg['staticRouting']['staticRoutes']['route']) else: routes = [] new_route = {'vnic': vnic, 'network': network, 'nextHop': next_hop, 'adminDistance': admin_distance, 'mtu': mtu, 'description': description} routes.append(new_route) rtg_cfg['staticRouting']['staticRoutes'] = {'route': routes} cfg_result = client_session.update('routingConfigStatic', uri_parameters={'edgeId': esg_id}, request_body_dict=rtg_cfg) if cfg_result['status'] == 204: return True else: return False
def delete_dhcp_binding(client_session, esg_name, binding_id): """ This function deletes a DHCP binding from an edge DHCP Server :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for DHCP :type binding_id: str :param binding_id: The Id of the binding to be deleted (e.g. binding-3) :rtype: bool :return: Returns None if Edge was not found or the operation failed, returns true on success """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None result = client_session.delete('dhcpStaticBindingID', uri_parameters={'edgeId': esg_id, 'bindingID': binding_id}) if result['status'] == 204: return True else: return None
def add_vm_binding(client_session, esg_name, vm_id, vnic_id, hostname, ip, default_gateway=None, subnet_mask=None, domain_name=None, dns_server_1=None, dns_server_2=None, lease_time=None, auto_dns=None): """ This function add a VM based static binding entry to an edge DHCP Server :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for DHCP :type vm_id: str :param vm_id: The VM managed object Id in vCenter for the VM to be attached to this binding entry :type vnic_id: str :param vnic_id: The vnic index for the VM interface attached to this binding entry (e.g. vnic0 has index 0) :type hostname: str :param hostname: The hostname for this static binding :type ip: str :param ip: The IP Address for this static binding :type default_gateway: str :param default_gateway: The default gateway for the specified binding :type subnet_mask: str :param subnet_mask: The subnet mask (e.g. 255.255.255.0) for the specified binding :type domain_name: str :param domain_name: The DNS domain name (e.g. vmware.com) for the specified binding :type dns_server_1: str :param dns_server_1: The primary DNS Server :type dns_server_2: str :param dns_server_2: The secondary DNS Server :type lease_time: str :param lease_time: The lease time in seconds, use 'infinite' to disable expiry of DHCP leases :type auto_dns: str :param auto_dns: ('true'/'false') If set to true, the DNS servers and domain name set for NSX-Manager will be used :rtype: str :return: Returns a string containing the binding id of the created DHCP binding """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None binding_dict = { 'vmId': vm_id, 'vnicId': vnic_id, 'hostname': hostname, 'ipAddress': ip, 'defaultGateway': default_gateway, 'subnetMask': subnet_mask, 'domainName': domain_name, 'primaryNameServer': dns_server_1, 'secondaryNameServer': dns_server_2, 'leaseTime': lease_time, 'autoConfigureDNS': auto_dns } result = client_session.create( 'dhcpStaticBinding', uri_parameters={'edgeId': esg_id}, request_body_dict={'staticBinding': binding_dict}) if result['status'] != 204: return None else: return result['objectId']
def dhcp_server(client_session, esg_name, enabled=None, syslog_enabled=None, syslog_level=None): """ This function enables/disables the DHCP server on an Edge Gateway and sets the logging status and Level :type client_session: nsxramlclient.client.NsxClient :param client_session: A nsxramlclient session Object :type esg_name: str :param esg_name: The display name of a Edge Service Gateway used for DHCP :type enabled: bool :param enabled: True/False The desired state of the DHCP Server :type syslog_enabled: str :param syslog_enabled: ('true'/'false') The desired logging state of the DHCP Server :type syslog_level: str :param syslog_level: The logging level for DHCP on this Edge (INFO/WARNING/etc.) :rtype: bool :return: Return True on success of the operation """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return None change_needed = False current_dhcp_config = client_session.read( 'dhcp', uri_parameters={'edgeId': esg_id})['body'] new_dhcp_config = current_dhcp_config if enabled: if current_dhcp_config['dhcp']['enabled'] == 'false': new_dhcp_config['dhcp']['enabled'] = 'true' change_needed = True else: if current_dhcp_config['dhcp']['enabled'] == 'true': new_dhcp_config['dhcp']['enabled'] = 'false' change_needed = True if syslog_enabled == 'true': if current_dhcp_config['dhcp']['logging']['enable'] == 'false': new_dhcp_config['dhcp']['logging']['enable'] = 'true' change_needed = True elif syslog_enabled == 'false': if current_dhcp_config['dhcp']['logging']['enable'] == 'true': new_dhcp_config['dhcp']['logging']['enable'] = 'false' change_needed = True if syslog_level: if current_dhcp_config['dhcp']['logging']['logLevel'] != syslog_level: new_dhcp_config['dhcp']['logging']['logLevel'] = syslog_level change_needed = True if not change_needed: return True else: result = client_session.update('dhcp', uri_parameters={'edgeId': esg_id}, request_body_dict=new_dhcp_config) if result['status'] == 204: return True else: return False
def esg_cfg_interface(client_session, esg_name, ifindex, ipaddr=None, netmask=None, prefixlen=None, name=None, mtu=None, is_connected=None, portgroup_id=None, vnic_type=None, enable_send_redirects=None, enable_proxy_arp=None, secondary_ips=None): """ This function configures vnic interfaces on ESGs :param client_session: An instance of an NsxClient Session :param esg_name: The name of the ESG to configure interfaces on :param ifindex: The vnic index, e.g. vnic3 and the index 3 :param ipaddr: (Optional) The primary IP Address to be configured for this interface :param netmask: (Optional) The netmask in the x.x.x.x format :param prefixlen: (Optional) The prefix length, this takes precedence over the netmask :param name: (Optional) The name assigned to the vnic :param mtu: (Optional) The vnic MTU :param is_connected: (Optional) The vnic connection state (true/false) :param portgroup_id: (Optional) The portgroup id of logical switch id to connenct this vnic to :param vnic_type: (Optional) The vnic type (uplink/internal) :param enable_send_redirects: (Optional) Whether the interface will send icmp redirects (true/false) :param enable_proxy_arp: (Optional) Whether the interface will do proxy arp (true/false) :param secondary_ips: (Optional) A list of additional secondary IP addresses in the primary IP's Subnet :return: Returns True on successful configuration of the Interface """ esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False vnic_config = client_session.read('vnic', uri_parameters={'index': ifindex, 'edgeId': esg_id})['body'] if not mtu: mtu = 1500 if not vnic_type: vnic_type = 'internal' vnic_config['vnic']['mtu'] = mtu vnic_config['vnic']['type'] = vnic_type if name: vnic_config['vnic']['name'] = name if portgroup_id: vnic_config['vnic']['portgroupId'] = portgroup_id if enable_send_redirects: vnic_config['vnic']['enableSendRedirects'] = enable_send_redirects if enable_proxy_arp: vnic_config['vnic']['enableProxyArp'] = enable_proxy_arp if is_connected: vnic_config['vnic']['isConnected'] = is_connected if ipaddr and (netmask or prefixlen): address_group = {} sec_ips = [] if netmask: address_group['subnetMask'] = netmask if prefixlen: address_group['subnetPrefixLength'] = str(prefixlen) if secondary_ips: sec_ips = secondary_ips address_group['primaryAddress'] = ipaddr address_group['secondaryAddresses'] = {'ipAddress': sec_ips} vnic_config['vnic']['addressGroups'] = {'addressGroup': address_group} cfg_result = client_session.update('vnic', uri_parameters={'index': ifindex, 'edgeId': esg_id}, request_body_dict=vnic_config) if cfg_result['status'] == 204: return True else: return False
def create_fw_rule(client_session, vccontent, esg_name, rule_src, rule_dst, rule_app, rule_action, rule_description): """ This function creates a firewall on the edge :param client_session: An instance of an NsxClient Session :param rule_src: source object of the firwall rule :param rule_dst: destination object of the firwall rule :param rule_app: application object of the firwall rule :param rule_action: accept or deny :param rule_description: description of the rule :return: ??? """ firewallRules_dict = dict() firewallRules_dict['firewallRules'] = dict() firewallRules_dict['firewallRules']['firewallRule'] = list() firewallRule_dict = dict() firewallRule_dict['enabled'] = 'true' firewallRule_dict['loggingEnabled'] = 'true' firewallRule_dict['name'] = rule_description firewallRule_dict['action'] = rule_action # if the source/dst/application is any, the dict is not needed. # if the src/dest/app object doesn't exist, fail gracefully. Otherwise an any-any-any rule will be created if rule_src != 'any': src = nametovalue (vccontent, client_session, rule_src, 'ipset') if src == '': return False, None else: firewallRule_dict['source'] = {'groupingObjectId':src} if rule_dst != 'any': dst = nametovalue (vccontent, client_session, rule_dst, 'ipset') if dst == '': return False, None else: firewallRule_dict['destination'] = {'groupingObjectId':dst} if rule_app != 'any': # find the ID for the rule_app object serviceGroups = client_session.read('serviceGroups', uri_parameters={'scopeId': 'globalroot-0' }) serviceGroups_list = serviceGroups.items()[1][1]['list']['applicationGroup'] app = '' for i, val in enumerate(serviceGroups_list): if str(val['name']) == rule_app: app = val['objectId'] if app == '': return False, None else: firewallRule_dict['application'] = {'applicationId':app} ## source is any # firewallRules_dict['destination'] = {'groupingObjectId':slot_networks} # firewallRules_dict['application'] = {'applicationId':PCF_Ports} firewallRules_dict['firewallRules']['firewallRule'].append(firewallRule_dict) esg_id, esg_params = get_edge(client_session, esg_name) if not esg_id: return False, None new_firewallRules = client_session.create('firewallRules', request_body_dict=firewallRules_dict, uri_parameters={'edgeId':esg_id}) # client_session.view_response(new_firewallRules) # client_session.view_body_dict(new_firewallRules) if new_firewallRules['status'] == 201: return True, new_firewallRules['objectId'] else: return False, None