p001 setup - nihole/PSEFABRIC GitHub Wiki

Now we have enough information to

1. change YANG files according to PSEFABRIC interface we want to use
2. fill out the Vocabulary with new parameters and names of Structure Elements
3. create dictionaries in psef_logic.py in accordance with PSEFABRIC Logic
4. create templates for each command used in psef_logic.py
5. describe equipment in host_to_type.py
6. create encapsulation scripts, if necessary, to adapt configuration to the automation tools or equipment management interface
7. create configuration uploading scripts or integrate PSEFABRIC with an existing automation solution

1. YANG

• Add PSEFABRIC Structure Element types in psefabric-types.yang (data-centers, VRFs, equipment, interfaces, VLANs):

  • psefabric-types.yang

• Change structure.yang file with new Structure Elements:

  • structure.yang

• Change parameter and Structure Elements names for all PSEFABRIC objects (addresses.yang, services.yang, policies.yang). For example for addresses:

  • addresses.yang
  • services.yang
  • application.yang
  • policy.yang

2. vocabulary.py

• Describe all Structure Elements and object parameter names.

  • vocabulary.py

• Important.Structure Elements participating in Resolving Element should be the values of the keys 'str_1', 'str_2', 'str_3', 'str_4'. In our example these are 'dc', 'vrf':

str_voc['str_1'] = 'dc'
str_voc['str_2'] = 'vrf'
str_voc['str_3'] = 'str_3'
str_voc['str_4'] = 'str_4'

3. psef_logic.py

See psef_logic.py

One example. Let's consider condition:

• Policies

  if source and destination data-centers are different then
    if destination data-center is DC1 then
      device: dc1_fw1 
        commands: srx_create_policy/srx_delete_policy
      device: dc1_sw1 
        commands: cisco_create_access/cisco_delete_access
if source and destination data-centers are the same but source and destination VRFs are different then
    if data-center is DC1 (any source/destination VRFs) then
       device: dc1_fw1 
         commands: srx_create_policy/srx_delete_policy
       device: dc1_sw1 
         commands: cisco_create_access/cisco_delete_access

In psef_logic.py this piece looks like:

if (dst_dc == 'DC1'):
        mult.append({})
        mult[0]['eq_addr'] = 'dc1_sw1'
        mult[0]['eq_parameter'] = ''
        mult[0]['cmd'] = {}
        mult[0]['cmd']['ad'] = []
        mult[0]['cmd']['rm'] = []
        mult[0]['cmd']['ad'].append('ctemplates.cisco_create_access')
        mult[0]['cmd']['rm'].append('ctemplates.cisco_delete_access')
        if (not (same_dc_flag and same_vrf_flag)):
            # May be some logic based on par1, par2, ... value
            mult.append({})
            mult[1]['eq_addr'] = 'dc1_fw1'
            mult[1]['eq_parameter'] = ''
            mult[1]['cmd'] = {}
            mult[1]['cmd']['ad'] = []
            mult[1]['cmd']['rm'] = []
            mult[1]['cmd']['ad'].append('jtemplates.srx_create_policy')
            mult[1]['cmd']['rm'].append('jtemplates.srx_delete_policy')

4. Templates

We have to use vendor/equipment configuration syntax to create templates.

We use python scripts.

See files: ptemplates.py (Juniper) and ctemplates.py (Cisco ACI).

5. host_to_type.py

See host_to_type.py

6. Encapsulation scripts

Due to we are not going to use any intermediate automation tools these files are pretty simple:

• cisco_cfg_correction.py
• juniper_cfg_correction.py

7. Uploading scripts

We follow the semi-automation approach in p001 (see Configuration Loader)

For more details see

• cload_txt.pl
• jload_xml.pl
• load_all.pl

The last script (load_all.pl) is used for uploading configuration to all equipment.

perl load_all.pl