Nutanix.dev

Nutanix Calm DSL – Managing Projects

Nutanix Calm DSL - Managing Projects

Table of Contents

Until now, Nutanix Nutanix Calm DSLCalm DSL articles on Nutanix.dev have focused on the management of relatively specific entity types. In most cases, the Calm DSL has been used to manage virtual machines. They are, after all, the most common entity type in virtualisation environments (in my opinion, at least). To look at those, here are some of the articles you may want to go through at your leisure.

However, in an enterprise environment there will likely be a requirement for slightly more fine-grained control than just “Hey, here’s a VM – anyone can manage it.” In an environment where the virtualisation functionality is managed by Nutanix products, controlling access is often done by manipulating projects. This is especially true when speaking about Nutanix Calm, since all blueprint deployments will be tightly coupled with a specific project. This allows control of, amongst other things:

  • VM resource quotas
  • Where an application can run e.g. Nutanix AHV or AWS
  • What networks a VM can connect to e.g. “network A” or “network B” (names chosen for the sake of example only)

As of early-mid August 2020, the Nutanix Calm DSL can now manage projects, meaning it’s getting even easier to deploy an entire environment using nothing but the Calm DSL. Let’s look at how to do that.

An existing project

First, take a look at the screenshot below. This is the “default” project in my development Prism Central instance. It shows a number of user accounts, the cluster that exposes subnets the project is allowed to connect to and various provider types that applications can be deployed to. For the purposes of today’s article, those are the only settings you need to be concerned with as we can configure those and start deploying apps.

Screenshot of ‘default’ project in a Nutanix Prism Central instance

Creating Projects with the Calm DSL

All Nutanix Calm DSL commands so far have followed a clearly prescribed format – projects are no different. For example, we can use the “project” and “projects” commands to work with … wait for it … projects. That sounds like a tounge-in-cheek thing to say, but thinking about it logically it is clear the Calm DSL engineering team has made very sure the Calm DSL is easy to use no matter what entity you’re working with.

Listing Projects

First, let’s take a look and see which projects are already available in our development cluster. Please note this particular development cluster is used by quite a few of my colleagues, so please excuse all the hidden project names!

calm get projects

By running this command, it’s easy to see this Prism Central instance has a number of different projects, most likely created for customer demos, testing and other development work. The main things to notice, however, are that the “default” project and another project named “test_project” are also available.

Listing all projects currently registered against the configured Prism Central instance

Similarly, a specific project can be described in more detail as follows:

calm describe project [project_name]

An existing project in this named named “BK-Demo-Project” produces the following output.

Output from “calm describe project BK-Demo-Project”

In this environment, “test_project” was created by the Nutanix Calm DSL – let’s see how. Please note project names must be unique – I will delete the project from my demo environment before running these commands again.

The project file

The for creating a project looks like this:

calm create project --file [project_python_file] --name [project_name] --description [project_description]

The key part of that statement is [project_file]. That file describes project-specific settings such as user accounts and groups to assign to the project i.e. the settings outlined earlier in this article. The project file used in today’s article is as follows.

from calm.dsl.builtins import Project
from calm.dsl.builtins import Provider, Ref


ACCOUNT = "NTNX_LOCAL_AZ"
SUBNET = "vlan.0"
CLUSTER = "Galactica"
USER = "jane.doe@ntnx.local"
GROUP = "cn=sspadmins,cn=users,dc=ntnx,dc=local"
VCPUS = 1
STORAGE = 2  # GiB
MEMORY = 1  # GiB


class TestDemoProject(Project):
    """Project created by the Calm DSL"""

    providers = [
        Provider.Ntnx(
            account=Ref.Account(ACCOUNT),
            subnets=[Ref.Subnet(name=SUBNET, cluster=CLUSTER)],
        ),
    ]

    users = [
        Ref.User(name=USER),
    ]

    groups = [Ref.Group(name=GROUP)]

    quotas = {"vcpus": VCPUS, "storage": STORAGE, "memory": MEMORY}

The key things to note are:

  • The project file starts by importing the required Python modules
  • A collection of variables are defined:
    • The account to use
    • Allowed subnet i.e. vlan.0
    • Allowed AD user account i.e. jane.doe@ntnx.local
    • Allowed AD user group i.e. sspadmins
    • The resources that can be consumed by the project
  • The project definition itself is then defined by using all the specific settings above

Creating the new project

Following the command syntax above, the project can now be created by using the command below.

calm create project --file test_project.py --name "test_project" --description "created by the calm dsl"

As expected, the Python project file will be parsed and the project created.

Creating a project using the Nutanix Calm DSL

And the results, when the new project is described using “calm describe project test_project“:

Results of running “calm describe project test_project”

Testing the new project

With “test_project” now created, the Calm DSL can be used with it as normal. For example, I have a decompiled blueprint named “SingleVM” on my development system and can use the Calm DSL to create a blueprint in Prism Central.

But wait! The Calm DSL isn’t currently configured to use our new project! Why? Up until this point, the Calm DSL has been configured to use the “default” project. This is a setting that gets defined while telling the Calm DSL which Prism Central instance to use. For full details please see Introducing the Nutanix Calm DSL, but for this article we can set the project on its own by running the following command:

calm set config --project test_project

Following the completion of this command, the new project is ready to be used.

Setting the project to use with the Calm DSL

Now the blueprint can be created:

calm create bp --file ./SingleVM/blueprint.py

And the results, as expected:

Using the Calm DSL to create a blueprint that is assigned to our new “test_project”

Wrapping Up

In today’s article we looked at how to create Calm projects using the Nutanix Calm DSL. This forms a key part of programmatically configuring an entire environment to work with Nutanix Calm.

In the next article, we’ll look at how Access Control Policies (ACPs) can be used to control project even further by defining “who can do what”.

Thanks for reading and have a great day! 🙂

© 2024 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.