def add_contract_to_mgmt_inband_epg(modir, contract, contract_type, **args):
args = args['args_from_CLI'] if 'args_from_CLI' in args.keys() else args
# Query a parent
fv_inb = modir.lookupByDn('uni/tn-mgmt/mgmtp-default/inb-default')
if contract_type.lower() == 'provided':
fv_rsprov = RsProv(fv_inb, contract,
prio=get_value(args, 'prio', DEFAULT_QOS),
matchT=get_value(args, 'matchT', DEFAULT_MATCH_TYPE)
)
elif contract_type.lower() == 'consumed':
fv_rscons = RsCons(fv_inb, contract,
prio=get_value(args, 'prio', DEFAULT_QOS),
)
elif contract_type.lower() == 'taboo':
fv_rsprotby = RsProtBy(fv_inb, contract)
else:
print 'Invalid input Contract Type.'
return
print_query_xml(fv_inb)
commit_change(modir, fv_inb)
def connect_epg_contract(modir, tenant_name, application_name, epg_name,
contract_type, contract_name):
"""Assign a consumed/provided contract to an EPG"""
# Check if the contract exist. If not, return.
vz_brcp = modir.lookupByDn('uni/tn-' + tenant_name + '/brc-' +
contract_name)
if not isinstance(vz_brcp, BrCP):
print 'There is no contract called', contract_name, 'in tenant', tenant_name, '.'
return
# Check if the EPG exist.
fv_aepg = modir.lookupByDn('uni/tn-' + tenant_name + '/ap-' +
application_name + '/epg-' + epg_name)
if isinstance(fv_aepg, AEPg):
# Check the contract type, consumed or provided.
if contract_type.lower() == 'consumed':
# Add a consumed contract to EPG
fv_rscons = RsCons(fv_aepg, contract_name)
elif contract_type.lower() == 'provided':
# Add a provided contract to EPG
fv_rsprov = RsProv(fv_aepg, contract_name)
else:
print 'Contract_type is either \"consumed\" or \"provided\".'
return
else:
print 'Wrong path! Please check if EPG', epg_name, 'is in application', application_name, 'in tenant', tenant_name, '.'
return
print toXMLStr(fv_aepg, prettyPrint=True)
commit_change(modir, fv_aepg)
def configureIn_band_epg_default(parent_mo, in_band_epg, **args):
"""The in-band management endpoint group, which consists of switches (leaves/spines) and APICs. Each node in the group is assigned an IP address that is dynamically allocated from the address pool associated with the corresponding in-band management zone. The allocated IP address is then configured as the in-band management access IP address on the corresponding node. Any host that is part of another endpoint group can communicate with the nodes in the in-band management endpoint group using contacts. """
args = args['optional_args'] if 'optional_args' in args.keys() else args
fv_inb = InB(parent_mo,
in_band_epg,
encap=get_value(args, 'encap', DEFAULT_ENCAP),
prio=get_value(args, 'prio', DEFAULT_QOS))
if is_valid_key(args, 'bridge_domain'):
mgmt_rsmgmtbd = RsMgmtBD(fv_inb, tnFvBDName=args['bridge_domain'])
if is_valid_key(args, 'provided_contract'):
fv_rsprov = RsProv(
fv_inb,
args['provided_contract']['name'],
prio=get_value(args['provided_contract']['optional_args'], 'prio',
DEFAULT_QOS) if is_valid_key(
args['provided_contract'],
'optional_args') else DEFAULT_QOS,
matchT=get_value(args['provided_contract']['optional_args'],
'match_type', DEFAULT_MATCH_TYPE) if is_valid_key(
args['provided_contract'],
'optional_args') else DEFAULT_MATCH_TYPE)
if is_valid_key(args, 'consumed_contract'):
fv_rscons = RsCons(
fv_inb,
args['consumed_contract']['name'],
prio=get_value(args['consumed_contract']['optional_args'], 'prio',
DEFAULT_QOS),
)
if is_valid_key(args, 'taboo_contract'):
fv_rsprotby = RsProtBy(fv_inb, args['taboo_contract']['name'])
def add_contract(mo, contractType, contractName):
if contractType.lower() == 'consumed':
try:
RsCons(mo, tnVzBrCPName=contractName)
print '[+] Contract %s successfully attached to EPG as %s' % (
contractName, contractType)
CONFIG.addMo(mo)
return mo
except:
print '[-] Error attaching contract %s to EPG' % contractName
exit(1)
if contractType.lower() == 'provided':
try:
RsProv(mo, tnVzBrCPName=contractName)
print '[+] Contract %s successfully attached to EPG as %s' % (
contractName, contractType)
CONFIG.addMo(mo)
return mo
except:
print '[-] Error attaching contract %s to EPG' % contractName
exit(1)
if contractType.lower() == 'intra-epg':
try:
RsIntraEpg(mo, tnVzBrCPName=contractName)
print '[+] Contract %s successfully attached to EPG as %s' % (
contractName, contractType)
CONFIG.addMo(mo)
return mo
except:
print '[-] Error attaching contract %s to EPG' % contractName
exit(1)
def create_3tier_application(modir, tenant_name):
policy_universe = modir.lookupByDn('uni')
fv_tenant = Tenant(policy_universe, tenant_name)
# create context
fv_ctx = Ctx(fv_tenant, CTX_NAME)
#
fv_bd = BD(fv_tenant, 'BD1')
#
fv_rs_ctx = RsCtx(fv_bd)
fv_rs_ctx.__setattr__('tnFvCtxName', 'Apple-Router')
fv_subnet_10 = Subnet(fv_bd,'10.0.0.1/24', scope='public')
fv_subnet_20 = Subnet(fv_bd, '20.0.0.1/24', scope='public')
fv_subnet_30 = Subnet(fv_bd, '30.0.0.1/24', scope='public')
fv_subnet_40 = Subnet(fv_bd, '40.0.0.1/24', scope='public')
#
fv_ap = Ap(fv_tenant, '3-TierApp')
fv_aepg_client = AEPg(fv_ap, 'Client')
fv_rs_bd_client = RsBd(fv_aepg_client, tnFvBDName='BD1')
# fv_rs_bd_client.__setattr__('tnFvBDName', 'BD1')
fv_rs_cons_webct_client = RsCons(fv_aepg_client, 'WebCt')
fv_aepg_web = AEPg(fv_ap, 'Web')
fv_rs_bd_web = RsBd(fv_aepg_web, tnFvBDName='BD1')
fv_rs_cons_webct_web = RsProv(fv_aepg_web, 'WebCt')
fv_rs_cons_appct_web = RsCons(fv_aepg_web, 'AppCt')
fv_aepg_app = AEPg(fv_ap, 'App')
fv_rs_bd_app = RsBd(fv_aepg_app, tnFvBDName='DB1')
fv_rs_cons_webct_app = RsProv(fv_aepg_app, 'WebCt')
fv_rs_cons_appct_app = RsCons(fv_aepg_app, 'AppCt')
fv_aepg_db = AEPg(fv_ap, 'DB')
fv_rs_bd_db = RsBd(fv_aepg_db, tnFvBDName='BD1')
fv_rs_prov_db = RsProv(fv_aepg_db, 'DbCt')
print toXMLStr(policy_universe, prettyPrint=True)
# Commit the change using a ConfigRequest object
configReq = ConfigRequest()
configReq.addMo(policy_universe)
modir.commit(configReq)
def connect_epg_contract(fv_aepg, contract_name, contract_type):
"""Apply Contract to EPG. The consumer relation to a binary contract profile."""
# Check the contract type, consumed or provided.
if contract_type.lower() == 'consumed':
# Add a consumed contract to EPG
fv_rscons = RsCons(fv_aepg, contract_name)
elif contract_type.lower() == 'provided':
# Add a provided contract to EPG
fv_rsprov = RsProv(fv_aepg, contract_name)
else:
print 'Invalid Contract Type ' + contract_type + '. Contract_type is either \"consumed\" or \"provided\".'
return
def setupUnenforcedMode(spec, apicMoDir):
logging.debug('Inside setupUnenforcedMode function')
epgList = spec['epgs']
tenant = spec['tenant']
appName = spec['app-prof']
for e in epgList:
epg = SafeDict(e)
epgName = epg['name']
epgDn = 'uni/tn-' + tenant + '/ap-' + appName + '/epg-' + epgName
epgMo = apicMoDir.lookupByDn(epgDn)
epgcR = ConfigRequest()
contrDn = 'uni/tn-common/brc-default'
contrMo = apicMoDir.lookupByDn(contrDn)
consMo = RsCons(epgMo, tnVzBrCPName=contrMo.name)
epgcR.addMo(epgMo)
apicMoDir.commit(epgcR)
def create_L3_epg_provider_or_consumer_contract(l3ext_instp, contract_type,
contract, **args):
"""Labels the EPG as a provider/consumer in the contract. A contract defines what can be communicated along with the protocols and ports on which a provider and consumer are allowed to communicate."""
args = args['optional_args'] if 'optional_args' in args.keys() else args
if contract_type.lower() == 'consumed':
fv_l3epg_cont = RsCons(l3ext_instp,
contract,
prio=get_value(args, 'prio', 'unspecified'))
elif contract_type.lower() == 'provided':
fv_l3epg_cont = RsProv(l3ext_instp,
contract,
prio=get_value(args, 'prio', 'unspecified'),
matchT=get_value(args, 'match_type',
'AtleastOne'))
else:
print 'Invalid Contract Type ' + contract_type + '. Contract_type is either \"consumed\" or \"provided\".'
sys.exit()
return fv_l3epg_cont
def assign_contract(self, epg_dn, provider_dn, consumer_dn):
"""
Assign contracts to an end point group
:param epg_dn:
:param provider_dn: Provider contract
:param consumer_dn: Consumer contract
:return:
"""
epg_mo = self.moDir.lookupByDn(epg_dn)
if len(provider_dn) > 0:
# Retrieve the provider contract
provider_mo = self.moDir.lookupByDn(provider_dn)
# Create the provider relationship with EPG
rsprov_mo = RsProv(epg_mo, provider_mo.name)
self.commit(rsprov_mo)
if len(consumer_dn) > 0:
# Retrieve the consumer contract
consumer_mo = self.moDir.lookupByDn(consumer_dn)
# Creates the consumer relationship with EPG
rscons_mo = RsCons(epg_mo, consumer_mo.name)
self.commit(rscons_mo)
def create_L3_epg_consumer_contract(modir, tenant_name, routed_outside_name,
external_network_name, contract_name,
**args):
fv_tenant = check_if_tenant_exist(modir, tenant_name)
args = args['args_from_CLI'] if 'args_from_CLI' in args.keys() else args
l3ext_instp = modir.lookupByDn('uni/tn-' + tenant_name + '/out-' +
routed_outside_name + '/instP-' +
external_network_name)
if contract_name == '':
contract_name = 'default'
if isinstance(l3ext_instp, InstP):
fv_l3epg_rscons = RsCons(l3ext_instp,
contract_name,
prio=get_value(args, 'prio', 'unspecified'))
else:
print 'External Netwrok', external_network_name, 'does not existed.'
return
print_query_xml(l3ext_instp)
commit_change(modir, l3ext_instp)
def tenant_policy(host, user, password):
print('[BEG] Tenant Configuration')
moDir = apic_login(host, user, password)
uniMo = moDir.lookupByDn('uni')
fvTenantMo = Tenant(uniMo, 'Cobra-Demo')
print('--- Building VRF(s)')
# Create Private Network
vrf1 = Ctx(fvTenantMo, "DC_INSIDE")
vrf2 = Ctx(fvTenantMo, "DC_OUTISDE")
print('--- Building Bridge Domain(s)')
# Create Bridge Domain & Subnets
fvBDMo1 = BD(fvTenantMo, "SERVER_BD1")
fvSubnet = Subnet(fvBDMo1,
name=u'Sub1',
ip=u'106.0.1.1/24',
preferred=u'no',
virtual=u'no')
fvSubnet = Subnet(fvBDMo1,
name=u'Sub2',
ip=u'106.0.2.1/24',
preferred=u'no',
virtual=u'no')
print('--- Adding Subnets to Bridge Domain(s)')
# Create Bridge Domain & Subnets
fvBDMo2 = BD(fvTenantMo, "SERVER_BD2")
fvSubnet = Subnet(fvBDMo2,
name=u'Sub3',
ip=u'106.0.3.1/24',
preferred=u'no',
virtual=u'no',
scope=u'public')
fvSubnet = Subnet(fvBDMo2,
name=u'Sub4',
ip=u'106.0.4.1/24',
preferred=u'no',
virtual=u'yes')
fvSubnet = Subnet(fvBDMo2,
name=u'Sub5',
ip=u'106.0.5.1/24',
preferred=u'no',
virtual=u'no',
scope=u'public')
print('--- Adding Bridge Domain(s) to VRF(s)')
# Create association to private network
fv1RsCtx = RsCtx(fvBDMo1, tnFvCtxName=vrf1.name)
fv2RsCtx = RsCtx(fvBDMo2, tnFvCtxName=vrf1.name)
print('--- Building Web Filter')
# Build Web Filters
vzFilter1 = Filter(fvTenantMo, name=u'Web-Filters')
vzEntry = Entry(vzFilter1,
applyToFrag=u'no',
dToPort=u'https',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'https',
name=u'https')
vzEntry2 = Entry(vzFilter1,
applyToFrag=u'no',
dToPort=u'https',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'https',
name=u'https')
print('--- Building App Filter')
# Build App Filters
vzFilter2 = Filter(fvTenantMo, name=u'App-Filters')
vzEntry = Entry(vzFilter2,
applyToFrag=u'no',
dToPort=u'8080',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'8080',
name=u'tcp8080')
vzEntry2 = Entry(vzFilter2,
dToPort=u'8443',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'8443',
name=u'tcp8443')
print('--- Creating Contract(s)')
#Create Contracts
httpContract = BrCP(fvTenantMo, 'WEB')
vzSubjMo = Subj(httpContract, 'Web-Ports')
RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter1.name)
RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')
appContract = BrCP(fvTenantMo, 'APP')
vzSubjMo = Subj(appContract, 'App-Ports')
RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter2.name)
RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')
dbContract = BrCP(fvTenantMo, 'DB')
vzSubjMo = Subj(dbContract, 'DB-Ports')
RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')
print('--- Creating Application Profile')
#Create Application Profile
fvApMo = Ap(fvTenantMo, 'DemoAppProfile')
print('--- Building EPG: App')
#Build AEPg APP
fvAEPg1 = AEPg(fvApMo, 'APP')
fvAEPgBD1 = RsBd(fvAEPg1, tnFvBDName=fvBDMo1.name)
#Attach Static AEPg to Interface
fvRsPathAtt1 = RsPathAtt(fvAEPg1,
tDn=u'topology/pod-1/paths-101/pathep-[eth1/15]',
primaryEncap=u'unknown',
instrImedcy=u'lazy',
mode=u'regular',
encap=u'vlan-2005')
AppProv1 = RsProv(fvAEPg1, tnVzBrCPName=appContract.name)
AppCons1 = RsCons(fvAEPg1, tnVzBrCPName=dbContract.name)
print('--- Building EPG: Web')
#Build AEPg WEB
fvAEPg2 = AEPg(fvApMo, 'WEB')
fvAEPgBD1 = RsBd(fvAEPg2, tnFvBDName=fvBDMo2.name)
#Attach Static AEPg to Interface
fvRsPathAtt2 = RsPathAtt(fvAEPg2,
tDn=u'topology/pod-1/paths-101/pathep-[eth1/16]',
primaryEncap=u'unknown',
instrImedcy=u'lazy',
mode=u'regular',
encap=u'vlan-2006')
WebProv1 = RsProv(fvAEPg2, tnVzBrCPName=httpContract.name)
WebCons1 = RsCons(fvAEPg2, tnVzBrCPName=appContract.name)
print('--- Building EPG: DB')
#Build AEPg DB
fvAEPg3 = AEPg(fvApMo, 'DB')
print(' --- Attaching DB to Bridge Domain: ' + fvBDMo2.name)
fvAEPgBD1 = RsBd(fvAEPg3, tnFvBDName=fvBDMo2.name)
#Attach Static AEPg to Interface
fvRsPathAtt3 = RsPathAtt(fvAEPg3,
tDn=u'topology/pod-1/paths-101/pathep-[eth1/17]',
primaryEncap=u'unknown',
instrImedcy=u'lazy',
mode=u'regular',
encap=u'vlan-2007')
DbProv1 = RsProv(fvAEPg3, tnVzBrCPName=dbContract.name)
print('--- Building L3 Out')
# Configure L3 Out
l3extOut = Out(fvTenantMo, name=u'L3Ext-Cobra', enforceRtctrl=u'export')
l3extRsEctx = RsEctx(l3extOut, tnFvCtxName=vrf1.name)
l3extLNodeP = LNodeP(l3extOut, name=u'Leaf102')
l3extRsNodeL3OutAtt = RsNodeL3OutAtt(l3extLNodeP,
rtrIdLoopBack=u'no',
rtrId=u'10.10.15.250',
tDn=u'topology/pod-1/node-102')
l3extLIfP = LIfP(l3extLNodeP, name=u'port1-Cobra')
ospfIfP = IfP(l3extLIfP, authKeyId=u'1')
ospfRsIfPol = RsIfPol(ospfIfP, tnOspfIfPolName=u'OSPF-P2P')
l3extRsPathL3OutAtt = RsPathL3OutAtt(
l3extLIfP,
addr=u'10.10.100.9/30',
encapScope=u'local',
mode=u'regular',
ifInstT=u'l3-port',
mtu=u'1500',
tDn=u'topology/pod-1/paths-102/pathep-[eth1/1]')
l3extInstP = l3ext.InstP(l3extOut, name=u'L3-OUT-EPG')
fvRsCons = RsCons(l3extInstP, tnVzBrCPName=httpContract.name)
l3extSubnet = L3Sub(l3extInstP, ip=u'0.0.0.0/0')
ospfExtP = ExtP(l3extOut,
areaCtrl=u'redistribute,summary',
areaId=u'0.0.0.1',
areaType=u'regular',
areaCost=u'1')
BDAttL3Out1 = RsBDToOut(fvBDMo2, tnL3extOutName=l3extOut.name)
cfg_commit(moDir, fvTenantMo)
print('[END] Tenant Configuration')
def addContractLinks(spec, apicMoDir):
logging.debug('Inside addContractLinks function')
epgList = spec['epgs']
tenant = spec['tenant']
appName = spec['app-prof']
tenMo = tenantDict[tenant]
for e in epgList:
epg = SafeDict(e)
epgName = epg['name']
links = epg['contract-links']
if links is 'missing':
logging.debug('No contract links specified for epg {}'.format(epgName))
continue
epgDn = 'uni/tn-' + tenant + '/ap-' + appName + '/epg-' + epgName
epgMo = apicMoDir.lookupByDn(epgDn)
# If the EPG mo does not exist, nothing can be
# done. Typically, should not happen.
if epgMo is None:
logging.error('Could not locate epg %s within tenant %s' % (epgName, tenant))
return ['ERROR', "Could not locate epg {}".format(epgName)]
epgcR = ConfigRequest()
for l in links:
link = SafeDict(l)
cKind = link['contract-kind']
if cKind != "EXTERNAL" and cKind != "INTERNAL":
logging.error('Unknown contract-kind')
return ['ERROR', "Unknown contract-kind {}".format(cKind)]
if cKind == "EXTERNAL":
contrMo = apicMoDir.lookupByDn(link['contract-dn'])
if contrMo is None:
logging.error('ERROR external contract {} not found'.format(link['contract-dn']))
return ['ERROR', "No ext contract {}".format(link['contract-dn'])]
if cKind == "INTERNAL":
ccName = link['contract-name']
contractDN = 'uni/tn-' + tenant + '/brc-' + ccName
contrMo = apicMoDir.lookupByDn(contractDN)
if contrMo is None:
#add the cc Mo, so we can setup the link
contrMo = BrCP(tenMo, ccName)
ccCR = ConfigRequest()
ccCR.addMo(contrMo)
apicMoDir.commit(ccCR)
# at this point, we are ready to add cons/prov link
if link['link-kind'] == "CONSUME":
linkMo = RsCons(epgMo, tnVzBrCPName=contrMo.name)
logging.debug('epg {} consumes {}'.format(epgName, contrMo.name))
else:
linkMo = RsProv(epgMo, tnVzBrCPName=contrMo.name)
logging.debug('epg {} provides {}'.format(epgName, contrMo.name))
epgcR.addMo(epgMo)
apicMoDir.commit(epgcR)
return ['success', 'ok']