Functions to create/update firewall sections/rules and code cleanup

Signed-off-by: Yang Ding <[email protected]>

functions/create_hosts.sh

@@ -41,7 +41,7 @@ function create_controller_hosts {
     echo "$controller_host" >> ctrl_vms
   done
 
-    cat >> ctrl_vms <<-EOF
+  cat >> ctrl_vms <<-EOF
 [controllers:vars]
 prefix_length="${nsx_manager_deployment_ip_prefix_length_int}"
 default_gateway="${default_gateway_int}"

functions/create_tenant_resources.py

@@ -7,9 +7,6 @@
 def create_tenant_edge_params():
     dns_domain = os.getenv('dns_domain_int')
     edge_specs = os.getenv('tenant_edge_clusters_int')
-    # default_edge_ips = os.getenv('edge_ips')
-    # default_edge_prefix = os.getenv('edge_transport_node_prefix_int')
-    # default_edge_uplink_profile_vlan = os.getenv('edge_uplink_profile_vlan_int')
     tenant_edge_clusters = json.loads(edge_specs)
 
     with open('tenant_edges', 'w') as edge_output_file:
@@ -47,15 +44,6 @@ def create_tenant_edge_params():
                 edge_output_file.write('%s=%s\n' % (param, edge_cluster[param]))
 
         cluster_member_spec = []
-        # default_edge_count = len(default_edge_ips.split(','))
-        # default_edge_members = "default-edge-cls members='["
-        # for i in range(default_edge_count):
-        #     default_edge_members += "{\"transport_node_name\":\"%s-%s\"}," \
-        #                             % (default_edge_prefix, i + 1)
-        # default_edge_members = default_edge_members[:-1] + "]'"
-        # default_edge_members += " edge_uplink_profile_vlan=%s\n" % default_edge_uplink_profile_vlan
-        # cluster_member_spec.append(default_edge_members)
-
         for idx, edge_cluster in enumerate(tenant_edge_clusters):
             members_line = "edge-cls-%s members='[" % (idx + 1)
             for i in range(len(edge_cluster['edge_ips'].split(','))):

nsxt_yaml/basic_topology.yml

@@ -106,9 +106,9 @@
           password: "{{hostvars['localhost'].compute_manager_password}}"
         state: present
       retries: 3
-      delay: 3
+      delay: 10
       register: compute_manager
-      until: compute_manager is defined
+      until: compute_manager is not failed
 
     # TODO: change var names
     - name: Deploy compute manager 2
@@ -127,9 +127,9 @@
         state: present
       register: compute_manager_2_compute_cluster
       when:
-      - hostvars['localhost'].compute_manager_2_vcenter_ip is defined
-      - hostvars['localhost'].compute_manager_2_username is defined
-      - hostvars['localhost'].compute_manager_2_password is defined
+        - hostvars['localhost'].compute_manager_2_vcenter_ip is defined
+        - hostvars['localhost'].compute_manager_2_username is defined
+        - hostvars['localhost'].compute_manager_2_password is defined
 
     - name: Install pyvmomi tools dependency
       shell: "cd /tmp; git clone https://github.com/vmware/pyvmomi-community-samples.git; cp -r pyvmomi-community-samples/samples/tools /usr/local/lib/python2.7/dist-packages"

pipelines/nsx-t-install.yml

@@ -83,6 +83,9 @@ nsx_t_gen_params: &nsx-t-gen-params
 
   nsx_t_ip_prefix_spec_int: ((nsx_t_ip_prefix_spec))
   nsx_t_t0_bgp_spec_int: ((nsx_t_t0_bgp_spec))
+  nsx_t_ip_set_spec_int: ((nsx_t_ip_set_spec))
+  nsx_t_firewall_sections_spec_int: ((nsx_t_firewall_sections_spec))
+  nsx_t_edge_firewall_rules_spec_int: ((nsx_t_edge_firewall_rules_spec))
   nsx_t_t1router_logical_switches_spec_int: ((nsx_t_t1router_logical_switches_spec))
   nsx_t_ha_switching_profile_spec_int: ((nsx_t_ha_switching_profile_spec))
   nsx_t_container_ip_block_spec_int: ((nsx_t_container_ip_block_spec))