The Dietze Haus

Wednesday, May 16, 2018

Suppressing Fault Code "F2543" in Cisco ACI/APIC (3.1+) with the Cobra SDK

Sometimes in the ACI environment you would like to suppress a fault that either isn't typically suppress-able or one that is hard to find to suppress.

I recently encountered CSCvi72804 which will cause unsuppress-able faults that are auto-generated if you have used a fabric id value other than "1". Apparently, I need mental help and couldn't just let it go so I ended up writing a script to help me suppress these faults. According to TAC, my only other options were to upgrade my ACI fabric to 3.2 or wipe the whole production datacenter and build it with a fabric id value of "1". No thanks for those other options.

This script will put your fault suppression inside the Fabric tab's monitoring policy. If you want it elsewhere, you will need to modify the script to reference/create a "FaultTarget" object that lives under the other type of policy.

The only other things you might need to change if you are attempting to suppress another fault are in the static variable section of the script. These values affect where the GUI will store the fault suppression policies.

	#Environment Python 2.7 Windows 10
	#APIC 3.1(2o)

	from cobra.mit.request import ConfigRequest
	from cobra.internal.codec.jsoncodec import toJSONStr
	from cobra.model.mon import FabricTarget
	from cobra.model.fault import SevAsnP

	#Import custom login module
	import aci_auth

	# Suppress HTTP Warnings
	import urllib3
	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

	##########STATIC VARIABLES################
	APIC_URL = 'https://APIC_URL'
	FAULT_TARGET_PARENT_DN = "uni/fabric/monfab-default"
	FAULT_TARGET_SCOPE = "dhcpClientIf"
	FAULT_CODE = "F2543"
	FAULT_NAME = "fltDhcpClientInvalidConfiguration"
	FAULT_DESC = "Added with script to suppress faults from CSCvi72804"
	##########################################

	#URL for APIC server

	#Load creds for APIC server
	creds = open('../creds/creds.txt','r')
	username = creds.readline().strip()
	password = creds.readline().strip()

	#Auth and login
	moDir = aci_auth.aci_login(APIC_URL, username, password)

	#Use an existing FabricTarget scope to contain our custom fault suppression
	fabricTarget_obj = FabricTarget(FAULT_TARGET_PARENT_DN,scope=FAULT_TARGET_SCOPE)
	sevAsnP_obj = SevAsnP(fabricTarget_obj.dn,code=FAULT_CODE,name=FAULT_NAME,initial='squelched',descr=FAULT_DESC)
	print "\n",toJSONStr(sevAsnP_obj,includeAllProps=True)

	#Commit individually
	config_req = ConfigRequest()
	config_req.addMo(fabricTarget_obj)
	config_req.addMo(sevAsnP_obj)

	#Commit
	moDir.commit(config_req)

	#Logout
	aci_auth.aci_logout(moDir)

	print "DONE"

view raw create_sev_asn_p.py hosted with ❤ by GitHub

	#!/Python27/python
	#Environment Python 2.7 Windows 10 ACI 2.3(1f)

	#Simple module for ACI login and logout

	from cobra.mit.access import MoDirectory
	from cobra.mit.session import LoginSession

	# Suppress HTTPS Warnings
	import urllib3
	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

	def aci_login(apic_url, username, password):
	#Create login session and actually login
	loginSession = LoginSession(apic_url, username, password)
	moDir = MoDirectory(loginSession)
	moDir.login()
	return moDir

	def aci_logout(moDir):
	#Logout
	moDir.logout()

view raw aci_auth.py hosted with ❤ by GitHub

Monday, October 16, 2017

Adding FEX Static Ports to Cisco ACI with Cobra SDK (Network-Centric Approach)

OK, now lets really get going. Lets talk about how you could possibly start migrating FEXs to ACI.

Firstly, we need to discuss the basics of the application-centric approach and the network-centric approach. In the network centric model, you can connect ACI to a legacy network that is still running significant vlans. This is a decent strategy if you don't want to re-ip as you move to ACI and have a significant 7k-5k-2k deployment today.

Read more HERE

Although ACI is capable of handling this type of infrastructure, it was obviously not designed to maintain a deployment this way from the GUI so we will need to compensate with a significant amount of scripting.

This example was actually created to support some B22 migrations. For each of these migrations every one of the ports was configured identically and as a trunk.

I created a .txt file that I could read from for the vlans that needed to get added to the trunk. You can create your own with a "show vlan b | i active" on an existing 5k/7k that you are migrating from. I will include an example of what that looks like after the script.

	#Created by Kevin Dietze
	#Environment Python 2.7 Windows 10 ACI 2.3(1f)

	from cobra.mit.access import MoDirectory
	from cobra.mit.session import LoginSession
	from cobra.mit.request import ConfigRequest
	from cobra.internal.codec.jsoncodec import toJSONStr
	from cobra.model.fv import RsBd, Ctx, BD, RsCtx, AEPg, RsPathAtt

	#Import custom login module
	import aci_auth

	# Suppress HTTP Warnings
	import urllib3
	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

	#URL for APIC server
	apicUrl = 'YOUR_APIC_SERVER_IP'

	#Load creds for APIC server
	creds = open('./creds/creds.txt','r')
	username = creds.readline().strip()
	password = creds.readline().strip()

	#Auth and login
	moDir = aci_auth.aci_login(apicUrl, username, password)

	#Basic lookups for root locations
	fvAEP = moDir.lookupByDn("uni/tn-TENANT/ap-LAB-APPLICATION-PROFILE/")
	fvAEPgs = moDir.lookupByClass("fvAEPg",parentDn=fvAEP.dn)

	#Example interface_dn "topology/pod-1/paths-291/extpaths-161/pathep-[eth1/1]"
	#we will build this later based on user input. Start with a prefix
	interface_dn_prefix = "topology/pod-1/paths-"

	#File with vlan information
	f = open('n5ksw1-vlans.txt','r')
	#f = open('n5ksw1-vlans-test.txt','r')

	#Load vlans into a dictionary for quick lookups later
	vlan_dict = {}
	for line in f:
	vlan_num = line.strip().split()[0]
	vlan_dict['VLAN-'+str(vlan_num)] = 1

	#Ask user for LEAF id number
	leaf_num = raw_input("What LEAF ID num?: ")
	if int(leaf_num) < 200 or int(leaf_num) > 299:
	raise Exception("Invalid value for LEAF ID number")

	#Ask user for FEX id number
	fex_num = raw_input("What FEX ID num?: ")
	if int(fex_num) < 100 or int(fex_num) > 199:
	raise Exception("Invalid value for FEX ID number")

	#Iterate over all AEPgs in ACI
	for AEPg_obj in fvAEPgs:
	#Check if AEPg needs to have a static port added
	if AEPg_obj.name in vlan_dict:
	#Print the AEPg so we can see which one we are working with
	print toJSONStr(AEPg_obj)
	#Iterate for each port. B22's have [1,16]
	for int_num in range(1,17):

	#Assign to Fex Interface
	#tDn = interface_dn_to_fabric_path_ep_dn(interface_dn)
	tDn = interface_dn_prefix + str(leaf_num) + "/extpaths-" + str(fex_num) + "/pathep-[eth1/" + str(int_num)+ "]"
	print tDn
	#mode 'regular' for trunk and 'native' for dot1.p
	RsPathAtt_obj = RsPathAtt(AEPg_obj,tDn ,encap=AEPg_obj.name.lower(),mode='regular',instrImedcy='immediate')

	#Commit individually
	config_req = ConfigRequest()
	config_req.addMo(RsPathAtt_obj)

	#Commit
	moDir.commit(config_req)

	f.close()

	#Logout
	aci_auth.aci_logout(moDir)

view raw add_aepg_to_b22_fex.py hosted with ❤ by GitHub

	3 LAB active Po10, Eth1/1, Eth1/2
	10 LAB_MANAGEMENT active Po10, Eth1/1, Eth1/2, Eth1/33
	40 LAB_DEV active Po10, Eth1/1, Eth1/2

view raw n5ksw1-vlans.txt hosted with ❤ by GitHub

Getting Started with the Cisco Cobra SDK and ACI

We should talk about Cisco ACI and the Python Cobra SDK. Cisco's ACI platform is one of those hot new topics and we are always looking for fresh new examples of how to automate basic tasks inside the ACI platform.

I will not provide examples of how to install the Cobra SDK or any of the Python modules you need. There are plenty of other places on the internet that you can get those instructions from.

First off, lets start off with the absolute basics. Authentication is obviously the first step as we begin out discussion of Cisco ACI.

I have provided a basic auth module that can be imported into any Python SDK program. Its not really all that useful, but it will be easier for me to include code later as these posts will build on each other.

	#!/Python27/python
	#Environment Python 2.7 Windows 10 ACI 2.3(1f)

	#Simple module for ACI login and logout

	from cobra.mit.access import MoDirectory
	from cobra.mit.session import LoginSession

	# Suppress HTTPS Warnings
	import urllib3
	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

	def aci_login(apic_url, username, password):
	#Create login session and actually login
	loginSession = LoginSession(apic_url, username, password)
	moDir = MoDirectory(loginSession)
	moDir.login()
	return moDir

	def aci_logout(moDir):
	#Logout
	moDir.logout()

view raw aci_auth.py hosted with ❤ by GitHub

Sunday, December 4, 2016

Enable Web Admin Interface on Cisco 8861 IP Phone on a 10.5 Call Manager with Python 2.7

If you happen to have the fortune of needing to deploy Cisco 8861 Wi-Fi phones on an EAP-TLS network with User Installed Certificates on a 10.5 Call Manager then this script will help you out.

Call Manager 10.5 has the capability to enable the Web Admin interface on the 8861, but the Call Manager GUI doesn't support enabling it. Without the Web Admin interface, there is no way to actually install your user installed certificate.

- Dietze

#!/Python27/python

#Environment
#OSX/UCM10.5/Python2.7/

import os
import requests
import json
import smtplib
import urllib
import sys

#####GET INFO FROM CALL MANAGER########
cmserver = 'YOUR_CALL_MANAGER_IP_OR_HOSTNAME'
cmport = '8443'
wsdl = "file:" + "/AXLAPI.wsdl"
location = 'https://' + cmserver + ':' + cmport + '/axl/'

tns = 'http://schemas.cisco.com/ast/soap/'
imp = Import('http://schemas.xmlsoap.org/soap/encoding/', 'http://schemas.xmlsoap.org/soap/encoding/')
imp.filter.add(tns)

##LOCATIONS FOR REALTIME STATUS
##THIS IS FOR RISPORT
RTDS_wsdl = 'https://' + cmserver + ':8443/realtimeservice/services/RisPort?wsdl'
RTDS_location = 'https://' + cmserver + ':' + cmport + '/realtimeservice/services/RisPort'

#SET USER INFO
#MIGHT BE A GOOD IDEA TO ADD READ THIS FROM A FILE OR SOMETHING
username = user_file.readline().strip()
password = user_file.readline().strip()

try:
 #LOG INTO CALL MANAGER AND CREATE CLIENT OBJECT
    client = Client(wsdl,location=location, username=username, password=password, plugins=[ImportDoctor(imp)])
    
    #SETUP REAL TIME DEVICE STATUS CLIENT (NEEDED TO SEARCH BY IP)
    RTDS_client = Client(RTDS_wsdl,location=RTDS_location, username=username, password=password, plugins=[ImportDoctor(imp)])
 
 #PHONE NAME TO SEARCH FOR
    phone_name = 'SEPXXXXXXXXXXXX'
    
    #SET ADMIN PASSWORD FOR THIS PHONE
    phone_admin_password = 'ciscocisco'
    
    #CREATE RESULT OBJECT AFTER A GET PHONE REQUEST
    result = client.service.getPhone(name=phone_name)
    
    #GET MODEL FROM RESULT OBJECT
    model = str(result['return']['phone']['model'])
    print model
    
    #IF THE MODEL IS AN 8861 THEN UPDATE THE PHONE WITH THE VENDOR CONFIG THAT ISNT IN THE CUCM 10.5 GUI
    if model == "Cisco 8861": 
        client.service.updatePhone(name=phone_name,vendorConfig={
            'disableSpeaker':"false",
            'disableSpeakerAndHeadset':"false",
            'pcPort':"0",
            'voiceVlanAccess':"0",
            'webAccess':"1",
            'spanToPCPort':"1",
            'recordingTone':"0",
            'recordingToneLocalVolume':"100",
            'recordingToneRemoteVolume':"50",
            'powerPriority':"0",
            'minimumRingVolume':"0",
            'ehookEnable':"1",
            'headsetWidebandUIControl':"0",
            'headsetWidebandEnable':"0",
            'garp':"1",
            'allCallsOnPrimary':"0",
            'g722CodecSupport':"0",
            'webAdmin':"1",
            'adminPassword':phone_admin_password,
            })
    else:
        raise ValueError("Not a Cisco 8861")

 #RUN SELECT CM DEVICE TO GET THE IP OF THE PHONE WE JUST UPDATED
    RTDS_result = RTDS_client.service.SelectCmDevice('',{'SelectBy':'Name', 'Status':'Registered', 'Class':'Phone', 'SelectItems':{'SelectItem':{'Item':phone_name}}})
    for i in range(0,len(RTDS_result['SelectCmDeviceResult']['CmNodes'])):
        output = str(RTDS_result['SelectCmDeviceResult']['CmNodes'][i]['CmDevices'])
        if (output != '[]'):
            phone = RTDS_result['SelectCmDeviceResult']['CmNodes'][i]['CmDevices']
            ##print output

    ##PRINT PHONES IP
    phone_ipaddress = phone[0]['IpAddress']
    print "Phone IP Address: " + phone_ipaddress
    
    ##RESTART PHONE
    client.service.restartPhone(name=phone_name)
    print "RESETTING PHONE"
    
    print "SUCCESS"
    print "Login @: https://"+phone_ipaddress+":8443\"
    print "admin | "+phone_admin_password
    

except Exception as e:
    print e
    
print 'Done'
###

Saturday, December 3, 2016

Getting Started with Cisco AXL and Python

Lets talk about getting started with Python and Cisco AXL.

AXL is an API that we can use to interact with Call Manager. I was able to get some basic scripts going to automate some more complicated tasks like setting up RDPs or creating route patterns. I won't provide examples of those on this post, but I will in the future.

Firstly, the important part of these scripts is using the WSDL file for your version of CUCM. There are plenty of resources available to find these so I won't include those instructions here. My examples will be on 10.5 unless otherwise noted.

Below is an example of how to get started with AXL and Python. You will need to fill out your Call Manager IP, WSDL file location, CUCM username, password, and an example IP Phone name.

#!/Python27/python

#Environment
#OSX/UCM10.5/Python2.7/


import cgi
import os
import requests
import json
import smtplib
import urllib
import sys

#####GET INFO FROM CALL MANAGER########
cmserver = 'YOUR_CALL_MANAGER_IP_OR_HOSTNAME'
cmport = '8443'
wsdl = "file:" + "/AXLAPI.wsdl"
location = 'https://' + cmserver + ':' + cmport + '/axl/'

tns = 'http://schemas.cisco.com/ast/soap/'
imp = Import('http://schemas.xmlsoap.org/soap/encoding/', 'http://schemas.xmlsoap.org/soap/encoding/')
imp.filter.add(tns)

##LOCATIONS FOR REALTIME STATUS
##THIS IS FOR RISPORT
RTDS_wsdl = 'https://' + cmserver + ':8443/realtimeservice/services/RisPort?wsdl'
RTDS_location = 'https://' + cmserver + ':' + cmport + '/realtimeservice/services/RisPort'

#SET USER INFO
#MIGHT BE A GOOD IDEA TO ADD READ THIS FROM A FILE OR SOMETHING
username = 'CUCM_USERNAME'
password = 'PASSWORD'

try:
 #LOG INTO CALL MANAGER AND CREATE CLIENT OBJECT
    client = Client(wsdl,location=location, username=username, password=password, plugins=[ImportDoctor(imp)])
    
    #SETUP REAL TIME DEVICE STATUS CLIENT (NEEDED TO SEARCH BY IP)
    RTDS_client = Client(RTDS_wsdl,location=RTDS_location, username=username, password=password, plugins=[ImportDoctor(imp)])
 
 #PHONE NAME TO SEARCH FOR
    phone_name = 'SEPXXXXXXXXXXXX'
    
    #CREATE RESULT OBJECT AFTER A GET PHONE REQUEST
    result = client.service.getPhone(name=phone_name)
    
    #GET MODEL FROM RESULT OBJECT
    model = str(result['return']['phone']['model'])
    print model

 #RUN SELECT CM DEVICE TO GET THE IP OF THE PHONE WE JUST UPDATED
    RTDS_result = RTDS_client.service.SelectCmDevice('',{'SelectBy':'Name', 'Status':'Registered', 'Class':'Phone', 'SelectItems':{'SelectItem':{'Item':phone_name}}})
    for i in range(0,len(RTDS_result['SelectCmDeviceResult']['CmNodes'])):
        output = str(RTDS_result['SelectCmDeviceResult']['CmNodes'][i]['CmDevices'])
        if (output != '[]'):
            phone = RTDS_result['SelectCmDeviceResult']['CmNodes'][i]['CmDevices']
            ##print output

    ##PRINT PHONES IP
    phone_ipaddress = phone[0]['IpAddress']
    print "Phone IP Address: " + phone_ipaddress
    
    ##RESTART PHONE
    client.service.restartPhone(name=phone_name)
    print "RESETTING PHONE"
    
    print "SUCCESS"
    

except Exception as e:
    print e
    
print 'Done'

Friday, December 2, 2016

And thus it begins

As with anything new, this will be a work in progress. I plan on this to be a place where I can post code snippets and labs to help others where I have struggled.

Dietze