def create_port_group(self): config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() # Basic config config.name = self.module.params['portgroup_name'] config.numPorts = self.module.params['num_ports'] # Default port config config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy() if self.module.params['vlan_trunk']: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec() vlan_id_list = [] for vlan_id_splitted in self.module.params['vlan_id'].split(','): try: vlan_id_start, vlan_id_end = map(int, vlan_id_splitted.split('-')) if vlan_id_start not in range(0, 4095) or vlan_id_end not in range(0, 4095): self.module.fail_json(msg="vlan_id range %s specified is incorrect. The valid vlan_id range is from 0 to 4094." % vlan_id_splitted) vlan_id_list.append(vim.NumericRange(start=vlan_id_start, end=vlan_id_end)) except ValueError: vlan_id_list.append(vim.NumericRange(start=int(vlan_id_splitted.strip()), end=int(vlan_id_splitted.strip()))) config.defaultPortConfig.vlan.vlanId = vlan_id_list else: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec() config.defaultPortConfig.vlan.vlanId = int(self.module.params['vlan_id']) config.defaultPortConfig.vlan.inherited = False config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy() config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(value=self.module.params['network_policy']['promiscuous']) config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(value=self.module.params['network_policy']['forged_transmits']) config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(value=self.module.params['network_policy']['mac_changes']) # Teaming Policy teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy() teamingPolicy.policy = vim.StringPolicy(value=self.module.params['teaming_policy']['load_balance_policy']) teamingPolicy.reversePolicy = vim.BoolPolicy(value=self.module.params['teaming_policy']['inbound_policy']) teamingPolicy.notifySwitches = vim.BoolPolicy(value=self.module.params['teaming_policy']['notify_switches']) teamingPolicy.rollingOrder = vim.BoolPolicy(value=self.module.params['teaming_policy']['rolling_order']) config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy # PG policy (advanced_policy) config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy() config.policy.blockOverrideAllowed = self.module.params['port_policy']['block_override'] config.policy.ipfixOverrideAllowed = self.module.params['port_policy']['ipfix_override'] config.policy.livePortMovingAllowed = self.module.params['port_policy']['live_port_move'] config.policy.networkResourcePoolOverrideAllowed = self.module.params['port_policy']['network_rp_override'] config.policy.portConfigResetAtDisconnect = self.module.params['port_policy']['port_config_reset_at_disconnect'] config.policy.securityPolicyOverrideAllowed = self.module.params['port_policy']['security_override'] config.policy.shapingOverrideAllowed = self.module.params['port_policy']['shaping_override'] config.policy.trafficFilterOverrideAllowed = self.module.params['port_policy']['traffic_filter_override'] config.policy.uplinkTeamingOverrideAllowed = self.module.params['port_policy']['uplink_teaming_override'] config.policy.vendorConfigOverrideAllowed = self.module.params['port_policy']['vendor_config_override'] config.policy.vlanOverrideAllowed = self.module.params['port_policy']['vlan_override'] # PG Type config.type = self.module.params['portgroup_type'] task = self.dv_switch.AddDVPortgroup_Task([config]) changed, result = wait_for_task(task) return changed, result
def create_port_group(self): config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() # Basic config config.name = self.portgroup_name config.numPorts = self.num_ports # Default port config config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy() if self.vlan_trunk: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec() vlan_id_start, vlan_id_end = self.vlan_id.split('-') config.defaultPortConfig.vlan.vlanId = [vim.NumericRange(start=int(vlan_id_start.strip()), end=int(vlan_id_end.strip()))] else: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec() config.defaultPortConfig.vlan.vlanId = int(self.vlan_id) config.defaultPortConfig.vlan.inherited = False config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy() config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(value=self.security_promiscuous) config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(value=self.security_forged_transmits) config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(value=self.security_mac_changes) # Teaming Policy teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy() teamingPolicy.policy = vim.StringPolicy(value=self.module.params['teaming_policy']['load_balance_policy']) teamingPolicy.reversePolicy = vim.BoolPolicy(value=self.module.params['teaming_policy']['inbound_policy']) teamingPolicy.notifySwitches = vim.BoolPolicy(value=self.module.params['teaming_policy']['notify_switches']) teamingPolicy.rollingOrder = vim.BoolPolicy(value=self.module.params['teaming_policy']['rolling_order']) config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy # PG policy (advanced_policy) config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy() config.policy.blockOverrideAllowed = self.policy_block_override config.policy.ipfixOverrideAllowed = self.policy_ipfix_override config.policy.livePortMovingAllowed = self.policy_live_port_move config.policy.networkResourcePoolOverrideAllowed = self.policy_network_rp_override config.policy.portConfigResetAtDisconnect = self.policy_port_config_reset_at_disconnect config.policy.securityPolicyOverrideAllowed = self.policy_security_override config.policy.shapingOverrideAllowed = self.policy_shaping_override config.policy.trafficFilterOverrideAllowed = self.policy_traffic_filter_override config.policy.uplinkTeamingOverrideAllowed = self.policy_uplink_teaming_override config.policy.vendorConfigOverrideAllowed = self.policy_vendor_config_override config.policy.vlanOverrideAllowed = self.policy_vlan_override # PG Type config.type = self.portgroup_type task = self.dv_switch.AddDVPortgroup_Task([config]) changed, result = wait_for_task(task) return changed, result
def build_config(self): config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() # Basic config config.name = self.module.params['portgroup_name'] config.numPorts = self.module.params['num_ports'] # Default port config config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy() if self.module.params['vlan_trunk']: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec() config.defaultPortConfig.vlan.vlanId = list(map(lambda x: vim.NumericRange(start=x[0], end=x[1]), self.create_vlan_list())) else: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec() config.defaultPortConfig.vlan.vlanId = int(self.module.params['vlan_id']) config.defaultPortConfig.vlan.inherited = False config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy() config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(value=self.module.params['network_policy']['promiscuous']) config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(value=self.module.params['network_policy']['forged_transmits']) config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(value=self.module.params['network_policy']['mac_changes']) # Teaming Policy teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy() teamingPolicy.policy = vim.StringPolicy(value=self.module.params['teaming_policy']['load_balance_policy']) teamingPolicy.reversePolicy = vim.BoolPolicy(value=self.module.params['teaming_policy']['inbound_policy']) teamingPolicy.notifySwitches = vim.BoolPolicy(value=self.module.params['teaming_policy']['notify_switches']) teamingPolicy.rollingOrder = vim.BoolPolicy(value=self.module.params['teaming_policy']['rolling_order']) config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy # PG policy (advanced_policy) config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy() config.policy.blockOverrideAllowed = self.module.params['port_policy']['block_override'] config.policy.ipfixOverrideAllowed = self.module.params['port_policy']['ipfix_override'] config.policy.livePortMovingAllowed = self.module.params['port_policy']['live_port_move'] config.policy.networkResourcePoolOverrideAllowed = self.module.params['port_policy']['network_rp_override'] config.policy.portConfigResetAtDisconnect = self.module.params['port_policy']['port_config_reset_at_disconnect'] config.policy.securityPolicyOverrideAllowed = self.module.params['port_policy']['security_override'] config.policy.shapingOverrideAllowed = self.module.params['port_policy']['shaping_override'] config.policy.trafficFilterOverrideAllowed = self.module.params['port_policy']['traffic_filter_override'] config.policy.uplinkTeamingOverrideAllowed = self.module.params['port_policy']['uplink_teaming_override'] config.policy.vendorConfigOverrideAllowed = self.module.params['port_policy']['vendor_config_override'] config.policy.vlanOverrideAllowed = self.module.params['port_policy']['vlan_override'] # PG Type config.type = self.module.params['portgroup_type'] return config
def ensure(self): """Manage uplink portgroup""" changed = changed_uplink_pg_policy = changed_vlan_trunk_range = changed_lacp = False results = dict(changed=changed) results['dvswitch'] = self.switch_name changed_list = [] uplink_pg_spec = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() # Use the same version in the new spec; The version will be increased by one by the API automatically uplink_pg_spec.configVersion = self.dvs.config.uplinkPortgroup[0].config.configVersion uplink_pg_config = self.dvs.config.uplinkPortgroup[0].config # Check name if self.uplink_pg_name: results['name'] = self.uplink_pg_name if uplink_pg_config.name != self.uplink_pg_name: changed = True changed_list.append("name") results['name_previous'] = uplink_pg_config.name uplink_pg_spec.name = self.uplink_pg_name else: results['name'] = uplink_pg_config.name # Check description results['description'] = self.uplink_pg_description if uplink_pg_config.description != self.uplink_pg_description: changed = True changed_list.append("description") results['description_previous'] = uplink_pg_config.description uplink_pg_spec.description = self.uplink_pg_description # Check port policies results['adv_reset_at_disconnect'] = self.uplink_pg_reset results['adv_block_ports'] = self.uplink_pg_block_ports results['adv_vendor_conf'] = self.uplink_pg_vendor_conf results['adv_vlan'] = self.uplink_pg_vlan results['adv_netflow'] = self.uplink_pg_netflow results['adv_traffic_filtering'] = self.uplink_pg_tf uplink_pg_policy_spec = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy() uplink_pg_policy_spec.portConfigResetAtDisconnect = self.uplink_pg_reset uplink_pg_policy_spec.blockOverrideAllowed = self.uplink_pg_block_ports uplink_pg_policy_spec.vendorConfigOverrideAllowed = self.uplink_pg_vendor_conf uplink_pg_policy_spec.vlanOverrideAllowed = self.uplink_pg_vlan uplink_pg_policy_spec.ipfixOverrideAllowed = self.uplink_pg_netflow uplink_pg_policy_spec.trafficFilterOverrideAllowed = self.uplink_pg_tf # There's no information available if the following option are deprecated, but # they aren't visible in the vSphere Client uplink_pg_policy_spec.shapingOverrideAllowed = False uplink_pg_policy_spec.livePortMovingAllowed = False uplink_pg_policy_spec.uplinkTeamingOverrideAllowed = False uplink_pg_policy_spec.securityPolicyOverrideAllowed = False uplink_pg_policy_spec.networkResourcePoolOverrideAllowed = False # Check policies if uplink_pg_config.policy.portConfigResetAtDisconnect != self.uplink_pg_reset: changed_uplink_pg_policy = True results['adv_reset_at_disconnect_previous'] = uplink_pg_config.policy.portConfigResetAtDisconnect if uplink_pg_config.policy.blockOverrideAllowed != self.uplink_pg_block_ports: changed_uplink_pg_policy = True results['adv_block_ports_previous'] = uplink_pg_config.policy.blockOverrideAllowed if uplink_pg_config.policy.vendorConfigOverrideAllowed != self.uplink_pg_vendor_conf: changed_uplink_pg_policy = True results['adv_vendor_conf_previous'] = uplink_pg_config.policy.vendorConfigOverrideAllowed if uplink_pg_config.policy.vlanOverrideAllowed != self.uplink_pg_vlan: changed_uplink_pg_policy = True results['adv_vlan_previous'] = uplink_pg_config.policy.vlanOverrideAllowed if uplink_pg_config.policy.ipfixOverrideAllowed != self.uplink_pg_netflow: changed_uplink_pg_policy = True results['adv_netflow_previous'] = uplink_pg_config.policy.ipfixOverrideAllowed if uplink_pg_config.policy.trafficFilterOverrideAllowed != self.uplink_pg_tf: changed_uplink_pg_policy = True results['adv_traffic_filtering_previous'] = uplink_pg_config.policy.trafficFilterOverrideAllowed if changed_uplink_pg_policy: changed = True changed_list.append("advanced") uplink_pg_spec.policy = uplink_pg_policy_spec uplink_pg_spec.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy() # Check VLAN trunk results['vlan_trunk_range'] = self.uplink_pg_vlan_trunk_range vlan_id_ranges = self.uplink_pg_vlan_trunk_range trunk_vlan_spec = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec() vlan_id_list = [] for vlan_id_range in vlan_id_ranges: vlan_id_range_found = False vlan_id_start, vlan_id_end = self.get_vlan_ids_from_range(vlan_id_range) # Check if range is already configured for current_vlan_id_range in uplink_pg_config.defaultPortConfig.vlan.vlanId: if current_vlan_id_range.start == int(vlan_id_start) and current_vlan_id_range.end == int(vlan_id_end): vlan_id_range_found = True break if vlan_id_range_found is False: changed_vlan_trunk_range = True vlan_id_list.append( vim.NumericRange(start=int(vlan_id_start), end=int(vlan_id_end)) ) # Check if range needs to be removed for current_vlan_id_range in uplink_pg_config.defaultPortConfig.vlan.vlanId: vlan_id_range_found = False for vlan_id_range in vlan_id_ranges: vlan_id_start, vlan_id_end = self.get_vlan_ids_from_range(vlan_id_range) if (current_vlan_id_range.start == int(vlan_id_start) and current_vlan_id_range.end == int(vlan_id_end)): vlan_id_range_found = True break if vlan_id_range_found is False: changed_vlan_trunk_range = True trunk_vlan_spec.vlanId = vlan_id_list if changed_vlan_trunk_range: changed = True changed_list.append("vlan trunk range") current_vlan_id_list = [] for current_vlan_id_range in uplink_pg_config.defaultPortConfig.vlan.vlanId: if current_vlan_id_range.start == current_vlan_id_range.end: current_vlan_id_range_string = current_vlan_id_range.start else: current_vlan_id_range_string = '-'.join( [str(current_vlan_id_range.start), str(current_vlan_id_range.end)] ) current_vlan_id_list.append(current_vlan_id_range_string) results['vlan_trunk_range_previous'] = current_vlan_id_list uplink_pg_spec.defaultPortConfig.vlan = trunk_vlan_spec # Check LACP lacp_support_mode = self.get_lacp_support_mode(self.support_mode) if lacp_support_mode == 'basic': results['lacp_status'] = self.lacp_status lacp_spec = vim.dvs.VmwareDistributedVirtualSwitch.UplinkLacpPolicy() lacp_enabled = False if self.lacp_status == 'enabled': lacp_enabled = True if uplink_pg_config.defaultPortConfig.lacpPolicy.enable.value != lacp_enabled: changed_lacp = True changed_list.append("lacp status") if uplink_pg_config.defaultPortConfig.lacpPolicy.enable.value: results['lacp_status_previous'] = 'enabled' else: results['lacp_status_previous'] = 'disabled' lacp_spec.enable = vim.BoolPolicy() lacp_spec.enable.inherited = False lacp_spec.enable.value = lacp_enabled if lacp_enabled and uplink_pg_config.defaultPortConfig.lacpPolicy.mode.value != self.lacp_mode: results['lacp_mode'] = self.lacp_mode changed_lacp = True changed_list.append("lacp mode") results['lacp_mode_previous'] = uplink_pg_config.defaultPortConfig.lacpPolicy.mode.value lacp_spec.mode = vim.StringPolicy() lacp_spec.mode.inherited = False lacp_spec.mode.value = self.lacp_mode if changed_lacp: changed = True uplink_pg_spec.defaultPortConfig.lacpPolicy = lacp_spec # Check NetFlow results['netflow_enabled'] = self.uplink_pg_netflow_enabled netflow_enabled_spec = vim.BoolPolicy() netflow_enabled_spec.inherited = False netflow_enabled_spec.value = self.uplink_pg_netflow_enabled if uplink_pg_config.defaultPortConfig.ipfixEnabled.value != self.uplink_pg_netflow_enabled: changed = True results['netflow_enabled_previous'] = uplink_pg_config.defaultPortConfig.ipfixEnabled.value changed_list.append("netflow") uplink_pg_spec.defaultPortConfig.ipfixEnabled = netflow_enabled_spec # TODO: Check Traffic filtering and marking # Check Block all ports results['block_all_ports'] = self.uplink_pg_block_all_ports block_all_ports_spec = vim.BoolPolicy() block_all_ports_spec.inherited = False block_all_ports_spec.value = self.uplink_pg_block_all_ports if uplink_pg_config.defaultPortConfig.blocked.value != self.uplink_pg_block_all_ports: changed = True changed_list.append("block all ports") results['block_all_ports_previous'] = uplink_pg_config.defaultPortConfig.blocked.value uplink_pg_spec.defaultPortConfig.blocked = block_all_ports_spec if changed: if self.module.check_mode: changed_suffix = ' would be changed' else: changed_suffix = ' changed' if len(changed_list) > 2: message = ', '.join(changed_list[:-1]) + ', and ' + str(changed_list[-1]) elif len(changed_list) == 2: message = ' and '.join(changed_list) elif len(changed_list) == 1: message = changed_list[0] message += changed_suffix if not self.module.check_mode: try: task = self.dvs.config.uplinkPortgroup[0].ReconfigureDVPortgroup_Task(uplink_pg_spec) wait_for_task(task) except TaskError as invalid_argument: self.module.fail_json(msg="Failed to update uplink portgroup : %s" % to_native(invalid_argument)) else: message = "Uplink portgroup already configured properly" results['changed'] = changed results['result'] = message self.module.exit_json(**results)
def create_dvs(self, host_vmnics, dvs_name, num_uplinks=4, mtu: int = None): """ Create a distributed virtual switch within the datacenter Args: host_vmnics (dict): A dictionary storing {host_obj: vmnics} where host_obj is vim.HostSystem type and vmnics is a list of str for the names of physical adapters. dvs_name (str): The name of the DVS to be created num_uplinks (int): Number of active uplinks mtu: MTU for DVS Returns: Task References: pyvmomi/docs/vim/host/NetworkSystem.rst pyvmomi/docs/vim/host/PortGroup.rst """ for network_obj in GetDatacenter( self.datacenter_obj).network_resources(): if network_obj.name == dvs_name: self.logger.info("DVS {0} already exists".format(dvs_name)) return host_cfgs = [] for host_obj, vmnics in host_vmnics.items(): uplinks = [] if host_obj.runtime.connectionState != "connected": self.logger.error("Host {0} is not connected. Skipped".format( host_obj.name)) continue host_cfg = vim.dvs.HostMember.ConfigSpec() host_cfg.operation = vim.ConfigSpecOperation.add host_cfg.host = host_obj host_cfg.backing = vim.dvs.HostMember.PnicBacking() for pnic in GetHost(host_obj).pnics(): for vmnic in vmnics: if pnic.device == vmnic: pnic_spec = vim.dvs.HostMember.PnicSpec() pnic_spec.pnicDevice = pnic.device uplinks.append(pnic_spec) host_cfg.backing.pnicSpec = uplinks host_cfgs.append(host_cfg) uplink_port_policy = vim.DistributedVirtualSwitch.NameArrayUplinkPortPolicy( ) uplnk_port_order = [] for i in range(num_uplinks): name = "uplink%d" % (i + 1) uplink_port_policy.uplinkPortName.append(name) uplnk_port_order.append(name) string_policy = vim.StringPolicy() string_policy.value = "failover_explicit" uplink_port_order_policy = ( vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortOrderPolicy()) # activeUplinkPort: list of active uplink ports used for load balancing uplink_port_order_policy.activeUplinkPort = uplnk_port_order team = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy() team.policy = string_policy team.uplinkPortOrder = uplink_port_order_policy port_config_policy = ( vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy()) port_config_policy.uplinkTeamingPolicy = team dvs_config_spec = vim.dvs.VmwareDistributedVirtualSwitch.ConfigSpec() dvs_config_spec.name = dvs_name dvs_config_spec.host = host_cfgs dvs_config_spec.defaultPortConfig = port_config_policy dvs_config_spec.lacpApiVersion = ( vim.dvs.VmwareDistributedVirtualSwitch.LacpApiVersion.multipleLag) dvs_config_spec.numStandalonePorts = num_uplinks if mtu: dvs_config_spec.maxMtu = mtu dvs_create_spec = vim.DistributedVirtualSwitch.CreateSpec( configSpec=dvs_config_spec) task = self.datacenter_obj.networkFolder.CreateDVS_Task( dvs_create_spec) return task
def _set_loadbalancing_config(self, key): self.nic_teaming.policy = vim.StringPolicy( value=self.load_balance.get(key))
def build_config(self): config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() # Basic config config.name = self.module.params['portgroup_name'] if self.module.params[ 'port_allocation'] != 'elastic' and self.module.params[ 'port_binding'] != 'ephemeral': config.numPorts = self.module.params['num_ports'] # Default port config config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy( ) if self.module.params['vlan_trunk']: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec( ) config.defaultPortConfig.vlan.vlanId = list( map(lambda x: vim.NumericRange(start=x[0], end=x[1]), self.create_vlan_list())) elif self.module.params['vlan_private']: # Check that private VLAN exists in dvs if self.module.params['vlan_private']: pvlan_exists = self.check_dvs_pvlan() if not pvlan_exists: self.module.fail_json( msg= "No private vlan with id %s in distributed vSwitch %s" % (self.module.params['vlan_id'], self.module.params['switch_name'])) config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.PvlanSpec( ) config.defaultPortConfig.vlan.pvlanId = int( self.module.params['vlan_id']) else: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec( ) config.defaultPortConfig.vlan.vlanId = int( self.module.params['vlan_id']) config.defaultPortConfig.vlan.inherited = False # If the dvSwitch supports MAC learning, it's a version where securityPolicy is deprecated if self.supports_mac_learning(): config.defaultPortConfig.macManagementPolicy = vim.dvs.VmwareDistributedVirtualSwitch.MacManagementPolicy( ) config.defaultPortConfig.macManagementPolicy.allowPromiscuous = self.module.params[ 'network_policy']['promiscuous'] config.defaultPortConfig.macManagementPolicy.forgedTransmits = self.module.params[ 'network_policy']['forged_transmits'] config.defaultPortConfig.macManagementPolicy.macChanges = self.module.params[ 'network_policy']['mac_changes'] macLearning = self.module.params['mac_learning'] if macLearning: macLearningPolicy = vim.dvs.VmwareDistributedVirtualSwitch.MacLearningPolicy( ) if macLearning['allow_unicast_flooding'] is not None: macLearningPolicy.allowUnicastFlooding = macLearning[ 'allow_unicast_flooding'] if macLearning['enabled'] is not None: macLearningPolicy.enabled = macLearning['enabled'] if macLearning['limit'] is not None: macLearningPolicy.limit = macLearning['limit'] if macLearning['limit_policy']: macLearningPolicy.limitPolicy = macLearning['limit_policy'] config.defaultPortConfig.macManagementPolicy.macLearningPolicy = macLearningPolicy else: config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy( ) config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy( value=self.module.params['network_policy']['promiscuous']) config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy( value=self.module.params['network_policy']['forged_transmits']) config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy( value=self.module.params['network_policy']['mac_changes']) # Teaming Policy teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy( ) teamingPolicy.policy = vim.StringPolicy( value=self.module.params['teaming_policy']['load_balance_policy']) if self.module.params['teaming_policy']['inbound_policy'] is not None: teamingPolicy.reversePolicy = vim.BoolPolicy( value=self.module.params['teaming_policy']['inbound_policy']) teamingPolicy.notifySwitches = vim.BoolPolicy( value=self.module.params['teaming_policy']['notify_switches']) teamingPolicy.rollingOrder = vim.BoolPolicy( value=self.module.params['teaming_policy']['rolling_order']) if self.module.params['teaming_policy'][ 'active_uplinks'] or self.module.params['teaming_policy'][ 'standby_uplinks']: teamingPolicy.uplinkPortOrder = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortOrderPolicy( ) if self.module.params['teaming_policy']['active_uplinks']: teamingPolicy.uplinkPortOrder.activeUplinkPort = self.module.params[ 'teaming_policy']['active_uplinks'] if self.module.params['teaming_policy']['standby_uplinks']: teamingPolicy.uplinkPortOrder.standbyUplinkPort = self.module.params[ 'teaming_policy']['standby_uplinks'] config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy # PG policy (advanced_policy) config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy( ) config.policy.blockOverrideAllowed = self.module.params['port_policy'][ 'block_override'] config.policy.ipfixOverrideAllowed = self.module.params['port_policy'][ 'ipfix_override'] config.policy.livePortMovingAllowed = self.module.params[ 'port_policy']['live_port_move'] config.policy.networkResourcePoolOverrideAllowed = self.module.params[ 'port_policy']['network_rp_override'] config.policy.portConfigResetAtDisconnect = self.module.params[ 'port_policy']['port_config_reset_at_disconnect'] config.policy.securityPolicyOverrideAllowed = self.module.params[ 'port_policy']['security_override'] config.policy.shapingOverrideAllowed = self.module.params[ 'port_policy']['shaping_override'] config.policy.trafficFilterOverrideAllowed = self.module.params[ 'port_policy']['traffic_filter_override'] config.policy.uplinkTeamingOverrideAllowed = self.module.params[ 'port_policy']['uplink_teaming_override'] config.policy.vendorConfigOverrideAllowed = self.module.params[ 'port_policy']['vendor_config_override'] config.policy.vlanOverrideAllowed = self.module.params['port_policy'][ 'vlan_override'] # PG Type # NOTE: 'portgroup_type' is deprecated. if self.module.params['portgroup_type']: config.type = self.module.params['portgroup_type'] elif self.module.params['port_binding'] == 'ephemeral': config.type = 'ephemeral' else: config.type = 'earlyBinding' if self.module.params['port_allocation']: if self.module.params['port_allocation'] == 'elastic': config.autoExpand = True else: config.autoExpand = False return config
def add_dvPort_group(si, dv_switch, portgroupname, vlanid): dv_pg_spec = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() dv_pg_spec.name = portgroupname dv_pg_spec.numPorts = 32 dv_pg_spec.type = vim.dvs.DistributedVirtualPortgroup.PortgroupType.earlyBinding dv_pg_spec.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy( ) dv_pg_spec.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy( ) dv_pg_spec.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec( ) dv_pg_spec.defaultPortConfig.vlan.vlanId = vlanid dv_pg_spec.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy( value=False) dv_pg_spec.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy( value=False) dv_pg_spec.defaultPortConfig.vlan.inherited = False dv_pg_spec.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy( value=False) dv_pg_spec.defaultPortConfig.securityPolicy.inherited = False if portgroupname == "iSCSI-A": dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy( ) dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy( value="failover_explicit") dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortOrderPolicy( ) dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.activeUplinkPort = "NetApp_HCI_Storage_vmnic5" dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.standbyUplinkPort = [] if portgroupname == "iSCSI-B": dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy( ) dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy( value="failover_explicit") dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortOrderPolicy( ) dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.activeUplinkPort = "NetApp_HCI_Storage_vmnic1" dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.standbyUplinkPort = [] if portgroupname == "vMotion": dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy( ) dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy( value="loadbalance_loadbased") if portgroupname == "HCI_Internal_vCenter_Network": dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy( ) dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy( value="loadbalance_loadbased") if portgroupname == "HCI_Internal_OTS_Network": dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy( ) dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy( value="loadbalance_loadbased") if portgroupname == "HCI_Internal_mNode_Network": dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy( ) dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy( value="loadbalance_loadbased") if portgroupname == "Management Network": dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy( ) dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy( value="loadbalance_loadbased") dv_pg_spec.numPorts = 512 if portgroupname == "VM_Network": dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy( ) dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy( value="loadbalance_loadbased") dv_pg_spec.numPorts = 512 task = dv_switch.AddDVPortgroup_Task([dv_pg_spec]) time.sleep(5) print("Successfully created DV Port Group", portgroupname)