def export_firewall_rules(context, verbose=False): client.set_context(context, 'nsxmanager') moidMap = refresh_moid_map(context) if DEBUG: pprint(moidMap) export_nsx_edge_gateway_firewall_rules(context)
def init(): nsx_mgr_ip = os.getenv('nsx_manager_ips_int').split(',')[0].strip() nsx_mgr_user = os.getenv('nsx_manager_username_int', 'admin') nsx_mgr_pwd = os.getenv('nsx_manager_password_int') nsx_mgr_context = { 'admin_user': nsx_mgr_user, 'url': 'https://' + nsx_mgr_ip, 'admin_passwd': nsx_mgr_pwd } # TODO: the value of transport zone name is current static, and hidden from user. # see vars.yml global_id_map['DEFAULT_TRANSPORT_ZONE_NAME'] = 'overlay-tz' client.set_context(nsx_mgr_context) try: print('Using manager IP address at %s' % nsx_mgr_ip) client.get(TRANSPORT_ZONES_ENDPOINT) except requests.exceptions.SSLError: vip = os.getenv('nsx_manager_virtual_ip_int', '').strip() if vip == '': print( 'Manager IP is not accessible and VIP is not set, unable to connect ' 'to nsx manager!') raise print('Manager IP is not accessible, using cluster vip at %s!' % vip) cluster_context = { 'admin_user': nsx_mgr_user, 'url': 'https://' + vip, 'admin_passwd': nsx_mgr_pwd } client.set_context(cluster_context)
def list(context, verbose=False): client.set_context(context, 'nsxmanager') moidMap = refresh_moid_map(context) if DEBUG: pprint(moidMap) reconcile_uplinks(context) list_logical_switches(context) list_nsx_edge_gateways(context)
def init(): nsx_mgr_ip = os.getenv('NSX_T_MANAGER_IP') nsx_mgr_user = os.getenv('NSX_T_MANAGER_ADMIN_USER', 'admin') nsx_mgr_pwd = os.getenv('NSX_T_MANAGER_ROOT_PWD') nsx_mgr_context = { 'admin_user' : nsx_mgr_user, 'url': 'https://' + nsx_mgr_ip, 'admin_passwd' : nsx_mgr_pwd } client.set_context(nsx_mgr_context)
def delete(context, verbose=False): client.set_context(context, 'nsxmanager') refresh_moid_map(context) delete_nsx_edge_gateways(context) delete_nsx_dlr_gateways(context) delete_logical_switches(context, 'logical_switches') # Run delete once more for hte logical switches just to be safe... # Sometimes they stay around delete_logical_switches(context, 'logical_switches')
def build(context, verbose=False): client.set_context(context, 'nsxmanager') moidMap = refresh_moid_map(context) if DEBUG: pprint(moidMap) reconcile_uplinks(context) #build_transport_zone('tz', context, 'transport_zone') build_logical_switches('lswitch', context, 'logical_switches') build_nsx_dlrs('dlr', context) build_nsx_edge_gateways('edge', context)
def init(): nsx_mgr_ip = os.getenv('NSX_T_MANAGER_IP') nsx_mgr_user = os.getenv('NSX_T_MANAGER_ADMIN_USER', 'admin') nsx_mgr_pwd = os.getenv('NSX_T_MANAGER_ROOT_PWD') transport_zone_name = os.getenv('NSX_T_OVERLAY_TRANSPORT_ZONE') nsx_mgr_context = { 'admin_user': nsx_mgr_user, 'url': 'https://' + nsx_mgr_ip, 'admin_passwd': nsx_mgr_pwd } global_id_map['DEFAULT_TRANSPORT_ZONE_NAME'] = transport_zone_name client.set_context(nsx_mgr_context)
def init(): nsx_mgr_ip = os.getenv('nsx_manager_ips_int').split(',')[0].strip() nsx_mgr_user = os.getenv('nsx_manager_username_int', 'admin') nsx_mgr_pwd = os.getenv('nsx_manager_password_int') nsx_mgr_context = { 'admin_user': nsx_mgr_user, 'url': 'https://' + nsx_mgr_ip, 'admin_passwd': nsx_mgr_pwd } # TODO: the value of transport zone name is current static, and hidden from user. # see vars.yml global_id_map['DEFAULT_TRANSPORT_ZONE_NAME'] = 'overlay-tz' client.set_context(nsx_mgr_context)
def init(): global nsx_mgr_ip, validate_for_pas nsx_mgr_ip = os.getenv('NSX_API_MANAGER') nsx_mgr_user = os.getenv('NSX_API_USER', 'admin') nsx_mgr_pwd = os.getenv('NSX_API_PASSWORD') validate_for_pas = (os.getenv('VALIDATE_FOR_PAS', 'true') == 'true') nsx_mgr_context = { 'admin_user': nsx_mgr_user, 'url': 'https://' + nsx_mgr_ip, 'admin_passwd': nsx_mgr_pwd } #print 'NSX Mgr context: {}'.format(nsx_mgr_context) client.set_context(nsx_mgr_context)
def configure_self_signed_certs(cluster_cert=False): def does_comman_name_match(attr_list, common_name): for attr in attr_list: if attr.get('key') == 'CN' and attr.get('value') == common_name: return True return False mgr_hostname_prefix = os.getenv('nsx_manager_hostname_prefix_int') if mgr_hostname_prefix == '' or mgr_hostname_prefix == 'null': print( 'Value not set for the NSX_T_MANAGER_HOST_NAME, cannot create self-signed cert' ) return csr_request = get_rsc_def_if_configured('nsx_t_csr_request_spec_int', 'csr_request') if not csr_request: return fqdn = '' if not cluster_cert: fqdn = '{}-1.{}'.format(mgr_hostname_prefix, os.getenv('dns_domain_int')) else: vip_addr = os.getenv('nsx_manager_virtual_ip_int', '').strip() if vip_addr and vip_addr != '' and vip_addr != 'null': fqdn = os.getenv('nsx_manager_cluster_fqdn_int', '') print('Cluster FQDN is set as %s' % fqdn) if not fqdn or fqdn == '' or fqdn == 'null': print('No valid FQDN set for generating cluster cert!') return api_endpoint = TRUST_MGMT_CSRS_ENDPOINT existing_csrs_response = client.get(api_endpoint).json() for csr_resource in existing_csrs_response.get('results', []): attr_list = csr_resource.get('subject', {}).get('attributes', []) if does_comman_name_match(attr_list, fqdn): print( 'CSR with NSX manager / cluster FQDN %s already exists, skip creation!' % fqdn) return signed_cert_id = generate_self_signed_cert(fqdn, csr_request) if cluster_cert: cluster_cert_api_point = '%s%s%s' % ( CLUSTER_UPDATE_CERT, '&certificate_id=', signed_cert_id) cluster_cert_response = client.post(cluster_cert_api_point, '') print( 'NSX Mgr cluster updated to use newly generated CSR!!' + '\n Update response code:{}'.format( cluster_cert_response.status_code)) nsx_mgr_user = os.getenv('nsx_manager_username_int', 'admin') nsx_mgr_pwd = os.getenv('nsx_manager_password_int') cluster_context = { 'admin_user': nsx_mgr_user, 'url': 'https://' + vip_addr, 'admin_passwd': nsx_mgr_pwd } client.set_context(cluster_context) else: update_api_endpint = '%s%s%s' % (TRUST_MGMT_UPDATE_CERT, '&certificate_id=', signed_cert_id) update_csr_response = client.post(update_api_endpint, '') print( 'NSX Mgr updated to use newly generated CSR!!' + '\n Update response code:{}'.format( update_csr_response.status_code))
def export_firewall_rules(context): client.set_context(context, 'nsxmanager') export_nsx_edge_gateway_firewall_rules(context)