def ensure_external_network_configured(self, network_id, address_scope_name, delete=False): tenant = self.get_tenant(network_id) scope_config = self._get_address_scope_config(address_scope_name) l3_outs = scope_config['l3_outs'] vrf_name = scope_config['vrf'] # prepare bridge domain bd = fv.BD(tenant, network_id) # We don't need the out profiles for now # out_profile = RsBDToProfile(bd,tnL3extOutName=l3_out_name) vrf = fv.RsCtx(bd, vrf_name, tnFvCtxName=vrf_name) bd_outs = [] for l3_out in l3_outs.split(','): out = self._find_l3_out(network_id, l3_out) if out: LOG.info('Configure L3 out for network, {}'.format(out.name)) bd_out = fv.RsBDToOut(bd, out.name) if delete: bd_out.delete() bd_outs.append(bd_out) else: LOG.error( 'Cannot configure L3 out for BD, {} not found in ACI configuration' .format(l3_out)) #if delete: # vrf.delete() #TODO: the RsCtx object cannot be deleted, need to find out how to clear on the BD # Prepare EPG app = fv.Ap(tenant, self.apic_application_profile) epg = fv.AEPg(app, network_id) epg_contracts = [] contract_def = ast.literal_eval(scope_config['contracts']) for type, contracts in contract_def.iteritems(): if type == 'consumed': for contract in contracts: contract = fv.RsCons(epg, contract) if delete: contract.delete() epg_contracts.append(contract) elif type == 'provided': for contract in contracts: contract = fv.RsProv(epg, contract) if delete: contract.delete() epg_contracts.append(contract) self.apic.commit([vrf] + bd_outs + epg_contracts)
def ensure_internal_network_configured(self, network_id, delete=False): tenant = self.get_tenant(network_id) bd = fv.BD(tenant, network_id) vrf = fv.RsCtx(bd, self.tenant_default_vrf, tnFvCtxName=self.tenant_default_vrf) self.apic.commit(vrf)
def create_overlay_policy(apic=None, policy=None): mo = aciPol.Uni('') for name, data in policy.items(): # Create tenant behind the scenes tenantName = '{0}_Tenant'.format(name) fvTenant = aciFv.Tenant(mo, name=tenantName) # Create the required VRF as well vrfName = '{0}_VRF'.format(name) fvCtx = aciFv.Ctx(fvTenant, name=vrfName) # Create BD for vlan in data['vlans']: vlanName = 'VLAN_{0}'.format(vlan['id']) if vlan['optimized']: fvBD = aciFv.BD(fvTenant, name=vlanName, OptimizeWanBandwidth='no', arpFlood='no', epClear='no', hostBasedRouting='yes', intersiteBumTrafficAllow='no', intersiteL2Stretch='no', ipLearning='yes', limitIpLearnToSubnets='yes', llAddr='::', mac='00:22:BD:F8:19:FF', mcastAllow='no', multiDstPktAct='encap-flood', type='regular', unicastRoute='yes', unkMacUcastAct='proxy', unkMcastAct='opt-flood', v6unkMcastAct='flood', vmac='not-applicable') else: fvBD = aciFv.BD(fvTenant, name=vlanName, OptimizeWanBandwidth='no', arpFlood='yes', epClear='no', hostBasedRouting='no', intersiteBumTrafficAllow='no', intersiteL2Stretch='no', ipLearning='yes', limitIpLearnToSubnets='yes', llAddr='::', mac='00:22:BD:F8:19:FF', mcastAllow='no', multiDstPktAct='bd-flood', type='regular', unicastRoute='yes', unkMacUcastAct='flood', unkMcastAct='flood', v6unkMcastAct='flood', vmac='not-applicable') aciFv.Subnet(fvBD, ip=vlan['subnet'], preferred='no', scope='private', virtual='no') aciFv.RsCtx(fvBD, tnFvCtxName='{0}_VRF'.format(name)) fvAp = aciFv.Ap(fvTenant, name='{0}_AppProf'.format(vlanName)) aciFv.RsApMonPol(fvAp, tnMonEPGPolName='default') # REMAINING TASKS # Create EPGs # aciFv.EPg(fvAp, name, matchT, etc...) # Contracts return mo
apicUsername = '******' + TacacsUser apicPassword = TacacsPassword loginSession = LoginSession(apicUrl, apicUsername, apicPassword) # Create a session with the APIC and login moDir = MoDirectory(loginSession) moDir.login() #Prompt User for Tenant to create BD in. #UserTenant = raw_input('Create BD in which tenant? ') # Start at the Tenant of MIT tree TenantMo = moDir.lookupByDn((r'uni/tn-ExampleSdkTenant')) # Create a new BD MO and connect it as a Child object to the Tenant MO fvBDMo = fvModels.BD(TenantMo, name='myBD') # Associate the VRF under the new BD fvRsCtxMo = fvModels.RsCtx(fvBDMo, tnFvCtxName='myVRF') # Add Subnet to BD fvSubnetMo = fvModels.Subnet(fvBDMo, ip='10.20.30.1/24') # Create a new configuration request to the APIC and pass in the new Tenant MO (including its children MOs) # Commit the changes to the APIC cfgRequest = ConfigRequest() cfgRequest.addMo(fvBDMo) moDir.commit(cfgRequest) # Log Out once the request is complete moDir.logout()
def create_inb_mgmt_policies(apic=None, policy=None, nodes=None): # First create the inband bridge domain, bind to inb context/VRF fvTenant = aciFv.Tenant(aciPol.Uni(''), name='mgmt') fvBD = aciFv.BD(fvTenant, name='inb') aciFv.RsCtx(fvBD, tnFvCtxName='inb') # Second create INB management contract to permit SSH vzBrCp = aciVz.BrCP(fvTenant, name=policy['inb_contract_name'], scope='context', prio='unspecified', targetDscp='unspecified') vzSubj = aciVz.Subj(vzBrCp, name=policy['inb_subject_name'], provMatchT='AtleastOne', consMatchT='AtleastOne', prio='unspecified', targetDscp='unspecified', revFltPorts='yes') # Simply replicate this line for other filtername aciVz.RsSubjFiltAtt(vzSubj, action='permit', tnVzFilterName='tcp_src_port_any_to_dst_port_22') # Third, create inb mgmt EPG mgmtMgmtP = aciMgmt.MgmtP(fvTenant, name='default') mgmtInB = aciMgmt.InB(mgmtMgmtP, name=policy['inb_epg_name'], encap=policy['vlan'], floodOnEncap='disabled', matchT='AtleastOne', prefGrMemb='exclude', prio='unspecified') # Bind to BD aciMgmt.RsMgmtBD(mgmtInB, tnFvBDName='inb') # Add the subnet/gateway # aciFv.Subnet( # mgmtInB, ip=policy['subnet'], # ctrl='nd', preferred='no', virtual='no', scope='private' # ) # Add consumer/provider aciFv.RsProv(mgmtInB, tnVzBrCPName=policy['inb_contract_name'], prio='unspecified', matchT='AtleastOne') aciFv.RsCons(mgmtInB, tnVzBrCPName=policy['inb_contract_name'], prio='unspecified') # FINALLY, create the maps of the nodes/IP/GW to the EPG nodeNames = dict([n.name, n.id] for n in nodes) podId = policy['podId'] for entry in policy['nodes']: nodeId = nodeNames[entry['name']] tDN = 'topology/pod-{}/node-{}'.format(podId, nodeId) aciMgmt.RsInBStNode(mgmtInB, tDn=tDN, addr=entry['ipv4'], gw=policy['gw']) return fvTenant