def create_oob_mgmt_policies(apic=None, policy=None, nodes=None): """ OOB Mgmt configuration """ # Build OOB Management Object fvTenant = aciFv.Tenant(aciPol.Uni(''), name='mgmt') mgmtMgmtP = aciMgmt.MgmtP(fvTenant, name='default') mgmtOoB = aciMgmt.OoB(mgmtMgmtP, prio='unspecified', name='default') nodeNames = dict([n.name, n.id] for n in nodes) podId = policy['podId'] for entry in policy['nodes']: nodeId = nodeNames[entry['name']] tDN = 'topology/pod-{}/node-{}'.format(podId, nodeId) if policy['v6Gw'] == '::': aciMgmt.RsOoBStNode(mgmtOoB, gw=policy['gw'], tDn=tDN, addr=entry['ipv4']) else: aciMgmt.RsOoBStNode(mgmtOoB, gw=policy['gw'], v6Gw=policy['v6Gw'], tDn=tDN, addr=entry['ipv4'], v6Addr=entry['ipv6']) return fvTenant
def configOobMgmt(config): "Configure the Out of Band management addresses for given fabric nodes" fvTenant = aciFv.Tenant(aciPol.Uni(''), name='mgmt') mgmtMgmtP = aciMgmt.MgmtP(fvTenant, name='default') mgmtOoB = aciMgmt.OoB(mgmtMgmtP, prio='unspecified', name='default') for podId, nodes in config.fabricNodes['pods'].iteritems(): for node in nodes: aciMgmt.RsOoBStNode(mgmtOoB, gw=config.mgmtOob['gw'], v6Gw=config.mgmtOob['v6Gw'], v6Addr=node['v6Addr'], addr=node['addr'], tDn=getDnFromPodIdNodeId(podId, node['nodeId'])) return fvTenant
def create_inb_mgmt_policies(apic=None, policy=None, nodes=None): # First create the inband bridge domain, bind to inb context/VRF fvTenant = aciFv.Tenant(aciPol.Uni(''), name='mgmt') fvBD = aciFv.BD(fvTenant, name='inb') aciFv.RsCtx(fvBD, tnFvCtxName='inb') # Second create INB management contract to permit SSH vzBrCp = aciVz.BrCP(fvTenant, name=policy['inb_contract_name'], scope='context', prio='unspecified', targetDscp='unspecified') vzSubj = aciVz.Subj(vzBrCp, name=policy['inb_subject_name'], provMatchT='AtleastOne', consMatchT='AtleastOne', prio='unspecified', targetDscp='unspecified', revFltPorts='yes') # Simply replicate this line for other filtername aciVz.RsSubjFiltAtt(vzSubj, action='permit', tnVzFilterName='tcp_src_port_any_to_dst_port_22') # Third, create inb mgmt EPG mgmtMgmtP = aciMgmt.MgmtP(fvTenant, name='default') mgmtInB = aciMgmt.InB(mgmtMgmtP, name=policy['inb_epg_name'], encap=policy['vlan'], floodOnEncap='disabled', matchT='AtleastOne', prefGrMemb='exclude', prio='unspecified') # Bind to BD aciMgmt.RsMgmtBD(mgmtInB, tnFvBDName='inb') # Add the subnet/gateway # aciFv.Subnet( # mgmtInB, ip=policy['subnet'], # ctrl='nd', preferred='no', virtual='no', scope='private' # ) # Add consumer/provider aciFv.RsProv(mgmtInB, tnVzBrCPName=policy['inb_contract_name'], prio='unspecified', matchT='AtleastOne') aciFv.RsCons(mgmtInB, tnVzBrCPName=policy['inb_contract_name'], prio='unspecified') # FINALLY, create the maps of the nodes/IP/GW to the EPG nodeNames = dict([n.name, n.id] for n in nodes) podId = policy['podId'] for entry in policy['nodes']: nodeId = nodeNames[entry['name']] tDN = 'topology/pod-{}/node-{}'.format(podId, nodeId) aciMgmt.RsInBStNode(mgmtInB, tDn=tDN, addr=entry['ipv4'], gw=policy['gw']) return fvTenant