|
| 1 | +# coding: utf-8 |
| 2 | +# Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved. |
| 3 | +# This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license. |
| 4 | + |
| 5 | +# This script demonstrates how to attach two Virtual Cloud Networks (VCN) to a single Dynamic Routing Gateway (DRG) to provide |
| 6 | +# inter-VCN network connectivity, and remove and add back export route distribution to a DRG Attachment |
| 7 | +# |
| 8 | +# This script accepts the following arguments: |
| 9 | +# |
| 10 | +# * The OCID of the compartment where resources will be created |
| 11 | +# * VCN 1 CIDR |
| 12 | +# * VCN 2 CIDR |
| 13 | +# |
| 14 | +# This script relies on the correct IAM policies already being in place for a given compartment ID. |
| 15 | +# Information on DRG: https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingDRGs.htm |
| 16 | +# Information on DrgAttachment API: https://docs.oracle.com/en-us/iaas/api/#/en/iaas/20160918/DrgAttachment |
| 17 | +# |
| 18 | + |
| 19 | +import oci |
| 20 | +import sys |
| 21 | + |
| 22 | + |
| 23 | +def create_vcn(vcn_name, virtual_network_client_composite_operations, compartment_id, cidr_block, vcn_dns_label): |
| 24 | + vcn = virtual_network_client_composite_operations.create_vcn_and_wait_for_state( |
| 25 | + oci.core.models.CreateVcnDetails( |
| 26 | + cidr_block=cidr_block, |
| 27 | + display_name=vcn_name, |
| 28 | + compartment_id=compartment_id, |
| 29 | + dns_label=vcn_dns_label |
| 30 | + ), |
| 31 | + [oci.core.models.Vcn.LIFECYCLE_STATE_AVAILABLE] |
| 32 | + ).data |
| 33 | + print('Created VCN') |
| 34 | + print('===============') |
| 35 | + print(vcn) |
| 36 | + print('\n') |
| 37 | + return vcn |
| 38 | + |
| 39 | + |
| 40 | +def create_drg(virtual_network_client, compartment_id): |
| 41 | + result = virtual_network_client.create_drg( |
| 42 | + oci.core.models.CreateDrgDetails( |
| 43 | + compartment_id=compartment_id, |
| 44 | + display_name='Python SDK Example DRG' |
| 45 | + ) |
| 46 | + ) |
| 47 | + drg = oci.wait_until( |
| 48 | + virtual_network_client, |
| 49 | + virtual_network_client.get_drg(result.data.id), |
| 50 | + 'lifecycle_state', |
| 51 | + 'AVAILABLE' |
| 52 | + ).data |
| 53 | + print('Created DRG') |
| 54 | + print('===============') |
| 55 | + print(drg) |
| 56 | + print('\n') |
| 57 | + return drg |
| 58 | + |
| 59 | + |
| 60 | +def create_drg_attachment(virtual_network_client, vcn, drg): |
| 61 | + result = virtual_network_client.create_drg_attachment( |
| 62 | + oci.core.models.CreateDrgAttachmentDetails( |
| 63 | + display_name='Python SDK Example DRG Attachment', |
| 64 | + vcn_id=vcn.id, |
| 65 | + drg_id=drg.id |
| 66 | + ) |
| 67 | + ) |
| 68 | + drg_attachment = oci.wait_until( |
| 69 | + virtual_network_client, |
| 70 | + virtual_network_client.get_drg_attachment(result.data.id), |
| 71 | + 'lifecycle_state', |
| 72 | + 'ATTACHED' |
| 73 | + ).data |
| 74 | + print('Created DRG Attachment') |
| 75 | + print('=========================') |
| 76 | + print(drg_attachment) |
| 77 | + print('\n') |
| 78 | + return drg_attachment |
| 79 | + |
| 80 | + |
| 81 | +# read oci config |
| 82 | +config = oci.config.from_file() |
| 83 | + |
| 84 | +# Create Virtual Network Client with configuration |
| 85 | +virtual_network_client = oci.core.VirtualNetworkClient(config) |
| 86 | + |
| 87 | +# Create Virtual Network Client with configuration for composite operations |
| 88 | +virtual_network_client_composite_operations = oci.core.VirtualNetworkClientCompositeOperations(virtual_network_client) |
| 89 | + |
| 90 | +if len(sys.argv) != 4: |
| 91 | + raise RuntimeError('This script expects three arguments: the compartment OCID and two VCN CIDRs') |
| 92 | + |
| 93 | +compartment_id = sys.argv[1] |
| 94 | +vcn1_cidr = sys.argv[2] |
| 95 | +vcn2_cidr = sys.argv[3] |
| 96 | + |
| 97 | +drg = None |
| 98 | +cpe = None |
| 99 | +drg_attachment_1 = None |
| 100 | +drg_attachment_2 = None |
| 101 | +vcn_1 = None |
| 102 | +vcn_2 = None |
| 103 | +ipsec = None |
| 104 | + |
| 105 | +try: |
| 106 | + print('Creating DRG.') |
| 107 | + drg = create_drg(virtual_network_client, compartment_id) |
| 108 | + |
| 109 | + print("Creating VCN 1.") |
| 110 | + vcn_1 = create_vcn("VCN 1", virtual_network_client_composite_operations, compartment_id, vcn1_cidr, 'dnslabel1') |
| 111 | + |
| 112 | + print("Creating DRG Attachment 1.") |
| 113 | + drg_attachment_1 = create_drg_attachment(virtual_network_client, vcn_1, drg) |
| 114 | + |
| 115 | + print("Creating VCN 2.") |
| 116 | + vcn_2 = create_vcn("VCN 2", virtual_network_client_composite_operations, compartment_id, vcn2_cidr, 'dnslabel2') |
| 117 | + |
| 118 | + print("Creating DRG Attachment 2.") |
| 119 | + drg_attachment_2 = create_drg_attachment(virtual_network_client, vcn_2, drg) |
| 120 | + |
| 121 | + print("Creating a new DRG route table.") |
| 122 | + drg_route_table_1 = virtual_network_client.create_drg_route_table( |
| 123 | + oci.core.models.CreateDrgRouteTableDetails( |
| 124 | + drg_id=drg.id |
| 125 | + ) |
| 126 | + ).data |
| 127 | + print(drg_route_table_1) |
| 128 | + print('\n') |
| 129 | + |
| 130 | + print("Assign the newly created DRG route table to drg attachment 1 (with VCN1).") |
| 131 | + virtual_network_client.update_drg_attachment( |
| 132 | + drg_attachment_id=drg_attachment_1.id, |
| 133 | + update_drg_attachment_details=oci.core.models.UpdateDrgAttachmentDetails( |
| 134 | + drg_route_table_id=drg_route_table_1.id |
| 135 | + ) |
| 136 | + ).data |
| 137 | + |
| 138 | + print("Add a static route rule pointing to attachment 2.") |
| 139 | + virtual_network_client.add_drg_route_rules( |
| 140 | + drg_route_table_id=drg_route_table_1.id, |
| 141 | + add_drg_route_rules_details=oci.core.models.AddDrgRouteRulesDetails( |
| 142 | + route_rules=[ |
| 143 | + { |
| 144 | + "destination": "192.168.250.0/24", |
| 145 | + "destinationType": "CIDR_BLOCK", |
| 146 | + "nextHopDrgAttachmentId": drg_attachment_2.id |
| 147 | + }] |
| 148 | + ) |
| 149 | + ) |
| 150 | + |
| 151 | + print("Creating Cpe.") |
| 152 | + cpe = virtual_network_client.create_cpe( |
| 153 | + create_cpe_details=oci.core.models.CreateCpeDetails( |
| 154 | + compartment_id=compartment_id, |
| 155 | + display_name="cpe_sample", |
| 156 | + ip_address="192.168.0.2" |
| 157 | + ) |
| 158 | + ).data |
| 159 | + print(cpe) |
| 160 | + print('\n') |
| 161 | + |
| 162 | + print("Creating IpSec connection.") |
| 163 | + ipsec = virtual_network_client_composite_operations.create_ip_sec_connection_and_wait_for_state( |
| 164 | + create_ip_sec_connection_details=oci.core.models.CreateIPSecConnectionDetails( |
| 165 | + compartment_id=compartment_id, |
| 166 | + display_name="ipsec_sample", |
| 167 | + cpe_id=cpe.id, |
| 168 | + drg_id=drg.id, |
| 169 | + static_routes=["192.168.1.0/24"] |
| 170 | + ), |
| 171 | + wait_for_states=[oci.core.models.IPSecConnection.LIFECYCLE_STATE_AVAILABLE] |
| 172 | + ).data |
| 173 | + print(ipsec) |
| 174 | + print('\n') |
| 175 | + |
| 176 | + print("Get the attachment for Ipsec tunnel.") |
| 177 | + attachments = virtual_network_client.list_drg_attachments( |
| 178 | + compartment_id=compartment_id, |
| 179 | + drg_id=drg.id, |
| 180 | + attachment_type="IPSEC_TUNNEL" |
| 181 | + ).data |
| 182 | + ipsec_attachment = attachments[0] |
| 183 | + |
| 184 | + print("Remove export route distribution.") |
| 185 | + export_route_distribution_id = ipsec_attachment.export_drg_route_distribution_id |
| 186 | + virtual_network_client.remove_export_drg_route_distribution( |
| 187 | + drg_attachment_id=ipsec_attachment.id |
| 188 | + ) |
| 189 | + |
| 190 | + print("Add the export route distribution back.") |
| 191 | + virtual_network_client.update_drg_attachment( |
| 192 | + drg_attachment_id=ipsec_attachment.id, |
| 193 | + update_drg_attachment_details=oci.core.models.UpdateDrgAttachmentDetails( |
| 194 | + export_drg_route_distribution_id=export_route_distribution_id |
| 195 | + ) |
| 196 | + ) |
| 197 | + |
| 198 | +finally: |
| 199 | + if ipsec is not None: |
| 200 | + print('Deleting Ipsec') |
| 201 | + virtual_network_client_composite_operations.delete_ip_sec_connection_and_wait_for_state( |
| 202 | + ipsc_id=ipsec.id, |
| 203 | + wait_for_states=[oci.core.models.IPSecConnection.LIFECYCLE_STATE_TERMINATED] |
| 204 | + ) |
| 205 | + |
| 206 | + if drg_attachment_1 is not None: |
| 207 | + print('Deleting Drg attachment 1') |
| 208 | + virtual_network_client_composite_operations.delete_drg_attachment_and_wait_for_state( |
| 209 | + drg_attachment_id=drg_attachment_1.id, |
| 210 | + wait_for_states=[oci.core.models.DrgAttachment.LIFECYCLE_STATE_DETACHED] |
| 211 | + ) |
| 212 | + |
| 213 | + if drg_attachment_2 is not None: |
| 214 | + print('Deleting Drg attachment 2') |
| 215 | + virtual_network_client_composite_operations.delete_drg_attachment_and_wait_for_state( |
| 216 | + drg_attachment_id=drg_attachment_2.id, |
| 217 | + wait_for_states=[oci.core.models.DrgAttachment.LIFECYCLE_STATE_DETACHED] |
| 218 | + ) |
| 219 | + |
| 220 | + if vcn_1 is not None: |
| 221 | + print('Deleting Vcn 1') |
| 222 | + virtual_network_client_composite_operations.delete_vcn_and_wait_for_state( |
| 223 | + vcn_id=vcn_1.id, |
| 224 | + wait_for_states=[oci.core.models.Vcn.LIFECYCLE_STATE_TERMINATED] |
| 225 | + ) |
| 226 | + |
| 227 | + if vcn_2 is not None: |
| 228 | + print('Deleting Vcn 2') |
| 229 | + virtual_network_client_composite_operations.delete_vcn_and_wait_for_state( |
| 230 | + vcn_id=vcn_2.id, |
| 231 | + wait_for_states=[oci.core.models.Vcn.LIFECYCLE_STATE_TERMINATED] |
| 232 | + ) |
| 233 | + |
| 234 | + if drg is not None: |
| 235 | + print('Deleting DRG') |
| 236 | + virtual_network_client_composite_operations.delete_drg_and_wait_for_state( |
| 237 | + drg_id=drg.id, |
| 238 | + wait_for_states=[oci.core.models.Drg.LIFECYCLE_STATE_TERMINATED] |
| 239 | + ) |
| 240 | + |
| 241 | + if cpe is not None: |
| 242 | + print('Deleting cpe') |
| 243 | + virtual_network_client.delete_cpe( |
| 244 | + cpe_id=cpe.id |
| 245 | + ) |
0 commit comments