From 3d07f6c2295271c7df544fa49dfba305f510ce83 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Mon, 21 Apr 2025 15:02:31 -0400 Subject: [PATCH 1/4] AVE check + pytest + doc --- aci-preupgrade-validation-script.py | 30 ++++++++++++++ docs/docs/validations.md | 18 +++++++-- tests/ave_eol_check/test_ave_eol_check.py | 49 +++++++++++++++++++++++ tests/ave_eol_check/vmmDomP_POS.json | 9 +++++ 4 files changed, 103 insertions(+), 3 deletions(-) create mode 100644 tests/ave_eol_check/test_ave_eol_check.py create mode 100644 tests/ave_eol_check/vmmDomP_POS.json diff --git a/aci-preupgrade-validation-script.py b/aci-preupgrade-validation-script.py index 8a20c871..b7108701 100644 --- a/aci-preupgrade-validation-script.py +++ b/aci-preupgrade-validation-script.py @@ -5062,6 +5062,35 @@ def observer_db_size_check(index, total_checks, username, password, **kwargs): return result +def ave_eol_check(index, total_checks, tversion, **kwargs): + title = 'AVE End-of-Life' + result = PASS + msg = '' + headers = ["AVE Domain Name"] + data = [] + recommended_action = 'AVE domain(s) must be migrated to supported domain types prior to 6.0+ upgrade' + doc_url = 'https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations/#ave-end-of-life' + print_title(title, index, total_checks) + + ave_api = 'vmmDomP.json' + ave_api += '?query-target-filter=eq(vmmDomP.enableAVE,"true")' + + if not tversion: + print_result(title, MANUAL, "Target version not supplied. Skipping.") + return MANUAL + + if tversion.newer_than("6.0(1a)"): + ave = icurl('class', ave_api) + for domain in ave: + name = domain['vmmDomP']['attributes']['name'] + data.append([name]) + if data: + result = FAIL_O + + print_result(title, result, msg, headers, data, recommended_action=recommended_action, doc_url=doc_url) + return result + + if __name__ == "__main__": prints(' ==== %s%s, Script Version %s ====\n' % (ts, tz, SCRIPT_VERSION)) prints('!!!! Check https://github.com/datacenter/ACI-Pre-Upgrade-Validation-Script for Latest Release !!!!\n') @@ -5149,6 +5178,7 @@ def observer_db_size_check(index, total_checks, username, password, **kwargs): https_throttle_rate_check, aes_encryption_check, service_bd_forceful_routing_check, + ave_eol_check, # Bugs ep_announce_check, diff --git a/docs/docs/validations.md b/docs/docs/validations.md index d4c11da4..8ec1936b 100644 --- a/docs/docs/validations.md +++ b/docs/docs/validations.md @@ -128,6 +128,8 @@ Items | Faults | This Script [HTTPS Request Throttle Rate][c20] | :white_check_mark: | :no_entry_sign: | :no_entry_sign: [Global AES Encryption][c21] | :white_check_mark: | :white_check_mark: 6.1(2) | :no_entry_sign: [Service Graph BD Forceful Routing][c22] | :white_check_mark: | :no_entry_sign: | :no_entry_sign: +[AVE End-of-life][c23] | :white_check_mark: | :no_entry_sign: | :no_entry_sign: + [c1]: #vpc-paired-leaf-switches [c2]: #overlapping-vlan-pool @@ -151,6 +153,7 @@ Items | Faults | This Script [c20]: #https-request-throttle-rate [c21]: #global-aes-encryption [c22]: #service-graph-bd-forceful-routing +[c23]: #ave-end-of-life ### Defect Condition Checks @@ -1384,7 +1387,7 @@ Failure to do so may lead to outages during switch upgrades due to leaf nodes no ``` -## Equipment Disk Limits Exceeded +### Equipment Disk Limits Exceeded This fault occurs when the disk usage of a partiton increases beyond its threshold. @@ -2088,7 +2091,8 @@ When **Global AES Encryption** is not enabled, this script alerts users in two d * When it is not enabled and the target version is older than 6.1(2), this check is flagged as `MANUAL CHECK REQUIRED` to encourage users to follow the best practice to enable it (and take a configuration back again before the upgrade). -## Service Graph BD Forceful Routing + +### Service Graph BD Forceful Routing Starting from ACI 6.0(2), a bridge domain containing an L4-L7 service graph device (a.k.a service BD) starts to forward packets based on their IP headers even for bridging traffic which used to be forwarded based on their MAC addresses in their ethernet headers and ignored their IP headers. This "forceful routing" is to support IP-based selectors in ESG or microsegement EPG (uSeg EPG) when service graph is configured between those ESGs/uSeg EPGs and they are in the same bridge domain as the service graph device. @@ -2138,6 +2142,12 @@ See below for the workaround and examples of traffic that will stop working afte See [SNAT Traffic for Kubernetes with Cisco ACI CNI][52] for details about ACI CNI with SNAT. +### AVE End-of-life +As outlined in the [End-of-Sale and End-of-Life Announcement for Cisco Application Centric Infrastructure Virtual Edge and Virtual Pod][55], the Cisco ACI Virtual Edge (AVE) Domain is end-of-life and end-of-support for ACI releases 6.0 and above. + +If planning an upgrade to 6.0+, review the [Cisco ACI Virtual Edge Migration Guide][56] and complete a domain migration prior to performing the upgrade. + + ## Defect Check Details ### EP Announce Compatibility @@ -2536,4 +2546,6 @@ This check logs in to each APIC, checks the contents of the `/data2/dbstats/` di [51]: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html [52]: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/cisco-aci-plug-in-snat-on-egress.html [53]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw45531 -[54]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt47850 \ No newline at end of file +[54]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt47850 +[55]: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/application-policy-infrastructure-controller-apic/eol-apic-virtual-edge-pod-pb.html +[56]: https://www.cisco.com/c/en/us/td/docs/dcn/whitepapers/cisco-aci-virtual-edge-migration.html \ No newline at end of file diff --git a/tests/ave_eol_check/test_ave_eol_check.py b/tests/ave_eol_check/test_ave_eol_check.py new file mode 100644 index 00000000..5ec32ba3 --- /dev/null +++ b/tests/ave_eol_check/test_ave_eol_check.py @@ -0,0 +1,49 @@ +import os +import pytest +import logging +import importlib +from helpers.utils import read_data + +script = importlib.import_module("aci-preupgrade-validation-script") + +log = logging.getLogger(__name__) +dir = os.path.dirname(os.path.abspath(__file__)) + + +# icurl queries + +ave_api = 'vmmDomP.json' +ave_api += '?query-target-filter=eq(vmmDomP.enableAVE,"true")' + +@pytest.mark.parametrize( + "icurl_outputs, tversion, expected_result", + [ + # FABRIC HAS AVE and going to affected tversion + ( + {ave_api: read_data(dir, "vmmDomP_POS.json")}, + "6.1(3b)", + script.FAIL_O, + ), + # FABRIC HAS AVE and going to NOT-affected tversion + ( + {ave_api: read_data(dir, "vmmDomP_POS.json")}, + "5.2(7e)", + script.PASS, + ), + # NO AVE + ( + {ave_api: []}, + "6.1(3b)", + script.PASS, + ), + # NO TVERSION + ( + {ave_api: []}, + None, + script.MANUAL, + ), + ], +) +def test_logic(mock_icurl, tversion, expected_result): + result = script.ave_eol_check(1, 1, script.AciVersion(tversion) if tversion else None) + assert result == expected_result diff --git a/tests/ave_eol_check/vmmDomP_POS.json b/tests/ave_eol_check/vmmDomP_POS.json new file mode 100644 index 00000000..99f52664 --- /dev/null +++ b/tests/ave_eol_check/vmmDomP_POS.json @@ -0,0 +1,9 @@ +[{ + "vmmDomP": { + "attributes": { + "dn": "uni/vmmp-VMware/dom-my-ave", + "enableAVE": "yes", + "name": "my-ave" + } + } +}] From 431a437d44a5d779120c699c77d0eaead1ac8640 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Mon, 21 Apr 2025 15:27:29 -0400 Subject: [PATCH 2/4] fix sw_cversions check ERROR --- aci-preupgrade-validation-script.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/aci-preupgrade-validation-script.py b/aci-preupgrade-validation-script.py index b7108701..8db8918f 100644 --- a/aci-preupgrade-validation-script.py +++ b/aci-preupgrade-validation-script.py @@ -3282,7 +3282,7 @@ def telemetryStatsServerP_object_check(index, total_checks, sw_cversion=None, tv print_title(title, index, total_checks) if not sw_cversion or not tversion: - print_result(title, MANUAL, 'Current and target Switch version not supplied. Skipping.') + print_result(title, MANUAL, 'Current or target Switch version not supplied. Skipping.') return MANUAL if sw_cversion.older_than("4.2(4d)") and tversion.newer_than("5.2(2d)"): @@ -4205,8 +4205,8 @@ def unsupported_fec_configuration_ex_check(index, total_checks, sw_cversion, tve doc_url = 'https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations/#unsupported-fec-configuration-for-n9k-c93180yc-ex' print_title(title, index, total_checks) - if not tversion: - print_result(title, MANUAL, "Target version not supplied. Skipping.") + if not sw_cversion or not tversion: + print_result(title, MANUAL, "Switch or Target switch version not supplied. Skipping.") return MANUAL if sw_cversion.older_than('5.0(1a)') and tversion.newer_than("5.0(1a)"): From 29ed4b1e6b91cd11a417ff085771de07cddd7eff Mon Sep 17 00:00:00 2001 From: Gabriel Date: Mon, 21 Apr 2025 15:37:19 -0400 Subject: [PATCH 3/4] PASS to NA --- aci-preupgrade-validation-script.py | 2 +- tests/ave_eol_check/test_ave_eol_check.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/aci-preupgrade-validation-script.py b/aci-preupgrade-validation-script.py index 8db8918f..d6cf07b6 100644 --- a/aci-preupgrade-validation-script.py +++ b/aci-preupgrade-validation-script.py @@ -5064,7 +5064,7 @@ def observer_db_size_check(index, total_checks, username, password, **kwargs): def ave_eol_check(index, total_checks, tversion, **kwargs): title = 'AVE End-of-Life' - result = PASS + result = NA msg = '' headers = ["AVE Domain Name"] data = [] diff --git a/tests/ave_eol_check/test_ave_eol_check.py b/tests/ave_eol_check/test_ave_eol_check.py index 5ec32ba3..38db4384 100644 --- a/tests/ave_eol_check/test_ave_eol_check.py +++ b/tests/ave_eol_check/test_ave_eol_check.py @@ -28,13 +28,13 @@ ( {ave_api: read_data(dir, "vmmDomP_POS.json")}, "5.2(7e)", - script.PASS, + script.NA, ), # NO AVE ( {ave_api: []}, "6.1(3b)", - script.PASS, + script.NA, ), # NO TVERSION ( From 09bf4ea7caef55c781acc2776f076f3e7467789f Mon Sep 17 00:00:00 2001 From: Gabriel Date: Mon, 21 Apr 2025 15:42:46 -0400 Subject: [PATCH 4/4] fix verbiage --- aci-preupgrade-validation-script.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aci-preupgrade-validation-script.py b/aci-preupgrade-validation-script.py index d6cf07b6..cc02e286 100644 --- a/aci-preupgrade-validation-script.py +++ b/aci-preupgrade-validation-script.py @@ -4206,7 +4206,7 @@ def unsupported_fec_configuration_ex_check(index, total_checks, sw_cversion, tve print_title(title, index, total_checks) if not sw_cversion or not tversion: - print_result(title, MANUAL, "Switch or Target switch version not supplied. Skipping.") + print_result(title, MANUAL, "Current or Target switch version not supplied. Skipping.") return MANUAL if sw_cversion.older_than('5.0(1a)') and tversion.newer_than("5.0(1a)"):