Re: Need Assistance in Replacing NSO Firewall Templates with Python

levent.setenci · ‎09-20-2024

Hello there,

I am working on a NSO service using the NSO Firewall Services repository which relies on XML templates to manage firewall rules. However, I would like to replace the template-based configuration approach with Python scripting that utilizes NSO's Maagic and Maapi APIs.

Could you please help me on how to adapt the repository’s template-based logic to Python, specifically using Maagic for model-driven interactions and Maapi for database access? The goal is to dynamically manage firewall rules entirely in Python without using XML templates. I read the NSO docs but had no luck finding anything that suits my interest.

Specifically, I need guidance on:

- How to insert and order firewall rules programmatically using Maagic or Maapi.
- How to move and reorder existing rules in Python.

Thank you for your help.

hazad · ‎09-24-2024

To start with, you can extract the python code to access the nodes through maagic by first enabling devtools and then showing the data nodes through CLI, and piping it with "display maagic". So something like this:
admin@ncs# devtools true
admin@ncs# show running-config devices device | display maagic

After some copy and pasting from the output of above to your service callback, you can access the access-list node of the device as a maagic List object in python, create items using create (https://developer.cisco.com/docs/nso/api/ncs-maagic/#ncs.maagic.List.create) and moving them using move (https://developer.cisco.com/docs/nso/api/ncs-maagic/#ncs.maagic.List.move)