From 47cb3856b5fb6cc046c1eef342752ba6ef417087 Mon Sep 17 00:00:00 2001 From: Madhura-CSI <34053727+Madhura-CSI@users.noreply.github.com> Date: Fri, 17 Aug 2018 03:22:12 +0530 Subject: [PATCH] Support for accelerated networking and network security group for scaleset vms (#34788) * Support for accelerated networking and network security group for scaleset vms --- .../azure/azure_rm_virtualmachine_scaleset.py | 45 +++- .../tasks/main.yml | 210 ++++++++++++++++-- 2 files changed, 229 insertions(+), 26 deletions(-) diff --git a/lib/ansible/modules/cloud/azure/azure_rm_virtualmachine_scaleset.py b/lib/ansible/modules/cloud/azure/azure_rm_virtualmachine_scaleset.py index 77a153b1e3..21ab0a14ca 100644 --- a/lib/ansible/modules/cloud/azure/azure_rm_virtualmachine_scaleset.py +++ b/lib/ansible/modules/cloud/azure/azure_rm_virtualmachine_scaleset.py @@ -183,6 +183,20 @@ options: - "It can be 'all' or a list with any of the following: ['network_interfaces', 'virtual_storage', 'public_ips']." - Any other input will be ignored. default: ['all'] + enable_accelerated_networking: + description: + - Indicates whether user wants to allow accelerated networking for virtual machines in scaleset being created. + version_added: "2.7" + type: bool + security_group: + description: + - Existing security group with which to associate the subnet. + - It can be the security group name which is in the same resource group. + - It can be the resource Id. + - It can be a dict which contains C(name) and C(resource_group) of the security group. + version_added: "2.7" + aliases: + - security_group_name extends_documentation_fragment: - azure @@ -351,7 +365,7 @@ except ImportError: # This is handled in azure_rm_common pass -from ansible.module_utils.azure_rm_common import AzureRMModuleBase, azure_id_to_dict +from ansible.module_utils.azure_rm_common import AzureRMModuleBase, azure_id_to_dict, format_resource_id AZURE_OBJECT_CLASS = 'VirtualMachineScaleSet' @@ -388,6 +402,8 @@ class AzureRMVirtualMachineScaleSet(AzureRMModuleBase): virtual_network_resource_group=dict(type='str'), virtual_network_name=dict(type='str', aliases=['virtual_network']), remove_on_absent=dict(type='list', default=['all']), + enable_accelerated_networking=dict(type='bool'), + security_group=dict(type='raw', aliases=['security_group_name']) ) self.resource_group = None @@ -414,6 +430,8 @@ class AzureRMVirtualMachineScaleSet(AzureRMModuleBase): self.tags = None self.differences = None self.load_balancer = None + self.enable_accelerated_networking = None + self.security_group = None self.results = dict( changed=False, @@ -428,6 +446,8 @@ class AzureRMVirtualMachineScaleSet(AzureRMModuleBase): def exec_module(self, **kwargs): + nsg = None + for key in list(self.module_arg_spec.keys()) + ['tags']: setattr(self, key, kwargs[key]) @@ -604,6 +624,11 @@ class AzureRMVirtualMachineScaleSet(AzureRMModuleBase): managed_disk = self.compute_models.VirtualMachineScaleSetManagedDiskParameters(storage_account_type=self.managed_disk_type) + if self.security_group: + nsg = self.parse_nsg() + if nsg: + self.security_group = self.network_models.NetworkSecurityGroup(id=nsg.get('id')) + vmss_resource = self.compute_models.VirtualMachineScaleSet( self.location, tags=self.tags, @@ -643,7 +668,9 @@ class AzureRMVirtualMachineScaleSet(AzureRMModuleBase): load_balancer_backend_address_pools=load_balancer_backend_address_pools, load_balancer_inbound_nat_pools=load_balancer_inbound_nat_pools ) - ] + ], + enable_accelerated_networking=self.enable_accelerated_networking, + network_security_group=self.security_group ) ] ) @@ -854,6 +881,20 @@ class AzureRMVirtualMachineScaleSet(AzureRMModuleBase): return True return False + def parse_nsg(self): + nsg = self.security_group + resource_group = self.resource_group + if isinstance(self.security_group, dict): + nsg = self.security_group.get('name') + resource_group = self.security_group.get('resource_group', self.resource_group) + id = format_resource_id(val=nsg, + subscription_id=self.subscription_id, + namespace='Microsoft.Network', + types='networkSecurityGroups', + resource_group=resource_group) + name = azure_id_to_dict(id).get('name') + return dict(id=id, name=name) + def main(): AzureRMVirtualMachineScaleSet() diff --git a/test/integration/targets/azure_rm_virtualmachine_scaleset/tasks/main.yml b/test/integration/targets/azure_rm_virtualmachine_scaleset/tasks/main.yml index 4502dfd25d..1ae6ebab9c 100644 --- a/test/integration/targets/azure_rm_virtualmachine_scaleset/tasks/main.yml +++ b/test/integration/targets/azure_rm_virtualmachine_scaleset/tasks/main.yml @@ -28,6 +28,16 @@ name: testLB public_ip_address_name: testPublicIP +- name: Create network security group within same resource group of VMSS. + azure_rm_securitygroup: + resource_group: "{{ resource_group }}" + name: testNetworkSecurityGroup + +- name: Create network security group in different resource group of VMSS. + azure_rm_securitygroup: + resource_group: "{{ resource_group_secondary }}" + name: testNetworkSecurityGroup2 + - name: Create VMSS azure_rm_virtualmachine_scaleset: resource_group: "{{ resource_group }}" @@ -132,23 +142,12 @@ state: absent remove_on_absent: ['all'] vm_size: Standard_DS1_v2 - admin_username: testuser capacity: 2 - virtual_network_name: testVnet - subnet_name: testSubnet - upgrade_policy: Manual - tier: Standard - os_disk_caching: ReadWrite image: offer: CoreOS publisher: CoreOS sku: Stable version: latest - data_disks: - - lun: 0 - disk_size_gb: 64 - caching: ReadWrite - managed_disk_type: Standard_LRS - name: Create VMSS (check mode) azure_rm_virtualmachine_scaleset: @@ -183,7 +182,7 @@ assert: that: results.changed -- name: Create VMSS (check mode) +- name: Create VMSS azure_rm_virtualmachine_scaleset: resource_group: "{{ resource_group }}" name: testVMSS{{ rpfx }}1 @@ -222,23 +221,186 @@ state: absent remove_on_absent: ['all'] vm_size: Standard_DS1_v2 - admin_username: testuser capacity: 2 - virtual_network_name: testVnet - subnet_name: testSubnet - upgrade_policy: Manual - tier: Standard - os_disk_caching: ReadWrite image: offer: CoreOS publisher: CoreOS sku: Stable version: latest - data_disks: - - lun: 0 - disk_size_gb: 64 - caching: ReadWrite - managed_disk_type: Standard_LRS + +- name: Create VMSS with security group in same resource group, with accelerated networking(check mode). + azure_rm_virtualmachine_scaleset: + resource_group: "{{ resource_group }}" + name: testVMSS{{ rpfx }}2 + vm_size: Standard_D3_v2 + capacity: 1 + virtual_network_name: testVnet + subnet_name: testSubnet + admin_username: testuser + ssh_password_enabled: true + admin_password: "Password1234!" + image: + offer: CoreOS + publisher: CoreOS + sku: Stable + version: latest + upgrade_policy: Manual + security_group: testNetworkSecurityGroup + enable_accelerated_networking: yes + register: results + check_mode: yes + +- name: Assert that VMSS can be created + assert: + that: results.changed + +- name: Create VMSS with security group in same resource group, with accelerated networking. + azure_rm_virtualmachine_scaleset: + resource_group: "{{ resource_group }}" + name: testVMSS{{ rpfx }}2 + vm_size: Standard_D3_v2 + capacity: 1 + virtual_network_name: testVnet + subnet_name: testSubnet + admin_username: testuser + ssh_password_enabled: true + admin_password: "Password1234!" + image: + offer: CoreOS + publisher: CoreOS + sku: Stable + version: latest + upgrade_policy: Manual + security_group: testNetworkSecurityGroup + enable_accelerated_networking: yes + register: results + +- name: Assert that VMSS ran + assert: + that: + - 'results.changed' + - 'results.ansible_facts.azure_vmss.properties.virtualMachineProfile.networkProfile.networkInterfaceConfigurations.0.properties.enableAcceleratedNetworking == true' + - 'results.ansible_facts.azure_vmss.properties.virtualMachineProfile.networkProfile.networkInterfaceConfigurations.0.properties.networkSecurityGroup != {}' + +- name: Delete VMSS + azure_rm_virtualmachine_scaleset: + resource_group: "{{ resource_group }}" + name: testVMSS{{ rpfx }}2 + state: absent + remove_on_absent: ['all'] + vm_size: Standard_D3_v2 + capacity: 1 + image: + offer: CoreOS + publisher: CoreOS + sku: Stable + version: latest + +- name: Create VMSS with security group in different resource group(check mode). + azure_rm_virtualmachine_scaleset: + resource_group: "{{ resource_group }}" + name: testVMSS{{ rpfx }}3 + vm_size: Standard_DS1_v2 + capacity: 1 + virtual_network_name: testVnet + subnet_name: testSubnet + admin_username: testuser + ssh_password_enabled: true + admin_password: "Password1234!" + image: + offer: CoreOS + publisher: CoreOS + sku: Stable + version: latest + upgrade_policy: Manual + security_group: + name: testNetworkSecurityGroup2 + resource_group: "{{ resource_group_secondary }}" + register: results + check_mode: yes + +- name: Assert that VMSS ran + assert: + that: results.changed + +- name: Create VMSS with security group in different resource group. + azure_rm_virtualmachine_scaleset: + resource_group: "{{ resource_group }}" + name: testVMSS{{ rpfx }}3 + vm_size: Standard_DS1_v2 + capacity: 1 + virtual_network_name: testVnet + subnet_name: testSubnet + admin_username: testuser + ssh_password_enabled: true + admin_password: "Password1234!" + image: + offer: CoreOS + publisher: CoreOS + sku: Stable + version: latest + upgrade_policy: Manual + security_group: + name: testNetworkSecurityGroup2 + resource_group: "{{ resource_group_secondary }}" + register: results + +- name: Assert that VMSS ran + assert: + that: + - 'results.changed' + - '"testNetworkSecurityGroup2" in results.ansible_facts.azure_vmss.properties.virtualMachineProfile.networkProfile.networkInterfaceConfigurations.0.properties.networkSecurityGroup.id' + +- name: Delete VMSS + azure_rm_virtualmachine_scaleset: + resource_group: "{{ resource_group }}" + name: testVMSS{{ rpfx }}3 + state: absent + remove_on_absent: ['all'] + vm_size: Standard_DS1_v2 + capacity: 1 + image: + offer: CoreOS + publisher: CoreOS + sku: Stable + version: latest + +- name: Fail when instance type is not supported to enable accelerated networking + azure_rm_virtualmachine_scaleset: + resource_group: "{{ resource_group }}" + name: testVMSS{{ rpfx }}4 + vm_size: Standard_DS1_v2 + virtual_network_name: testVnet + subnet_name: testSubnet + admin_username: testuser + ssh_password_enabled: true + admin_password: "Password1234!" + image: + offer: CoreOS + publisher: CoreOS + sku: Stable + version: latest + upgrade_policy: Manual + enable_accelerated_networking: yes + register: results + ignore_errors: yes + +- name: Assert failure to show that accelerated networking is enabled only with supported instance types. + assert: + that: + - '"VMSizeIsNotPermittedToEnableAcceleratedNetworkingForVmss" in results.msg' + +- name: Delete network security group + azure_rm_securitygroup: + resource_group: "{{ resource_group }}" + name: testNetworkSecurityGroup + state: absent + +- name: Delete network security group + azure_rm_securitygroup: + resource_group: "{{ resource_group_secondary }}" + name: testNetworkSecurityGroup2 + state: absent - name: Delete load balancer azure_rm_loadbalancer: @@ -302,4 +464,4 @@ image: name: invalid-image register: fail_missing_custom_image_dict - failed_when: fail_missing_custom_image_dict.msg != "Error could not find image with name invalid-image" \ No newline at end of file + failed_when: fail_missing_custom_image_dict.msg != "Error could not find image with name invalid-image"