Exemplo n.º 1
0
def connect_epg_contract(modir, tenant_name, application_name, epg_name,
                         contract_type, contract_name):
    """Assign a consumed/provided contract to an EPG"""

    # Check if the contract exist. If not, return.
    vz_brcp = modir.lookupByDn('uni/tn-' + tenant_name + '/brc-' +
                               contract_name)
    if not isinstance(vz_brcp, BrCP):
        print 'There is no contract called', contract_name, 'in tenant', tenant_name, '.'
        return

    # Check if the EPG exist.
    fv_aepg = modir.lookupByDn('uni/tn-' + tenant_name + '/ap-' +
                               application_name + '/epg-' + epg_name)
    if isinstance(fv_aepg, AEPg):

        # Check the contract type, consumed or provided.
        if contract_type.lower() == 'consumed':
            # Add a consumed contract to EPG
            fv_rscons = RsCons(fv_aepg, contract_name)
        elif contract_type.lower() == 'provided':
            # Add a provided contract to EPG
            fv_rsprov = RsProv(fv_aepg, contract_name)
        else:
            print 'Contract_type is either \"consumed\" or \"provided\".'
            return
    else:
        print 'Wrong path! Please check if EPG', epg_name, 'is in application', application_name, 'in tenant', tenant_name, '.'
        return

    print toXMLStr(fv_aepg, prettyPrint=True)
    commit_change(modir, fv_aepg)
Exemplo n.º 2
0
def add_contract_to_mgmt_inband_epg(modir, contract, contract_type, **args):

    args = args['args_from_CLI'] if 'args_from_CLI' in args.keys() else args

    # Query a parent
    fv_inb = modir.lookupByDn('uni/tn-mgmt/mgmtp-default/inb-default')

    if contract_type.lower() == 'provided':
        fv_rsprov = RsProv(fv_inb, contract,
                           prio=get_value(args, 'prio', DEFAULT_QOS),
                           matchT=get_value(args, 'matchT', DEFAULT_MATCH_TYPE)
        )

    elif contract_type.lower() == 'consumed':
        fv_rscons = RsCons(fv_inb, contract,
                           prio=get_value(args, 'prio', DEFAULT_QOS),
        )

    elif contract_type.lower() == 'taboo':
        fv_rsprotby = RsProtBy(fv_inb, contract)

    else:
        print 'Invalid input Contract Type.'
        return

    print_query_xml(fv_inb)
    commit_change(modir, fv_inb)
Exemplo n.º 3
0
def configureIn_band_epg_default(parent_mo, in_band_epg, **args):
    """The in-band management endpoint group, which consists of switches (leaves/spines) and APICs. Each node in the group is assigned an IP address that is dynamically allocated from the address pool associated with the corresponding in-band management zone. The allocated IP address is then configured as the in-band management access IP address on the corresponding node. Any host that is part of another endpoint group can communicate with the nodes in the in-band management endpoint group using contacts. """
    args = args['optional_args'] if 'optional_args' in args.keys() else args
    fv_inb = InB(parent_mo,
                 in_band_epg,
                 encap=get_value(args, 'encap', DEFAULT_ENCAP),
                 prio=get_value(args, 'prio', DEFAULT_QOS))
    if is_valid_key(args, 'bridge_domain'):
        mgmt_rsmgmtbd = RsMgmtBD(fv_inb, tnFvBDName=args['bridge_domain'])

    if is_valid_key(args, 'provided_contract'):
        fv_rsprov = RsProv(
            fv_inb,
            args['provided_contract']['name'],
            prio=get_value(args['provided_contract']['optional_args'], 'prio',
                           DEFAULT_QOS) if is_valid_key(
                               args['provided_contract'],
                               'optional_args') else DEFAULT_QOS,
            matchT=get_value(args['provided_contract']['optional_args'],
                             'match_type', DEFAULT_MATCH_TYPE) if is_valid_key(
                                 args['provided_contract'],
                                 'optional_args') else DEFAULT_MATCH_TYPE)

    if is_valid_key(args, 'consumed_contract'):
        fv_rscons = RsCons(
            fv_inb,
            args['consumed_contract']['name'],
            prio=get_value(args['consumed_contract']['optional_args'], 'prio',
                           DEFAULT_QOS),
        )

    if is_valid_key(args, 'taboo_contract'):
        fv_rsprotby = RsProtBy(fv_inb, args['taboo_contract']['name'])
Exemplo n.º 4
0
def add_contract(mo, contractType, contractName):
    if contractType.lower() == 'consumed':
        try:
            RsCons(mo, tnVzBrCPName=contractName)
            print '[+] Contract %s successfully attached to EPG as %s' % (
                contractName, contractType)
            CONFIG.addMo(mo)
            return mo
        except:
            print '[-] Error attaching contract %s to EPG' % contractName
            exit(1)
    if contractType.lower() == 'provided':
        try:
            RsProv(mo, tnVzBrCPName=contractName)
            print '[+] Contract %s successfully attached to EPG as %s' % (
                contractName, contractType)
            CONFIG.addMo(mo)
            return mo
        except:
            print '[-] Error attaching contract %s to EPG' % contractName
            exit(1)
    if contractType.lower() == 'intra-epg':
        try:
            RsIntraEpg(mo, tnVzBrCPName=contractName)
            print '[+] Contract %s successfully attached to EPG as %s' % (
                contractName, contractType)
            CONFIG.addMo(mo)
            return mo
        except:
            print '[-] Error attaching contract %s to EPG' % contractName
            exit(1)
Exemplo n.º 5
0
def create_3tier_application(modir, tenant_name):
    policy_universe = modir.lookupByDn('uni')
    fv_tenant = Tenant(policy_universe, tenant_name)

    # create context
    fv_ctx = Ctx(fv_tenant, CTX_NAME)

    #
    fv_bd = BD(fv_tenant, 'BD1')

    #
    fv_rs_ctx = RsCtx(fv_bd)
    fv_rs_ctx.__setattr__('tnFvCtxName', 'Apple-Router')
    fv_subnet_10 = Subnet(fv_bd,'10.0.0.1/24', scope='public')
    fv_subnet_20 = Subnet(fv_bd, '20.0.0.1/24', scope='public')
    fv_subnet_30 = Subnet(fv_bd, '30.0.0.1/24', scope='public')
    fv_subnet_40 = Subnet(fv_bd, '40.0.0.1/24', scope='public')

    #
    fv_ap = Ap(fv_tenant, '3-TierApp')

    fv_aepg_client = AEPg(fv_ap, 'Client')
    fv_rs_bd_client = RsBd(fv_aepg_client, tnFvBDName='BD1')
#    fv_rs_bd_client.__setattr__('tnFvBDName', 'BD1')
    fv_rs_cons_webct_client = RsCons(fv_aepg_client, 'WebCt')

    fv_aepg_web = AEPg(fv_ap, 'Web')
    fv_rs_bd_web = RsBd(fv_aepg_web, tnFvBDName='BD1')
    fv_rs_cons_webct_web = RsProv(fv_aepg_web, 'WebCt')
    fv_rs_cons_appct_web = RsCons(fv_aepg_web, 'AppCt')

    fv_aepg_app = AEPg(fv_ap, 'App')
    fv_rs_bd_app = RsBd(fv_aepg_app, tnFvBDName='DB1')
    fv_rs_cons_webct_app = RsProv(fv_aepg_app, 'WebCt')
    fv_rs_cons_appct_app = RsCons(fv_aepg_app, 'AppCt')

    fv_aepg_db = AEPg(fv_ap, 'DB')
    fv_rs_bd_db = RsBd(fv_aepg_db, tnFvBDName='BD1')
    fv_rs_prov_db = RsProv(fv_aepg_db, 'DbCt')

    print toXMLStr(policy_universe, prettyPrint=True)
    # Commit the change using a ConfigRequest object
    configReq = ConfigRequest()
    configReq.addMo(policy_universe)
    modir.commit(configReq)
Exemplo n.º 6
0
def connect_epg_contract(fv_aepg, contract_name, contract_type):
    """Apply Contract to EPG. The consumer relation to a binary contract profile."""
    # Check the contract type, consumed or provided.
    if contract_type.lower() == 'consumed':
        # Add a consumed contract to EPG
        fv_rscons = RsCons(fv_aepg, contract_name)
    elif contract_type.lower() == 'provided':
        # Add a provided contract to EPG
        fv_rsprov = RsProv(fv_aepg, contract_name)
    else:
        print 'Invalid Contract Type ' + contract_type + '. Contract_type is either \"consumed\" or \"provided\".'
        return
Exemplo n.º 7
0
def create_L3_epg_provider_or_consumer_contract(l3ext_instp, contract_type,
                                                contract, **args):
    """Labels the EPG as a provider/consumer in the contract. A contract defines what can be communicated along with the protocols and ports on which a provider and consumer are allowed to communicate."""
    args = args['optional_args'] if 'optional_args' in args.keys() else args
    if contract_type.lower() == 'consumed':
        fv_l3epg_cont = RsCons(l3ext_instp,
                               contract,
                               prio=get_value(args, 'prio', 'unspecified'))

    elif contract_type.lower() == 'provided':
        fv_l3epg_cont = RsProv(l3ext_instp,
                               contract,
                               prio=get_value(args, 'prio', 'unspecified'),
                               matchT=get_value(args, 'match_type',
                                                'AtleastOne'))
    else:
        print 'Invalid Contract Type ' + contract_type + '. Contract_type is either \"consumed\" or \"provided\".'
        sys.exit()
    return fv_l3epg_cont
Exemplo n.º 8
0
 def assign_contract(self, epg_dn, provider_dn, consumer_dn):
     """
     Assign contracts to an end point group
     :param epg_dn:
     :param provider_dn: Provider contract
     :param consumer_dn: Consumer contract
     :return:
     """
     epg_mo = self.moDir.lookupByDn(epg_dn)
     if len(provider_dn) > 0:
         # Retrieve the provider contract
         provider_mo = self.moDir.lookupByDn(provider_dn)
         # Create the provider relationship with EPG
         rsprov_mo = RsProv(epg_mo, provider_mo.name)
         self.commit(rsprov_mo)
     if len(consumer_dn) > 0:
         # Retrieve the consumer contract
         consumer_mo = self.moDir.lookupByDn(consumer_dn)
         # Creates the consumer relationship with EPG
         rscons_mo = RsCons(epg_mo, consumer_mo.name)
         self.commit(rscons_mo)
Exemplo n.º 9
0
def create_L3_epg_provider_contract(modir, tenant_name, routed_outside_name,
                                    external_network_name, contract_name,
                                    **args):
    fv_tenant = check_if_tenant_exist(modir, tenant_name)
    args = args['args_from_CLI'] if 'args_from_CLI' in args.keys() else args
    l3ext_instp = modir.lookupByDn('uni/tn-' + tenant_name + '/out-' +
                                   routed_outside_name + '/instP-' +
                                   external_network_name)

    if contract_name == '':
        contract_name = 'default'

    if isinstance(l3ext_instp, InstP):
        fv_l3epg_rsprov = RsProv(l3ext_instp,
                                 contract_name,
                                 prio=get_value(args, 'prio', 'unspecified'),
                                 matchT=get_value(args, 'matchT',
                                                  'AtleastOne'))
    else:
        print 'External Netwrok', external_network_name, 'does not existed.'
        return

    print_query_xml(l3ext_instp)
    commit_change(modir, l3ext_instp)
Exemplo n.º 10
0
def tenant_policy(host, user, password):
    print('[BEG] Tenant Configuration')
    moDir = apic_login(host, user, password)

    uniMo = moDir.lookupByDn('uni')

    fvTenantMo = Tenant(uniMo, 'Cobra-Demo')

    print('--- Building VRF(s)')
    # Create Private Network
    vrf1 = Ctx(fvTenantMo, "DC_INSIDE")
    vrf2 = Ctx(fvTenantMo, "DC_OUTISDE")

    print('--- Building Bridge Domain(s)')
    # Create Bridge Domain & Subnets
    fvBDMo1 = BD(fvTenantMo, "SERVER_BD1")
    fvSubnet = Subnet(fvBDMo1,
                      name=u'Sub1',
                      ip=u'106.0.1.1/24',
                      preferred=u'no',
                      virtual=u'no')
    fvSubnet = Subnet(fvBDMo1,
                      name=u'Sub2',
                      ip=u'106.0.2.1/24',
                      preferred=u'no',
                      virtual=u'no')

    print('--- Adding Subnets to Bridge Domain(s)')
    # Create Bridge Domain & Subnets
    fvBDMo2 = BD(fvTenantMo, "SERVER_BD2")
    fvSubnet = Subnet(fvBDMo2,
                      name=u'Sub3',
                      ip=u'106.0.3.1/24',
                      preferred=u'no',
                      virtual=u'no',
                      scope=u'public')
    fvSubnet = Subnet(fvBDMo2,
                      name=u'Sub4',
                      ip=u'106.0.4.1/24',
                      preferred=u'no',
                      virtual=u'yes')
    fvSubnet = Subnet(fvBDMo2,
                      name=u'Sub5',
                      ip=u'106.0.5.1/24',
                      preferred=u'no',
                      virtual=u'no',
                      scope=u'public')

    print('--- Adding Bridge Domain(s) to VRF(s)')
    # Create association to private network
    fv1RsCtx = RsCtx(fvBDMo1, tnFvCtxName=vrf1.name)
    fv2RsCtx = RsCtx(fvBDMo2, tnFvCtxName=vrf1.name)

    print('--- Building Web Filter')
    # Build Web Filters
    vzFilter1 = Filter(fvTenantMo, name=u'Web-Filters')
    vzEntry = Entry(vzFilter1,
                    applyToFrag=u'no',
                    dToPort=u'https',
                    prot=u'tcp',
                    stateful=u'no',
                    etherT=u'ip',
                    dFromPort=u'https',
                    name=u'https')
    vzEntry2 = Entry(vzFilter1,
                     applyToFrag=u'no',
                     dToPort=u'https',
                     prot=u'tcp',
                     stateful=u'no',
                     etherT=u'ip',
                     dFromPort=u'https',
                     name=u'https')

    print('--- Building App Filter')
    # Build App Filters
    vzFilter2 = Filter(fvTenantMo, name=u'App-Filters')
    vzEntry = Entry(vzFilter2,
                    applyToFrag=u'no',
                    dToPort=u'8080',
                    prot=u'tcp',
                    stateful=u'no',
                    etherT=u'ip',
                    dFromPort=u'8080',
                    name=u'tcp8080')
    vzEntry2 = Entry(vzFilter2,
                     dToPort=u'8443',
                     prot=u'tcp',
                     stateful=u'no',
                     etherT=u'ip',
                     dFromPort=u'8443',
                     name=u'tcp8443')

    print('--- Creating Contract(s)')
    #Create Contracts
    httpContract = BrCP(fvTenantMo, 'WEB')
    vzSubjMo = Subj(httpContract, 'Web-Ports')
    RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter1.name)
    RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')

    appContract = BrCP(fvTenantMo, 'APP')
    vzSubjMo = Subj(appContract, 'App-Ports')
    RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter2.name)
    RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')

    dbContract = BrCP(fvTenantMo, 'DB')
    vzSubjMo = Subj(dbContract, 'DB-Ports')
    RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')

    print('--- Creating Application Profile')
    #Create Application Profile
    fvApMo = Ap(fvTenantMo, 'DemoAppProfile')

    print('--- Building EPG: App')
    #Build AEPg APP
    fvAEPg1 = AEPg(fvApMo, 'APP')
    fvAEPgBD1 = RsBd(fvAEPg1, tnFvBDName=fvBDMo1.name)
    #Attach Static AEPg to Interface
    fvRsPathAtt1 = RsPathAtt(fvAEPg1,
                             tDn=u'topology/pod-1/paths-101/pathep-[eth1/15]',
                             primaryEncap=u'unknown',
                             instrImedcy=u'lazy',
                             mode=u'regular',
                             encap=u'vlan-2005')

    AppProv1 = RsProv(fvAEPg1, tnVzBrCPName=appContract.name)
    AppCons1 = RsCons(fvAEPg1, tnVzBrCPName=dbContract.name)

    print('--- Building EPG: Web')
    #Build AEPg WEB
    fvAEPg2 = AEPg(fvApMo, 'WEB')
    fvAEPgBD1 = RsBd(fvAEPg2, tnFvBDName=fvBDMo2.name)
    #Attach Static AEPg to Interface
    fvRsPathAtt2 = RsPathAtt(fvAEPg2,
                             tDn=u'topology/pod-1/paths-101/pathep-[eth1/16]',
                             primaryEncap=u'unknown',
                             instrImedcy=u'lazy',
                             mode=u'regular',
                             encap=u'vlan-2006')

    WebProv1 = RsProv(fvAEPg2, tnVzBrCPName=httpContract.name)
    WebCons1 = RsCons(fvAEPg2, tnVzBrCPName=appContract.name)

    print('--- Building EPG: DB')
    #Build AEPg DB
    fvAEPg3 = AEPg(fvApMo, 'DB')
    print('	--- Attaching DB to Bridge Domain: ' + fvBDMo2.name)
    fvAEPgBD1 = RsBd(fvAEPg3, tnFvBDName=fvBDMo2.name)
    #Attach Static AEPg to Interface
    fvRsPathAtt3 = RsPathAtt(fvAEPg3,
                             tDn=u'topology/pod-1/paths-101/pathep-[eth1/17]',
                             primaryEncap=u'unknown',
                             instrImedcy=u'lazy',
                             mode=u'regular',
                             encap=u'vlan-2007')

    DbProv1 = RsProv(fvAEPg3, tnVzBrCPName=dbContract.name)

    print('--- Building L3 Out')
    # Configure L3 Out
    l3extOut = Out(fvTenantMo, name=u'L3Ext-Cobra', enforceRtctrl=u'export')
    l3extRsEctx = RsEctx(l3extOut, tnFvCtxName=vrf1.name)
    l3extLNodeP = LNodeP(l3extOut, name=u'Leaf102')
    l3extRsNodeL3OutAtt = RsNodeL3OutAtt(l3extLNodeP,
                                         rtrIdLoopBack=u'no',
                                         rtrId=u'10.10.15.250',
                                         tDn=u'topology/pod-1/node-102')
    l3extLIfP = LIfP(l3extLNodeP, name=u'port1-Cobra')
    ospfIfP = IfP(l3extLIfP, authKeyId=u'1')
    ospfRsIfPol = RsIfPol(ospfIfP, tnOspfIfPolName=u'OSPF-P2P')
    l3extRsPathL3OutAtt = RsPathL3OutAtt(
        l3extLIfP,
        addr=u'10.10.100.9/30',
        encapScope=u'local',
        mode=u'regular',
        ifInstT=u'l3-port',
        mtu=u'1500',
        tDn=u'topology/pod-1/paths-102/pathep-[eth1/1]')

    l3extInstP = l3ext.InstP(l3extOut, name=u'L3-OUT-EPG')
    fvRsCons = RsCons(l3extInstP, tnVzBrCPName=httpContract.name)
    l3extSubnet = L3Sub(l3extInstP, ip=u'0.0.0.0/0')
    ospfExtP = ExtP(l3extOut,
                    areaCtrl=u'redistribute,summary',
                    areaId=u'0.0.0.1',
                    areaType=u'regular',
                    areaCost=u'1')
    BDAttL3Out1 = RsBDToOut(fvBDMo2, tnL3extOutName=l3extOut.name)

    cfg_commit(moDir, fvTenantMo)
    print('[END] Tenant Configuration')
Exemplo n.º 11
0
def addContractLinks(spec, apicMoDir):
    logging.debug('Inside addContractLinks function')
    epgList = spec['epgs']
    tenant = spec['tenant']
    appName = spec['app-prof']
    tenMo = tenantDict[tenant]

    for e in epgList:
        epg = SafeDict(e)
        epgName = epg['name']
        links = epg['contract-links']
        if links is 'missing':
            logging.debug('No contract links specified for epg {}'.format(epgName))
            continue

        epgDn = 'uni/tn-' + tenant + '/ap-' + appName + '/epg-' + epgName
        epgMo = apicMoDir.lookupByDn(epgDn)
		
        # If the EPG mo does not exist, nothing can be
        # done. Typically, should not happen.
        if epgMo is None:
            logging.error('Could not locate epg %s within tenant %s' % (epgName, tenant))
            return ['ERROR', "Could not locate epg {}".format(epgName)]

        epgcR = ConfigRequest()
        for l in links:
            link = SafeDict(l)

            cKind = link['contract-kind']
            if cKind != "EXTERNAL" and cKind != "INTERNAL":
                logging.error('Unknown contract-kind')
                return ['ERROR', "Unknown contract-kind {}".format(cKind)]

            if cKind == "EXTERNAL":
                contrMo = apicMoDir.lookupByDn(link['contract-dn'])
                if contrMo is None:
                    logging.error('ERROR external contract {} not found'.format(link['contract-dn']))
                    return ['ERROR', "No ext contract {}".format(link['contract-dn'])]

            if cKind == "INTERNAL":
                ccName = link['contract-name']
                contractDN = 'uni/tn-' + tenant + '/brc-' + ccName
                contrMo = apicMoDir.lookupByDn(contractDN)
                if contrMo is None:
                    #add the cc Mo, so we can setup the link
                    contrMo = BrCP(tenMo, ccName)
                    ccCR = ConfigRequest()
                    ccCR.addMo(contrMo)
                    apicMoDir.commit(ccCR)

            # at this point, we are ready to add cons/prov link
            if link['link-kind'] == "CONSUME":
                linkMo = RsCons(epgMo, tnVzBrCPName=contrMo.name)
                logging.debug('epg {} consumes {}'.format(epgName, contrMo.name))
            else:
                linkMo = RsProv(epgMo, tnVzBrCPName=contrMo.name)
                logging.debug('epg {} provides {}'.format(epgName, contrMo.name))

        epgcR.addMo(epgMo)
        apicMoDir.commit(epgcR)

    return ['success', 'ok']