Source code for saltext.vmware.states.nsxt_manager

"""
NSX-T Datacenter Configuration Management state module
======================================================

:maintainer: <VMware>
:maturity: new

Enable/Disable the NSX-T manager's publish_fqdns status.

Example usage:

.. code-block:: yaml

    configure_nsx_manager:
      nsx_manager.publish_fqdns_enabled:
        - name: Enable publish fqdns
          hostname: <hostname>
          username: <username>
          password: <password>
          cert: <certificate pem file path>
          verify_ssl: <False/True>

.. warning::

    It is recommended to pass the NSX authentication details using Pillars rather than specifying as plain text in SLS
    files.

"""
import logging

log = logging.getLogger(__name__)

__virtual_name__ = "nsxt_manager"


[docs]def __virtual__(): """ Only load if the nsxt_manager module is available in __salt__ """ return ( __virtual_name__ if "nsxt_manager.get_manager_config" in __salt__ else False, "'nsxt_manager' binary not found on system", )
def _set_publish_fqdns_in_nsxt( publish_fqdns, revision, hostname, username, password, verify_ssl, cert, cert_common_name ): out = __salt__["nsxt_manager.set_manager_config"]( hostname=hostname, username=username, password=password, revision=revision, publish_fqdns=publish_fqdns, verify_ssl=verify_ssl, cert=cert, cert_common_name=cert_common_name, ) return out def _get_publish_fqdns_revision_from_nsxt( hostname, username, password, verify_ssl, cert, cert_common_name ): out = __salt__["nsxt_manager.get_manager_config"]( hostname=hostname, username=username, password=password, verify_ssl=verify_ssl, cert=cert, cert_common_name=cert_common_name, ) return out def _get_publish_fqdns_revision_from_response(current_config_response): current_publish_fqdns = current_config_response.get("publish_fqdns") current_revision = current_config_response.get("_revision") return current_publish_fqdns, current_revision def _create_state_response(name, old_state, new_state, result, comment): state_response = dict() state_response["name"] = name state_response["result"] = result state_response["comment"] = comment state_response["changes"] = dict() if new_state: state_response["changes"]["old"] = old_state state_response["changes"]["new"] = new_state return state_response
[docs]def publish_fqdns_enabled( name, hostname, username, password, verify_ssl=True, cert=None, cert_common_name=None ): """ Check the value for publish_fqdns, if it is true then do nothing else set it to true .. code-block:: yaml configure_nsxt_manager: nsx_manager.publish_fqdns_enabled: - name: Enable publish fqdns - hostname: <hostname> - username: <username> - password: <password> - cert: <certificate path> - verify_ssl: <False/True> name The Operation to perform hostname NSX-T manager's hostname username NSX-T manager's username password NSX-T manager's password verify_ssl (Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped. cert (Optional) Path to the SSL client certificate file to connect to NSX-T manager. The certificate can be retrieved from browser. cert_common_name (Optional) By default, the hostname parameter and the common name in certificate is compared for host name verification. If the client certificate common name and hostname do not match (in case of self-signed certificates), specify the certificate common name as part of this parameter. This value is then used to compare against certificate common name. """ log.info("Getting the manager's config") cert_common_name = cert_common_name cert = cert get_current_config = _get_publish_fqdns_revision_from_nsxt( hostname, username, password, verify_ssl=verify_ssl, cert=cert, cert_common_name=cert_common_name, ) if "error" in get_current_config: return _create_state_response(name, None, None, False, get_current_config["error"]) current_publish_fqdns, current_revision = _get_publish_fqdns_revision_from_response( get_current_config ) if __opts__.get("test"): log.info("publish_fqdns_enabled is called with test option") return _create_state_response( name, None, None, None, "State publish_fqdns_enabled will execute with params {}, {}, {}, {}, {}".format( name, hostname, username, password, verify_ssl ), ) if current_publish_fqdns: return _create_state_response( name, None, None, True, "publish_fqdns is already set to True" ) publish_fqdns = True log.info("Updating the NSX-T manager's config") updated_config_response = _set_publish_fqdns_in_nsxt( publish_fqdns, current_revision, hostname, username, password, verify_ssl=verify_ssl, cert=cert, cert_common_name=cert_common_name, ) if "error" in updated_config_response: return _create_state_response(name, None, None, False, updated_config_response["error"]) return _create_state_response( name, get_current_config, updated_config_response, True, "publish_fqdns has been set to True", )
[docs]def publish_fqdns_disabled( name, hostname, username, password, verify_ssl=True, cert=None, cert_common_name=None ): """ Check the value for publish_fqdns, if it is false then do nothing else set it to false .. code-block:: yaml configure_nsxt_manager: nsx_manager.publish_fqdns_disabled: - name: Disable publish fqdns - hostname: <hostname> - username: <username> - password: <password> - cert: <certificate> - verify_ssl: <False/True> name The Operation to perform hostname NSX-T manager's hostname username NSX-T manager's username password NSX-T manager's password verify_ssl (Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped. cert (Optional) Path to the SSL client certificate file to connect to NSX-T manager. The certificate can be retrieved from browser. cert_common_name (Optional) By default, the hostname parameter and the common name in certificate is compared for host name verification. If the client certificate common name and hostname do not match (in case of self-signed certificates), specify the certificate common name as part of this parameter. This value is then used to compare against certificate common name. """ cert_common_name = cert_common_name cert = cert log.info("Getting the manager's config") get_current_config = _get_publish_fqdns_revision_from_nsxt( hostname, username, password, verify_ssl=verify_ssl, cert=cert, cert_common_name=cert_common_name, ) if "error" in get_current_config: return _create_state_response(name, None, None, False, get_current_config["error"]) current_publish_fqdns, current_revision = _get_publish_fqdns_revision_from_response( get_current_config ) if __opts__.get("test"): log.info("publish_fqdns_disabled is called with test option") return _create_state_response( name, None, None, None, "State publish_fqdns_disabled will execute with params {}, {}, {}, {}, {}".format( name, hostname, username, password, verify_ssl ), ) if not current_publish_fqdns: return _create_state_response( name, None, None, True, "publish_fqdns is already set to False" ) publish_fqdns = False log.info("Updating the manager's config") updated_config_response = _set_publish_fqdns_in_nsxt( publish_fqdns, current_revision, hostname, username, password, verify_ssl=verify_ssl, cert=cert, cert_common_name=cert_common_name, ) if "error" in updated_config_response: return _create_state_response(name, None, None, False, updated_config_response["error"]) return _create_state_response( name, get_current_config, updated_config_response, True, "publish_fqdns has been set to False", )