Egy projekt során az eszközök konfigurációja legtöbb esetben laborban születik meg és evolúciós utat jár be: átalakul, fejlődik, be- és kikerülnek funkciók, ügyfélhez kötődő paraméterek.
Miután a laborban a tesztek lezajlottak a konfigurációk legtöbb esetben átemelhetőek az éles környezetbe, ahol szerencsés esetben változtatás nélkül, esetleg minimális platformhoz kötődő átalakításokkal használhatóak lesznek.
Nincs ez másként az SD-WAN esetében sem. A laborunkban létrehoztunk egy 6 cEdge-ből álló topológiát, amelyhez a template-k és a policy-k a vManage GUI-n keresztül készültek. Lehetett volna API-t használni, de igyekeztünk a különböző device template-ket a lehető legkevesebb feature template-ből összerakni “device_specific”változók használatával, ez pedig rengeteg újratervezést és paraméter módosítást jelentett. Ezt egyszerűbb volt GUI-n megtenni.
Mikor a template-k és policy-k véglegesednek azokat átemeljük a produktív környezetbe.
Viszont a vManage felületéről hiányzik az export és import lehetőség a template és policy menüpontok alól.
Több lehetőségünk van:
-
Újra létrehozzuk a produktív vManage GUI-n az összes policy-t, template-t stb.
-
Exportáljuk a labor vManage adatbázisát (request nms configuration-db backup path /home/admin/db_backup) és visszatöltjük a produktív kontrollerre
-
REST API-n konfiguráljuk a produktív vManage-t
-
Script segítségével kiexportáljuk a labor kontrollerből a policy-kat, template-ket és visszatöltjük azokat a produktív vManage-re
Nézzük meg az utolsó opciót.
Klónozzuk le a kódot majd hozzunk létre egy Python virtuális környezetet.
fkuris-Macbook-Pro:Downloads fkuris$ git clone https://github.com/CiscoSE/cisco-sd-wan-export-import.git Cloning into ‘cisco-sd-wan-export-import’… remote: Enumerating objects: 72, done. remote: Total 72 (delta 0), reused 0 (delta 0), pack-reused 72 Receiving objects: 100% (72/72), 37.54 KiB | 699.00 KiB/s, done. Resolving deltas: 100% (42/42), done. fkuris-Macbook-Pro:Downloads fkuris$ fkuris-Macbook-Pro:downloads fkuris$ cd cisco-sd-wan-export-import fkuris-Macbook-Pro:cisco-sd-wan-export-import fkuris$ python3 -m venv venv fkuris-Macbook-Pro:cisco-sd-wan-export-import fkuris$ source venv/bin/activate (venv) fkuris-Macbook-Pro:cisco-sd-wan-export-import fkuris$ pip install -r requirements.txt Collecting requests==2.21.0
Exportáljuk ki a labor vManage konfigurációját.
(venv) fkuris-Macbook-Pro:cisco-sd-wan-export-import fkuris$ python sd-wan-exim.py 192.168.150.121:8443 admin admin export Action: export Export entire configuration. device_template Exporting ID: 6aea0dd4-c539-41c2-9d6a-62fd6364ab47 Exporting ID: ed103166-f3e8-4b7f-8858-1401c235cfd8 Exporting ID: ccd5e46c-6de5-4670-91ba-703fa8ac5afc Exporting ID: e6e761e1-d9ad-44fc-8f31-5c2b4e127a30 Exporting ID: 372f11d1-6e62-4c9b-93cb-c3f5bb53254c Exporting ID: 045007a3-c723-4fe9-87ab-087376b58dbc Exporting ID: 895dae6b-7150-43b3-810a-78ced4b9fba0 Exporting ID: 4513e794-c700-41d2-a988-06413026ac19 Successfully exported the device templates from 192.168.150.121:8443 feature_template Exporting ID: 16876819-1fb9-40ec-8f64-805dccbc7498 Exporting ID: 7f729a99-a65f-4446-94b3-68e31a7f1669 Exporting ID: 2c7dda4d-af12-4702-a819-34bc5562f943 Exporting ID: 1a304acb-d8f4-4469-aeff-3594bc9eb001 Exporting ID: fd9ce9aa-86d3-44ea-93b5-88881abb5147 Exporting ID: 2305ed59-32a4-4c67-b4c3-c26408da4e41 Exporting ID: c19c7bbb-8e72-481f-8b28-0e59ef8c9620 Exporting ID: c127e231-0fb7-4ea2-9892-431c28101941 Exporting ID: 76f144d5-7f36-43a9-9d64-e9f255cc22b1 Exporting ID: 3bf40152-fbf8-45a3-9a01-60338cac0f59 Exporting ID: 97d0c9c2-45b7-49fa-b003-aee9d03a9c5e Exporting ID: a3081920-59c6-4f9d-9103-e70327786f27 Exporting ID: bf175863-e280-4bab-82b4-9ad0142eea08 Exporting ID: 8880cc8f-4778-40b2-bbfd-44d5dad2543f Exporting ID: dcdd3928-52c7-4fdf-95ad-64cece0cb992 Exporting ID: 66d31e7f-d9f2-4fbd-b0ab-dc27fd4967af Exporting ID: 23708c20-eec0-439e-8209-8fb24c3cbdd9 Exporting ID: cc5dda49-259e-4f08-8d5a-1e6c214bc480 Exporting ID: d6ec3835-978c-400d-a45d-62e6165a8586 Exporting ID: 3e38a33f-6626-4f70-a8b4-2095ebe6f69f Exporting ID: fc4bd3b8-fd0c-4692-9877-cc8201342ef4 Exporting ID: d66660e2-5a69-455a-b7e8-85cee16bead0 Exporting ID: 750a1b10-c05d-4ef5-ab2a-b4ce580721f1 Exporting ID: fe0b0970-1ec5-44f9-b64e-93f159155bf9 Exporting ID: 31289a0c-40cd-4aae-859f-593fc062127a Exporting ID: 56a23be6-e178-4b2e-9fd1-38d8971151d9 Exporting ID: ada326b8-3e4c-495f-ad29-6303276968c9 Exporting ID: 27a0c7c4-c845-466b-b93c-5fd2fbb395b8 Exporting ID: 32a67add-549e-4e1f-aec4-f3ac57925f17 Exporting ID: 5eee5c9e-a09f-4efa-8816-b3771c6eeba4 Exporting ID: c719db48-5a57-4a4a-80fd-682b3ae093ce Exporting ID: 1f065f5e-2a8e-4dac-b3aa-1bba71cd3d98 Exporting ID: c85d63ab-ca33-4edc-853a-c5a105371872 Exporting ID: 67806f86-6b07-4225-9736-2fcab9c7d586 Exporting ID: 741bc4ca-d89d-493f-a684-8edf841dacb2 Exporting ID: 182d1c06-487f-48e1-a9dd-da7cb0335062 Exporting ID: ec869032-bee0-41f2-98f9-de25bc7d80d4 Exporting ID: ffbc494f-863d-4aab-ba34-e8d6760b8397 Exporting ID: 20fe8bbf-f207-49b7-8de7-5b02604af44c Exporting ID: 0d0cd6eb-62fb-4a62-ba84-a4ab7d404017 Exporting ID: f2306676-54d8-44ad-8312-ce05debfe29d Exporting ID: 82968fa0-95c0-4ab8-a09a-e798ac4f7f2c Exporting ID: 30b4859c-5cf8-4bb1-89b3-e181d0df56bb Exporting ID: ceea7b58-3f28-4480-9f46-0c5cb8a3dce6 Exporting ID: c86cddf4-09c5-44c2-883a-655c76b237a8 Exporting ID: 51cce233-ee4d-4ba0-9104-3afabf8fb9ca Exporting ID: d04e4568-5edf-474f-b2de-b71e8914561b Exporting ID: 35a210e3-ae36-4428-a165-3ed428c1c9af Exporting ID: 508dd090-45ff-41f7-b4ed-7ad8cfdb84a4 Exporting ID: 25c5eec3-3649-4d0c-8950-967227096eb8 Exporting ID: 3c5994d6-f53e-4cda-9f53-2782bc361a9a Exporting ID: eb94103c-0dc0-43a4-825d-5a2675a865f3 Exporting ID: c3786c96-1bc0-428e-81ed-9312e025d399 Exporting ID: 6c85688c-bb7a-4ecb-a7ab-983d151caea2 Exporting ID: 21e16183-f5ef-47bf-bb50-614a4ccae77b Exporting ID: 42eae2e4-316e-4eca-979e-0e563c698ae4 Exporting ID: abbeb3cf-56bb-4e6f-902e-2be1198a3eab Exporting ID: 25ac1f56-233a-41e2-81ea-d9b459a063be Exporting ID: b17e675a-c71a-4729-8c02-ece8d6ab0bfd Exporting ID: a56fd948-6272-4d0f-a575-0bf544e37565 Exporting ID: 7df3f516-326a-4b61-9461-dc4ec05902dc Exporting ID: 7f14959c-db75-46da-8f68-8e546fa7e3a3 Exporting ID: f73b495c-5d9c-45c1-adc2-9f746a0dcf03 Exporting ID: 4e9a931a-5fc1-4cb6-8bbd-3cf188bd826d Exporting ID: f2267cb8-04b3-4c2d-a9d5-ae125fa1a0ca Exporting ID: 0f472928-fc31-42b6-a9be-54e5f35f9aaf Exporting ID: 593bbf67-7cea-4b9e-9ba2-57c8dcf8e18e Exporting ID: 5465de07-9bc3-4437-98b2-8f104401f437 Exporting ID: 6d2770d5-9131-4808-8d22-6037830c5f36 Exporting ID: 6aa76ff1-f844-4c52-ab23-1934ef1436dd Exporting ID: 960c1595-96b3-434b-b7d9-a5b6aa65e15a Exporting ID: 5a496b1d-b370-4883-9b37-45018d1b9a98 Exporting ID: 2130cb1b-f769-49d8-8474-84d66289fc8c Exporting ID: a5b945fd-fa1b-4c60-8962-21b65d334210 Exporting ID: b072d0e6-4fae-4d20-adec-6318a9db6790 Exporting ID: db8e9832-b0ab-43ca-8eb3-0cc8eeb68198 Exporting ID: 9dd59332-1b04-4a9a-b0ad-ec9bb0c9a75c Exporting ID: 4b1d09a7-1f38-49da-b233-78a79b6487fe Exporting ID: e75ff9cb-6968-4742-8727-e124156d41d7 Exporting ID: 0c6a9e35-2211-44c7-abd7-f2e95f46ff61 Exporting ID: ade18d73-aad5-46af-9241-540be2c1b7c6 Exporting ID: 5dbc8c88-0ec7-4e00-aea3-24d408d85f81 Exporting ID: ed26f877-63ab-4549-98b0-012b01bdb0c9 Exporting ID: 2d131ca7-f30f-48c1-8308-e16c32abf1ad Exporting ID: 57f99b5b-3516-4e30-973b-ab215924d67f Exporting ID: d4604ae4-9697-43a5-b2f9-8bc312b44b9b Exporting ID: 0242247e-d202-4a6a-b4b5-eb3dc72d7b16 Exporting ID: a732b6af-8f3d-4d12-a78d-32540d4d680c Exporting ID: e89b50a8-a8fd-4b13-bdcd-67a1e98ad858 Exporting ID: 6b67fb03-770d-4503-9b2e-c95e675a06ab Exporting ID: abd7d42c-fce2-4a44-a40e-f4626bff935b Exporting ID: c8ffb561-0310-4abb-bd4d-fafad4cba82d Exporting ID: bd445199-591a-49eb-a500-7bba1229b3df Exporting ID: ef9d086e-521d-4ef4-b8ea-44f4f2353bb3 Exporting ID: c4c7e658-5614-43cb-9d39-2e3d611f6406 Exporting ID: 707c7be4-725c-4430-9462-5e02dac53724 Exporting ID: 9f21c1dd-de05-489c-8b27-b39f3ea844cf Exporting ID: edffc988-9ea8-45e2-aab6-0802c2064cc6 Exporting ID: 02c9e963-9e02-424c-95f9-50615a9512c0 Exporting ID: 3cfd50f6-f267-4734-a08f-3aaaaea1e233 Exporting ID: 5bd9acda-4aa5-4d01-9ac5-2080a27ab56f Exporting ID: ae4627a7-f1cc-4e50-a6d0-dfcfe9ad1a53 Exporting ID: a2193c47-c3a8-4b62-a5a4-e99f91110e3b Exporting ID: cf9d8184-285a-4021-bf5e-a8513e174545 Exporting ID: 81cc8c99-1297-4f39-9601-e18a4901e881 Successfully exported the feature templates from 192.168.150.121:8443 vedge_policy Exporting ID: 8a9a7ed0-3e95-4099-8730-1314b565b641 Successfully exported the vEdge policies from 192.168.150.121:8443 vsmart_policy Exporting ID: 557f2a12-941b-4c0f-850b-10f197111867 Successfully exported the vSmart policies from 192.168.150.121:8443 security_policy Successfully exported the security policies from 192.168.150.121:8443 vedge_policy_id Successfully exported the vEdge policy IDs from 192.168.150.121:8443 vsmart_policy_id Successfully exported the vSmart policy IDs from 192.168.150.121:8443 security_policy_id Successfully exported the security policy IDs from 192.168.150.121:8443 policy_definition Exporting done for /cflowd Exporting done for /dnssecurity Exporting done for /advancedMalwareProtection Exporting done for /control Exporting done for /intrusionprevention Exporting done for /vedgeroute Exporting done for /hubandspoke Exporting done for /acl Exporting done for /vpnmembershipgroup Exporting done for /approute Exporting done for /zonebasedfw Exporting done for /urlfiltering Exporting done for /qosmap Exporting done for /aclv6 Exporting done for /mesh Exporting done for /data Exporting done for /rewriterule Exporting ID: a7531e26-7000-430c-b76d-f185a4c77b0e Exporting ID: 9ec592bc-3f29-48ab-b8ec-8781f1723ee3 Successfully exported the policy definitions from 192.168.150.121:8443 policy_list Exporting done for /community Exporting done for /localdomain Exporting done for /dataipv6prefix Exporting done for /ipv6prefix Exporting done for /tloc Exporting done for /umbrellasecret Exporting done for /aspath Exporting done for /zone Exporting done for /color Exporting done for /sla Exporting done for /localapp Exporting done for /app Exporting done for /mirror Exporting done for /dataprefix Exporting done for /extcommunity Exporting done for /site Exporting done for /prefix Exporting done for /umbrelladata Exporting done for /class Exporting done for /ipssignature Exporting done for /urlblacklist Exporting done for /policer Exporting done for /urlwhitelist Exporting done for /vpn Exporting done for /tgapikey Exporting ID: 38a925d3-83c0-435d-b247-9cc423b53148 Exporting ID: 129c51f8-4b0d-4780-9c0a-e24529ef318c Exporting ID: 558a57a4-2dcc-4b9b-b720-43029444f30b Exporting ID: f9c6235d-fd4d-4e33-8282-f6da3768865e Exporting ID: 0a243ad3-a209-4bc8-8492-374a779eaac3 Exporting ID: 09875150-4c92-4723-9322-0302a090d300 Exporting ID: a3962540-323c-4449-9b0d-38c35620bf32 Exporting ID: 7aa15795-a0fb-4903-8d9a-d620aed99faa Exporting ID: 80fd65b9-b8ac-4327-bace-68c0e2fffe83 Exporting ID: e9d4a864-0ff9-4a03-ac5e-2b5062437b94 Exporting ID: 01e63e20-0aeb-4ab9-8514-3a391d52718a Exporting ID: 78204ce0-a544-4984-b31a-4736a26450e3 Exporting ID: 7ffc9984-cc69-4e17-ae9f-591de483a9b0 Exporting ID: 8e09b41b-e8d4-4abe-82b2-90d179b1690f Exporting ID: 28eae4d8-d9d2-453f-ac1a-d5a3ac20d14d Exporting ID: eae65882-2a50-4e8b-89a2-91a56e7843bf Exporting ID: 4cfc9106-2203-4153-b14c-5d61ff3be5b8 Exporting ID: 3d17cbfc-01af-41ed-bcd1-556e98f3d5a6 Exporting ID: bd1c2da4-fc66-47a6-99af-502c95428b14 Exporting ID: 63a36558-22d3-48d4-a0ca-5a91e5e9cd3d Exporting ID: 249fec2a-ac9b-4006-bbad-403e0f1f20a3 Exporting ID: 4b549797-088d-4ae9-95a8-63f92fa17609 Exporting ID: c5b37e2c-3293-4082-864d-9c6369a7fd45 Exporting ID: 1d66fce4-0134-4ecd-b06b-7a6ccbf2ce92 Exporting ID: fcfddad7-00e6-4a41-a366-2fa316fda501 Successfully exported the policy lists from 192.168.150.121:8443 Successfully exported the configuration from 192.168.150.121:8443 (venv) fkuris-Macbook-Pro:cisco-sd-wan-export-import fkuris$
Importáljuk be a szükséges részeket a másik vManage-be.
Az alábbi képen láthatjuk, hogy jelenleg nincs egy policy sem a kontrollerben.
Importáljuk be a labor kontroller policy-kat.
(venv) fkuris-Macbook-Pro:cisco-sd-wan-export-import fkuris$ python sd-wan-exim.py 192.168.150.121:9443 admin admin configure_policies Action: configure_policies Import vEdge/Vsmart policies, definitions and lists. policy_list Policy list: Importing /tloc HUB_TLOC_LIST – Done, {‘listId’: ‘4d74a8bf-8d82-4b3d-a33a-a0c66fa72b82’} Policy list: Importing /sla Voice-And-Video – Done, Duplicate policy list entry Policy list: Importing /sla Bulk-Data – Done, Duplicate policy list entry Policy list: Importing /sla Transactional-Data – Done, Duplicate policy list entry Policy list: Importing /sla Default – Done, Duplicate policy list entry Policy list: Importing /app box_net_apps – Done, Duplicate policy list entry Policy list: Importing /app amazon_aws_apps – Done, Duplicate policy list entry Policy list: Importing /app oracle_apps – Done, Duplicate policy list entry Policy list: Importing /app Google_Apps – Done, Duplicate policy list entry Policy list: Importing /app zoho_crm_apps – Done, Duplicate policy list entry Policy list: Importing /app salesforce_apps – Done, Duplicate policy list entry Policy list: Importing /app concur_apps – Done, Duplicate policy list entry Policy list: Importing /app Microsoft_Apps – Done, Duplicate policy list entry Policy list: Importing /app sugar_crm_apps – Done, Duplicate policy list entry Policy list: Importing /app gotomeeting_apps – Done, Duplicate policy list entry Policy list: Importing /app office365_apps – Done, Duplicate policy list entry Policy list: Importing /app zendesk_apps – Done, Duplicate policy list entry Policy list: Importing /app dropbox_apps – Done, Duplicate policy list entry Policy list: Importing /app intuit_apps – Done, Duplicate policy list entry Policy list: Importing /site SITE_SPACENET_LAB_HUBS – Done, {‘listId’: ‘f0afa7c1-c1d0-4fe3-b37f-591ef927deed’} Policy list: Importing /site SITE_SPACENET_LAB_SPOKES – Done, {‘listId’: ‘9f552adb-c4d3-4339-ae30-31d317f26bd1’} Policy list: Importing /prefix PREFIX_SPACENET_VRF_SERVICESIDE_DEFAULT_ROUTE – Done, {‘listId’: ’43e0ff1a-4dc3-42e0-9cf5-588ed72674a0′} Policy list: Importing /class Voice – Done, {‘listId’: ‘cecbdd63-cc5e-4b26-a398-06df3539344c’} Policy list: Importing /class Video – Done, {‘listId’: ‘b16135bf-b020-4f76-b205-d42e2745dd69’} Policy list: Importing /vpn VPN_SPACENET_VRF_SERVICESIDE – Done, {‘listId’: ’41be42ac-7c4d-43a5-99d4-c92b2954ebe9′} policy_definition Policy definition: Importing /control Topology_SPACENET_VRF_SERVICESIDE_v01 – Done, {‘definitionId’: ‘0f1b9963-13e6-475f-8987-0ede924c4d78’} Policy definition: Importing /qosmap QOS_MAP_SPACENET_v01 – Done, {‘definitionId’: ‘79769e7d-2d10-4849-801c-1bfdfee2e819’} vedge_policy vEdge Policy: Importing localized_QoS_policy_v01 – Done, {‘policyId’: ‘d32498e5-38d3-42ac-a43c-4680d2c8a777’} vsmart_policy vSmart Policy: Importing centralized_policy_v01 – Done, {‘policyId’: ‘509d25c5-e65b-4532-ac61-0a9d907d1f6e’} security_policy Successfully imported the policies to 192.168.150.121:9443 (venv) fkuris-Macbook-Pro:cisco-sd-wan-export-import fkuris$
Ezután a vManage felületén már láthatjuk is a policy-t.
A script működik feature- és device template-kre is, de akár új usert is hozzáadhatunk a vManage-hez:
(venv) fkuris-Macbook-Pro:cisco-sd-wan-export-import fkuris$ python sd-wan-exim.py 192.168.150.121:9443 admin admin add_user Action: add_user Add user. Create new user vManage Group: netadmin vManage Full Name: Ferenc Kuris vManage Username: fkuris New vManage Password: Cisco123 Confirm vManage Password: Cisco123 User fkuris created. (venv) fkuris-Macbook-Pro:cisco-sd-wan-export-import fkuris$
