Introduction to Programming ACI with

Python
LABACI-1011

Powered by Cisco dCloud!

https://dcloud.cisco.com
Speaker: Thomas Renzy - Services Consulting Engineer

Upon completion of this lab, you will be able to:

 Understand and install the ACI Cobra Software Development Kit (SDK)
 Write and run basic Python scripts to interact with the APIC API
 Deploy a three-tier app using Python and Cobra SDK
 Use the ARYA tool to convert a JSON file to Python code with the Cobra SDK
 Use a Python script to Query the APIC

Prerequisites
 Understanding of the ACI Policy Model
 No programming experience needed
 Its strongly recommended to go through LABACI-1001. This will give you a good foundation
of configuring ACI through the GUI so that you can see how powerful using Python can be
for configuring ACI.

1|Page
The ACI Policy Model and Logical constructs
The policy model manages the entire fabric, including the infrastructure, authentication, security,
services, applications, and diagnostics.

Tenant(fvTenant): is a logical container for application policies that enable an administrator to

exercise domain-based access control. The APIC has three Tenants that are default:

Common – where common services are configured.

Infra – Tenant that covers the infrastructure for the ACI Fabric

Mgmt – Tenants where the management network for Fabric resides.

Context (fvCtx): A context is a unique Layer 3 forwarding and application policy domain.

Bridge Domain(fvBD): represents a Layer 2 forwarding construct within the fabric. A bridge domain
must be linked to a context and have at least one subnet (fvSubnet) that is associated with it. The
bridge domain defines the unique Layer 2 MAC address space and a Layer 2 flood domain if such
flooding is enabled.

Application Profile(fvAp): is a convenient logical container for grouping EPGs that models application
requirements.

EPG: A managed object that is a named logical entity that contains a collection of endpoints.
Endpoints are devices that are connected to the network directly or indirectly. They have an address
(identity), a location, attributes (such as version or patch level), and can be physical or virtual.
Knowing the address of an endpoint also enables access to all its other identity details. EPGs are fully
decoupled from the physical and logical topology.

ACI Logical Model

2|Page
Overview of the Cobra Software Development Kit (SDK)

The ACI Cobra SDK is a Python implementation of the API that provides native bindings for all the
REST functions in the APIC GUI. Cobra also has a complete copy of the object model so that data
integrity can be ensured, and provides methods for performing lookups and queries and object
creation, modification and deletion. As a result, policy created in the GUI can be used as a
programming template for rapid development.

There are several modules that you can use to implement python programs to configure and
manage an APIC. This lab covers some examples including building a full three tier application.

Task 1: Logging into dCloud and APIC

This lab leverages dCloud, which uses a virtual APIC and leaf/spine switches that runs on a simulator.
Those these have most of the functions of actual hardware based devices, there is no data plane
traffic.

We need to VPN into the dCloud environment in order to access devices to complete this lab.

Click on the Cisco AnyConnect client and check to see if the client is connected to another VPN
session. Go ahead and disconnect.

To reach dCloud, enter the following to connect:

https://dcloud-sjc-anyconnect.cisco.com

For the credentials, input the username and password that is provided on the back of the card you
were given.

Once we are connected, we should be able to access the environment. Now we need to open
Remote desktop to get access to the environment.

Input the IP address and the username. Click OK.

3|Page
Then add the password on the next screen – C1sco12345

Now we are logged into our dCloud session. Click on Desktop and you will be presented with the
Windows desktop. For our lab, we will need to log into our environment as well the APIC. Let’s log
into the APIC first.

Click on the "APIC Login" shortcut link on the desktop.

You should now see the APIC login come up in our Chrome browser.

4|Page
Go ahead and log in using the following credentials:

User ID: admin

Password: C1sco12345

Mode: Advanced

Click on LOGIN. This will take you to the APIC GUI which we will use for monitoring the things we do
in this lab.

You may get a message regarding Warning messages. Just click on "NO". You are now in the system
health dashboard. Now we are ready to do our lab.

Task 2: Preparing the environment and installing the SDK

Now that we are logged into the dCloud environment, we can create our first ACI Python program.
Before we do that, we will need to install the SDK environment. This has been pre-loaded for you on
a linux server. This task will cover connectivity as well as the installation of the Cobra SDK.

1 – Select on the Putty desktop icon to open Putty. Putty is what we will use to log in to our
Linux host.

2 – Scroll through the saved sessions and select "tools" and click open.

5|Page
When prompted, enter user01/user01 or the username and password. Once you log in, you will
want to create the aci directory and “cd” to it.

[user01@rhel7-tools ]$ mkdir aci

[user01@rhel7-tools ]$ cd aci
[user01@rhel7-tools aci]$ ls –la aci

3 – We need to install the Cobra egg files have already been uploaded to the server you are logged
into. Egg files are a way to bundle information needed for a Python project. These files are located in
the Demo_Scripts directory. We need to copy them to the newly created aci directory.

[user01@rhel7-tools aci]$ cd ../Demo_Setup

[user01@rhel7-tools aci]$ cp *.egg ../aci
[user01@rhel7-tools aci]$ cd ../aci
[user01@rhel7-tools aci]$ ls –la *.egg
[user01@rhel7-tools aci]$ ls -la *.egg
-rw-rw-r--. 1 user01 user01 90518 Jun 26 02:57 acicobra-2.1_1h-py2.7.egg
-rw-rw-r--. 1 user01 user01 77519903 Jun 26 02:57 acimodel-2.1_1h-py2.7.egg
[user01@rhel7-tools aci]$

You should see the newly installed Egg files in the aci directory.

4 – Virtual environments allows us to run isolated Python environments. In ACI, this allows us to
have multiple virtual environments that correspond to the version of Python or the version of the
Cobra SDK that we are testing and developing on. This will help us if we want to test different
versions of the Cobra Egg files for different versions of ACI.

To create the virtual environment that we will work in, we will use the command “virtualenv” from
the command line in the ~/aci directory. Verify that we are in the aci directory beforehand

[user01@rhel7-tools aci]$ virtualenv .

[output]
New python executable in /home/user01/aci/bin/python2.7
Also creating executable in /home/user01/aci/bin/python
Installing setuptools, pip, wheel...done.

6|Page
Now To enable this virtual environment, we now use the source command to activate the virtual
environment:

[user01@rhel7-tools aci]$ source bin/activate

We should now see our prompt change and we should see an “(aci)” at the beginning of our prompt.

(aci) [user01@rhel7-tools aci]$

5 – Now we can install the Cobra SDK environment and the Cobra egg files. We will need to use the
“easy_install” command to install the egg files.

(aci) [user01@rhel7-tools aci]$ easy_install -Z acicobra-2.1_1h-py2.7.egg

(aci) [user01@rhel7-tools aci]$ easy_install -Z acimodel-2.1_1h-py2.7.egg

Note: The installation will take a few minutes to complete.

To verify that the Cobra SDK was installed properly, we can run the following command:

(aci) [user01@rhel7-tools aci]$ pip freeze

[Output]
acicobra===2.1-1h
acimodel===2.1-1h
appdirs==1.4.0
packaging==16.8
pyparsing==2.1.10
requests==2.13.0
six==1.10.0

Our development environment has been completed. We are ready to run our Python Scripts to
program the APIC.

Task 3: Creating our first script - Logging into the APIC

Let’s look at our first python script, which just logs us into the APIC. To create this file, you can use a
number of text editors that are available to us on Linux. If you’re not familiar with any of them, we
can use a text editor called nano. If you are familiar with vim or emacs, please feel free to use those
as well.

To create our first script, we will call nano from the command line in Linux under the newly created
aci directory:

(aci) [user01@rhel7-tools aci]$ nano login.py

Once in the file, we will input the following text as we would in any text editor:

#Import our needed libraries for logging in and managed objects.

from cobra.mit.access import MoDirectory

from cobra.mit.session import LoginSession

# To remove annoying issues with ssl libraries

import requests.packages.urllib3

7|Page
#Disable unverfied HTTPS request messages
requests.packages.urllib3.disable_warnings()

# Set our variables for logging in

url = 'https://apic1.dcloud.cisco.com'
apicUser = 'admin'
apicPassword = 'C1sco12345'

#Use the information above to log in:

ls = LoginSession(url, apicUser, apicPassword)
# Log into the APIC
md = MoDirectory(ls)
md.login()
print 'Log into the APIC completed. Logging out.'
md.logout()

Once we have completed adding this text, we will then need to save the file. To save it, we will hit
CTRL (^O) o (WriteOut). Once it gives you the file name, hit enter.

[Output]
File Name to Write: login.py

To exit from nano, hit CTRL and “x”. We are now back in our command prompt.

This script just logs us into the APIC similar to what you have already done through
the GUI. The script does not do anything other than log us in, which is why there is a
print statement at the end. Let's go ahead and run it:

(aci) [user01@rhel7-tools aci]$ python login.py

Log into the APIC completed. Logging out.

If we received no errors, we know our script has run successfully without issues.

Task 4: Create a Tenant

Now that we have successfully logged into the APIC, we can implement constructs in ACI. In this
example, we’re going to create a new Tenant. Remember from before, a Tenant is a logical container
for application policies that enable an administrator to exercise domain-based access control. Let’s
create a new script that will create a Tenant called CiscoLive.

1 – Create a new Python script called add_tenant.py using nano (or vim or emacs):

(aci) [user01@rhel7-tools aci]$ nano add_tenant.py

Now let’s input the following into the new script:

# Libraries needed for our script

import sys
from cobra.mit.session import LoginSession
from cobra.mit.access import MoDirectory
from cobra.mit.request import ConfigRequest
from cobra.model.fv import Tenant

# To remove annoying issues with ssl libraries

8|Page
import requests.packages.urllib3

#Disable unverfied HTTPS request messages

requests.packages.urllib3.disable_warnings()

url = 'https://apic1.dcloud.cisco.com'
apicUser = 'admin'
apicPassword = 'C1sco12345'

new_tenant = 'CiscoLive'

my_session = LoginSession(url, apicUser, apicPassword)

md = MoDirectory(my_session)
md.login()

policy_universe = md.lookupByDn('uni')

fvTenant = Tenant(policy_universe, new_tenant)

c = ConfigRequest()
c.addMo(fvTenant)
md.commit(c)

print 'New Tenant ', new_tenant, 'completed.'

md.logout()

Remember, to save the file in nano, you have to hit CRTL “o”. Hit CTRL ‘x’ to exit nano.

Now, before we run this script, let’s log into the APIC to see what the existing Tenants look like.

2 – Now we can look at the APIC to see the new Tenant created. Let’s log into the GUI. On the
windows desktop, open the Chrome web browser icon at the bottom at the screen:

Next you will see the APIC GUI login screen.

https://apic1.dcloud.cisco.com/

9|Page
Username: admin
Password: C1sco12345

This will log you into the APIC and bring you to the System dashboard.

While logged into the APIC GUI, click on "Tenants". This will list out all the current Tenants. These
were the defaults that were loaded before our lab.

3 – Now, go back to our linux host and run the script we created – add_tenant.py

(aci) [user01@rhel7-tools aci]$ python add_tenant.py

New Tenant CiscoLive completed.

At the top of the GUI screen in the browser, select the Tenants tab. Under the list of Tenants, you
should now see the new ‘CiscoLive’ tenant.

It reports that the new Tenant was completed and if we check the GUI, we will see that
the new Tenant ‘CiscoLive’ has indeed been added:

Now let’s try building a 3 tier application with Python and the Cobra SDK.

Task 5: Creating a 3 Tier Application using the Cobra SDK

Logging in and building simple structures such as tenants are easy in the GUI. But where
the real power of ACI is in this next task.

If you have taken LABACI-1001, you saw how to build a 3-Tiered Application using the
APIC GUI. We can do the same thing with one single Python script. Let’s look at some
requirements for our app:

a. We're going to create a new Tenant called WISP

10 | P a g e
 b. We going to create a new Context/VRF called VRF1
c. We're going to create a new Bridge Domain called BD1
a. Within this BD we will create the following subnets which will have a scope of
private.
i. 10.1.1.1/24
ii. 10.2.2.1/24
iii. 10.3.3.1/24

d. The script will then configure the following End Point Groups (EPGs)
a. Client, Web, App, and DB

e. The script will also configure the following contracts:

a. WebCt will be provided by Web and consumed by Client
b. AppCt will be consumed by Web and provided by App
c. DBCt will be consumed by App and provided by Web

We can now enter the following script which will build our new Application environment. Its over
200 lines of code, so if you want to copy and paste, open the three_tier.txt file on the desktop:

(aci) [user01@rhel7-tools aci]$ nano three_tier.py

"""
Create a full 3 Tier Application complete with contracts and filters
"""

# From Cobra, import the Managed Object Directory, Login capabilities, and Configuration
from cobra.mit.access import MoDirectory
from cobra.mit.session import LoginSession
from cobra.mit.request import ConfigRequest

# From Cobra, import Tenant, Application Profile, Contexts, and other ACI constructs
from cobra.model.fv import Tenant, Ap, Ctx, BD, RsProv, RsCtx, Subnet, AEPg, RsBd, RsCons
# From Cobra, import Filters, Subjects,
from cobra.model.vz import Filter, Entry, BrCP, Subj, RsSubjFiltAtt

#import system functions

import sys

# To remove annoying issues with ssl libraries

import requests.packages.urllib3

#Disable unverfied HTTPS request messages

requests.packages.urllib3.disable_warnings()

# Function to log into the APIC

def apic_login(hostname, username, password):
url = "https://" + hostname
print 'Logging into the APIC...'
sess = LoginSession(url, username, password)
md = MoDirectory(sess)
try:
md.login()
print 'Login successful'
except:

11 | P a g e
 print 'Login error'
exit(1)
return md
pass

#Create the Tenant based on the infomation passed to it

def create_tenant(md, tenant):
policy_universe = md.lookupByDn('uni')

fvTenant = Tenant(policy_universe, tenant)

#Let them know we are creating the Tenant

print 'Creating Tenant', tenant

#Commit the change using a ConfigRequest object

configReq = ConfigRequest()
#configReq.addMo(policy_universe)
configReq.addMo(fvTenant)
md.commit(configReq)
print 'Tenant created'
pass

#Create the necessary filters for our application

def create_filters(md, tenant):

#Make configuration request to the APIC

configReq = ConfigRequest()

# set the policy universe and associate the Tenant

policy_universe = md.lookupByDn('uni')
fv_tenant = Tenant(policy_universe, tenant)

#Let the user know that we are creating the filters

print 'Creating filters for contracts...'

# create filter for http

vz_filter_http = Filter(fv_tenant, 'http')
vz_entry_http = Entry(vz_filter_http, 'DPort-80', dFromPort='80', dToPort='80', etherT='ip',
prot='tcp')
configReq.addMo(vz_filter_http)
configReq.addMo(vz_entry_http)

#create filter for app

vz_filter_app = Filter(fv_tenant, 'app')
vz_entry_app = Entry(vz_filter_app, 'DPort-1514', dFromPort='1514', dToPort='1514', etherT='ip',
prot='tcp')
configReq.addMo(vz_filter_app)
configReq.addMo(vz_entry_app)

# create filter for db

vz_filter_db = Filter(fv_tenant, 'db')
vz_entry_db = Entry(vz_filter_db, 'DPort-1433', dFromPort='1433', dToPort='1433', etherT='ip',
prot='tcp')
configReq.addMo(vz_filter_db)

12 | P a g e
 configReq.addMo(vz_entry_db)

# Commit the change using a ConfigRequest object

md.commit(configReq)
print 'Filters created'

pass

# Create the Application Profile for our app

def profile(md, tenant):
policy_universe = md.lookupByDn('uni')
fv_tenant = Tenant(policy_universe, tenant)

configReq = ConfigRequest()

# create context and set it to VRF1

fv_ctx = Ctx(fv_tenant, 'VRF1')
print 'Creating context/VRF.'
configReq.addMo(fv_ctx)

# Create the Bridge Domain in our Context

fv_bd = BD(fv_tenant, 'BD1')
print 'Creating Bridge Domain and subnets'
configReq.addMo(fv_bd)

# Create the Context/VRF and assign IP Subnets

fv_rs_ctx = RsCtx(fv_bd)
fv_rs_ctx.__setattr__('tnFvCtxName', 'VRF1')
fv_subnet_10 = Subnet(fv_bd,'10.1.1.1/24', scope='private')
fv_subnet_20 = Subnet(fv_bd, '10.2.2.1/24', scope='private')
fv_subnet_30 = Subnet(fv_bd, '10.3.3.1/24', scope='private')
configReq.addMo(fv_rs_ctx)
configReq.addMo(fv_subnet_10)
configReq.addMo(fv_subnet_20)
configReq.addMo(fv_subnet_30)

#Create the app profile

print 'Creating Application Profile'
fv_ap = Ap(fv_tenant, '3-TierApp')
configReq.addMo(fv_ap)

#Create the Web EPG

print 'Creating Web EPG...'
fv_aepg_web = AEPg(fv_ap, 'Web')
fv_rs_bd_web = RsBd(fv_aepg_web, tnFvBDName='BD1')
configReq.addMo(fv_aepg_web)
configReq.addMo(fv_rs_bd_web)

# Create the APP EPG

print 'Creating App EPG...'
fv_aepg_app = AEPg(fv_ap, 'App')
fv_rs_bd_app = RsBd(fv_aepg_app, tnFvBDName='BD1')
configReq.addMo(fv_aepg_app)
configReq.addMo(fv_rs_bd_app)

13 | P a g e
 # Create the DB EPG
print 'Creating DB EPG...'
fv_aepg_db = AEPg(fv_ap, 'DB')
fv_rs_bd_db = RsBd(fv_aepg_db, tnFvBDName='BD1')
configReq.addMo(fv_aepg_db)
configReq.addMo(fv_rs_bd_db)

# Create the Client EPG

print 'Creating Client EPG...'
fv_aepg_client = AEPg(fv_ap, 'Client')
fv_rs_bd_client = RsBd(fv_aepg_client, tnFvBDName='BD1')
configReq.addMo(fv_aepg_client)
configReq.addMo(fv_rs_bd_client)

# Create the contract association between Client and Web

print 'Client EPG consumes WebContract'
fv_rs_cons_client = RsCons(fv_aepg_client, 'WebCt')
configReq.addMo(fv_rs_cons_client)

# Create the contract association between Web and App

print 'Web EPG provides WebContract and Consumes AppContract'
fv_rs_prov_webct_web = RsProv(fv_aepg_web, 'WebCt')
fv_rs_cons_appct_web = RsCons(fv_aepg_web, 'AppCt')
configReq.addMo(fv_rs_prov_webct_web)
configReq.addMo(fv_rs_cons_appct_web)

# Create the contract association between Web, App and DB

print 'App EPG provides App Contract and consumes DB Contract'
fv_rs_prov_webct_app = RsProv(fv_aepg_app, 'AppCt')
fv_rs_cons_appct_app = RsCons(fv_aepg_app, 'DbCt')
configReq.addMo(fv_rs_prov_webct_app)
configReq.addMo(fv_rs_cons_appct_app)

# Create the contract association between App and DB

print 'DB EPG provides DB Contract to App'
fv_rs_prov_db = RsProv(fv_aepg_db, 'DbCt')
configReq.addMo(fv_rs_prov_db)

#Commit the changes above to the APIC

md.commit(configReq)
pass

# Create the actual contracts

def create_contracts(md, tenant):

policy_universe = md.lookupByDn('uni')
fv_tenant = Tenant(policy_universe, tenant)

configReq = ConfigRequest()

# create Contract for web

vz_ct_web = BrCP(fv_tenant, 'WebCt')
vz_subj_web = Subj(vz_ct_web, 'Web')

14 | P a g e
 vz_rs_subj_filt_att_web = RsSubjFiltAtt(vz_subj_web, 'http')
configReq.addMo(vz_ct_web)
configReq.addMo(vz_subj_web)
configReq.addMo(vz_rs_subj_filt_att_web)

#create contract for App

vz_ct_app = BrCP(fv_tenant, 'AppCt')
vz_subj_rmi = Subj(vz_ct_app, 'App')
vz_rs_subj_filt_att_rmi = RsSubjFiltAtt(vz_subj_rmi, 'app')
configReq.addMo(vz_ct_app)
configReq.addMo(vz_subj_rmi)
configReq.addMo(vz_rs_subj_filt_att_rmi)

# create contract for db

vz_ct_db = BrCP(fv_tenant, 'DbCt')
vz_subj_db = Subj(vz_ct_db, 'DB')
vz_rs_subj_filt_att_db = RsSubjFiltAtt(vz_subj_db, 'db')
configReq.addMo(vz_ct_db)
configReq.addMo(vz_subj_db)
configReq.addMo(vz_rs_subj_filt_att_db)

# Commit the change using a ConfigRequest object

md.commit(configReq)
print 'Contracts created'

pass

# Set out logins for the APIC

md = apic_login('apic1.dcloud.cisco.com', 'admin', 'C1sco12345')
# Set the Tenant
tenant = 'WISP'
create_tenant(md, tenant)
create_filters(md, tenant)
create_contracts(md, tenant)
profile(md, tenant)
print '3 Tier App Created!'
md.logout()

Once again, save the file (CTRL and “o”) and exit nano (CTRL and “x”). Now we can run our script.
From the command line, you can run the following:

(aci) [user01@rhel7-tools aci]$ python three_tier.py

Logging into the APIC...
Login successful
Creating Tenant WISP
Tenant created
Creating filters for contracts...
Filters created
Contracts created
Creating context/VRF.
Creating Bridge Domain and subnets
Creating Application Profile
Creating Web EPG...
Creating App EPG...

15 | P a g e
Creating DB EPG...
Creating Client EPG...
Client EPG consumes WebContract
Web EPG provides WebContract and Consumes AppContract
App EPG provides App Contract and consumes DB Contract
DB EPG provides DB Contract to App
3 Tier App Created!
(aci) [user01@rhel7-tools aci]$

So now our new Tenant has been created, let’s look at the APIC GUI. Again, under "Tenants"
we can see the new Tenant was created. (note you may have to refresh the screen)

Now let’s look at the other ACI objects to ensure that they were created. Double click on the
'WISP' tenant. This will bring you into the WISP Tenant.

Click on "Application Profiles'. you should see the new Application Profile that the script
created called 3-TierApp. Click on arrow next to '3-TierApp' and also on 'Application EPGs'
and you should now see the newly created EPGs

16 | P a g e
Now if we click directly on 3-Tier App, we can see the following in the right hand
side of the GUI interface

You can move each EPG and Contract to make it a little clearer on the screen. In this case, I moved
AppCtrct and DbCtrct.

You can now click on any of the contracts in the window and it should show you what is
consuming and what is providing. For example, if we click on the App Contract (AppCtrct)
we see

17 | P a g e
In this case, it matches the original requirements, which was that the App EPG would provide
the App Contract and the Web EPG would consume it. Let’s look at the other constructs
that we built.

Click on "Networking", Bridge Domains, BD1, and Subnets. You can see that we have built our
Bridge domain and the associated subnets.

We can now also check the VRFs that we created by clicking on "VRFs"

Finally, we can look at the contracts and associated filters. To do this, we click on
"Security Policies" and "Contracts". Also, expand "Filters" as well.

18 | P a g e
We've completed and verified the building of our 3 Tier App. With the script that we used,
we could change a few variables such as ‘tenant’, ‘VRF’, BD, and others to create a different 3 Tier
app in a different Tenant. We could also automate this process so that the script can ask the user
what it wants to input. This saves a lot of time and effort over building this through the GUI.

Task 6: The ARYA Tool

There is a tool that you can use where you can convert JSON and XML files to
python code using the Cobra SDK. That tool is called ARYA - APIC REST pYthon Adapter -
which will take JSON and XML and convert it to Python code that can be used with the
Cobra SDK.

We will need to install the Arya tool before we can use it. Let's use pip to install the
tool:

(aci) [user01@rhel7-tools aci]$ pip install arya

Once again, we can run the "pip freeze" command and it should show arya as installed

(aci) [user01@rhel7-tools aci]$ pip freeze

acicobra===2.1-1h
acimodel===2.1-1h
arya==1.1.5
certifi==2017.4.17
chardet==3.0.4
idna==2.5
requests==2.18.1
urllib3==1.21.1
(aci) [user01@rhel7-tools aci]$

Let's take a look at some examples. Let's look at a simple

JSON code that creates a new Tenant called ARYA.

Now let's create a new file and copy the following into it:

(aci) [user01@rhel7-tools aci]$ nano tn-ARYA.json

and copy the following into that file

19 | P a g e
{"fvTenant":{"attributes":{"dn":"uni/tn-ARYA","name":"ARYA-JSON","rn":"tn-ARYA-
JSON","status":"created"},"children":[]}}

Don't forget to save this to the file. To save it, we will hit CTRL (^O) o (WriteOut).
Once it gives you the file name, hit enter to save and exit.

Now we are ready to convert this from JSON to python code using the ARYA tool. Now you can run
the following command to generate python code required. We have two ways to do this. We can
copy the output from the command to a new file or we can redirect the output to a new file name. I
use the redirect output option below:

(aci) [user01@rhel7-tools aci]$ arya -f tn-ARYA.json > tenant-ARYA.py

So now we can see the code that has been generated. We will need to make some changes in order
to make this code useable. Let's look at the code that was generated:

(aci) [user01@rhel7-tools aci]$ more tenant-ARYA.py

#!/usr/bin/env python
'''
Autogenerated code using arya
Original Object Document Input:
{"fvTenant":{"attributes":{"dn":"uni/tn-ARYA","name":"ARYA-JSON","rn":"tn-ARYA-
JSON","status":"created"},"children":[]}}

'''
raise RuntimeError('Please review the auto generated code before ' +
'executing the output. Some placeholders will ' +
'need to be changed')

# list of packages that should be imported for this code to work

import cobra.mit.access
import cobra.mit.request
import cobra.mit.session
import cobra.model.fv
import cobra.model.pol
from cobra.internal.codec.xmlcodec import toXMLStr

# log into an APIC and create a directory object

ls = cobra.mit.session.LoginSession('https://1.1.1.1', 'admin', 'password')
md = cobra.mit.access.MoDirectory(ls)
md.login()

# the top level object on which operations will be made

topMo = cobra.model.pol.Uni('')

# build the request using cobra syntax

fvTenant = cobra.model.fv.Tenant(topMo, name=u'ARYA-JSON')

# commit the generated code to APIC

print toXMLStr(topMo)
c = cobra.mit.request.ConfigRequest()
c.addMo(topMo)

20 | P a g e
md.commit(c)

Now that we have the code generated, we will need to change the line for logins. Specifically

ls = cobra.mit.session.LoginSession('https://1.1.1.1', 'admin', 'password')

We will also need to change the following line as well

c.addMo(topMo)

We can now modify the new Python script:

(aci) [user01@rhel7-tools aci]$ nano tn-ARYA.py

Remove the following from the new Python script.

raise RuntimeError('Please review the auto generated code before ' +

'executing the output. Some placeholders will ' +
'need to be changed')

Change the following lines from the Python Script:

ls = cobra.mit.session.LoginSession('https://apic1.dcloud.cisco.com’, 'admin', 'C1sco12345')

c.addMo(fvTenant)

To save it, we will hit CTRL (^O) o (WriteOut). Once it gives you the file name, hit enter to save and
exit.

Now run the following command:

(aci) [user01@rhel7-tools aci]$ python tenant-ARYA.py

If we now look in the APIC, we can see that the new Tenant that we created is now there.
Click on Tenants in the GUI and you should see the new Tenant created.

We can now use this tool if we want to create Python code from a JSON or XML.

Task 7: Querying the APIC using a python script

Besides building out our ACI Fabric, we can also use scripts to query the APIC. In the next example,
we will use the script fabric_node.py to list all the nodes in the Fabric.

You can look at the topology of the Fabric by going to Fabric and Topology in the GUI.

21 | P a g e
Our script will query the Fabric and return the name of each node in the Fabric. Unlike some of the
previous scripts, this won’t change anything in the GUI and will instead, return the data straight to
the output.

(aci) [user01@rhel7-tools aci]$ nano fabric_node.py

from cobra.mit.access import MoDirectory

from cobra.mit.session import LoginSession
from cobra.mit.request import ClassQuery

# To remove annoying issues with ssl libraries

import requests.packages.urllib3

#Disable unverfied HTTPS request messages

requests.packages.urllib3.disable_warnings()

url = 'https://apic1.dcloud.cisco.com'
apicUser = 'admin'
apicPassword = 'C1sco12345'

#Get the information needed for logging into the APIC

ls = LoginSession(url, apicUser, apicPassword)
# Log into the APIC
md = MoDirectory(ls)
md.login()

# Class Query
print 'Starting query for Fabric nodes and printing out the node names'
classQuery = ClassQuery('fabricNode')
for node in md.query(classQuery):
print node.name

md.logout()
print 'Log into the APIC completed. Logging out.'

If using nano, run the CTRL and “o” to save the script and CTRL and “x” to exit. Lets run our script:

22 | P a g e
(aci) [user01@rhel7-tools aci]$ python fabric_node.py
Spine1
Leaf2
apic2
Leaf1
Spine2
apic1
apic3
Log into the APIC completed. Logging out.
(aci) [user01@rhel7-tools aci]$

This should match up with what we had earlier when we looked at the topology.

Conclusion

Cisco ACI provides powerful tools for scripting and automation using the Cobra SDK and Python.
In this session, we briefly went over what the Cobra SDK was and saw some very basic scripts
to log into the APIC, create a basic Tenant, and build a full 3 Tier Application.

For more information check out the following links:

https://cobra.readthedocs.io/en/latest/index.html
https://www.cisco.com/go/aci

Please see the proctor to disconnect you from the lab and to reset it for the next
participant. We would love your feedback as we are always looking to add more information
and improve the content.

23 | P a g e