Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vmware_dvs_portgroup: update functionality; add mac_management_policy #55404

Open
wants to merge 8 commits into
base: devel
from

Conversation

Projects
None yet
3 participants
@vmwjoseph
Copy link
Contributor

commented Apr 16, 2019

SUMMARY
  • Implement update functionality
  • Add auto_expand parameter
  • Add mac_management_policy parameter
ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

vcenter_dvs_portgroup

ADDITIONAL INFORMATION

Testing performed

Check MAC learning status

[root@sc2-v-vm08-dhcp-1-104:~] netdbg vswitch mac-learning port get -p 164 --dvs-alias nova_dvs
MAC Learning:                   False
Unknown Unicast Flooding:       False
MAC Limit:                      4096
MAC Limit Policy:               ALLOW

Set MAC Management Policy

changed: [10.193.30.210] => (item={'key': u'vm-network', 'value': {u'mac_management_policy': {u'mac_learning_policy': {u'limit': 4048, u'allow_unicast_flooding': True, u'enabled': True, u'limit_policy': u'drop'}, u'allow_promiscuous': False, u'mac_changes': True, u'forged_transmits': True}, u'teaming_policy': {u'notify_switches': True, u'load_balance_policy': u'loadbalance_srcid', u'inbound_policy': False, u'rolling_order': False}, u'port_policy': {u'traffic_filter_override': True, u'network_rp_override': True, u'ipfix_override': True, u'live_port_move': True, u'security_override': True, u'block_override': True, u'port_config_reset_at_disconnect': True, u'uplink_teaming_override': True, u'vendor_config_override': True, u'shaping_override': True, u'vlan_override': True}, u'network_policy': {u'promiscuous': False, u'mac_changes': False, u'forged_transmits': False}, u'state': u'present', u'num_ports': 15, u'vlan_trunk': False, u'auto_expand': True, u'portgroup_type': u'earlyBinding', u'vlan_id': 0}}) => {
    "changed": true, 
    "invocation": {
        "module_args": {
            "auto_expand": true, 
            "hostname": "10.193.30.210", 
            "mac_management_policy": {
                "allow_promiscuous": false, 
                "forged_transmits": true, 
                "mac_changes": true, 
                "mac_learning_policy": {
                    "allow_unicast_flooding": true, 
                    "enabled": true, 
                    "limit": 4048, 
                    "limit_policy": "drop"
                }
            }, 
            "network_policy": {
                "forged_transmits": false, 
                "mac_changes": false, 
                "promiscuous": false
            }, 
            "num_ports": 15, 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "port": 443, 
            "port_policy": {
                "block_override": true, 
                "ipfix_override": true, 
                "live_port_move": true, 
                "network_rp_override": true, 
                "port_config_reset_at_disconnect": true, 
                "security_override": true, 
                "shaping_override": true, 
                "traffic_filter_override": true, 
                "uplink_teaming_override": true, 
                "vendor_config_override": true, 
                "vlan_override": true
            }, 
            "portgroup_name": "vm-network", 
            "portgroup_type": "earlyBinding", 
            "state": "present", 
            "switch_name": "nova_dvs", 
            "teaming_policy": {
                "inbound_policy": false, 
                "load_balance_policy": "loadbalance_srcid", 
                "notify_switches": true, 
                "rolling_order": false
            }, 
            "username": "administrator@vsphere.local", 
            "validate_certs": false, 
            "vlan_id": "0", 
            "vlan_trunk": false
        }
    }, 
    "item": {
        "key": "vm-network", 
        "value": {
            "auto_expand": true, 
            "mac_management_policy": {
                "allow_promiscuous": false, 
                "forged_transmits": true, 
                "mac_changes": true, 
                "mac_learning_policy": {
                    "allow_unicast_flooding": true, 
                    "enabled": true, 
                    "limit": 4048, 
                    "limit_policy": "drop"
                }
            }, 
            "network_policy": {
                "forged_transmits": false, 
                "mac_changes": false, 
                "promiscuous": false
            }, 
            "num_ports": 15, 
            "port_policy": {
                "block_override": true, 
                "ipfix_override": true, 
                "live_port_move": true, 
                "network_rp_override": true, 
                "port_config_reset_at_disconnect": true, 
                "security_override": true, 
                "shaping_override": true, 
                "traffic_filter_override": true, 
                "uplink_teaming_override": true, 
                "vendor_config_override": true, 
                "vlan_override": true
            }, 
            "portgroup_type": "earlyBinding", 
            "state": "present", 
            "teaming_policy": {
                "inbound_policy": false, 
                "load_balance_policy": "loadbalance_srcid", 
                "notify_switches": true, 
                "rolling_order": false
            }, 
            "vlan_id": 0, 
            "vlan_trunk": false
        }
    }, 
    "result": "None", 
    "updates": {
        "mac_management_policy": [
            "Desired '{'mac_changes': True, 'allow_promiscuous': False, 'mac_learning_policy': {'enabled': True, 'allow_unicast_flooding': True, 'limit': 4048, 'limit_policy': 'drop'}, 'forged_transmits': True}' does not equal current '{'mac_learning_policy': {'limit': 4048, 'allow_unicast_flooding': True, 'enabled': False, 'limit_policy': 'drop'}, 'allow_promiscuous': False, 'mac_changes': True, 'forged_transmits': True}'"
        ]
    }
}

Verifying MAC learning is enabled & working

[root@sc2-v-vm08-dhcp-1-104:~] netdbg vswitch mac-learning port get -p 164 --dvs-alias nova_dvs
MAC Learning:                   True
Unknown Unicast Flooding:       True
MAC Limit:                      4048
MAC Limit Policy:               DROP

[root@sc2-v-vm08-dhcp-1-104:~] netdbg vswitch mac-table port get -p 163 --dvs-alias nova_dvs
MAC: 00:50:56:93:06:8e vid: 0      vni: 0        type: static    aging: yes    elapsed: 0     

Trying to set MAC Management on DVS without support for MAC Management Policy

failed: [10.193.30.210] (item={'key': u'vm-network', 'value': {u'mac_management_policy': {u'mac_learning_policy': {u'limit': 4048, u'allow_unicast_flooding': True, u'enabled': True, u'limit_policy': u'drop'}, u'allow_promiscuous': False, u'mac_changes': True, u'forged_transmits': True}, u'teaming_policy': {u'notify_switches': True, u'load_balance_policy': u'loadbalance_srcid', u'inbound_policy': False, u'rolling_order': False}, u'port_policy': {u'traffic_filter_override': True, u'network_rp_override': True, u'ipfix_override': True, u'live_port_move': True, u'security_override': True, u'block_override': True, u'port_config_reset_at_disconnect': True, u'uplink_teaming_override': True, u'vendor_config_override': True, u'shaping_override': True, u'vlan_override': True}, u'network_policy': {u'promiscuous': False, u'mac_changes': False, u'forged_transmits': False}, u'state': u'present', u'num_ports': 15, u'vlan_trunk': False, u'auto_expand': True, u'portgroup_type': u'earlyBinding', u'vlan_id': 0}}) => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "auto_expand": true, 
            "hostname": "10.193.30.210", 
            "mac_management_policy": {
                "allow_promiscuous": false, 
                "forged_transmits": true, 
                "mac_changes": true, 
                "mac_learning_policy": {
                    "allow_unicast_flooding": true, 
                    "enabled": true, 
                    "limit": 4048, 
                    "limit_policy": "drop"
                }
            }, 
            "network_policy": {
                "forged_transmits": false, 
                "mac_changes": false, 
                "promiscuous": false
            }, 
            "num_ports": 15, 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "port": 443, 
            "port_policy": {
                "block_override": true, 
                "ipfix_override": true, 
                "live_port_move": true, 
                "network_rp_override": true, 
                "port_config_reset_at_disconnect": true, 
                "security_override": true, 
                "shaping_override": true, 
                "traffic_filter_override": true, 
                "uplink_teaming_override": true, 
                "vendor_config_override": true, 
                "vlan_override": true
            }, 
            "portgroup_name": "vm-network", 
            "portgroup_type": "earlyBinding", 
            "state": "present", 
            "switch_name": "test_dvs", 
            "teaming_policy": {
                "inbound_policy": false, 
                "load_balance_policy": "loadbalance_srcid", 
                "notify_switches": true, 
                "rolling_order": false
            }, 
            "username": "administrator@vsphere.local", 
            "validate_certs": false, 
            "vlan_id": "0", 
            "vlan_trunk": false
        }
    }, 
    "item": {
        "key": "vm-network", 
        "value": {
            "auto_expand": true, 
            "mac_management_policy": {
                "allow_promiscuous": false, 
                "forged_transmits": true, 
                "mac_changes": true, 
                "mac_learning_policy": {
                    "allow_unicast_flooding": true, 
                    "enabled": true, 
                    "limit": 4048, 
                    "limit_policy": "drop"
                }
            }, 
            "network_policy": {
                "forged_transmits": false, 
                "mac_changes": false, 
                "promiscuous": false
            }, 
            "num_ports": 15, 
            "port_policy": {
                "block_override": true, 
                "ipfix_override": true, 
                "live_port_move": true, 
                "network_rp_override": true, 
                "port_config_reset_at_disconnect": true, 
                "security_override": true, 
                "shaping_override": true, 
                "traffic_filter_override": true, 
                "uplink_teaming_override": true, 
                "vendor_config_override": true, 
                "vlan_override": true
            }, 
            "portgroup_type": "earlyBinding", 
            "state": "present", 
            "teaming_policy": {
                "inbound_policy": false, 
                "load_balance_policy": "loadbalance_srcid", 
                "notify_switches": true, 
                "rolling_order": false
            }, 
            "vlan_id": 0, 
            "vlan_trunk": false
        }
    }, 
    "msg": "The distributed virtual switch does not support MAC management policy.Minimum DVS version is 6.6.0 (current version is 6.0.0)"
}
	to retry, use: --limit @/opt/ansible/vsphere/playbooks/config_pgs.retry

PLAY RECAP ************************************************************************************************************************************************************************************************
10.193.30.210              : ok=0    changed=0    unreachable=0    failed=1   

Updating DVS settings

changed: [10.193.30.210] => (item={'key': u'vm-network2', 'value': {u'portgroup_type': u'earlyBinding', u'teaming_policy': {u'notify_switches': True, u'load_balance_policy': u'loadbalance_srcid', u'inbound_policy': False, u'rolling_order': False}, u'port_policy': {u'traffic_filter_override': True, u'network_rp_override': True, u'ipfix_override': True, u'live_port_move': True, u'security_override': True, u'block_override': True, u'port_config_reset_at_disconnect': True, u'uplink_teaming_override': True, u'vendor_config_override': True, u'shaping_override': True, u'vlan_override': True}, u'network_policy': {u'promiscuous': False, u'mac_changes': False, u'forged_transmits': False}, u'state': u'present', u'num_ports': 15, u'vlan_trunk': False, u'auto_expand': True, u'vlan_id': 0}}) => {
    "changed": true, 
    "invocation": {
        "module_args": {
            "auto_expand": true, 
            "hostname": "10.193.30.210", 
            "mac_management_policy": {
                "allow_promiscuous": null, 
                "forged_transmits": null, 
                "mac_changes": null, 
                "mac_learning_policy": {
                    "allow_unicast_flooding": null, 
                    "enabled": false, 
                    "limit": null, 
                    "limit_policy": null
                }
            }, 
            "network_policy": {
                "forged_transmits": false, 
                "mac_changes": false, 
                "promiscuous": false
            }, 
            "num_ports": 15, 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "port": 443, 
            "port_policy": {
                "block_override": true, 
                "ipfix_override": true, 
                "live_port_move": true, 
                "network_rp_override": true, 
                "port_config_reset_at_disconnect": true, 
                "security_override": true, 
                "shaping_override": true, 
                "traffic_filter_override": true, 
                "uplink_teaming_override": true, 
                "vendor_config_override": true, 
                "vlan_override": true
            }, 
            "portgroup_name": "vm-network2", 
            "portgroup_type": "earlyBinding", 
            "state": "present", 
            "switch_name": "test_dvs", 
            "teaming_policy": {
                "inbound_policy": false, 
                "load_balance_policy": "loadbalance_srcid", 
                "notify_switches": true, 
                "rolling_order": false
            }, 
            "username": "administrator@vsphere.local", 
            "validate_certs": false, 
            "vlan_id": "0", 
            "vlan_trunk": false
        }
    }, 
    "item": {
        "key": "vm-network2", 
        "value": {
            "auto_expand": true, 
            "network_policy": {
                "forged_transmits": false, 
                "mac_changes": false, 
                "promiscuous": false
            }, 
            "num_ports": 15, 
            "port_policy": {
                "block_override": true, 
                "ipfix_override": true, 
                "live_port_move": true, 
                "network_rp_override": true, 
                "port_config_reset_at_disconnect": true, 
                "security_override": true, 
                "shaping_override": true, 
                "traffic_filter_override": true, 
                "uplink_teaming_override": true, 
                "vendor_config_override": true, 
                "vlan_override": true
            }, 
            "portgroup_type": "earlyBinding", 
            "state": "present", 
            "teaming_policy": {
                "inbound_policy": false, 
                "load_balance_policy": "loadbalance_srcid", 
                "notify_switches": true, 
                "rolling_order": false
            }, 
            "vlan_id": 0, 
            "vlan_trunk": false
        }
    }, 
    "result": "None", 
    "updates": {
        "port_policy": [
            "Desired '{'traffic_filter_override': True, 'network_rp_override': True, 'live_port_move': True, 'security_override': True, 'vendor_config_override': True, 'port_config_reset_at_disconnect': True, 'uplink_teaming_override': True, 'block_override': True, 'shaping_override': True, 'vlan_override': True, 'ipfix_override': True}' does not equal current '{'traffic_filter_override': False, 'network_rp_override': False, 'live_port_move': False, 'security_override': False, 'vendor_config_override': False, 'port_config_reset_at_disconnect': True, 'uplink_teaming_override': False, 'block_override': True, 'shaping_override': False, 'vlan_override': False, 'ipfix_override': False}'"
        ], 
        "teaming_policy": [
            "Desired '{'notify_switches': True, 'load_balance_policy': 'loadbalance_srcid', 'inbound_policy': False, 'rolling_order': False}' does not equal current '{'notify_switches': True, 'load_balance_policy': 'loadbalance_srcid', 'inbound_policy': True, 'rolling_order': False}'"
        ], 
        "vlan_id": [
            "Desired '{0: 0}' does not equal current '{3243: 3243}'"
        ]
    }
}

Rerun (no change)

ok: [10.193.30.210] => (item={'key': u'vm-network2', 'value': {u'portgroup_type': u'earlyBinding', u'teaming_policy': {u'notify_switches': True, u'load_balance_policy': u'loadbalance_srcid', u'inbound_policy': False, u'rolling_order': False}, u'port_policy': {u'traffic_filter_override': True, u'network_rp_override': True, u'ipfix_override': True, u'live_port_move': True, u'security_override': True, u'block_override': True, u'port_config_reset_at_disconnect': True, u'uplink_teaming_override': True, u'vendor_config_override': True, u'shaping_override': True, u'vlan_override': True}, u'network_policy': {u'promiscuous': False, u'mac_changes': False, u'forged_transmits': False}, u'state': u'present', u'num_ports': 15, u'vlan_trunk': False, u'auto_expand': True, u'vlan_id': 0}}) => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "auto_expand": true, 
            "hostname": "10.193.30.210", 
            "mac_management_policy": {
                "allow_promiscuous": null, 
                "forged_transmits": null, 
                "mac_changes": null, 
                "mac_learning_policy": {
                    "allow_unicast_flooding": null, 
                    "enabled": false, 
                    "limit": null, 
                    "limit_policy": null
                }
            }, 
            "network_policy": {
                "forged_transmits": false, 
                "mac_changes": false, 
                "promiscuous": false
            }, 
            "num_ports": 15, 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "port": 443, 
            "port_policy": {
                "block_override": true, 
                "ipfix_override": true, 
                "live_port_move": true, 
                "network_rp_override": true, 
                "port_config_reset_at_disconnect": true, 
                "security_override": true, 
                "shaping_override": true, 
                "traffic_filter_override": true, 
                "uplink_teaming_override": true, 
                "vendor_config_override": true, 
                "vlan_override": true
            }, 
            "portgroup_name": "vm-network2", 
            "portgroup_type": "earlyBinding", 
            "state": "present", 
            "switch_name": "test_dvs", 
            "teaming_policy": {
                "inbound_policy": false, 
                "load_balance_policy": "loadbalance_srcid", 
                "notify_switches": true, 
                "rolling_order": false
            }, 
            "username": "administrator@vsphere.local", 
            "validate_certs": false, 
            "vlan_id": "0", 
            "vlan_trunk": false
        }
    }, 
    "item": {
        "key": "vm-network2", 
        "value": {
            "auto_expand": true, 
            "network_policy": {
                "forged_transmits": false, 
                "mac_changes": false, 
                "promiscuous": false
            }, 
            "num_ports": 15, 
            "port_policy": {
                "block_override": true, 
                "ipfix_override": true, 
                "live_port_move": true, 
                "network_rp_override": true, 
                "port_config_reset_at_disconnect": true, 
                "security_override": true, 
                "shaping_override": true, 
                "traffic_filter_override": true, 
                "uplink_teaming_override": true, 
                "vendor_config_override": true, 
                "vlan_override": true
            }, 
            "portgroup_type": "earlyBinding", 
            "state": "present", 
            "teaming_policy": {
                "inbound_policy": false, 
                "load_balance_policy": "loadbalance_srcid", 
                "notify_switches": true, 
                "rolling_order": false
            }, 
            "vlan_id": 0, 
            "vlan_trunk": false
        }
    }
}
META: ran handlers
META: ran handlers

PLAY RECAP ************************************************************************************************************************************************************************************************
10.193.30.210              : ok=1    changed=0    unreachable=0    failed=0  

vlan_id error condition checks

            "vlan_id": "40-41,43-42,200,400-500", 
    "msg": "ValueError parsing vlan_ids: Range 43-42 start of range is greater than end"
            "vlan_id": "40-41,-400,200,400-500", 
    "msg": "ValueError parsing vlan_ids: Range -400 does not have valid format"
            "vlan_id": "40-F,-400,200,400-500",  
    "msg": "ValueError parsing vlan_ids: Range 40-F does not have valid format"
            "vlan_id": "40-100-400,200,400-500",  
    "msg": "ValueError parsing vlan_ids: Range 40-100-400 does not have valid format"
            "vlan_id": "400-100,200,400-500",  
    "msg": "ValueError parsing vlan_ids: Range 400-100 stat of range is greater than end"
@ansibot

This comment has been minimized.

@ansibot

This comment has been minimized.

Copy link
Contributor

commented Apr 16, 2019

@vmwjoseph, just so you are aware we have a dedicated Working Group for vmware.
You can find other people interested in this in #ansible-vmware on Freenode IRC
For more information about communities, meetings and agendas see https://github.com/ansible/community

click here for bot help

@ansibot ansibot removed the ci_verified label Apr 17, 2019

add default for mac_management_policy in arg spec; enhance checking o…
…f current portgroup configuration settings

@ansibot ansibot removed the ci_verified label Apr 17, 2019

@ansibot ansibot added needs_revision and removed stale_ci labels May 2, 2019

@ansibot

This comment has been minimized.

Copy link
Contributor

commented May 10, 2019

@ansibot ansibot added the stale_ci label May 10, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.