W3cubDocs

/Ansible

community.vmware.vmware_dvs_portgroup – Create or remove a Distributed vSwitch portgroup.

Note

This plugin is part of the community.vmware collection (version 1.15.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.vmware.

To use it in a playbook, specify: community.vmware.vmware_dvs_portgroup.

Synopsis

  • Create or remove a Distributed vSwitch portgroup.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6
  • PyVmomi

Parameters

Parameter Choices/Defaults Comments
hostname
string
The hostname or IP address of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable VMWARE_HOST will be used instead.
Environment variable support added in Ansible 2.6.
mac_learning
dictionary
added in 1.10.0 of community.vmware
Dictionary which configures MAC learning for portgroup.
allow_unicast_flooding
boolean
    Choices:
  • no
  • yes
The flag to allow flooding of unlearned MAC for ingress traffic.
enabled
boolean
    Choices:
  • no
  • yes
The flag to indicate if source MAC address learning is allowed.
limit
integer
The maximum number of MAC addresses that can be learned.
limit_policy
string
    Choices:
  • allow
  • drop
The default switching policy after MAC limit is exceeded.
network_policy
dictionary
Default:
{"forged_transmits": false, "mac_changes": false, "promiscuous": false}
Dictionary which configures the different security values for portgroup.
forged_transmits
boolean
    Choices:
  • no
  • yes
Indicates whether forged transmits are allowed.
mac_changes
boolean
    Choices:
  • no
  • yes
Indicates whether mac changes are allowed.
promiscuous
boolean
    Choices:
  • no
  • yes
Indicates whether promiscuous mode is allowed.
num_ports
integer
The number of ports the portgroup should contain.
password
string
The password of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable VMWARE_PASSWORD will be used instead.
Environment variable support added in Ansible 2.6.

aliases: pass, pwd
port
integer
Default:
443
The port number of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable VMWARE_PORT will be used instead.
Environment variable support added in Ansible 2.6.
port_allocation
string
added in 1.10.0 of community.vmware
    Choices:
  • elastic
  • fixed
Elastic port groups automatically increase or decrease the number of ports as needed.
Only valid if port_binding is set to static.
Will be elastic if not specified and port_binding is set to static.
port_binding
string
added in 1.10.0 of community.vmware
    Choices:
  • static
  • ephemeral
The type of port binding determines when ports in a port group are assigned to virtual machines.
See VMware KB 1022312 https://kb.vmware.com/s/article/1022312 for more details.
port_policy
dictionary
Default:
{"block_override": true, "ipfix_override": false, "live_port_move": false, "network_rp_override": false, "port_config_reset_at_disconnect": true, "security_override": false, "shaping_override": false, "traffic_filter_override": false, "uplink_teaming_override": false, "vendor_config_override": false, "vlan_override": false}
Dictionary which configures the advanced policy settings for the portgroup.
block_override
boolean
    Choices:
  • no
  • yes
Indicates if the block policy can be changed per port.
ipfix_override
boolean
    Choices:
  • no
  • yes
Indicates if the ipfix policy can be changed per port.
live_port_move
boolean
    Choices:
  • no
  • yes
Indicates if a live port can be moved in or out of the portgroup.
network_rp_override
boolean
    Choices:
  • no
  • yes
Indicates if the network resource pool can be changed per port.
port_config_reset_at_disconnect
boolean
    Choices:
  • no
  • yes
Indicates if the configuration of a port is reset automatically after disconnect.
security_override
boolean
    Choices:
  • no
  • yes
Indicates if the security policy can be changed per port.
shaping_override
boolean
    Choices:
  • no
  • yes
Indicates if the shaping policy can be changed per port.
traffic_filter_override
boolean
    Choices:
  • no
  • yes
Indicates if the traffic filter can be changed per port.
uplink_teaming_override
boolean
    Choices:
  • no
  • yes
Indicates if the uplink teaming policy can be changed per port.
vendor_config_override
boolean
    Choices:
  • no
  • yes
Indicates if the vendor config can be changed per port.
vlan_override
boolean
    Choices:
  • no
  • yes
Indicates if the vlan can be changed per port.
portgroup_name
string / required
The name of the portgroup that is to be created or deleted.
portgroup_type
string
    Choices:
  • earlyBinding
  • lateBinding
  • ephemeral
See VMware KB 1022312 regarding portgroup types.
Deprecated. Will be removed 2021-12-01.
proxy_host
string
Address of a proxy that will receive all HTTPS requests and relay them.
The format is a hostname or a IP.
If the value is not specified in the task, the value of environment variable VMWARE_PROXY_HOST will be used instead.
This feature depends on a version of pyvmomi greater than v6.7.1.2018.12
proxy_port
integer
Port of the HTTP proxy that will receive all HTTPS requests and relay them.
If the value is not specified in the task, the value of environment variable VMWARE_PROXY_PORT will be used instead.
state
string / required
    Choices:
  • present
  • absent
Determines if the portgroup should be present or not.
switch_name
string / required
The name of the distributed vSwitch the port group should be created on.
teaming_policy
dictionary
Default:
{"load_balance_policy": "loadbalance_srcid", "notify_switches": true, "rolling_order": false}
Dictionary which configures the different teaming values for portgroup.
active_uplinks
list / elements=string
added in 1.10.0 of community.vmware
List of active uplinks used for load balancing.
inbound_policy
boolean
    Choices:
  • no
  • yes
Indicate whether or not the teaming policy is applied to inbound frames as well.
load_balance_policy
string
    Choices:
  • loadbalance_ip
  • loadbalance_srcmac
  • loadbalance_srcid
  • loadbalance_loadbased
  • failover_explicit
Network adapter teaming policy.
loadbalance_loadbased is available from version 2.6 and onwards.
notify_switches
boolean
    Choices:
  • no
  • yes
Indicate whether or not to notify the physical switch if a link fails.
rolling_order
boolean
    Choices:
  • no
  • yes
Indicate whether or not to use a rolling policy when restoring links.
standby_uplinks
list / elements=string
added in 1.10.0 of community.vmware
List of standby uplinks used for failover.
username
string
The username of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable VMWARE_USER will be used instead.
Environment variable support added in Ansible 2.6.

aliases: admin, user
validate_certs
boolean
    Choices:
  • no
  • yes
Allows connection when SSL certificates are not valid. Set to false when certificates are not trusted.
If the value is not specified in the task, the value of environment variable VMWARE_VALIDATE_CERTS will be used instead.
Environment variable support added in Ansible 2.6.
If set to true, please make sure Python >= 2.7.9 is installed on the given machine.
vlan_id
string / required
The VLAN ID that should be configured with the portgroup, use 0 for no VLAN.
If vlan_trunk is configured to be true, this can be a combination of multiple ranges and numbers, example: 1-200, 205, 400-4094.
The valid vlan_id range is from 0 to 4094. Overlapping ranges are allowed.
If vlan_private is configured to be true, the corresponding private VLAN should already be configured in the distributed vSwitch.
vlan_private
boolean
    Choices:
  • no
  • yes
Indicates whether this is for a private VLAN or not.
Mutually exclusive with vlan_trunk parameter.
vlan_trunk
boolean
    Choices:
  • no
  • yes
Indicates whether this is a VLAN trunk or not.
Mutually exclusive with vlan_private parameter.

Notes

Note

  • Tested on vSphere 7.0
  • All modules requires API write access and hence is not supported on a free ESXi license.

Examples

- name: Create vlan portgroup
  community.vmware.vmware_dvs_portgroup:
    hostname: '{{ vcenter_hostname }}'
    username: '{{ vcenter_username }}'
    password: '{{ vcenter_password }}'
    portgroup_name: vlan-123-portrgoup
    switch_name: dvSwitch
    vlan_id: 123
    num_ports: 120
    port_binding: static
    state: present
  delegate_to: localhost

- name: Create vlan trunk portgroup
  community.vmware.vmware_dvs_portgroup:
    hostname: '{{ vcenter_hostname }}'
    username: '{{ vcenter_username }}'
    password: '{{ vcenter_password }}'
    portgroup_name: vlan-trunk-portrgoup
    switch_name: dvSwitch
    vlan_id: 1-1000, 1005, 1100-1200
    vlan_trunk: True
    num_ports: 120
    port_binding: static
    state: present
  delegate_to: localhost

- name: Create private vlan portgroup
  vmware_dvs_portgroup:
    hostname: '{{ vcenter_hostname }}'
    username: '{{ vcenter_username }}'
    password: '{{ vcenter_password }}'
    portgroup_name: private-vlan-portrgoup
    switch_name: dvSwitch
    vlan_id: 1001
    vlan_private: True
    num_ports: 120
    port_binding: static
    state: present
  delegate_to: localhost

- name: Create no-vlan portgroup
  community.vmware.vmware_dvs_portgroup:
    hostname: '{{ vcenter_hostname }}'
    username: '{{ vcenter_username }}'
    password: '{{ vcenter_password }}'
    portgroup_name: no-vlan-portrgoup
    switch_name: dvSwitch
    vlan_id: 0
    num_ports: 120
    port_binding: static
    state: present
  delegate_to: localhost

- name: Create vlan portgroup with all security and port policies
  community.vmware.vmware_dvs_portgroup:
    hostname: '{{ vcenter_hostname }}'
    username: '{{ vcenter_username }}'
    password: '{{ vcenter_password }}'
    portgroup_name: vlan-123-portrgoup
    switch_name: dvSwitch
    vlan_id: 123
    num_ports: 120
    port_binding: static
    state: present
    network_policy:
      promiscuous: true
      forged_transmits: true
      mac_changes: true
    port_policy:
      block_override: true
      ipfix_override: true
      live_port_move: true
      network_rp_override: true
      port_config_reset_at_disconnect: true
      security_override: true
      shaping_override: true
      traffic_filter_override: true
      uplink_teaming_override: true
      vendor_config_override: true
      vlan_override: true
  delegate_to: localhost

Authors

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/vmware/vmware_dvs_portgroup_module.html