Solved: Re: ACI config - xml script

nileshgore25 · ‎02-20-2020

Hi,

1) is there any tool available to generate xml scripts for ACI configuration (tenant, BD, EPG, etc.) ?

intention is to post the xml scripts at appropriate location for ACI configuration.

2) when i right click and "save as" the xml script that is downloaded does not maintain the indentation and formatting. Is there any way to get those scripts in right indentation and format ?

I am still learning the MIT and objects and classes hierarchy.

Claudia de Luna · ‎02-29-2020

Hi @nileshgore25,

You will find alot of examples out there and there are many ways to automate ACI.

@RedNectar Chris already described one, and quite a powerful one at that.

I'm not a fan of the CobraSDK so I'll share some other ways to do this so you get a full picture.

I work on ACI via python scripts using the requests module and via Ansible. If I'm doing something highly customized I'll use python because I have all of that build already. Ansible has lots of modules ready to go including a rest module and so for one off things I'll go that route. A common workflow for me is to build out the Data Center via Python and then "tune" with Ansible and mostly the REST module.

I also spend time using POSTMAN to validate the payloads I'm pushing to ACI and so I have some examples for you to look at with Postman. The Postman collection is here. Its pretty basic and does not have all the objects and relationships you need for a functioning network but its just enough to illustrate the examples.

Note: you can disregard the MACOS folder. Thats just an indication that the work was done on a Mac.

When you are updating specific "children" in ACI you will need to pay attention to the MIT and the relationships.

Here is an example of payload to add an SVI. Notice that the first object in line 2 is l3extLIfP which defines the Logical Node Profile. Under that starting at line 11 (but note the "children" in line 9) you have the l3extRsPathL3OutAtt which represents your SVI.

The first time you create all of this you can use "status": "created".

If you want to delete the objects you can use "status": "deleted"

However if you are going in to modify items then you will need to pay close attention to each status as you work your way through the relationships. Typically the parent object needs to be "created, modified" or "modified" if you are sure it already exists and children objects can then be noted as "deleted".

The payload below creates the DCL_IntProf Interface Profile object and then creates the child SVI object. In this case if you wanted to delete the SVI but keep your Interface Profile object (a likely scenario), line 7 would stay as is and line 21 would change to "deleted".

Using one of your use cases, the payload below (which I used to add a host route to the Google DNS server 8.8.8.8/32 with "status": "created") has been updated to delete that 8.8.8.8/32 route. notice that the Parent object ipRouteP is set to "status": "deleted" and after that it does not matter what the child object says. However its good practice to keep it consistent and as you will see in some of the other requests in the Postman collection I do set a STATUS variable to give you and example of putting the "state" in a variable within your playbooks. Makes it easy to back out the configuration as well as apply it.

Again, the Postman collection is here and it comes with an environment set up for the DevNet APIC Sandbox.

The final option I'll mention is the ACI Tookit. Very good for basic stuff and handles alot of stuff for you (authentication, etc.). Early days it did not have all the actions I needed and so I went the "do it yourself" route.

Lastly, make liberal use of the ACI Inspector.

Thats where I got all of the payload data you see in the Postman collection.

I've got some Ansible ACI sample playbooks on GitHub from a presentation I did at Interop last year that might help.

Hope this helps!

View solution in original post

mr.richardb · ‎02-20-2020

Hi,

There are multiple possibilities.

1. The configuration guides have XML config codes.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/L3-configuration/Cisco-APIC-Layer-3-Networking-Configuration-Guide-411.html

For example:

"Procedure:

Step 1

Configure the tenant, VRF, and bridge domain.

This example configures tenant t1 with VRF v1 and bridge domain bd1. The tenant, VRF, and BD are not yet deployed.

Example:

<fvTenant  name="t1">
    <fvCtx name="v1"/>
    <fvBD name="bd1">
        <fvRsCtx tnFvCtxName="v1"/>
        <fvSubnet ip="44.44.44.1/24" scope="public"/>
        <fvRsBDToOut tnL3extOutName="l3out1"/>
    </fvBD>/>
</fvTenant>

"

2. The API inspector, but that is json based. (I do like it, because you can get the correct post/get URL and the json file content from it, while you are browsing the APIC)

You can use POSTMAN to deploy the configurations. (both for json and XML format)

Check these articles:

https://community.cisco.com/t5/data-center-documents/aci-automation-part-1-aci-with-postman-introduction/ta-p/3318219

https://community.cisco.com/t5/data-center-documents/aci-automation-part-2-aci-with-postman-configuring-single-epg/ta-p/3318255

https://community.cisco.com/t5/data-center-documents/aci-automation-part-3-aci-with-postman-on-configuring-multiple/ta-p/3320170

For the indentation part, use some text editor which recognise XML files and can convert it to the proper format.

Like Notepad++ with XML tools addon, or Atom with some XML addon, or I'm pretty sure your favourite editor has a plugin too.

Regards,

Richard

nileshgore25 · ‎02-23-2020

Hi Richard,

Thank You for your feedback.

1) yes the configuration guides can help. However I was wondering if there is any tool (May be Cisco internal tool) for generating xml scripts, just by providing the values as input.

Another manual way that i am aware of is to download the xml script from existing ACI configuration, edit it and use it as and how required.

2) I have gone through those posts already and they are really helpful for a newbie like me to quickly understand the ACI progammability process.

As for the text editor, i am now able to fix the indentation after downloading the plugin for sublime, i was not aware it existed.

Really appreciate your feedback !

Claudia de Luna · ‎02-20-2020

My preference is not to work with XML but in those cases where I have no choice I've used the xmltodict and dicttoxml modules in python. I've included an example below. Basically I have have some payload ( a bridge domain) that I got from a REST call to the APIC in a python dictionary called payload and you can see some of the manipulations below to pretty print it and save to a file.

import dicttoxml
import xmltodict


def main():
    pass

    payload =  {
        'fvBD': {
            'attributes': {
                'OptimizeWanBandwidth': 'no',
                'annotation': '',
                'arpFlood': 'no',
                'bcastP': '225.1.181.48',
                'childAction': '',
                'configIssues': '',
                'descr': '',
                'dn': 'uni/tn-SnV/BD-antigravity',
                'epClear': 'no',
                'epMoveDetectMode': '',
                'extMngdBy': '',
                'hostBasedRouting': 'no',
                'intersiteBumTrafficAllow': 'no',
                'intersiteL2Stretch': 'no',
                'ipLearning': 'yes',
                'lcOwn': 'local',
                'limitIpLearnToSubnets': 'yes',
                'llAddr': '::',
                'mac': '00:22:BD:F8:19:FF',
                'mcastAllow': 'no',
                'modTs': '2020-02-19T15:03:18.426+00:00',
                'monPolDn': 'uni/tn-common/monepg-default',
                'mtu': 'inherit',
                'multiDstPktAct': 'bd-flood',
                'name': 'antigravity',
                'nameAlias': '',
                'ownerKey': '',
                'ownerTag': '',
                'pcTag': '49154',
                'scope': '2523136',
                'seg': '16121790',
                'status': '',
                'type': 'regular',
                'uid': '15374',
                'unicastRoute': 'yes',
                'unkMacUcastAct': 'proxy',
                'unkMcastAct': 'flood',
                'v6unkMcastAct': 'flood',
                'vmac': 'not-applicable'
            }
        }
     }

    # Convert python dictionary to XML
    xmlbody = dicttoxml.dicttoxml(payload)

    # Prettyfy XML with xmltodict
    pretty_xml = xmltodict.unparse(xmltodict.parse(xmlbody), full_document=False, pretty=True)
    print(pretty_xml)

    # XML to file - Pretty with dicttoxml
    xmlbody2 = dicttoxml.parseString(dicttoxml.dicttoxml(payload))
    xml_file = xmlbody2.toprettyxml(indent=' ' * 4)

    print(xml_file)

    with open('Sample.xml', 'w') as xmlfile:
        xmlfile.write(xml_file)

File output looks like this:

<?xml version="1.0" ?>
<root>
    <fvBD type="dict">
        <attributes type="dict">
            <OptimizeWanBandwidth type="str">no</OptimizeWanBandwidth>
            <annotation type="str"/>
            <arpFlood type="str">no</arpFlood>
            <bcastP type="str">225.1.181.48</bcastP>
            <childAction type="str"/>
            <configIssues type="str"/>
            <descr type="str"/>
            <dn type="str">uni/tn-SnV/BD-antigravity</dn>
            <epClear type="str">no</epClear>
            <epMoveDetectMode type="str"/>
            <extMngdBy type="str"/>
            <hostBasedRouting type="str">no</hostBasedRouting>
            <intersiteBumTrafficAllow type="str">no</intersiteBumTrafficAllow>
            <intersiteL2Stretch type="str">no</intersiteL2Stretch>
            <ipLearning type="str">yes</ipLearning>
            <lcOwn type="str">local</lcOwn>
            <limitIpLearnToSubnets type="str">yes</limitIpLearnToSubnets>
            <llAddr type="str">::</llAddr>
            <mac type="str">00:22:BD:F8:19:FF</mac>
            <mcastAllow type="str">no</mcastAllow>
            <modTs type="str">2020-02-19T15:03:18.426+00:00</modTs>
            <monPolDn type="str">uni/tn-common/monepg-default</monPolDn>
            <mtu type="str">inherit</mtu>
            <multiDstPktAct type="str">bd-flood</multiDstPktAct>
            <name type="str">antigravity</name>
            <nameAlias type="str"/>
            <ownerKey type="str"/>
            <ownerTag type="str"/>
            <pcTag type="str">49154</pcTag>
            <scope type="str">2523136</scope>
            <seg type="str">16121790</seg>
            <status type="str"/>
            <type type="str">regular</type>
            <uid type="str">15374</uid>
            <unicastRoute type="str">yes</unicastRoute>
            <unkMacUcastAct type="str">proxy</unkMacUcastAct>
            <unkMcastAct type="str">flood</unkMcastAct>
            <v6unkMcastAct type="str">flood</v6unkMcastAct>
            <vmac type="str">not-applicable</vmac>
        </attributes>
    </fvBD>
</root>

You already know that most reasonable editors (Atom, Sublime, Notepad++) have plugins that will help you format most serialization protocols (XML, JSON, YAML etc.). You can also use an XML linter like now below. There are a bunch so Google "XML Lint" and pick one you like.

https://jsonformatter.org/xml-formatte

nileshgore25 · ‎02-23-2020

Hi Claudia,

I am still to study the way python can be use for ACI progammability. once i understand how to use i will try the method you have suggested.

Thank You for suggesting the plugin option for text editor, i was not aware about their existence. I have downloaded sublime xml indentation plugin and now i am able to fix the indentation. The url you have provided is helpful too.

Thank You very much for your feedback, it helped sooner than expected.

Regards

NIlesh

RedNectar · ‎02-23-2020

Hi @nileshgore25 ,

Let me start with Q2 first

2) when i right click and "save as" the xml script that is downloaded does not maintain the indentation and formatting. Is there any way to get those scripts in right indentation and format ?

Very simple answer. No

BUT there are very good editors that can very quickly format XML (and or JSON) for you. However, some these editors require addtional plugins to make these features work. My favourites are:

Atom [best cross platform editor for Linux, Macos and Windows - but works better on Macos than Windows]. Requires additional plugins for XML (atom beautify is the one I use) https://atom.io/
Notepad++ for Windows handles large files much better than Atom. Use v7.3.3 to make it easy to get the plugins and resist the temptation to upgrade. https://notepad-plus-plus.org/downloads/v7.3.3/
XML Copy Editor - no plugins required http://xml-copy-editor.sourceforge.net/

Now to Q1

1) is there any tool available to generate xml scripts for ACI configuration (tenant, BD, EPG, etc.) ?
intention is to post the xml scripts at appropriate location for ACI configuration.

This question scares me a little. It makes me imagine that you have a vision of some utility that will gather the information you need ans spit out an xml schema that you can use to post to ACI.

You see, such a utility exists already. It is called the ACI GUI, and if you want to use it offline, dowload the ACI Simulator

But I sense that the spirit of the question is really asking:

"Is there a way to make standard ACI configuration easier by editing some simple files then pushing the output to ACI?"

This is a question many have asked themselves. Some have found themselves going down the path of learning python programming, others have used excel to produce some output that can be pushed to ACI using a script.

So I'll finish my post with a few more random tips to add to the already considerable load of advice you have reacieved.

Tip #1 - Don't get stuck on .xml format

Take the time to appreciate the JSON format as well - it has a more logical structure than .xml and IF you get into the programming side of things you'll find JSON schemas are almost identical to pyhton dictionaries

Tip #2 - Look at Ansible

If you are looking for a way to automate ACI using simple text files, Ansible is probably your best bet. With Ansible, you can write your schema in YAML and use the Cisco ACI Ansible modules to integrate ACI with Ansible.

The beauty of Ansible is that it is programmable, and you can wind back things after you have applied them - even use conditionals to wind back configurations that don't work. Start your journey here: https://developer.cisco.com/automation-ansible/

Tip #3 - Use Python version 3 NOT 2.7

Firstly, I'm not really suggesting that you get into Python, but if you DO decide to try your hand at programming, start with Python version 3. Python 2.7 ceased to be supported by the python developers on Jan 1 2020. Until recently the Cisco ACI python libraries only supported Python 2.7 and a lot of the ACI related python stuff you'll find is written for 2.7 - but you'll find it is not too hard to convert to 3 if you want to use it.

Good luck, and if you discover anything useful, don't forget to post it back here to the community.

I hope this helps

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

nileshgore25 · ‎02-28-2020

Hi Chris,

Happy to see feedback from you, as i have seen some very interesting easy to understand blogs from you.

Thanks you for such a detailed response while rephrasing my questions to make better sense out of those.

For the text editor, i have started using the sublime text editor with xml plug-in. Thanks for the suggestions, i will also explore those options.

I am using ACI simulator now, however the way i have seen some scripts i feel that those were generated using some tool - the zip folder had 2 sub folder one folder named as MACOS, which I assume is some tool giving those outputs for MAC as well as for windows.

I have started learning Python and later will also learn Ansible.

I have one more query on the similar lines.

I want to edit only partial configuration, for example

1) Inside the L3OUT, delete 5 out of 10 static routes and add 2 new static routes

2) Inside the L3OUT, change the SVI VLAN for few paths

I was able to accomplish the test on the ACI simulator; however i want to understand more about the use of - created, modified, deleted options in the script, where in the script hierarchy these can be used.

RedNectar · ‎02-28-2020

Hi @nileshgore25 ,

I have one more query on the similar lines.

I want to edit only partial configuration, for example
1) Inside the L3OUT, delete 5 out of 10 static routes and add 2 new static routes
2) Inside the L3OUT, change the SVI VLAN for few paths

I was able to accomplish the test on the ACI simulator; however i want to understand more about the use of - created, modified, deleted options in the script, where in the script hierarchy these can be used.

I don't have a ready answer for you, and this is not something I can answer without some research. @Claudia de Luna might be better equipped to find a quick answer.

But if I was facing this problem, I'd use python

Make sure I had python installed, and had installed the cobra eggs (see https://<ip_of_APIC>/cobra/)
build a tenant in your simulator with a L3out and some static routes
save the tenant config in .xml or .json format (Tenants > YourTenant >+ Save as... Content: Only Configuration; Scope: Subtree; Export Format: xml|json - your preference)
Use ARYA to convert the xml/json to python
Look at the ARYA created python script to learn how to add static routes
Read this to learn how to delete routes

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

nileshgore25 · ‎03-03-2020

Hi Chris,

I have installed the cobra eggs and also the ACI toolkit and started with the very basic first exercise of sample tenant creation using ACI toolkit.

once i get a fair understanding of they way to automate ACI using python, i will try the procedure suggested by you.

Thank You very much !

RedNectar · ‎03-03-2020

Hi @nileshgore25 ,

No problem. Glad @Claudia de Luna came to my rescue to help you out!

Enjoy your future python adventures.

Here is how us Aussies work with python(s) https://www.youtube.com/watch?v=FIMvRSyy1II

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Claudia de Luna · ‎02-29-2020