Add configuration options to VMWare portgroup (#2390)

* Add configuration options to VMWare portgroup * Add version_added to newly added vmware portgroup params * Update vmware_porgroup to use network_policy node for settings * Update documentation for vmware_porgroup network policy
author: camradal <camradal@yahoo.com> 2016-07-03 01:49:42 -0700
committer: René Moser <mail@renemoser.net> 2016-07-03 10:49:42 +0200
commit: 5588cc9c0273c42ac12c14a699619ecb27658716 (patch)
tree: 5d57e13632e4fabba563ec4177f1a5a4a8b2a2d3 /cloud/vmware
parent: dcb1ab6bed3b674b368ce95e4f65e441e14618c5 (diff)
download: ansible-modules-extras-5588cc9c0273c42ac12c14a699619ecb27658716.tar.gz
1 files changed, 41 insertions, 4 deletions
diff --git a/cloud/vmware/vmware_portgroup.py b/cloud/vmware/vmware_portgroup.py
index 591aa924..c367a976 100644
--- a/cloud/vmware/vmware_portgroup.py
+++ b/cloud/vmware/vmware_portgroup.py
@@ -44,6 +44,14 @@ options:
         description:
             - VLAN ID to assign to portgroup
         required: True
+    network_policy:
+        description:
+            - Network policy specifies layer 2 security settings for a
+              portgroup such as promiscuous mode, where guest adapter listens
+              to all the packets, MAC address changes and forged transmits.
+              Settings are promiscuous_mode, forged_transmits, mac_changes
+        required: False
+        version_added: "2.2"
 extends_documentation_fragment: vmware.documentation
 '''
 
@@ -59,6 +67,17 @@ Example from Ansible playbook
         switch_name: vswitch_name
         portgroup_name: portgroup_name
         vlan_id: vlan_id
+
+    - name: Add Portgroup with Promiscuous Mode Enabled
+      local_action:
+        module: vmware_portgroup
+        hostname: esxi_hostname
+        username: esxi_username
+        password: esxi_password
+        switch_name: vswitch_name
+        portgroup_name: portgroup_name
+        network_policy:
+            promiscuous_mode: True
 '''
 
 try:
@@ -68,7 +87,20 @@ except ImportError:
     HAS_PYVMOMI = False
 
 
-def create_port_group(host_system, portgroup_name, vlan_id, vswitch_name):
+def create_network_policy(promiscuous_mode, forged_transmits, mac_changes):
+
+    security_policy = vim.host.NetworkPolicy.SecurityPolicy()
+    if promiscuous_mode:
+        security_policy.allowPromiscuous = promiscuous_mode
+    if forged_transmits:
+        security_policy.forgedTransmits = forged_transmits
+    if mac_changes:
+        security_policy.macChanges = mac_changes
+    network_policy = vim.host.NetworkPolicy(security=security_policy)
+    return network_policy
+
+
+def create_port_group(host_system, portgroup_name, vlan_id, vswitch_name, network_policy):
 
     config = vim.host.NetworkConfig()
     config.portgroup = [vim.host.PortGroup.Config()]
@@ -77,7 +109,7 @@ def create_port_group(host_system, portgroup_name, vlan_id, vswitch_name):
     config.portgroup[0].spec.name = portgroup_name
     config.portgroup[0].spec.vlanId = vlan_id
     config.portgroup[0].spec.vswitchName = vswitch_name
-    config.portgroup[0].spec.policy = vim.host.NetworkPolicy()
+    config.portgroup[0].spec.policy = network_policy
 
     host_network_config_result = host_system.configManager.networkSystem.UpdateNetworkConfig(config, "modify")
     return True
@@ -88,7 +120,8 @@ def main():
     argument_spec = vmware_argument_spec()
     argument_spec.update(dict(portgroup_name=dict(required=True, type='str'),
                          switch_name=dict(required=True, type='str'),
-                         vlan_id=dict(required=True, type='int')))
+                         vlan_id=dict(required=True, type='int'),
+                         network_policy=dict(required=False, type='dict', default={})))
 
     module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
 
@@ -98,6 +131,9 @@ def main():
     portgroup_name = module.params['portgroup_name']
     switch_name = module.params['switch_name']
     vlan_id = module.params['vlan_id']
+    promiscuous_mode = module.params['network_policy'].get('promiscuous_mode', None)
+    forged_transmits = module.params['network_policy'].get('forged_transmits', None)
+    mac_changes = module.params['network_policy'].get('mac_changes', None)
 
     try:
         content = connect_to_api(module)
@@ -109,7 +145,8 @@ def main():
         if find_host_portgroup_by_name(host_system, portgroup_name):
             module.exit_json(changed=False)
 
-        changed = create_port_group(host_system, portgroup_name, vlan_id, switch_name)
+        network_policy = create_network_policy(promiscuous_mode, forged_transmits, mac_changes)
+        changed = create_port_group(host_system, portgroup_name, vlan_id, switch_name, network_policy)
 
         module.exit_json(changed=changed)
     except vmodl.RuntimeFault as runtime_fault:
author	camradal <camradal@yahoo.com>	2016-07-03 01:49:42 -0700
committer	René Moser <mail@renemoser.net>	2016-07-03 10:49:42 +0200
commit	5588cc9c0273c42ac12c14a699619ecb27658716 (patch)
tree	5d57e13632e4fabba563ec4177f1a5a4a8b2a2d3 /cloud/vmware
parent	dcb1ab6bed3b674b368ce95e4f65e441e14618c5 (diff)
download	ansible-modules-extras-5588cc9c0273c42ac12c14a699619ecb27658716.tar.gz