def create_oob_mgmt_policies(apic=None, policy=None, nodes=None):
"""
OOB Mgmt configuration
"""
# Build OOB Management Object
fvTenant = aciFv.Tenant(aciPol.Uni(''), name='mgmt')
mgmtMgmtP = aciMgmt.MgmtP(fvTenant, name='default')
mgmtOoB = aciMgmt.OoB(mgmtMgmtP, prio='unspecified', name='default')
nodeNames = dict([n.name, n.id] for n in nodes)
podId = policy['podId']
for entry in policy['nodes']:
nodeId = nodeNames[entry['name']]
tDN = 'topology/pod-{}/node-{}'.format(podId, nodeId)
if policy['v6Gw'] == '::':
aciMgmt.RsOoBStNode(mgmtOoB,
gw=policy['gw'],
tDn=tDN,
addr=entry['ipv4'])
else:
aciMgmt.RsOoBStNode(mgmtOoB,
gw=policy['gw'],
v6Gw=policy['v6Gw'],
tDn=tDN,
addr=entry['ipv4'],
v6Addr=entry['ipv6'])
return fvTenant
def configOobMgmt(config):
"Configure the Out of Band management addresses for given fabric nodes"
fvTenant = aciFv.Tenant(aciPol.Uni(''), name='mgmt')
mgmtMgmtP = aciMgmt.MgmtP(fvTenant, name='default')
mgmtOoB = aciMgmt.OoB(mgmtMgmtP, prio='unspecified', name='default')
for podId, nodes in config.fabricNodes['pods'].iteritems():
for node in nodes:
aciMgmt.RsOoBStNode(mgmtOoB,
gw=config.mgmtOob['gw'],
v6Gw=config.mgmtOob['v6Gw'],
v6Addr=node['v6Addr'], addr=node['addr'],
tDn=getDnFromPodIdNodeId(podId,
node['nodeId']))
return fvTenant
def create_inb_mgmt_policies(apic=None, policy=None, nodes=None):
# First create the inband bridge domain, bind to inb context/VRF
fvTenant = aciFv.Tenant(aciPol.Uni(''), name='mgmt')
fvBD = aciFv.BD(fvTenant, name='inb')
aciFv.RsCtx(fvBD, tnFvCtxName='inb')
# Second create INB management contract to permit SSH
vzBrCp = aciVz.BrCP(fvTenant,
name=policy['inb_contract_name'],
scope='context',
prio='unspecified',
targetDscp='unspecified')
vzSubj = aciVz.Subj(vzBrCp,
name=policy['inb_subject_name'],
provMatchT='AtleastOne',
consMatchT='AtleastOne',
prio='unspecified',
targetDscp='unspecified',
revFltPorts='yes')
# Simply replicate this line for other filtername
aciVz.RsSubjFiltAtt(vzSubj,
action='permit',
tnVzFilterName='tcp_src_port_any_to_dst_port_22')
# Third, create inb mgmt EPG
mgmtMgmtP = aciMgmt.MgmtP(fvTenant, name='default')
mgmtInB = aciMgmt.InB(mgmtMgmtP,
name=policy['inb_epg_name'],
encap=policy['vlan'],
floodOnEncap='disabled',
matchT='AtleastOne',
prefGrMemb='exclude',
prio='unspecified')
# Bind to BD
aciMgmt.RsMgmtBD(mgmtInB, tnFvBDName='inb')
# Add the subnet/gateway
# aciFv.Subnet(
# mgmtInB, ip=policy['subnet'],
# ctrl='nd', preferred='no', virtual='no', scope='private'
# )
# Add consumer/provider
aciFv.RsProv(mgmtInB,
tnVzBrCPName=policy['inb_contract_name'],
prio='unspecified',
matchT='AtleastOne')
aciFv.RsCons(mgmtInB,
tnVzBrCPName=policy['inb_contract_name'],
prio='unspecified')
# FINALLY, create the maps of the nodes/IP/GW to the EPG
nodeNames = dict([n.name, n.id] for n in nodes)
podId = policy['podId']
for entry in policy['nodes']:
nodeId = nodeNames[entry['name']]
tDN = 'topology/pod-{}/node-{}'.format(podId, nodeId)
aciMgmt.RsInBStNode(mgmtInB,
tDn=tDN,
addr=entry['ipv4'],
gw=policy['gw'])
return fvTenant