APIC-EM – licenseHarvest

During a recent Nexus 5k upgrade task Layer3 features were preventing non-disruptive ISSU’s from taking place. It became apparent that some N5Ks had unused features/ applications installed and the licenses deployed across the estate were unknown.

So I wrote a Python APIC-EM script to audit and download this information.

The script has the following flow/ logic:

  • Retrieve device IDs from APIC-EM of either all devices or those with the tag ‘licensed’.
def get_apic_tag_association(apic, tag_name):
    all_ids = []
    if tag_name is None:
        apicResponse = apic.networkdevice.getAllNetworkDevice()
        apicResponse = apic.tag.getTagsAssociation(tag=tag_name)
    for tag in apicResponse.response:

    return all_ids
  • SSH onto each device in turn and create a object . License information is done by scraping SSH output and creating the relevant license object (, ).
def get_license_state(ssh_session, current_device):
    if current_device.platform_type == "IOS":
    elif current_device.platform_type == "IOS-XE":
        output_lic_rtu = ssh_session.send_command("sh license right-to-use summary | inc Lifetime").splitlines()
        for l in output_lic_rtu:
            ar = l.split()
            license_obj = IOSXELicense(ar)
    elif current_device.platform_type == "NX-OS" :
        output_lic_file = ssh_session.send_command("show license br").splitlines()
        for line in output_lic_file:
            license_obj = NXLicense(line)
            output_lic_file_detail = ssh_session.send_command("show license file {0}".format(line)).splitlines()
            for l in output_lic_file_detail:
                if l.find("INCREMENT") != -1:
                    license_feature = NXLicenseFeature(l.split()[1])
                    output_lic_feature = ssh_session.send_command("show license usage {0}".format(license_feature.feature_name))
                    if len(output_lic_feature) > 0:
                        license_feature.applications = output_lic_feature.splitlines()[2:-1]


If a device is found to have licenses installed copy them to an FTP server and mark the device in APIC-EM with the tag ‘licensed’. NX-OS has commands for backing up licenses whereas IOS-XE does not, it also has interactive prompts during the copy command.

def apply_apic_device_tag(apic, device, tag_id):
    apic.tag.addTagToResource(tagDto={"id": tag_id, "resourceId":     device.id, "resourceType": "network-device"})

Finally write the text representation of all the objects and store them on the FTP server.

    with open("temp.txt", "w") as text_file:
    ftp_session.storlines("STOR device_details.txt", open("temp.txt", "br"))

The latest version of the script can be found here:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: