def create_oob_mgmt_policies(apic=None, policy=None, nodes=None):
"""
OOB Mgmt configuration
"""
# Build OOB Management Object
fvTenant = aciFv.Tenant(aciPol.Uni(''), name='mgmt')
mgmtMgmtP = aciMgmt.MgmtP(fvTenant, name='default')
mgmtOoB = aciMgmt.OoB(mgmtMgmtP, prio='unspecified', name='default')
nodeNames = dict([n.name, n.id] for n in nodes)
podId = policy['podId']
for entry in policy['nodes']:
nodeId = nodeNames[entry['name']]
tDN = 'topology/pod-{}/node-{}'.format(podId, nodeId)
if policy['v6Gw'] == '::':
aciMgmt.RsOoBStNode(mgmtOoB,
gw=policy['gw'],
tDn=tDN,
addr=entry['ipv4'])
else:
aciMgmt.RsOoBStNode(mgmtOoB,
gw=policy['gw'],
v6Gw=policy['v6Gw'],
tDn=tDN,
addr=entry['ipv4'],
v6Addr=entry['ipv6'])
return fvTenant
def createIpnOspfIfPolicy(name):
"Create OSPF Policy for MPod"
fvTenant = aciFv.Tenant(aciPol.Uni(''), 'infra')
aciOspf.IfPol(fvTenant, pfxSuppress='inherit', nwT='p2p', name=name,
prio='1', ctrl='advert-subnet', helloIntvl='10',
rexmitIntvl='5', xmitDelay='1', cost='unspecified',
deadIntvl='40')
return fvTenant
def configOobMgmt(config):
"Configure the Out of Band management addresses for given fabric nodes"
fvTenant = aciFv.Tenant(aciPol.Uni(''), name='mgmt')
mgmtMgmtP = aciMgmt.MgmtP(fvTenant, name='default')
mgmtOoB = aciMgmt.OoB(mgmtMgmtP, prio='unspecified', name='default')
for podId, nodes in config.fabricNodes['pods'].iteritems():
for node in nodes:
aciMgmt.RsOoBStNode(mgmtOoB,
gw=config.mgmtOob['gw'],
v6Gw=config.mgmtOob['v6Gw'],
v6Addr=node['v6Addr'], addr=node['addr'],
tDn=getDnFromPodIdNodeId(podId,
node['nodeId']))
return fvTenant
def createIpnL3Out(config):
fvTenant = aciFv.Tenant(aciPol.Uni(''), name='infra')
l3extOut = aciL3Ext.Out(fvTenant, name=config.l3OutName,
targetDscp='unspecified', enforceRtctrl='export')
aciOspf.ExtP(l3extOut, areaId=config.ospfArea['id'],
areaType=config.ospfArea['type'])
aciBgp.ExtP(l3extOut)
aciL3Ext.RsEctx(l3extOut, tnFvCtxName='overlay-1')
if config.l3Label:
aciL3Ext.ProvLbl(l3extOut, tag='yellow-green', name=config.l3Label)
if config.golfLabel:
aciL3Ext.ProvLbl(l3extOut, tag='yellow-green', name=config.golfLabel)
l3extInstP = aciL3Ext.InstP(l3extOut, prio='unspecified',
matchT='AtleastOne', name='instp1',
targetDscp='unspecified')
aciFv.RsCustQosPol(l3extInstP, tnQosCustomPolName='')
aciL3Ext.RsL3DomAtt(l3extOut,
tDn="uni/l3dom-{}_extL3Dom".format(config.l3OutName))
fvFabricExtConnP = aciFv.FabricExtConnP(fvTenant, rt=config.routeTarget,
id='1',
name='Fabric_Ext_Conn_Pol1')
aciFv.PeeringP(fvFabricExtConnP, type='automatic_with_full_mesh')
fabricExtRoutingP = aciL3Ext.FabricExtRoutingP(fvFabricExtConnP,
name='ext_routing_prof_1')
for podId, nodes in config.fabricNodes['pods'].iteritems():
l3extLNodeP = aciL3Ext.LNodeP(l3extOut,
name="POD{}-L3Nodes".format(podId))
l3extLIfP = aciL3Ext.LIfP(l3extLNodeP, name='L3Out-InterfacePolicy')
ospfIfP = aciOspf.IfP(l3extLIfP)
aciOspf.RsIfPol(ospfIfP, tnOspfIfPolName=config.ospfIfPolicyName)
fvPodConnP = aciFv.PodConnP(fvFabricExtConnP, id=podId,
descr='this is dp-tep')
aciFv.Ip(fvPodConnP, addr=config.podProxyTepIp[podId])
if config.golfPeerList:
for golfPeer in config.golfPeerList:
if golfPeer['podId'] == 'all' and golfPeer['podId'] == podId:
bgpInfraPeerP = aciBgp.InfraPeerP(
l3extLNodeP, ctrl='send-com,send-ext-com', weight='0',
privateASctrl='', ttl=config.golfTtl,
allowedSelfAsCnt='3', peerT='wan', addr=golfPeer['ip'])
aciBgp.RsPeerPfxPol(bgpInfraPeerP, tnBgpPeerPfxPolName='')
aciBgp.AsP(bgpInfraPeerP, asn=config.golfAsn, name='')
for node in nodes:
if 'l3Out' in node:
l3extRsNodeL3OutAtt = aciL3Ext.RsNodeL3OutAtt(
l3extLNodeP, rtrIdLoopBack='yes',
rtrId=node['l3Out']['routerId'],
tDn=getDnFromPodIdNodeId(podId, node['nodeId']))
aciL3Ext.InfraNodeP(l3extRsNodeL3OutAtt,
fabricExtCtrlPeering='yes', name='')
for interface in node['l3Out']['interfaces']:
aciL3Ext.RsPathL3OutAtt(
l3extLIfP,
ifInstT='sub-interface',
addr=interface['addr'],
tDn=getPathEpFromPodIdNodeIdIfId(podId,
node['nodeId'],
interface['name']),
descr='asr',
encap='vlan-4')
for subnet in config.ipnSubnetList:
aciL3Ext.Subnet(fabricExtRoutingP, aggregate='', ip=subnet)
return fvTenant
# APIC Login Credentials
apicUrl = 'https://' + apicIP
apicUsername = '******' + TacacsUser
apicPassword = TacacsPassword
loginSession = LoginSession(apicUrl, apicUsername, apicPassword)
# Create a session with the APIC and login
moDir = MoDirectory(loginSession)
moDir.login()
# Start at the Top of MIT tree
uniMo = moDir.lookupByDn('uni')
# Create a new Tenant MO and connect it as a Child object to the root of the MIM
# Call the new Tenant MO 'ExampleSdkTenant'
fvTenantMo = fvModels.Tenant(uniMo, 'ExampleSdkTenant-3')
# Create new Private network/VRF under the new Tenant
fvContextMo = fvModels.Ctx(fvTenantMo, 'myVRF')
#Create new BD under new Tenant
#fvBDMo =
# Create a new configuration request to the APIC and pass in the new Tenant MO (including its children MOs)
# Commit the changes to the APIC
cfgRequest = ConfigRequest()
cfgRequest.addMo(fvTenantMo)
moDir.commit(cfgRequest)
# Log Out once the request is complete
moDir.logout()
def create_overlay_policy(apic=None, policy=None):
mo = aciPol.Uni('')
for name, data in policy.items():
# Create tenant behind the scenes
tenantName = '{0}_Tenant'.format(name)
fvTenant = aciFv.Tenant(mo, name=tenantName)
# Create the required VRF as well
vrfName = '{0}_VRF'.format(name)
fvCtx = aciFv.Ctx(fvTenant, name=vrfName)
# Create BD
for vlan in data['vlans']:
vlanName = 'VLAN_{0}'.format(vlan['id'])
if vlan['optimized']:
fvBD = aciFv.BD(fvTenant,
name=vlanName,
OptimizeWanBandwidth='no',
arpFlood='no',
epClear='no',
hostBasedRouting='yes',
intersiteBumTrafficAllow='no',
intersiteL2Stretch='no',
ipLearning='yes',
limitIpLearnToSubnets='yes',
llAddr='::',
mac='00:22:BD:F8:19:FF',
mcastAllow='no',
multiDstPktAct='encap-flood',
type='regular',
unicastRoute='yes',
unkMacUcastAct='proxy',
unkMcastAct='opt-flood',
v6unkMcastAct='flood',
vmac='not-applicable')
else:
fvBD = aciFv.BD(fvTenant,
name=vlanName,
OptimizeWanBandwidth='no',
arpFlood='yes',
epClear='no',
hostBasedRouting='no',
intersiteBumTrafficAllow='no',
intersiteL2Stretch='no',
ipLearning='yes',
limitIpLearnToSubnets='yes',
llAddr='::',
mac='00:22:BD:F8:19:FF',
mcastAllow='no',
multiDstPktAct='bd-flood',
type='regular',
unicastRoute='yes',
unkMacUcastAct='flood',
unkMcastAct='flood',
v6unkMcastAct='flood',
vmac='not-applicable')
aciFv.Subnet(fvBD,
ip=vlan['subnet'],
preferred='no',
scope='private',
virtual='no')
aciFv.RsCtx(fvBD, tnFvCtxName='{0}_VRF'.format(name))
fvAp = aciFv.Ap(fvTenant, name='{0}_AppProf'.format(vlanName))
aciFv.RsApMonPol(fvAp, tnMonEPGPolName='default')
# REMAINING TASKS
# Create EPGs
# aciFv.EPg(fvAp, name, matchT, etc...)
# Contracts
return mo
def create_inb_mgmt_policies(apic=None, policy=None, nodes=None):
# First create the inband bridge domain, bind to inb context/VRF
fvTenant = aciFv.Tenant(aciPol.Uni(''), name='mgmt')
fvBD = aciFv.BD(fvTenant, name='inb')
aciFv.RsCtx(fvBD, tnFvCtxName='inb')
# Second create INB management contract to permit SSH
vzBrCp = aciVz.BrCP(fvTenant,
name=policy['inb_contract_name'],
scope='context',
prio='unspecified',
targetDscp='unspecified')
vzSubj = aciVz.Subj(vzBrCp,
name=policy['inb_subject_name'],
provMatchT='AtleastOne',
consMatchT='AtleastOne',
prio='unspecified',
targetDscp='unspecified',
revFltPorts='yes')
# Simply replicate this line for other filtername
aciVz.RsSubjFiltAtt(vzSubj,
action='permit',
tnVzFilterName='tcp_src_port_any_to_dst_port_22')
# Third, create inb mgmt EPG
mgmtMgmtP = aciMgmt.MgmtP(fvTenant, name='default')
mgmtInB = aciMgmt.InB(mgmtMgmtP,
name=policy['inb_epg_name'],
encap=policy['vlan'],
floodOnEncap='disabled',
matchT='AtleastOne',
prefGrMemb='exclude',
prio='unspecified')
# Bind to BD
aciMgmt.RsMgmtBD(mgmtInB, tnFvBDName='inb')
# Add the subnet/gateway
# aciFv.Subnet(
# mgmtInB, ip=policy['subnet'],
# ctrl='nd', preferred='no', virtual='no', scope='private'
# )
# Add consumer/provider
aciFv.RsProv(mgmtInB,
tnVzBrCPName=policy['inb_contract_name'],
prio='unspecified',
matchT='AtleastOne')
aciFv.RsCons(mgmtInB,
tnVzBrCPName=policy['inb_contract_name'],
prio='unspecified')
# FINALLY, create the maps of the nodes/IP/GW to the EPG
nodeNames = dict([n.name, n.id] for n in nodes)
podId = policy['podId']
for entry in policy['nodes']:
nodeId = nodeNames[entry['name']]
tDN = 'topology/pod-{}/node-{}'.format(podId, nodeId)
aciMgmt.RsInBStNode(mgmtInB,
tDn=tDN,
addr=entry['ipv4'],
gw=policy['gw'])
return fvTenant
moDir.login()
uniMo = moDir.lookupByDn('uni')
# Import model classes
import cobra.model.vz
import cobra.model.pol as pol
import cobra.model.fvns as fvns
import cobra.model.infra as infra
import cobra.model.fv as fv
import cobra.model.l3ext as l3ext
import cobra.mit.request as request
import cobra.model.ospf as ospf
topMo = pol.Uni('')
fvTenant = fv.Tenant(topMo, name='cernerKC')
l3outlist = [
# {'vlan': '000', 'vrfName': 'SecurityCameras', 'extIP1':'0.0.0.0/0','extIP2':'0.0.0.0/0', 'routerID1':'0.0.0.0', 'routerID2':'0.0.0.0'},
{
'vlan': '000',
'vrfName': 'xxxxx_L3_OUT',
'extIP1': '0.0.0.0/0',
'extIP2': '0.0.0.0/0',
'routerID1': '0.0.0.0',
'routerID2': '0.0.0.0',
'secaddr': '0.0.0.0/0'
}
]
for value in l3outlist:
# Basic setup of variables:
vlan = value['vlan']
moDir = MoDirectory(session)
moDir.login()
uniMo = moDir.lookupByDn('uni')
# Import model classes
import cobra.model.pol as pol
import cobra.model.fvns as fvns
import cobra.model.infra as infra
import cobra.model.fv as fv
import cobra.model.l3ext as l3ext
import cobra.mit.request as request
import cobra.model.ospf as ospf
topMo = pol.Uni('')
fvTenant = fv.Tenant(topMo, name='xxxxx')
l3outlist = [
# {'vlan': '000', 'vrfName': 'SecurityCameras', 'extIP1':'0.0.0.0/0','extIP2':'0.0.0.0/0', 'routerID1':'0.0.0.0', 'routerID2':'0.0.0.0'},
{
'vlan': '000',
'vrfName': 'xxxxxx_L3_OUT',
'extIP1': '0.0.0.0/0',
'extIP2': '0.0.0.0/0',
'routerID1': '0.0.0.0',
'routerID2': '0.0.0.0',
'secaddr': '0.0.0.0/0'
}
]
for value in l3outlist:
# Basic setup of variables:
vlan = value['vlan']