Support for accelerated networking and network security group for scaleset vms (#34788)

* Support for accelerated networking and network security group for scaleset vms

lib/ansible/modules/cloud/azure/azure_rm_virtualmachine_scaleset.py

@@ -183,6 +183,20 @@ options:
             - "It can be 'all' or a list with any of the following: ['network_interfaces', 'virtual_storage', 'public_ips']."
             - Any other input will be ignored.
         default: ['all']
+    enable_accelerated_networking:
+        description:
+            - Indicates whether user wants to allow accelerated networking for virtual machines in scaleset being created.
+        version_added: "2.7"
+        type: bool
+    security_group:
+        description:
+            - Existing security group with which to associate the subnet.
+            - It can be the security group name which is in the same resource group.
+            - It can be the resource Id.
+            - It can be a dict which contains C(name) and C(resource_group) of the security group.
+        version_added: "2.7"
+        aliases:
+            - security_group_name
 
 extends_documentation_fragment:
     - azure
@@ -351,7 +365,7 @@ except ImportError:
     # This is handled in azure_rm_common
     pass
 
-from ansible.module_utils.azure_rm_common import AzureRMModuleBase, azure_id_to_dict
+from ansible.module_utils.azure_rm_common import AzureRMModuleBase, azure_id_to_dict, format_resource_id
 
 
 AZURE_OBJECT_CLASS = 'VirtualMachineScaleSet'
@@ -388,6 +402,8 @@ class AzureRMVirtualMachineScaleSet(AzureRMModuleBase):
             virtual_network_resource_group=dict(type='str'),
             virtual_network_name=dict(type='str', aliases=['virtual_network']),
             remove_on_absent=dict(type='list', default=['all']),
+            enable_accelerated_networking=dict(type='bool'),
+            security_group=dict(type='raw', aliases=['security_group_name'])
         )
 
         self.resource_group = None
@@ -414,6 +430,8 @@ class AzureRMVirtualMachineScaleSet(AzureRMModuleBase):
         self.tags = None
         self.differences = None
         self.load_balancer = None
+        self.enable_accelerated_networking = None
+        self.security_group = None
 
         self.results = dict(
             changed=False,
@@ -428,6 +446,8 @@ class AzureRMVirtualMachineScaleSet(AzureRMModuleBase):
 
     def exec_module(self, **kwargs):
 
+        nsg = None
+
         for key in list(self.module_arg_spec.keys()) + ['tags']:
             setattr(self, key, kwargs[key])
 
@@ -604,6 +624,11 @@ class AzureRMVirtualMachineScaleSet(AzureRMModuleBase):
 
                     managed_disk = self.compute_models.VirtualMachineScaleSetManagedDiskParameters(storage_account_type=self.managed_disk_type)
 
+                    if self.security_group:
+                        nsg = self.parse_nsg()
+                        if nsg:
+                            self.security_group = self.network_models.NetworkSecurityGroup(id=nsg.get('id'))
+
                     vmss_resource = self.compute_models.VirtualMachineScaleSet(
                         self.location,
                         tags=self.tags,
@@ -643,7 +668,9 @@ class AzureRMVirtualMachineScaleSet(AzureRMModuleBase):
                                                 load_balancer_backend_address_pools=load_balancer_backend_address_pools,
                                                 load_balancer_inbound_nat_pools=load_balancer_inbound_nat_pools
                                             )
-                                        ]
+                                        ],
+                                        enable_accelerated_networking=self.enable_accelerated_networking,
+                                        network_security_group=self.security_group
                                     )
                                 ]
                             )
@@ -854,6 +881,20 @@ class AzureRMVirtualMachineScaleSet(AzureRMModuleBase):
                 return True
         return False
 
+    def parse_nsg(self):
+        nsg = self.security_group
+        resource_group = self.resource_group
+        if isinstance(self.security_group, dict):
+            nsg = self.security_group.get('name')
+            resource_group = self.security_group.get('resource_group', self.resource_group)
+        id = format_resource_id(val=nsg,
+                                subscription_id=self.subscription_id,
+                                namespace='Microsoft.Network',
+                                types='networkSecurityGroups',
+                                resource_group=resource_group)
+        name = azure_id_to_dict(id).get('name')
+        return dict(id=id, name=name)
+
 
 def main():
     AzureRMVirtualMachineScaleSet()

test/integration/targets/azure_rm_virtualmachine_scaleset/tasks/main.yml

@@ -28,6 +28,16 @@
     name: testLB
     public_ip_address_name: testPublicIP
 
+- name: Create network security group within same resource group of VMSS.
+  azure_rm_securitygroup:
+    resource_group: "{{ resource_group }}"
+    name: testNetworkSecurityGroup
+
+- name: Create network security group in different resource group of VMSS.
+  azure_rm_securitygroup:
+    resource_group: "{{ resource_group_secondary }}"
+    name: testNetworkSecurityGroup2
+
 - name: Create VMSS
   azure_rm_virtualmachine_scaleset:
     resource_group: "{{ resource_group }}"
@@ -132,23 +142,12 @@
     state: absent
     remove_on_absent: ['all']
     vm_size: Standard_DS1_v2
-    admin_username: testuser
     capacity: 2
-    virtual_network_name: testVnet
-    subnet_name: testSubnet
-    upgrade_policy: Manual
-    tier: Standard
-    os_disk_caching: ReadWrite
     image:
       offer: CoreOS
       publisher: CoreOS
       sku: Stable
       version: latest
-    data_disks:
-      - lun: 0
-        disk_size_gb: 64
-        caching: ReadWrite
-        managed_disk_type: Standard_LRS
 
 - name: Create VMSS (check mode)
   azure_rm_virtualmachine_scaleset:
@@ -183,7 +182,7 @@
   assert:
     that: results.changed
 
-- name: Create VMSS (check mode)
+- name: Create VMSS
   azure_rm_virtualmachine_scaleset:
     resource_group: "{{ resource_group }}"
     name: testVMSS{{ rpfx }}1
@@ -222,23 +221,186 @@
     state: absent
     remove_on_absent: ['all']
     vm_size: Standard_DS1_v2
-    admin_username: testuser
     capacity: 2
+    image:
+      offer: CoreOS
+      publisher: CoreOS
+      sku: Stable
+      version: latest
+
+- name: Create VMSS with security group in same resource group, with accelerated networking(check mode).
+  azure_rm_virtualmachine_scaleset:
+    resource_group: "{{ resource_group }}"
+    name: testVMSS{{ rpfx }}2
+    vm_size: Standard_D3_v2
+    capacity: 1
     virtual_network_name: testVnet
     subnet_name: testSubnet
+    admin_username: testuser
+    ssh_password_enabled: true
+    admin_password: "Password1234!"
+    image:
+      offer: CoreOS
+      publisher: CoreOS
+      sku: Stable
+      version: latest
     upgrade_policy: Manual
-    tier: Standard
-    os_disk_caching: ReadWrite
+    security_group: testNetworkSecurityGroup
+    enable_accelerated_networking: yes
+  register: results
+  check_mode: yes
+
+- name: Assert that VMSS can be created
+  assert:
+    that: results.changed
+
+- name: Create VMSS with security group in same resource group, with accelerated networking.
+  azure_rm_virtualmachine_scaleset:
+    resource_group: "{{ resource_group }}"
+    name: testVMSS{{ rpfx }}2
+    vm_size: Standard_D3_v2
+    capacity: 1
+    virtual_network_name: testVnet
+    subnet_name: testSubnet
+    admin_username: testuser
+    ssh_password_enabled: true
+    admin_password: "Password1234!"
     image:
       offer: CoreOS
       publisher: CoreOS
       sku: Stable
       version: latest
-    data_disks:
-      - lun: 0
-        disk_size_gb: 64
-        caching: ReadWrite
-        managed_disk_type: Standard_LRS
+    upgrade_policy: Manual
+    security_group: testNetworkSecurityGroup
+    enable_accelerated_networking: yes
+  register: results
+
+- name: Assert that VMSS ran
+  assert:
+    that:
+      - 'results.changed'
+      - 'results.ansible_facts.azure_vmss.properties.virtualMachineProfile.networkProfile.networkInterfaceConfigurations.0.properties.enableAcceleratedNetworking == true'
+      - 'results.ansible_facts.azure_vmss.properties.virtualMachineProfile.networkProfile.networkInterfaceConfigurations.0.properties.networkSecurityGroup != {}'
+
+- name: Delete VMSS
+  azure_rm_virtualmachine_scaleset:
+    resource_group: "{{ resource_group }}"
+    name: testVMSS{{ rpfx }}2
+    state: absent
+    remove_on_absent: ['all']
+    vm_size: Standard_D3_v2
+    capacity: 1
+    image:
+      offer: CoreOS
+      publisher: CoreOS
+      sku: Stable
+      version: latest
+
+- name: Create VMSS with security group in different resource group(check mode).
+  azure_rm_virtualmachine_scaleset:
+    resource_group: "{{ resource_group }}"
+    name: testVMSS{{ rpfx }}3
+    vm_size: Standard_DS1_v2
+    capacity: 1
+    virtual_network_name: testVnet
+    subnet_name: testSubnet
+    admin_username: testuser
+    ssh_password_enabled: true
+    admin_password: "Password1234!"
+    image:
+      offer: CoreOS
+      publisher: CoreOS
+      sku: Stable
+      version: latest
+    upgrade_policy: Manual
+    security_group:
+      name: testNetworkSecurityGroup2
+      resource_group: "{{ resource_group_secondary }}"
+  register: results
+  check_mode: yes
+
+- name: Assert that VMSS ran
+  assert:
+    that: results.changed
+
+- name: Create VMSS with security group in different resource group.
+  azure_rm_virtualmachine_scaleset:
+    resource_group: "{{ resource_group }}"
+    name: testVMSS{{ rpfx }}3
+    vm_size: Standard_DS1_v2
+    capacity: 1
+    virtual_network_name: testVnet
+    subnet_name: testSubnet
+    admin_username: testuser
+    ssh_password_enabled: true
+    admin_password: "Password1234!"
+    image:
+      offer: CoreOS
+      publisher: CoreOS
+      sku: Stable
+      version: latest
+    upgrade_policy: Manual
+    security_group:
+      name: testNetworkSecurityGroup2
+      resource_group: "{{ resource_group_secondary }}"
+  register: results
+
+- name: Assert that VMSS ran
+  assert:
+    that:
+      - 'results.changed'
+      - '"testNetworkSecurityGroup2" in results.ansible_facts.azure_vmss.properties.virtualMachineProfile.networkProfile.networkInterfaceConfigurations.0.properties.networkSecurityGroup.id'
+
+- name: Delete VMSS
+  azure_rm_virtualmachine_scaleset:
+    resource_group: "{{ resource_group }}"
+    name: testVMSS{{ rpfx }}3
+    state: absent
+    remove_on_absent: ['all']
+    vm_size: Standard_DS1_v2
+    capacity: 1
+    image:
+      offer: CoreOS
+      publisher: CoreOS
+      sku: Stable
+      version: latest
+
+- name: Fail when instance type is not supported to enable accelerated networking
+  azure_rm_virtualmachine_scaleset:
+    resource_group: "{{ resource_group }}"
+    name: testVMSS{{ rpfx }}4
+    vm_size: Standard_DS1_v2
+    virtual_network_name: testVnet
+    subnet_name: testSubnet
+    admin_username: testuser
+    ssh_password_enabled: true
+    admin_password: "Password1234!"
+    image:
+      offer: CoreOS
+      publisher: CoreOS
+      sku: Stable
+      version: latest
+    upgrade_policy: Manual
+    enable_accelerated_networking: yes
+  register: results
+  ignore_errors: yes
+
+- name: Assert failure to show that accelerated networking is enabled only with supported instance types.
+  assert:
+    that:
+      - '"VMSizeIsNotPermittedToEnableAcceleratedNetworkingForVmss" in results.msg'
+
+- name: Delete network security group
+  azure_rm_securitygroup:
+    resource_group: "{{ resource_group }}"
+    name: testNetworkSecurityGroup
+    state: absent
+
+- name: Delete network security group
+  azure_rm_securitygroup:
+    resource_group: "{{ resource_group_secondary }}"
+    name: testNetworkSecurityGroup2
+    state: absent
 
 - name: Delete load balancer
   azure_rm_loadbalancer: