def build_config(self):
config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec()
# Basic config
config.name = self.module.params['portgroup_name']
config.numPorts = self.module.params['num_ports']
# Default port config
config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy(
)
if self.module.params['vlan_trunk']:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec(
)
config.defaultPortConfig.vlan.vlanId = list(
map(lambda x: vim.NumericRange(start=x[0], end=x[1]),
self.create_vlan_list()))
else:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec(
)
config.defaultPortConfig.vlan.vlanId = int(
self.module.params['vlan_id'])
config.defaultPortConfig.vlan.inherited = False
config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy(
)
config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(
value=self.module.params['network_policy']['promiscuous'])
config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(
value=self.module.params['network_policy']['forged_transmits'])
config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(
value=self.module.params['network_policy']['mac_changes'])
# Teaming Policy
teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
teamingPolicy.policy = vim.StringPolicy(
value=self.module.params['teaming_policy']['load_balance_policy'])
teamingPolicy.reversePolicy = vim.BoolPolicy(
value=self.module.params['teaming_policy']['inbound_policy'])
teamingPolicy.notifySwitches = vim.BoolPolicy(
value=self.module.params['teaming_policy']['notify_switches'])
teamingPolicy.rollingOrder = vim.BoolPolicy(
value=self.module.params['teaming_policy']['rolling_order'])
config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy
# PG policy (advanced_policy)
config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy(
)
config.policy.blockOverrideAllowed = self.module.params['port_policy'][
'block_override']
config.policy.ipfixOverrideAllowed = self.module.params['port_policy'][
'ipfix_override']
config.policy.livePortMovingAllowed = self.module.params[
'port_policy']['live_port_move']
config.policy.networkResourcePoolOverrideAllowed = self.module.params[
'port_policy']['network_rp_override']
config.policy.portConfigResetAtDisconnect = self.module.params[
'port_policy']['port_config_reset_at_disconnect']
config.policy.securityPolicyOverrideAllowed = self.module.params[
'port_policy']['security_override']
config.policy.shapingOverrideAllowed = self.module.params[
'port_policy']['shaping_override']
config.policy.trafficFilterOverrideAllowed = self.module.params[
'port_policy']['traffic_filter_override']
config.policy.uplinkTeamingOverrideAllowed = self.module.params[
'port_policy']['uplink_teaming_override']
config.policy.vendorConfigOverrideAllowed = self.module.params[
'port_policy']['vendor_config_override']
config.policy.vlanOverrideAllowed = self.module.params['port_policy'][
'vlan_override']
# PG Type
config.type = self.module.params['portgroup_type']
return config
def ensure(self):
"""Manage uplink portgroup"""
changed = changed_uplink_pg_policy = changed_vlan_trunk_range = changed_lacp = False
results = dict(changed=changed)
results['dvswitch'] = self.switch_name
changed_list = []
uplink_pg_spec = vim.dvs.DistributedVirtualPortgroup.ConfigSpec()
# Use the same version in the new spec; The version will be increased by one by the API automatically
uplink_pg_spec.configVersion = self.dvs.config.uplinkPortgroup[
0].config.configVersion
uplink_pg_config = self.dvs.config.uplinkPortgroup[0].config
# Check name
if self.uplink_pg_name:
results['name'] = self.uplink_pg_name
if uplink_pg_config.name != self.uplink_pg_name:
changed = True
changed_list.append("name")
results['name_previous'] = uplink_pg_config.name
uplink_pg_spec.name = self.uplink_pg_name
else:
results['name'] = uplink_pg_config.name
# Check description
results['description'] = self.uplink_pg_description
if uplink_pg_config.description != self.uplink_pg_description:
changed = True
changed_list.append("description")
results['description_previous'] = uplink_pg_config.description
uplink_pg_spec.description = self.uplink_pg_description
# Check port policies
results['adv_reset_at_disconnect'] = self.uplink_pg_reset
results['adv_block_ports'] = self.uplink_pg_block_ports
results['adv_vendor_conf'] = self.uplink_pg_vendor_conf
results['adv_vlan'] = self.uplink_pg_vlan
results['adv_netflow'] = self.uplink_pg_netflow
results['adv_traffic_filtering'] = self.uplink_pg_tf
uplink_pg_policy_spec = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy(
)
uplink_pg_policy_spec.portConfigResetAtDisconnect = self.uplink_pg_reset
uplink_pg_policy_spec.blockOverrideAllowed = self.uplink_pg_block_ports
uplink_pg_policy_spec.vendorConfigOverrideAllowed = self.uplink_pg_vendor_conf
uplink_pg_policy_spec.vlanOverrideAllowed = self.uplink_pg_vlan
uplink_pg_policy_spec.ipfixOverrideAllowed = self.uplink_pg_netflow
uplink_pg_policy_spec.trafficFilterOverrideAllowed = self.uplink_pg_tf
# There's no information available if the following option are deprecated, but
# they aren't visible in the vSphere Client
uplink_pg_policy_spec.shapingOverrideAllowed = False
uplink_pg_policy_spec.livePortMovingAllowed = False
uplink_pg_policy_spec.uplinkTeamingOverrideAllowed = False
uplink_pg_policy_spec.securityPolicyOverrideAllowed = False
uplink_pg_policy_spec.networkResourcePoolOverrideAllowed = False
# Check policies
if uplink_pg_config.policy.portConfigResetAtDisconnect != self.uplink_pg_reset:
changed_uplink_pg_policy = True
results[
'adv_reset_at_disconnect_previous'] = uplink_pg_config.policy.portConfigResetAtDisconnect
if uplink_pg_config.policy.blockOverrideAllowed != self.uplink_pg_block_ports:
changed_uplink_pg_policy = True
results[
'adv_block_ports_previous'] = uplink_pg_config.policy.blockOverrideAllowed
if uplink_pg_config.policy.vendorConfigOverrideAllowed != self.uplink_pg_vendor_conf:
changed_uplink_pg_policy = True
results[
'adv_vendor_conf_previous'] = uplink_pg_config.policy.vendorConfigOverrideAllowed
if uplink_pg_config.policy.vlanOverrideAllowed != self.uplink_pg_vlan:
changed_uplink_pg_policy = True
results[
'adv_vlan_previous'] = uplink_pg_config.policy.vlanOverrideAllowed
if uplink_pg_config.policy.ipfixOverrideAllowed != self.uplink_pg_netflow:
changed_uplink_pg_policy = True
results[
'adv_netflow_previous'] = uplink_pg_config.policy.ipfixOverrideAllowed
if uplink_pg_config.policy.trafficFilterOverrideAllowed != self.uplink_pg_tf:
changed_uplink_pg_policy = True
results[
'adv_traffic_filtering_previous'] = uplink_pg_config.policy.trafficFilterOverrideAllowed
if changed_uplink_pg_policy:
changed = True
changed_list.append("advanced")
uplink_pg_spec.policy = uplink_pg_policy_spec
uplink_pg_spec.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy(
)
# Check VLAN trunk
results['vlan_trunk_range'] = self.uplink_pg_vlan_trunk_range
vlan_id_ranges = self.uplink_pg_vlan_trunk_range
trunk_vlan_spec = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec(
)
vlan_id_list = []
for vlan_id_range in vlan_id_ranges:
vlan_id_range_found = False
vlan_id_start, vlan_id_end = self.get_vlan_ids_from_range(
vlan_id_range)
# Check if range is already configured
for current_vlan_id_range in uplink_pg_config.defaultPortConfig.vlan.vlanId:
if current_vlan_id_range.start == int(
vlan_id_start) and current_vlan_id_range.end == int(
vlan_id_end):
vlan_id_range_found = True
break
if vlan_id_range_found is False:
changed_vlan_trunk_range = True
vlan_id_list.append(
vim.NumericRange(start=int(vlan_id_start),
end=int(vlan_id_end)))
# Check if range needs to be removed
for current_vlan_id_range in uplink_pg_config.defaultPortConfig.vlan.vlanId:
vlan_id_range_found = False
for vlan_id_range in vlan_id_ranges:
vlan_id_start, vlan_id_end = self.get_vlan_ids_from_range(
vlan_id_range)
if (current_vlan_id_range.start == int(vlan_id_start)
and current_vlan_id_range.end == int(vlan_id_end)):
vlan_id_range_found = True
break
if vlan_id_range_found is False:
changed_vlan_trunk_range = True
trunk_vlan_spec.vlanId = vlan_id_list
if changed_vlan_trunk_range:
changed = True
changed_list.append("vlan trunk range")
current_vlan_id_list = []
for current_vlan_id_range in uplink_pg_config.defaultPortConfig.vlan.vlanId:
if current_vlan_id_range.start == current_vlan_id_range.end:
current_vlan_id_range_string = current_vlan_id_range.start
else:
current_vlan_id_range_string = '-'.join([
str(current_vlan_id_range.start),
str(current_vlan_id_range.end)
])
current_vlan_id_list.append(current_vlan_id_range_string)
results['vlan_trunk_range_previous'] = current_vlan_id_list
uplink_pg_spec.defaultPortConfig.vlan = trunk_vlan_spec
# Check LACP
lacp_support_mode = self.get_lacp_support_mode(self.support_mode)
if lacp_support_mode == 'basic':
results['lacp_status'] = self.lacp_status
lacp_spec = vim.dvs.VmwareDistributedVirtualSwitch.UplinkLacpPolicy(
)
lacp_enabled = False
if self.lacp_status == 'enabled':
lacp_enabled = True
if uplink_pg_config.defaultPortConfig.lacpPolicy.enable.value != lacp_enabled:
changed_lacp = True
changed_list.append("lacp status")
if uplink_pg_config.defaultPortConfig.lacpPolicy.enable.value:
results['lacp_status_previous'] = 'enabled'
else:
results['lacp_status_previous'] = 'disabled'
lacp_spec.enable = vim.BoolPolicy()
lacp_spec.enable.inherited = False
lacp_spec.enable.value = lacp_enabled
if lacp_enabled and uplink_pg_config.defaultPortConfig.lacpPolicy.mode.value != self.lacp_mode:
results['lacp_mode'] = self.lacp_mode
changed_lacp = True
changed_list.append("lacp mode")
results[
'lacp_mode_previous'] = uplink_pg_config.defaultPortConfig.lacpPolicy.mode.value
lacp_spec.mode = vim.StringPolicy()
lacp_spec.mode.inherited = False
lacp_spec.mode.value = self.lacp_mode
if changed_lacp:
changed = True
uplink_pg_spec.defaultPortConfig.lacpPolicy = lacp_spec
# Check NetFlow
results['netflow_enabled'] = self.uplink_pg_netflow_enabled
netflow_enabled_spec = vim.BoolPolicy()
netflow_enabled_spec.inherited = False
netflow_enabled_spec.value = self.uplink_pg_netflow_enabled
if uplink_pg_config.defaultPortConfig.ipfixEnabled.value != self.uplink_pg_netflow_enabled:
changed = True
results[
'netflow_enabled_previous'] = uplink_pg_config.defaultPortConfig.ipfixEnabled.value
changed_list.append("netflow")
uplink_pg_spec.defaultPortConfig.ipfixEnabled = netflow_enabled_spec
# TODO: Check Traffic filtering and marking
# Check Block all ports
results['block_all_ports'] = self.uplink_pg_block_all_ports
block_all_ports_spec = vim.BoolPolicy()
block_all_ports_spec.inherited = False
block_all_ports_spec.value = self.uplink_pg_block_all_ports
if uplink_pg_config.defaultPortConfig.blocked.value != self.uplink_pg_block_all_ports:
changed = True
changed_list.append("block all ports")
results[
'block_all_ports_previous'] = uplink_pg_config.defaultPortConfig.blocked.value
uplink_pg_spec.defaultPortConfig.blocked = block_all_ports_spec
if changed:
if self.module.check_mode:
changed_suffix = ' would be changed'
else:
changed_suffix = ' changed'
if len(changed_list) > 2:
message = ', '.join(changed_list[:-1]) + ', and ' + str(
changed_list[-1])
elif len(changed_list) == 2:
message = ' and '.join(changed_list)
elif len(changed_list) == 1:
message = changed_list[0]
message += changed_suffix
if not self.module.check_mode:
try:
task = self.dvs.config.uplinkPortgroup[
0].ReconfigureDVPortgroup_Task(uplink_pg_spec)
wait_for_task(task)
except TaskError as invalid_argument:
self.module.fail_json(
msg="Failed to update uplink portgroup : %s" %
to_native(invalid_argument))
else:
message = "Uplink portgroup already configured properly"
results['changed'] = changed
results['result'] = message
self.module.exit_json(**results)
def build_config(self):
config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec()
# Basic config
config.name = self.module.params['portgroup_name']
if self.module.params[
'port_allocation'] != 'elastic' and self.module.params[
'port_binding'] != 'ephemeral':
config.numPorts = self.module.params['num_ports']
# Default port config
config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy(
)
if self.module.params['vlan_trunk']:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec(
)
config.defaultPortConfig.vlan.vlanId = list(
map(lambda x: vim.NumericRange(start=x[0], end=x[1]),
self.create_vlan_list()))
elif self.module.params['vlan_private']:
# Check that private VLAN exists in dvs
if self.module.params['vlan_private']:
pvlan_exists = self.check_dvs_pvlan()
if not pvlan_exists:
self.module.fail_json(
msg=
"No private vlan with id %s in distributed vSwitch %s"
% (self.module.params['vlan_id'],
self.module.params['switch_name']))
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.PvlanSpec(
)
config.defaultPortConfig.vlan.pvlanId = int(
self.module.params['vlan_id'])
else:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec(
)
config.defaultPortConfig.vlan.vlanId = int(
self.module.params['vlan_id'])
config.defaultPortConfig.vlan.inherited = False
# If the dvSwitch supports MAC learning, it's a version where securityPolicy is deprecated
if self.supports_mac_learning():
config.defaultPortConfig.macManagementPolicy = vim.dvs.VmwareDistributedVirtualSwitch.MacManagementPolicy(
)
config.defaultPortConfig.macManagementPolicy.allowPromiscuous = self.module.params[
'network_policy']['promiscuous']
config.defaultPortConfig.macManagementPolicy.forgedTransmits = self.module.params[
'network_policy']['forged_transmits']
config.defaultPortConfig.macManagementPolicy.macChanges = self.module.params[
'network_policy']['mac_changes']
macLearning = self.module.params['mac_learning']
if macLearning:
macLearningPolicy = vim.dvs.VmwareDistributedVirtualSwitch.MacLearningPolicy(
)
if macLearning['allow_unicast_flooding'] is not None:
macLearningPolicy.allowUnicastFlooding = macLearning[
'allow_unicast_flooding']
if macLearning['enabled'] is not None:
macLearningPolicy.enabled = macLearning['enabled']
if macLearning['limit'] is not None:
macLearningPolicy.limit = macLearning['limit']
if macLearning['limit_policy']:
macLearningPolicy.limitPolicy = macLearning['limit_policy']
config.defaultPortConfig.macManagementPolicy.macLearningPolicy = macLearningPolicy
else:
config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy(
)
config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(
value=self.module.params['network_policy']['promiscuous'])
config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(
value=self.module.params['network_policy']['forged_transmits'])
config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(
value=self.module.params['network_policy']['mac_changes'])
# Teaming Policy
teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
teamingPolicy.policy = vim.StringPolicy(
value=self.module.params['teaming_policy']['load_balance_policy'])
if self.module.params['teaming_policy']['inbound_policy'] is not None:
teamingPolicy.reversePolicy = vim.BoolPolicy(
value=self.module.params['teaming_policy']['inbound_policy'])
teamingPolicy.notifySwitches = vim.BoolPolicy(
value=self.module.params['teaming_policy']['notify_switches'])
teamingPolicy.rollingOrder = vim.BoolPolicy(
value=self.module.params['teaming_policy']['rolling_order'])
if self.module.params['teaming_policy'][
'active_uplinks'] or self.module.params['teaming_policy'][
'standby_uplinks']:
teamingPolicy.uplinkPortOrder = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortOrderPolicy(
)
if self.module.params['teaming_policy']['active_uplinks']:
teamingPolicy.uplinkPortOrder.activeUplinkPort = self.module.params[
'teaming_policy']['active_uplinks']
if self.module.params['teaming_policy']['standby_uplinks']:
teamingPolicy.uplinkPortOrder.standbyUplinkPort = self.module.params[
'teaming_policy']['standby_uplinks']
config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy
# PG policy (advanced_policy)
config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy(
)
config.policy.blockOverrideAllowed = self.module.params['port_policy'][
'block_override']
config.policy.ipfixOverrideAllowed = self.module.params['port_policy'][
'ipfix_override']
config.policy.livePortMovingAllowed = self.module.params[
'port_policy']['live_port_move']
config.policy.networkResourcePoolOverrideAllowed = self.module.params[
'port_policy']['network_rp_override']
config.policy.portConfigResetAtDisconnect = self.module.params[
'port_policy']['port_config_reset_at_disconnect']
config.policy.securityPolicyOverrideAllowed = self.module.params[
'port_policy']['security_override']
config.policy.shapingOverrideAllowed = self.module.params[
'port_policy']['shaping_override']
config.policy.trafficFilterOverrideAllowed = self.module.params[
'port_policy']['traffic_filter_override']
config.policy.uplinkTeamingOverrideAllowed = self.module.params[
'port_policy']['uplink_teaming_override']
config.policy.vendorConfigOverrideAllowed = self.module.params[
'port_policy']['vendor_config_override']
config.policy.vlanOverrideAllowed = self.module.params['port_policy'][
'vlan_override']
# PG Type
# NOTE: 'portgroup_type' is deprecated.
if self.module.params['portgroup_type']:
config.type = self.module.params['portgroup_type']
elif self.module.params['port_binding'] == 'ephemeral':
config.type = 'ephemeral'
else:
config.type = 'earlyBinding'
if self.module.params['port_allocation']:
if self.module.params['port_allocation'] == 'elastic':
config.autoExpand = True
else:
config.autoExpand = False
return config
def main():
module = AnsibleModule(argument_spec=dict(
host=dict(required=True, type='str'),
user=dict(required=True, type='str'),
pwd=dict(required=True, type='str'),
network=dict(required=True, type='str'),
dc=dict(required=True, type='str', default=None),
state=dict(default='set', choices=['set', 'unset'], type='str'),
),
supports_check_mode=True)
promisc = VmwPromisc(module)
if not promisc.ready:
module.fail_json(msg="Connection not ready: %s" % promisc._msg)
result = {}
result['changed'] = False
if type(promisc.network) is vim.dvs.DistributedVirtualPortgroup:
promisc_mode = promisc.network.config.defaultPortConfig.securityPolicy.allowPromiscuous.value
forged_mode = promisc.network.config.defaultPortConfig.securityPolicy.forgedTransmits.value
config_spec = vim.dvs.DistributedVirtualPortgroup.ConfigSpec()
config_spec.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy(
)
config_spec.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy(
)
policy = config_spec.defaultPortConfig.securityPolicy
if module.params['state'] == 'set':
if promisc_mode is False:
result['changed'] = True
result['allowPromiscuous'] = True
policy.allowPromiscuous = vim.BoolPolicy(value=True)
if forged_mode is False:
result['changed'] = True
result['forgedTransmits'] = True
policy.forgedTransmits = vim.BoolPolicy(value=True)
else:
if promisc_mode is True:
result['changed'] = True
result['allowPromiscuous'] = False
policy.allowPromiscuous = vim.BoolPolicy(value=False)
if forged_mode is True:
result['changed'] = True
result['forgedTransmits'] = False
policy.forgedTransmits = vim.BoolPolicy(value=False)
if not module.check_mode and result['changed']:
config_spec.configVersion = promisc.network.config.configVersion
task = promisc.network.ReconfigureDVPortgroup_Task(config_spec)
while task.info.state == 'running':
# OK, this is just nasty
time.sleep(1)
result['task_state'] = task.info.state
else:
module.fail_json(
'Selected network is not of type vim.dvs.DistributedVirtualPortgroup'
)
module.exit_json(**result)
def create_port_group(self):
config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec()
# Basic config
config.name = self.portgroup_name
config.numPorts = self.num_ports
# Default port config
config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy(
)
if self.vlan_trunk:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec(
)
vlan_id_start, vlan_id_end = self.vlan_id.split('-')
config.defaultPortConfig.vlan.vlanId = [
vim.NumericRange(start=int(vlan_id_start.strip()),
end=int(vlan_id_end.strip()))
]
else:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec(
)
config.defaultPortConfig.vlan.vlanId = int(self.vlan_id)
config.defaultPortConfig.vlan.inherited = False
config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy(
)
config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(
value=self.security_promiscuous)
config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(
value=self.security_forged_transmits)
config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(
value=self.security_mac_changes)
# Teaming Policy
teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
teamingPolicy.policy = vim.StringPolicy(
value=self.module.params['teaming_policy']['load_balance_policy'])
teamingPolicy.reversePolicy = vim.BoolPolicy(
value=self.module.params['teaming_policy']['inbound_policy'])
teamingPolicy.notifySwitches = vim.BoolPolicy(
value=self.module.params['teaming_policy']['notify_switches'])
teamingPolicy.rollingOrder = vim.BoolPolicy(
value=self.module.params['teaming_policy']['rolling_order'])
config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy
# PG policy (advanced_policy)
config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy(
)
config.policy.blockOverrideAllowed = self.policy_block_override
config.policy.ipfixOverrideAllowed = self.policy_ipfix_override
config.policy.livePortMovingAllowed = self.policy_live_port_move
config.policy.networkResourcePoolOverrideAllowed = self.policy_network_rp_override
config.policy.portConfigResetAtDisconnect = self.policy_port_config_reset_at_disconnect
config.policy.securityPolicyOverrideAllowed = self.policy_security_override
config.policy.shapingOverrideAllowed = self.policy_shaping_override
config.policy.trafficFilterOverrideAllowed = self.policy_traffic_filter_override
config.policy.uplinkTeamingOverrideAllowed = self.policy_uplink_teaming_override
config.policy.vendorConfigOverrideAllowed = self.policy_vendor_config_override
config.policy.vlanOverrideAllowed = self.policy_vlan_override
# PG Type
config.type = self.portgroup_type
task = self.dv_switch.AddDVPortgroup_Task([config])
changed, result = wait_for_task(task)
return changed, result
def create_port_group(self):
config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec()
# Basic config
config.name = self.module.params['portgroup_name']
config.numPorts = self.module.params['num_ports']
# Default port config
config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy(
)
if self.module.params['vlan_trunk']:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec(
)
vlan_id_list = []
for vlan_id_splitted in self.module.params['vlan_id'].split(','):
try:
vlan_id_start, vlan_id_end = map(
int, vlan_id_splitted.split('-'))
if vlan_id_start not in range(
0, 4095) or vlan_id_end not in range(0, 4095):
self.module.fail_json(
msg=
"vlan_id range %s specified is incorrect. The valid vlan_id range is from 0 to 4094."
% vlan_id_splitted)
vlan_id_list.append(
vim.NumericRange(start=vlan_id_start, end=vlan_id_end))
except ValueError:
vlan_id_list.append(
vim.NumericRange(start=int(vlan_id_splitted.strip()),
end=int(vlan_id_splitted.strip())))
config.defaultPortConfig.vlan.vlanId = vlan_id_list
else:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec(
)
config.defaultPortConfig.vlan.vlanId = int(
self.module.params['vlan_id'])
config.defaultPortConfig.vlan.inherited = False
config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy(
)
config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(
value=self.module.params['network_policy']['promiscuous'])
config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(
value=self.module.params['network_policy']['forged_transmits'])
config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(
value=self.module.params['network_policy']['mac_changes'])
# Teaming Policy
teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
teamingPolicy.policy = vim.StringPolicy(
value=self.module.params['teaming_policy']['load_balance_policy'])
teamingPolicy.reversePolicy = vim.BoolPolicy(
value=self.module.params['teaming_policy']['inbound_policy'])
teamingPolicy.notifySwitches = vim.BoolPolicy(
value=self.module.params['teaming_policy']['notify_switches'])
teamingPolicy.rollingOrder = vim.BoolPolicy(
value=self.module.params['teaming_policy']['rolling_order'])
config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy
# PG policy (advanced_policy)
config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy(
)
config.policy.blockOverrideAllowed = self.module.params['port_policy'][
'block_override']
config.policy.ipfixOverrideAllowed = self.module.params['port_policy'][
'ipfix_override']
config.policy.livePortMovingAllowed = self.module.params[
'port_policy']['live_port_move']
config.policy.networkResourcePoolOverrideAllowed = self.module.params[
'port_policy']['network_rp_override']
config.policy.portConfigResetAtDisconnect = self.module.params[
'port_policy']['port_config_reset_at_disconnect']
config.policy.securityPolicyOverrideAllowed = self.module.params[
'port_policy']['security_override']
config.policy.shapingOverrideAllowed = self.module.params[
'port_policy']['shaping_override']
config.policy.trafficFilterOverrideAllowed = self.module.params[
'port_policy']['traffic_filter_override']
config.policy.uplinkTeamingOverrideAllowed = self.module.params[
'port_policy']['uplink_teaming_override']
config.policy.vendorConfigOverrideAllowed = self.module.params[
'port_policy']['vendor_config_override']
config.policy.vlanOverrideAllowed = self.module.params['port_policy'][
'vlan_override']
# PG Type
config.type = self.module.params['portgroup_type']
task = self.dv_switch.AddDVPortgroup_Task([config])
changed, result = wait_for_task(task)
return changed, result
def doUpdatePort(dpg, vm, vnic_device):
outputstr = 'Try to update mac address:\n'
outputstr += 'Current mac address: %s \n'%(vnic_device.macAddress)
outputstr += 'New mac address: %s \n'%(NEW_MAC_ADDRESS)
vnic_spec = vim.vm.device.VirtualDeviceSpec()
vnic_spec.operation = vim.vm.device.VirtualDeviceSpec.Operation.edit
vnic_spec.device = vnic_device
vnic_spec.device.key = vnic_device.key
vnic_spec.device.macAddress = NEW_MAC_ADDRESS
vnic_spec.device.backing = vnic_device.backing
vnic_spec.device.backing.port = vnic_device.backing.port
vnic_spec.device.wakeOnLanEnabled = vnic_device.wakeOnLanEnabled
vnic_spec.device.connectable = vnic_device.connectable
dev_changes = []
dev_changes.append(vnic_spec)
vm_spec = vim.vm.ConfigSpec()
vm_spec.deviceChange = dev_changes
# CHANGE vm.config.networkShaper NOT WORK, SO REMOVE IT!!!
# outputstr += 'Try to update shaping policy:\n'
# newShaping = vim.vm.NetworkShaperInfo()
# newShaping.enabled = (SHAPING_ENABLE=='true')
# newShaping.peakBps = SHAPING_PEAK_BPS
# newShaping.averageBps = SHAPING_AVERAGE_BPS
# newShaping.burstSize = 0
# vm_spec.networkShaper = newShaping
# curShaping = vm.config.networkShaper
# if curShaping != None:
# outputstr += 'Current shaping policy: enabled:%s,peakBps:%s,averageBps:%s'%(curShaping.enabled,curShaping.peakBps,curShaping.averageBps)
# outputstr += 'New shaping policy: enabled:%s,peakBps:%s,averageBps:%s'%(newShaping.enabled,newShaping.peakBps,newShaping.averageBps)
vm_task = vm.ReconfigVM_Task(vm_spec)
state = WaitForTask(task=vm_task, si=serviceInstance, onProgressUpdate=OnTaskProgressUpdate)
outputstr += 'ReconfigVM Task completed, state: %s \n\n'%(state)
outputstr += 'Try to update shaping policy:\n'
dvs = dpg.config.distributedVirtualSwitch
portCriteria = vim.dvs.PortCriteria()
portCriteria.portKey = [vnic_device.backing.port.portKey]
dvPorts = dvs.FetchDVPorts(portCriteria)
ciShapping = dvPorts[0].config.setting.inShapingPolicy
coShapping = dvPorts[0].config.setting.outShapingPolicy
if ciShapping!=None:
outputstr += 'Current in shaping policy: enabled:%s,averageBps:%s,peakBps:%s\n'% \
(ciShapping.enabled.value,ciShapping.averageBandwidth.value,ciShapping.peakBandwidth.value)
if coShapping!=None:
outputstr += 'Current out shaping policy: enabled:%s,averageBps:%s,peakBps:%s\n'% \
(coShapping.enabled.value,coShapping.averageBandwidth.value,coShapping.peakBandwidth.value)
outputstr += 'New in shaping policy: enabled:%s,averageBps:%s,peakBps:%s\n'%(IN_SHAPING_ENABLE,IN_SHAPING_AVERAGE_BPS,IN_SHAPING_PEAK_BPS)
outputstr += 'New out shaping policy: enabled:%s,averageBps:%s,peakBps:%s\n'%(OUT_SHAPING_ENABLE,OUT_SHAPING_AVERAGE_BPS,OUT_SHAPING_PEAK_BPS)
port_spec = vim.dvs.DistributedVirtualPort.ConfigSpec()
port_spec.operation = vim.ConfigSpecOperation.edit
port_spec.key = vnic_device.backing.port.portKey
port_setting = vim.dvs.DistributedVirtualPort.Setting()
port_inshaping = vim.dvs.DistributedVirtualPort.TrafficShapingPolicy()
port_outshaping = vim.dvs.DistributedVirtualPort.TrafficShapingPolicy()
port_inshaping.enabled = vim.BoolPolicy(value=(IN_SHAPING_ENABLE=='true'))
port_inshaping.averageBandwidth = vim.LongPolicy(value=IN_SHAPING_AVERAGE_BPS)
port_inshaping.peakBandwidth = vim.LongPolicy(value=IN_SHAPING_PEAK_BPS)
port_outshaping.enabled = vim.BoolPolicy(value=(OUT_SHAPING_ENABLE=='true'))
port_outshaping.averageBandwidth = vim.LongPolicy(value=OUT_SHAPING_AVERAGE_BPS)
port_outshaping.peakBandwidth = vim.LongPolicy(value=OUT_SHAPING_PEAK_BPS)
port_setting.inShapingPolicy = port_inshaping
port_setting.outShapingPolicy = port_outshaping
port_spec.setting = port_setting
port_task = dvs.ReconfigureDVPort_Task([port_spec])
state2 = WaitForTask(task=port_task, si=serviceInstance, onProgressUpdate=OnTaskProgressUpdate)
outputstr += 'ReconfigDVPort Task completed, state: %s \n'%(state2)
output(outputstr)
def add_dvPort_group(si, dv_switch, portgroupname, vlanid):
dv_pg_spec = vim.dvs.DistributedVirtualPortgroup.ConfigSpec()
dv_pg_spec.name = portgroupname
dv_pg_spec.numPorts = 32
dv_pg_spec.type = vim.dvs.DistributedVirtualPortgroup.PortgroupType.earlyBinding
dv_pg_spec.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy(
)
dv_pg_spec.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy(
)
dv_pg_spec.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec(
)
dv_pg_spec.defaultPortConfig.vlan.vlanId = vlanid
dv_pg_spec.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(
value=False)
dv_pg_spec.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(
value=False)
dv_pg_spec.defaultPortConfig.vlan.inherited = False
dv_pg_spec.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(
value=False)
dv_pg_spec.defaultPortConfig.securityPolicy.inherited = False
if portgroupname == "iSCSI-A":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="failover_explicit")
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortOrderPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.activeUplinkPort = "NetApp_HCI_Storage_vmnic5"
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.standbyUplinkPort = []
if portgroupname == "iSCSI-B":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="failover_explicit")
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortOrderPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.activeUplinkPort = "NetApp_HCI_Storage_vmnic1"
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.standbyUplinkPort = []
if portgroupname == "vMotion":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="loadbalance_loadbased")
if portgroupname == "HCI_Internal_vCenter_Network":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="loadbalance_loadbased")
if portgroupname == "HCI_Internal_OTS_Network":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="loadbalance_loadbased")
if portgroupname == "HCI_Internal_mNode_Network":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="loadbalance_loadbased")
if portgroupname == "Management Network":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="loadbalance_loadbased")
dv_pg_spec.numPorts = 512
if portgroupname == "VM_Network":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="loadbalance_loadbased")
dv_pg_spec.numPorts = 512
task = dv_switch.AddDVPortgroup_Task([dv_pg_spec])
time.sleep(5)
print("Successfully created DV Port Group", portgroupname)
