def create_vrfs(delete=''):
vrf_df = pd.read_excel("input-data/ACI_DD_Workbook.xlsx",
sheet_name='VRFs')
file = open("VRF_Configuration.log", "w")
logon = apic_logon()
uniMo = logon.lookupByDn('uni')
for index, row in vrf_df.iterrows():
fvTenant = Tenant(uniMo, row['Tenant'])
if delete == 'yes':
fvCtx = Ctx(fvTenant, name=row['Name'], status='deleted')
else:
fvCtx = Ctx(fvTenant,
name=row['Name'],
pcEnfDir=row['Enforcement Direction'],
pcEndPref=row['Enforcement'],
description=row['Description'])
cfgRequest = ConfigRequest()
cfgRequest.addMo(fvCtx)
logon.commit(cfgRequest)
json_data = toJSONStr(fvCtx, prettyPrint=True)
file.write(
'\n-------------------------------------------------------------------\n'
)
file.write(json_data)
file.close()
def create_private_network(parent_mo, private_network, **args):
"""Create a Private Network. The private layer 3 network context that belongs to a specific tenant or is shared."""
args = args['optional_args'] if 'optional_args' in args.keys() else args
fv_ctx = Ctx(parent_mo,
private_network,
pcEnfPref=get_value(args, 'enforcement_preference',
DEFAULT_ENFORCEMENT_PREFERENCE))
if is_valid_key(args, 'dns_label'):
dns_lbl = Lbl(fv_ctx, args['dns_label'])
if is_valid_key(args, 'bgp_timers'):
fv_rsbgpctxpol = RsBgpCtxPol(fv_ctx,
tnBgpCtxPolName=args['bgp_timers'])
if is_valid_key(args, 'ospf_timers'):
fv_rsospfctxpol = RsOspfCtxPol(fv_ctx,
tnOspfCtxPolName=args['ospf_timers'])
if is_valid_key(args, 'bgp_timers'):
fv_rsctxmonpol = RsCtxMonPol(fv_ctx,
tnMonEPGPolName=args['monitoring_policy'])
return fv_ctx
def createVRF(md, tn, vrfname, desc):
tenant = 'uni/tn-' + tn
uniMo = md.lookupByDn(tenant)
fvCtxMo = Ctx(uniMo, name=vrfname, descr=desc)
cfgRequest = ConfigRequest()
cfgRequest.addMo(fvCtxMo)
md.commit(cfgRequest)
def add_private_l3_network(modir, tenant_name, private_l3_network):
"""Build a private L3 network"""
# Query a tenant
fv_tenant = modir.lookupByDn('uni/tn-' + tenant_name)
# create a private network
fv_ctx = Ctx(fv_tenant, private_l3_network)
print_query_xml(fv_tenant)
commit_change(modir, fv_tenant)
def create_vrf(logon_session,
tenant_name="Example_TN",
description="Description",
vrf_name=''):
from cobra.internal.codec.jsoncodec import toJSONStr
from cobra.model.fv import Tenant, RsTenantMonPol, Ctx, RsOspfCtxPol
from cobra.model.fv import RsCtxToExtRouteTagPol, RsBgpCtxPol, RsCtxToEpRet
from cobra.model.fv import RsBgpCtxPol, RsVrfValidationPol
from cobra.mit.request import ConfigRequest
import cobra.model.pol
import cobra.model.vns
from cobra.model.vz import Any
c = ConfigRequest()
#apic_logon(apic_url, user, password)
polUni = cobra.model.pol.Uni('')
fvTenant = Tenant(polUni, tenant_name)
fvCtx = Ctx(fvTenant,
ownerKey=u'',
name=vrf_name,
descr=u'',
knwMcastAct=u'permit',
pcEnfDir=u'ingress',
nameAlias=u'',
ownerTag=u'',
annotation=u'',
pcEnfPref=u'enforced',
bdEnforcedEnable=u'no')
fvRsVrfValidationPol = RsVrfValidationPol(fvCtx,
tnL3extVrfValidationPolName=u'',
annotation=u'')
vzAny = Any(fvCtx,
matchT=u'AtleastOne',
name=u'',
descr=u'',
prefGrMemb=u'disabled',
nameAlias=u'',
annotation=u'')
fvRsOspfCtxPol = RsOspfCtxPol(fvCtx, annotation=u'', tnOspfCtxPolName=u'')
fvRsCtxToEpRet = RsCtxToEpRet(fvCtx, annotation=u'', tnFvEpRetPolName=u'')
fvRsCtxToExtRouteTagPol = RsCtxToExtRouteTagPol(fvCtx,
annotation=u'',
tnL3extRouteTagPolName=u'')
fvRsBgpCtxPol = RsBgpCtxPol(fvCtx, tnBgpCtxPolName=u'', annotation=u'')
ctx_data = toJSONStr(polUni)
c.addMo(polUni)
logon_session.commit(c)
return ctx_data
def createBridgeDomain(tenant, epgSpec, apicMoDir):
logging.debug('Inside createBridgeDomain function')
gw = epgSpec['gw-cidr']
netmask = gw.split('/')
if len(netmask) != 2:
return ['failed', 'invalid subnet']
# Check if gw ip is correct
bdIsL3 = True
if netmask[0] == '':
logging.info('Missing gateway in contiv network. Creating BD without Subnet (L2 only).')
bdIsL3 = False
bdName = epgSpec['nw-name']
bdDn = formBDDn(tenant, bdName)
logging.info('Creating BD %s under tenant %s' % (bdName, tenant))
# Check if there is a VRF to tie the BD. If not, create one.
tenMo = tenantDict[tenant]
ctxMos = findTenantVrfContexts(tenant, apicMoDir)
logging.debug('Fetched context mos:')
logging.debug(ctxMos)
if len(ctxMos) == 0:
# No VRFs found. Need to create one.
tenVrfName = formTenantVRFName(tenant)
ctxMo = Ctx(tenMo, tenVrfName)
cR = ConfigRequest()
cR.addMo(ctxMo)
apicMoDir.commit(cR)
elif len(ctxMos) > 1:
logging.error('Multi VRF scenario requires pre-created BDs')
return ['failed', 'Multiple VRFs under tenant not supported yet']
else:
for ctxMo in ctxMos:
tenVrfName = ctxMo.name
fvBDMo = BD(tenMo, name=bdName)
RsCtx(fvBDMo, tnFvCtxName=tenVrfName)
if bdIsL3:
# create subnet
Subnet(fvBDMo, gw)
cR = ConfigRequest()
cR.addMo(fvBDMo)
apicMoDir.commit(cR)
if bdIsL3:
subnetDict[gw] = fvBDMo
logging.info('Created BD {}'.format(bdName))
return ['success', 'ok']
def create_3tier_application(modir, tenant_name):
policy_universe = modir.lookupByDn('uni')
fv_tenant = Tenant(policy_universe, tenant_name)
# create context
fv_ctx = Ctx(fv_tenant, CTX_NAME)
#
fv_bd = BD(fv_tenant, 'BD1')
#
fv_rs_ctx = RsCtx(fv_bd)
fv_rs_ctx.__setattr__('tnFvCtxName', 'Apple-Router')
fv_subnet_10 = Subnet(fv_bd,'10.0.0.1/24', scope='public')
fv_subnet_20 = Subnet(fv_bd, '20.0.0.1/24', scope='public')
fv_subnet_30 = Subnet(fv_bd, '30.0.0.1/24', scope='public')
fv_subnet_40 = Subnet(fv_bd, '40.0.0.1/24', scope='public')
#
fv_ap = Ap(fv_tenant, '3-TierApp')
fv_aepg_client = AEPg(fv_ap, 'Client')
fv_rs_bd_client = RsBd(fv_aepg_client, tnFvBDName='BD1')
# fv_rs_bd_client.__setattr__('tnFvBDName', 'BD1')
fv_rs_cons_webct_client = RsCons(fv_aepg_client, 'WebCt')
fv_aepg_web = AEPg(fv_ap, 'Web')
fv_rs_bd_web = RsBd(fv_aepg_web, tnFvBDName='BD1')
fv_rs_cons_webct_web = RsProv(fv_aepg_web, 'WebCt')
fv_rs_cons_appct_web = RsCons(fv_aepg_web, 'AppCt')
fv_aepg_app = AEPg(fv_ap, 'App')
fv_rs_bd_app = RsBd(fv_aepg_app, tnFvBDName='DB1')
fv_rs_cons_webct_app = RsProv(fv_aepg_app, 'WebCt')
fv_rs_cons_appct_app = RsCons(fv_aepg_app, 'AppCt')
fv_aepg_db = AEPg(fv_ap, 'DB')
fv_rs_bd_db = RsBd(fv_aepg_db, tnFvBDName='BD1')
fv_rs_prov_db = RsProv(fv_aepg_db, 'DbCt')
print toXMLStr(policy_universe, prettyPrint=True)
# Commit the change using a ConfigRequest object
configReq = ConfigRequest()
configReq.addMo(policy_universe)
modir.commit(configReq)
def setupTenant(spec, apicMoDir):
logging.debug('Inside setupTenant function')
tenant = spec['tenant']
# Check if the APIC already knows about this tenant
tenantDn = formTenantDn(tenant)
exists, fvTenantMo = checkDnExists(apicMoDir, tenantDn)
if exists:
# The tenant already exists in the APIC. Stash what we got.
logging.info('Tenant %s already exists.' % tenant)
tenantDict[tenant] = fvTenantMo
else:
logging.info('Creating tenant %s' % tenant)
uniMo = apicMoDir.lookupByDn('uni')
fvTenantMo = Tenant(uniMo, tenant)
# create a vrf for the tenant
ctxMo = Ctx(fvTenantMo, tenant + '-Vrf')
cR = ConfigRequest()
cR.addMo(fvTenantMo)
apicMoDir.commit(cR)
tenantDict[tenant] = fvTenantMo
return ['success', 'ok']
# CONNECT TO APIC
print('Initializing connection to APIC.\n**')
moDir = MoDirectory(LoginSession('https://apic', 'admin', 'cisco123'))
moDir.login()
# Get the top level Policy Universe Directory
uniMo = moDir.lookupByDn('uni')
print("Starting Tenant Creation.\n**")
for tenant in TENANT_INFO:
print("Creating tenant %s.." % (tenant['name']))
fvTenantMo = Tenant(uniMo, tenant['name'])
# Create Private Network
Ctx(fvTenantMo, tenant['ctx'])
# Create Bridge Domain
fvBDMo = BD(fvTenantMo, name=tenant['bd'])
# Create association to private network
RsCtx(fvBDMo, tnFvCtxName=tenant['ctx'])
# Create Application Profile
for app in tenant['ap']:
print('Creating Application Profile: %s' % app['name'])
fvApMo = Ap(fvTenantMo, app['name'])
# Create EPGs
for epg in app['epgs']:
def main(host, port, user, password):
# CONNECT TO APIC
print('Initializing connection to APIC...')
apicUrl = 'http://%s:%d' % (host, port)
moDir = MoDirectory(LoginSession(apicUrl, user, password))
moDir.login()
# Get the top level Policy Universe Directory
uniMo = moDir.lookupByDn('uni')
uniInfraMo = moDir.lookupByDn('uni/infra')
# Create Vlan Namespace
nsInfo = VMM_DOMAIN_INFO['namespace']
print("Creating namespace %s.." % (nsInfo['name']))
fvnsVlanInstPMo = VlanInstP(uniInfraMo, nsInfo['name'], 'dynamic')
#fvnsArgs = {'from': nsInfo['from'], 'to': nsInfo['to']}
EncapBlk(fvnsVlanInstPMo, nsInfo['from'], nsInfo['to'], name=nsInfo['name'])
nsCfg = ConfigRequest()
nsCfg.addMo(fvnsVlanInstPMo)
moDir.commit(nsCfg)
# Create VMM Domain
print('Creating VMM domain...')
vmmpVMwareProvPMo = moDir.lookupByDn('uni/vmmp-VMware')
vmmDomPMo = DomP(vmmpVMwareProvPMo, VMM_DOMAIN_INFO['name'])
vmmUsrMo = []
for usrp in VMM_DOMAIN_INFO['usrs']:
usrMo = UsrAccP(vmmDomPMo, usrp['name'], usr=usrp['usr'],
pwd=usrp['pwd'])
vmmUsrMo.append(usrMo)
# Create Controllers under domain
for ctrlr in VMM_DOMAIN_INFO['ctrlrs']:
vmmCtrlrMo = CtrlrP(vmmDomPMo, ctrlr['name'], scope=ctrlr['scope'],
hostOrIp=ctrlr['ip'])
# Associate Ctrlr to UserP
RsAcc(vmmCtrlrMo, tDn=vmmUsrMo[0].dn)
# Associate Domain to Namespace
RsVlanNs(vmmDomPMo, tDn=fvnsVlanInstPMo.dn)
vmmCfg = ConfigRequest()
vmmCfg.addMo(vmmDomPMo)
moDir.commit(vmmCfg)
print("VMM Domain Creation Completed.")
print("Starting Tenant Creation..")
for tenant in TENANT_INFO:
print("Creating tenant %s.." % (tenant['name']))
fvTenantMo = Tenant(uniMo, tenant['name'])
# Create Private Network
Ctx(fvTenantMo, tenant['pvn'])
# Create Bridge Domain
fvBDMo = BD(fvTenantMo, name=tenant['bd'])
# Create association to private network
RsCtx(fvBDMo, tnFvCtxName=tenant['pvn'])
# Create Application Profile
for app in tenant['ap']:
print('Creating Application Profile: %s' % app['name'])
fvApMo = Ap(fvTenantMo, app['name'])
# Create EPGs
for epg in app['epgs']:
print("Creating EPG: %s..." % (epg['name']))
fvAEPgMo = AEPg(fvApMo, epg['name'])
# Associate EPG to Bridge Domain
RsBd(fvAEPgMo, tnFvBDName=tenant['bd'])
# Associate EPG to VMM Domain
RsDomAtt(fvAEPgMo, vmmDomPMo.dn)
# Commit each tenant seperately
tenantCfg = ConfigRequest()
tenantCfg.addMo(fvTenantMo)
moDir.commit(tenantCfg)
print('All done!')
def tenant_policy(host, user, password):
print('[BEG] Tenant Configuration')
moDir = apic_login(host, user, password)
uniMo = moDir.lookupByDn('uni')
fvTenantMo = Tenant(uniMo, 'Cobra-Demo')
print('--- Building VRF(s)')
# Create Private Network
vrf1 = Ctx(fvTenantMo, "DC_INSIDE")
vrf2 = Ctx(fvTenantMo, "DC_OUTISDE")
print('--- Building Bridge Domain(s)')
# Create Bridge Domain & Subnets
fvBDMo1 = BD(fvTenantMo, "SERVER_BD1")
fvSubnet = Subnet(fvBDMo1,
name=u'Sub1',
ip=u'106.0.1.1/24',
preferred=u'no',
virtual=u'no')
fvSubnet = Subnet(fvBDMo1,
name=u'Sub2',
ip=u'106.0.2.1/24',
preferred=u'no',
virtual=u'no')
print('--- Adding Subnets to Bridge Domain(s)')
# Create Bridge Domain & Subnets
fvBDMo2 = BD(fvTenantMo, "SERVER_BD2")
fvSubnet = Subnet(fvBDMo2,
name=u'Sub3',
ip=u'106.0.3.1/24',
preferred=u'no',
virtual=u'no',
scope=u'public')
fvSubnet = Subnet(fvBDMo2,
name=u'Sub4',
ip=u'106.0.4.1/24',
preferred=u'no',
virtual=u'yes')
fvSubnet = Subnet(fvBDMo2,
name=u'Sub5',
ip=u'106.0.5.1/24',
preferred=u'no',
virtual=u'no',
scope=u'public')
print('--- Adding Bridge Domain(s) to VRF(s)')
# Create association to private network
fv1RsCtx = RsCtx(fvBDMo1, tnFvCtxName=vrf1.name)
fv2RsCtx = RsCtx(fvBDMo2, tnFvCtxName=vrf1.name)
print('--- Building Web Filter')
# Build Web Filters
vzFilter1 = Filter(fvTenantMo, name=u'Web-Filters')
vzEntry = Entry(vzFilter1,
applyToFrag=u'no',
dToPort=u'https',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'https',
name=u'https')
vzEntry2 = Entry(vzFilter1,
applyToFrag=u'no',
dToPort=u'https',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'https',
name=u'https')
print('--- Building App Filter')
# Build App Filters
vzFilter2 = Filter(fvTenantMo, name=u'App-Filters')
vzEntry = Entry(vzFilter2,
applyToFrag=u'no',
dToPort=u'8080',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'8080',
name=u'tcp8080')
vzEntry2 = Entry(vzFilter2,
dToPort=u'8443',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'8443',
name=u'tcp8443')
print('--- Creating Contract(s)')
#Create Contracts
httpContract = BrCP(fvTenantMo, 'WEB')
vzSubjMo = Subj(httpContract, 'Web-Ports')
RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter1.name)
RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')
appContract = BrCP(fvTenantMo, 'APP')
vzSubjMo = Subj(appContract, 'App-Ports')
RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter2.name)
RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')
dbContract = BrCP(fvTenantMo, 'DB')
vzSubjMo = Subj(dbContract, 'DB-Ports')
RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')
print('--- Creating Application Profile')
#Create Application Profile
fvApMo = Ap(fvTenantMo, 'DemoAppProfile')
print('--- Building EPG: App')
#Build AEPg APP
fvAEPg1 = AEPg(fvApMo, 'APP')
fvAEPgBD1 = RsBd(fvAEPg1, tnFvBDName=fvBDMo1.name)
#Attach Static AEPg to Interface
fvRsPathAtt1 = RsPathAtt(fvAEPg1,
tDn=u'topology/pod-1/paths-101/pathep-[eth1/15]',
primaryEncap=u'unknown',
instrImedcy=u'lazy',
mode=u'regular',
encap=u'vlan-2005')
AppProv1 = RsProv(fvAEPg1, tnVzBrCPName=appContract.name)
AppCons1 = RsCons(fvAEPg1, tnVzBrCPName=dbContract.name)
print('--- Building EPG: Web')
#Build AEPg WEB
fvAEPg2 = AEPg(fvApMo, 'WEB')
fvAEPgBD1 = RsBd(fvAEPg2, tnFvBDName=fvBDMo2.name)
#Attach Static AEPg to Interface
fvRsPathAtt2 = RsPathAtt(fvAEPg2,
tDn=u'topology/pod-1/paths-101/pathep-[eth1/16]',
primaryEncap=u'unknown',
instrImedcy=u'lazy',
mode=u'regular',
encap=u'vlan-2006')
WebProv1 = RsProv(fvAEPg2, tnVzBrCPName=httpContract.name)
WebCons1 = RsCons(fvAEPg2, tnVzBrCPName=appContract.name)
print('--- Building EPG: DB')
#Build AEPg DB
fvAEPg3 = AEPg(fvApMo, 'DB')
print(' --- Attaching DB to Bridge Domain: ' + fvBDMo2.name)
fvAEPgBD1 = RsBd(fvAEPg3, tnFvBDName=fvBDMo2.name)
#Attach Static AEPg to Interface
fvRsPathAtt3 = RsPathAtt(fvAEPg3,
tDn=u'topology/pod-1/paths-101/pathep-[eth1/17]',
primaryEncap=u'unknown',
instrImedcy=u'lazy',
mode=u'regular',
encap=u'vlan-2007')
DbProv1 = RsProv(fvAEPg3, tnVzBrCPName=dbContract.name)
print('--- Building L3 Out')
# Configure L3 Out
l3extOut = Out(fvTenantMo, name=u'L3Ext-Cobra', enforceRtctrl=u'export')
l3extRsEctx = RsEctx(l3extOut, tnFvCtxName=vrf1.name)
l3extLNodeP = LNodeP(l3extOut, name=u'Leaf102')
l3extRsNodeL3OutAtt = RsNodeL3OutAtt(l3extLNodeP,
rtrIdLoopBack=u'no',
rtrId=u'10.10.15.250',
tDn=u'topology/pod-1/node-102')
l3extLIfP = LIfP(l3extLNodeP, name=u'port1-Cobra')
ospfIfP = IfP(l3extLIfP, authKeyId=u'1')
ospfRsIfPol = RsIfPol(ospfIfP, tnOspfIfPolName=u'OSPF-P2P')
l3extRsPathL3OutAtt = RsPathL3OutAtt(
l3extLIfP,
addr=u'10.10.100.9/30',
encapScope=u'local',
mode=u'regular',
ifInstT=u'l3-port',
mtu=u'1500',
tDn=u'topology/pod-1/paths-102/pathep-[eth1/1]')
l3extInstP = l3ext.InstP(l3extOut, name=u'L3-OUT-EPG')
fvRsCons = RsCons(l3extInstP, tnVzBrCPName=httpContract.name)
l3extSubnet = L3Sub(l3extInstP, ip=u'0.0.0.0/0')
ospfExtP = ExtP(l3extOut,
areaCtrl=u'redistribute,summary',
areaId=u'0.0.0.1',
areaType=u'regular',
areaCost=u'1')
BDAttL3Out1 = RsBDToOut(fvBDMo2, tnL3extOutName=l3extOut.name)
cfg_commit(moDir, fvTenantMo)
print('[END] Tenant Configuration')
timeout=180)
md = MoDirectory(session)
print "Trying to log in ..."
md.login()
print "Trying to log in ... successful"
# Get the top level Policy Universe Directory
uniMo = md.lookupByDn('uni')
for tenant in tenants:
print "Creating Tenant [{}]".format(tenant.getName())
fvTenantMo = Tenant(uniMo, tenant.getName(), descr=tenant.getDesc())
for vrf in tenant.getVrfs():
print "Creating VRF [{}]".format(vrf.getName())
Ctx(fvTenantMo, vrf.getName(), descr=vrf.getDesc())
for bd in vrf.getBds():
print "Creating BD [{}]".format(bd.getName())
fvBDMo = BD(fvTenantMo, bd.getName(), descr=bd.getDesc())
# Create association to VRF
RsCtx(fvBDMo, tnFvCtxName=vrf.getName())
for ap in vrf.getAppProfiles():
print "Creating App Profile [{}]".format(ap.getName())
fvApMo = Ap(fvTenantMo, ap.getName(), descr=ap.getDesc())
for epg in ap.getEpgs():
print "Creating EPG [{}]".format(epg.getName())
fvAEPgMo = AEPg(fvApMo, epg.getName(), descr=epg.getDesc())
# Associate EPG to Bridge Domain