from tests.config import * from nsxramlclient.client import NsxClient import time client_session = NsxClient(nsxraml_file, nsxmanager, nsx_username, nsx_password, debug=True) ipset_dict = client_session.extract_resource_body_schema('ipsetCreate', 'create') ipset_dict['ipset']['name'] = 'Test' ipset_dict['ipset']['value'] = '192.168.1.0/24' ipset_dict['ipset']['inheritanceAllowed'] = 'True' newipset_return = client_session.create('ipsetCreate', uri_parameters={'scopeMoref': 'globalroot-0'}, request_body_dict=ipset_dict) newipset = dict(client_session.read('ipset', uri_parameters={'ipsetId': newipset_return['objectId']})['body']) newipset['ipset']['value'] = '10.0.0.0/16' newipset['ipset']['inheritanceAllowed'] = 'False' time.sleep(10) client_session.update('ipset', uri_parameters={'ipsetId': newipset_return['objectId']}, request_body_dict=newipset) client_session.read('ipsetList', uri_parameters={'scopeMoref': 'globalroot-0'}) time.sleep(10) client_session.delete('ipset', uri_parameters={'ipsetId': newipset_return['objectId']})
client_session.view_response(all_lswitches) # list all logical switches in transport Zone tz_lswitches = client_session.read('logicalSwitches', uri_parameters={'scopeId': vdn_scope}) client_session.view_response(tz_lswitches) # Read the properties of the new logical switch new_ls_props = client_session.read('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']}) client_session.view_response(new_ls_props) time.sleep(5) # update the properties of the new logical switch (name) updated_ls_dict = new_ls_props['body'] updated_ls_dict['virtualWire']['name'] = 'ThisIsANewName' update_resp = client_session.update('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']}, request_body_dict=updated_ls_dict) time.sleep(5) # delete new logical created ealier client_session.delete('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']}) #TODO: test moving a VM to the new logical switch # move a VM to a logical switch vm_attach_body_dict = client_session.extract_resource_body_schema('logicalSwitchVmAttach', 'read') client_session.view_body_dict(vm_attach_body_dict) #vm_attach_body_dict['com.vmware.vshield.vsm.inventory.dto.VnicDto']['objectId'] = '' #vm_attach_body_dict['com.vmware.vshield.vsm.inventory.dto.VnicDto']['portgroupId'] = new_ls['objectId'] #vm_attach_body_dict['com.vmware.vshield.vsm.inventory.dto.VnicDto']['vnicUuid'] = ''
# IN THE SOFTWARE. __author__ = 'yfauser' from tests.config import * from nsxramlclient.client import NsxClient import time client_session = NsxClient(nsxraml_file, nsxmanager, nsx_username, nsx_password, debug=False) # Change the fabric UDP Port to different values (VXLAN standard value) update_udp_port_response = client_session.update( 'vdnConfigUDPUpdate', uri_parameters={'portNumber': '4789'}) client_session.view_response(update_udp_port_response) time.sleep(5) # Get the configured UDP Port for VXLAN in the Fabric upd_port_response = client_session.read('vdnConfigUDP') client_session.view_response(upd_port_response) time.sleep(5) # change the UDP Port back to the NSX Default update_udp_port_response = client_session.update( 'vdnConfigUDPUpdate', uri_parameters={'portNumber': '8472'}) client_session.view_response(update_udp_port_response)
def main(): """main function: Accept arguments from Ansible Create an nsxramlclient session Depending on the mode of operation call the specific function """ module = AnsibleModule(argument_spec= dict( nsxmanager_spec=dict(required=True, type="dict"), edge_name=dict(required=False), edge_id=dict(required=False), mode=dict(required=True, choices=["create", "append", "query", "delete", "set_default_action", "reset"]), source=dict(required=False, type="dict"), destination=dict(required=False, type="dict"), action=dict(required=False, choices=["accept", "deny", "reject"]), name=dict(required=False), description=dict(required=False), application=dict(required=False, type="dict"), rule_id=dict(required=False), direction=dict(required=False, choices=["in", "out"]), global_config=dict(required=False, type="dict"), rules=dict(required=False, type="list"), default_action=dict(required=False, choices=["accept", "deny", "reject"]), ), required_one_of=[["edge_name", "edge_id"]]) try: client_session = NsxClient(module.params['nsxmanager_spec']['raml_file'], module.params['nsxmanager_spec']['host'], module.params['nsxmanager_spec']['user'], module.params['nsxmanager_spec']['password']) except: module.fail_json(msg="Could not connect to the NSX manager") edge_name = module.params.get("edge_name", None) if not edge_name: edge_id = module.params["edge_id"] else: edge_id = get_edge_id(client_session, edge_name) if not edge_id: module.fail_json(msg="The edge with the name %s does not exist." % (edge_name)) mode = module.params["mode"] action = module.params.get("action", None) name = module.params.get("name", None) rule_id = module.params.get("rule_id", None) application = module.params.get("application", None) source = module.params.get("source", None) destination = module.params.get("destination", None) description = module.params.get("description", None) direction = module.params.get("direction", None) rules = module.params.get("rules", None) global_config = module.params.get("global_config", None) default_action = module.params.get("default_action", None) if mode == "create": #'create' mode: # 1)Create a Firewall object out of the given rules,global_config and default_action # 2)Get the resource body to be sent # 3)Send the resource body to the NSX Manager if not rules: module.fail_json(msg="The parameter 'rules' is required in order to create the firewall rules") firewall_rules = [] for rule in rules: firewall_rules.append(FirewallRule(rule)) F = Firewall(firewall_rules, global_config, default_action) resource_body = F.get_resource_body() resp = client_session.update("nsxEdgeFirewallConfig", uri_parameters={"edgeId": edge_id}, request_body_dict=resource_body) if resp["status"] == 204: module.exit_json(changed=True, msg="Successfully created the rules for the edge with ID %s" % (edge_id)) else: module.fail_json(msg="The resource could not be created") elif mode == "append": #'append' mode: # 1)Check if the rule to be added already exists in the firewall # 2)If yes, exit # 3)If no, create the resource body and send the request to the NSX Manager if not action: module.fail_json(msg="The 'action' attribute is mandatory while appending a new rule") rule_to_be_added = FirewallRule({"name":name, "action":action, "description":description, "source":source, "destination":destination, "application":application, "direction":direction}) current_rules = [FirewallRule(rule) for rule in query_firewall_rules(client_session, edge_id)] current_hashes = [hash(rule) for rule in current_rules] if hash(rule_to_be_added) in current_hashes: module.exit_json(changed=False, msg="The given rule already exists in the firewall") resource_body = append_api_resource_body resource_body["firewallRules"]["firewallRule"] = rule_to_be_added.get_rule() resp = client_session.create("firewallRules", uri_parameters={"edgeId": edge_id}, request_body_dict=resource_body) if resp["status"] == 201: module.exit_json(changed=True, meta={"ruleId": resp["objectId"]}) else: module.fail_json(msg="The resource could not be created") elif mode == "query": #'query' mode: # 1)Query the rules existing for the given edge # 2)Display the results (requires <result>.split("\n") in Ansible as Ansible does not support printing newlines rules = query_firewall_rules(client_session, edge_id) print_str = display_firewall_rules(rules) module.exit_json(changed=False, meta={"output": print_str}) elif mode == "delete": #'delete' mode: # - Delete the rule with the given rule_id if not rule_id: module.fail_json(msg="The parameter 'rule_id' is required to delete a given rule") resp = client_session.delete("firewallRule", uri_parameters={"ruleId": rule_id, "edgeId": edge_id}) if resp["status"] == 204: module.exit_json(changed=True, msg="Rule with the ID %s successfully deleted" % (rule_id)) else: module.fail_json(msg="Could not delete the rule with ID %s. Make sure that the rule exists" % (rule_id)) elif mode == "set_default_action": #'set_default_action' mode: # - Sets the default action for the firewall(can be 'accept', 'deny' or 'reject') if not default_action: module.fail_json(msg="The parameter 'default_action' is required to set the default action") resource_body = default_action_resource_body resource_body["firewallDefaultPolicy"]["action"] = default_action resp = client_session.update("defaultFirewallPolicy", uri_parameters={"edgeId": edge_id}, request_body_dict=resource_body) if resp["status"] == 204: module.exit_json(changed=True, msg="Successfully updated the firewall config") else: module.fail_json(msg="The resource could not be updated") elif mode == "reset": #'reset' mode: # - Resets the firewall by deleting all the existing rules resp = client_session.delete("nsxEdgeFirewallConfig", uri_parameters={"edgeId": edge_id}) if resp["status"] == 204: module.exit_json(msg="Successfully reset the firewall configuration for the edge with ID %s" %(edge_id), changed=True) else: module.fail_json(msg="Could not reset the firewall rules for the edge with ID %s" %(edge_id))
client_session.view_response(all_lswitches) # list all logical switches in transport Zone tz_lswitches = client_session.read('logicalSwitches', uri_parameters={'scopeId': vdn_scope}) client_session.view_response(tz_lswitches) # Read the properties of the new logical switch new_ls_props = client_session.read('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']}) client_session.view_response(new_ls_props) time.sleep(5) # update the properties of the new logical switch (name) updated_ls_dict = new_ls_props['body'] updated_ls_dict['virtualWire']['name'] = 'ThisIsANewName' update_resp = client_session.update('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']}, request_body_dict=updated_ls_dict) time.sleep(5) # delete new logical created ealier client_session.delete('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']}) #TODO: test moving a VM to the new logical switch # move a VM to a logical switch #vm_attach_body_dict = client_session.extract_resource_body_example('logicalSwitchVmAttach', 'read') #client_session.view_body_dict(vm_attach_body_dict) #vm_attach_body_dict['com.vmware.vshield.vsm.inventory.dto.VnicDto']['objectId'] = '' #vm_attach_body_dict['com.vmware.vshield.vsm.inventory.dto.VnicDto']['portgroupId'] = new_ls['objectId'] #vm_attach_body_dict['com.vmware.vshield.vsm.inventory.dto.VnicDto']['vnicUuid'] = ''