def create_port_group(self):
config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec()
# Basic config
config.name = self.module.params['portgroup_name']
config.numPorts = self.module.params['num_ports']
# Default port config
config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy()
if self.module.params['vlan_trunk']:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec()
vlan_id_list = []
for vlan_id_splitted in self.module.params['vlan_id'].split(','):
try:
vlan_id_start, vlan_id_end = map(int, vlan_id_splitted.split('-'))
if vlan_id_start not in range(0, 4095) or vlan_id_end not in range(0, 4095):
self.module.fail_json(msg="vlan_id range %s specified is incorrect. The valid vlan_id range is from 0 to 4094." % vlan_id_splitted)
vlan_id_list.append(vim.NumericRange(start=vlan_id_start, end=vlan_id_end))
except ValueError:
vlan_id_list.append(vim.NumericRange(start=int(vlan_id_splitted.strip()), end=int(vlan_id_splitted.strip())))
config.defaultPortConfig.vlan.vlanId = vlan_id_list
else:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec()
config.defaultPortConfig.vlan.vlanId = int(self.module.params['vlan_id'])
config.defaultPortConfig.vlan.inherited = False
config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy()
config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(value=self.module.params['network_policy']['promiscuous'])
config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(value=self.module.params['network_policy']['forged_transmits'])
config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(value=self.module.params['network_policy']['mac_changes'])
# Teaming Policy
teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy()
teamingPolicy.policy = vim.StringPolicy(value=self.module.params['teaming_policy']['load_balance_policy'])
teamingPolicy.reversePolicy = vim.BoolPolicy(value=self.module.params['teaming_policy']['inbound_policy'])
teamingPolicy.notifySwitches = vim.BoolPolicy(value=self.module.params['teaming_policy']['notify_switches'])
teamingPolicy.rollingOrder = vim.BoolPolicy(value=self.module.params['teaming_policy']['rolling_order'])
config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy
# PG policy (advanced_policy)
config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy()
config.policy.blockOverrideAllowed = self.module.params['port_policy']['block_override']
config.policy.ipfixOverrideAllowed = self.module.params['port_policy']['ipfix_override']
config.policy.livePortMovingAllowed = self.module.params['port_policy']['live_port_move']
config.policy.networkResourcePoolOverrideAllowed = self.module.params['port_policy']['network_rp_override']
config.policy.portConfigResetAtDisconnect = self.module.params['port_policy']['port_config_reset_at_disconnect']
config.policy.securityPolicyOverrideAllowed = self.module.params['port_policy']['security_override']
config.policy.shapingOverrideAllowed = self.module.params['port_policy']['shaping_override']
config.policy.trafficFilterOverrideAllowed = self.module.params['port_policy']['traffic_filter_override']
config.policy.uplinkTeamingOverrideAllowed = self.module.params['port_policy']['uplink_teaming_override']
config.policy.vendorConfigOverrideAllowed = self.module.params['port_policy']['vendor_config_override']
config.policy.vlanOverrideAllowed = self.module.params['port_policy']['vlan_override']
# PG Type
config.type = self.module.params['portgroup_type']
task = self.dv_switch.AddDVPortgroup_Task([config])
changed, result = wait_for_task(task)
return changed, result
def create_port_group(self):
config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec()
# Basic config
config.name = self.portgroup_name
config.numPorts = self.num_ports
# Default port config
config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy()
if self.vlan_trunk:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec()
vlan_id_start, vlan_id_end = self.vlan_id.split('-')
config.defaultPortConfig.vlan.vlanId = [vim.NumericRange(start=int(vlan_id_start.strip()), end=int(vlan_id_end.strip()))]
else:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec()
config.defaultPortConfig.vlan.vlanId = int(self.vlan_id)
config.defaultPortConfig.vlan.inherited = False
config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy()
config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(value=self.security_promiscuous)
config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(value=self.security_forged_transmits)
config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(value=self.security_mac_changes)
# Teaming Policy
teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy()
teamingPolicy.policy = vim.StringPolicy(value=self.module.params['teaming_policy']['load_balance_policy'])
teamingPolicy.reversePolicy = vim.BoolPolicy(value=self.module.params['teaming_policy']['inbound_policy'])
teamingPolicy.notifySwitches = vim.BoolPolicy(value=self.module.params['teaming_policy']['notify_switches'])
teamingPolicy.rollingOrder = vim.BoolPolicy(value=self.module.params['teaming_policy']['rolling_order'])
config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy
# PG policy (advanced_policy)
config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy()
config.policy.blockOverrideAllowed = self.policy_block_override
config.policy.ipfixOverrideAllowed = self.policy_ipfix_override
config.policy.livePortMovingAllowed = self.policy_live_port_move
config.policy.networkResourcePoolOverrideAllowed = self.policy_network_rp_override
config.policy.portConfigResetAtDisconnect = self.policy_port_config_reset_at_disconnect
config.policy.securityPolicyOverrideAllowed = self.policy_security_override
config.policy.shapingOverrideAllowed = self.policy_shaping_override
config.policy.trafficFilterOverrideAllowed = self.policy_traffic_filter_override
config.policy.uplinkTeamingOverrideAllowed = self.policy_uplink_teaming_override
config.policy.vendorConfigOverrideAllowed = self.policy_vendor_config_override
config.policy.vlanOverrideAllowed = self.policy_vlan_override
# PG Type
config.type = self.portgroup_type
task = self.dv_switch.AddDVPortgroup_Task([config])
changed, result = wait_for_task(task)
return changed, result
def build_config(self):
config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec()
# Basic config
config.name = self.module.params['portgroup_name']
config.numPorts = self.module.params['num_ports']
# Default port config
config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy()
if self.module.params['vlan_trunk']:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec()
config.defaultPortConfig.vlan.vlanId = list(map(lambda x: vim.NumericRange(start=x[0], end=x[1]), self.create_vlan_list()))
else:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec()
config.defaultPortConfig.vlan.vlanId = int(self.module.params['vlan_id'])
config.defaultPortConfig.vlan.inherited = False
config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy()
config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(value=self.module.params['network_policy']['promiscuous'])
config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(value=self.module.params['network_policy']['forged_transmits'])
config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(value=self.module.params['network_policy']['mac_changes'])
# Teaming Policy
teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy()
teamingPolicy.policy = vim.StringPolicy(value=self.module.params['teaming_policy']['load_balance_policy'])
teamingPolicy.reversePolicy = vim.BoolPolicy(value=self.module.params['teaming_policy']['inbound_policy'])
teamingPolicy.notifySwitches = vim.BoolPolicy(value=self.module.params['teaming_policy']['notify_switches'])
teamingPolicy.rollingOrder = vim.BoolPolicy(value=self.module.params['teaming_policy']['rolling_order'])
config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy
# PG policy (advanced_policy)
config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy()
config.policy.blockOverrideAllowed = self.module.params['port_policy']['block_override']
config.policy.ipfixOverrideAllowed = self.module.params['port_policy']['ipfix_override']
config.policy.livePortMovingAllowed = self.module.params['port_policy']['live_port_move']
config.policy.networkResourcePoolOverrideAllowed = self.module.params['port_policy']['network_rp_override']
config.policy.portConfigResetAtDisconnect = self.module.params['port_policy']['port_config_reset_at_disconnect']
config.policy.securityPolicyOverrideAllowed = self.module.params['port_policy']['security_override']
config.policy.shapingOverrideAllowed = self.module.params['port_policy']['shaping_override']
config.policy.trafficFilterOverrideAllowed = self.module.params['port_policy']['traffic_filter_override']
config.policy.uplinkTeamingOverrideAllowed = self.module.params['port_policy']['uplink_teaming_override']
config.policy.vendorConfigOverrideAllowed = self.module.params['port_policy']['vendor_config_override']
config.policy.vlanOverrideAllowed = self.module.params['port_policy']['vlan_override']
# PG Type
config.type = self.module.params['portgroup_type']
return config
def ensure(self):
"""Manage uplink portgroup"""
changed = changed_uplink_pg_policy = changed_vlan_trunk_range = changed_lacp = False
results = dict(changed=changed)
results['dvswitch'] = self.switch_name
changed_list = []
uplink_pg_spec = vim.dvs.DistributedVirtualPortgroup.ConfigSpec()
# Use the same version in the new spec; The version will be increased by one by the API automatically
uplink_pg_spec.configVersion = self.dvs.config.uplinkPortgroup[0].config.configVersion
uplink_pg_config = self.dvs.config.uplinkPortgroup[0].config
# Check name
if self.uplink_pg_name:
results['name'] = self.uplink_pg_name
if uplink_pg_config.name != self.uplink_pg_name:
changed = True
changed_list.append("name")
results['name_previous'] = uplink_pg_config.name
uplink_pg_spec.name = self.uplink_pg_name
else:
results['name'] = uplink_pg_config.name
# Check description
results['description'] = self.uplink_pg_description
if uplink_pg_config.description != self.uplink_pg_description:
changed = True
changed_list.append("description")
results['description_previous'] = uplink_pg_config.description
uplink_pg_spec.description = self.uplink_pg_description
# Check port policies
results['adv_reset_at_disconnect'] = self.uplink_pg_reset
results['adv_block_ports'] = self.uplink_pg_block_ports
results['adv_vendor_conf'] = self.uplink_pg_vendor_conf
results['adv_vlan'] = self.uplink_pg_vlan
results['adv_netflow'] = self.uplink_pg_netflow
results['adv_traffic_filtering'] = self.uplink_pg_tf
uplink_pg_policy_spec = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy()
uplink_pg_policy_spec.portConfigResetAtDisconnect = self.uplink_pg_reset
uplink_pg_policy_spec.blockOverrideAllowed = self.uplink_pg_block_ports
uplink_pg_policy_spec.vendorConfigOverrideAllowed = self.uplink_pg_vendor_conf
uplink_pg_policy_spec.vlanOverrideAllowed = self.uplink_pg_vlan
uplink_pg_policy_spec.ipfixOverrideAllowed = self.uplink_pg_netflow
uplink_pg_policy_spec.trafficFilterOverrideAllowed = self.uplink_pg_tf
# There's no information available if the following option are deprecated, but
# they aren't visible in the vSphere Client
uplink_pg_policy_spec.shapingOverrideAllowed = False
uplink_pg_policy_spec.livePortMovingAllowed = False
uplink_pg_policy_spec.uplinkTeamingOverrideAllowed = False
uplink_pg_policy_spec.securityPolicyOverrideAllowed = False
uplink_pg_policy_spec.networkResourcePoolOverrideAllowed = False
# Check policies
if uplink_pg_config.policy.portConfigResetAtDisconnect != self.uplink_pg_reset:
changed_uplink_pg_policy = True
results['adv_reset_at_disconnect_previous'] = uplink_pg_config.policy.portConfigResetAtDisconnect
if uplink_pg_config.policy.blockOverrideAllowed != self.uplink_pg_block_ports:
changed_uplink_pg_policy = True
results['adv_block_ports_previous'] = uplink_pg_config.policy.blockOverrideAllowed
if uplink_pg_config.policy.vendorConfigOverrideAllowed != self.uplink_pg_vendor_conf:
changed_uplink_pg_policy = True
results['adv_vendor_conf_previous'] = uplink_pg_config.policy.vendorConfigOverrideAllowed
if uplink_pg_config.policy.vlanOverrideAllowed != self.uplink_pg_vlan:
changed_uplink_pg_policy = True
results['adv_vlan_previous'] = uplink_pg_config.policy.vlanOverrideAllowed
if uplink_pg_config.policy.ipfixOverrideAllowed != self.uplink_pg_netflow:
changed_uplink_pg_policy = True
results['adv_netflow_previous'] = uplink_pg_config.policy.ipfixOverrideAllowed
if uplink_pg_config.policy.trafficFilterOverrideAllowed != self.uplink_pg_tf:
changed_uplink_pg_policy = True
results['adv_traffic_filtering_previous'] = uplink_pg_config.policy.trafficFilterOverrideAllowed
if changed_uplink_pg_policy:
changed = True
changed_list.append("advanced")
uplink_pg_spec.policy = uplink_pg_policy_spec
uplink_pg_spec.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy()
# Check VLAN trunk
results['vlan_trunk_range'] = self.uplink_pg_vlan_trunk_range
vlan_id_ranges = self.uplink_pg_vlan_trunk_range
trunk_vlan_spec = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec()
vlan_id_list = []
for vlan_id_range in vlan_id_ranges:
vlan_id_range_found = False
vlan_id_start, vlan_id_end = self.get_vlan_ids_from_range(vlan_id_range)
# Check if range is already configured
for current_vlan_id_range in uplink_pg_config.defaultPortConfig.vlan.vlanId:
if current_vlan_id_range.start == int(vlan_id_start) and current_vlan_id_range.end == int(vlan_id_end):
vlan_id_range_found = True
break
if vlan_id_range_found is False:
changed_vlan_trunk_range = True
vlan_id_list.append(
vim.NumericRange(start=int(vlan_id_start), end=int(vlan_id_end))
)
# Check if range needs to be removed
for current_vlan_id_range in uplink_pg_config.defaultPortConfig.vlan.vlanId:
vlan_id_range_found = False
for vlan_id_range in vlan_id_ranges:
vlan_id_start, vlan_id_end = self.get_vlan_ids_from_range(vlan_id_range)
if (current_vlan_id_range.start == int(vlan_id_start)
and current_vlan_id_range.end == int(vlan_id_end)):
vlan_id_range_found = True
break
if vlan_id_range_found is False:
changed_vlan_trunk_range = True
trunk_vlan_spec.vlanId = vlan_id_list
if changed_vlan_trunk_range:
changed = True
changed_list.append("vlan trunk range")
current_vlan_id_list = []
for current_vlan_id_range in uplink_pg_config.defaultPortConfig.vlan.vlanId:
if current_vlan_id_range.start == current_vlan_id_range.end:
current_vlan_id_range_string = current_vlan_id_range.start
else:
current_vlan_id_range_string = '-'.join(
[str(current_vlan_id_range.start), str(current_vlan_id_range.end)]
)
current_vlan_id_list.append(current_vlan_id_range_string)
results['vlan_trunk_range_previous'] = current_vlan_id_list
uplink_pg_spec.defaultPortConfig.vlan = trunk_vlan_spec
# Check LACP
lacp_support_mode = self.get_lacp_support_mode(self.support_mode)
if lacp_support_mode == 'basic':
results['lacp_status'] = self.lacp_status
lacp_spec = vim.dvs.VmwareDistributedVirtualSwitch.UplinkLacpPolicy()
lacp_enabled = False
if self.lacp_status == 'enabled':
lacp_enabled = True
if uplink_pg_config.defaultPortConfig.lacpPolicy.enable.value != lacp_enabled:
changed_lacp = True
changed_list.append("lacp status")
if uplink_pg_config.defaultPortConfig.lacpPolicy.enable.value:
results['lacp_status_previous'] = 'enabled'
else:
results['lacp_status_previous'] = 'disabled'
lacp_spec.enable = vim.BoolPolicy()
lacp_spec.enable.inherited = False
lacp_spec.enable.value = lacp_enabled
if lacp_enabled and uplink_pg_config.defaultPortConfig.lacpPolicy.mode.value != self.lacp_mode:
results['lacp_mode'] = self.lacp_mode
changed_lacp = True
changed_list.append("lacp mode")
results['lacp_mode_previous'] = uplink_pg_config.defaultPortConfig.lacpPolicy.mode.value
lacp_spec.mode = vim.StringPolicy()
lacp_spec.mode.inherited = False
lacp_spec.mode.value = self.lacp_mode
if changed_lacp:
changed = True
uplink_pg_spec.defaultPortConfig.lacpPolicy = lacp_spec
# Check NetFlow
results['netflow_enabled'] = self.uplink_pg_netflow_enabled
netflow_enabled_spec = vim.BoolPolicy()
netflow_enabled_spec.inherited = False
netflow_enabled_spec.value = self.uplink_pg_netflow_enabled
if uplink_pg_config.defaultPortConfig.ipfixEnabled.value != self.uplink_pg_netflow_enabled:
changed = True
results['netflow_enabled_previous'] = uplink_pg_config.defaultPortConfig.ipfixEnabled.value
changed_list.append("netflow")
uplink_pg_spec.defaultPortConfig.ipfixEnabled = netflow_enabled_spec
# TODO: Check Traffic filtering and marking
# Check Block all ports
results['block_all_ports'] = self.uplink_pg_block_all_ports
block_all_ports_spec = vim.BoolPolicy()
block_all_ports_spec.inherited = False
block_all_ports_spec.value = self.uplink_pg_block_all_ports
if uplink_pg_config.defaultPortConfig.blocked.value != self.uplink_pg_block_all_ports:
changed = True
changed_list.append("block all ports")
results['block_all_ports_previous'] = uplink_pg_config.defaultPortConfig.blocked.value
uplink_pg_spec.defaultPortConfig.blocked = block_all_ports_spec
if changed:
if self.module.check_mode:
changed_suffix = ' would be changed'
else:
changed_suffix = ' changed'
if len(changed_list) > 2:
message = ', '.join(changed_list[:-1]) + ', and ' + str(changed_list[-1])
elif len(changed_list) == 2:
message = ' and '.join(changed_list)
elif len(changed_list) == 1:
message = changed_list[0]
message += changed_suffix
if not self.module.check_mode:
try:
task = self.dvs.config.uplinkPortgroup[0].ReconfigureDVPortgroup_Task(uplink_pg_spec)
wait_for_task(task)
except TaskError as invalid_argument:
self.module.fail_json(msg="Failed to update uplink portgroup : %s" % to_native(invalid_argument))
else:
message = "Uplink portgroup already configured properly"
results['changed'] = changed
results['result'] = message
self.module.exit_json(**results)
def create_dvs(self,
host_vmnics,
dvs_name,
num_uplinks=4,
mtu: int = None):
"""
Create a distributed virtual switch within the datacenter
Args:
host_vmnics (dict): A dictionary storing {host_obj: vmnics}
where host_obj is vim.HostSystem type and
vmnics is a list of str for the names of
physical adapters.
dvs_name (str): The name of the DVS to be created
num_uplinks (int): Number of active uplinks
mtu: MTU for DVS
Returns:
Task
References:
pyvmomi/docs/vim/host/NetworkSystem.rst
pyvmomi/docs/vim/host/PortGroup.rst
"""
for network_obj in GetDatacenter(
self.datacenter_obj).network_resources():
if network_obj.name == dvs_name:
self.logger.info("DVS {0} already exists".format(dvs_name))
return
host_cfgs = []
for host_obj, vmnics in host_vmnics.items():
uplinks = []
if host_obj.runtime.connectionState != "connected":
self.logger.error("Host {0} is not connected. Skipped".format(
host_obj.name))
continue
host_cfg = vim.dvs.HostMember.ConfigSpec()
host_cfg.operation = vim.ConfigSpecOperation.add
host_cfg.host = host_obj
host_cfg.backing = vim.dvs.HostMember.PnicBacking()
for pnic in GetHost(host_obj).pnics():
for vmnic in vmnics:
if pnic.device == vmnic:
pnic_spec = vim.dvs.HostMember.PnicSpec()
pnic_spec.pnicDevice = pnic.device
uplinks.append(pnic_spec)
host_cfg.backing.pnicSpec = uplinks
host_cfgs.append(host_cfg)
uplink_port_policy = vim.DistributedVirtualSwitch.NameArrayUplinkPortPolicy(
)
uplnk_port_order = []
for i in range(num_uplinks):
name = "uplink%d" % (i + 1)
uplink_port_policy.uplinkPortName.append(name)
uplnk_port_order.append(name)
string_policy = vim.StringPolicy()
string_policy.value = "failover_explicit"
uplink_port_order_policy = (
vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortOrderPolicy())
# activeUplinkPort: list of active uplink ports used for load balancing
uplink_port_order_policy.activeUplinkPort = uplnk_port_order
team = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy()
team.policy = string_policy
team.uplinkPortOrder = uplink_port_order_policy
port_config_policy = (
vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy())
port_config_policy.uplinkTeamingPolicy = team
dvs_config_spec = vim.dvs.VmwareDistributedVirtualSwitch.ConfigSpec()
dvs_config_spec.name = dvs_name
dvs_config_spec.host = host_cfgs
dvs_config_spec.defaultPortConfig = port_config_policy
dvs_config_spec.lacpApiVersion = (
vim.dvs.VmwareDistributedVirtualSwitch.LacpApiVersion.multipleLag)
dvs_config_spec.numStandalonePorts = num_uplinks
if mtu:
dvs_config_spec.maxMtu = mtu
dvs_create_spec = vim.DistributedVirtualSwitch.CreateSpec(
configSpec=dvs_config_spec)
task = self.datacenter_obj.networkFolder.CreateDVS_Task(
dvs_create_spec)
return task
def _set_loadbalancing_config(self, key):
self.nic_teaming.policy = vim.StringPolicy(
value=self.load_balance.get(key))
def build_config(self):
config = vim.dvs.DistributedVirtualPortgroup.ConfigSpec()
# Basic config
config.name = self.module.params['portgroup_name']
if self.module.params[
'port_allocation'] != 'elastic' and self.module.params[
'port_binding'] != 'ephemeral':
config.numPorts = self.module.params['num_ports']
# Default port config
config.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy(
)
if self.module.params['vlan_trunk']:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.TrunkVlanSpec(
)
config.defaultPortConfig.vlan.vlanId = list(
map(lambda x: vim.NumericRange(start=x[0], end=x[1]),
self.create_vlan_list()))
elif self.module.params['vlan_private']:
# Check that private VLAN exists in dvs
if self.module.params['vlan_private']:
pvlan_exists = self.check_dvs_pvlan()
if not pvlan_exists:
self.module.fail_json(
msg=
"No private vlan with id %s in distributed vSwitch %s"
% (self.module.params['vlan_id'],
self.module.params['switch_name']))
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.PvlanSpec(
)
config.defaultPortConfig.vlan.pvlanId = int(
self.module.params['vlan_id'])
else:
config.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec(
)
config.defaultPortConfig.vlan.vlanId = int(
self.module.params['vlan_id'])
config.defaultPortConfig.vlan.inherited = False
# If the dvSwitch supports MAC learning, it's a version where securityPolicy is deprecated
if self.supports_mac_learning():
config.defaultPortConfig.macManagementPolicy = vim.dvs.VmwareDistributedVirtualSwitch.MacManagementPolicy(
)
config.defaultPortConfig.macManagementPolicy.allowPromiscuous = self.module.params[
'network_policy']['promiscuous']
config.defaultPortConfig.macManagementPolicy.forgedTransmits = self.module.params[
'network_policy']['forged_transmits']
config.defaultPortConfig.macManagementPolicy.macChanges = self.module.params[
'network_policy']['mac_changes']
macLearning = self.module.params['mac_learning']
if macLearning:
macLearningPolicy = vim.dvs.VmwareDistributedVirtualSwitch.MacLearningPolicy(
)
if macLearning['allow_unicast_flooding'] is not None:
macLearningPolicy.allowUnicastFlooding = macLearning[
'allow_unicast_flooding']
if macLearning['enabled'] is not None:
macLearningPolicy.enabled = macLearning['enabled']
if macLearning['limit'] is not None:
macLearningPolicy.limit = macLearning['limit']
if macLearning['limit_policy']:
macLearningPolicy.limitPolicy = macLearning['limit_policy']
config.defaultPortConfig.macManagementPolicy.macLearningPolicy = macLearningPolicy
else:
config.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy(
)
config.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(
value=self.module.params['network_policy']['promiscuous'])
config.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(
value=self.module.params['network_policy']['forged_transmits'])
config.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(
value=self.module.params['network_policy']['mac_changes'])
# Teaming Policy
teamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
teamingPolicy.policy = vim.StringPolicy(
value=self.module.params['teaming_policy']['load_balance_policy'])
if self.module.params['teaming_policy']['inbound_policy'] is not None:
teamingPolicy.reversePolicy = vim.BoolPolicy(
value=self.module.params['teaming_policy']['inbound_policy'])
teamingPolicy.notifySwitches = vim.BoolPolicy(
value=self.module.params['teaming_policy']['notify_switches'])
teamingPolicy.rollingOrder = vim.BoolPolicy(
value=self.module.params['teaming_policy']['rolling_order'])
if self.module.params['teaming_policy'][
'active_uplinks'] or self.module.params['teaming_policy'][
'standby_uplinks']:
teamingPolicy.uplinkPortOrder = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortOrderPolicy(
)
if self.module.params['teaming_policy']['active_uplinks']:
teamingPolicy.uplinkPortOrder.activeUplinkPort = self.module.params[
'teaming_policy']['active_uplinks']
if self.module.params['teaming_policy']['standby_uplinks']:
teamingPolicy.uplinkPortOrder.standbyUplinkPort = self.module.params[
'teaming_policy']['standby_uplinks']
config.defaultPortConfig.uplinkTeamingPolicy = teamingPolicy
# PG policy (advanced_policy)
config.policy = vim.dvs.VmwareDistributedVirtualSwitch.VMwarePortgroupPolicy(
)
config.policy.blockOverrideAllowed = self.module.params['port_policy'][
'block_override']
config.policy.ipfixOverrideAllowed = self.module.params['port_policy'][
'ipfix_override']
config.policy.livePortMovingAllowed = self.module.params[
'port_policy']['live_port_move']
config.policy.networkResourcePoolOverrideAllowed = self.module.params[
'port_policy']['network_rp_override']
config.policy.portConfigResetAtDisconnect = self.module.params[
'port_policy']['port_config_reset_at_disconnect']
config.policy.securityPolicyOverrideAllowed = self.module.params[
'port_policy']['security_override']
config.policy.shapingOverrideAllowed = self.module.params[
'port_policy']['shaping_override']
config.policy.trafficFilterOverrideAllowed = self.module.params[
'port_policy']['traffic_filter_override']
config.policy.uplinkTeamingOverrideAllowed = self.module.params[
'port_policy']['uplink_teaming_override']
config.policy.vendorConfigOverrideAllowed = self.module.params[
'port_policy']['vendor_config_override']
config.policy.vlanOverrideAllowed = self.module.params['port_policy'][
'vlan_override']
# PG Type
# NOTE: 'portgroup_type' is deprecated.
if self.module.params['portgroup_type']:
config.type = self.module.params['portgroup_type']
elif self.module.params['port_binding'] == 'ephemeral':
config.type = 'ephemeral'
else:
config.type = 'earlyBinding'
if self.module.params['port_allocation']:
if self.module.params['port_allocation'] == 'elastic':
config.autoExpand = True
else:
config.autoExpand = False
return config
def add_dvPort_group(si, dv_switch, portgroupname, vlanid):
dv_pg_spec = vim.dvs.DistributedVirtualPortgroup.ConfigSpec()
dv_pg_spec.name = portgroupname
dv_pg_spec.numPorts = 32
dv_pg_spec.type = vim.dvs.DistributedVirtualPortgroup.PortgroupType.earlyBinding
dv_pg_spec.defaultPortConfig = vim.dvs.VmwareDistributedVirtualSwitch.VmwarePortConfigPolicy(
)
dv_pg_spec.defaultPortConfig.securityPolicy = vim.dvs.VmwareDistributedVirtualSwitch.SecurityPolicy(
)
dv_pg_spec.defaultPortConfig.vlan = vim.dvs.VmwareDistributedVirtualSwitch.VlanIdSpec(
)
dv_pg_spec.defaultPortConfig.vlan.vlanId = vlanid
dv_pg_spec.defaultPortConfig.securityPolicy.allowPromiscuous = vim.BoolPolicy(
value=False)
dv_pg_spec.defaultPortConfig.securityPolicy.forgedTransmits = vim.BoolPolicy(
value=False)
dv_pg_spec.defaultPortConfig.vlan.inherited = False
dv_pg_spec.defaultPortConfig.securityPolicy.macChanges = vim.BoolPolicy(
value=False)
dv_pg_spec.defaultPortConfig.securityPolicy.inherited = False
if portgroupname == "iSCSI-A":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="failover_explicit")
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortOrderPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.activeUplinkPort = "NetApp_HCI_Storage_vmnic5"
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.standbyUplinkPort = []
if portgroupname == "iSCSI-B":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="failover_explicit")
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortOrderPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.activeUplinkPort = "NetApp_HCI_Storage_vmnic1"
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.standbyUplinkPort = []
if portgroupname == "vMotion":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="loadbalance_loadbased")
if portgroupname == "HCI_Internal_vCenter_Network":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="loadbalance_loadbased")
if portgroupname == "HCI_Internal_OTS_Network":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="loadbalance_loadbased")
if portgroupname == "HCI_Internal_mNode_Network":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="loadbalance_loadbased")
if portgroupname == "Management Network":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="loadbalance_loadbased")
dv_pg_spec.numPorts = 512
if portgroupname == "VM_Network":
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy = vim.dvs.VmwareDistributedVirtualSwitch.UplinkPortTeamingPolicy(
)
dv_pg_spec.defaultPortConfig.uplinkTeamingPolicy.policy = vim.StringPolicy(
value="loadbalance_loadbased")
dv_pg_spec.numPorts = 512
task = dv_switch.AddDVPortgroup_Task([dv_pg_spec])
time.sleep(5)
print("Successfully created DV Port Group", portgroupname)
