Example #1
0
    def ensure_external_network_configured(self,
                                           network_id,
                                           address_scope_name,
                                           delete=False):
        tenant = self.get_tenant(network_id)

        scope_config = self._get_address_scope_config(address_scope_name)

        l3_outs = scope_config['l3_outs']
        vrf_name = scope_config['vrf']

        # prepare bridge domain

        bd = fv.BD(tenant, network_id)

        # We don't need the out profiles for now
        # out_profile  = RsBDToProfile(bd,tnL3extOutName=l3_out_name)
        vrf = fv.RsCtx(bd, vrf_name, tnFvCtxName=vrf_name)

        bd_outs = []

        for l3_out in l3_outs.split(','):
            out = self._find_l3_out(network_id, l3_out)
            if out:
                LOG.info('Configure L3 out for network, {}'.format(out.name))
                bd_out = fv.RsBDToOut(bd, out.name)
                if delete:
                    bd_out.delete()
                bd_outs.append(bd_out)
            else:
                LOG.error(
                    'Cannot configure L3 out for BD, {} not found in ACI configuration'
                    .format(l3_out))

        #if delete:
        # vrf.delete() #TODO: the RsCtx object cannot be deleted, need to find out how to clear on the BD

        # Prepare EPG
        app = fv.Ap(tenant, self.apic_application_profile)
        epg = fv.AEPg(app, network_id)

        epg_contracts = []

        contract_def = ast.literal_eval(scope_config['contracts'])
        for type, contracts in contract_def.iteritems():
            if type == 'consumed':
                for contract in contracts:
                    contract = fv.RsCons(epg, contract)
                    if delete:
                        contract.delete()
                    epg_contracts.append(contract)
            elif type == 'provided':
                for contract in contracts:
                    contract = fv.RsProv(epg, contract)
                    if delete:
                        contract.delete()
                    epg_contracts.append(contract)

        self.apic.commit([vrf] + bd_outs + epg_contracts)
Example #2
0
    def ensure_internal_network_configured(self, network_id, delete=False):
        tenant = self.get_tenant(network_id)

        bd = fv.BD(tenant, network_id)
        vrf = fv.RsCtx(bd,
                       self.tenant_default_vrf,
                       tnFvCtxName=self.tenant_default_vrf)
        self.apic.commit(vrf)
Example #3
0
def create_overlay_policy(apic=None, policy=None):

    mo = aciPol.Uni('')

    for name, data in policy.items():
        # Create tenant behind the scenes
        tenantName = '{0}_Tenant'.format(name)
        fvTenant = aciFv.Tenant(mo, name=tenantName)

        # Create the required VRF as well
        vrfName = '{0}_VRF'.format(name)
        fvCtx = aciFv.Ctx(fvTenant, name=vrfName)

        # Create BD
        for vlan in data['vlans']:
            vlanName = 'VLAN_{0}'.format(vlan['id'])

            if vlan['optimized']:
                fvBD = aciFv.BD(fvTenant,
                                name=vlanName,
                                OptimizeWanBandwidth='no',
                                arpFlood='no',
                                epClear='no',
                                hostBasedRouting='yes',
                                intersiteBumTrafficAllow='no',
                                intersiteL2Stretch='no',
                                ipLearning='yes',
                                limitIpLearnToSubnets='yes',
                                llAddr='::',
                                mac='00:22:BD:F8:19:FF',
                                mcastAllow='no',
                                multiDstPktAct='encap-flood',
                                type='regular',
                                unicastRoute='yes',
                                unkMacUcastAct='proxy',
                                unkMcastAct='opt-flood',
                                v6unkMcastAct='flood',
                                vmac='not-applicable')
            else:
                fvBD = aciFv.BD(fvTenant,
                                name=vlanName,
                                OptimizeWanBandwidth='no',
                                arpFlood='yes',
                                epClear='no',
                                hostBasedRouting='no',
                                intersiteBumTrafficAllow='no',
                                intersiteL2Stretch='no',
                                ipLearning='yes',
                                limitIpLearnToSubnets='yes',
                                llAddr='::',
                                mac='00:22:BD:F8:19:FF',
                                mcastAllow='no',
                                multiDstPktAct='bd-flood',
                                type='regular',
                                unicastRoute='yes',
                                unkMacUcastAct='flood',
                                unkMcastAct='flood',
                                v6unkMcastAct='flood',
                                vmac='not-applicable')

            aciFv.Subnet(fvBD,
                         ip=vlan['subnet'],
                         preferred='no',
                         scope='private',
                         virtual='no')

            aciFv.RsCtx(fvBD, tnFvCtxName='{0}_VRF'.format(name))

            fvAp = aciFv.Ap(fvTenant, name='{0}_AppProf'.format(vlanName))
            aciFv.RsApMonPol(fvAp, tnMonEPGPolName='default')

            # REMAINING TASKS
            # Create EPGs
            # aciFv.EPg(fvAp, name, matchT, etc...)
            # Contracts

    return mo
Example #4
0
apicUsername = '******' + TacacsUser
apicPassword = TacacsPassword
loginSession = LoginSession(apicUrl, apicUsername, apicPassword)

# Create a session with the APIC and login
moDir = MoDirectory(loginSession)
moDir.login()

#Prompt User for Tenant to create BD in.
#UserTenant = raw_input('Create BD in which tenant? ')

# Start at the Tenant of MIT tree
TenantMo = moDir.lookupByDn((r'uni/tn-ExampleSdkTenant'))

# Create a new BD MO and connect it as a Child object to the Tenant MO
fvBDMo = fvModels.BD(TenantMo, name='myBD')

# Associate the VRF under the new BD
fvRsCtxMo = fvModels.RsCtx(fvBDMo, tnFvCtxName='myVRF')

# Add Subnet to BD
fvSubnetMo = fvModels.Subnet(fvBDMo, ip='10.20.30.1/24')

# Create a new configuration request to the APIC and pass in the new Tenant MO (including its children MOs)
# Commit the changes to the APIC
cfgRequest = ConfigRequest()
cfgRequest.addMo(fvBDMo)
moDir.commit(cfgRequest)

# Log Out once the request is complete
moDir.logout()
Example #5
0
def create_inb_mgmt_policies(apic=None, policy=None, nodes=None):
    # First create the inband bridge domain, bind to inb context/VRF
    fvTenant = aciFv.Tenant(aciPol.Uni(''), name='mgmt')
    fvBD = aciFv.BD(fvTenant, name='inb')
    aciFv.RsCtx(fvBD, tnFvCtxName='inb')

    # Second create INB management contract to permit SSH
    vzBrCp = aciVz.BrCP(fvTenant,
                        name=policy['inb_contract_name'],
                        scope='context',
                        prio='unspecified',
                        targetDscp='unspecified')

    vzSubj = aciVz.Subj(vzBrCp,
                        name=policy['inb_subject_name'],
                        provMatchT='AtleastOne',
                        consMatchT='AtleastOne',
                        prio='unspecified',
                        targetDscp='unspecified',
                        revFltPorts='yes')

    # Simply replicate this line for other filtername
    aciVz.RsSubjFiltAtt(vzSubj,
                        action='permit',
                        tnVzFilterName='tcp_src_port_any_to_dst_port_22')

    # Third, create inb mgmt EPG
    mgmtMgmtP = aciMgmt.MgmtP(fvTenant, name='default')
    mgmtInB = aciMgmt.InB(mgmtMgmtP,
                          name=policy['inb_epg_name'],
                          encap=policy['vlan'],
                          floodOnEncap='disabled',
                          matchT='AtleastOne',
                          prefGrMemb='exclude',
                          prio='unspecified')

    # Bind to BD
    aciMgmt.RsMgmtBD(mgmtInB, tnFvBDName='inb')

    # Add the subnet/gateway
    # aciFv.Subnet(
    #   mgmtInB, ip=policy['subnet'],
    #   ctrl='nd', preferred='no', virtual='no', scope='private'
    # )

    # Add consumer/provider
    aciFv.RsProv(mgmtInB,
                 tnVzBrCPName=policy['inb_contract_name'],
                 prio='unspecified',
                 matchT='AtleastOne')
    aciFv.RsCons(mgmtInB,
                 tnVzBrCPName=policy['inb_contract_name'],
                 prio='unspecified')

    # FINALLY, create the maps of the nodes/IP/GW to the EPG
    nodeNames = dict([n.name, n.id] for n in nodes)
    podId = policy['podId']

    for entry in policy['nodes']:
        nodeId = nodeNames[entry['name']]
        tDN = 'topology/pod-{}/node-{}'.format(podId, nodeId)

        aciMgmt.RsInBStNode(mgmtInB,
                            tDn=tDN,
                            addr=entry['ipv4'],
                            gw=policy['gw'])

    return fvTenant