# find the objectId of the Scope with the name of the Transport Zone vdn_scopes = client_session.read('vdnScopes', 'read')['body'] vdn_scope_dict_list = [scope_dict for scope_dict in vdn_scopes['vdnScopes'].items()] vdn_scope = [scope[1]['objectId'] for scope in vdn_scope_dict_list if scope[1]['name'] == TRANSPORT_ZONE][0] # get a template dict for the lswitch create lswitch_create_dict = client_session.extract_resource_body_schema('logicalSwitches', 'create') client_session.view_body_dict(lswitch_create_dict) # fill the details for the new lswitch in the body dict lswitch_create_dict['virtualWireCreateSpec']['controlPlaneMode'] = 'UNICAST_MODE' lswitch_create_dict['virtualWireCreateSpec']['name'] = 'TestLogicalSwitch1' lswitch_create_dict['virtualWireCreateSpec']['tenantId'] = 'Tenant1' # create new lswitch new_ls = client_session.create('logicalSwitches', uri_parameters={'scopeId': vdn_scope}, request_body_dict=lswitch_create_dict) client_session.view_response(new_ls) # list all logical switches all_lswitches = client_session.read('logicalSwitchesGlobal') client_session.view_response(all_lswitches) # list all logical switches in transport Zone tz_lswitches = client_session.read('logicalSwitches', uri_parameters={'scopeId': vdn_scope}) client_session.view_response(tz_lswitches) # Read the properties of the new logical switch new_ls_props = client_session.read('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']}) client_session.view_response(new_ls_props) time.sleep(5)
__author__ = 'yfauser' from tests.config import * from nsxramlclient.client import NsxClient import time client_session = NsxClient(nsxraml_file, nsxmanager, nsx_username, nsx_password, debug=True) ipset_dict = client_session.extract_resource_body_schema('ipsetCreate', 'create') ipset_dict['ipset']['name'] = 'Test' ipset_dict['ipset']['value'] = '192.168.1.0/24' ipset_dict['ipset']['inheritanceAllowed'] = 'True' newipset_return = client_session.create('ipsetCreate', uri_parameters={'scopeMoref': 'globalroot-0'}, request_body_dict=ipset_dict) newipset = dict(client_session.read('ipset', uri_parameters={'ipsetId': newipset_return['objectId']})['body']) newipset['ipset']['value'] = '10.0.0.0/16' newipset['ipset']['inheritanceAllowed'] = 'False' time.sleep(10) client_session.update('ipset', uri_parameters={'ipsetId': newipset_return['objectId']}, request_body_dict=newipset) client_session.read('ipsetList', uri_parameters={'scopeMoref': 'globalroot-0'}) time.sleep(10) client_session.delete('ipset', uri_parameters={'ipsetId': newipset_return['objectId']})
def main(): """main function: Accept arguments from Ansible Create an nsxramlclient session Depending on the mode of operation call the specific function """ module = AnsibleModule(argument_spec= dict( nsxmanager_spec=dict(required=True, type="dict"), edge_name=dict(required=False), edge_id=dict(required=False), mode=dict(required=True, choices=["create", "append", "query", "delete", "set_default_action", "reset"]), source=dict(required=False, type="dict"), destination=dict(required=False, type="dict"), action=dict(required=False, choices=["accept", "deny", "reject"]), name=dict(required=False), description=dict(required=False), application=dict(required=False, type="dict"), rule_id=dict(required=False), direction=dict(required=False, choices=["in", "out"]), global_config=dict(required=False, type="dict"), rules=dict(required=False, type="list"), default_action=dict(required=False, choices=["accept", "deny", "reject"]), ), required_one_of=[["edge_name", "edge_id"]]) try: client_session = NsxClient(module.params['nsxmanager_spec']['raml_file'], module.params['nsxmanager_spec']['host'], module.params['nsxmanager_spec']['user'], module.params['nsxmanager_spec']['password']) except: module.fail_json(msg="Could not connect to the NSX manager") edge_name = module.params.get("edge_name", None) if not edge_name: edge_id = module.params["edge_id"] else: edge_id = get_edge_id(client_session, edge_name) if not edge_id: module.fail_json(msg="The edge with the name %s does not exist." % (edge_name)) mode = module.params["mode"] action = module.params.get("action", None) name = module.params.get("name", None) rule_id = module.params.get("rule_id", None) application = module.params.get("application", None) source = module.params.get("source", None) destination = module.params.get("destination", None) description = module.params.get("description", None) direction = module.params.get("direction", None) rules = module.params.get("rules", None) global_config = module.params.get("global_config", None) default_action = module.params.get("default_action", None) if mode == "create": #'create' mode: # 1)Create a Firewall object out of the given rules,global_config and default_action # 2)Get the resource body to be sent # 3)Send the resource body to the NSX Manager if not rules: module.fail_json(msg="The parameter 'rules' is required in order to create the firewall rules") firewall_rules = [] for rule in rules: firewall_rules.append(FirewallRule(rule)) F = Firewall(firewall_rules, global_config, default_action) resource_body = F.get_resource_body() resp = client_session.update("nsxEdgeFirewallConfig", uri_parameters={"edgeId": edge_id}, request_body_dict=resource_body) if resp["status"] == 204: module.exit_json(changed=True, msg="Successfully created the rules for the edge with ID %s" % (edge_id)) else: module.fail_json(msg="The resource could not be created") elif mode == "append": #'append' mode: # 1)Check if the rule to be added already exists in the firewall # 2)If yes, exit # 3)If no, create the resource body and send the request to the NSX Manager if not action: module.fail_json(msg="The 'action' attribute is mandatory while appending a new rule") rule_to_be_added = FirewallRule({"name":name, "action":action, "description":description, "source":source, "destination":destination, "application":application, "direction":direction}) current_rules = [FirewallRule(rule) for rule in query_firewall_rules(client_session, edge_id)] current_hashes = [hash(rule) for rule in current_rules] if hash(rule_to_be_added) in current_hashes: module.exit_json(changed=False, msg="The given rule already exists in the firewall") resource_body = append_api_resource_body resource_body["firewallRules"]["firewallRule"] = rule_to_be_added.get_rule() resp = client_session.create("firewallRules", uri_parameters={"edgeId": edge_id}, request_body_dict=resource_body) if resp["status"] == 201: module.exit_json(changed=True, meta={"ruleId": resp["objectId"]}) else: module.fail_json(msg="The resource could not be created") elif mode == "query": #'query' mode: # 1)Query the rules existing for the given edge # 2)Display the results (requires <result>.split("\n") in Ansible as Ansible does not support printing newlines rules = query_firewall_rules(client_session, edge_id) print_str = display_firewall_rules(rules) module.exit_json(changed=False, meta={"output": print_str}) elif mode == "delete": #'delete' mode: # - Delete the rule with the given rule_id if not rule_id: module.fail_json(msg="The parameter 'rule_id' is required to delete a given rule") resp = client_session.delete("firewallRule", uri_parameters={"ruleId": rule_id, "edgeId": edge_id}) if resp["status"] == 204: module.exit_json(changed=True, msg="Rule with the ID %s successfully deleted" % (rule_id)) else: module.fail_json(msg="Could not delete the rule with ID %s. Make sure that the rule exists" % (rule_id)) elif mode == "set_default_action": #'set_default_action' mode: # - Sets the default action for the firewall(can be 'accept', 'deny' or 'reject') if not default_action: module.fail_json(msg="The parameter 'default_action' is required to set the default action") resource_body = default_action_resource_body resource_body["firewallDefaultPolicy"]["action"] = default_action resp = client_session.update("defaultFirewallPolicy", uri_parameters={"edgeId": edge_id}, request_body_dict=resource_body) if resp["status"] == 204: module.exit_json(changed=True, msg="Successfully updated the firewall config") else: module.fail_json(msg="The resource could not be updated") elif mode == "reset": #'reset' mode: # - Resets the firewall by deleting all the existing rules resp = client_session.delete("nsxEdgeFirewallConfig", uri_parameters={"edgeId": edge_id}) if resp["status"] == 204: module.exit_json(msg="Successfully reset the firewall configuration for the edge with ID %s" %(edge_id), changed=True) else: module.fail_json(msg="Could not reset the firewall rules for the edge with ID %s" %(edge_id))
class NSX(): ''' NSX Class: Following functionality are implemented. 1. Create and get a hardware gateway. 2. Create and get a hardware binding. 3. Create and get a logical switch. ''' def __init__(self, **kwargs): self._nsxraml_file = kwargs.pop('raml_file') self._nsx_password = kwargs.pop('password') self._nsx_username = kwargs.pop('username') self._nsxmanager = kwargs.pop('ip') self._client_session = NsxClient(self._nsxraml_file, self._nsxmanager, self._nsx_username, self._nsx_password) self.logger = logging.getLogger(__name__) self._cert = "" self._bfd = True self._name = "" def add_hwdevice_cert(self, **kwargs): self._cert = str(kwargs.pop('cert')) self._bfd = kwargs.pop('bfd', True) self._name = str(kwargs.pop('name')) self.logger.info("Creating Hardware Device: %s", self._name) hw_dict = self._client_session.extract_resource_body_example('vdnHardwareGateway', 'create') hw_dict['hardwareGatewaySpec']['name'] = self._name hw_dict['hardwareGatewaySpec']['certificate'] = self._cert hw_dict['hardwareGatewaySpec']['bfdEnabled'] = self._bfd hw = self._client_session.create('vdnHardwareGateway', request_body_dict=hw_dict) if 200 in hw.values(): return True return False def get_hwdevice(self): self.logger.info("Reading Hardware Gateway Certificates") hw = self._client_session.read('vdnHardwareGateway') if 200 in hw.values(): return hw['body']['list'] else: return False def get_hwgateway_biding(self, **kwargs): lswitch_name = str(kwargs.pop('lswitch_name')) self.logger.info("Reading Hardware Bidings for the logical switch id: %r", lswitch_name) objid = self.get_lswitch_objectId(lswitch_name=lswitch_name) if objid: hw_bindings = self._client_session.read('vdnHardwareBinding', uri_parameters={'virtualWireID': objid}) if 200 in hw_bindings.values(): return hw_bindings['body']['list'] else: return False else: self.logger.info("Logical Switch: %r entry not found", lswitch_name) return False def get_hwdevice_objectId(self, **kwargs): hwdevice_name = str(kwargs.pop('hwdevice_name')) hwdevice = self.get_hwdevice() objid = None hw_list = hwdevice['hardwareGateway'] if isinstance(hw_list, dict): if hw_list['name'] == hwdevice_name: objid = hw_list['objectId'] else: for i in hw_list: if i['name'] == hwdevice_name: objid = i['objectId'] break return objid def get_logicalswitch(self): self.logger.info("Reading list of Logical Switches") lswitch = self._client_session.read('logicalSwitchesGlobal') if 200 in lswitch.values(): return lswitch['body']['virtualWires'] else: return False def create_logicalswitch(self, **kwargs): lswitch_name = str(kwargs.pop('name')) zone = str(kwargs.pop('zone', 'TZ1')) controlplan_mode = str(kwargs.pop('controlplan_mode', 'UNICAST_MODE')) tenant = str(kwargs.pop('tenant', 'vsphere.local')) self.logger.info("Crating Logical Switch: %r", lswitch_name) # find the objectId of the Scope with the name of the Transport Zone vdn_scopes = self._client_session.read('vdnScopes', 'read')['body'] vdn_scope_dict_list = [scope_dict for scope_dict in vdn_scopes['vdnScopes'].items()] vdn_scope = [scope[1]['objectId'] for scope in vdn_scope_dict_list if scope[1]['name'] == zone][0] # get a template dict for the lswitch create lswitch_create_dict = self._client_session.extract_resource_body_example('logicalSwitches', 'create') # self._client_session.view_body_dict(lswitch_create_dict) # fill the details for the new lswitch in the body dict lswitch_create_dict['virtualWireCreateSpec']['controlPlaneMode'] = controlplan_mode lswitch_create_dict['virtualWireCreateSpec']['name'] = lswitch_name lswitch_create_dict['virtualWireCreateSpec']['tenantId'] = tenant # create new lswitch new_ls = self._client_session.create('logicalSwitches', uri_parameters={'scopeId': vdn_scope}, request_body_dict=lswitch_create_dict) # self._client_session.view_response(new_ls) if 200 in new_ls.values(): return True else: return False def get_lswitch_objectId(self, **kwargs): lswitch_name = str(kwargs.pop('lswitch_name')) lswitch = self.get_logicalswitch() objid = None sw_list = lswitch['dataPage']['virtualWire'] if isinstance(sw_list, dict): if sw_list['name'] == lswitch_name: objid = sw_list['objectId'] else: for i in sw_list: if i['name'] == lswitch_name: objid = i['objectId'] break return objid def create_hardwarebinding(self, **kwargs): lswitch_name = str(kwargs.pop('lswitch_name')) vlan = str(kwargs.pop('vlan')) port_name = str(kwargs.pop('port_name')) switch_name = str(kwargs.pop('switch_name')) hardware_gateway_name = str(kwargs.pop('hardware_gateway_name')) self.logger.info("Creating Hardware bindings for the logical switch: %r", lswitch_name) hwdevice_id = self.get_hwdevice_objectId(hwdevice_name=hardware_gateway_name) if not hwdevice_id: self.logger.info("Hardware device entry: %r entry not found", hardware_gateway_name) return False objectId = self.get_lswitch_objectId(lswitch_name=lswitch_name) if objectId: hw_dict = self._client_session.extract_resource_body_example('vdnHardwareBinding', 'create') hw_dict['hardwareGatewayBinding']['hardwareGatewayId'] = hwdevice_id hw_dict['hardwareGatewayBinding']['portName'] = port_name hw_dict['hardwareGatewayBinding']['vlan'] = vlan hw_dict['hardwareGatewayBinding']['switchName'] = switch_name hw = self._client_session.create('vdnHardwareBinding', uri_parameters={'virtualWireID': objectId}, request_body_dict=hw_dict) if 200 in hw.values(): return True else: return False else: self.logger.info("Logical Switch: %r entry not found", lswitch_name) return False
from nsxramlclient.client import NsxClient import time client_session = NsxClient(nsxraml_file, nsxmanager, nsx_username, nsx_password, debug=True) macset_dict = client_session.extract_resource_body_schema( 'macsetScopeCreate', 'create') macset_dict['macset']['name'] = 'test0' # CREATE macset on scope newmacset_return = client_session.create( 'macsetScopeCreate', uri_parameters={'scopeId': 'globalroot-0'}, request_body_dict=macset_dict) # READ macset by ID newmacset = dict( client_session.read( 'macset', uri_parameters={'macsetId': newmacset_return['objectId']})['body']) # UPDATE macset by ID newmacset['macset']['name'] = 'test1' newmacset['macset']['revision'] = '1' newmacset['macset']['value'] = '44:55:66:77:88:99' time.sleep(10)
# find the objectId of the Scope with the name of the Transport Zone vdn_scopes = client_session.read('vdnScopes', 'read')['body'] vdn_scope_dict_list = [scope_dict for scope_dict in vdn_scopes['vdnScopes'].items()] vdn_scope = [scope[1]['objectId'] for scope in vdn_scope_dict_list if scope[1]['name'] == TRANSPORT_ZONE][0] # get a template dict for the lswitch create lswitch_create_dict = client_session.extract_resource_body_example('logicalSwitches', 'create') client_session.view_body_dict(lswitch_create_dict) # fill the details for the new lswitch in the body dict lswitch_create_dict['virtualWireCreateSpec']['controlPlaneMode'] = 'UNICAST_MODE' lswitch_create_dict['virtualWireCreateSpec']['name'] = 'TestLogicalSwitch1' lswitch_create_dict['virtualWireCreateSpec']['tenantId'] = 'Tenant1' # create new lswitch new_ls = client_session.create('logicalSwitches', uri_parameters={'scopeId': vdn_scope}, request_body_dict=lswitch_create_dict) client_session.view_response(new_ls) # list all logical switches all_lswitches = client_session.read('logicalSwitchesGlobal') client_session.view_response(all_lswitches) # list all logical switches in transport Zone tz_lswitches = client_session.read('logicalSwitches', uri_parameters={'scopeId': vdn_scope}) client_session.view_response(tz_lswitches) # Read the properties of the new logical switch new_ls_props = client_session.read('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']}) client_session.view_response(new_ls_props) time.sleep(5)
# IN THE SOFTWARE. __author__ = 'cmullaney' from tests.config import * from nsxramlclient.client import NsxClient import time client_session = NsxClient(nsxraml_file, nsxmanager, nsx_username, nsx_password, debug=True) macset_dict = client_session.extract_resource_body_example('macsetScopeCreate', 'create') macset_dict['macset']['name'] = 'test0' # CREATE macset on scope newmacset_return = client_session.create('macsetScopeCreate', uri_parameters={'scopeId': 'globalroot-0'}, request_body_dict=macset_dict) # READ macset by ID newmacset = dict(client_session.read('macset', uri_parameters={'macsetId': newmacset_return['objectId']})['body']) # UPDATE macset by ID newmacset['macset']['name'] = 'test1' newmacset['macset']['revision'] = '1' newmacset['macset']['value'] = '44:55:66:77:88:99' time.sleep(10) client_session.update('macset', uri_parameters={'macsetId': newmacset_return['objectId']}, request_body_dict=newmacset) # READ macsets on scope