def main(): args = getargs.getargs() stub_config = auth.get_session_auth_stub_config(args.user, args.password, args.nsx_host, args.tcp_port) # Create a pretty printer to make the output look nice. pp = PrettyPrinter() # Create the service we'll need. transportzones_svc = TransportZones(stub_config) # First, list all transport zones. If your NSX installation has # just been installed, this should return an empty list. tzs = transportzones_svc.list() print("Initial list of transport zones - %d zones" % tzs.result_count) pp.pprint(tzs) # Create a transport zone. new_tz = TransportZone( transport_type=TransportZone.TRANSPORT_TYPE_OVERLAY, display_name="My transport zone", description="Transport zone for basic create/read/update/delete demo", host_switch_name="hostswitch1") result_tz = transportzones_svc.create(new_tz) print("Transport zone created. id is %s" % result_tz.id) # Save the id, which uniquely identifies the resource we created. tz_id = result_tz.id # Read that transport zone. read_tz = transportzones_svc.get(tz_id) print("Re-read the transport zone") pp.pprint(read_tz) # List all transport zones again. The newly created transport # zone will be in the list. tzs = transportzones_svc.list() print("Updated list of transport zones - %d zones" % tzs.result_count) pp.pprint(tzs) print("You can now examine the list of transport zones in the") print("NSX manager if you wish. Press enter to continue.") sys.stdin.readline() # Update the transport zone. read_tz.description = "Updated description for transport zone" updated_tz = transportzones_svc.update(tz_id, read_tz) print("After updating description. Note that the revision property is " "automatically updated.") pp.pprint(updated_tz) # Update the transport zone again. # # Note that NSX insists that clients always operate on up-to-date # data. To enforce this, every resource in NSX has a "revision" # property that is automatically maintained by NSX and is # incremented each time the resource is updated. If a client # submits an update operation, and the revision property in the # payload provided by the client does not match the revision # stored on the server, another update must have happened since # the client last read the resource, and the client's copy is # therefore stale. In this case, the server will return a 412 # Precondition Failed error. This is intended to prevent clients # from clobbering each other's updates. To recover from this # error, the client must re-read the resource, apply any desired # updates, and perform another update operation. updated_tz.description = "Updated description again for transport zone" updated_tz = transportzones_svc.update(tz_id, updated_tz) print("After updating description again.") pp.pprint(updated_tz) # Delete the transport zone. transportzones_svc.delete(tz_id) print("After deleting transport zone") # Now if we try to read the transport zone, we should get a # 404 Not Found error. This example also shows how you can # check for and handle specific errors from the NSX API. try: read_tz = transportzones_svc.get(tz_id) except NotFound: print("Transport zone is gone, as expected")
def pp(value): """ Utility method used to print the data nicely. """ output = cStringIO() PrettyPrinter(stream=output).pprint(value) return output.getvalue()
def main(): arg_parser = getargs.get_arg_parser() arg_parser.add_argument("-s", "--remote_enforcement_point", type=str, required=True, help="remote enforcement point (nsx-t manager " "ip address or hostname)") arg_parser.add_argument("-r", "--remote_login_user", type=str, required=True, help="remote login username") arg_parser.add_argument("-c", "--remote_login_password", type=str, required=True, help="remote login password") arg_parser.add_argument("-f", "--remote_ssl_thumbprint", type=str, required=True, help="remote ssl SHA256 thumbprint") args = arg_parser.parse_args() stub_config = auth.get_basic_auth_stub_config(args.user, args.password, args.nsx_host, args.tcp_port) # Create a pretty printer to make the output look nice. pp = PrettyPrinter() # Create the services we'll need. infra_svc = Infra(stub_config) dz_svc = DeploymentZones(stub_config) ep_svc = EnforcementPoints(stub_config) DEFAULT_DZ_ID = "default" # Read the default deployment zone default_dz = dz_svc.get(DEFAULT_DZ_ID) # Print the current enforcement points print("Initial enforcement points: ") pp.pprint(default_dz.enforcement_points) # Register an enforcement point conn_info = NSXTConnectionInfo( enforcement_point_address=args.remote_enforcement_point, thumbprint=args.remote_ssl_thumbprint, username=args.remote_login_user, password=args.remote_login_password, ) ep = EnforcementPoint( description="Example Enforcement Point", connection_info=conn_info, ) try: ep_svc.patch(DEFAULT_DZ_ID, "example", ep) except Error as ex: api_error = ex.data.convert_to(ApiError) print("An error occurred: %s" % api_error.error_message) eps = ep_svc.list(DEFAULT_DZ_ID) pp.pprint(eps) print("You can now examine the enforcement points in the") print("NSX policy service if you wish. Press enter to continue.") sys.stdin.readline() # Delete the enforcement point ep_svc.delete(DEFAULT_DZ_ID, "example") print("After deleting enforcement point")
def main(): args = getargs.getargs() stub_config = auth.get_session_auth_stub_config(args.user, args.password, args.nsx_host, args.tcp_port) pp = PrettyPrinter() # Instantiate all the services we'll need. transportzones_svc = TransportZones(stub_config) logicalswitches_svc = LogicalSwitches(stub_config) logicalrouters_svc = LogicalRouters(stub_config) logicalrouterports_svc = LogicalRouterPorts(stub_config) logicalports_svc = LogicalPorts(stub_config) fwsections_svc = Sections(stub_config) # Create a transport zone new_tz = TransportZone( transport_type=TransportZone.TRANSPORT_TYPE_OVERLAY, display_name="Two Tier App Demo Transport Zone", description="Transport zone for two-tier app demo", host_switch_name="hostswitch" ) demo_tz = transportzones_svc.create(new_tz) # Create a logical switch for the db tier new_ls = LogicalSwitch( transport_zone_id=demo_tz.id, admin_state=LogicalSwitch.ADMIN_STATE_UP, replication_mode=LogicalSwitch.REPLICATION_MODE_MTEP, display_name="ls-db", ) db_ls = logicalswitches_svc.create(new_ls) # Create a logical switch for the web tier new_ls = LogicalSwitch( transport_zone_id=demo_tz.id, admin_state=LogicalSwitch.ADMIN_STATE_UP, replication_mode=LogicalSwitch.REPLICATION_MODE_MTEP, display_name="ls-web", ) web_ls = logicalswitches_svc.create(new_ls) # Create a logical router that will route traffic between # the web and db tiers new_lr = LogicalRouter( router_type=LogicalRouter.ROUTER_TYPE_TIER1, display_name="lr-demo", failover_mode=LogicalRouter.FAILOVER_MODE_PREEMPTIVE ) lr = logicalrouters_svc.create(new_lr) # Create a logical port on the db and web logical switches. We # will attach the logical router to those ports so that it can # route between the logical switches. # Logical port on the db logical switch new_lp = LogicalPort( admin_state=LogicalPort.ADMIN_STATE_UP, logical_switch_id=db_ls.id, display_name="dbTierUplinkToRouter" ) db_port_on_ls = logicalports_svc.create(new_lp) # Logical port on the web logical switch new_lp = LogicalPort( admin_state=LogicalPort.ADMIN_STATE_UP, logical_switch_id=web_ls.id, display_name="webTierUplinkToRouter" ) web_port_on_ls = logicalports_svc.create(new_lp) # Populate a logical router downlink port payload and configure # the port with the CIDR 192.168.1.1/24. We will attach this # port to the db tier's logical switch. new_lr_port = LogicalRouterDownLinkPort( subnets=[IPSubnet(ip_addresses=["192.168.1.1"], prefix_length=24)], linked_logical_switch_port_id=ResourceReference( target_id=db_port_on_ls.id), resource_type="LogicalRouterDownLinkPort", logical_router_id=lr.id ) # Create the downlink port lr_port_for_db_tier = logicalrouterports_svc.create(new_lr_port) # Convert to concrete type lr_port_for_db_tier = lr_port_for_db_tier.convert_to( LogicalRouterDownLinkPort) # Populate a logical router downlink port payload and configure # the port with the CIDR 192.168.2.1/24. We will attach this # port to the web tier's logical switch. new_lr_port = LogicalRouterDownLinkPort( subnets=[IPSubnet(ip_addresses=["192.168.2.1"], prefix_length=24)], linked_logical_switch_port_id=ResourceReference( target_id=web_port_on_ls.id), resource_type="LogicalRouterDownLinkPort", logical_router_id=lr.id ) # Create the downlink port lr_port_for_web_tier = logicalrouterports_svc.create(new_lr_port) lr_port_for_web_tier = lr_port_for_web_tier.convert_to( LogicalRouterDownLinkPort) # Now establish a firewall policy that only allows MSSQL # server traffic and ICMP traffic in and out of the db tier's # logical switch. # Create 3 firewall rules. The first will allow traffic used # by MS SQL Server to pass. This rule references a built-in # ns service group that includes all the common ports used by # the MSSQL Server. The ID is common to all NSX installations. MSSQL_SERVER_NS_GROUP_ID = "5a6d380a-6d28-4e3f-b705-489f463ae6ad" ms_sql_rule = FirewallRule( action=FirewallRule.ACTION_ALLOW, display_name="Allow MSSQL Server", ip_protocol=FirewallRule.IP_PROTOCOL_IPV4_IPV6, services=[ FirewallService( target_type="NSServiceGroup", target_id=MSSQL_SERVER_NS_GROUP_ID ) ] ) # The second rule will allow ICMP echo requests and responses. ICMP_ECHO_REQUEST_NS_SVC_ID = "5531a880-61aa-42cc-ba4b-13b9ea611e2f" ICMP_ECHO_REPLY_NS_SVC_ID = "c54b2d86-6327-41ff-a3fc-c67171b6ba63" icmp_rule = FirewallRule( action=FirewallRule.ACTION_ALLOW, display_name="Allow ICMP Echo", ip_protocol=FirewallRule.IP_PROTOCOL_IPV4_IPV6, services=[ FirewallService( target_type="NSService", target_id=ICMP_ECHO_REQUEST_NS_SVC_ID ), FirewallService( target_type="NSService", target_id=ICMP_ECHO_REPLY_NS_SVC_ID ) ] ) # The third rule will drop all traffic not passed by the previous # rules. block_all_rule = FirewallRule( action=FirewallRule.ACTION_DROP, display_name="Drop all", ip_protocol=FirewallRule.IP_PROTOCOL_IPV4_IPV6 ) # Add all rules to a new firewall section and create the section. rule_list = FirewallSectionRuleList( rules=[ms_sql_rule, icmp_rule, block_all_rule], section_type=FirewallSection.SECTION_TYPE_LAYER3, stateful=True, display_name="MSSQL Server", description="Only allow MSSQL server traffic" ) demo_section = fwsections_svc.createwithrules( rule_list, None, operation="insert_top") # Re-read the firewall section so that we are operating on up-to-date # data. section = fwsections_svc.get(demo_section.id) # Make the firewall section apply to the db tier logical # switch. This enables the firewall policy on all logical # ports attached to the db tier logical switch. section.applied_tos = [ ResourceReference(target_id=db_ls.id, target_type="LogicalSwitch") ] fwsections_svc.update(section.id, section) print("At this point you may attach VMs for the db tier to the db") print("logical switch and VMs for the web tier to the web logical") print("switch. The network interfaces should be configured as") print("follows:") print("db tier:") print(" IP address: in the range 192.168.1.2-254") print(" Netmask: 255.255.255.0") print(" Default route: 192.168.1.1") print("web tier:") print(" IP address: in the range 192.168.2.2-254") print(" Netmask: 255.255.255.0") print(" Default route: 192.168.2.1") print("Logical switch IDs:") print(" %s: %s" % (db_ls.display_name, db_ls.id)) print(" %s: %s" % (web_ls.display_name, web_ls.id)) print("Transport zone: %s: %s" % (demo_tz.display_name, demo_tz.id)) print("Press enter to delete all resources created for this example.") sys.stdin.readline() fwsections_svc.delete(section.id, cascade=True) logicalrouterports_svc.delete(lr_port_for_web_tier.id) logicalrouterports_svc.delete(lr_port_for_db_tier.id) logicalports_svc.delete(web_port_on_ls.id) logicalports_svc.delete(db_port_on_ls.id) logicalrouters_svc.delete(lr.id) logicalswitches_svc.delete(web_ls.id) logicalswitches_svc.delete(db_ls.id) transportzones_svc.delete(demo_tz.id)
def main(): args = getargs.getargs() stub_config = auth.get_basic_auth_stub_config(args.user, args.password, args.nsx_host, args.tcp_port) # Create a pretty printer to make the output look nice. pp = PrettyPrinter() # Create the services we'll need. infra_svc = Infra(stub_config) domains_svc = Domains(stub_config) # First, retrieve /infra and the domains in /infra. If your NSX # policy service has just been installed, there will be no domains. infra = infra_svc.get() print("Initial state of /infra") pp.pprint(infra) domains = domains_svc.list() print("All domains: total of %d domains" % domains.result_count) # Create a domain with a random id domain_id = "Domain_%d" % random.choice(range(10000)) domain = Domain( id=domain_id, display_name=domain_id, # Note: the revision should not be required, but for # now it must be provided on initial object creation. revision=0 ) try: domains_svc.update(domain_id, domain) print("Domain %s created." % domain_id) except Error as ex: api_error = ex.data.convert_to(ApiError) print("An error occurred: %s" % api_error.error_message) # Read that domain read_domain = domains_svc.get(domain_id) print("Re-read the domain") pp.pprint(read_domain) # List all domains again. The newly created domain # will be in the list. domains = domains_svc.list() print("All domains: total of %d domains" % domains.result_count) print("You can now examine the infra and domains in the") print("NSX policy service if you wish. Press enter to continue.") sys.stdin.readline() # Update the domain. The NSX policy API only supports a create API, # so to update an existing resource, just call the create method # again, passing the properties you wish to update. read_domain.description = "Updated description for transport zone" domains_svc.update(domain_id, read_domain) # Re-read the domain read_domain = domains_svc.get(domain_id) print("Domain after updating") pp.pprint(read_domain) # Delete the domain domains_svc.delete(domain_id) print("After deleting domain") # Now if we try to read the domain, we should get a # 404 Not Found error. This example also shows how you can # check for and handle specific errors from the NSX Policy API. try: read_domain = domains_svc.get(domain_id) except NotFound: print("Domain is gone, as expected")
def main(): connection = create_api_connection() pp = PrettyPrinter() pp.pprint( LogicalRouters(connection).get(logical_router_id=LOGICAL_ROUTER_ID)) pp.pprint(NatRules(connection).list(logical_router_id=LOGICAL_ROUTER_ID)) # pp.pprint(BgpAdvertisementRules(connection).get(logical_router_id=LOGICAL_ROUTER_ID)) pp.pprint( BgpRedistributionRules(connection).get( logical_router_id=LOGICAL_ROUTER_ID)) pp.pprint(BfdPeers(connection).list(logical_router_id=LOGICAL_ROUTER_ID)) pp.pprint( BgpNeighborsStatus(connection).list( logical_router_id=LOGICAL_ROUTER_ID, source='realtime'))