def createPodPolicy(config):
fabricInst = aciFabric.Inst(aciPol.Uni(''))
aciDateTime.Format(fabricInst, name='default', tz=config.timezone)
datetimePol = aciDateTime.Pol(fabricInst, name='default')
for ntp in config.ntpList:
datetimeNtpProv = aciDateTime.NtpProv(datetimePol,
preferred=ntp['preferred'],
name=ntp['name'],
descr=ntp['descr'])
aciDateTime.RsNtpProvToEpg(datetimeNtpProv,
tDn='uni/tn-mgmt/mgmtp-default/oob-default')
bgpInstPol = aciBgp.InstPol(fabricInst, name='default')
aciBgp.AsP(bgpInstPol, name='aspn', asn=config.bgpAsn)
bgpRRP = aciBgp.RRP(bgpInstPol, name='route-reflector')
for rrNodeId in getRrNodeIdList(config.fabricNodes):
aciBgp.RRNodePEp(bgpRRP, id=rrNodeId)
fabricFuncP = aciFabric.FuncP(fabricInst)
fabricPodPGrp = aciFabric.PodPGrp(fabricFuncP,
name='default-PodPolicyGroup')
aciFabric.RsPodPGrpBGPRRP(fabricPodPGrp, tnBgpInstPolName='default')
aciFabric.RsTimePol(fabricPodPGrp, tnDatetimePolName='default')
aciFabric.RsPodPGrpIsisDomP(fabricPodPGrp, tnIsisDomPolName='default')
aciFabric.RsPodPGrpCoopP(fabricPodPGrp, tnCoopPolName='default')
aciFabric.RsCommPol(fabricPodPGrp, tnCommPolName='default')
aciFabric.RsSnmpPol(fabricPodPGrp, tnSnmpPolName='default')
fabricPodP = aciFabric.PodP(fabricInst, name='default')
fabricPodS = aciFabric.PodS(fabricPodP, type='ALL', name='default')
aciFabric.RsPodPGrp(fabricPodS, tDn=fabricPodPGrp.dn)
return fabricInst
def create_vpc_protection_groups(policies, fabricNodes):
mo = aciFabric.Inst(aciPol.Uni(''))
for policy in policies:
# Create the VPC Protection Policy
fabricProtPol = aciFabric.ProtPol(mo,
name=policy['name'],
pairT=policy['pairT'])
# Information passed are node names, we need node IDs
leafs = dict([n.name, n.id] for n in fabricNodes if n.role == 'leaf')
# Create the specific pairing
for vpc_id, members in policy['vpc_pairs'].items():
vpc_name = 'VPC-EPG-{0}'.format('-'.join(members))
vpcEpg = aciFabric.ExplicitGEp(fabricProtPol,
name=vpc_name,
id=vpc_id)
# Bind the domain policy to it
aciFabric.RsVpcInstPol(
vpcEpg, tnVpcInstPolName=policy['vpc_domain_policy'])
# Add the node members to it
for node in members:
aciFabric.NodePEp(vpcEpg,
id=leafs[node],
podId=policy['podId'])
return mo
def configureBackupPolicy(config):
fabricInst = aciFabric.Inst(aciPol.Uni(''))
fileRemotePath = aciFile.RemotePath(fabricInst,
userName=config['path']['user'],
remotePort=config['path']['port'],
protocol=config['path']['protocol'],
name=config['path']['name'],
descr=config['path']['descr'],
userPasswd=config['path']['password'],
host=config['path']['host'],
remotePath=config['path']['remotePath']
)
aciFile.RsARemoteHostToEpg(fileRemotePath,
tDn='uni/tn-mgmt/mgmtp-default/oob-default')
trigSchedP = aciTrig.SchedP(fabricInst, name=config['schedule']['name'])
aciTrig.RecurrWindowP(trigSchedP, name=config['schedule']['period'],
hour=config['schedule']['hour'])
configExportP = aciConfig.ExportP(fabricInst, name=config['name'],
descr=config['descr'],
adminSt='triggered')
aciConfig.RsExportScheduler(configExportP,
tnTrigSchedPName=config['schedule']['name'])
aciConfig.RsRemotePath(configExportP,
tnFileRemotePathName=config['path']['name'])
return fabricInst
def create_ntp_policy(mo, policy):
if mo is None:
mo = aciFabric.Inst(aciPol.Uni(''))
datetimePol = aciNtp.Pol(mo,
name=policy['name'],
adminSt=policy['adminSt'],
authSt=policy['authSt'],
serverState=policy['serverState'],
masterMode=policy['masterMode'])
for id, prov in enumerate(policy['datetimeNtpProv']):
# aciNtp.NtpAuthKey(
# datetimePol, id=str(id+1),
# key=prov['key'], keyType=prov['keyType'], trusted=prov['trusted']
# )
prov = aciNtp.NtpProv(datetimePol,
name=prov['name'],
preferred=prov['preferred'],
minPoll=prov['minPoll'],
maxPoll=prov['maxPoll'],
keyId=str(id + 1))
# aciNtp.RsNtpProvToNtpAuthKey(prov, tnDatetimeNtpAuthKeyId=str(id+1))
aciNtp.RsNtpProvToEpg(prov,
tDn='uni/tn-mgmt/mgmtp-default/oob-default')
return mo
def create_bgp_policy(mo, policy, nodes):
"""
If nodes is passed, it's a dictionary of "name": "id" info for the
fabric nodes (non-controller)
"""
# Create new object if needed
if mo is None:
mo = aciFabric.Inst(aciPol.Uni(''))
# Create top level BGP policy
bgpInstPol = aciBgp.InstPol(mo, name=policy['name'])
# Add ASN daughter
aciBgp.AsP(bgpInstPol, asn=policy['bgpAsP']['asn'])
# Add BGP (Internal) RR Fabric Policy
aciRRP = aciBgp.RRP(bgpInstPol)
# Add BGP (Internal) RR node
podId = policy['bgpRRP']['podId']
for rr in policy['bgpRRP']['bgpRRNodePEp']:
nodeId = nodes[rr]
aciBgp.RRNodePEp(aciRRP, id=nodeId, podId=podId)
return mo
def create_snmp_policy(mo, policy):
# Create new object if needed
if mo is None:
mo = aciFabric.Inst(aciPol.Uni(''))
snmpPol = snmp.Pol(mo,
name=policy['name'],
adminSt=policy['adminSt'],
contact=policy['contact'],
loc=policy['loc'])
for user in policy['snmpUserP']:
snmp.UserP(snmpPol,
name=user['name'],
authType=user['authType'],
privType=user['privType'],
authKey=user['authKey'],
privkey=user['privKey'])
for trap in policy['snmpTrapFwdServerP']:
snmp.TrapFwdServerP(snmpPol, addr=trap['addr'], port=trap['port'])
for comm in policy['snmpCommunityP']:
snmp.CommunityP(snmpPol, name=comm['name'])
for clientGrp in policy['snmpClientGrpP']:
clntGrp = snmp.ClientGrpP(snmpPol, name=clientGrp['name'])
snmp.RsEpg(clntGrp, tDn='uni/tn-mgmt/mgmtp-default/oob-default')
for client in clientGrp['snmpClientP']:
snmp.ClientP(clntGrp, name=client['name'], addr=client['addr'])
return mo
def create_coop_policy(mo, policy):
# Validate input
required_attributes(coop_attributes, list(policy.keys()))
# Create new object if needed
if mo is None:
mo = aciFabric.Inst(aciPol.Uni(''))
aciCoop.Pol(mo, name=policy['name'], type=policy['type'])
return mo
def create_snmp_group_policy(mo, policy):
# Create new object if needed
if mo is None:
mo = aciFabric.Inst(aciPol.Uni(''))
snmpGroup = snmp.Group(mo, name=policy['name'])
for dest in policy['snmpTrapDest']:
trapDest = snmp.TrapDest(snmpGroup,
host=dest['host'],
port=dest['port'],
notifT=dest['notifT'],
ver=dest['ver'],
secName=dest['secName'],
v3SecLvl=dest['v3SecLvl'])
aciFile.RsARemoteHostToEpg(trapDest,
tDn='uni/tn-mgmt/mgmtp-default/oob-default')
return mo
def create_dns_policy(mo, policy):
if mo is None:
mo = aciFabric.Inst(aciPol.Uni(''))
dnsProfile = aciDNS.Profile(mo, name=policy['name'])
aciDNS.RsProfileToEpg(dnsProfile,
tDn='uni/tn-mgmt/mgmtp-default/oob-default')
for provider in policy['dnsProv']:
aciDNS.Prov(dnsProfile,
addr=provider['addr'],
preferred=provider['preferred'])
for domain in policy['dnsDomain']:
aciDNS.Domain(dnsProfile,
name=domain['name'],
isDefault=domain['isDefault'])
return mo
def create_syslog_policy(mo, policy):
if mo is None:
mo = aciFabric.Inst(aciPol.Uni(''))
slGrp = aciSyslog.Group(mo,
name=policy['name'],
format=policy['format'],
includeMilliSeconds=policy['includeMilliSeconds'])
p = policy['syslogProf']
aciSyslog.Prof(slGrp, name=p['name'], adminState=p['adminState'])
p = policy['syslogFile']
aciSyslog.File(slGrp,
adminState=p['adminState'],
format=p['format'],
severity=p['severity'])
p = policy['syslogConsole']
aciSyslog.Console(slGrp,
adminState=p['adminState'],
format=p['format'],
severity=p['severity'])
# Remote destinations
for d in policy['syslogRemoteDest']:
dest = aciSyslog.RemoteDest(slGrp,
name=d['name'],
host=d['host'],
port=d['port'],
adminState=d['adminState'],
format=d['format'],
severity=d['severity'],
forwardingFacility=d['forwardingFacility'])
aciFile.RsARemoteHostToEpg(dest,
tDn='uni/tn-mgmt/mgmtp-default/oob-default')
return mo
