p002 setup - nihole/PSEFABRIC GitHub Wiki

Now we have enough information to

1. change YANG files according to PSEFABRIC interface we want to use
2. fill out the Vocabulary with new parameters and names of Structure Elements
3. create dictionaries in psef_logic.py in accordance with PSEFABRIC Logic
4. create templates for each command used in psef_logic.py
5. describe equipment in host_to_type.py
6. create encapsulation scripts, if necessary, to adapt configuration to the automation tools or equipment management interface

We will use copy & paste for Palo Alto Panorama configuration and Postman application for the REST request to ACI. Thus, we don't need to create configuration uploading scripts or integrate PSEFABRIC with some existing automation solutions.

1. YANG

• Add PSEFABRIC Structure Element types in psefabric-types.yang:

  • psefabric-types.yang

• Change structure.yang file with new Structure Elements:

  • structure.yang

• Change parameter and structure names for all PSEFABRIC objects

  • addresses.yang
  • services.yang
  • application.yang
  • policy.yang

2. vocabulary.py

• Describe all structure and parameter'names.

  • vocabulary.py

• Important!

  • Structure Elements participating in Resolving Element should be the values of the keys 'str_1', 'str_2', 'str_3', 'str_4'. In our example these are 'dc', 'area', 'zone', 'sub-zone':

str_voc['str_1'] = 'dc'
str_voc['str_2'] = 'area'
str_voc['str_3'] = 'zone'
str_voc['str_4'] = 'sub-zone'

3. psef_logic.py

See psef_logic.py

One example. Let's consider condition:

  if (source and destination data-centers are the same) and (source and destination areas are the same) and (source and destination zones are the same) and (source and destination subzones are different) then
    device: ACI in the correspondent DC, tenant `'common'`
      commands: `aci_create_policy`/`aci_delete_policy`
    device: Panorama
      commands: n/a

In psef_logic.py this part looks like:

    if (same_dc_flag and same_zone_flag and same_area_flag and not same_sub_zone_flag):
    # Only contracts on ACI side
        mult.append({})
        mult[0][vocabulary.eq_rvoc['host']] = map_apic_host_[src_dc]
        mult[0][vocabulary.eq_rvoc['tenant']] = map_aci_tenant_[src_dc][src_area]
        mult[0]['cmd'] = {}
        mult[0]['cmd']['ad'] = []
        mult[0]['cmd']['rm'] = []
        mult[0]['cmd']['rm'].append('acitemplates.aci_delete_policy')
        mult[0]['cmd']['ad'].append('acitemplates.aci_create_policy')

4. Templates

We have to use vendor/equipment configuration syntax to create templates.

We use python scripts.

See files: ptemplates.py (Palo Alto) and acitemplates.py (Cisco ACI).

5. host_to_type.py

See host_to_type.py

6. Encapsulation scripts

Because we are not going to use any intermediate automation tools for Panorama we don't use encapsulation scripts for Palo Alto configuration.

For ACI configuration we use Postman. Thus we "encapsulate" our json body (see aci_cfg_correction.py) providing necessary format for this tool.

7. Uploading scripts

We don't use uploading scripts in p002. We use copy & paste for Palo Alto Panorama configuration and Postman application for the REST requests to ACI.