NSXT: Adding a script to set global firewall config autodraft option
Change-Id: I3a7b0b7c5f4d2c2da083ac002dc799060dfd218e
This commit is contained in:
parent
bea2debf25
commit
25b160653d
127
devstack/tools/nsxv_fw_autodraft_setting.py
Normal file
127
devstack/tools/nsxv_fw_autodraft_setting.py
Normal file
@ -0,0 +1,127 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
# Copyright 2016 VMware Inc
|
||||||
|
# All Rights Reserved
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
"""
|
||||||
|
Purpose: Configure distributed firewall autodraft setting
|
||||||
|
|
||||||
|
Usage:
|
||||||
|
python nsxv_fw_autodraft_setting.py --vsm-ip <nsx-manager-ip>
|
||||||
|
--username <nsx-manager-username>
|
||||||
|
--password <nsx-manager-password>
|
||||||
|
[--autodraft-disable]
|
||||||
|
[--autodraft-enable]
|
||||||
|
"""
|
||||||
|
|
||||||
|
import base64
|
||||||
|
import optparse
|
||||||
|
import requests
|
||||||
|
|
||||||
|
from oslo_serialization import jsonutils
|
||||||
|
|
||||||
|
requests.packages.urllib3.disable_warnings()
|
||||||
|
|
||||||
|
|
||||||
|
GLOBAL_CONFIG_URI = 'api/4.0/firewall/config/globalconfiguration'
|
||||||
|
AUTO_DRAFT_DISABLED = 'autoDraftDisabled'
|
||||||
|
|
||||||
|
|
||||||
|
class NSXClient(object):
|
||||||
|
|
||||||
|
def __init__(self, host, username, password, *args, **kwargs):
|
||||||
|
self._host = host
|
||||||
|
self._username = username
|
||||||
|
self._password = password
|
||||||
|
|
||||||
|
def _get_headers(self, format):
|
||||||
|
auth_cred = self._username + ":" + self._password
|
||||||
|
auth = base64.b64encode(auth_cred)
|
||||||
|
headers = {}
|
||||||
|
headers['Authorization'] = "Basic %s" % auth
|
||||||
|
headers['Content-Type'] = "application/%s" % format
|
||||||
|
headers['Accept'] = "application/%s" % format
|
||||||
|
return headers
|
||||||
|
|
||||||
|
def _get_url(self, uri):
|
||||||
|
return 'https://%s/%s' % (self._host, uri)
|
||||||
|
|
||||||
|
def _get(self, format, uri):
|
||||||
|
headers = self._get_headers(format)
|
||||||
|
url = self._get_url(uri)
|
||||||
|
response = requests.get(url, headers=headers,
|
||||||
|
verify=False)
|
||||||
|
return response
|
||||||
|
|
||||||
|
def _put(self, format, uri, data):
|
||||||
|
headers = self._get_headers(format)
|
||||||
|
url = self._get_url(uri)
|
||||||
|
response = requests.put(url, headers=headers,
|
||||||
|
verify=False, data=data)
|
||||||
|
return response
|
||||||
|
|
||||||
|
def disable_autodraft(self):
|
||||||
|
self._set_autodraft(True)
|
||||||
|
|
||||||
|
def enable_autodraft(self):
|
||||||
|
self._set_autodraft(False)
|
||||||
|
|
||||||
|
def _get_global_config(self):
|
||||||
|
resp = self._get('json', GLOBAL_CONFIG_URI)
|
||||||
|
global_conf = jsonutils.loads(resp.text)
|
||||||
|
return global_conf
|
||||||
|
|
||||||
|
def _set_autodraft(self, disabled):
|
||||||
|
global_conf = self._get_global_config()
|
||||||
|
global_conf[AUTO_DRAFT_DISABLED] = disabled
|
||||||
|
self._put('json', GLOBAL_CONFIG_URI, jsonutils.dumps(global_conf))
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
parser = optparse.OptionParser()
|
||||||
|
parser.add_option("--vsm-ip", dest="vsm_ip", help="NSX Manager IP address")
|
||||||
|
parser.add_option("-u", "--username", default="admin", dest="username",
|
||||||
|
help="NSX Manager username")
|
||||||
|
parser.add_option("-p", "--password", default="default", dest="password",
|
||||||
|
help="NSX Manager password")
|
||||||
|
parser.add_option("--disable-autodraft", action="store_true",
|
||||||
|
default=False, dest="disabled",
|
||||||
|
help="Disable the autodraft setting for NSX "
|
||||||
|
"distributed firewal.")
|
||||||
|
parser.add_option("--enable-autodraft", action="store_true",
|
||||||
|
default=False, dest="enabled",
|
||||||
|
help="Enable the autodraft setting for NSX "
|
||||||
|
"distributed firewal.")
|
||||||
|
(options, args) = parser.parse_args()
|
||||||
|
print ("vsm-ip: %s" % options.vsm_ip)
|
||||||
|
print ("username: %s" % options.username)
|
||||||
|
print ("password: %s" % options.password)
|
||||||
|
|
||||||
|
if options.disabled and options.enabled:
|
||||||
|
print("Please provide only one of the options: --disable-autodraft, "
|
||||||
|
"--enable-autodraft.")
|
||||||
|
|
||||||
|
nsx_client = NSXClient(options.vsm_ip, options.username,
|
||||||
|
options.password)
|
||||||
|
if options.disabled:
|
||||||
|
print("Disabling autodraft settings:")
|
||||||
|
nsx_client.disable_autodraft()
|
||||||
|
print("Autodraft is now disabled.")
|
||||||
|
if options.enabled:
|
||||||
|
print("Enabling autodraft settings:")
|
||||||
|
nsx_client.enable_autodraft()
|
||||||
|
print("Autodraft is now enabled.")
|
||||||
|
|
||||||
|
if options.disabled or options.enabled:
|
||||||
|
print("Please restart NSX manager for changes to take effect.")
|
Loading…
Reference in New Issue
Block a user