Exemplo n.º 1
0
def create_filter(fv_tenant, filter, **args):
    """Create a filter"""
    args = args['optional_args'] if 'optional_args' in args.keys() else args

    # Create filter
    vz_filter = Filter(fv_tenant, filter)

    # Add an entry to the filter
    vz_entry = Entry(vz_filter,
                     get_value(args, 'entry_name', filter.lower()),
                     etherT=get_value(args, 'ether_type',
                                      DEFAULT_ETHER_TYPE).lower(),
                     prot=get_value(args, 'ip_protocol',
                                    DEFAULT_IP_PROTOCOL).lower(),
                     arpOpc=get_value(args, 'arp_flag',
                                      DEFAULT_ARP_FLAG).lower(),
                     applyToFrag=get_value(args, 'apply_frag',
                                           DEFAULT_APPLY_FRAG),
                     sFromPort=get_value(args, 'source_port_from',
                                         DEFAULT_SOURCE_PORT_FROM),
                     sToPort=get_value(args, 'source_port_to',
                                       DEFAULT_SOURCE_PORT_TO),
                     dFromPort=get_value(args, 'destination_port_from',
                                         DEFAULT_DESTINATION_PORT_FROM),
                     dToPort=get_value(args, 'destination_port_to',
                                       DEFAULT_DESTINATION_PORT_TO),
                     tcpRules=get_value(args, 'tcp_flag', DEFAULT_TCP_FLAG))
Exemplo n.º 2
0
def create_filters(modir, tenant_name):

    policy_universe = modir.lookupByDn('uni')
    fv_tenant = Tenant(policy_universe, tenant_name)

    # create filter for http
    vz_filter_http = Filter(fv_tenant, FILTER_HTTP_NAME)
    vz_entry_http = Entry(vz_filter_http,
                          'DPort-80',
                          dFromPort='80',
                          dToPort='80',
                          etherT='ip',
                          prot='tcp')

    #create filter for rmi
    vz_filter_rmi = Filter(fv_tenant, FILTER_RMI_NAME)
    vz_entry_rmi = Entry(vz_filter_http,
                         'DPort-1514',
                         dFromPort='1514',
                         dToPort='1514',
                         etherT='ip',
                         prot='tcp')

    # create filter for sql
    vz_filter_sql = Filter(fv_tenant, FILTER_RMI_NAME)
    vz_entry_sql = Entry(vz_filter_http,
                         'DPort-1433',
                         dFromPort='1433',
                         dToPort='1433',
                         etherT='ip',
                         prot='tcp')

    # print the query in XML format
    print toXMLStr(policy_universe, prettyPrint=True)

    # Commit the change using a ConfigRequest object
    configReq = ConfigRequest()
    configReq.addMo(policy_universe)
    modir.commit(configReq)
Exemplo n.º 3
0
def create_filter(modir, tenant_name, filter_name, **args):
    """Create a filter"""

    # Query a tenant
    fv_tenant = modir.lookupByDn('uni/tn-' + tenant_name)
    args = args['args_from_CLI'] if 'args_from_CLI' in args.keys() else args

    # Check if the tenant exists
    if isinstance(fv_tenant, Tenant):
        # Create filter
        vz_filter = Filter(fv_tenant, filter_name)

        # Add an entry to the filter
        vz_entry = Entry(vz_filter,
                         get_value(args, 'entry_name', filter_name.lower()),
                         etherT=get_value(args, 'ether_type',
                                          DEFAULT_ETHER_TYPE).lower(),
                         prot=get_value(args, 'ip_protocol',
                                        DEFAULT_IP_PROTOCOL).lower(),
                         applyToFrag=get_value(args, 'apply_frag',
                                               DEFAULT_APPLY_FRAG),
                         sFromPort=get_value(args, 'source_port_from',
                                             DEFAULT_SOURCE_PORT_FROM),
                         sToPort=get_value(args, 'source_port_to',
                                           DEFAULT_SOURCE_PORT_TO),
                         dFromPort=get_value(args, 'destination_port_from',
                                             DEFAULT_DESTINATION_PORT_FROM),
                         dToPort=get_value(args, 'destination_port_to',
                                           DEFAULT_DESTINATION_PORT_TO),
                         tcpRules=get_value(args, 'tcp_flag',
                                            DEFAULT_TCP_FLAG))

    else:
        print 'Tenant', tenant_name, 'does not exist. Please create a tenant first'
        return

    print toXMLStr(fv_tenant, prettyPrint=True)
    commit_change(modir, fv_tenant)
Exemplo n.º 4
0
def tenant_policy(host, user, password):
    print('[BEG] Tenant Configuration')
    moDir = apic_login(host, user, password)

    uniMo = moDir.lookupByDn('uni')

    fvTenantMo = Tenant(uniMo, 'Cobra-Demo')

    print('--- Building VRF(s)')
    # Create Private Network
    vrf1 = Ctx(fvTenantMo, "DC_INSIDE")
    vrf2 = Ctx(fvTenantMo, "DC_OUTISDE")

    print('--- Building Bridge Domain(s)')
    # Create Bridge Domain & Subnets
    fvBDMo1 = BD(fvTenantMo, "SERVER_BD1")
    fvSubnet = Subnet(fvBDMo1,
                      name=u'Sub1',
                      ip=u'106.0.1.1/24',
                      preferred=u'no',
                      virtual=u'no')
    fvSubnet = Subnet(fvBDMo1,
                      name=u'Sub2',
                      ip=u'106.0.2.1/24',
                      preferred=u'no',
                      virtual=u'no')

    print('--- Adding Subnets to Bridge Domain(s)')
    # Create Bridge Domain & Subnets
    fvBDMo2 = BD(fvTenantMo, "SERVER_BD2")
    fvSubnet = Subnet(fvBDMo2,
                      name=u'Sub3',
                      ip=u'106.0.3.1/24',
                      preferred=u'no',
                      virtual=u'no',
                      scope=u'public')
    fvSubnet = Subnet(fvBDMo2,
                      name=u'Sub4',
                      ip=u'106.0.4.1/24',
                      preferred=u'no',
                      virtual=u'yes')
    fvSubnet = Subnet(fvBDMo2,
                      name=u'Sub5',
                      ip=u'106.0.5.1/24',
                      preferred=u'no',
                      virtual=u'no',
                      scope=u'public')

    print('--- Adding Bridge Domain(s) to VRF(s)')
    # Create association to private network
    fv1RsCtx = RsCtx(fvBDMo1, tnFvCtxName=vrf1.name)
    fv2RsCtx = RsCtx(fvBDMo2, tnFvCtxName=vrf1.name)

    print('--- Building Web Filter')
    # Build Web Filters
    vzFilter1 = Filter(fvTenantMo, name=u'Web-Filters')
    vzEntry = Entry(vzFilter1,
                    applyToFrag=u'no',
                    dToPort=u'https',
                    prot=u'tcp',
                    stateful=u'no',
                    etherT=u'ip',
                    dFromPort=u'https',
                    name=u'https')
    vzEntry2 = Entry(vzFilter1,
                     applyToFrag=u'no',
                     dToPort=u'https',
                     prot=u'tcp',
                     stateful=u'no',
                     etherT=u'ip',
                     dFromPort=u'https',
                     name=u'https')

    print('--- Building App Filter')
    # Build App Filters
    vzFilter2 = Filter(fvTenantMo, name=u'App-Filters')
    vzEntry = Entry(vzFilter2,
                    applyToFrag=u'no',
                    dToPort=u'8080',
                    prot=u'tcp',
                    stateful=u'no',
                    etherT=u'ip',
                    dFromPort=u'8080',
                    name=u'tcp8080')
    vzEntry2 = Entry(vzFilter2,
                     dToPort=u'8443',
                     prot=u'tcp',
                     stateful=u'no',
                     etherT=u'ip',
                     dFromPort=u'8443',
                     name=u'tcp8443')

    print('--- Creating Contract(s)')
    #Create Contracts
    httpContract = BrCP(fvTenantMo, 'WEB')
    vzSubjMo = Subj(httpContract, 'Web-Ports')
    RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter1.name)
    RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')

    appContract = BrCP(fvTenantMo, 'APP')
    vzSubjMo = Subj(appContract, 'App-Ports')
    RsSubjFiltAtt(vzSubjMo, tnVzFilterName=vzFilter2.name)
    RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')

    dbContract = BrCP(fvTenantMo, 'DB')
    vzSubjMo = Subj(dbContract, 'DB-Ports')
    RsSubjFiltAtt(vzSubjMo, tnVzFilterName='icmp')

    print('--- Creating Application Profile')
    #Create Application Profile
    fvApMo = Ap(fvTenantMo, 'DemoAppProfile')

    print('--- Building EPG: App')
    #Build AEPg APP
    fvAEPg1 = AEPg(fvApMo, 'APP')
    fvAEPgBD1 = RsBd(fvAEPg1, tnFvBDName=fvBDMo1.name)
    #Attach Static AEPg to Interface
    fvRsPathAtt1 = RsPathAtt(fvAEPg1,
                             tDn=u'topology/pod-1/paths-101/pathep-[eth1/15]',
                             primaryEncap=u'unknown',
                             instrImedcy=u'lazy',
                             mode=u'regular',
                             encap=u'vlan-2005')

    AppProv1 = RsProv(fvAEPg1, tnVzBrCPName=appContract.name)
    AppCons1 = RsCons(fvAEPg1, tnVzBrCPName=dbContract.name)

    print('--- Building EPG: Web')
    #Build AEPg WEB
    fvAEPg2 = AEPg(fvApMo, 'WEB')
    fvAEPgBD1 = RsBd(fvAEPg2, tnFvBDName=fvBDMo2.name)
    #Attach Static AEPg to Interface
    fvRsPathAtt2 = RsPathAtt(fvAEPg2,
                             tDn=u'topology/pod-1/paths-101/pathep-[eth1/16]',
                             primaryEncap=u'unknown',
                             instrImedcy=u'lazy',
                             mode=u'regular',
                             encap=u'vlan-2006')

    WebProv1 = RsProv(fvAEPg2, tnVzBrCPName=httpContract.name)
    WebCons1 = RsCons(fvAEPg2, tnVzBrCPName=appContract.name)

    print('--- Building EPG: DB')
    #Build AEPg DB
    fvAEPg3 = AEPg(fvApMo, 'DB')
    print('	--- Attaching DB to Bridge Domain: ' + fvBDMo2.name)
    fvAEPgBD1 = RsBd(fvAEPg3, tnFvBDName=fvBDMo2.name)
    #Attach Static AEPg to Interface
    fvRsPathAtt3 = RsPathAtt(fvAEPg3,
                             tDn=u'topology/pod-1/paths-101/pathep-[eth1/17]',
                             primaryEncap=u'unknown',
                             instrImedcy=u'lazy',
                             mode=u'regular',
                             encap=u'vlan-2007')

    DbProv1 = RsProv(fvAEPg3, tnVzBrCPName=dbContract.name)

    print('--- Building L3 Out')
    # Configure L3 Out
    l3extOut = Out(fvTenantMo, name=u'L3Ext-Cobra', enforceRtctrl=u'export')
    l3extRsEctx = RsEctx(l3extOut, tnFvCtxName=vrf1.name)
    l3extLNodeP = LNodeP(l3extOut, name=u'Leaf102')
    l3extRsNodeL3OutAtt = RsNodeL3OutAtt(l3extLNodeP,
                                         rtrIdLoopBack=u'no',
                                         rtrId=u'10.10.15.250',
                                         tDn=u'topology/pod-1/node-102')
    l3extLIfP = LIfP(l3extLNodeP, name=u'port1-Cobra')
    ospfIfP = IfP(l3extLIfP, authKeyId=u'1')
    ospfRsIfPol = RsIfPol(ospfIfP, tnOspfIfPolName=u'OSPF-P2P')
    l3extRsPathL3OutAtt = RsPathL3OutAtt(
        l3extLIfP,
        addr=u'10.10.100.9/30',
        encapScope=u'local',
        mode=u'regular',
        ifInstT=u'l3-port',
        mtu=u'1500',
        tDn=u'topology/pod-1/paths-102/pathep-[eth1/1]')

    l3extInstP = l3ext.InstP(l3extOut, name=u'L3-OUT-EPG')
    fvRsCons = RsCons(l3extInstP, tnVzBrCPName=httpContract.name)
    l3extSubnet = L3Sub(l3extInstP, ip=u'0.0.0.0/0')
    ospfExtP = ExtP(l3extOut,
                    areaCtrl=u'redistribute,summary',
                    areaId=u'0.0.0.1',
                    areaType=u'regular',
                    areaCost=u'1')
    BDAttL3Out1 = RsBDToOut(fvBDMo2, tnL3extOutName=l3extOut.name)

    cfg_commit(moDir, fvTenantMo)
    print('[END] Tenant Configuration')
Exemplo n.º 5
0
def addDefinedContracts(spec, apicMoDir):
    logging.debug('Inside addDefinedContracts function')
    tenant = spec['tenant']
    tenMo = tenantDict[tenant]
    appName = spec['app-prof']
    resrcList = []

    contracts = spec['contract-defs']
    if contracts is 'missing':
        logging.info('No defined contracts in {}'.format(appName))
        return

    cR = ConfigRequest()
    cR.addMo(tenMo)

    for cc in contracts:
        c = SafeDict(cc)
        logging.debug('>> Adding contract {}'.format(c['name']))
        contractCR = ConfigRequest()
        # filter container
        filterName = 'filt-' + c['name']
        filterMo = Filter(tenMo, filterName)
        # save the filter dn to this app's resource list
        resrcList.append(filterMo) 
    
        filters = c['filter-info']
        logging.debug(filters)
        if filters is 'missing':
            logging.error('ERROR no filters in contract')
            continue
        for eachEntry in filters:
            filterEntry = SafeDict(eachEntry)
            ipProtocol = filterEntry['protocol']
            servPort = filterEntry['servport']
	   
            etherType = 'ip'
            filterProto = 0
            filterPort = 0
            if ipProtocol is not 'missing':
                filterProto = ipProtoNametoNumber(ipProtocol)
            if servPort is not 'missing':
                filterPort = int(servPort)

            # Form the entry name
            entryName = 'entry-' + etherType
            if filterProto > 0:
                entryName = entryName + '-' + ipProtocol
            if filterPort > 0:
                entryName = entryName + '-' + servPort          

            logging.info('creating filter entry {}'.format(entryName))
            entryMo = Entry(filterMo, entryName)
            entryMo.etherT = etherType
            if filterProto > 0:
                entryMo.prot = filterProto
            # Set port information only if TCP or UDP
            if entryMo.prot == 6 or entryMo.prot == 17:
                if filterPort > 0:
                    entryMo.dFromPort = filterPort
                    entryMo.dToPort = filterPort
    
        # contract container
        ccName = c['name']
        logging.info('==>contract name:%s' % ccName)
        ccMo = BrCP(tenMo, ccName)
        # save the contract dn to this app's resource list
        resrcList.append(ccMo) 
        
        # subject for associating filter to contract
        subjName = 'subj-' + ccName
        subjMo = Subj(ccMo, subjName)
        RsSubjFiltAtt(subjMo, tnVzFilterName=filterMo.name)
        contractCR.addMo(ccMo)
        apicMoDir.commit(contractCR)

    cR = ConfigRequest()
    cR.addMo(tenMo)
    apicMoDir.commit(cR)
    # save the resource list
    appKey = tenant + '-' + appName
    appResourceDict[appKey] = resrcList