def connect_epg_contract(modir, tenant_name, application_name, epg_name, contract_type, contract_name): """Assign a consumed/provided contract to an EPG""" # Check if the contract exist. If not, return. vz_brcp = modir.lookupByDn('uni/tn-' + tenant_name + '/brc-' + contract_name) if not isinstance(vz_brcp, BrCP): print 'There is no contract called', contract_name, 'in tenant', tenant_name, '.' return # Check if the EPG exist. fv_aepg = modir.lookupByDn('uni/tn-' + tenant_name + '/ap-' + application_name + '/epg-' + epg_name) if isinstance(fv_aepg, AEPg): # Check the contract type, consumed or provided. if contract_type.lower() == 'consumed': # Add a consumed contract to EPG fv_rscons = RsCons(fv_aepg, contract_name) elif contract_type.lower() == 'provided': # Add a provided contract to EPG fv_rsprov = RsProv(fv_aepg, contract_name) else: print 'Contract_type is either \"consumed\" or \"provided\".' return else: print 'Wrong path! Please check if EPG', epg_name, 'is in application', application_name, 'in tenant', tenant_name, '.' return print toXMLStr(fv_aepg, prettyPrint=True) commit_change(modir, fv_aepg)
def add_contract_to_mgmt_inband_epg(modir, contract, contract_type, **args): args = args['args_from_CLI'] if 'args_from_CLI' in args.keys() else args # Query a parent fv_inb = modir.lookupByDn('uni/tn-mgmt/mgmtp-default/inb-default') if contract_type.lower() == 'provided': fv_rsprov = RsProv(fv_inb, contract, prio=get_value(args, 'prio', DEFAULT_QOS), matchT=get_value(args, 'matchT', DEFAULT_MATCH_TYPE) ) elif contract_type.lower() == 'consumed': fv_rscons = RsCons(fv_inb, contract, prio=get_value(args, 'prio', DEFAULT_QOS), ) elif contract_type.lower() == 'taboo': fv_rsprotby = RsProtBy(fv_inb, contract) else: print 'Invalid input Contract Type.' return print_query_xml(fv_inb) commit_change(modir, fv_inb)
def configureIn_band_epg_default(parent_mo, in_band_epg, **args): """The in-band management endpoint group, which consists of switches (leaves/spines) and APICs. Each node in the group is assigned an IP address that is dynamically allocated from the address pool associated with the corresponding in-band management zone. The allocated IP address is then configured as the in-band management access IP address on the corresponding node. Any host that is part of another endpoint group can communicate with the nodes in the in-band management endpoint group using contacts. """ args = args['optional_args'] if 'optional_args' in args.keys() else args fv_inb = InB(parent_mo, in_band_epg, encap=get_value(args, 'encap', DEFAULT_ENCAP), prio=get_value(args, 'prio', DEFAULT_QOS)) if is_valid_key(args, 'bridge_domain'): mgmt_rsmgmtbd = RsMgmtBD(fv_inb, tnFvBDName=args['bridge_domain']) if is_valid_key(args, 'provided_contract'): fv_rsprov = RsProv( fv_inb, args['provided_contract']['name'], prio=get_value(args['provided_contract']['optional_args'], 'prio', DEFAULT_QOS) if is_valid_key( args['provided_contract'], 'optional_args') else DEFAULT_QOS, matchT=get_value(args['provided_contract']['optional_args'], 'match_type', DEFAULT_MATCH_TYPE) if is_valid_key( args['provided_contract'], 'optional_args') else DEFAULT_MATCH_TYPE) if is_valid_key(args, 'consumed_contract'): fv_rscons = RsCons( fv_inb, args['consumed_contract']['name'], prio=get_value(args['consumed_contract']['optional_args'], 'prio', DEFAULT_QOS), ) if is_valid_key(args, 'taboo_contract'): fv_rsprotby = RsProtBy(fv_inb, args['taboo_contract']['name'])
def add_contract(mo, contractType, contractName): if contractType.lower() == 'consumed': try: RsCons(mo, tnVzBrCPName=contractName) print '[+] Contract %s successfully attached to EPG as %s' % ( contractName, contractType) CONFIG.addMo(mo) return mo except: print '[-] Error attaching contract %s to EPG' % contractName exit(1) if contractType.lower() == 'provided': try: RsProv(mo, tnVzBrCPName=contractName) print '[+] Contract %s successfully attached to EPG as %s' % ( contractName, contractType) CONFIG.addMo(mo) return mo except: print '[-] Error attaching contract %s to EPG' % contractName exit(1) if contractType.lower() == 'intra-epg': try: RsIntraEpg(mo, tnVzBrCPName=contractName) print '[+] Contract %s successfully attached to EPG as %s' % ( contractName, contractType) CONFIG.addMo(mo) return mo except: print '[-] Error attaching contract %s to EPG' % contractName exit(1)
def create_3tier_application(modir, tenant_name): policy_universe = modir.lookupByDn('uni') fv_tenant = Tenant(policy_universe, tenant_name) # create context fv_ctx = Ctx(fv_tenant, CTX_NAME) # fv_bd = BD(fv_tenant, 'BD1') # fv_rs_ctx = RsCtx(fv_bd) fv_rs_ctx.__setattr__('tnFvCtxName', 'Apple-Router') fv_subnet_10 = Subnet(fv_bd,'10.0.0.1/24', scope='public') fv_subnet_20 = Subnet(fv_bd, '20.0.0.1/24', scope='public') fv_subnet_30 = Subnet(fv_bd, '30.0.0.1/24', scope='public') fv_subnet_40 = Subnet(fv_bd, '40.0.0.1/24', scope='public') # fv_ap = Ap(fv_tenant, '3-TierApp') fv_aepg_client = AEPg(fv_ap, 'Client') fv_rs_bd_client = RsBd(fv_aepg_client, tnFvBDName='BD1') # fv_rs_bd_client.__setattr__('tnFvBDName', 'BD1') fv_rs_cons_webct_client = RsCons(fv_aepg_client, 'WebCt') fv_aepg_web = AEPg(fv_ap, 'Web') fv_rs_bd_web = RsBd(fv_aepg_web, tnFvBDName='BD1') fv_rs_cons_webct_web = RsProv(fv_aepg_web, 'WebCt') fv_rs_cons_appct_web = RsCons(fv_aepg_web, 'AppCt') fv_aepg_app = AEPg(fv_ap, 'App') fv_rs_bd_app = RsBd(fv_aepg_app, tnFvBDName='DB1') fv_rs_cons_webct_app = RsProv(fv_aepg_app, 'WebCt') fv_rs_cons_appct_app = RsCons(fv_aepg_app, 'AppCt') fv_aepg_db = AEPg(fv_ap, 'DB') fv_rs_bd_db = RsBd(fv_aepg_db, tnFvBDName='BD1') fv_rs_prov_db = RsProv(fv_aepg_db, 'DbCt') print toXMLStr(policy_universe, prettyPrint=True) # Commit the change using a ConfigRequest object configReq = ConfigRequest() configReq.addMo(policy_universe) modir.commit(configReq)
def connect_epg_contract(fv_aepg, contract_name, contract_type): """Apply Contract to EPG. The consumer relation to a binary contract profile.""" # Check the contract type, consumed or provided. if contract_type.lower() == 'consumed': # Add a consumed contract to EPG fv_rscons = RsCons(fv_aepg, contract_name) elif contract_type.lower() == 'provided': # Add a provided contract to EPG fv_rsprov = RsProv(fv_aepg, contract_name) else: print 'Invalid Contract Type ' + contract_type + '. Contract_type is either \"consumed\" or \"provided\".' return
def create_L3_epg_provider_or_consumer_contract(l3ext_instp, contract_type, contract, **args): """Labels the EPG as a provider/consumer in the contract. A contract defines what can be communicated along with the protocols and ports on which a provider and consumer are allowed to communicate.""" args = args['optional_args'] if 'optional_args' in args.keys() else args if contract_type.lower() == 'consumed': fv_l3epg_cont = RsCons(l3ext_instp, contract, prio=get_value(args, 'prio', 'unspecified')) elif contract_type.lower() == 'provided': fv_l3epg_cont = RsProv(l3ext_instp, contract, prio=get_value(args, 'prio', 'unspecified'), matchT=get_value(args, 'match_type', 'AtleastOne')) else: print 'Invalid Contract Type ' + contract_type + '. Contract_type is either \"consumed\" or \"provided\".' sys.exit() return fv_l3epg_cont
def assign_contract(self, epg_dn, provider_dn, consumer_dn): """ Assign contracts to an end point group :param epg_dn: :param provider_dn: Provider contract :param consumer_dn: Consumer contract :return: """ epg_mo = self.moDir.lookupByDn(epg_dn) if len(provider_dn) > 0: # Retrieve the provider contract provider_mo = self.moDir.lookupByDn(provider_dn) # Create the provider relationship with EPG rsprov_mo = RsProv(epg_mo, provider_mo.name) self.commit(rsprov_mo) if len(consumer_dn) > 0: # Retrieve the consumer contract consumer_mo = self.moDir.lookupByDn(consumer_dn) # Creates the consumer relationship with EPG rscons_mo = RsCons(epg_mo, consumer_mo.name) self.commit(rscons_mo)
def create_L3_epg_provider_contract(modir, tenant_name, routed_outside_name, external_network_name, contract_name, **args): fv_tenant = check_if_tenant_exist(modir, tenant_name) args = args['args_from_CLI'] if 'args_from_CLI' in args.keys() else args l3ext_instp = modir.lookupByDn('uni/tn-' + tenant_name + '/out-' + routed_outside_name + '/instP-' + external_network_name) if contract_name == '': contract_name = 'default' if isinstance(l3ext_instp, InstP): fv_l3epg_rsprov = RsProv(l3ext_instp, contract_name, prio=get_value(args, 'prio', 'unspecified'), matchT=get_value(args, 'matchT', 'AtleastOne')) else: print 'External Netwrok', external_network_name, 'does not existed.' return print_query_xml(l3ext_instp) commit_change(modir, l3ext_instp)
def tenant_policy(host, user, password): print('[BEG] Tenant Configuration') moDir = apic_login(host, user, password) uniMo = moDir.lookupByDn('uni') fvTenantMo = Tenant(uniMo, 'Cobra-Demo') print('--- Building VRF(s)') # Create Private Network vrf1 = Ctx(fvTenantMo, "DC_INSIDE") vrf2 = Ctx(fvTenantMo, "DC_OUTISDE") print('--- Building Bridge Domain(s)') # Create Bridge Domain & Subnets fvBDMo1 = BD(fvTenantMo, "SERVER_BD1") fvSubnet = Subnet(fvBDMo1, name=u'Sub1', ip=u'106.0.1.1/24', preferred=u'no', virtual=u'no') fvSubnet = Subnet(fvBDMo1, name=u'Sub2', ip=u'106.0.2.1/24', preferred=u'no', virtual=u'no') print('--- Adding Subnets to Bridge Domain(s)') # Create Bridge Domain & Subnets fvBDMo2 = BD(fvTenantMo, "SERVER_BD2") fvSubnet = Subnet(fvBDMo2, name=u'Sub3', ip=u'106.0.3.1/24', preferred=u'no', virtual=u'no', scope=u'public') fvSubnet = Subnet(fvBDMo2, name=u'Sub4', ip=u'106.0.4.1/24', preferred=u'no', virtual=u'yes') fvSubnet = Subnet(fvBDMo2, name=u'Sub5', ip=u'106.0.5.1/24', preferred=u'no', virtual=u'no', scope=u'public') print('--- Adding Bridge Domain(s) to VRF(s)') # Create association to private network fv1RsCtx = RsCtx(fvBDMo1, tnFvCtxName=vrf1.name) fv2RsCtx = RsCtx(fvBDMo2, tnFvCtxName=vrf1.name) print('--- Building Web Filter') # Build Web Filters vzFilter1 = Filter(fvTenantMo, name=u'Web-Filters') vzEntry = Entry(vzFilter1, applyToFrag=u'no', dToPort=u'https', prot=u'tcp', stateful=u'no', etherT=u'ip', dFromPort=u'https', name=u'https') vzEntry2 = Entry(vzFilter1, applyToFrag=u'no', dToPort=u'https', prot=u'tcp', stateful=u'no', etherT=u'ip', dFromPort=u'https', name=u'https') print('--- Building App Filter') # Build App Filters vzFilter2 = Filter(fvTenantMo, name=u'App-Filters') vzEntry = Entry(vzFilter2, applyToFrag=u'no', dToPort=u'8080', prot=u'tcp', stateful=u'no', etherT=u'ip', dFromPort=u'8080', name=u'tcp8080') vzEntry2 = Entry(vzFilter2, dToPort=u'8443', prot=u'tcp', stateful=u'no', etherT=u'ip', dFromPort=u'8443', name=u'tcp8443') print('--- Creating Contract(s)') #Create Contracts httpContract = BrCP(fvTenantMo, 'WEB') vzSubjMo = Subj(httpContract, 'Web-Ports') RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter1.name) RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp') appContract = BrCP(fvTenantMo, 'APP') vzSubjMo = Subj(appContract, 'App-Ports') RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter2.name) RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp') dbContract = BrCP(fvTenantMo, 'DB') vzSubjMo = Subj(dbContract, 'DB-Ports') RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp') print('--- Creating Application Profile') #Create Application Profile fvApMo = Ap(fvTenantMo, 'DemoAppProfile') print('--- Building EPG: App') #Build AEPg APP fvAEPg1 = AEPg(fvApMo, 'APP') fvAEPgBD1 = RsBd(fvAEPg1, tnFvBDName=fvBDMo1.name) #Attach Static AEPg to Interface fvRsPathAtt1 = RsPathAtt(fvAEPg1, tDn=u'topology/pod-1/paths-101/pathep-[eth1/15]', primaryEncap=u'unknown', instrImedcy=u'lazy', mode=u'regular', encap=u'vlan-2005') AppProv1 = RsProv(fvAEPg1, tnVzBrCPName=appContract.name) AppCons1 = RsCons(fvAEPg1, tnVzBrCPName=dbContract.name) print('--- Building EPG: Web') #Build AEPg WEB fvAEPg2 = AEPg(fvApMo, 'WEB') fvAEPgBD1 = RsBd(fvAEPg2, tnFvBDName=fvBDMo2.name) #Attach Static AEPg to Interface fvRsPathAtt2 = RsPathAtt(fvAEPg2, tDn=u'topology/pod-1/paths-101/pathep-[eth1/16]', primaryEncap=u'unknown', instrImedcy=u'lazy', mode=u'regular', encap=u'vlan-2006') WebProv1 = RsProv(fvAEPg2, tnVzBrCPName=httpContract.name) WebCons1 = RsCons(fvAEPg2, tnVzBrCPName=appContract.name) print('--- Building EPG: DB') #Build AEPg DB fvAEPg3 = AEPg(fvApMo, 'DB') print(' --- Attaching DB to Bridge Domain: ' + fvBDMo2.name) fvAEPgBD1 = RsBd(fvAEPg3, tnFvBDName=fvBDMo2.name) #Attach Static AEPg to Interface fvRsPathAtt3 = RsPathAtt(fvAEPg3, tDn=u'topology/pod-1/paths-101/pathep-[eth1/17]', primaryEncap=u'unknown', instrImedcy=u'lazy', mode=u'regular', encap=u'vlan-2007') DbProv1 = RsProv(fvAEPg3, tnVzBrCPName=dbContract.name) print('--- Building L3 Out') # Configure L3 Out l3extOut = Out(fvTenantMo, name=u'L3Ext-Cobra', enforceRtctrl=u'export') l3extRsEctx = RsEctx(l3extOut, tnFvCtxName=vrf1.name) l3extLNodeP = LNodeP(l3extOut, name=u'Leaf102') l3extRsNodeL3OutAtt = RsNodeL3OutAtt(l3extLNodeP, rtrIdLoopBack=u'no', rtrId=u'10.10.15.250', tDn=u'topology/pod-1/node-102') l3extLIfP = LIfP(l3extLNodeP, name=u'port1-Cobra') ospfIfP = IfP(l3extLIfP, authKeyId=u'1') ospfRsIfPol = RsIfPol(ospfIfP, tnOspfIfPolName=u'OSPF-P2P') l3extRsPathL3OutAtt = RsPathL3OutAtt( l3extLIfP, addr=u'10.10.100.9/30', encapScope=u'local', mode=u'regular', ifInstT=u'l3-port', mtu=u'1500', tDn=u'topology/pod-1/paths-102/pathep-[eth1/1]') l3extInstP = l3ext.InstP(l3extOut, name=u'L3-OUT-EPG') fvRsCons = RsCons(l3extInstP, tnVzBrCPName=httpContract.name) l3extSubnet = L3Sub(l3extInstP, ip=u'0.0.0.0/0') ospfExtP = ExtP(l3extOut, areaCtrl=u'redistribute,summary', areaId=u'0.0.0.1', areaType=u'regular', areaCost=u'1') BDAttL3Out1 = RsBDToOut(fvBDMo2, tnL3extOutName=l3extOut.name) cfg_commit(moDir, fvTenantMo) print('[END] Tenant Configuration')
def addContractLinks(spec, apicMoDir): logging.debug('Inside addContractLinks function') epgList = spec['epgs'] tenant = spec['tenant'] appName = spec['app-prof'] tenMo = tenantDict[tenant] for e in epgList: epg = SafeDict(e) epgName = epg['name'] links = epg['contract-links'] if links is 'missing': logging.debug('No contract links specified for epg {}'.format(epgName)) continue epgDn = 'uni/tn-' + tenant + '/ap-' + appName + '/epg-' + epgName epgMo = apicMoDir.lookupByDn(epgDn) # If the EPG mo does not exist, nothing can be # done. Typically, should not happen. if epgMo is None: logging.error('Could not locate epg %s within tenant %s' % (epgName, tenant)) return ['ERROR', "Could not locate epg {}".format(epgName)] epgcR = ConfigRequest() for l in links: link = SafeDict(l) cKind = link['contract-kind'] if cKind != "EXTERNAL" and cKind != "INTERNAL": logging.error('Unknown contract-kind') return ['ERROR', "Unknown contract-kind {}".format(cKind)] if cKind == "EXTERNAL": contrMo = apicMoDir.lookupByDn(link['contract-dn']) if contrMo is None: logging.error('ERROR external contract {} not found'.format(link['contract-dn'])) return ['ERROR', "No ext contract {}".format(link['contract-dn'])] if cKind == "INTERNAL": ccName = link['contract-name'] contractDN = 'uni/tn-' + tenant + '/brc-' + ccName contrMo = apicMoDir.lookupByDn(contractDN) if contrMo is None: #add the cc Mo, so we can setup the link contrMo = BrCP(tenMo, ccName) ccCR = ConfigRequest() ccCR.addMo(contrMo) apicMoDir.commit(ccCR) # at this point, we are ready to add cons/prov link if link['link-kind'] == "CONSUME": linkMo = RsCons(epgMo, tnVzBrCPName=contrMo.name) logging.debug('epg {} consumes {}'.format(epgName, contrMo.name)) else: linkMo = RsProv(epgMo, tnVzBrCPName=contrMo.name) logging.debug('epg {} provides {}'.format(epgName, contrMo.name)) epgcR.addMo(epgMo) apicMoDir.commit(epgcR) return ['success', 'ok']