def create_filter(fv_tenant, filter, **args):
"""Create a filter"""
args = args['optional_args'] if 'optional_args' in args.keys() else args
# Create filter
vz_filter = Filter(fv_tenant, filter)
# Add an entry to the filter
vz_entry = Entry(vz_filter,
get_value(args, 'entry_name', filter.lower()),
etherT=get_value(args, 'ether_type',
DEFAULT_ETHER_TYPE).lower(),
prot=get_value(args, 'ip_protocol',
DEFAULT_IP_PROTOCOL).lower(),
arpOpc=get_value(args, 'arp_flag',
DEFAULT_ARP_FLAG).lower(),
applyToFrag=get_value(args, 'apply_frag',
DEFAULT_APPLY_FRAG),
sFromPort=get_value(args, 'source_port_from',
DEFAULT_SOURCE_PORT_FROM),
sToPort=get_value(args, 'source_port_to',
DEFAULT_SOURCE_PORT_TO),
dFromPort=get_value(args, 'destination_port_from',
DEFAULT_DESTINATION_PORT_FROM),
dToPort=get_value(args, 'destination_port_to',
DEFAULT_DESTINATION_PORT_TO),
tcpRules=get_value(args, 'tcp_flag', DEFAULT_TCP_FLAG))
def create_filters(modir, tenant_name):
policy_universe = modir.lookupByDn('uni')
fv_tenant = Tenant(policy_universe, tenant_name)
# create filter for http
vz_filter_http = Filter(fv_tenant, FILTER_HTTP_NAME)
vz_entry_http = Entry(vz_filter_http,
'DPort-80',
dFromPort='80',
dToPort='80',
etherT='ip',
prot='tcp')
#create filter for rmi
vz_filter_rmi = Filter(fv_tenant, FILTER_RMI_NAME)
vz_entry_rmi = Entry(vz_filter_http,
'DPort-1514',
dFromPort='1514',
dToPort='1514',
etherT='ip',
prot='tcp')
# create filter for sql
vz_filter_sql = Filter(fv_tenant, FILTER_RMI_NAME)
vz_entry_sql = Entry(vz_filter_http,
'DPort-1433',
dFromPort='1433',
dToPort='1433',
etherT='ip',
prot='tcp')
# print the query in XML format
print toXMLStr(policy_universe, prettyPrint=True)
# Commit the change using a ConfigRequest object
configReq = ConfigRequest()
configReq.addMo(policy_universe)
modir.commit(configReq)
def create_filter(modir, tenant_name, filter_name, **args):
"""Create a filter"""
# Query a tenant
fv_tenant = modir.lookupByDn('uni/tn-' + tenant_name)
args = args['args_from_CLI'] if 'args_from_CLI' in args.keys() else args
# Check if the tenant exists
if isinstance(fv_tenant, Tenant):
# Create filter
vz_filter = Filter(fv_tenant, filter_name)
# Add an entry to the filter
vz_entry = Entry(vz_filter,
get_value(args, 'entry_name', filter_name.lower()),
etherT=get_value(args, 'ether_type',
DEFAULT_ETHER_TYPE).lower(),
prot=get_value(args, 'ip_protocol',
DEFAULT_IP_PROTOCOL).lower(),
applyToFrag=get_value(args, 'apply_frag',
DEFAULT_APPLY_FRAG),
sFromPort=get_value(args, 'source_port_from',
DEFAULT_SOURCE_PORT_FROM),
sToPort=get_value(args, 'source_port_to',
DEFAULT_SOURCE_PORT_TO),
dFromPort=get_value(args, 'destination_port_from',
DEFAULT_DESTINATION_PORT_FROM),
dToPort=get_value(args, 'destination_port_to',
DEFAULT_DESTINATION_PORT_TO),
tcpRules=get_value(args, 'tcp_flag',
DEFAULT_TCP_FLAG))
else:
print 'Tenant', tenant_name, 'does not exist. Please create a tenant first'
return
print toXMLStr(fv_tenant, prettyPrint=True)
commit_change(modir, fv_tenant)
def tenant_policy(host, user, password):
print('[BEG] Tenant Configuration')
moDir = apic_login(host, user, password)
uniMo = moDir.lookupByDn('uni')
fvTenantMo = Tenant(uniMo, 'Cobra-Demo')
print('--- Building VRF(s)')
# Create Private Network
vrf1 = Ctx(fvTenantMo, "DC_INSIDE")
vrf2 = Ctx(fvTenantMo, "DC_OUTISDE")
print('--- Building Bridge Domain(s)')
# Create Bridge Domain & Subnets
fvBDMo1 = BD(fvTenantMo, "SERVER_BD1")
fvSubnet = Subnet(fvBDMo1,
name=u'Sub1',
ip=u'106.0.1.1/24',
preferred=u'no',
virtual=u'no')
fvSubnet = Subnet(fvBDMo1,
name=u'Sub2',
ip=u'106.0.2.1/24',
preferred=u'no',
virtual=u'no')
print('--- Adding Subnets to Bridge Domain(s)')
# Create Bridge Domain & Subnets
fvBDMo2 = BD(fvTenantMo, "SERVER_BD2")
fvSubnet = Subnet(fvBDMo2,
name=u'Sub3',
ip=u'106.0.3.1/24',
preferred=u'no',
virtual=u'no',
scope=u'public')
fvSubnet = Subnet(fvBDMo2,
name=u'Sub4',
ip=u'106.0.4.1/24',
preferred=u'no',
virtual=u'yes')
fvSubnet = Subnet(fvBDMo2,
name=u'Sub5',
ip=u'106.0.5.1/24',
preferred=u'no',
virtual=u'no',
scope=u'public')
print('--- Adding Bridge Domain(s) to VRF(s)')
# Create association to private network
fv1RsCtx = RsCtx(fvBDMo1, tnFvCtxName=vrf1.name)
fv2RsCtx = RsCtx(fvBDMo2, tnFvCtxName=vrf1.name)
print('--- Building Web Filter')
# Build Web Filters
vzFilter1 = Filter(fvTenantMo, name=u'Web-Filters')
vzEntry = Entry(vzFilter1,
applyToFrag=u'no',
dToPort=u'https',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'https',
name=u'https')
vzEntry2 = Entry(vzFilter1,
applyToFrag=u'no',
dToPort=u'https',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'https',
name=u'https')
print('--- Building App Filter')
# Build App Filters
vzFilter2 = Filter(fvTenantMo, name=u'App-Filters')
vzEntry = Entry(vzFilter2,
applyToFrag=u'no',
dToPort=u'8080',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'8080',
name=u'tcp8080')
vzEntry2 = Entry(vzFilter2,
dToPort=u'8443',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'8443',
name=u'tcp8443')
print('--- Creating Contract(s)')
#Create Contracts
httpContract = BrCP(fvTenantMo, 'WEB')
vzSubjMo = Subj(httpContract, 'Web-Ports')
RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter1.name)
RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')
appContract = BrCP(fvTenantMo, 'APP')
vzSubjMo = Subj(appContract, 'App-Ports')
RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter2.name)
RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')
dbContract = BrCP(fvTenantMo, 'DB')
vzSubjMo = Subj(dbContract, 'DB-Ports')
RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')
print('--- Creating Application Profile')
#Create Application Profile
fvApMo = Ap(fvTenantMo, 'DemoAppProfile')
print('--- Building EPG: App')
#Build AEPg APP
fvAEPg1 = AEPg(fvApMo, 'APP')
fvAEPgBD1 = RsBd(fvAEPg1, tnFvBDName=fvBDMo1.name)
#Attach Static AEPg to Interface
fvRsPathAtt1 = RsPathAtt(fvAEPg1,
tDn=u'topology/pod-1/paths-101/pathep-[eth1/15]',
primaryEncap=u'unknown',
instrImedcy=u'lazy',
mode=u'regular',
encap=u'vlan-2005')
AppProv1 = RsProv(fvAEPg1, tnVzBrCPName=appContract.name)
AppCons1 = RsCons(fvAEPg1, tnVzBrCPName=dbContract.name)
print('--- Building EPG: Web')
#Build AEPg WEB
fvAEPg2 = AEPg(fvApMo, 'WEB')
fvAEPgBD1 = RsBd(fvAEPg2, tnFvBDName=fvBDMo2.name)
#Attach Static AEPg to Interface
fvRsPathAtt2 = RsPathAtt(fvAEPg2,
tDn=u'topology/pod-1/paths-101/pathep-[eth1/16]',
primaryEncap=u'unknown',
instrImedcy=u'lazy',
mode=u'regular',
encap=u'vlan-2006')
WebProv1 = RsProv(fvAEPg2, tnVzBrCPName=httpContract.name)
WebCons1 = RsCons(fvAEPg2, tnVzBrCPName=appContract.name)
print('--- Building EPG: DB')
#Build AEPg DB
fvAEPg3 = AEPg(fvApMo, 'DB')
print(' --- Attaching DB to Bridge Domain: ' + fvBDMo2.name)
fvAEPgBD1 = RsBd(fvAEPg3, tnFvBDName=fvBDMo2.name)
#Attach Static AEPg to Interface
fvRsPathAtt3 = RsPathAtt(fvAEPg3,
tDn=u'topology/pod-1/paths-101/pathep-[eth1/17]',
primaryEncap=u'unknown',
instrImedcy=u'lazy',
mode=u'regular',
encap=u'vlan-2007')
DbProv1 = RsProv(fvAEPg3, tnVzBrCPName=dbContract.name)
print('--- Building L3 Out')
# Configure L3 Out
l3extOut = Out(fvTenantMo, name=u'L3Ext-Cobra', enforceRtctrl=u'export')
l3extRsEctx = RsEctx(l3extOut, tnFvCtxName=vrf1.name)
l3extLNodeP = LNodeP(l3extOut, name=u'Leaf102')
l3extRsNodeL3OutAtt = RsNodeL3OutAtt(l3extLNodeP,
rtrIdLoopBack=u'no',
rtrId=u'10.10.15.250',
tDn=u'topology/pod-1/node-102')
l3extLIfP = LIfP(l3extLNodeP, name=u'port1-Cobra')
ospfIfP = IfP(l3extLIfP, authKeyId=u'1')
ospfRsIfPol = RsIfPol(ospfIfP, tnOspfIfPolName=u'OSPF-P2P')
l3extRsPathL3OutAtt = RsPathL3OutAtt(
l3extLIfP,
addr=u'10.10.100.9/30',
encapScope=u'local',
mode=u'regular',
ifInstT=u'l3-port',
mtu=u'1500',
tDn=u'topology/pod-1/paths-102/pathep-[eth1/1]')
l3extInstP = l3ext.InstP(l3extOut, name=u'L3-OUT-EPG')
fvRsCons = RsCons(l3extInstP, tnVzBrCPName=httpContract.name)
l3extSubnet = L3Sub(l3extInstP, ip=u'0.0.0.0/0')
ospfExtP = ExtP(l3extOut,
areaCtrl=u'redistribute,summary',
areaId=u'0.0.0.1',
areaType=u'regular',
areaCost=u'1')
BDAttL3Out1 = RsBDToOut(fvBDMo2, tnL3extOutName=l3extOut.name)
cfg_commit(moDir, fvTenantMo)
print('[END] Tenant Configuration')
def addDefinedContracts(spec, apicMoDir):
logging.debug('Inside addDefinedContracts function')
tenant = spec['tenant']
tenMo = tenantDict[tenant]
appName = spec['app-prof']
resrcList = []
contracts = spec['contract-defs']
if contracts is 'missing':
logging.info('No defined contracts in {}'.format(appName))
return
cR = ConfigRequest()
cR.addMo(tenMo)
for cc in contracts:
c = SafeDict(cc)
logging.debug('>> Adding contract {}'.format(c['name']))
contractCR = ConfigRequest()
# filter container
filterName = 'filt-' + c['name']
filterMo = Filter(tenMo, filterName)
# save the filter dn to this app's resource list
resrcList.append(filterMo)
filters = c['filter-info']
logging.debug(filters)
if filters is 'missing':
logging.error('ERROR no filters in contract')
continue
for eachEntry in filters:
filterEntry = SafeDict(eachEntry)
ipProtocol = filterEntry['protocol']
servPort = filterEntry['servport']
etherType = 'ip'
filterProto = 0
filterPort = 0
if ipProtocol is not 'missing':
filterProto = ipProtoNametoNumber(ipProtocol)
if servPort is not 'missing':
filterPort = int(servPort)
# Form the entry name
entryName = 'entry-' + etherType
if filterProto > 0:
entryName = entryName + '-' + ipProtocol
if filterPort > 0:
entryName = entryName + '-' + servPort
logging.info('creating filter entry {}'.format(entryName))
entryMo = Entry(filterMo, entryName)
entryMo.etherT = etherType
if filterProto > 0:
entryMo.prot = filterProto
# Set port information only if TCP or UDP
if entryMo.prot == 6 or entryMo.prot == 17:
if filterPort > 0:
entryMo.dFromPort = filterPort
entryMo.dToPort = filterPort
# contract container
ccName = c['name']
logging.info('==>contract name:%s' % ccName)
ccMo = BrCP(tenMo, ccName)
# save the contract dn to this app's resource list
resrcList.append(ccMo)
# subject for associating filter to contract
subjName = 'subj-' + ccName
subjMo = Subj(ccMo, subjName)
RsSubjFiltAtt(subjMo, tnVzFilterName=filterMo.name)
contractCR.addMo(ccMo)
apicMoDir.commit(contractCR)
cR = ConfigRequest()
cR.addMo(tenMo)
apicMoDir.commit(cR)
# save the resource list
appKey = tenant + '-' + appName
appResourceDict[appKey] = resrcList