During a recent Nexus 5k upgrade task Layer3 features were preventing non-disruptive ISSU’s from taking place. It became apparent that some N5Ks had unused features/ applications installed and the licenses deployed across the estate were unknown.
So I wrote a Python APIC-EM script to audit and download this information.
The script has the following flow/ logic:
- Retrieve device IDs from APIC-EM of either all devices or those with the tag ‘licensed’.
def get_apic_tag_association(apic, tag_name): all_ids = [] if tag_name is None: apicResponse = apic.networkdevice.getAllNetworkDevice() else: apicResponse = apic.tag.getTagsAssociation(tag=tag_name) for tag in apicResponse.response: all_ids.append(tag.id) return all_ids
- SSH onto each device in turn and create a object . License information is done by scraping SSH output and creating the relevant license object (, ).
def get_license_state(ssh_session, current_device): if current_device.platform_type == "IOS": print("IOS") elif current_device.platform_type == "IOS-XE": output_lic_rtu = ssh_session.send_command("sh license right-to-use summary | inc Lifetime").splitlines() for l in output_lic_rtu: ar = l.split() license_obj = IOSXELicense(ar) current_device.licenses.append(license_obj) elif current_device.platform_type == "NX-OS" : output_lic_file = ssh_session.send_command("show license br").splitlines() for line in output_lic_file: license_obj = NXLicense(line) output_lic_file_detail = ssh_session.send_command("show license file {0}".format(line)).splitlines() for l in output_lic_file_detail: if l.find("INCREMENT") != -1: license_feature = NXLicenseFeature(l.split()[1]) output_lic_feature = ssh_session.send_command("show license usage {0}".format(license_feature.feature_name)) if len(output_lic_feature) > 0: license_feature.applications = output_lic_feature.splitlines()[2:-1] license_obj.features.append(license_feature) current_device.licenses.append(license_obj)
If a device is found to have licenses installed copy them to an FTP server and mark the device in APIC-EM with the tag ‘licensed’. NX-OS has commands for backing up licenses whereas IOS-XE does not, it also has interactive prompts during the copy command.
def apply_apic_device_tag(apic, device, tag_id): apic.tag.addTagToResource(tagDto={"id": tag_id, "resourceId": device.id, "resourceType": "network-device"})
Finally write the text representation of all the objects and store them on the FTP server.
try: print(ftp_session.pwd()) with open("temp.txt", "w") as text_file: text_file.write(device_str) ftp_session.storlines("STOR device_details.txt", open("temp.txt", "br")) finally: os.remove("temp.txt") ftp_session.quit()
The latest version of the script can be found here:
https://github.com/sebrupik/srupik-apic-em-tools/blob/master/frozenPony/src/licenceHarvest.py
Leave a Reply