def create_network_interface(self, group_name, location, nic_name, subnet):
async_nic_creation = self.network_client.network_interfaces.begin_create_or_update(
group_name,
nic_name,
# model style
network_models.NetworkInterface(
location=location,
ip_configurations=[
network_models.NetworkInterfaceIPConfiguration(
name="MyIpConfig",
subnet=network_models.Subnet(id=subnet.id))
])
# json style
# {
# 'location': location,
# 'ip_configurations': [{
# 'name': 'MyIpConfig',
# 'subnet': {
# 'id': subnet.id
# }
# }]
# }
)
nic = async_nic_creation.result()
return nic
def connect_agents_to_controlplane_subnet(self):
self.logging.info("Connecting agents VMs to the control-plane subnet")
control_plane_subnet = utils.retry_on_error()(
self.network_client.subnets.get)(
self.cluster_name, "{}-vnet".format(self.cluster_name),
"{}-controlplane-subnet".format(self.cluster_name))
subnet_id = control_plane_subnet.id
for vm in self._get_agents_vms():
self.logging.info("Connecting VM {}".format(vm.name))
nic_id = vm.network_profile.network_interfaces[0].id
vm_nic = self._get_vm_nic(nic_id)
nic_address = vm_nic.ip_configurations[0].private_ip_address
route = self._get_vm_route(nic_address)
self.logging.info("Shutting down VM")
utils.retry_on_error()(
self.compute_client.virtual_machines.begin_deallocate)(
self.cluster_name, vm.name).wait()
self.logging.info("Updating VM NIC subnet")
nic_parameters = vm_nic.as_dict()
nic_model = net_models.NetworkInterface(**nic_parameters)
nic_model.ip_configurations[0]['subnet']['id'] = subnet_id
utils.retry_on_error()(
self.network_client.network_interfaces.begin_create_or_update)(
self.cluster_name, vm_nic.name, nic_model).wait()
self.logging.info("Starting VM")
utils.retry_on_error()(
self.compute_client.virtual_machines.begin_start)(
self.cluster_name, vm.name).wait()
self.logging.info("Updating the node routetable")
route_params = route.as_dict()
vm_nic = self._get_vm_nic(nic_id) # Refresh NIC info
nic_address = vm_nic.ip_configurations[0].private_ip_address
route_params["next_hop_ip_address"] = nic_address
utils.retry_on_error()(
self.network_client.routes.begin_create_or_update)(
self.cluster_name,
"{}-node-routetable".format(self.cluster_name), route.name,
route_params).wait()
self.logging.info(
"Waiting until VM address is refreshed in the CAPZ cluster")
for attempt in Retrying(stop=stop_after_delay(10 * 60),
wait=wait_exponential(max=30),
reraise=True):
with attempt:
addresses = self._get_agents_private_addresses("windows")
assert nic_address in addresses
def create_network_interface(network_client, vm_resource, subnet, nsg,
private_ips, pips, offset):
# type: (azure.mgmt.network.NetworkManagementClient,
# settings.VmResource, networkmodels.Subnet,
# networkmodels.NetworkSecurityGroup, List[str], dict, int) ->
# msrestazure.azure_operation.AzureOperationPoller
"""Create a network interface
:param azure.mgmt.network.NetworkManagementClient network_client:
network client
:param settings.VmResource vm_resource: VM Resource
:param networkmodels.Subnet subnet: virtual network subnet
:param networkmodels.NetworkSecurityGroup nsg: network security group
:param list private_ips: list of static private ips
:param dict pips: public ip map
:param int offset: network interface number
:rtype: msrestazure.azure_operation.AzureOperationPoller
:return: msrestazure.azure_operation.AzureOperationPoller
"""
nic_name = settings.generate_network_interface_name(vm_resource, offset)
# check and fail if nic exists
try:
network_client.network_interfaces.get(
resource_group_name=vm_resource.resource_group,
network_interface_name=nic_name,
)
raise RuntimeError('network interface {} exists'.format(nic_name))
except msrestazure.azure_exceptions.CloudError as e:
if e.status_code == 404:
pass
else:
raise
if util.is_none_or_empty(pips):
pip = None
logger.debug(
'not assigning public ip to network interface {}'.format(nic_name))
else:
pip = pips[offset]
logger.debug('assigning public ip {} to network interface {}'.format(
pip.name, nic_name))
# create network ip config
if private_ips is None:
network_ip_config = networkmodels.NetworkInterfaceIPConfiguration(
name=vm_resource.hostname_prefix,
subnet=subnet,
public_ip_address=pip,
)
else:
network_ip_config = networkmodels.NetworkInterfaceIPConfiguration(
name=vm_resource.hostname_prefix,
subnet=subnet,
public_ip_address=pip,
private_ip_address=private_ips[offset],
private_ip_allocation_method=networkmodels.IPAllocationMethod.
static,
private_ip_address_version=networkmodels.IPVersion.ipv4,
)
logger.debug('creating network interface: {}'.format(nic_name))
return network_client.network_interfaces.create_or_update(
resource_group_name=vm_resource.resource_group,
network_interface_name=nic_name,
parameters=networkmodels.NetworkInterface(
location=vm_resource.location,
network_security_group=nsg,
ip_configurations=[network_ip_config],
enable_accelerated_networking=vm_resource.accelerated_networking,
),
)
def create_vnet(results_queue, creds, subscription, vv):
settings = Settings()
hub_1_public = None
hub_1_private = None
resource_client = ResourceManagementClient(creds, subscription)
compute_client = ComputeManagementClient(creds, subscription)
storage_client = StorageManagementClient(creds, subscription)
network_client = NetworkManagementClient(creds, subscription)
# 1 Create Resource Group
resg = resource_client.resource_groups.create_or_update(
vv['resource_group_name'], {'location': vv['region']})
rg = resg.name
# 2 Create WAN Network Security Group
rule_ssh_in = network_models.SecurityRule(
description='allow ssh in',
protocol='TCP',
source_port_range='*',
destination_port_range='22',
source_address_prefix='*',
destination_address_prefix='*', # Or to local CIDR
access='Allow',
priority=100,
direction='Inbound',
name='ssh-inbound')
rule_internet_key_exchange_in = network_models.SecurityRule(
description='allow ike in',
protocol='UDP',
source_port_range='*',
destination_port_range='500',
source_address_prefix='*',
destination_address_prefix='*', # Or to local CIDR
access='Allow',
priority=110,
direction='Inbound',
name='ike-inbound')
rule_nat_t_in = network_models.SecurityRule(
description='allow nat-t in',
protocol='UDP',
source_port_range='*',
destination_port_range='4500',
source_address_prefix='*',
destination_address_prefix='*', # Or to local CIDR
access='Allow',
priority=120,
direction='Inbound',
name='nat-t-inbound')
wan_ipsec_nsg_params = network_models.NetworkSecurityGroup(
location=vv['region'],
security_rules=[
rule_ssh_in, rule_internet_key_exchange_in, rule_nat_t_in
])
nsg_creation = network_client.network_security_groups.create_or_update(
rg, vv['wan_security_group_name'], wan_ipsec_nsg_params)
wan_ipsec_nsg = network_client.network_security_groups.get(
vv['resource_group_name'], vv['wan_security_group_name'])
# Create Private Network Security Group
all_in = network_models.SecurityRule(description='allow all traffic',
protocol='*',
source_port_range='*',
destination_port_range='*',
source_address_prefix='*',
destination_address_prefix='*',
access='Allow',
priority=100,
direction='Inbound',
name='All')
open_nsg_params = network_models.NetworkSecurityGroup(
location=vv['region'], security_rules=[all_in])
open_nsg_creation = network_client.network_security_groups.create_or_update(
rg, 'open_nsg', open_nsg_params)
open_nsg = network_client.network_security_groups.get(
vv['resource_group_name'], 'open_nsg')
# 3 Create a VNET
address_space_model = network_models.AddressSpace(
address_prefixes=[vv['public_vnet_prefix'], vv['private_vnet_prefix']])
if vv['type'] == 'silb':
vnet_model = network_models.VirtualNetwork(
location=vv['region'],
tags={
vv['tvpc_program_key']: vv['cluster'],
'tvpc_silb_vnet': 'True'
},
address_space=address_space_model,
)
elif vv['type'] == 'vnet':
vnet_model = network_models.VirtualNetwork(
location=vv['region'],
tags={vv['tvpc_program_key']: vv['cluster']},
address_space=address_space_model,
)
else:
vnet_model = network_models.VirtualNetwork(
location=vv['region'],
address_space=address_space_model,
)
result_object_vnet_creation = network_client.virtual_networks.create_or_update(
resource_group_name=vv['resource_group_name'],
virtual_network_name=vv['vnet_name'],
parameters=vnet_model)
result_object_vnet_creation.wait()
# 4 Create Routes
default_route = network_models.Route(address_prefix='0.0.0.0/0',
next_hop_type='Internet',
name='default_route')
private_subnet_route = network_models.Route(
address_prefix=vv['private_vnet_prefix'],
next_hop_type='VnetLocal',
name='private_subnet_route')
# 5 Create Route Tables
wan_route_table_params = network_models.RouteTable(
location=vv['region'], routes=[default_route, private_subnet_route])
result_object_route_table_wan_creation = network_client.route_tables.create_or_update(
vv['resource_group_name'], 'wan_route_table', wan_route_table_params)
result_object_route_table_wan_creation.wait()
wan_route_table = result_object_route_table_wan_creation.result()
private_route_table_params = network_models.RouteTable(
location=vv['region'], routes=[private_subnet_route])
result_object_route_table_private_creation = network_client.route_tables.create_or_update(
vv['resource_group_name'], 'private_route_table',
private_route_table_params)
result_object_route_table_private_creation.wait()
private_route_table = result_object_route_table_private_creation.result()
# 6 Create Subnets
result_object_subnet_creation = network_client.subnets.create_or_update(
resource_group_name=vv['resource_group_name'],
virtual_network_name=vv['vnet_name'],
subnet_name='TVPC_WAN_Subnet',
subnet_parameters=network_models.Subnet(
address_prefix=vv['public_vnet_prefix'],
network_security_group=wan_ipsec_nsg,
route_table=wan_route_table))
subnet_wan = result_object_subnet_creation.result()
result_object_subnet_creation = network_client.subnets.create_or_update(
resource_group_name=vv['resource_group_name'],
virtual_network_name=vv['vnet_name'],
subnet_name='TVPC_Private_Subnet',
subnet_parameters=network_models.Subnet(
address_prefix=vv['private_vnet_prefix'],
route_table=private_route_table))
subnet_private = result_object_subnet_creation.result()
# 7 Create Storage Account
storage_result_object_operation = storage_client.storage_accounts.create(
vv['resource_group_name'], vv['storage_account_name'], {
'sku': {
'name': 'standard_lrs'
},
'kind': 'storage',
'location': vv['region']
})
storage_result_object_operation.wait()
# 8 Create an Availability Set
if vv['type'] == 'silb':
av_sku_params = compute_models.Sku(name='Aligned')
availability_set_parameters = compute_models.AvailabilitySet(
location=vv['region'],
platform_update_domain_count=5,
platform_fault_domain_count=2,
sku=av_sku_params)
avset = compute_client.availability_sets.create_or_update(
rg, vv['availability_set_name'], availability_set_parameters)
avset_return = compute_client.availability_sets.get(
vv['resource_group_name'], vv['availability_set_name'])
# 9 Create Load Balancer
if vv['type'] == 'silb':
load_balancer_name = 'SILB'
fip_name = 'FIPdmvpn'
bap_name = 'BAPdmvpn'
probe_name = 'SSHhealthcheck'
silb_rule_name = 'slball'
def construct_fip_id(subscription_id):
return ('/subscriptions/{}'
'/resourceGroups/{}'
'/providers/Microsoft.Network'
'/loadBalancers/{}'
'/frontendIPConfigurations/{}').format(
subscription_id, vv['resource_group_name'],
load_balancer_name, fip_name)
def construct_bap_id(subscription_id):
return ('/subscriptions/{}'
'/resourceGroups/{}'
'/providers/Microsoft.Network'
'/loadBalancers/{}'
'/backendAddressPools/{}').format(
subscription_id, vv['resource_group_name'],
load_balancer_name, bap_name)
def construct_probe_id(subscription_id):
return ('/subscriptions/{}'
'/resourceGroups/{}'
'/providers/Microsoft.Network'
'/loadBalancers/{}'
'/probes/{}').format(subscription_id,
vv['resource_group_name'],
load_balancer_name, probe_name)
subnet_silb = network_client.subnets.get(vv['resource_group_name'],
vv['vnet_name'],
'TVPC_Private_Subnet')
front_ip_config = network_models.FrontendIPConfiguration(
private_ip_allocation_method='Dynamic',
subnet={'id': subnet_silb.id},
name=fip_name,
)
back_pool = network_models.BackendAddressPool(name=bap_name)
fipn = construct_fip_id(subscription_id)
bapn = construct_bap_id(subscription_id)
proben = construct_probe_id(subscription_id)
silb_rules = network_models.LoadBalancingRule(
frontend_ip_configuration={'id': fipn},
backend_address_pool={'id': bapn},
probe={'id': proben},
protocol='All',
load_distribution='Default',
frontend_port=0,
backend_port=0,
idle_timeout_in_minutes=4,
enable_floating_ip=True,
enable_tcp_reset=False,
disable_outbound_snat=True,
name=silb_rule_name)
silb_probes = network_models.Probe(protocol='Tcp',
port=22,
interval_in_seconds=5,
number_of_probes=2,
name=probe_name)
silb_sku = network_models.LoadBalancerSku(name='Standard')
silb_model = network_models.LoadBalancer(
location=vv['region'],
frontend_ip_configurations=[front_ip_config],
backend_address_pools=[back_pool],
load_balancing_rules=[silb_rules],
probes=[silb_probes],
sku=silb_sku,
tags={vv['tvpc_program_key']: vv['cluster']},
)
lb_result_object_creation = network_client.load_balancers.create_or_update(
resource_group_name=vv['resource_group_name'],
load_balancer_name=load_balancer_name,
parameters=silb_model)
lb_info = lb_result_object_creation.result()
bap_info = network_client.load_balancer_backend_address_pools.get(
vv['resource_group_name'], load_balancer_name, bap_name)
router_counter = 0
for r in vv['dmvpn_address']:
vv['router_counter'] = str(router_counter)
vv['dmvpn_address_router'] = vv['dmvpn_address'][router_counter]
# 9 Create PublicIP
address_sku = network_models.PublicIPAddressSku(name='Standard')
public_ip_address_parameters = network_models.PublicIPAddress(
location=vv['region'],
public_ip_allocation_method='Static',
sku=address_sku)
pip_name = 'pip_' + str(router_counter)
result_object_public_ip_creation = network_client.public_ip_addresses.create_or_update(
vv['resource_group_name'], pip_name, public_ip_address_parameters)
result_object_public_ip_creation.wait()
public_ip_info = result_object_public_ip_creation.result()
# 10 Create NICs
nic_0_name = 'CSR_' + str(router_counter) + '_nic_0'
nic_0_config = network_models.IPConfiguration(
subnet=subnet_wan,
name=nic_0_name,
private_ip_allocation_method=network_models.IPAllocationMethod.
dynamic,
public_ip_address=public_ip_info)
nic_0_parameters = network_models.NetworkInterface(
location=vv['region'],
network_security_group=wan_ipsec_nsg,
enable_accelerated_networking=True,
ip_configurations=[nic_0_config],
primary=True,
enable_ip_forwarding=False # False
)
result_object_nic_0_create = network_client.network_interfaces.create_or_update(
vv['resource_group_name'], nic_0_name, nic_0_parameters)
result_object_nic_0_create.wait()
nic_0 = result_object_nic_0_create.result()
nic_0.primary = True # This is a bug. The primary key is always None after interface create or update
if vv['type'] == 'silb':
nic_1_name = 'CSR_' + str(router_counter) + '_nic_1'
result_object_nic_1_create = network_client.network_interfaces.create_or_update(
vv['resource_group_name'], nic_1_name, {
'location':
vv['region'],
'network_security_group':
open_nsg,
'enable_accelerated_networking':
True,
'enable_ip_forwarding':
True,
'primary':
False,
'ip_configurations': [{
'name':
'some_config_name',
'subnet': {
'id': subnet_silb.id
},
'private_ip_allocation_method':
network_models.IPAllocationMethod.dynamic,
'load_balancer_backend_address_pools': [{
'id':
bap_info.id
}]
}]
})
result_object_nic_1_create.wait()
nic_1 = result_object_nic_1_create.result()
nic_1.primary = False # This is a bug. The primary key is always None after interface create or update
else:
nic_1_name = 'CSR_' + str(router_counter) + '_nic_1'
nic_1_config = network_models.IPConfiguration(
subnet=subnet_private,
name=nic_1_name,
private_ip_allocation_method=network_models.IPAllocationMethod.
dynamic)
nic_1_parameters = network_models.NetworkInterface(
location=vv['region'],
network_security_group=wan_ipsec_nsg,
enable_accelerated_networking=True,
ip_configurations=[nic_1_config],
primary=False,
enable_ip_forwarding=True)
result_object_nic_1_create = network_client.network_interfaces.create_or_update(
vv['resource_group_name'], nic_1_name, nic_1_parameters)
result_object_nic_1_create.wait()
nic_1 = result_object_nic_1_create.result()
nic_1.primary = False # This is a bug. The primary key is always None after interface create or update
# 11 Create VM
computer_name = vv['hostname'] + str(router_counter)
os_profile = compute_models.OSProfile(computer_name=computer_name,
admin_username=vv['username'],
admin_password=vv['password'])
hardware_profile = compute_models.HardwareProfile(
vm_size=vv['instance_type'])
storage_profile = compute_models.StorageProfile(
image_reference=compute_models.ImageReference(
publisher=vv['azure_vm_publisher'],
offer=vv['azure_vm_offer'],
sku=vv['azure_vm_sku'],
version='latest'))
network_profile = compute_models.NetworkProfile(
network_interfaces=[nic_0, nic_1])
image_plan = compute_models.Plan(name=vv['azure_vm_sku'],
publisher=vv['azure_vm_publisher'],
product=vv['azure_vm_offer'])
if vv['type'] == 'silb':
vm_profile = compute_models.VirtualMachine(
location=vv['region'],
os_profile=os_profile,
plan=image_plan,
hardware_profile=hardware_profile,
storage_profile=storage_profile,
network_profile=network_profile,
availability_set={'id': avset_return.id})
else:
vm_profile = compute_models.VirtualMachine(
location=vv['region'],
os_profile=os_profile,
plan=image_plan,
hardware_profile=hardware_profile,
storage_profile=storage_profile,
network_profile=network_profile)
result_object_vm_creation = compute_client.virtual_machines.create_or_update(
vv['resource_group_name'], computer_name, vm_profile)
result_object_vm_creation.wait()
vm_result = result_object_vm_creation.result()
# Get IP address
result = network_client.public_ip_addresses.get(
rg, public_ip_info.name)
public_ip = result.ip_address
vv['public_ip'] = public_ip
# If DMVPN hub, save info
if vv['type'] == 'hub':
hub_1_public = public_ip
hub_1_private = vv['dmvpn_address_router']
router = Router(vv['public_ip'], vv['username'], vv['password'],
vv['region'], vv['instance_type'],
settings.instance_types[vv['instance_type']])
if not router.initial_check_responsive():
print('router unresponsive')
if settings.regions[vv['region']]['smart_licensing'] == 'True':
if not router.register():
print('router unable to register with smart licensing')
config = router.render_config_from_template(
template_name='templates/baseline.j2', variables_dict=vv)
# want an exception if configuration result is not true
if not router.configure_router(config):
print('unable to configure router')
if vv['type'] == 'hub':
config = router.render_config_from_template(
template_name='templates/dmvpn_hub.j2', variables_dict=vv)
if not router.configure_router(config):
print('unable to configure router')
elif vv['type'] == 'spoke':
config = router.render_config_from_template(
template_name='templates/dmvpn_spoke.j2', variables_dict=vv)
if not router.configure_router(config):
print('unable to configure router')
elif vv['type'] == 'silb':
config = router.render_config_from_template(
template_name='templates/dmvpn_spoke_silb.j2',
variables_dict=vv)
if not router.configure_router(config):
print('unable to configure router')
elif vv['type'] == 'vnet':
config = router.render_config_from_template(
template_name='templates/app_vnet.j2', variables_dict=vv)
if not router.configure_router(config):
print('unable to configure router')
if not router.configure_router(
['end', 'event manager run 10interface']):
print('unable to configure 10 gigabitethernet interface')
router_counter += 1
# Tag SILB VNET with SILB private IP
if vv['type'] == 'silb':
lb_info = network_client.load_balancers.get(vv['resource_group_name'],
load_balancer_name)
silb_private_ip = lb_info.frontend_ip_configurations[
0].private_ip_address
vnet = network_client.virtual_networks.get(vv['resource_group_name'],
vv['vnet_name'])
vnet.tags.update({'tvpc_silb_private_address': silb_private_ip})
network_client.virtual_networks.create_or_update(
vv['resource_group_name'], vv['vnet_name'], vnet)
results_queue.put({
'hub_1_public': hub_1_public,
'hub_1_private': hub_1_private
})
def get_fake_nic(client, resource_group, nic_name):
nic = network_models.NetworkInterface()
return nic