diff --git a/aci-preupgrade-validation-script.py b/aci-preupgrade-validation-script.py index 8a20c871..cc02e286 100644 --- a/aci-preupgrade-validation-script.py +++ b/aci-preupgrade-validation-script.py @@ -3282,7 +3282,7 @@ def telemetryStatsServerP_object_check(index, total_checks, sw_cversion=None, tv print_title(title, index, total_checks) if not sw_cversion or not tversion: - print_result(title, MANUAL, 'Current and target Switch version not supplied. Skipping.') + print_result(title, MANUAL, 'Current or target Switch version not supplied. Skipping.') return MANUAL if sw_cversion.older_than("4.2(4d)") and tversion.newer_than("5.2(2d)"): @@ -4205,8 +4205,8 @@ def unsupported_fec_configuration_ex_check(index, total_checks, sw_cversion, tve doc_url = 'https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations/#unsupported-fec-configuration-for-n9k-c93180yc-ex' print_title(title, index, total_checks) - if not tversion: - print_result(title, MANUAL, "Target version not supplied. Skipping.") + if not sw_cversion or not tversion: + print_result(title, MANUAL, "Current or Target switch version not supplied. Skipping.") return MANUAL if sw_cversion.older_than('5.0(1a)') and tversion.newer_than("5.0(1a)"): @@ -5062,6 +5062,35 @@ def observer_db_size_check(index, total_checks, username, password, **kwargs): return result +def ave_eol_check(index, total_checks, tversion, **kwargs): + title = 'AVE End-of-Life' + result = NA + msg = '' + headers = ["AVE Domain Name"] + data = [] + recommended_action = 'AVE domain(s) must be migrated to supported domain types prior to 6.0+ upgrade' + doc_url = 'https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations/#ave-end-of-life' + print_title(title, index, total_checks) + + ave_api = 'vmmDomP.json' + ave_api += '?query-target-filter=eq(vmmDomP.enableAVE,"true")' + + if not tversion: + print_result(title, MANUAL, "Target version not supplied. Skipping.") + return MANUAL + + if tversion.newer_than("6.0(1a)"): + ave = icurl('class', ave_api) + for domain in ave: + name = domain['vmmDomP']['attributes']['name'] + data.append([name]) + if data: + result = FAIL_O + + print_result(title, result, msg, headers, data, recommended_action=recommended_action, doc_url=doc_url) + return result + + if __name__ == "__main__": prints(' ==== %s%s, Script Version %s ====\n' % (ts, tz, SCRIPT_VERSION)) prints('!!!! Check https://github.com/datacenter/ACI-Pre-Upgrade-Validation-Script for Latest Release !!!!\n') @@ -5149,6 +5178,7 @@ def observer_db_size_check(index, total_checks, username, password, **kwargs): https_throttle_rate_check, aes_encryption_check, service_bd_forceful_routing_check, + ave_eol_check, # Bugs ep_announce_check, diff --git a/docs/docs/validations.md b/docs/docs/validations.md index d4c11da4..8ec1936b 100644 --- a/docs/docs/validations.md +++ b/docs/docs/validations.md @@ -128,6 +128,8 @@ Items | Faults | This Script [HTTPS Request Throttle Rate][c20] | :white_check_mark: | :no_entry_sign: | :no_entry_sign: [Global AES Encryption][c21] | :white_check_mark: | :white_check_mark: 6.1(2) | :no_entry_sign: [Service Graph BD Forceful Routing][c22] | :white_check_mark: | :no_entry_sign: | :no_entry_sign: +[AVE End-of-life][c23] | :white_check_mark: | :no_entry_sign: | :no_entry_sign: + [c1]: #vpc-paired-leaf-switches [c2]: #overlapping-vlan-pool @@ -151,6 +153,7 @@ Items | Faults | This Script [c20]: #https-request-throttle-rate [c21]: #global-aes-encryption [c22]: #service-graph-bd-forceful-routing +[c23]: #ave-end-of-life ### Defect Condition Checks @@ -1384,7 +1387,7 @@ Failure to do so may lead to outages during switch upgrades due to leaf nodes no ``` -## Equipment Disk Limits Exceeded +### Equipment Disk Limits Exceeded This fault occurs when the disk usage of a partiton increases beyond its threshold. @@ -2088,7 +2091,8 @@ When **Global AES Encryption** is not enabled, this script alerts users in two d * When it is not enabled and the target version is older than 6.1(2), this check is flagged as `MANUAL CHECK REQUIRED` to encourage users to follow the best practice to enable it (and take a configuration back again before the upgrade). -## Service Graph BD Forceful Routing + +### Service Graph BD Forceful Routing Starting from ACI 6.0(2), a bridge domain containing an L4-L7 service graph device (a.k.a service BD) starts to forward packets based on their IP headers even for bridging traffic which used to be forwarded based on their MAC addresses in their ethernet headers and ignored their IP headers. This "forceful routing" is to support IP-based selectors in ESG or microsegement EPG (uSeg EPG) when service graph is configured between those ESGs/uSeg EPGs and they are in the same bridge domain as the service graph device. @@ -2138,6 +2142,12 @@ See below for the workaround and examples of traffic that will stop working afte See [SNAT Traffic for Kubernetes with Cisco ACI CNI][52] for details about ACI CNI with SNAT. +### AVE End-of-life +As outlined in the [End-of-Sale and End-of-Life Announcement for Cisco Application Centric Infrastructure Virtual Edge and Virtual Pod][55], the Cisco ACI Virtual Edge (AVE) Domain is end-of-life and end-of-support for ACI releases 6.0 and above. + +If planning an upgrade to 6.0+, review the [Cisco ACI Virtual Edge Migration Guide][56] and complete a domain migration prior to performing the upgrade. + + ## Defect Check Details ### EP Announce Compatibility @@ -2536,4 +2546,6 @@ This check logs in to each APIC, checks the contents of the `/data2/dbstats/` di [51]: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html [52]: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/cisco-aci-plug-in-snat-on-egress.html [53]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw45531 -[54]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt47850 \ No newline at end of file +[54]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt47850 +[55]: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/application-policy-infrastructure-controller-apic/eol-apic-virtual-edge-pod-pb.html +[56]: https://www.cisco.com/c/en/us/td/docs/dcn/whitepapers/cisco-aci-virtual-edge-migration.html \ No newline at end of file diff --git a/tests/ave_eol_check/test_ave_eol_check.py b/tests/ave_eol_check/test_ave_eol_check.py new file mode 100644 index 00000000..38db4384 --- /dev/null +++ b/tests/ave_eol_check/test_ave_eol_check.py @@ -0,0 +1,49 @@ +import os +import pytest +import logging +import importlib +from helpers.utils import read_data + +script = importlib.import_module("aci-preupgrade-validation-script") + +log = logging.getLogger(__name__) +dir = os.path.dirname(os.path.abspath(__file__)) + + +# icurl queries + +ave_api = 'vmmDomP.json' +ave_api += '?query-target-filter=eq(vmmDomP.enableAVE,"true")' + +@pytest.mark.parametrize( + "icurl_outputs, tversion, expected_result", + [ + # FABRIC HAS AVE and going to affected tversion + ( + {ave_api: read_data(dir, "vmmDomP_POS.json")}, + "6.1(3b)", + script.FAIL_O, + ), + # FABRIC HAS AVE and going to NOT-affected tversion + ( + {ave_api: read_data(dir, "vmmDomP_POS.json")}, + "5.2(7e)", + script.NA, + ), + # NO AVE + ( + {ave_api: []}, + "6.1(3b)", + script.NA, + ), + # NO TVERSION + ( + {ave_api: []}, + None, + script.MANUAL, + ), + ], +) +def test_logic(mock_icurl, tversion, expected_result): + result = script.ave_eol_check(1, 1, script.AciVersion(tversion) if tversion else None) + assert result == expected_result diff --git a/tests/ave_eol_check/vmmDomP_POS.json b/tests/ave_eol_check/vmmDomP_POS.json new file mode 100644 index 00000000..99f52664 --- /dev/null +++ b/tests/ave_eol_check/vmmDomP_POS.json @@ -0,0 +1,9 @@ +[{ + "vmmDomP": { + "attributes": { + "dn": "uni/vmmp-VMware/dom-my-ave", + "enableAVE": "yes", + "name": "my-ave" + } + } +}]