Merge branch 'cvp-cert' into 'master'

networkRob · networkRob · commit 830d34d491a3 · 2023-03-14T15:26:39.000Z
adding cv cert based onboarding

See merge request networkRob/rLab-eos!21
diff --git a/Readme.md b/Readme.md
@@ -76,6 +76,13 @@ topology:
   cvp-key: {CVP_KEY}
   username: {USERNAME}
   password: {PASSWORD}
+cv:
+  nodes: 
+    - {CV_NODE}
+  port: {CV_PORT}
+  auth:
+    cert: {CV_ONBOARDING_TOKEN}
+    path: /mnt/flash
 infra:
   bridge: {MGMT_BRIDGE}
   gateway: {MGMT_NETWORK_GATEWAY}
@@ -107,8 +114,11 @@ iperf:
 commands:
 ```
 
-- The `CVP_IPADDRESS` parameter is optional, this is if a bare startup-config is created and the device should start streaming to CVP.
-- The `CVP_KEY` parameter is optional, this is if a bare startup-config is created and the device should start streaming to CVP.
+- The `CVP_IPADDRESS` parameter is optional, this is if a bare startup-config is created and the device should start streaming to CVP. (Deprecated)
+- The `CVP_KEY` parameter is optional, this is if a bare startup-config is created and the device should start streaming to CVP. (Deprecated)
+- The `CV_NODE` This paramter is to specity the address of the CV instance. Can be a list of Addresses
+- The `CV_PORT` This paramter is to specify the destination port for CV. On-Prem = `9910`, CVaaS = `443`
+- The `CV_ONBOARDING_TOKEN` This parameter is to be populated with a device enrollment token from CV
 - The `USERNAME` parameter is optional, this is if a bare startup-config is created. It will generate a local user account in EOS.
 - The `PASSWORD` parameter is optional, this is if a bare startup-config is created. It will generate the password for the local user account.
 - The `MGMT_BRIDGE` parameter is optional, this is if you wish to attach the cEOS containers Management0 Interface to this network.
diff --git a/build/topo-builder.py b/build/topo-builder.py
@@ -234,13 +234,13 @@ def main(args):
     """
     BASE_TERMINATTR = """
 daemon TerminAttr
-   exec /usr/bin/TerminAttr -cvaddr={0}:9910 -taillogs -cvcompression=gzip -cvauth=key,{1} -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent
+   exec /usr/bin/TerminAttr -cvaddr={0} -taillogs -cvcompression=gzip -cvauth={1} -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent
    no shutdown
 !
     """
     BASE_TERMINATTR_VRF = """
 daemon TerminAttr
-   exec /usr/bin/TerminAttr -cvaddr={0}:9910 -cvvrf={2} -taillogs -cvcompression=gzip -cvauth=key,{1} -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent
+   exec /usr/bin/TerminAttr -cvaddr={0} -cvvrf={2} -taillogs -cvcompression=gzip -cvauth={1} -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent
    no shutdown
 !
     """
@@ -333,6 +333,16 @@ def main(args):
             pS("INFO", "Leveraging default dataplane")
     except:
         pS("INFO", "Leveraging default dataplane")
+    # Check for new CV section
+    if 'cv' in topo_yaml:
+        try:
+            cv_nodes = f":{topo_yaml['cv']['port']},".join(topo_yaml['cv']['nodes'])
+            cv_nodes = f"{cv_nodes}:{topo_yaml['cv']['port']}"
+            cv_auth = f"token,{topo_yaml['cv']['auth']['path']}/token"
+            cv_token = topo_yaml['cv']['auth']['cert']
+        except:
+            pS("INFO", "New CV schema not formatted correctly")
+            cv_nodes = False
     
     # Load and Gather network Link information
     pS("INFO", "Gathering patch cable lengths and quantities...")
@@ -468,11 +478,22 @@ def main(args):
                     _tmp_startup.append(BASE_MGMT_VRF.format(CEOS[_node].ip, topo_yaml['infra']['gateway'], mgmt_vrf))
                 else:    
                     _tmp_startup.append(BASE_MGMT.format(CEOS[_node].ip, topo_yaml['infra']['gateway']))
-                if 'cvpaddress' and 'cvp-key' in topo_yaml['topology']:
+                # Perform eval based on CV schema
+                if cv_nodes:
                     if mgmt_vrf != "default":
-                        _tmp_startup.append(BASE_TERMINATTR_VRF.format(topo_yaml['topology']['cvpaddress'], topo_yaml['topology']['cvp-key'], mgmt_vrf))
+                        _tmp_startup.append(BASE_TERMINATTR_VRF.format(cv_nodes, cv_auth, mgmt_vrf))
                     else:
-                        _tmp_startup.append(BASE_TERMINATTR.format(topo_yaml['topology']['cvpaddress'], topo_yaml['topology']['cvp-key']))
+                        _tmp_startup.append(BASE_TERMINATTR.format(cv_nodes, cv_auth))
+                    # Copy CV Cert info to startup config
+                    create_output.append('echo "{0}" > {1}/{2}/{3}/token\n'.format(cv_token, CONFIGS, _tag, _node))
+                else:
+                    if 'cvpaddress' and 'cvp-key' in topo_yaml['topology']:
+                        if mgmt_vrf != "default":
+                            _cv_node = f"{topo_yaml['topology']['cvpaddress']}:9910"
+                            _cv_auth = f"key,{topo_yaml['topology']['cvp-key']}"
+                            _tmp_startup.append(BASE_TERMINATTR_VRF.format(_cv_node, _cv_auth, mgmt_vrf))
+                        else:
+                            _tmp_startup.append(BASE_TERMINATTR.format(_cv_node, _cv_auth))
             create_output.append('echo "{0}" > {1}/{2}/{3}/startup-config\n'.format(''.join(_tmp_startup), CONFIGS, _tag, _node))
         # Creating anchor containers
 
