def create_virtual_network(self, group_name, location, network_name,
subnet_name):
result = self.network_client.virtual_networks.begin_create_or_update(
group_name,
network_name,
# model style
network_models.VirtualNetwork(
location=location,
address_space=network_models.AddressSpace(
address_prefixes=['10.0.0.0/16']))
# json style
# {
# 'location': location,
# 'address_space': {
# 'address_prefixes': ['10.0.0.0/16']
# }
# }
)
vnet = result.result()
async_subnet_creation = self.network_client.subnets.begin_create_or_update(
group_name,
network_name,
subnet_name,
# model style
network_models.Subnet(address_prefix='10.0.0.0/24')
# json style
# {'address_prefix': '10.0.0.0/24'}
)
subnet = async_subnet_creation.result()
return (vnet, subnet)
def create_virtual_network_and_subnet(
resource_client, network_client, resource_group, location,
vnet_settings):
# type: (azure.mgmt.resource.resources.ResourceManagementClient,
# azure.mgmt.network.NetworkManagementClient, str, str,
# settings.VirtualNetworkSettings) ->
# Tuple[networkmodels.VirtualNetwork, networkmodels.Subnet]
"""Create a Virtual network and subnet. This is a blocking function.
:param azure.mgmt.resource.resources.ResourceManagementClient
resource_client: resource client
:param azure.mgmt.network.NetworkManagementClient network_client:
network client
:param str resource_group: resouce group name
:param str location: location
:param settings.VirtualNetworkSettings vnet: vnet settings
:rtype: tuple
:return: (virtual network, subnet)
"""
# check if vnet already exists
exists = False
try:
virtual_network = network_client.virtual_networks.get(
resource_group_name=resource_group,
virtual_network_name=vnet_settings.name,
)
if vnet_settings.existing_ok:
logger.debug('virtual network {} already exists'.format(
virtual_network.id))
exists = True
else:
raise RuntimeError(
'virtual network {} already exists'.format(virtual_network.id))
except msrestazure.azure_exceptions.CloudError as e:
if e.status_code == 404:
pass
else:
raise
if not exists:
if not vnet_settings.create_nonexistant:
raise RuntimeError(
('create_nonexistant setting is {} for virtual '
'network {}').format(
vnet_settings.create_nonexistant, vnet_settings.name))
# create resource group if needed
create_resource_group(resource_client, resource_group, location)
logger.info('creating virtual network: {}'.format(vnet_settings.name))
async_create = AsyncOperation(functools.partial(
network_client.virtual_networks.create_or_update,
resource_group_name=resource_group,
virtual_network_name=vnet_settings.name,
parameters=networkmodels.VirtualNetwork(
location=location,
address_space=networkmodels.AddressSpace(
address_prefixes=[
vnet_settings.address_space,
],
),
),
))
virtual_network = async_create.result()
# attach subnet
exists = False
try:
subnet = network_client.subnets.get(
resource_group_name=resource_group,
virtual_network_name=vnet_settings.name,
subnet_name=vnet_settings.subnet_name,
)
if vnet_settings.existing_ok:
logger.debug('subnet {} already exists'.format(subnet.id))
exists = True
else:
raise RuntimeError(
'subnet {} already exists'.format(subnet.id))
except msrestazure.azure_exceptions.CloudError as e:
if e.status_code == 404:
pass
else:
raise
if not exists:
if not vnet_settings.create_nonexistant:
raise RuntimeError(
('create_nonexistant setting is {} for virtual '
'network {} and subnet {}').format(
vnet_settings.create_nonexistant, vnet_settings.name,
vnet_settings.subnet_name))
logger.info('attaching subnet {} to virtual network {}'.format(
vnet_settings.subnet_name, vnet_settings.name))
async_create = AsyncOperation(functools.partial(
network_client.subnets.create_or_update,
resource_group_name=resource_group,
virtual_network_name=vnet_settings.name,
subnet_name=vnet_settings.subnet_name,
subnet_parameters=networkmodels.Subnet(
address_prefix=vnet_settings.subnet_address_prefix
)
))
subnet = async_create.result()
logger.info(
('virtual network: {} [provisioning_state={} address_space={} '
'subnet={} address_prefix={}]').format(
virtual_network.id, virtual_network.provisioning_state,
virtual_network.address_space.address_prefixes,
vnet_settings.subnet_name, subnet.address_prefix))
return (virtual_network, subnet)
def create_vnet(results_queue, creds, subscription, vv):
settings = Settings()
hub_1_public = None
hub_1_private = None
resource_client = ResourceManagementClient(creds, subscription)
compute_client = ComputeManagementClient(creds, subscription)
storage_client = StorageManagementClient(creds, subscription)
network_client = NetworkManagementClient(creds, subscription)
# 1 Create Resource Group
resg = resource_client.resource_groups.create_or_update(
vv['resource_group_name'], {'location': vv['region']})
rg = resg.name
# 2 Create WAN Network Security Group
rule_ssh_in = network_models.SecurityRule(
description='allow ssh in',
protocol='TCP',
source_port_range='*',
destination_port_range='22',
source_address_prefix='*',
destination_address_prefix='*', # Or to local CIDR
access='Allow',
priority=100,
direction='Inbound',
name='ssh-inbound')
rule_internet_key_exchange_in = network_models.SecurityRule(
description='allow ike in',
protocol='UDP',
source_port_range='*',
destination_port_range='500',
source_address_prefix='*',
destination_address_prefix='*', # Or to local CIDR
access='Allow',
priority=110,
direction='Inbound',
name='ike-inbound')
rule_nat_t_in = network_models.SecurityRule(
description='allow nat-t in',
protocol='UDP',
source_port_range='*',
destination_port_range='4500',
source_address_prefix='*',
destination_address_prefix='*', # Or to local CIDR
access='Allow',
priority=120,
direction='Inbound',
name='nat-t-inbound')
wan_ipsec_nsg_params = network_models.NetworkSecurityGroup(
location=vv['region'],
security_rules=[
rule_ssh_in, rule_internet_key_exchange_in, rule_nat_t_in
])
nsg_creation = network_client.network_security_groups.create_or_update(
rg, vv['wan_security_group_name'], wan_ipsec_nsg_params)
wan_ipsec_nsg = network_client.network_security_groups.get(
vv['resource_group_name'], vv['wan_security_group_name'])
# Create Private Network Security Group
all_in = network_models.SecurityRule(description='allow all traffic',
protocol='*',
source_port_range='*',
destination_port_range='*',
source_address_prefix='*',
destination_address_prefix='*',
access='Allow',
priority=100,
direction='Inbound',
name='All')
open_nsg_params = network_models.NetworkSecurityGroup(
location=vv['region'], security_rules=[all_in])
open_nsg_creation = network_client.network_security_groups.create_or_update(
rg, 'open_nsg', open_nsg_params)
open_nsg = network_client.network_security_groups.get(
vv['resource_group_name'], 'open_nsg')
# 3 Create a VNET
address_space_model = network_models.AddressSpace(
address_prefixes=[vv['public_vnet_prefix'], vv['private_vnet_prefix']])
if vv['type'] == 'silb':
vnet_model = network_models.VirtualNetwork(
location=vv['region'],
tags={
vv['tvpc_program_key']: vv['cluster'],
'tvpc_silb_vnet': 'True'
},
address_space=address_space_model,
)
elif vv['type'] == 'vnet':
vnet_model = network_models.VirtualNetwork(
location=vv['region'],
tags={vv['tvpc_program_key']: vv['cluster']},
address_space=address_space_model,
)
else:
vnet_model = network_models.VirtualNetwork(
location=vv['region'],
address_space=address_space_model,
)
result_object_vnet_creation = network_client.virtual_networks.create_or_update(
resource_group_name=vv['resource_group_name'],
virtual_network_name=vv['vnet_name'],
parameters=vnet_model)
result_object_vnet_creation.wait()
# 4 Create Routes
default_route = network_models.Route(address_prefix='0.0.0.0/0',
next_hop_type='Internet',
name='default_route')
private_subnet_route = network_models.Route(
address_prefix=vv['private_vnet_prefix'],
next_hop_type='VnetLocal',
name='private_subnet_route')
# 5 Create Route Tables
wan_route_table_params = network_models.RouteTable(
location=vv['region'], routes=[default_route, private_subnet_route])
result_object_route_table_wan_creation = network_client.route_tables.create_or_update(
vv['resource_group_name'], 'wan_route_table', wan_route_table_params)
result_object_route_table_wan_creation.wait()
wan_route_table = result_object_route_table_wan_creation.result()
private_route_table_params = network_models.RouteTable(
location=vv['region'], routes=[private_subnet_route])
result_object_route_table_private_creation = network_client.route_tables.create_or_update(
vv['resource_group_name'], 'private_route_table',
private_route_table_params)
result_object_route_table_private_creation.wait()
private_route_table = result_object_route_table_private_creation.result()
# 6 Create Subnets
result_object_subnet_creation = network_client.subnets.create_or_update(
resource_group_name=vv['resource_group_name'],
virtual_network_name=vv['vnet_name'],
subnet_name='TVPC_WAN_Subnet',
subnet_parameters=network_models.Subnet(
address_prefix=vv['public_vnet_prefix'],
network_security_group=wan_ipsec_nsg,
route_table=wan_route_table))
subnet_wan = result_object_subnet_creation.result()
result_object_subnet_creation = network_client.subnets.create_or_update(
resource_group_name=vv['resource_group_name'],
virtual_network_name=vv['vnet_name'],
subnet_name='TVPC_Private_Subnet',
subnet_parameters=network_models.Subnet(
address_prefix=vv['private_vnet_prefix'],
route_table=private_route_table))
subnet_private = result_object_subnet_creation.result()
# 7 Create Storage Account
storage_result_object_operation = storage_client.storage_accounts.create(
vv['resource_group_name'], vv['storage_account_name'], {
'sku': {
'name': 'standard_lrs'
},
'kind': 'storage',
'location': vv['region']
})
storage_result_object_operation.wait()
# 8 Create an Availability Set
if vv['type'] == 'silb':
av_sku_params = compute_models.Sku(name='Aligned')
availability_set_parameters = compute_models.AvailabilitySet(
location=vv['region'],
platform_update_domain_count=5,
platform_fault_domain_count=2,
sku=av_sku_params)
avset = compute_client.availability_sets.create_or_update(
rg, vv['availability_set_name'], availability_set_parameters)
avset_return = compute_client.availability_sets.get(
vv['resource_group_name'], vv['availability_set_name'])
# 9 Create Load Balancer
if vv['type'] == 'silb':
load_balancer_name = 'SILB'
fip_name = 'FIPdmvpn'
bap_name = 'BAPdmvpn'
probe_name = 'SSHhealthcheck'
silb_rule_name = 'slball'
def construct_fip_id(subscription_id):
return ('/subscriptions/{}'
'/resourceGroups/{}'
'/providers/Microsoft.Network'
'/loadBalancers/{}'
'/frontendIPConfigurations/{}').format(
subscription_id, vv['resource_group_name'],
load_balancer_name, fip_name)
def construct_bap_id(subscription_id):
return ('/subscriptions/{}'
'/resourceGroups/{}'
'/providers/Microsoft.Network'
'/loadBalancers/{}'
'/backendAddressPools/{}').format(
subscription_id, vv['resource_group_name'],
load_balancer_name, bap_name)
def construct_probe_id(subscription_id):
return ('/subscriptions/{}'
'/resourceGroups/{}'
'/providers/Microsoft.Network'
'/loadBalancers/{}'
'/probes/{}').format(subscription_id,
vv['resource_group_name'],
load_balancer_name, probe_name)
subnet_silb = network_client.subnets.get(vv['resource_group_name'],
vv['vnet_name'],
'TVPC_Private_Subnet')
front_ip_config = network_models.FrontendIPConfiguration(
private_ip_allocation_method='Dynamic',
subnet={'id': subnet_silb.id},
name=fip_name,
)
back_pool = network_models.BackendAddressPool(name=bap_name)
fipn = construct_fip_id(subscription_id)
bapn = construct_bap_id(subscription_id)
proben = construct_probe_id(subscription_id)
silb_rules = network_models.LoadBalancingRule(
frontend_ip_configuration={'id': fipn},
backend_address_pool={'id': bapn},
probe={'id': proben},
protocol='All',
load_distribution='Default',
frontend_port=0,
backend_port=0,
idle_timeout_in_minutes=4,
enable_floating_ip=True,
enable_tcp_reset=False,
disable_outbound_snat=True,
name=silb_rule_name)
silb_probes = network_models.Probe(protocol='Tcp',
port=22,
interval_in_seconds=5,
number_of_probes=2,
name=probe_name)
silb_sku = network_models.LoadBalancerSku(name='Standard')
silb_model = network_models.LoadBalancer(
location=vv['region'],
frontend_ip_configurations=[front_ip_config],
backend_address_pools=[back_pool],
load_balancing_rules=[silb_rules],
probes=[silb_probes],
sku=silb_sku,
tags={vv['tvpc_program_key']: vv['cluster']},
)
lb_result_object_creation = network_client.load_balancers.create_or_update(
resource_group_name=vv['resource_group_name'],
load_balancer_name=load_balancer_name,
parameters=silb_model)
lb_info = lb_result_object_creation.result()
bap_info = network_client.load_balancer_backend_address_pools.get(
vv['resource_group_name'], load_balancer_name, bap_name)
router_counter = 0
for r in vv['dmvpn_address']:
vv['router_counter'] = str(router_counter)
vv['dmvpn_address_router'] = vv['dmvpn_address'][router_counter]
# 9 Create PublicIP
address_sku = network_models.PublicIPAddressSku(name='Standard')
public_ip_address_parameters = network_models.PublicIPAddress(
location=vv['region'],
public_ip_allocation_method='Static',
sku=address_sku)
pip_name = 'pip_' + str(router_counter)
result_object_public_ip_creation = network_client.public_ip_addresses.create_or_update(
vv['resource_group_name'], pip_name, public_ip_address_parameters)
result_object_public_ip_creation.wait()
public_ip_info = result_object_public_ip_creation.result()
# 10 Create NICs
nic_0_name = 'CSR_' + str(router_counter) + '_nic_0'
nic_0_config = network_models.IPConfiguration(
subnet=subnet_wan,
name=nic_0_name,
private_ip_allocation_method=network_models.IPAllocationMethod.
dynamic,
public_ip_address=public_ip_info)
nic_0_parameters = network_models.NetworkInterface(
location=vv['region'],
network_security_group=wan_ipsec_nsg,
enable_accelerated_networking=True,
ip_configurations=[nic_0_config],
primary=True,
enable_ip_forwarding=False # False
)
result_object_nic_0_create = network_client.network_interfaces.create_or_update(
vv['resource_group_name'], nic_0_name, nic_0_parameters)
result_object_nic_0_create.wait()
nic_0 = result_object_nic_0_create.result()
nic_0.primary = True # This is a bug. The primary key is always None after interface create or update
if vv['type'] == 'silb':
nic_1_name = 'CSR_' + str(router_counter) + '_nic_1'
result_object_nic_1_create = network_client.network_interfaces.create_or_update(
vv['resource_group_name'], nic_1_name, {
'location':
vv['region'],
'network_security_group':
open_nsg,
'enable_accelerated_networking':
True,
'enable_ip_forwarding':
True,
'primary':
False,
'ip_configurations': [{
'name':
'some_config_name',
'subnet': {
'id': subnet_silb.id
},
'private_ip_allocation_method':
network_models.IPAllocationMethod.dynamic,
'load_balancer_backend_address_pools': [{
'id':
bap_info.id
}]
}]
})
result_object_nic_1_create.wait()
nic_1 = result_object_nic_1_create.result()
nic_1.primary = False # This is a bug. The primary key is always None after interface create or update
else:
nic_1_name = 'CSR_' + str(router_counter) + '_nic_1'
nic_1_config = network_models.IPConfiguration(
subnet=subnet_private,
name=nic_1_name,
private_ip_allocation_method=network_models.IPAllocationMethod.
dynamic)
nic_1_parameters = network_models.NetworkInterface(
location=vv['region'],
network_security_group=wan_ipsec_nsg,
enable_accelerated_networking=True,
ip_configurations=[nic_1_config],
primary=False,
enable_ip_forwarding=True)
result_object_nic_1_create = network_client.network_interfaces.create_or_update(
vv['resource_group_name'], nic_1_name, nic_1_parameters)
result_object_nic_1_create.wait()
nic_1 = result_object_nic_1_create.result()
nic_1.primary = False # This is a bug. The primary key is always None after interface create or update
# 11 Create VM
computer_name = vv['hostname'] + str(router_counter)
os_profile = compute_models.OSProfile(computer_name=computer_name,
admin_username=vv['username'],
admin_password=vv['password'])
hardware_profile = compute_models.HardwareProfile(
vm_size=vv['instance_type'])
storage_profile = compute_models.StorageProfile(
image_reference=compute_models.ImageReference(
publisher=vv['azure_vm_publisher'],
offer=vv['azure_vm_offer'],
sku=vv['azure_vm_sku'],
version='latest'))
network_profile = compute_models.NetworkProfile(
network_interfaces=[nic_0, nic_1])
image_plan = compute_models.Plan(name=vv['azure_vm_sku'],
publisher=vv['azure_vm_publisher'],
product=vv['azure_vm_offer'])
if vv['type'] == 'silb':
vm_profile = compute_models.VirtualMachine(
location=vv['region'],
os_profile=os_profile,
plan=image_plan,
hardware_profile=hardware_profile,
storage_profile=storage_profile,
network_profile=network_profile,
availability_set={'id': avset_return.id})
else:
vm_profile = compute_models.VirtualMachine(
location=vv['region'],
os_profile=os_profile,
plan=image_plan,
hardware_profile=hardware_profile,
storage_profile=storage_profile,
network_profile=network_profile)
result_object_vm_creation = compute_client.virtual_machines.create_or_update(
vv['resource_group_name'], computer_name, vm_profile)
result_object_vm_creation.wait()
vm_result = result_object_vm_creation.result()
# Get IP address
result = network_client.public_ip_addresses.get(
rg, public_ip_info.name)
public_ip = result.ip_address
vv['public_ip'] = public_ip
# If DMVPN hub, save info
if vv['type'] == 'hub':
hub_1_public = public_ip
hub_1_private = vv['dmvpn_address_router']
router = Router(vv['public_ip'], vv['username'], vv['password'],
vv['region'], vv['instance_type'],
settings.instance_types[vv['instance_type']])
if not router.initial_check_responsive():
print('router unresponsive')
if settings.regions[vv['region']]['smart_licensing'] == 'True':
if not router.register():
print('router unable to register with smart licensing')
config = router.render_config_from_template(
template_name='templates/baseline.j2', variables_dict=vv)
# want an exception if configuration result is not true
if not router.configure_router(config):
print('unable to configure router')
if vv['type'] == 'hub':
config = router.render_config_from_template(
template_name='templates/dmvpn_hub.j2', variables_dict=vv)
if not router.configure_router(config):
print('unable to configure router')
elif vv['type'] == 'spoke':
config = router.render_config_from_template(
template_name='templates/dmvpn_spoke.j2', variables_dict=vv)
if not router.configure_router(config):
print('unable to configure router')
elif vv['type'] == 'silb':
config = router.render_config_from_template(
template_name='templates/dmvpn_spoke_silb.j2',
variables_dict=vv)
if not router.configure_router(config):
print('unable to configure router')
elif vv['type'] == 'vnet':
config = router.render_config_from_template(
template_name='templates/app_vnet.j2', variables_dict=vv)
if not router.configure_router(config):
print('unable to configure router')
if not router.configure_router(
['end', 'event manager run 10interface']):
print('unable to configure 10 gigabitethernet interface')
router_counter += 1
# Tag SILB VNET with SILB private IP
if vv['type'] == 'silb':
lb_info = network_client.load_balancers.get(vv['resource_group_name'],
load_balancer_name)
silb_private_ip = lb_info.frontend_ip_configurations[
0].private_ip_address
vnet = network_client.virtual_networks.get(vv['resource_group_name'],
vv['vnet_name'])
vnet.tags.update({'tvpc_silb_private_address': silb_private_ip})
network_client.virtual_networks.create_or_update(
vv['resource_group_name'], vv['vnet_name'], vnet)
results_queue.put({
'hub_1_public': hub_1_public,
'hub_1_private': hub_1_private
})
def get_fake_network(client, resource_group, network_name):
network = network_models.VirtualNetwork()
network.name = network_name
address_space = network_models.AddressSpace(address_prefixes=[])
network.address_space = address_space
return network