def create_3tier_application(modir, tenant_name):
policy_universe = modir.lookupByDn('uni')
fv_tenant = Tenant(policy_universe, tenant_name)
# create context
fv_ctx = Ctx(fv_tenant, CTX_NAME)
#
fv_bd = BD(fv_tenant, 'BD1')
#
fv_rs_ctx = RsCtx(fv_bd)
fv_rs_ctx.__setattr__('tnFvCtxName', 'Apple-Router')
fv_subnet_10 = Subnet(fv_bd,'10.0.0.1/24', scope='public')
fv_subnet_20 = Subnet(fv_bd, '20.0.0.1/24', scope='public')
fv_subnet_30 = Subnet(fv_bd, '30.0.0.1/24', scope='public')
fv_subnet_40 = Subnet(fv_bd, '40.0.0.1/24', scope='public')
#
fv_ap = Ap(fv_tenant, '3-TierApp')
fv_aepg_client = AEPg(fv_ap, 'Client')
fv_rs_bd_client = RsBd(fv_aepg_client, tnFvBDName='BD1')
# fv_rs_bd_client.__setattr__('tnFvBDName', 'BD1')
fv_rs_cons_webct_client = RsCons(fv_aepg_client, 'WebCt')
fv_aepg_web = AEPg(fv_ap, 'Web')
fv_rs_bd_web = RsBd(fv_aepg_web, tnFvBDName='BD1')
fv_rs_cons_webct_web = RsProv(fv_aepg_web, 'WebCt')
fv_rs_cons_appct_web = RsCons(fv_aepg_web, 'AppCt')
fv_aepg_app = AEPg(fv_ap, 'App')
fv_rs_bd_app = RsBd(fv_aepg_app, tnFvBDName='DB1')
fv_rs_cons_webct_app = RsProv(fv_aepg_app, 'WebCt')
fv_rs_cons_appct_app = RsCons(fv_aepg_app, 'AppCt')
fv_aepg_db = AEPg(fv_ap, 'DB')
fv_rs_bd_db = RsBd(fv_aepg_db, tnFvBDName='BD1')
fv_rs_prov_db = RsProv(fv_aepg_db, 'DbCt')
print toXMLStr(policy_universe, prettyPrint=True)
# Commit the change using a ConfigRequest object
configReq = ConfigRequest()
configReq.addMo(policy_universe)
modir.commit(configReq)
def create_epg(tenant, bdName, vNum, epgName, apName=APP):
fvAp = Ap(tenant, apName)
try:
fvAEPg = AEPg(fvAp, name=epgName)
RsBd(fvAEPg, tnFvBDName=bdName)
CONFIG.addMo(fvAEPg)
print '[+] EPG %s created successfully' % epgName
return fvAEPg
except:
print '[-] Error creating EPG'
exit(1)
def create_application_epg(fv_ap, epg, **args):
"""Create a Application. A set of requirements for the application-level EPG instance. The policy regulates connectivity and visibility among the end points within the scope of the policy. """
args = args['optional_args'] if 'optional_args' in args.keys() else args
fv_aepg = AEPg(fv_ap,
epg,
prio=get_value(args, 'prio', 'unspecified').lower())
# Provide bridge_domain to the EPG.
if is_valid_key(args, 'bridge_domain'):
fv_rsbd = RsBd(fv_aepg, tnFvBDName=args['bridge_domain'])
if is_valid_key(args, 'custom_qos'):
fv_rscustqospol = RsCustQosPol(fv_aepg,
tnQosCustomPolName=args['custom_qos'])
if is_valid_key(args, 'monitoring'):
fv_rsaepgmonpol = RsAEPgMonPol(fv_aepg,
tnMonEPGPolName=args['monitoring'])
if is_valid_key(args, 'associated_domain_profile'):
for profile in args['associated_domain_profile']:
fv_rsdomatt = RsDomAtt(
fv_aepg,
'uni/phys-' + profile['domain_profile'],
instrImedcy=get_value(profile, 'deployment_immediacy',
DEFAULT_IMMEDIACY),
resImedcy=get_value(profile, 'resolution_immediacy',
DEFAULT_IMMEDIACY))
if is_valid_key(args, 'statically_link') and args['statically_link']:
if is_valid_key(args, 'leaf') and is_valid_key(
args['leaf'], 'node_id', ban=['None']):
fv_rsnodeatt = RsNodeAtt(
fv_aepg,
'topology/pod-1/node-' + str(args['leaf']['node_id']),
encap=args['leaf']['encap'],
mode=get_value(args['leaf'], 'mode', DEFAULT_MODE),
instrImedcy=get_value(args['leaf'], 'deployment_immediacy',
DEFAULT_IMMEDIACY))
if is_valid_key(args, 'path') and is_valid_key(
args['path'], 'node_id', ban=['None']):
fv_rsnodeatt = RsPathAtt(
fv_aepg,
'topology/pod-1/paths-' + str(args['path']['node_id']) +
'/pathep-[eth' + args['path']['eth'] + ']',
encap=args['path']['encap'],
mode=get_value(args['path'], 'mode', DEFAULT_MODE),
instrImedcy=get_value(args['path'], 'deployment_immediacy',
DEFAULT_IMMEDIACY))
return fv_aepg
def create_application_epg(modir, tenant_name, application_name, epg_name,
**args):
"""Create an EPG"""
# Query the application
fv_ap = modir.lookupByDn('uni/tn-' + tenant_name + '/ap-' +
application_name)
args = args['args_from_CLI'] if 'args_from_CLI' in args.keys() else args
if isinstance(fv_ap, Ap):
# Create an EPG
fv_aepg = AEPg(fv_ap,
epg_name,
prio=get_value(args, 'prio', 'unspecified').lower())
# Provide bridge_domain to the EPG.
if 'bridge_domain' in args.keys():
fv_rsbd = RsBd(fv_aepg, tnFvBDName=args['bridge_domain'])
else:
print 'There is no application', application_name, 'in tenant', tenant_name, '. Please create an application.'
return
print toXMLStr(fv_ap, prettyPrint=True)
commit_change(modir, fv_ap)
# Create association to private network
RsCtx(fvBDMo, tnFvCtxName=tenant['ctx'])
# Create Application Profile
for app in tenant['ap']:
print('Creating Application Profile: %s' % app['name'])
fvApMo = Ap(fvTenantMo, app['name'])
# Create EPGs
for epg in app['epgs']:
print("Creating EPG: %s..." % (epg['name']))
fvAEPgMo = AEPg(fvApMo, epg['name'])
# Associate EPG to Bridge Domain
RsBd(fvAEPgMo, tnFvBDName=tenant['bd'])
# Commit each tenant separately
tenantCfg = ConfigRequest()
tenantCfg.addMo(fvTenantMo)
moDir.commit(tenantCfg)
print('All tenants created.\n**')
print("Get the tenants by class.\n**")
tnQuery = ClassQuery('fvTenant')
tnMos = moDir.query(tnQuery)
for tnMo in tnMos:
print(tnMo.dn)
print("Get the tenants by DN and delete them.\n**")
for tenant in TENANT_INFO:
def main(host, port, user, password):
# CONNECT TO APIC
print('Initializing connection to APIC...')
apicUrl = 'http://%s:%d' % (host, port)
moDir = MoDirectory(LoginSession(apicUrl, user, password))
moDir.login()
# Get the top level Policy Universe Directory
uniMo = moDir.lookupByDn('uni')
uniInfraMo = moDir.lookupByDn('uni/infra')
# Create Vlan Namespace
nsInfo = VMM_DOMAIN_INFO['namespace']
print("Creating namespace %s.." % (nsInfo['name']))
fvnsVlanInstPMo = VlanInstP(uniInfraMo, nsInfo['name'], 'dynamic')
#fvnsArgs = {'from': nsInfo['from'], 'to': nsInfo['to']}
EncapBlk(fvnsVlanInstPMo, nsInfo['from'], nsInfo['to'], name=nsInfo['name'])
nsCfg = ConfigRequest()
nsCfg.addMo(fvnsVlanInstPMo)
moDir.commit(nsCfg)
# Create VMM Domain
print('Creating VMM domain...')
vmmpVMwareProvPMo = moDir.lookupByDn('uni/vmmp-VMware')
vmmDomPMo = DomP(vmmpVMwareProvPMo, VMM_DOMAIN_INFO['name'])
vmmUsrMo = []
for usrp in VMM_DOMAIN_INFO['usrs']:
usrMo = UsrAccP(vmmDomPMo, usrp['name'], usr=usrp['usr'],
pwd=usrp['pwd'])
vmmUsrMo.append(usrMo)
# Create Controllers under domain
for ctrlr in VMM_DOMAIN_INFO['ctrlrs']:
vmmCtrlrMo = CtrlrP(vmmDomPMo, ctrlr['name'], scope=ctrlr['scope'],
hostOrIp=ctrlr['ip'])
# Associate Ctrlr to UserP
RsAcc(vmmCtrlrMo, tDn=vmmUsrMo[0].dn)
# Associate Domain to Namespace
RsVlanNs(vmmDomPMo, tDn=fvnsVlanInstPMo.dn)
vmmCfg = ConfigRequest()
vmmCfg.addMo(vmmDomPMo)
moDir.commit(vmmCfg)
print("VMM Domain Creation Completed.")
print("Starting Tenant Creation..")
for tenant in TENANT_INFO:
print("Creating tenant %s.." % (tenant['name']))
fvTenantMo = Tenant(uniMo, tenant['name'])
# Create Private Network
Ctx(fvTenantMo, tenant['pvn'])
# Create Bridge Domain
fvBDMo = BD(fvTenantMo, name=tenant['bd'])
# Create association to private network
RsCtx(fvBDMo, tnFvCtxName=tenant['pvn'])
# Create Application Profile
for app in tenant['ap']:
print('Creating Application Profile: %s' % app['name'])
fvApMo = Ap(fvTenantMo, app['name'])
# Create EPGs
for epg in app['epgs']:
print("Creating EPG: %s..." % (epg['name']))
fvAEPgMo = AEPg(fvApMo, epg['name'])
# Associate EPG to Bridge Domain
RsBd(fvAEPgMo, tnFvBDName=tenant['bd'])
# Associate EPG to VMM Domain
RsDomAtt(fvAEPgMo, vmmDomPMo.dn)
# Commit each tenant seperately
tenantCfg = ConfigRequest()
tenantCfg.addMo(fvTenantMo)
moDir.commit(tenantCfg)
print('All done!')
def create_endpoint_groups(delete=''):
epg_df = pd.read_excel("input-data/ACI_DD_Workbook.xlsx",
sheet_name='End_Point_Groups')
file = open("EPG_Configuration.log", "w")
logon = apic_logon()
uniMo = logon.lookupByDn('uni')
for index, row in epg_df.iterrows():
fvTenant = Tenant(uniMo, row['Tenant'])
fvAp = Ap(fvTenant, row['Application Profile'])
if delete == 'yes':
fvAEPg = AEPg(fvAp, name=row['Name'], status='deleted')
else:
fvAEPg = AEPg(fvAp,
name=row['EPG Name'],
description=row['EPG Description'],
prefGrMemb=row['prefGrMemb'])
if pd.isnull(row['Associated Bridge Domain']) == False:
fvRsBD = RsBd(fvAEPg,
tnFvBDName=row['Associated Bridge Domain'])
if pd.isnull(row['Physical Domain']) == False:
fvRsDomAtt = RsDomAtt(fvAEPg,
tDn='uni/phys-%s' %
row['Physical Domain'])
if pd.isnull(row['Static Path']) == False:
fvRsPathAtt = RsPathAtt(fvAEPg,
tDn=row['Static Path'],
encap='vlan-%s' % row['VLAN Encap'])
if pd.isnull(row['Associated VMM1']) == False:
fvRsDomAtt1 = RsDomAtt(fvAEPg,
tDn='uni/vmmp-VMware/dom-' +
row['Associated VMM1'],
primaryEncap=u'unknown',
classPref=u'encap',
delimiter=u'',
instrImedcy=u'lazy',
encap=u'unknown',
encapMode=u'auto',
resImedcy=u'immediate')
vmmSecP = SecP(fvRsDomAtt1,
ownerKey=u'',
name=u'',
descr=u'',
forgedTransmits=u'reject',
ownerTag=u'',
allowPromiscuous=u'reject',
macChanges=u'reject')
if pd.isnull(row['Associated VMM2']) == False:
fvRsDomAtt2 = RsDomAtt(fvAEPg,
tDn='uni/vmmp-VMware/dom-' +
row['Associated VMM2'],
primaryEncap=u'unknown',
classPref=u'encap',
delimiter=u'',
instrImedcy=u'lazy',
encap=u'unknown',
encapMode=u'auto',
resImedcy=u'immediate')
vmmSecP2 = SecP(fvRsDomAtt2,
ownerKey=u'',
name=u'',
descr=u'',
forgedTransmits=u'reject',
ownerTag=u'',
allowPromiscuous=u'reject',
macChanges=u'reject')
cfgRequest = ConfigRequest()
cfgRequest.addMo(fvAp)
logon.commit(cfgRequest)
json_data = toJSONStr(fvAp, prettyPrint=True)
file.write(
'\n-------------------------------------------------------------------\n'
)
file.write(json_data)
file.close()
def tenant_policy(host, user, password):
print('[BEG] Tenant Configuration')
moDir = apic_login(host, user, password)
uniMo = moDir.lookupByDn('uni')
fvTenantMo = Tenant(uniMo, 'Cobra-Demo')
print('--- Building VRF(s)')
# Create Private Network
vrf1 = Ctx(fvTenantMo, "DC_INSIDE")
vrf2 = Ctx(fvTenantMo, "DC_OUTISDE")
print('--- Building Bridge Domain(s)')
# Create Bridge Domain & Subnets
fvBDMo1 = BD(fvTenantMo, "SERVER_BD1")
fvSubnet = Subnet(fvBDMo1,
name=u'Sub1',
ip=u'106.0.1.1/24',
preferred=u'no',
virtual=u'no')
fvSubnet = Subnet(fvBDMo1,
name=u'Sub2',
ip=u'106.0.2.1/24',
preferred=u'no',
virtual=u'no')
print('--- Adding Subnets to Bridge Domain(s)')
# Create Bridge Domain & Subnets
fvBDMo2 = BD(fvTenantMo, "SERVER_BD2")
fvSubnet = Subnet(fvBDMo2,
name=u'Sub3',
ip=u'106.0.3.1/24',
preferred=u'no',
virtual=u'no',
scope=u'public')
fvSubnet = Subnet(fvBDMo2,
name=u'Sub4',
ip=u'106.0.4.1/24',
preferred=u'no',
virtual=u'yes')
fvSubnet = Subnet(fvBDMo2,
name=u'Sub5',
ip=u'106.0.5.1/24',
preferred=u'no',
virtual=u'no',
scope=u'public')
print('--- Adding Bridge Domain(s) to VRF(s)')
# Create association to private network
fv1RsCtx = RsCtx(fvBDMo1, tnFvCtxName=vrf1.name)
fv2RsCtx = RsCtx(fvBDMo2, tnFvCtxName=vrf1.name)
print('--- Building Web Filter')
# Build Web Filters
vzFilter1 = Filter(fvTenantMo, name=u'Web-Filters')
vzEntry = Entry(vzFilter1,
applyToFrag=u'no',
dToPort=u'https',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'https',
name=u'https')
vzEntry2 = Entry(vzFilter1,
applyToFrag=u'no',
dToPort=u'https',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'https',
name=u'https')
print('--- Building App Filter')
# Build App Filters
vzFilter2 = Filter(fvTenantMo, name=u'App-Filters')
vzEntry = Entry(vzFilter2,
applyToFrag=u'no',
dToPort=u'8080',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'8080',
name=u'tcp8080')
vzEntry2 = Entry(vzFilter2,
dToPort=u'8443',
prot=u'tcp',
stateful=u'no',
etherT=u'ip',
dFromPort=u'8443',
name=u'tcp8443')
print('--- Creating Contract(s)')
#Create Contracts
httpContract = BrCP(fvTenantMo, 'WEB')
vzSubjMo = Subj(httpContract, 'Web-Ports')
RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter1.name)
RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')
appContract = BrCP(fvTenantMo, 'APP')
vzSubjMo = Subj(appContract, 'App-Ports')
RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter2.name)
RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')
dbContract = BrCP(fvTenantMo, 'DB')
vzSubjMo = Subj(dbContract, 'DB-Ports')
RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')
print('--- Creating Application Profile')
#Create Application Profile
fvApMo = Ap(fvTenantMo, 'DemoAppProfile')
print('--- Building EPG: App')
#Build AEPg APP
fvAEPg1 = AEPg(fvApMo, 'APP')
fvAEPgBD1 = RsBd(fvAEPg1, tnFvBDName=fvBDMo1.name)
#Attach Static AEPg to Interface
fvRsPathAtt1 = RsPathAtt(fvAEPg1,
tDn=u'topology/pod-1/paths-101/pathep-[eth1/15]',
primaryEncap=u'unknown',
instrImedcy=u'lazy',
mode=u'regular',
encap=u'vlan-2005')
AppProv1 = RsProv(fvAEPg1, tnVzBrCPName=appContract.name)
AppCons1 = RsCons(fvAEPg1, tnVzBrCPName=dbContract.name)
print('--- Building EPG: Web')
#Build AEPg WEB
fvAEPg2 = AEPg(fvApMo, 'WEB')
fvAEPgBD1 = RsBd(fvAEPg2, tnFvBDName=fvBDMo2.name)
#Attach Static AEPg to Interface
fvRsPathAtt2 = RsPathAtt(fvAEPg2,
tDn=u'topology/pod-1/paths-101/pathep-[eth1/16]',
primaryEncap=u'unknown',
instrImedcy=u'lazy',
mode=u'regular',
encap=u'vlan-2006')
WebProv1 = RsProv(fvAEPg2, tnVzBrCPName=httpContract.name)
WebCons1 = RsCons(fvAEPg2, tnVzBrCPName=appContract.name)
print('--- Building EPG: DB')
#Build AEPg DB
fvAEPg3 = AEPg(fvApMo, 'DB')
print(' --- Attaching DB to Bridge Domain: ' + fvBDMo2.name)
fvAEPgBD1 = RsBd(fvAEPg3, tnFvBDName=fvBDMo2.name)
#Attach Static AEPg to Interface
fvRsPathAtt3 = RsPathAtt(fvAEPg3,
tDn=u'topology/pod-1/paths-101/pathep-[eth1/17]',
primaryEncap=u'unknown',
instrImedcy=u'lazy',
mode=u'regular',
encap=u'vlan-2007')
DbProv1 = RsProv(fvAEPg3, tnVzBrCPName=dbContract.name)
print('--- Building L3 Out')
# Configure L3 Out
l3extOut = Out(fvTenantMo, name=u'L3Ext-Cobra', enforceRtctrl=u'export')
l3extRsEctx = RsEctx(l3extOut, tnFvCtxName=vrf1.name)
l3extLNodeP = LNodeP(l3extOut, name=u'Leaf102')
l3extRsNodeL3OutAtt = RsNodeL3OutAtt(l3extLNodeP,
rtrIdLoopBack=u'no',
rtrId=u'10.10.15.250',
tDn=u'topology/pod-1/node-102')
l3extLIfP = LIfP(l3extLNodeP, name=u'port1-Cobra')
ospfIfP = IfP(l3extLIfP, authKeyId=u'1')
ospfRsIfPol = RsIfPol(ospfIfP, tnOspfIfPolName=u'OSPF-P2P')
l3extRsPathL3OutAtt = RsPathL3OutAtt(
l3extLIfP,
addr=u'10.10.100.9/30',
encapScope=u'local',
mode=u'regular',
ifInstT=u'l3-port',
mtu=u'1500',
tDn=u'topology/pod-1/paths-102/pathep-[eth1/1]')
l3extInstP = l3ext.InstP(l3extOut, name=u'L3-OUT-EPG')
fvRsCons = RsCons(l3extInstP, tnVzBrCPName=httpContract.name)
l3extSubnet = L3Sub(l3extInstP, ip=u'0.0.0.0/0')
ospfExtP = ExtP(l3extOut,
areaCtrl=u'redistribute,summary',
areaId=u'0.0.0.1',
areaType=u'regular',
areaCost=u'1')
BDAttL3Out1 = RsBDToOut(fvBDMo2, tnL3extOutName=l3extOut.name)
cfg_commit(moDir, fvTenantMo)
print('[END] Tenant Configuration')
Ctx(fvTenantMo, vrf.getName(), descr=vrf.getDesc())
for bd in vrf.getBds():
print "Creating BD [{}]".format(bd.getName())
fvBDMo = BD(fvTenantMo, bd.getName(), descr=bd.getDesc())
# Create association to VRF
RsCtx(fvBDMo, tnFvCtxName=vrf.getName())
for ap in vrf.getAppProfiles():
print "Creating App Profile [{}]".format(ap.getName())
fvApMo = Ap(fvTenantMo, ap.getName(), descr=ap.getDesc())
for epg in ap.getEpgs():
print "Creating EPG [{}]".format(epg.getName())
fvAEPgMo = AEPg(fvApMo, epg.getName(), descr=epg.getDesc())
# Associate EPG to Bridge Domain
RsBd(fvAEPgMo, tnFvBDName=epg.getBdName())
# Associate EPG to VMM Domain
#RsDomAtt(fvAEPgMo, vmmDomPMo.dn)
tenantCfg = ConfigRequest()
tenantCfg.addMo(fvTenantMo)
print "tenantCfg data: " + tenantCfg.data
md.commit(tenantCfg)
md.logout()
else:
print "User cancelled the script! Good bye ..."
# end of main program
def setupApp(spec, apicMoDir, gwConfig):
logging.debug('Inside setupApp function')
# create an app prof if it does not exist.
appName = spec['app-prof']
tenant = spec['tenant']
tenMo = tenantDict[tenant]
epgList = spec['epgs']
logging.debug('Nodes : %s' % gwConfig.nodes)
logging.debug('Paths : %s' % gwConfig.paths)
physDom = gwConfig.physDom
vmmDom = gwConfig.vmmDom
if physDom == "not_specified" and vmmDom == "not_specified":
return ['failed', 'Physical and VMM domain not specified']
# Check if the APIC already knows about this application profile
# within this tenant context
appProfDn = formAppProfDn(tenant, appName)
exists, fvApMo = checkDnExists(apicMoDir, appProfDn)
if exists:
# The appProfile already exists in the APIC. Stash what we got.
logging.info('App-prof %s,%s already exists.' % (tenant, appName))
appDict[appName] = fvApMo
else:
logging.info('Creating application profile %s in tenant %s' % (appName, tenant))
fvApMo = Ap(tenMo, appName)
appDict[appName] = fvApMo
cR = ConfigRequest()
cR.addMo(fvApMo)
# Walk the EPG list and create them.
for epg in epgList:
# Get the bridge domain for this epg, will create if needed
comTen = gwConfig.includeCommonTenant
bdName = getBridgeDomain(tenant, epg, apicMoDir, comTen)
epgName = epg['name']
fvEpg = AEPg(fvApMo, epgName)
# associate to BD
RsBd(fvEpg, tnFvBDName=bdName)
vlan = epg['vlan-tag']
encapid = 'vlan-' + vlan
if vmmDom != "not_specified":
# associate to vmm domain
logging.info("VMM Domain: {}".format(vmmDom))
contivClusterDom = 'uni/vmmp-VMware/dom-' + vmmDom
logging.debug("Bind VMM : {} on {}".format(vmmDom, encapid))
rsDomAtt = RsDomAtt(fvEpg, tDn=contivClusterDom, instrImedcy='immediate', encap=encapid, resImedcy='immediate')
SecP(rsDomAtt, forgedTransmits='accept', allowPromiscuous='accept', macChanges='accept')
if physDom != "not_specified":
# associate to phy domain
contivClusterDom = 'uni/phys-' + physDom
RsDomAtt(fvEpg, contivClusterDom)
# TODO: add static binding
logging.info('Nodes : %s' % gwConfig.nodes)
for leaf in gwConfig.nodes:
logging.debug('Bind Leaf : %s' % leaf)
RsNodeAtt(fvEpg, tDn=leaf, encap=encapid)
logging.info('Paths : %s' % gwConfig.paths)
for path in gwConfig.paths:
logging.debug('Path = %s' % path)
RsPathAtt(fvEpg, tDn=path, instrImedcy='immediate', encap=encapid)
apicMoDir.commit(cR)
enforce = gwConfig.enforcePolicies
if enforce.lower() == "no":
logging.info('Setting up EPG in un-enforced mode.')
setupUnenforcedMode(spec, apicMoDir)
else:
logging.debug('Establishing policy contracts.')
addDefinedContracts(spec, apicMoDir)
logging.debug('Establishing consumer/provider links.')
ret = addContractLinks(spec, apicMoDir)
if ret[0] != 'success':
return ret
return ['success', 'ok']