Contents
この投稿はAnsible 2 Advent Calendar 2019(通称裏アドベントカレンダー?)の12日めの記事です。
1週間全部俺の5回目です!
NSX-TのAnsibleモジュールがVMwareのプロジェクトで開発されています。
しかし、現状はTerraformの方がやれることが多そうです。
ただ、API経由であればモジュールが無くても対応できるので、今回はNSX-Tのモジュールを使うのではなくAnsibleからREST APIをキックしてNSX-Tの操作する例をやってみます。
環境
項目 | バージョン |
---|---|
vCenter | 6.7.0 |
ESXi | 6.7.0 |
NSX-T | 2.5.0 |
Anxible | 2.9.2 |
NSX-T 2.5 API Document
NSX-TのAPIについて
NSX-TのREST APIはBasic認証でアクセスして操作することができます。
やりとりするデータ構造はJSONで対応可能です。
そのためAnsibleのuriモジュールで操作することが可能です。
Logical Routerを作ってみる
ここでは例としてTier0の論理ルーターを作ってみます。
Playbook
Playbookは以下のように作成してみました。(APIの仕様はコメントアウトのリンクを参照ください)
変数 | 説明 |
---|---|
manage_url | NSX ManagerのURL |
basic_auth_info | Basic認証用のアカウント情報 |
edge_cluster_name | Tier0の論理ルーターを所属させるEdge Cluster名 |
tier0_params | Tier0のパラメーター関連 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
--- - name: Example NSX-T Playbook hosts: localhost gather_facts: no vars: manage_url: "https://192.168.0.163" basic_auth_info: &basic_auth_info user: admin password: "change me" force_basic_auth: yes edge_cluster_name: EdgeCluster01 tier0_params: resource_type: LogicalRouter display_name: tier0-test router_type: TIER0 high_availability_mode: ACTIVE_STANDBY tasks: - when: - state == 'present' block: # https://vdc-download.vmware.com/vmwb-repository/dcr-public/6c24b5c0-396a-4152-9125-bd10a795836b/74043a09-7320-40ac-ac85-9416d0f9cd01/nsx_25_api.html#Methods.ListEdgeClusters - name: Get Edge Cluster info uri: url: "{{ manage_url }}/api/v1/edge-clusters" <<: *basic_auth_info validate_certs: no method: GET status_code: 200 register: get_edge_cluster_info_result - name: set edge_cluster_id variable set_fact: edge_cluster_id: "{{ item.id }}" loop: "{{ get_edge_cluster_info_result.json.results }}" when: - item.display_name == edge_cluster_name # https://vdc-download.vmware.com/vmwb-repository/dcr-public/6c24b5c0-396a-4152-9125-bd10a795836b/74043a09-7320-40ac-ac85-9416d0f9cd01/nsx_25_api.html#Methods.ListLogicalRouters - name: Get Logical Router info uri: url: "{{ manage_url }}/api/v1/logical-routers" <<: *basic_auth_info validate_certs: no method: GET status_code: 200 register: get_logical_router_info - name: set logical_router_id variable set_fact: logical_router_id: "{{ item.id }}" loop: "{{ get_logical_router_info.json.results }}" when: - item.display_name == tier0_params.display_name # https://vdc-download.vmware.com/vmwb-repository/dcr-public/6c24b5c0-396a-4152-9125-bd10a795836b/74043a09-7320-40ac-ac85-9416d0f9cd01/nsx_25_api.html#Methods.CreateLogicalRouter - name: Create Tier-0 router uri: url: "{{ manage_url }}/api/v1/logical-routers" <<: *basic_auth_info validate_certs: no method: POST body_format: json body: "{{ tier0_params | combine({'edge_cluster_id': edge_cluster_id}) | to_json }}" status_code: 201 when: - logical_router_id is not defined register: create_logical_router_result - debug: var=create_logical_router_result - when: - state == 'absent' block: - name: Get Logical Router info uri: url: "{{ manage_url }}/api/v1/logical-routers" <<: *basic_auth_info validate_certs: no method: GET status_code: 200 register: get_logical_router_info - name: set logical_router_id variable set_fact: logical_router_id: "{{ item.id }}" loop: "{{ get_logical_router_info.json.results }}" when: - item.display_name == tier0_params.display_name # https://vdc-download.vmware.com/vmwb-repository/dcr-public/6c24b5c0-396a-4152-9125-bd10a795836b/74043a09-7320-40ac-ac85-9416d0f9cd01/nsx_25_api.html#Methods.DeleteLogicalRouter - name: Delete Tier-0 router uri: url: "{{ manage_url }}/api/v1/logical-routers/{{ logical_router_id }}" <<: *basic_auth_info validate_certs: no method: DELETE status_code: 200 when: - logical_router_id is defined register: delete_logical_router_result - debug: var=delete_logical_router_result |
Logical Router作成
Logical Routerを作成してみます。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
(venv) [root@localhost nsxt]# ansible-playbook main.yml -e '{"state": "present"}' [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' PLAY [Example NSX-T Playbook] *************************************************************************************************************************************** TASK [Get Edge Cluster info] **************************************************************************************************************************************** ok: [localhost] TASK [set edge_cluster_id variable] ********************************************************************************************************************************* ok: [localhost] => (item={'deployment_type': 'VIRTUAL_MACHINE', 'members': [{'member_index': 0, 'transport_node_id': '1cedd32c-de3e-4f6e-821b-dcd49ed70fcc'}], 'cluster_profile_bindings': [{'resource_type': 'EdgeHighAvailabilityProfile', 'profile_id': '91bcaa06-47a1-11e4-8316-17ffc770799b'}], 'member_node_type': 'EDGE_NODE', 'allocation_rules': [], 'resource_type': 'EdgeCluster', 'id': '2c85d380-fbbc-48a3-a092-6987c7855eec', 'display_name': 'EdgeCluster01', 'description': '', 'tags': [], '_create_user': 'admin', '_create_time': 1569214431882, '_last_modified_user': 'admin', '_last_modified_time': 1569214431882, '_system_owned': False, '_protection': 'NOT_PROTECTED', '_revision': 0}) TASK [Get Logical Router info] ************************************************************************************************************************************** ok: [localhost] TASK [set logical_router_id variable] ******************************************************************************************************************************* skipping: [localhost] => (item={'router_type': 'TIER0', 'edge_cluster_id': '2c85d380-fbbc-48a3-a092-6987c7855eec', 'high_availability_mode': 'ACTIVE_STANDBY', 'failover_mode': 'NON_PREEMPTIVE', 'advanced_config': {'external_transit_networks': ['100.64.0.0/16', 'fcb0:b215:766a::/48'], 'internal_transit_network': '169.254.0.0/28'}, 'allocation_profile': {'enable_standby_relocation': False}, 'firewall_sections': [{'target_id': '9644708c-3367-4abe-952f-4c646179afd1', 'target_type': 'FirewallSection', 'is_valid': True}, {'target_id': 'e37835d7-4f69-4978-ac39-24dd79956005', 'target_type': 'FirewallSection', 'is_valid': True}], 'ipv6_profiles': {'ndra_profile_id': '952d3469-b7d5-443d-820f-38a5c360831a', 'dad_profile_id': '874e214f-6ca9-4620-881c-537577c1cb1f'}, 'resource_type': 'LogicalRouter', 'id': 'e8efe4f1-d36c-4c7d-b0a1-4df4eac76616', 'display_name': 'T0-0', 'tags': [{'scope': 'policyPath', 'tag': '/infra/tier-0s/T0-0'}], '_create_user': 'nsx_policy', '_create_time': 1569221549352, '_last_modified_user': 'nsx_policy', '_last_modified_time': 1569222201354, '_system_owned': False, '_protection': 'REQUIRE_OVERRIDE', '_revision': 3}) skipping: [localhost] => (item={'router_type': 'TIER1', 'edge_cluster_id': '2c85d380-fbbc-48a3-a092-6987c7855eec', 'edge_cluster_member_indices': [0], 'high_availability_mode': 'ACTIVE_STANDBY', 'failover_mode': 'NON_PREEMPTIVE', 'advanced_config': {'external_transit_networks': [], 'internal_transit_network': '169.254.0.0/28'}, 'allocation_profile': {'enable_standby_relocation': False}, 'firewall_sections': [{'target_id': 'e501dbea-09e5-4186-ac0d-c522d4a1286e', 'target_type': 'FirewallSection', 'is_valid': True}, {'target_id': '04314fa7-431f-45da-a6d2-3e1c51940462', 'target_type': 'FirewallSection', 'is_valid': True}], 'ipv6_profiles': {'ndra_profile_id': '952d3469-b7d5-443d-820f-38a5c360831a', 'dad_profile_id': '874e214f-6ca9-4620-881c-537577c1cb1f'}, 'resource_type': 'LogicalRouter', 'id': 'ea6c5722-6f69-44ad-92b8-6d11de83562c', 'display_name': 'T1-0', 'tags': [{'scope': 'policyPath', 'tag': '/infra/tier-1s/T1-0'}], '_create_user': 'nsx_policy', '_create_time': 1569221612948, '_last_modified_user': 'nsx_policy', '_last_modified_time': 1569221920543, '_system_owned': False, '_protection': 'REQUIRE_OVERRIDE', '_revision': 3}) TASK [Create Tier-0 router] ***************************************************************************************************************************************** ok: [localhost] TASK [debug] ******************************************************************************************************************************************************** ok: [localhost] => { "create_logical_router_result": { "cache_control": "no-cache, no-store, max-age=0, must-revalidate", "changed": false, "connection": "close", "content_type": "application/json;charset=UTF-8", "cookies": { "JSESSIONID": "CCED136B640C01D811F1641A7794E186" }, "cookies_string": "JSESSIONID=CCED136B640C01D811F1641A7794E186", "date": "Tue, 10 Dec 2019 07:19:17 GMT", "elapsed": 0, "expires": "0", "failed": false, "json": { "_create_time": 1575962357234, "_create_user": "admin", "_last_modified_time": 1575962357261, "_last_modified_user": "admin", "_protection": "NOT_PROTECTED", "_revision": 1, "_system_owned": false, "advanced_config": { "external_transit_networks": [ "100.64.0.0/16", "fcb6:d71d:cf38::/48" ], "internal_transit_network": "169.254.0.0/28" }, "allocation_profile": { "enable_standby_relocation": false }, "display_name": "tier0-test", "edge_cluster_id": "2c85d380-fbbc-48a3-a092-6987c7855eec", "failover_mode": "NON_PREEMPTIVE", "firewall_sections": [ { "is_valid": true, "target_id": "373588b7-cc65-4ce3-bd63-446de34cce54", "target_type": "FirewallSection" } ], "high_availability_mode": "ACTIVE_STANDBY", "id": "65c18d7e-466c-4476-bc68-10cd8e667b51", "ipv6_profiles": { "dad_profile_id": "7fc1e3b0-7cd4-7339-76c8-f76baddbaafb", "ndra_profile_id": "8fc1e3b0-8cd4-8338-86c8-f86baddbaafb" }, "resource_type": "LogicalRouter", "router_type": "TIER0" }, "msg": "OK (unknown bytes)", "pragma": "no-cache", "redirected": false, "server": "NSX", "set_cookie": "JSESSIONID=CCED136B640C01D811F1641A7794E186; Path=/; Secure; HttpOnly", "status": 201, "strict_transport_security": "max-age=31536000 ; includeSubDomains", "transfer_encoding": "chunked", "url": "https://192.168.0.163/api/v1/logical-routers", "vary": "Accept-Encoding", "x_content_type_options": "nosniff, nosniff", "x_frame_options": "SAMEORIGIN", "x_nsx_requestid": "85e59fce-3277-4c88-90ba-bc18da333f8c", "x_xss_protection": "1; mode=block" } } TASK [Get Logical Router info] ************************************************************************************************************************************** skipping: [localhost] TASK [set logical_router_id variable] ******************************************************************************************************************************* skipping: [localhost] TASK [Delete Tier-0 router] ***************************************************************************************************************************************** skipping: [localhost] TASK [debug] ******************************************************************************************************************************************************** skipping: [localhost] PLAY RECAP ********************************************************************************************************************************************************** localhost : ok=5 changed=0 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0 |
Logical Routerが作成されているか確認します。
Logical Router削除
次にLogical Routerを削除してみます。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
(venv) [root@localhost nsxt]# ansible-playbook main.yml -e '{"state": "absent"}' [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' PLAY [Example NSX-T Playbook] *************************************************************************************************************************************** TASK [Get Edge Cluster info] **************************************************************************************************************************************** skipping: [localhost] TASK [set edge_cluster_id variable] ********************************************************************************************************************************* skipping: [localhost] TASK [Get Logical Router info] ************************************************************************************************************************************** skipping: [localhost] TASK [set logical_router_id variable] ******************************************************************************************************************************* skipping: [localhost] TASK [Create Tier-0 router] ***************************************************************************************************************************************** skipping: [localhost] TASK [debug] ******************************************************************************************************************************************************** skipping: [localhost] TASK [Get Logical Router info] ************************************************************************************************************************************** ok: [localhost] TASK [set logical_router_id variable] ******************************************************************************************************************************* skipping: [localhost] => (item={'router_type': 'TIER0', 'edge_cluster_id': '2c85d380-fbbc-48a3-a092-6987c7855eec', 'high_availability_mode': 'ACTIVE_STANDBY', 'failover_mode': 'NON_PREEMPTIVE', 'advanced_config': {'external_transit_networks': ['100.64.0.0/16', 'fcb0:b215:766a::/48'], 'internal_transit_network': '169.254.0.0/28'}, 'allocation_profile': {'enable_standby_relocation': False}, 'firewall_sections': [{'target_id': '9644708c-3367-4abe-952f-4c646179afd1', 'target_type': 'FirewallSection', 'is_valid': True}, {'target_id': 'e37835d7-4f69-4978-ac39-24dd79956005', 'target_type': 'FirewallSection', 'is_valid': True}], 'ipv6_profiles': {'ndra_profile_id': '952d3469-b7d5-443d-820f-38a5c360831a', 'dad_profile_id': '874e214f-6ca9-4620-881c-537577c1cb1f'}, 'resource_type': 'LogicalRouter', 'id': 'e8efe4f1-d36c-4c7d-b0a1-4df4eac76616', 'display_name': 'T0-0', 'tags': [{'scope': 'policyPath', 'tag': '/infra/tier-0s/T0-0'}], '_create_user': 'nsx_policy', '_create_time': 1569221549352, '_last_modified_user': 'nsx_policy', '_last_modified_time': 1569222201354, '_system_owned': False, '_protection': 'REQUIRE_OVERRIDE', '_revision': 3}) skipping: [localhost] => (item={'router_type': 'TIER1', 'edge_cluster_id': '2c85d380-fbbc-48a3-a092-6987c7855eec', 'edge_cluster_member_indices': [0], 'high_availability_mode': 'ACTIVE_STANDBY', 'failover_mode': 'NON_PREEMPTIVE', 'advanced_config': {'external_transit_networks': [], 'internal_transit_network': '169.254.0.0/28'}, 'allocation_profile': {'enable_standby_relocation': False}, 'firewall_sections': [{'target_id': 'e501dbea-09e5-4186-ac0d-c522d4a1286e', 'target_type': 'FirewallSection', 'is_valid': True}, {'target_id': '04314fa7-431f-45da-a6d2-3e1c51940462', 'target_type': 'FirewallSection', 'is_valid': True}], 'ipv6_profiles': {'ndra_profile_id': '952d3469-b7d5-443d-820f-38a5c360831a', 'dad_profile_id': '874e214f-6ca9-4620-881c-537577c1cb1f'}, 'resource_type': 'LogicalRouter', 'id': 'ea6c5722-6f69-44ad-92b8-6d11de83562c', 'display_name': 'T1-0', 'tags': [{'scope': 'policyPath', 'tag': '/infra/tier-1s/T1-0'}], '_create_user': 'nsx_policy', '_create_time': 1569221612948, '_last_modified_user': 'nsx_policy', '_last_modified_time': 1569221920543, '_system_owned': False, '_protection': 'REQUIRE_OVERRIDE', '_revision': 3}) ok: [localhost] => (item={'router_type': 'TIER0', 'edge_cluster_id': '2c85d380-fbbc-48a3-a092-6987c7855eec', 'high_availability_mode': 'ACTIVE_STANDBY', 'failover_mode': 'NON_PREEMPTIVE', 'advanced_config': {'external_transit_networks': ['100.64.0.0/16', 'fcb6:d71d:cf38::/48'], 'internal_transit_network': '169.254.0.0/28'}, 'allocation_profile': {'enable_standby_relocation': False}, 'firewall_sections': [{'target_id': '373588b7-cc65-4ce3-bd63-446de34cce54', 'target_type': 'FirewallSection', 'is_valid': True}], 'ipv6_profiles': {'ndra_profile_id': '8fc1e3b0-8cd4-8338-86c8-f86baddbaafb', 'dad_profile_id': '7fc1e3b0-7cd4-7339-76c8-f76baddbaafb'}, 'resource_type': 'LogicalRouter', 'id': '65c18d7e-466c-4476-bc68-10cd8e667b51', 'display_name': 'tier0-test', '_create_user': 'admin', '_create_time': 1575962357234, '_last_modified_user': 'admin', '_last_modified_time': 1575962357261, '_system_owned': False, '_protection': 'NOT_PROTECTED', '_revision': 1}) TASK [Delete Tier-0 router] ***************************************************************************************************************************************** ok: [localhost] TASK [debug] ******************************************************************************************************************************************************** ok: [localhost] => { "delete_logical_router_result": { "cache_control": "no-cache, no-store, max-age=0, must-revalidate", "changed": false, "connection": "close", "content_length": "0", "cookies": { "JSESSIONID": "0D6FCE3F287B7D37FB32DE6CB91935E0" }, "cookies_string": "JSESSIONID=0D6FCE3F287B7D37FB32DE6CB91935E0", "date": "Tue, 10 Dec 2019 07:23:57 GMT", "elapsed": 0, "expires": "0", "failed": false, "msg": "OK (0 bytes)", "pragma": "no-cache", "redirected": false, "server": "NSX", "set_cookie": "JSESSIONID=0D6FCE3F287B7D37FB32DE6CB91935E0; Path=/; Secure; HttpOnly", "status": 200, "strict_transport_security": "max-age=31536000 ; includeSubDomains", "url": "https://192.168.0.163/api/v1/logical-routers/65c18d7e-466c-4476-bc68-10cd8e667b51", "x_content_type_options": "nosniff, nosniff", "x_frame_options": "SAMEORIGIN", "x_nsx_requestid": "a9e5c4a2-5541-4add-b1f9-4080b3b31fee", "x_xss_protection": "1; mode=block" } } PLAY RECAP ********************************************************************************************************************************************************** localhost : ok=4 changed=0 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 |
NSX ManagerのWebUIからLogical Routerが削除されていることを確認します 🙂
Tier-0 ゲートウェイを作ってみる
Playbook
Playbookは以下のように作成してみました。(APIの仕様はコメントアウトのリンクを参照ください)
Tier-0ゲートウェイでEdge Clusterを紐付けるところまでは準備できなかったので一先ず作るだけをやってみます。
変数 | 説明 |
---|---|
manage_url | NSX ManagerのURL |
basic_auth_info | Basic認証用のアカウント情報 |
tier0_params | Tier0のパラメーター関連 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
--- - name: Example NSX-T Playbook hosts: localhost gather_facts: no vars: manage_url: "https://192.168.0.163" basic_auth_info: &basic_auth_info user: admin password: "change me" force_basic_auth: yes tier0_params: display_name: tier0-test failover_mode: NON_PREEMPTIVE ha_mode: ACTIVE_STANDBY _revision: 0 tasks: - when: - state == "present" block: # https://vdc-download.vmware.com/vmwb-repository/dcr-public/6c24b5c0-396a-4152-9125-bd10a795836b/74043a09-7320-40ac-ac85-9416d0f9cd01/nsx_25_api.html#Methods.ListTier0s - name: Get Tier-0 info uri: url: "{{ manage_url }}/policy/api/v1/infra/tier-0s" <<: *basic_auth_info validate_certs: no method: GET status_code: 200 register: get_tier0_info_result - name: set tier0_gateway_id variable set_fact: tier0_gateway_id: "{{ item.id }}" loop: "{{ get_tier0_info_result.json.results }}" when: - item.display_name == tier0_params.display_name # https://vdc-download.vmware.com/vmwb-repository/dcr-public/6c24b5c0-396a-4152-9125-bd10a795836b/74043a09-7320-40ac-ac85-9416d0f9cd01/nsx_25_api.html#Methods.PatchTier0 - name: Create Tier-0 gateway uri: url: "{{ manage_url }}/policy/api/v1/infra/tier-0s/{{ tier0_params.display_name }}" <<: *basic_auth_info validate_certs: no method: PATCH body_format: json body: "{{ tier0_params | to_json }}" status_code: 200 when: - tier0_gateway_id is not defined register: create_tier0_gateway_result - debug: var=create_tier0_gateway_result - when: - state == "absent" block: - name: Get Tier-0 info uri: url: "{{ manage_url }}/policy/api/v1/infra/tier-0s" <<: *basic_auth_info validate_certs: no method: GET status_code: 200 register: get_tier0_info_result - name: set tier0_gateway_id variable set_fact: tier0_gateway_id: "{{ item.id }}" loop: "{{ get_tier0_info_result.json.results }}" when: - item.display_name == tier0_params.display_name # https://vdc-download.vmware.com/vmwb-repository/dcr-public/6c24b5c0-396a-4152-9125-bd10a795836b/74043a09-7320-40ac-ac85-9416d0f9cd01/nsx_25_api.html#Methods.DeleteTier0 - name: Delete Tier-0 gateway uri: url: "{{ manage_url }}/policy/api/v1/infra/tier-0s/{{ tier0_gateway_id }}" <<: *basic_auth_info validate_certs: no method: DELETE status_code: 200 when: - tier0_gateway_id is defined register: delete_tier0_gateway_result - debug: var=delete_tier0_gateway_result |
Tier-0 ゲートウェイ作成
Tier-0ゲートウェイを作成してみます。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
(venv) [root@localhost nsxt]# ansible-playbook main.yml -e '{"state": "present"}' [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' PLAY [Example NSX-T Playbook] *************************************************************************************************************************************** TASK [Get Tier-0 info] ********************************************************************************************************************************************** ok: [localhost] TASK [set tier0_gateway_id variable] ******************************************************************************************************************************** skipping: [localhost] => (item={'transit_subnets': ['100.64.0.0/16'], 'internal_transit_subnets': ['169.254.0.0/28'], 'ha_mode': 'ACTIVE_STANDBY', 'failover_mode': 'NON_PREEMPTIVE', 'ipv6_profile_paths': ['/infra/ipv6-ndra-profiles/default', '/infra/ipv6-dad-profiles/default'], 'force_whitelisting': False, 'default_rule_logging': False, 'disable_firewall': False, 'resource_type': 'Tier0', 'id': 'T0-0', 'display_name': 'T0-0', 'path': '/infra/tier-0s/T0-0', 'relative_path': 'T0-0', 'parent_path': '/infra/tier-0s/T0-0', 'marked_for_delete': False, '_create_user': 'admin', '_create_time': 1569221548103, '_last_modified_user': 'admin', '_last_modified_time': 1569222200552, '_system_owned': False, '_protection': 'NOT_PROTECTED', '_revision': 3}) TASK [Create Tier-0 gateway] **************************************************************************************************************************************** ok: [localhost] TASK [debug] ******************************************************************************************************************************************************** ok: [localhost] => { "create_tier0_gateway_result": { "cache_control": "no-cache, no-store, max-age=0, must-revalidate", "changed": false, "connection": "close", "content_length": "0", "cookies": { "JSESSIONID": "B51AC7F16102F71A1C40CB1D2A299BF9" }, "cookies_string": "JSESSIONID=B51AC7F16102F71A1C40CB1D2A299BF9", "date": "Tue, 10 Dec 2019 07:42:10 GMT", "elapsed": 0, "expires": "0", "failed": false, "msg": "OK (0 bytes)", "pragma": "no-cache", "redirected": false, "server": "NSX", "set_cookie": "JSESSIONID=B51AC7F16102F71A1C40CB1D2A299BF9; Path=/; Secure; HttpOnly", "status": 200, "strict_transport_security": "max-age=31536000 ; includeSubDomains", "url": "https://192.168.0.163/policy/api/v1/infra/tier-0s/tier0-test", "x_content_type_options": "nosniff, nosniff", "x_frame_options": "SAMEORIGIN", "x_nsx_requestid": "f5fd0036-fee1-475b-b041-22c71ca38e7a", "x_xss_protection": "1; mode=block" } } TASK [Get Tier-0 info] ********************************************************************************************************************************************** skipping: [localhost] TASK [set tier0_gateway_id variable] ******************************************************************************************************************************** skipping: [localhost] TASK [Delete Tier-0 gateway] **************************************************************************************************************************************** skipping: [localhost] TASK [debug] ******************************************************************************************************************************************************** skipping: [localhost] PLAY RECAP ********************************************************************************************************************************************************** localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0 |
Tier-0ゲートウェイが作成されているか確認します。
Tier-0ゲートウェイ削除
次にTier-0ゲートウェイを削除してみます。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
(venv) [root@localhost nsxt]# ansible-playbook main.yml -e '{"state": "absent"}' [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' PLAY [Example NSX-T Playbook] *************************************************************************************************************************************** TASK [Get Tier-0 info] ********************************************************************************************************************************************** skipping: [localhost] TASK [set tier0_gateway_id variable] ******************************************************************************************************************************** skipping: [localhost] TASK [Create Tier-0 gateway] **************************************************************************************************************************************** skipping: [localhost] TASK [debug] ******************************************************************************************************************************************************** skipping: [localhost] TASK [Get Tier-0 info] ********************************************************************************************************************************************** ok: [localhost] TASK [set tier0_gateway_id variable] ******************************************************************************************************************************** skipping: [localhost] => (item={'transit_subnets': ['100.64.0.0/16'], 'internal_transit_subnets': ['169.254.0.0/28'], 'ha_mode': 'ACTIVE_STANDBY', 'failover_mode': 'NON_PREEMPTIVE', 'ipv6_profile_paths': ['/infra/ipv6-ndra-profiles/default', '/infra/ipv6-dad-profiles/default'], 'force_whitelisting': False, 'default_rule_logging': False, 'disable_firewall': False, 'resource_type': 'Tier0', 'id': 'T0-0', 'display_name': 'T0-0', 'path': '/infra/tier-0s/T0-0', 'relative_path': 'T0-0', 'parent_path': '/infra/tier-0s/T0-0', 'marked_for_delete': False, '_create_user': 'admin', '_create_time': 1569221548103, '_last_modified_user': 'admin', '_last_modified_time': 1569222200552, '_system_owned': False, '_protection': 'NOT_PROTECTED', '_revision': 3}) ok: [localhost] => (item={'transit_subnets': ['100.64.0.0/16'], 'internal_transit_subnets': ['169.254.0.0/28'], 'ha_mode': 'ACTIVE_STANDBY', 'failover_mode': 'NON_PREEMPTIVE', 'ipv6_profile_paths': ['/infra/ipv6-ndra-profiles/default', '/infra/ipv6-dad-profiles/default'], 'force_whitelisting': False, 'default_rule_logging': False, 'disable_firewall': False, 'resource_type': 'Tier0', 'id': 'tier0-test', 'display_name': 'tier0-test', 'path': '/infra/tier-0s/tier0-test', 'relative_path': 'tier0-test', 'parent_path': '/infra/tier-0s/tier0-test', 'marked_for_delete': False, '_create_user': 'admin', '_create_time': 1575963731428, '_last_modified_user': 'admin', '_last_modified_time': 1575963731428, '_system_owned': False, '_protection': 'NOT_PROTECTED', '_revision': 0}) TASK [Delete Tier-0 gateway] **************************************************************************************************************************************** ok: [localhost] TASK [debug] ******************************************************************************************************************************************************** ok: [localhost] => { "delete_tier0_gateway_result": { "cache_control": "no-cache, no-store, max-age=0, must-revalidate", "changed": false, "connection": "close", "content_length": "0", "cookies": { "JSESSIONID": "E56976E0AF0AAD6919A46F9973B5E1BD" }, "cookies_string": "JSESSIONID=E56976E0AF0AAD6919A46F9973B5E1BD", "date": "Tue, 10 Dec 2019 07:44:11 GMT", "elapsed": 0, "expires": "0", "failed": false, "msg": "OK (0 bytes)", "pragma": "no-cache", "redirected": false, "server": "NSX", "set_cookie": "JSESSIONID=E56976E0AF0AAD6919A46F9973B5E1BD; Path=/; Secure; HttpOnly", "status": 200, "strict_transport_security": "max-age=31536000 ; includeSubDomains", "url": "https://192.168.0.163/policy/api/v1/infra/tier-0s/tier0-test", "x_content_type_options": "nosniff, nosniff", "x_frame_options": "SAMEORIGIN", "x_nsx_requestid": "4c44db52-5f77-41cc-bbc2-ba711b7775fc", "x_xss_protection": "1; mode=block" } } PLAY RECAP ********************************************************************************************************************************************************** localhost : ok=4 changed=0 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 |
NSX ManagerのWebUIからTier-0ゲートウェイが削除されていることを確認します 🙂
最後に
REST APIを使えばモジュールが無くてもある程度は対応できそうです。
例えば、FWやLBなどの設定一気入れとか。
FWのルール変更が数百行来たときにいちいち手で入れなくてもAPI経由でサクッと入れられそうですね。
ちなみに、昔作ったFWのバックアップモジュール例を紹介しておきます 🙂
5回目は以上です!次!