def parse_vlan_id(vlan_type, vlan_id): if not vlan_type or not vlan_id: raise ValueError('vlan_id is empty') if vlan_type == 'Access': if represents_int(vlan_id): return int(vlan_id) raise KeyError('Access supports only int vlan id') elif vlan_type == 'Trunk': if not vlan_id: raise Exception( 'VLAN should be a number or range in format 1-100') vlan_parts = str(vlan_id).split("-") if len(vlan_parts) > 2: raise Exception( 'VLAN should be a number or range in format 1-100') if len(vlan_parts) == 1: return [ vim.NumericRange(start=int(vlan_parts[0]), end=int(vlan_parts[0])) ] if len(vlan_parts) == 2: start_port = int(vlan_parts[0]) end_port = int(vlan_parts[1]) return [vim.NumericRange(start=start_port, end=end_port)] raise KeyError('vlan type: {0} is not supported'.format(vlan_type))
def create_port_group(self): config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() # Basic config config.name = self.module.params['portgroup_name'] config.numPorts = self.module.params['num_ports'] # Default port config config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy() if self.module.params['vlan_trunk']: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec() vlan_id_list = [] for vlan_id_splitted in self.module.params['vlan_id'].split(','): try: vlan_id_start, vlan_id_end = map(int, vlan_id_splitted.split('-')) if vlan_id_start not in range(0, 4095) or vlan_id_end not in range(0, 4095): self.module.fail_json(msg="vlan_id range %s specified is incorrect. The valid vlan_id range is from 0 to 4094." % vlan_id_splitted) vlan_id_list.append(vim.NumericRange(start=vlan_id_start, end=vlan_id_end)) except ValueError: vlan_id_list.append(vim.NumericRange(start=int(vlan_id_splitted.strip()), end=int(vlan_id_splitted.strip()))) config.defaultPortConfig.vlan.vlanId = vlan_id_list else: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec() config.defaultPortConfig.vlan.vlanId = int(self.module.params['vlan_id']) config.defaultPortConfig.vlan.inherited = False config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy() config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(value=self.module.params['network_policy']['promiscuous']) config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(value=self.module.params['network_policy']['forged_transmits']) config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(value=self.module.params['network_policy']['mac_changes']) # Teaming Policy teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy() teamingPolicy.policy = vim.StringPolicy(value=self.module.params['teaming_policy']['load_balance_policy']) teamingPolicy.reversePolicy = vim.BoolPolicy(value=self.module.params['teaming_policy']['inbound_policy']) teamingPolicy.notifySwitches = vim.BoolPolicy(value=self.module.params['teaming_policy']['notify_switches']) teamingPolicy.rollingOrder = vim.BoolPolicy(value=self.module.params['teaming_policy']['rolling_order']) config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy # PG policy (advanced_policy) config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy() config.policy.blockOverrideAllowed = self.module.params['port_policy']['block_override'] config.policy.ipfixOverrideAllowed = self.module.params['port_policy']['ipfix_override'] config.policy.livePortMovingAllowed = self.module.params['port_policy']['live_port_move'] config.policy.networkResourcePoolOverrideAllowed = self.module.params['port_policy']['network_rp_override'] config.policy.portConfigResetAtDisconnect = self.module.params['port_policy']['port_config_reset_at_disconnect'] config.policy.securityPolicyOverrideAllowed = self.module.params['port_policy']['security_override'] config.policy.shapingOverrideAllowed = self.module.params['port_policy']['shaping_override'] config.policy.trafficFilterOverrideAllowed = self.module.params['port_policy']['traffic_filter_override'] config.policy.uplinkTeamingOverrideAllowed = self.module.params['port_policy']['uplink_teaming_override'] config.policy.vendorConfigOverrideAllowed = self.module.params['port_policy']['vendor_config_override'] config.policy.vlanOverrideAllowed = self.module.params['port_policy']['vlan_override'] # PG Type config.type = self.module.params['portgroup_type'] task = self.dv_switch.AddDVPortgroup_Task([config]) changed, result = wait_for_task(task) return changed, result
def _get_vlan_range(self, raw_vlan_range): vlan_range = [] for item in raw_vlan_range: if '-' in item: lan_range = map(int, item.split('-')) vlan_range.append(vim.NumericRange(start=lan_range[0], end=lan_range[1])) else: item = int(item) vlan_range.append(vim.NumericRange(start=item, end=item)) return vlan_range
def update_dv_pg(args, dv_pg): dv_pg_spec = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() dv_pg_spec.name = args.dv_pg_name dv_pg_spec.numPorts = int(args.num_ports) dv_pg_spec.configVersion = dv_pg.config.configVersion dv_pg_spec.type = vim.dvs.DistributedVirtualPortgroup.PortgroupType.earlyBinding dv_pg_spec.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy( ) dv_pg_spec.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy( ) dv_pg_spec.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec( ) dv_pg_spec.defaultPortConfig.vlan.vlanId = [ vim.NumericRange(start=1, end=4094) ] dv_pg_spec.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy( value=True) dv_pg_spec.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy( value=True) dv_pg_spec.defaultPortConfig.vlan.inherited = False dv_pg_spec.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy( value=False) dv_pg_spec.defaultPortConfig.securityPolicy.inherited = False task = dv_pg.ReconfigureDVPortgroup_Task(dv_pg_spec) wait_for_task(task) print "Successfully modified DV Port Group %s" % args.dv_pg_name
def integration_test_connect_A(self): py_vmomi_service = pyVmomiService(SmartConnect, Disconnect) cred = TestCredentials() si = py_vmomi_service.connect(cred.host, cred.username, cred.password, cred.port) synchronous_task_waiter = SynchronousTaskWaiter() mapper = VnicToNetworkMapper(DvPortGroupNameGenerator()) dv_port_group_creator = DvPortGroupCreator(py_vmomi_service, synchronous_task_waiter) port_group_name_generator = DvPortGroupNameGenerator() virtual_machine_port_group_configurer = VirtualMachinePortGroupConfigurer( py_vmomi_service, synchronous_task_waiter, mapper, VNicService(), port_group_name_generator) mapping = VmNetworkMapping() mapping.vlan_id = [vim.NumericRange(start=65, end=65)] mapping.dv_port_name = DvPortGroupNameGenerator( ).generate_port_group_name(65, 'Trunk') mapping.dv_switch_name = 'dvSwitch' mapping.dv_switch_path = 'QualiSB' mapping.vlan_spec = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec( ) connector = VirtualSwitchToMachineConnector( dv_port_group_creator, virtual_machine_port_group_configurer) vm = py_vmomi_service.find_vm_by_name(si, 'QualiSB/Raz', '2') # Act connector.connect_by_mapping(si, vm, [mapping], None, []) pass
def create_dv_port_group(self, dv_port_name, dv_switch_name, dv_switch_path, si): dv_switch = self.pyvmomi_service.find_network_by_name(si, dv_switch_path, dv_switch_name) dv_pg_spec = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() dv_pg_spec.name = dv_port_name dv_pg_spec.numPorts = 32 dv_pg_spec.type = vim.dvs.DistributedVirtualPortgroup.PortgroupType.earlyBinding dv_pg_spec.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy() dv_pg_spec.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy() dv_pg_spec.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec() dv_pg_spec.defaultPortConfig.vlan.vlanId = [vim.NumericRange(start=1, end=4094)] dv_pg_spec.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(value=True) dv_pg_spec.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(value=True) dv_pg_spec.defaultPortConfig.vlan.inherited = False dv_pg_spec.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(value=False) dv_pg_spec.defaultPortConfig.securityPolicy.inherited = False task = dv_switch.AddDVPortgroup_Task([dv_pg_spec]) print "Successfully created DV Port Group ", dv_port_name port_group = self.synchronous_task_waiter.wait_for_task(task) return port_group
def add_dvPort_group(si, dv_switch, vlan_id, pg_name): print("Creating DV Portgroup '" + pg_name + "' on DVS '" + dv_switch.name + "'") dv_pg_spec = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() dv_pg_spec.name = pg_name dv_pg_spec.numPorts = 1 dv_pg_spec.type = vim.dvs.DistributedVirtualPortgroup.PortgroupType.earlyBinding #VLAN attributes start = int(vlan_id) end = int(vlan_id) dv_pg_spec.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy( ) dv_pg_spec.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec( ) dv_pg_spec.defaultPortConfig.vlan.vlanId = [ vim.NumericRange(start=start, end=end) ] dv_pg_spec.defaultPortConfig.vlan.inherited = False #Security Policy dv_pg_spec.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy( ) dv_pg_spec.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy( value=True) dv_pg_spec.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy( value=True) dv_pg_spec.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy( value=False) dv_pg_spec.defaultPortConfig.securityPolicy.inherited = False task = dv_switch.AddDVPortgroup_Task([dv_pg_spec]) wait_for_task(task, si) print("Successfully created DV Portgroup: ", pg_name)
def dvs_pg_info(self, dv_pg_name, dv_pg_ports_num, vlan_type, vlan_list): dv_pg_spec = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() dv_pg_spec.name = dv_pg_name dv_pg_spec.numPorts = int(dv_pg_ports_num) dv_pg_spec.type = vim.dvs.DistributedVirtualPortgroup.PortgroupType.earlyBinding dv_pg_spec.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy( ) dv_pg_spec.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy( ) if vlan_type == 'access': dv_pg_spec.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec( ) dv_pg_spec.defaultPortConfig.vlan.vlanId = vlan_list[0] elif vlan_type == 'trunk': dv_pg_spec.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec( ) dv_pg_spec.defaultPortConfig.vlan.vlanId = [ vim.NumericRange(start=vlan_list[0], end=vlan_list[1]) ] dv_pg_spec.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy( value=True) dv_pg_spec.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy( value=True) dv_pg_spec.defaultPortConfig.vlan.inherited = False dv_pg_spec.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy( value=False) dv_pg_spec.defaultPortConfig.securityPolicy.inherited = False return dv_pg_spec
def create_port_group(self): config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() # Basic config config.name = self.portgroup_name config.numPorts = self.num_ports # Default port config config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy( ) if self.vlan_trunk: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec( ) vlan_id_start, vlan_id_end = self.vlan_id.split('-') config.defaultPortConfig.vlan.vlanId = [ vim.NumericRange(start=int(vlan_id_start.strip()), end=int(vlan_id_end.strip())) ] else: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec( ) config.defaultPortConfig.vlan.vlanId = int(self.vlan_id) config.defaultPortConfig.vlan.inherited = False config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy( ) config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy( value=self.security_promiscuous) config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy( value=self.security_forged_transmits) config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy( value=self.security_mac_changes) # PG policy (advanced_policy) config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy( ) config.policy.blockOverrideAllowed = self.policy_block_override config.policy.ipfixOverrideAllowed = self.policy_ipfix_override config.policy.livePortMovingAllowed = self.policy_live_port_move config.policy.networkResourcePoolOverrideAllowed = self.policy_network_rp_override config.policy.portConfigResetAtDisconnect = self.policy_port_config_reset_at_disconnect config.policy.securityPolicyOverrideAllowed = self.policy_security_override config.policy.shapingOverrideAllowed = self.policy_shaping_override config.policy.trafficFilterOverrideAllowed = self.policy_traffic_filter_override config.policy.uplinkTeamingOverrideAllowed = self.policy_uplink_teaming_override config.policy.vendorConfigOverrideAllowed = self.policy_vendor_config_override config.policy.vlanOverrideAllowed = self.policy_vlan_override # PG Type config.type = self.portgroup_type spec = [config] task = self.dv_switch.AddDVPortgroup_Task(spec) changed, result = wait_for_task(task) return changed, result
def build_config(self): config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() # Basic config config.name = self.module.params['portgroup_name'] config.numPorts = self.module.params['num_ports'] # Default port config config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy() if self.module.params['vlan_trunk']: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec() config.defaultPortConfig.vlan.vlanId = list(map(lambda x: vim.NumericRange(start=x[0], end=x[1]), self.create_vlan_list())) else: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec() config.defaultPortConfig.vlan.vlanId = int(self.module.params['vlan_id']) config.defaultPortConfig.vlan.inherited = False config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy() config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(value=self.module.params['network_policy']['promiscuous']) config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(value=self.module.params['network_policy']['forged_transmits']) config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(value=self.module.params['network_policy']['mac_changes']) # Teaming Policy teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy() teamingPolicy.policy = vim.StringPolicy(value=self.module.params['teaming_policy']['load_balance_policy']) teamingPolicy.reversePolicy = vim.BoolPolicy(value=self.module.params['teaming_policy']['inbound_policy']) teamingPolicy.notifySwitches = vim.BoolPolicy(value=self.module.params['teaming_policy']['notify_switches']) teamingPolicy.rollingOrder = vim.BoolPolicy(value=self.module.params['teaming_policy']['rolling_order']) config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy # PG policy (advanced_policy) config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy() config.policy.blockOverrideAllowed = self.module.params['port_policy']['block_override'] config.policy.ipfixOverrideAllowed = self.module.params['port_policy']['ipfix_override'] config.policy.livePortMovingAllowed = self.module.params['port_policy']['live_port_move'] config.policy.networkResourcePoolOverrideAllowed = self.module.params['port_policy']['network_rp_override'] config.policy.portConfigResetAtDisconnect = self.module.params['port_policy']['port_config_reset_at_disconnect'] config.policy.securityPolicyOverrideAllowed = self.module.params['port_policy']['security_override'] config.policy.shapingOverrideAllowed = self.module.params['port_policy']['shaping_override'] config.policy.trafficFilterOverrideAllowed = self.module.params['port_policy']['traffic_filter_override'] config.policy.uplinkTeamingOverrideAllowed = self.module.params['port_policy']['uplink_teaming_override'] config.policy.vendorConfigOverrideAllowed = self.module.params['port_policy']['vendor_config_override'] config.policy.vlanOverrideAllowed = self.module.params['port_policy']['vlan_override'] # PG Type config.type = self.module.params['portgroup_type'] return config
def add_dvPort_group(si, dv_switch): dv_pg_spec = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() dv_pg_spec.name = inputs['dv_port_name'] dv_pg_spec.numPorts = 32 dv_pg_spec.type = vim.dvs.DistributedVirtualPortgroup.PortgroupType.earlyBinding dv_pg_spec.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy() dv_pg_spec.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy() dv_pg_spec.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec() dv_pg_spec.defaultPortConfig.vlan.vlanId = [vim.NumericRange(start=1, end=4094)] dv_pg_spec.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(value=True) dv_pg_spec.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(value=True) dv_pg_spec.defaultPortConfig.vlan.inherited = False dv_pg_spec.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(value=False) dv_pg_spec.defaultPortConfig.securityPolicy.inherited = False task = dv_switch.AddDVPortgroup_Task([dv_pg_spec]) wait_for_task(task, si) print "Successfully created DV Port Group ", inputs['dv_port_name']
def ensure(self): """Manage uplink portgroup""" changed = changed_uplink_pg_policy = changed_vlan_trunk_range = changed_lacp = False results = dict(changed=changed) results['dvswitch'] = self.switch_name changed_list = [] uplink_pg_spec = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() # Use the same version in the new spec; The version will be increased by one by the API automatically uplink_pg_spec.configVersion = self.dvs.config.uplinkPortgroup[0].config.configVersion uplink_pg_config = self.dvs.config.uplinkPortgroup[0].config # Check name if self.uplink_pg_name: results['name'] = self.uplink_pg_name if uplink_pg_config.name != self.uplink_pg_name: changed = True changed_list.append("name") results['name_previous'] = uplink_pg_config.name uplink_pg_spec.name = self.uplink_pg_name else: results['name'] = uplink_pg_config.name # Check description results['description'] = self.uplink_pg_description if uplink_pg_config.description != self.uplink_pg_description: changed = True changed_list.append("description") results['description_previous'] = uplink_pg_config.description uplink_pg_spec.description = self.uplink_pg_description # Check port policies results['adv_reset_at_disconnect'] = self.uplink_pg_reset results['adv_block_ports'] = self.uplink_pg_block_ports results['adv_vendor_conf'] = self.uplink_pg_vendor_conf results['adv_vlan'] = self.uplink_pg_vlan results['adv_netflow'] = self.uplink_pg_netflow results['adv_traffic_filtering'] = self.uplink_pg_tf uplink_pg_policy_spec = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy() uplink_pg_policy_spec.portConfigResetAtDisconnect = self.uplink_pg_reset uplink_pg_policy_spec.blockOverrideAllowed = self.uplink_pg_block_ports uplink_pg_policy_spec.vendorConfigOverrideAllowed = self.uplink_pg_vendor_conf uplink_pg_policy_spec.vlanOverrideAllowed = self.uplink_pg_vlan uplink_pg_policy_spec.ipfixOverrideAllowed = self.uplink_pg_netflow uplink_pg_policy_spec.trafficFilterOverrideAllowed = self.uplink_pg_tf # There's no information available if the following option are deprecated, but # they aren't visible in the vSphere Client uplink_pg_policy_spec.shapingOverrideAllowed = False uplink_pg_policy_spec.livePortMovingAllowed = False uplink_pg_policy_spec.uplinkTeamingOverrideAllowed = False uplink_pg_policy_spec.securityPolicyOverrideAllowed = False uplink_pg_policy_spec.networkResourcePoolOverrideAllowed = False # Check policies if uplink_pg_config.policy.portConfigResetAtDisconnect != self.uplink_pg_reset: changed_uplink_pg_policy = True results['adv_reset_at_disconnect_previous'] = uplink_pg_config.policy.portConfigResetAtDisconnect if uplink_pg_config.policy.blockOverrideAllowed != self.uplink_pg_block_ports: changed_uplink_pg_policy = True results['adv_block_ports_previous'] = uplink_pg_config.policy.blockOverrideAllowed if uplink_pg_config.policy.vendorConfigOverrideAllowed != self.uplink_pg_vendor_conf: changed_uplink_pg_policy = True results['adv_vendor_conf_previous'] = uplink_pg_config.policy.vendorConfigOverrideAllowed if uplink_pg_config.policy.vlanOverrideAllowed != self.uplink_pg_vlan: changed_uplink_pg_policy = True results['adv_vlan_previous'] = uplink_pg_config.policy.vlanOverrideAllowed if uplink_pg_config.policy.ipfixOverrideAllowed != self.uplink_pg_netflow: changed_uplink_pg_policy = True results['adv_netflow_previous'] = uplink_pg_config.policy.ipfixOverrideAllowed if uplink_pg_config.policy.trafficFilterOverrideAllowed != self.uplink_pg_tf: changed_uplink_pg_policy = True results['adv_traffic_filtering_previous'] = uplink_pg_config.policy.trafficFilterOverrideAllowed if changed_uplink_pg_policy: changed = True changed_list.append("advanced") uplink_pg_spec.policy = uplink_pg_policy_spec uplink_pg_spec.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy() # Check VLAN trunk results['vlan_trunk_range'] = self.uplink_pg_vlan_trunk_range vlan_id_ranges = self.uplink_pg_vlan_trunk_range trunk_vlan_spec = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec() vlan_id_list = [] for vlan_id_range in vlan_id_ranges: vlan_id_range_found = False vlan_id_start, vlan_id_end = self.get_vlan_ids_from_range(vlan_id_range) # Check if range is already configured for current_vlan_id_range in uplink_pg_config.defaultPortConfig.vlan.vlanId: if current_vlan_id_range.start == int(vlan_id_start) and current_vlan_id_range.end == int(vlan_id_end): vlan_id_range_found = True break if vlan_id_range_found is False: changed_vlan_trunk_range = True vlan_id_list.append( vim.NumericRange(start=int(vlan_id_start), end=int(vlan_id_end)) ) # Check if range needs to be removed for current_vlan_id_range in uplink_pg_config.defaultPortConfig.vlan.vlanId: vlan_id_range_found = False for vlan_id_range in vlan_id_ranges: vlan_id_start, vlan_id_end = self.get_vlan_ids_from_range(vlan_id_range) if (current_vlan_id_range.start == int(vlan_id_start) and current_vlan_id_range.end == int(vlan_id_end)): vlan_id_range_found = True break if vlan_id_range_found is False: changed_vlan_trunk_range = True trunk_vlan_spec.vlanId = vlan_id_list if changed_vlan_trunk_range: changed = True changed_list.append("vlan trunk range") current_vlan_id_list = [] for current_vlan_id_range in uplink_pg_config.defaultPortConfig.vlan.vlanId: if current_vlan_id_range.start == current_vlan_id_range.end: current_vlan_id_range_string = current_vlan_id_range.start else: current_vlan_id_range_string = '-'.join( [str(current_vlan_id_range.start), str(current_vlan_id_range.end)] ) current_vlan_id_list.append(current_vlan_id_range_string) results['vlan_trunk_range_previous'] = current_vlan_id_list uplink_pg_spec.defaultPortConfig.vlan = trunk_vlan_spec # Check LACP lacp_support_mode = self.get_lacp_support_mode(self.support_mode) if lacp_support_mode == 'basic': results['lacp_status'] = self.lacp_status lacp_spec = vim.dvs.VmwareDistributedVirtualSwitch.UplinkLacpPolicy() lacp_enabled = False if self.lacp_status == 'enabled': lacp_enabled = True if uplink_pg_config.defaultPortConfig.lacpPolicy.enable.value != lacp_enabled: changed_lacp = True changed_list.append("lacp status") if uplink_pg_config.defaultPortConfig.lacpPolicy.enable.value: results['lacp_status_previous'] = 'enabled' else: results['lacp_status_previous'] = 'disabled' lacp_spec.enable = vim.BoolPolicy() lacp_spec.enable.inherited = False lacp_spec.enable.value = lacp_enabled if lacp_enabled and uplink_pg_config.defaultPortConfig.lacpPolicy.mode.value != self.lacp_mode: results['lacp_mode'] = self.lacp_mode changed_lacp = True changed_list.append("lacp mode") results['lacp_mode_previous'] = uplink_pg_config.defaultPortConfig.lacpPolicy.mode.value lacp_spec.mode = vim.StringPolicy() lacp_spec.mode.inherited = False lacp_spec.mode.value = self.lacp_mode if changed_lacp: changed = True uplink_pg_spec.defaultPortConfig.lacpPolicy = lacp_spec # Check NetFlow results['netflow_enabled'] = self.uplink_pg_netflow_enabled netflow_enabled_spec = vim.BoolPolicy() netflow_enabled_spec.inherited = False netflow_enabled_spec.value = self.uplink_pg_netflow_enabled if uplink_pg_config.defaultPortConfig.ipfixEnabled.value != self.uplink_pg_netflow_enabled: changed = True results['netflow_enabled_previous'] = uplink_pg_config.defaultPortConfig.ipfixEnabled.value changed_list.append("netflow") uplink_pg_spec.defaultPortConfig.ipfixEnabled = netflow_enabled_spec # TODO: Check Traffic filtering and marking # Check Block all ports results['block_all_ports'] = self.uplink_pg_block_all_ports block_all_ports_spec = vim.BoolPolicy() block_all_ports_spec.inherited = False block_all_ports_spec.value = self.uplink_pg_block_all_ports if uplink_pg_config.defaultPortConfig.blocked.value != self.uplink_pg_block_all_ports: changed = True changed_list.append("block all ports") results['block_all_ports_previous'] = uplink_pg_config.defaultPortConfig.blocked.value uplink_pg_spec.defaultPortConfig.blocked = block_all_ports_spec if changed: if self.module.check_mode: changed_suffix = ' would be changed' else: changed_suffix = ' changed' if len(changed_list) > 2: message = ', '.join(changed_list[:-1]) + ', and ' + str(changed_list[-1]) elif len(changed_list) == 2: message = ' and '.join(changed_list) elif len(changed_list) == 1: message = changed_list[0] message += changed_suffix if not self.module.check_mode: try: task = self.dvs.config.uplinkPortgroup[0].ReconfigureDVPortgroup_Task(uplink_pg_spec) wait_for_task(task) except TaskError as invalid_argument: self.module.fail_json(msg="Failed to update uplink portgroup : %s" % to_native(invalid_argument)) else: message = "Uplink portgroup already configured properly" results['changed'] = changed results['result'] = message self.module.exit_json(**results)
def build_config(self): config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec() # Basic config config.name = self.module.params['portgroup_name'] if self.module.params[ 'port_allocation'] != 'elastic' and self.module.params[ 'port_binding'] != 'ephemeral': config.numPorts = self.module.params['num_ports'] # Default port config config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy( ) if self.module.params['vlan_trunk']: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec( ) config.defaultPortConfig.vlan.vlanId = list( map(lambda x: vim.NumericRange(start=x[0], end=x[1]), self.create_vlan_list())) elif self.module.params['vlan_private']: # Check that private VLAN exists in dvs if self.module.params['vlan_private']: pvlan_exists = self.check_dvs_pvlan() if not pvlan_exists: self.module.fail_json( msg= "No private vlan with id %s in distributed vSwitch %s" % (self.module.params['vlan_id'], self.module.params['switch_name'])) config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.PvlanSpec( ) config.defaultPortConfig.vlan.pvlanId = int( self.module.params['vlan_id']) else: config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec( ) config.defaultPortConfig.vlan.vlanId = int( self.module.params['vlan_id']) config.defaultPortConfig.vlan.inherited = False # If the dvSwitch supports MAC learning, it's a version where securityPolicy is deprecated if self.supports_mac_learning(): config.defaultPortConfig.macManagementPolicy = vim.dvs.VmwareDistributedVirtualSwitch.MacManagementPolicy( ) config.defaultPortConfig.macManagementPolicy.allowPromiscuous = self.module.params[ 'network_policy']['promiscuous'] config.defaultPortConfig.macManagementPolicy.forgedTransmits = self.module.params[ 'network_policy']['forged_transmits'] config.defaultPortConfig.macManagementPolicy.macChanges = self.module.params[ 'network_policy']['mac_changes'] macLearning = self.module.params['mac_learning'] if macLearning: macLearningPolicy = vim.dvs.VmwareDistributedVirtualSwitch.MacLearningPolicy( ) if macLearning['allow_unicast_flooding'] is not None: macLearningPolicy.allowUnicastFlooding = macLearning[ 'allow_unicast_flooding'] if macLearning['enabled'] is not None: macLearningPolicy.enabled = macLearning['enabled'] if macLearning['limit'] is not None: macLearningPolicy.limit = macLearning['limit'] if macLearning['limit_policy']: macLearningPolicy.limitPolicy = macLearning['limit_policy'] config.defaultPortConfig.macManagementPolicy.macLearningPolicy = macLearningPolicy else: config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy( ) config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy( value=self.module.params['network_policy']['promiscuous']) config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy( value=self.module.params['network_policy']['forged_transmits']) config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy( value=self.module.params['network_policy']['mac_changes']) # Teaming Policy teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy( ) teamingPolicy.policy = vim.StringPolicy( value=self.module.params['teaming_policy']['load_balance_policy']) if self.module.params['teaming_policy']['inbound_policy'] is not None: teamingPolicy.reversePolicy = vim.BoolPolicy( value=self.module.params['teaming_policy']['inbound_policy']) teamingPolicy.notifySwitches = vim.BoolPolicy( value=self.module.params['teaming_policy']['notify_switches']) teamingPolicy.rollingOrder = vim.BoolPolicy( value=self.module.params['teaming_policy']['rolling_order']) if self.module.params['teaming_policy'][ 'active_uplinks'] or self.module.params['teaming_policy'][ 'standby_uplinks']: teamingPolicy.uplinkPortOrder = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortOrderPolicy( ) if self.module.params['teaming_policy']['active_uplinks']: teamingPolicy.uplinkPortOrder.activeUplinkPort = self.module.params[ 'teaming_policy']['active_uplinks'] if self.module.params['teaming_policy']['standby_uplinks']: teamingPolicy.uplinkPortOrder.standbyUplinkPort = self.module.params[ 'teaming_policy']['standby_uplinks'] config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy # PG policy (advanced_policy) config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy( ) config.policy.blockOverrideAllowed = self.module.params['port_policy'][ 'block_override'] config.policy.ipfixOverrideAllowed = self.module.params['port_policy'][ 'ipfix_override'] config.policy.livePortMovingAllowed = self.module.params[ 'port_policy']['live_port_move'] config.policy.networkResourcePoolOverrideAllowed = self.module.params[ 'port_policy']['network_rp_override'] config.policy.portConfigResetAtDisconnect = self.module.params[ 'port_policy']['port_config_reset_at_disconnect'] config.policy.securityPolicyOverrideAllowed = self.module.params[ 'port_policy']['security_override'] config.policy.shapingOverrideAllowed = self.module.params[ 'port_policy']['shaping_override'] config.policy.trafficFilterOverrideAllowed = self.module.params[ 'port_policy']['traffic_filter_override'] config.policy.uplinkTeamingOverrideAllowed = self.module.params[ 'port_policy']['uplink_teaming_override'] config.policy.vendorConfigOverrideAllowed = self.module.params[ 'port_policy']['vendor_config_override'] config.policy.vlanOverrideAllowed = self.module.params['port_policy'][ 'vlan_override'] # PG Type # NOTE: 'portgroup_type' is deprecated. if self.module.params['portgroup_type']: config.type = self.module.params['portgroup_type'] elif self.module.params['port_binding'] == 'ephemeral': config.type = 'ephemeral' else: config.type = 'earlyBinding' if self.module.params['port_allocation']: if self.module.params['port_allocation'] == 'elastic': config.autoExpand = True else: config.autoExpand = False return config