def ensure_subnet_created(self, network_id, address_scope_name, gateway):
tenant = self.get_tenant(network_id)
scope_config = self._get_address_scope_config(address_scope_name)
l3_outs = scope_config['l3_outs']
bd = fv.BD(tenant, network_id)
subnet = fv.Subnet(bd,
gateway,
scope=scope_config.get('scope', 'public'),
ctrl='querier')
subnet_outs = []
for l3_out in l3_outs.split(','):
out = self._find_l3_out(network_id, l3_out)
if out:
LOG.info('Configure L3 out for subnet, {}'.format(out.name))
subnet_outs.append(fv.RsBDSubnetToOut(subnet, out.name))
else:
LOG.error(
'Cannot configure L3 out for subnet, {} not found in ACI configuration'
.format(l3_out))
# We don't need the out profiles for now
# subnet_out_profile = RsBDSubnetToProfile(subnet,l3_out,tnL3extOutName=l3_out)
# self.apic.commit(subnet_out_profile)
self.apic.commit([subnet] + subnet_outs)
def ensure_external_network_configured(self,
network_id,
address_scope_name,
delete=False):
tenant = self.get_tenant(network_id)
scope_config = self._get_address_scope_config(address_scope_name)
l3_outs = scope_config['l3_outs']
vrf_name = scope_config['vrf']
# prepare bridge domain
bd = fv.BD(tenant, network_id)
# We don't need the out profiles for now
# out_profile = RsBDToProfile(bd,tnL3extOutName=l3_out_name)
vrf = fv.RsCtx(bd, vrf_name, tnFvCtxName=vrf_name)
bd_outs = []
for l3_out in l3_outs.split(','):
out = self._find_l3_out(network_id, l3_out)
if out:
LOG.info('Configure L3 out for network, {}'.format(out.name))
bd_out = fv.RsBDToOut(bd, out.name)
if delete:
bd_out.delete()
bd_outs.append(bd_out)
else:
LOG.error(
'Cannot configure L3 out for BD, {} not found in ACI configuration'
.format(l3_out))
#if delete:
# vrf.delete() #TODO: the RsCtx object cannot be deleted, need to find out how to clear on the BD
# Prepare EPG
app = fv.Ap(tenant, self.apic_application_profile)
epg = fv.AEPg(app, network_id)
epg_contracts = []
contract_def = ast.literal_eval(scope_config['contracts'])
for type, contracts in contract_def.iteritems():
if type == 'consumed':
for contract in contracts:
contract = fv.RsCons(epg, contract)
if delete:
contract.delete()
epg_contracts.append(contract)
elif type == 'provided':
for contract in contracts:
contract = fv.RsProv(epg, contract)
if delete:
contract.delete()
epg_contracts.append(contract)
self.apic.commit([vrf] + bd_outs + epg_contracts)
def ensure_subnet_deleted(self, network_id, gateway):
tenant = self.get_tenant(network_id)
bd = fv.BD(tenant, network_id)
subnet = fv.Subnet(bd, gateway)
subnet.delete()
self.apic.commit(subnet)
def ensure_internal_network_configured(self, network_id, delete=False):
tenant = self.get_tenant(network_id)
bd = fv.BD(tenant, network_id)
vrf = fv.RsCtx(bd,
self.tenant_default_vrf,
tnFvCtxName=self.tenant_default_vrf)
self.apic.commit(vrf)
def delete_domain_and_epg(self, network_id, transaction=None):
tenant = self.get_tenant(network_id)
bd = fv.BD(tenant, network_id)
bd.delete()
app = fv.Ap(tenant, self.apic_application_profile)
epg = fv.AEPg(app, network_id)
epg.delete()
self.apic.commit(epg)
self.apic.commit(bd)
if (len(self.get_tenant_bridge_domains(tenant)) == 0
and len(self.get_tenant_epgs(tenant)) == 0):
tenant.delete()
self.apic.commit(tenant)
def ensure_domain_and_epg(self, network_id):
tenant = self.get_or_create_tenant(network_id)
bd = fv.BD(tenant, network_id, arpFlood=1, unkMacUcastAct=0)
app = fv.Ap(tenant, self.apic_application_profile)
epg = fv.AEPg(app, network_id)
# Add EPG to BD domain
rsbd = fv.RsBd(epg, network_id, tnFvBDName=bd.name)
# We have to make seperate config requests because cobra can't
# handle MOs with different root contexts
self.apic.commit(bd)
self.apic.commit([app, epg, rsbd])
return network_id
apicUsername = '******' + TacacsUser
apicPassword = TacacsPassword
loginSession = LoginSession(apicUrl, apicUsername, apicPassword)
# Create a session with the APIC and login
moDir = MoDirectory(loginSession)
moDir.login()
#Prompt User for Tenant to create BD in.
#UserTenant = raw_input('Create BD in which tenant? ')
# Start at the Tenant of MIT tree
TenantMo = moDir.lookupByDn((r'uni/tn-ExampleSdkTenant'))
# Create a new BD MO and connect it as a Child object to the Tenant MO
fvBDMo = fvModels.BD(TenantMo, name='myBD')
# Associate the VRF under the new BD
fvRsCtxMo = fvModels.RsCtx(fvBDMo, tnFvCtxName='myVRF')
# Add Subnet to BD
fvSubnetMo = fvModels.Subnet(fvBDMo, ip='10.20.30.1/24')
# Create a new configuration request to the APIC and pass in the new Tenant MO (including its children MOs)
# Commit the changes to the APIC
cfgRequest = ConfigRequest()
cfgRequest.addMo(fvBDMo)
moDir.commit(cfgRequest)
# Log Out once the request is complete
moDir.logout()
def create_overlay_policy(apic=None, policy=None):
mo = aciPol.Uni('')
for name, data in policy.items():
# Create tenant behind the scenes
tenantName = '{0}_Tenant'.format(name)
fvTenant = aciFv.Tenant(mo, name=tenantName)
# Create the required VRF as well
vrfName = '{0}_VRF'.format(name)
fvCtx = aciFv.Ctx(fvTenant, name=vrfName)
# Create BD
for vlan in data['vlans']:
vlanName = 'VLAN_{0}'.format(vlan['id'])
if vlan['optimized']:
fvBD = aciFv.BD(fvTenant,
name=vlanName,
OptimizeWanBandwidth='no',
arpFlood='no',
epClear='no',
hostBasedRouting='yes',
intersiteBumTrafficAllow='no',
intersiteL2Stretch='no',
ipLearning='yes',
limitIpLearnToSubnets='yes',
llAddr='::',
mac='00:22:BD:F8:19:FF',
mcastAllow='no',
multiDstPktAct='encap-flood',
type='regular',
unicastRoute='yes',
unkMacUcastAct='proxy',
unkMcastAct='opt-flood',
v6unkMcastAct='flood',
vmac='not-applicable')
else:
fvBD = aciFv.BD(fvTenant,
name=vlanName,
OptimizeWanBandwidth='no',
arpFlood='yes',
epClear='no',
hostBasedRouting='no',
intersiteBumTrafficAllow='no',
intersiteL2Stretch='no',
ipLearning='yes',
limitIpLearnToSubnets='yes',
llAddr='::',
mac='00:22:BD:F8:19:FF',
mcastAllow='no',
multiDstPktAct='bd-flood',
type='regular',
unicastRoute='yes',
unkMacUcastAct='flood',
unkMcastAct='flood',
v6unkMcastAct='flood',
vmac='not-applicable')
aciFv.Subnet(fvBD,
ip=vlan['subnet'],
preferred='no',
scope='private',
virtual='no')
aciFv.RsCtx(fvBD, tnFvCtxName='{0}_VRF'.format(name))
fvAp = aciFv.Ap(fvTenant, name='{0}_AppProf'.format(vlanName))
aciFv.RsApMonPol(fvAp, tnMonEPGPolName='default')
# REMAINING TASKS
# Create EPGs
# aciFv.EPg(fvAp, name, matchT, etc...)
# Contracts
return mo
def create_inb_mgmt_policies(apic=None, policy=None, nodes=None):
# First create the inband bridge domain, bind to inb context/VRF
fvTenant = aciFv.Tenant(aciPol.Uni(''), name='mgmt')
fvBD = aciFv.BD(fvTenant, name='inb')
aciFv.RsCtx(fvBD, tnFvCtxName='inb')
# Second create INB management contract to permit SSH
vzBrCp = aciVz.BrCP(fvTenant,
name=policy['inb_contract_name'],
scope='context',
prio='unspecified',
targetDscp='unspecified')
vzSubj = aciVz.Subj(vzBrCp,
name=policy['inb_subject_name'],
provMatchT='AtleastOne',
consMatchT='AtleastOne',
prio='unspecified',
targetDscp='unspecified',
revFltPorts='yes')
# Simply replicate this line for other filtername
aciVz.RsSubjFiltAtt(vzSubj,
action='permit',
tnVzFilterName='tcp_src_port_any_to_dst_port_22')
# Third, create inb mgmt EPG
mgmtMgmtP = aciMgmt.MgmtP(fvTenant, name='default')
mgmtInB = aciMgmt.InB(mgmtMgmtP,
name=policy['inb_epg_name'],
encap=policy['vlan'],
floodOnEncap='disabled',
matchT='AtleastOne',
prefGrMemb='exclude',
prio='unspecified')
# Bind to BD
aciMgmt.RsMgmtBD(mgmtInB, tnFvBDName='inb')
# Add the subnet/gateway
# aciFv.Subnet(
# mgmtInB, ip=policy['subnet'],
# ctrl='nd', preferred='no', virtual='no', scope='private'
# )
# Add consumer/provider
aciFv.RsProv(mgmtInB,
tnVzBrCPName=policy['inb_contract_name'],
prio='unspecified',
matchT='AtleastOne')
aciFv.RsCons(mgmtInB,
tnVzBrCPName=policy['inb_contract_name'],
prio='unspecified')
# FINALLY, create the maps of the nodes/IP/GW to the EPG
nodeNames = dict([n.name, n.id] for n in nodes)
podId = policy['podId']
for entry in policy['nodes']:
nodeId = nodeNames[entry['name']]
tDN = 'topology/pod-{}/node-{}'.format(podId, nodeId)
aciMgmt.RsInBStNode(mgmtInB,
tDn=tDN,
addr=entry['ipv4'],
gw=policy['gw'])
return fvTenant