You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A general understanding CAT development and definitions
Refer to the guide documentation for details SS Guides
The admin, ss_designer & ss_end_user roles, in a RightScale account with SelfService enabled. admin is needed to retrieved the RightScale Credential values identified below.
The following RightScale Credentials
NSX_USER
NSX_PASSWORD
J2XRP
This is a JSON to XML payload conversion service. It's required to workaround a limitation in Self-Service Plugins which doesn't support sending an XML body which NSX expects.
Be sure to put the instance on a network which can reach the NSX Manager.
REGEXP should be the https://<nsx manager ip>
SERVER should be the https://<nsx manager ip>:<port>
Create the required RightScale credentials.
Create RightScale Credentials with values that match the NSX User (Credential name: NSX_USER) & NSX Password (Credential name: NSX_PASSWORD) that will be used by Self-Service to interact with NSX. This user must have permissions required by the CloudApplication.
Update the default_host and path of the nsx_plugin.cat.rb to include the host where j2xrp resides and the _token value generated in the wstunnel setup.
In the Design section, use the Upload CAT interface to complete the following:
Upload each of packages listed in the Requirements Section
Upload the nsx_plugin.cat.rb file located in this repository
How to Use
The VMWare NSX Plugin has been packaged as plugins/nsx. In order to use this plugin you must import this plugin into a CAT.
import"plugins/nsx"
For more information on using packages, please refer to the RightScale online documentation. Importing a Package
VMWare NSX resources can now be created by specifying a resource declaration with the desired fields. See the Supported Actions section for a full list of supported actions.
The resulting resource can be manipulated just like the native RightScale resources in RCL and CAT. See the Examples Section for more examples and complete CAT's.
Supported Resources
firewall_layer3rule (rules)
application
Usage
See the examples directory within this repo to see specific examples for various resource types.
permission"read_credentials"doactions"rs_cm.show_sensitive","rs_cm.index_sensitive"resources"rs_cm.credentials"endparameter'stack_name'dolabel'Name'description'The name of the stack. Will prepend to resources.'category'NSX FW Demo'type'string'min_length2default"fw-demo"endresource'stack_security_tag',type: 'nsx.security_tag'do# Tag to be applied to web1 dynamically associates it with web1_security_groupnamejoin([$stack_name,"-","stack-st"])descriptionjoin(["stack_security_tag for ",$stack_name,"."])endresource'stack_security_group',type: 'nsx.security_group'do# Security Group composed of web1_security_tag instances used in firewall rulesnamejoin([$stack_name,"-","stack-sg"])descriptionjoin(["stack_security_group for ",$stack_name,"."])dynamicMemberDefinitiondo{'dynamicSet'=>{'operator'=>'OR','dynamicCriteria'=>{'operator'=>'OR','key'=>'ENTITY','criteria'=>'belongs_to','value'=>@stack_security_tag.objectId}}}endend
Resources
security_group
Supported Fields
Field Name
Required?
Description
name
Yes
Name of the resource.
description
No
Description for the resource.
scope
Yes
For the scopeId use globalroot-0 for non-universal security groups and universalroot-0 for universal security groups.
isUniversal
Yes
Set to true when creating a universal Security Group.
Firewall manipulation with this plugin happens at a global level. Make sure your rules are setup disallow all unwanted traffic (default deny) prior to using this plugin to avoid undesirable behavior.
It recommended to group CloudApp firewall rules grouped using firewall layer sections.
The NSX API doesn't provide enough information for Self-Service to identify a Rule as a resource. They can be created using a resource block but will not be listed as a resource nor can they be manipulated after creation. Deletion of the firewall section will remove the rule on termination if you are following the implementation notes.
Layer2Sections has not been fully implemented due to a limitation in NSX API which doesn't allow Self-Service to distinguish between a layer2 and a layer3 resource. It's possible to use either, but not both at the same time. A future update will correct this limitation.
License
The VMWare NSX Plugin source code is subject to the MIT license, see the LICENSE file.