"Hello World" automation with Cisco ACI, let's get vPC running

First things first, when you want to start with ACI automation, you first need to login to APIC and get your authentication token. This token is then used in subsequent requests as your identifier when performing REST calls. The URI to post your credentials to is:

http(s)://<apic>/api/mo/aaaLogin.json|xml  

You choose xml or json extension depending on the body format you want to use for your request. I tend to prefer json as it's very close to dictionaries or associative arrays in python or javascript and basic modules are available so you can easily process payload in both languages.
APIC expects the following POST:

{
  "aaaUser":{
    "attributes":{
      "name":"admin",
      "pwd":"Cisco123"
    }
  }
}

The request will return the token as an attribute of the aaaLogin class instance as well as other useful information, such as the token time-out value or the session ID. On top of that, the HTTP response will contain an APIC-cookie variable, that includes the token. You can then re-use this information inside a cookie when performing following HTTP requests, APIC won't ask you for authentication until the refresh timeout expires.
POSTMAN will automatically do it for you. If you want to use cURL, use the following syntax to save the token to a file named "cookie" :

curl -X POST http://<apic>/api/mo/aaaLogin.json -d "@DATA" -c cookie  

DATA is the file containing the POST body defined above. The content of the cookie file should then be something like:

Netscape HTTP Cookie File  
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_1.1.1.1    FALSE   /   FALSE   0   APIC-cookie YEPJpQVsYe9BPPVWpalXePXM3NHZXPJktnR4eACWrot3WmmBnm0sUaKzhqZdYA/yX8/GHojmarj104howMKzKOAgTiHkKNJvpYB+qFKJZVSHiOizl3KzqAZ8rRhOYkx2IS2LxHLHtZljQTDyDjAMWBHG0wJWP8RdxyG/BMxRxm5pxUvcsKhc74HUlCVNONxc

You can now use the cookie file with the following syntax:

curl -X GET http://<apic>/api/mo/class/fvTenant.json -b cookie  

This will give you the list of all objects of class fvTenant, in other words, the list of all ACI tenants.

Let's the fun begin

Now let's have a look at how to create a vPC domain in ACI. There are basically 3 options to pair leaf nodes together.

  • The first one is to explicitly define how to group leaf nodes together, e.g.: leaf-101 and leaf-102.
  • The second option is to automatically place leaves into vPC domain consecutively. That is, leaf-101 and leaf-102 will make up a domain, then leaf-102 and leaf-103, etc.
  • The third option is called reciprocal. It will automatically group even leaf nodes and odd leaf nodes, e.g..: leaf-101 and leaf-103, then leaf-102 and leaf-104, etc.

By default the protection group policy is set to explicit. It can be found under Fabric>Access Policies>Switch Policies>Policies>Virtual Port Channel Default.

If we look at the object model tree for this specific class, we can draw up the following relationships:

So if we start the configuration subtree at /uni/infra/protpol, we need the following json code:

{
  "fabricProtPol": {
      "attributes": {
          "dn": "uni/fabric/protpol",
          "pairT": "explicit"
      },
      "children":[{
        "fabricExplicitGEp":{
          "attributes":{
            "name":"leaf-101-102",
            "id":"5"
          },
          "children":[{
            "fabricNodePEp":{
              "attributes":{
                "id":"101"
              }
            }
          }, {
            "fabricNodePEp":{
              "attributes":{
                "id":"102"
              }
            }
          }]
        }
      }]
  }
}

This will create a new vPC domain with ID 5, composed of leaf 101 and leaf 102.

If you've read my previous post Cisco ACI Automation Deep Dive - Part 1, you already know how to post to APIC with POSTMAN. Now let's do it with cURL:

  • Copy the previous JSON content into a file. ("VPC_DOMAIN" in the example below)
  • Login to APIC to get your session token.
  • POST the file to APIC:
curl -X POST http://<apic>/api/mo/uni.json -d "@VPC_DOMAIN" -c cookie  

If it worked you should receive:

{"totalCount":"0","imdata":[]}

Comments

comments powered by Disqus