DeployACI is a Python library for deploying applications within an ACI fabric.
- Clone this repository to your computer in a subdirectory of your choosing
- Install Python 3.7 (this is not compatible with Python 2 and has some dependancy import errors with 3.8 and above as of October 2019). Make sure to check "Add Python to PATH" during installation, as it makes running commands from the command line easier.
- Optional: You can isolate this application's dependancies using a virtual environment. This is advisable if you ever plan to run any other Python application which may share dependancies. Open a command prompt and type:
cd [package directory; the folder that has requirements.txt in it]
pip install virtualenv
virtualenv venv
venv\Scripts\activate.bat
Note: If you do this and use a
virtualenv
, then any time you wish to run anything in this application, including the following installation steps, you will first runactivate.bat
(see above) to enter the virtual environment. To exit from the virtual environment, either close the terminal (command prompt) or typedeactivate
.
- Install dependancies:
cd [package directory]
pip install -r requirements.txt
- Download the ACI metadata to your computer. You will need to get the ACI
admin
account password
rmetagen.py -u [username] [ip_of_APIC]
- Run the application once without doing anything to generate the blank config file. You can close it as soon as it opens.
python deployaci
- Open the newly generated
configuration.ini
and fill out the passwords and optionalDefault Values
section. Yes, the passwords are currently hardcoded. Yes, it's awful.
This is the layout of the file:
[IPAM SERVER]
serveripaddress =
username =
password =
[ACI APIC]
url = https://
username =
password =
[DEFAULT VALUES]
your_name =
Running the application will bring up a simple GUI you can fill out to generate the new EPG.
python deployaci
This is the name of the application. It must be at least three characters long. The name will be used to generate the EPG names (i.e. application_prod_db)
This application will automatically search IPAM for the first available subnets of the given size. Currently, the following subnets are used:
10.46.0.0/16
: Production10.47.0.0/16
: UAT10.48.0.0/16
: Development
If you want to manually/only semi-automatically specify the IP range, uncheck Automatically select IPs
and fill in the network address for the first prod subnet you will make. The application will then choose the next consecutive subnets for the EPGs you selected.
Example:
You specify 10.46.40.0\24
as the seed subnet, and you select Prod-Client
, Prod-Db
, UAT-Db
, and Dev-Db
to be provisioned. The application will then choose (and validate in ACI and IPAM) the following:
- Prod-Client: 10.46.40.0/24
- Prod-Db: 10.46.41.0/24
- UAT-Db: 10.47.40.0/24
- Dev-Db: 10.48.40.0/24
This is the selector for which tenant to deploy this application into.
For safety, the GUI defaults to using the lab
tenant for deployments. Deploying new EPGs to that tenant is generally safe to do without the risk of impacting production environments, and is a useful way to test whether this script works. I highly recommend to uncheck Reserve in IPAM
when testing, because otherwise you have to go through the annoying process of going though Solarwinds' GUI to delete the newly reserved addresses when you are done testing.
When deploying to the production environment, switch to tenant SBM
and check Reserve in IPAM
.
When checked, this automatically creates the appropriate subnets in IPAM, labels them appropriately, and reserves the gateway IP address.
Note: Even if
Reserve in IPAM
isn't checked, the script does verify that the IP addresses it generates are not in use in IPAM (and ACI, too).
Checking this removes the protections normally in place to prevent you from accidentally overwriting an existing application. Use this if you want to add new EPGs to an existing application profile.
At the bottom of the GUI is a list of possible EPGs to make. By default all are selected. Uncheck the EPGs you do not need to make. Contracts will automatically be created between the remaining EPGs.
After the application runs, check the terminal that you ran the it from to find a report on the EPGs that you created. You can share this output with the server engineers.
Note: This is a dangerous application. With minimal effort, you will affect widespread changes across the production environment. If you have any questions on how to use this, please reach out.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.