def connectT0(t1, module, stub_config):
t0port = None
lrp_svc = LogicalRouterPorts(stub_config)
t0_lrp=LogicalRouterLinkPortOnTIER0(
display_name="t0-downlink-to_%s"%(t1.display_name),
logical_router_id=module.params['connected_t0_id'],
description=t1.id
)
try:
port = lrp_svc.create(t0_lrp)
t0port = port.convert_to(LogicalRouterLinkPortOnTIER0)
except Error as ex:
api_error = ex.date.convert_to(ApiError)
module.fail_json(msg='API Error creating T0 port: %s'%(api_error.error_message))
t1_lrp=LogicalRouterLinkPortOnTIER1(
display_name="%s-uplinklink-to_t0"%(t1.display_name),
description=module.params['connected_t0_id'],
logical_router_id=t1.id,
linked_logical_router_port_id=ResourceReference(target_id=t0port.id)
)
try:
t1port = lrp_svc.create(t1_lrp)
except Error as ex:
api_error = ex.date.convert_to(ApiError)
module.fail_json(msg='API Error creating T1 port: %s'%(api_error.error_message))
return True
def prepare_connectors():
global CONNECTION
CONNECTION = create_api_connection()
global SVC_LOGICAL_SWITCHES
SVC_LOGICAL_SWITCHES = LogicalSwitches(CONNECTION)
global SVC_LOGICAL_ROUTERS
SVC_LOGICAL_ROUTERS = LogicalRouters(CONNECTION)
global SVC_LOGICAL_ROUTER_PORTS
SVC_LOGICAL_ROUTER_PORTS = LogicalRouterPorts(CONNECTION)
global SVC_LOGICAL_PORTS
SVC_LOGICAL_PORTS = LogicalPorts(CONNECTION)
def compareLrpT0T1(lr, module, stub_config):
changed = False
t0id = None
lrp_svc = LogicalRouterPorts(stub_config)
lrpList = lrp_svc.list(logical_router_id=lr.id, resource_type='LogicalRouterLinkPortOnTIER1')
if lrpList.results:
lrp = lrpList.results[0].convert_to(LogicalRouterLinkPortOnTIER1)
t0port_id = lrp.linked_logical_router_port_id.target_id
t1port_id = lrp.id
t0tmp = lrp_svc.get(t0port_id)
t0lrp = t0tmp.convert_to(LogicalRouterLinkPortOnTIER0)
t0id = t0lrp.logical_router_id
if t0id:
if t0id != module.params['connected_t0_id']:
changed = True
if t1port_id:
if module.check_mode:
module.exit_json(changed=True, debug_out="Connection to T0 will be deleted")
lrp_svc.delete(t1port_id, force=True)
lrp_svc.delete(t0port_id, force=True)
if module.params['connected_t0_id']:
if module.check_mode:
module.exit_json(changed=True, debug_out="T1 will be connected to T0")
changed = connectT0(lr, module, stub_config)
elif not t0id:
if t0id != module.params['connected_t0_id']:
changed = True
if module.params['connected_t0_id']:
if module.check_mode:
module.exit_json(changed=True, debug_out="T1 will be connected to T0")
changed = connectT0(lr, module, stub_config)
return changed
def main():
args = getargs.getargs()
stub_config = auth.get_session_auth_stub_config(args.user, args.password,
args.nsx_host,
args.tcp_port)
pp = PrettyPrinter()
# Instantiate all the services we'll need.
transportzones_svc = TransportZones(stub_config)
logicalswitches_svc = LogicalSwitches(stub_config)
logicalrouters_svc = LogicalRouters(stub_config)
logicalrouterports_svc = LogicalRouterPorts(stub_config)
logicalports_svc = LogicalPorts(stub_config)
fwsections_svc = Sections(stub_config)
# Create a transport zone
new_tz = TransportZone(
transport_type=TransportZone.TRANSPORT_TYPE_OVERLAY,
display_name="Two Tier App Demo Transport Zone",
description="Transport zone for two-tier app demo",
host_switch_name="hostswitch"
)
demo_tz = transportzones_svc.create(new_tz)
# Create a logical switch for the db tier
new_ls = LogicalSwitch(
transport_zone_id=demo_tz.id,
admin_state=LogicalSwitch.ADMIN_STATE_UP,
replication_mode=LogicalSwitch.REPLICATION_MODE_MTEP,
display_name="ls-db",
)
db_ls = logicalswitches_svc.create(new_ls)
# Create a logical switch for the web tier
new_ls = LogicalSwitch(
transport_zone_id=demo_tz.id,
admin_state=LogicalSwitch.ADMIN_STATE_UP,
replication_mode=LogicalSwitch.REPLICATION_MODE_MTEP,
display_name="ls-web",
)
web_ls = logicalswitches_svc.create(new_ls)
# Create a logical router that will route traffic between
# the web and db tiers
new_lr = LogicalRouter(
router_type=LogicalRouter.ROUTER_TYPE_TIER1,
display_name="lr-demo",
failover_mode=LogicalRouter.FAILOVER_MODE_PREEMPTIVE
)
lr = logicalrouters_svc.create(new_lr)
# Create a logical port on the db and web logical switches. We
# will attach the logical router to those ports so that it can
# route between the logical switches.
# Logical port on the db logical switch
new_lp = LogicalPort(
admin_state=LogicalPort.ADMIN_STATE_UP,
logical_switch_id=db_ls.id,
display_name="dbTierUplinkToRouter"
)
db_port_on_ls = logicalports_svc.create(new_lp)
# Logical port on the web logical switch
new_lp = LogicalPort(
admin_state=LogicalPort.ADMIN_STATE_UP,
logical_switch_id=web_ls.id,
display_name="webTierUplinkToRouter"
)
web_port_on_ls = logicalports_svc.create(new_lp)
# Populate a logical router downlink port payload and configure
# the port with the CIDR 192.168.1.1/24. We will attach this
# port to the db tier's logical switch.
new_lr_port = LogicalRouterDownLinkPort(
subnets=[IPSubnet(ip_addresses=["192.168.1.1"], prefix_length=24)],
linked_logical_switch_port_id=ResourceReference(
target_id=db_port_on_ls.id),
resource_type="LogicalRouterDownLinkPort",
logical_router_id=lr.id
)
# Create the downlink port
lr_port_for_db_tier = logicalrouterports_svc.create(new_lr_port)
# Convert to concrete type
lr_port_for_db_tier = lr_port_for_db_tier.convert_to(
LogicalRouterDownLinkPort)
# Populate a logical router downlink port payload and configure
# the port with the CIDR 192.168.2.1/24. We will attach this
# port to the web tier's logical switch.
new_lr_port = LogicalRouterDownLinkPort(
subnets=[IPSubnet(ip_addresses=["192.168.2.1"], prefix_length=24)],
linked_logical_switch_port_id=ResourceReference(
target_id=web_port_on_ls.id),
resource_type="LogicalRouterDownLinkPort",
logical_router_id=lr.id
)
# Create the downlink port
lr_port_for_web_tier = logicalrouterports_svc.create(new_lr_port)
lr_port_for_web_tier = lr_port_for_web_tier.convert_to(
LogicalRouterDownLinkPort)
# Now establish a firewall policy that only allows MSSQL
# server traffic and ICMP traffic in and out of the db tier's
# logical switch.
# Create 3 firewall rules. The first will allow traffic used
# by MS SQL Server to pass. This rule references a built-in
# ns service group that includes all the common ports used by
# the MSSQL Server. The ID is common to all NSX installations.
MSSQL_SERVER_NS_GROUP_ID = "5a6d380a-6d28-4e3f-b705-489f463ae6ad"
ms_sql_rule = FirewallRule(
action=FirewallRule.ACTION_ALLOW,
display_name="Allow MSSQL Server",
ip_protocol=FirewallRule.IP_PROTOCOL_IPV4_IPV6,
services=[
FirewallService(
target_type="NSServiceGroup",
target_id=MSSQL_SERVER_NS_GROUP_ID
)
]
)
# The second rule will allow ICMP echo requests and responses.
ICMP_ECHO_REQUEST_NS_SVC_ID = "5531a880-61aa-42cc-ba4b-13b9ea611e2f"
ICMP_ECHO_REPLY_NS_SVC_ID = "c54b2d86-6327-41ff-a3fc-c67171b6ba63"
icmp_rule = FirewallRule(
action=FirewallRule.ACTION_ALLOW,
display_name="Allow ICMP Echo",
ip_protocol=FirewallRule.IP_PROTOCOL_IPV4_IPV6,
services=[
FirewallService(
target_type="NSService",
target_id=ICMP_ECHO_REQUEST_NS_SVC_ID
),
FirewallService(
target_type="NSService",
target_id=ICMP_ECHO_REPLY_NS_SVC_ID
)
]
)
# The third rule will drop all traffic not passed by the previous
# rules.
block_all_rule = FirewallRule(
action=FirewallRule.ACTION_DROP,
display_name="Drop all",
ip_protocol=FirewallRule.IP_PROTOCOL_IPV4_IPV6
)
# Add all rules to a new firewall section and create the section.
rule_list = FirewallSectionRuleList(
rules=[ms_sql_rule, icmp_rule, block_all_rule],
section_type=FirewallSection.SECTION_TYPE_LAYER3,
stateful=True,
display_name="MSSQL Server",
description="Only allow MSSQL server traffic"
)
demo_section = fwsections_svc.createwithrules(
rule_list, None, operation="insert_top")
# Re-read the firewall section so that we are operating on up-to-date
# data.
section = fwsections_svc.get(demo_section.id)
# Make the firewall section apply to the db tier logical
# switch. This enables the firewall policy on all logical
# ports attached to the db tier logical switch.
section.applied_tos = [
ResourceReference(target_id=db_ls.id,
target_type="LogicalSwitch")
]
fwsections_svc.update(section.id, section)
print("At this point you may attach VMs for the db tier to the db")
print("logical switch and VMs for the web tier to the web logical")
print("switch. The network interfaces should be configured as")
print("follows:")
print("db tier:")
print(" IP address: in the range 192.168.1.2-254")
print(" Netmask: 255.255.255.0")
print(" Default route: 192.168.1.1")
print("web tier:")
print(" IP address: in the range 192.168.2.2-254")
print(" Netmask: 255.255.255.0")
print(" Default route: 192.168.2.1")
print("Logical switch IDs:")
print(" %s: %s" % (db_ls.display_name, db_ls.id))
print(" %s: %s" % (web_ls.display_name, web_ls.id))
print("Transport zone: %s: %s" % (demo_tz.display_name, demo_tz.id))
print("Press enter to delete all resources created for this example.")
sys.stdin.readline()
fwsections_svc.delete(section.id, cascade=True)
logicalrouterports_svc.delete(lr_port_for_web_tier.id)
logicalrouterports_svc.delete(lr_port_for_db_tier.id)
logicalports_svc.delete(web_port_on_ls.id)
logicalports_svc.delete(db_port_on_ls.id)
logicalrouters_svc.delete(lr.id)
logicalswitches_svc.delete(web_ls.id)
logicalswitches_svc.delete(db_ls.id)
transportzones_svc.delete(demo_tz.id)