def main():
prepare_connectors()
resource = LogicalRouter(
router_type=LogicalRouter.ROUTER_TYPE_TIER0,
display_name=NAME_PREFIX + "t0",
failover_mode=LogicalRouter.FAILOVER_MODE_PREEMPTIVE)
new_t0 = SVC_LOGICAL_ROUTERS.create(resource)
RESOURCES.append((type(new_t0), new_t0.id))
resource = LogicalRouter(
router_type=LogicalRouter.ROUTER_TYPE_TIER1,
display_name=NAME_PREFIX + "t1-mars",
failover_mode=LogicalRouter.FAILOVER_MODE_PREEMPTIVE)
new_t1_1 = SVC_LOGICAL_ROUTERS.create(resource)
RESOURCES.append((type(new_t1_1), new_t1_1.id))
resource = LogicalRouter(
router_type=LogicalRouter.ROUTER_TYPE_TIER1,
display_name=NAME_PREFIX + "t1-snickers",
failover_mode=LogicalRouter.FAILOVER_MODE_PREEMPTIVE)
new_t1_2 = SVC_LOGICAL_ROUTERS.create(resource)
RESOURCES.append((type(new_t1_2), new_t1_2.id))
resource = LogicalSwitch(
transport_zone_id=TRANSPORT_ZONE_ID,
admin_state=LogicalSwitch.ADMIN_STATE_UP,
replication_mode=LogicalSwitch.REPLICATION_MODE_MTEP,
display_name=NAME_PREFIX + "ls-mars",
)
new_ls_1 = SVC_LOGICAL_SWITCHES.create(resource)
RESOURCES.append((type(new_ls_1), new_ls_1.id))
resource = LogicalSwitch(
transport_zone_id=TRANSPORT_ZONE_ID,
admin_state=LogicalSwitch.ADMIN_STATE_UP,
replication_mode=LogicalSwitch.REPLICATION_MODE_MTEP,
display_name=NAME_PREFIX + "ls-snickers",
)
new_ls_2 = SVC_LOGICAL_SWITCHES.create(resource)
RESOURCES.append((type(new_ls_2), new_ls_2.id))
print(RESOURCES)
for elem in RESOURCES:
delete_resource(elem[0], elem[1])
def main():
module = AnsibleModule(argument_spec=dict(
display_name=dict(required=True, type='str'),
description=dict(required=False, type='str', default=None),
failover_mode=dict(required=False,
type='str',
default=None,
choices=['NON_PREEMPTIVE', 'PREEMPTIVE']),
edge_cluster_id=dict(required=False, type='str', default=None),
high_availability_mode=dict(
required=False,
type='str',
default='ACTIVE_STANDBY',
choices=['ACTIVE_STANDBY', 'ACTIVE_ACTIVE']),
tags=dict(required=False, type='dict', default=None),
state=dict(required=False,
type='str',
default="present",
choices=['present', 'absent']),
nsx_manager=dict(required=True, type='str'),
nsx_username=dict(required=True, type='str'),
nsx_passwd=dict(required=True, type='str', no_log=True)),
supports_check_mode=True)
if not HAS_PYNSXT:
module.fail_json(msg='pynsxt is required for this module')
session = requests.session()
session.verify = False
nsx_url = 'https://%s:%s' % (module.params['nsx_manager'], 443)
connector = connect.get_requests_connector(session=session,
msg_protocol='rest',
url=nsx_url)
stub_config = StubConfigurationFactory.new_std_configuration(connector)
security_context = create_user_password_security_context(
module.params["nsx_username"], module.params["nsx_passwd"])
connector.set_security_context(security_context)
requests.packages.urllib3.disable_warnings()
#tags=None
tags = []
tags.append(
Tag(scope='created-by', tag=os.getenv("NSX_T_INSTALLER", "nsx-t-gen")))
if module.params['tags'] is not None:
#tags = []
for key, value in module.params['tags'].items():
tag = Tag(scope=key, tag=value)
tags.append(tag)
lr_svc = LogicalRouters(stub_config)
lr = getLogicalRouterByName(module, stub_config)
if module.params['state'] == 'present':
if lr is None:
tags.append(
Tag(scope='generated',
tag=time.strftime("%Y-%m-%d %H:%M:%S %z")))
new_lr = LogicalRouter(
display_name=module.params['display_name'],
description=module.params['description'],
failover_mode=module.params['failover_mode'],
edge_cluster_id=module.params['edge_cluster_id'],
router_type='TIER0',
high_availability_mode=module.params['high_availability_mode'],
tags=tags)
if module.check_mode:
module.exit_json(changed=True,
debug_out=str(new_lr),
id="1111")
try:
new_lr = lr_svc.create(new_lr)
module.exit_json(
changed=True,
object_name=module.params['display_name'],
id=new_lr.id,
message="Logical Router with name %s created!" %
(module.params['display_name']))
except Error as ex:
module.fail_json(msg='API Error listing Logical Routers: %s' %
(str(ex)))
elif lr:
#if tags != lr.tags:
if not compareTags(lr.tags, tags):
tags.append(findTag(lr.tags, 'generated'))
tags.append(
Tag(scope='modified',
tag=time.strftime("%Y-%m-%d %H:%M:%S %z")))
lr.tags = tags
if module.check_mode:
module.exit_json(changed=True, debug_out=str(lr), id=lr.id)
new_lr = lr_svc.update(lr.id, lr)
module.exit_json(
changed=True,
object_name=module.params['display_name'],
id=new_lr.id,
message="Logical Router with name %s has changed tags!" %
(module.params['display_name']))
module.exit_json(
changed=False,
object_name=module.params['display_name'],
id=lr.id,
message="Logical Router with name %s already exists!" %
(module.params['display_name']))
elif module.params['state'] == "absent":
if lr:
if module.check_mode:
module.exit_json(changed=True, debug_out=str(lr), id=lr.id)
try:
deleteAllPortsOnRouter(lr, module, stub_config)
lr_svc.delete(lr.id)
except Error as ex:
api_error = ex.date.convert_to(ApiError)
module.fail_json(msg='API Error deleting Logical Routers: %s' %
(api_error.error_message))
module.exit_json(changed=True,
object_name=module.params['display_name'],
message="Logical Router with name %s deleted!" %
(module.params['display_name']))
module.exit_json(
changed=False,
object_name=module.params['display_name'],
message="Logical Router with name %s does not exist!" %
(module.params['display_name']))
def main():
module = AnsibleModule(
argument_spec=dict(
display_name=dict(required=True, type='str'),
description=dict(required=False, type='str', default=None),
failover_mode=dict(required=False, type='str', default=None, choices=['NON_PREEMPTIVE', 'PREEMPTIVE']),
edge_cluster_id=dict(required=False, type='str', default=None),
connected_t0_id=dict(required=False, type='str', default=None),
high_availability_mode=dict(required=False, type='str', default='ACTIVE_STANDBY', choices=['ACTIVE_STANDBY', 'ACTIVE_ACTIVE']),
advertise=dict(required=False, type='dict', default=None),
tags=dict(required=False, type='dict', default=None),
state=dict(required=False, type='str', default="present", choices=['present', 'absent']),
nsx_manager=dict(required=True, type='str'),
nsx_username=dict(required=True, type='str'),
nsx_passwd=dict(required=True, type='str', no_log=True)
),
supports_check_mode=True
)
if not HAS_PYNSXT:
module.fail_json(msg='pynsxt is required for this module')
session = requests.session()
session.verify = False
nsx_url = 'https://%s:%s' % (module.params['nsx_manager'], 443)
connector = connect.get_requests_connector(
session=session, msg_protocol='rest', url=nsx_url)
stub_config = StubConfigurationFactory.new_std_configuration(connector)
security_context = create_user_password_security_context(module.params["nsx_username"], module.params["nsx_passwd"])
connector.set_security_context(security_context)
requests.packages.urllib3.disable_warnings()
desired_adv_config = AdvertisementConfig()
if module.params['advertise']:
if 'enabled' in module.params['advertise']:
desired_adv_config.enabled = module.params['advertise']['enabled']
else:
desired_adv_config.enabled = True
if 'advertise_lb_snat_ip' in module.params['advertise'] and module.params['advertise']['advertise_lb_snat_ip']:
desired_adv_config.advertise_lb_snat_ip = module.params['advertise']['advertise_lb_snat_ip']
if 'advertise_lb_vip' in module.params['advertise'] and module.params['advertise']['advertise_lb_vip']:
desired_adv_config.advertise_lb_vip = module.params['advertise']['advertise_lb_vip']
if 'advertise_nat_routes' in module.params['advertise'] and module.params['advertise']['advertise_nat_routes']:
desired_adv_config.advertise_nat_routes = module.params['advertise']['advertise_nat_routes']
if 'advertise_nsx_connected_routes' in module.params['advertise'] and module.params['advertise']['advertise_nsx_connected_routes']:
desired_adv_config.advertise_nsx_connected_routes = module.params['advertise']['advertise_nsx_connected_routes']
if 'advertise_static_routes' in module.params['advertise'] and module.params['advertise']['advertise_static_routes']:
desired_adv_config.advertise_static_routes = module.params['advertise']['advertise_static_routes']
tags=None
if module.params['tags'] is not None:
tags = []
for key, value in module.params['tags'].items():
tag=Tag(scope=key, tag=value)
tags.append(tag)
lr_svc = LogicalRouters(stub_config)
lr = getLogicalRouterByName(module, stub_config)
if module.params['state'] == 'present':
if lr is None:
new_lr = LogicalRouter(
display_name=module.params['display_name'],
description=module.params['description'],
failover_mode=module.params['failover_mode'],
edge_cluster_id=module.params['edge_cluster_id'],
router_type='TIER1',
high_availability_mode=module.params['high_availability_mode'],
tags=tags
)
if module.check_mode:
module.exit_json(changed=True, debug_out=str(new_lr), id="1111")
try:
new_lr = lr_svc.create(new_lr)
mylr = getLogicalRouterByName(module, stub_config)
if module.params['connected_t0_id']:
connectT0(mylr, module, stub_config)
if module.params['advertise']:
adv_svc = Advertisement(stub_config)
adv_config = adv_svc.get(mylr.id)
adv_config.enabled = desired_adv_config.enabled
adv_config.advertise_lb_snat_ip = desired_adv_config.advertise_lb_snat_ip
adv_config.advertise_lb_vip = desired_adv_config.advertise_lb_vip
adv_config.advertise_nat_routes = desired_adv_config.advertise_nat_routes
adv_config.advertise_nsx_connected_routes = desired_adv_config.advertise_nsx_connected_routes
adv_config.advertise_static_routes = desired_adv_config.advertise_static_routes
adv_svc.update(mylr.id, adv_config)
module.exit_json(changed=True, object_name=module.params['display_name'], id=mylr.id, message="Logical Router with name %s created!"%(module.params['display_name']))
except Error as ex:
module.fail_json(msg='API Error listing Logical Routers: %s'%(str(ex)))
elif lr:
adv_svc = Advertisement(stub_config)
adv_config = adv_svc.get(lr.id)
changed = False
if tags != lr.tags:
changed = True
lr.tags=tags
if module.params['edge_cluster_id'] != lr.edge_cluster_id:
lr.edge_cluster_id=module.params['edge_cluster_id']
changed = True
if changed:
if module.check_mode:
module.exit_json(changed=True, debug_out=str(lr), id=lr.id)
new_lr = lr_svc.update(lr.id, lr)
module.exit_json(changed=True, object_name=module.params['display_name'], id=new_lr.id, message="Logical Router with name %s has been modified!"%(module.params['display_name']))
if compareLrpT0T1(lr, module, stub_config):
module.exit_json(changed=True, object_name=module.params['display_name'], id=lr.id, message="Logical Router uplink on T1 with name %s has been modified!"%(module.params['display_name']))
if module.params['advertise']:
changed = False
if ('enabled' not in module.params['advertise']):
changed = False
elif module.params['advertise']['enabled'] != adv_config.enabled:
adv_config.enabled = desired_adv_config.enabled
changed = True
if ('advertise_lb_snat_ip' not in module.params['advertise']):
if adv_config.advertise_lb_snat_ip:
adv_config.advertise_lb_snat_ip = None
changed = True
elif module.params['advertise']['advertise_lb_snat_ip'] != adv_config.advertise_lb_snat_ip:
adv_config.advertise_lb_snat_ip = desired_adv_config.advertise_lb_snat_ip
changed = True
if ('advertise_lb_vip' not in module.params['advertise']):
if adv_config.advertise_lb_vip:
adv_config.advertise_lb_vip = None
changed = True
elif module.params['advertise']['advertise_lb_vip'] != adv_config.advertise_lb_vip:
adv_config.advertise_lb_vip = desired_adv_config.advertise_lb_vip
changed = True
if ('advertise_nat_routes' not in module.params['advertise']):
if adv_config.advertise_nat_routes:
adv_config.advertise_nat_routes = None
changed = True
elif module.params['advertise']['advertise_nat_routes'] != adv_config.advertise_nat_routes:
adv_config.advertise_nat_routes = desired_adv_config.advertise_nat_routes
changed = True
if ('advertise_nsx_connected_routes' not in module.params['advertise']):
if adv_config.advertise_nsx_connected_routes:
adv_config.advertise_nsx_connected_routes = None
changed = True
elif module.params['advertise']['advertise_nsx_connected_routes'] != adv_config.advertise_nsx_connected_routes:
adv_config.advertise_nsx_connected_routes = desired_adv_config.advertise_nsx_connected_routes
changed = True
if ('advertise_static_routes' not in module.params['advertise']):
if adv_config.advertise_static_routes:
adv_config.advertise_static_routes = None
changed = True
elif module.params['advertise']['advertise_static_routes'] != adv_config.advertise_static_routes:
adv_config.advertise_static_routes = desired_adv_config.advertise_static_routes
changed = True
if changed:
if module.check_mode:
module.exit_json(changed=True, debug_out=str(adv_config), id=lr.id)
adv_svc.update(lr.id, adv_config)
module.exit_json(changed=True, object_name=module.params['display_name'], id=lr.id, message="Logical Router advertisement config on T1 with name %s has been modified!"%(module.params['display_name']))
module.exit_json(changed=False, object_name=module.params['display_name'], id=lr.id, message="Logical Router with name %s already exists!"%(module.params['display_name']))
elif module.params['state'] == "absent":
if lr:
if module.check_mode:
module.exit_json(changed=True, debug_out=str(lr), id=lr.id)
try:
deleteAllPortsOnRouter(lr, module, stub_config)
lr_svc.delete(lr.id)
except Error as ex:
api_error = ex.date.convert_to(ApiError)
module.fail_json(msg='API Error deleting Logical Routers: %s'%(api_error.error_message))
module.exit_json(changed=True, object_name=module.params['display_name'], message="Logical Router with name %s deleted!"%(module.params['display_name']))
module.exit_json(changed=False, object_name=module.params['display_name'], message="Logical Router with name %s does not exist!"%(module.params['display_name']))
def main():
args = getargs.getargs()
stub_config = auth.get_session_auth_stub_config(args.user, args.password,
args.nsx_host,
args.tcp_port)
pp = PrettyPrinter()
# Instantiate all the services we'll need.
transportzones_svc = TransportZones(stub_config)
logicalswitches_svc = LogicalSwitches(stub_config)
logicalrouters_svc = LogicalRouters(stub_config)
logicalrouterports_svc = LogicalRouterPorts(stub_config)
logicalports_svc = LogicalPorts(stub_config)
fwsections_svc = Sections(stub_config)
# Create a transport zone
new_tz = TransportZone(
transport_type=TransportZone.TRANSPORT_TYPE_OVERLAY,
display_name="Two Tier App Demo Transport Zone",
description="Transport zone for two-tier app demo",
host_switch_name="hostswitch"
)
demo_tz = transportzones_svc.create(new_tz)
# Create a logical switch for the db tier
new_ls = LogicalSwitch(
transport_zone_id=demo_tz.id,
admin_state=LogicalSwitch.ADMIN_STATE_UP,
replication_mode=LogicalSwitch.REPLICATION_MODE_MTEP,
display_name="ls-db",
)
db_ls = logicalswitches_svc.create(new_ls)
# Create a logical switch for the web tier
new_ls = LogicalSwitch(
transport_zone_id=demo_tz.id,
admin_state=LogicalSwitch.ADMIN_STATE_UP,
replication_mode=LogicalSwitch.REPLICATION_MODE_MTEP,
display_name="ls-web",
)
web_ls = logicalswitches_svc.create(new_ls)
# Create a logical router that will route traffic between
# the web and db tiers
new_lr = LogicalRouter(
router_type=LogicalRouter.ROUTER_TYPE_TIER1,
display_name="lr-demo",
failover_mode=LogicalRouter.FAILOVER_MODE_PREEMPTIVE
)
lr = logicalrouters_svc.create(new_lr)
# Create a logical port on the db and web logical switches. We
# will attach the logical router to those ports so that it can
# route between the logical switches.
# Logical port on the db logical switch
new_lp = LogicalPort(
admin_state=LogicalPort.ADMIN_STATE_UP,
logical_switch_id=db_ls.id,
display_name="dbTierUplinkToRouter"
)
db_port_on_ls = logicalports_svc.create(new_lp)
# Logical port on the web logical switch
new_lp = LogicalPort(
admin_state=LogicalPort.ADMIN_STATE_UP,
logical_switch_id=web_ls.id,
display_name="webTierUplinkToRouter"
)
web_port_on_ls = logicalports_svc.create(new_lp)
# Populate a logical router downlink port payload and configure
# the port with the CIDR 192.168.1.1/24. We will attach this
# port to the db tier's logical switch.
new_lr_port = LogicalRouterDownLinkPort(
subnets=[IPSubnet(ip_addresses=["192.168.1.1"], prefix_length=24)],
linked_logical_switch_port_id=ResourceReference(
target_id=db_port_on_ls.id),
resource_type="LogicalRouterDownLinkPort",
logical_router_id=lr.id
)
# Create the downlink port
lr_port_for_db_tier = logicalrouterports_svc.create(new_lr_port)
# Convert to concrete type
lr_port_for_db_tier = lr_port_for_db_tier.convert_to(
LogicalRouterDownLinkPort)
# Populate a logical router downlink port payload and configure
# the port with the CIDR 192.168.2.1/24. We will attach this
# port to the web tier's logical switch.
new_lr_port = LogicalRouterDownLinkPort(
subnets=[IPSubnet(ip_addresses=["192.168.2.1"], prefix_length=24)],
linked_logical_switch_port_id=ResourceReference(
target_id=web_port_on_ls.id),
resource_type="LogicalRouterDownLinkPort",
logical_router_id=lr.id
)
# Create the downlink port
lr_port_for_web_tier = logicalrouterports_svc.create(new_lr_port)
lr_port_for_web_tier = lr_port_for_web_tier.convert_to(
LogicalRouterDownLinkPort)
# Now establish a firewall policy that only allows MSSQL
# server traffic and ICMP traffic in and out of the db tier's
# logical switch.
# Create 3 firewall rules. The first will allow traffic used
# by MS SQL Server to pass. This rule references a built-in
# ns service group that includes all the common ports used by
# the MSSQL Server. The ID is common to all NSX installations.
MSSQL_SERVER_NS_GROUP_ID = "5a6d380a-6d28-4e3f-b705-489f463ae6ad"
ms_sql_rule = FirewallRule(
action=FirewallRule.ACTION_ALLOW,
display_name="Allow MSSQL Server",
ip_protocol=FirewallRule.IP_PROTOCOL_IPV4_IPV6,
services=[
FirewallService(
target_type="NSServiceGroup",
target_id=MSSQL_SERVER_NS_GROUP_ID
)
]
)
# The second rule will allow ICMP echo requests and responses.
ICMP_ECHO_REQUEST_NS_SVC_ID = "5531a880-61aa-42cc-ba4b-13b9ea611e2f"
ICMP_ECHO_REPLY_NS_SVC_ID = "c54b2d86-6327-41ff-a3fc-c67171b6ba63"
icmp_rule = FirewallRule(
action=FirewallRule.ACTION_ALLOW,
display_name="Allow ICMP Echo",
ip_protocol=FirewallRule.IP_PROTOCOL_IPV4_IPV6,
services=[
FirewallService(
target_type="NSService",
target_id=ICMP_ECHO_REQUEST_NS_SVC_ID
),
FirewallService(
target_type="NSService",
target_id=ICMP_ECHO_REPLY_NS_SVC_ID
)
]
)
# The third rule will drop all traffic not passed by the previous
# rules.
block_all_rule = FirewallRule(
action=FirewallRule.ACTION_DROP,
display_name="Drop all",
ip_protocol=FirewallRule.IP_PROTOCOL_IPV4_IPV6
)
# Add all rules to a new firewall section and create the section.
rule_list = FirewallSectionRuleList(
rules=[ms_sql_rule, icmp_rule, block_all_rule],
section_type=FirewallSection.SECTION_TYPE_LAYER3,
stateful=True,
display_name="MSSQL Server",
description="Only allow MSSQL server traffic"
)
demo_section = fwsections_svc.createwithrules(
rule_list, None, operation="insert_top")
# Re-read the firewall section so that we are operating on up-to-date
# data.
section = fwsections_svc.get(demo_section.id)
# Make the firewall section apply to the db tier logical
# switch. This enables the firewall policy on all logical
# ports attached to the db tier logical switch.
section.applied_tos = [
ResourceReference(target_id=db_ls.id,
target_type="LogicalSwitch")
]
fwsections_svc.update(section.id, section)
print("At this point you may attach VMs for the db tier to the db")
print("logical switch and VMs for the web tier to the web logical")
print("switch. The network interfaces should be configured as")
print("follows:")
print("db tier:")
print(" IP address: in the range 192.168.1.2-254")
print(" Netmask: 255.255.255.0")
print(" Default route: 192.168.1.1")
print("web tier:")
print(" IP address: in the range 192.168.2.2-254")
print(" Netmask: 255.255.255.0")
print(" Default route: 192.168.2.1")
print("Logical switch IDs:")
print(" %s: %s" % (db_ls.display_name, db_ls.id))
print(" %s: %s" % (web_ls.display_name, web_ls.id))
print("Transport zone: %s: %s" % (demo_tz.display_name, demo_tz.id))
print("Press enter to delete all resources created for this example.")
sys.stdin.readline()
fwsections_svc.delete(section.id, cascade=True)
logicalrouterports_svc.delete(lr_port_for_web_tier.id)
logicalrouterports_svc.delete(lr_port_for_db_tier.id)
logicalports_svc.delete(web_port_on_ls.id)
logicalports_svc.delete(db_port_on_ls.id)
logicalrouters_svc.delete(lr.id)
logicalswitches_svc.delete(web_ls.id)
logicalswitches_svc.delete(db_ls.id)
transportzones_svc.delete(demo_tz.id)