Cisco NSO Proxy Minion

[tonybaloney]

What does this PR do?

This PR introduces a Proxy Minion for Cisco NSO.

Cisco Network Services Orchestrator (NSO) provides a single pane of glass for orchestrating a multivendor network. To offer support for multivendor devices, it uses network element drivers (NEDs). Traditionally, device adaptors are a major roadblock, since they are not upgraded at the same pace as device interfaces. But adding support for new devices can take months. Cisco NSO NEDs, in contrast, can add new commands and devices in weeks. These drivers also provide extremely fine-grained representation of relevant configuration commands. Using NEDs, NSO also makes device configuration commands available over a networkwide, multivendor command line interface (CLI), APIs, and user interface. In addition, NSO services like VPN can configure a complex multivendor network.

List of devices this enables support for:
Supported devices:

• A10 AX Series
• Arista 7150 Series
• Ciena 3000, 5000, ESM
• H3c S5800 Series
• Overture 1400, 2200, 5000, 5100, 6000
• Accedian MetroNID
• Avaya ERS 4000, SR8000, VSP 9000
• Cisco: APIC-DC, ASA, IOS, IOS XE, IOS XR, er, ME-4600, NX OS,
  Prime Network Registrar, Quantum, StarOS, UCS ManagWSA
• Huawei: NE40E, quidway series, Enterprise Network Simulation Framework
• PaloAlto PA-2000, PA-3000, Virtualized Firewalls
• Adtran 900 Series
• Brocade ADX, MLX, Netiron, Vyatta
• Dell Force 10 Networking S-Series
• Infinera DTN-X Multi-Terabit Packet Optical Network Platform
• Pulsecom SuperG
• Adva 150CC Series
• CableLabs Converged Cable Access Platform
• Ericsson EFN324 Series, SE family
• Juniper: Contrail, EX, M, MX, QFX, SRX, Virtual SRX
• Quagga Routing Software
• Affirmed Networks
• Citrix Netscaler
• F5 BIG-IP
• NEC iPasolink
• Riverbed Steelhead Series
• Alcatel-Lucent 7XXX, SAM
• Clavister
• Fortinet
• Nominum DCS
• Sonus SBC 5000 Series
• Allied Telesys
• Open vSwitch

Tests written?

Yes - they live in the github.com/DimesionDataCBUSydney/pynso module package, I will add proxy minion tests too.

[rallytime]

Should be PyNSO, right?

[rallytime]

@tonybaloney Thanks for starting this! I had a couple of small comments - mostly doc questions. If @cro could look this over too, that would be great.

[tonybaloney]

Fixed the various typos. Still not sure about the correct way to expose the other methods. Should these go into a execution module?

[cro]

Yes, ideally one writes execution modules that access the proxy module with the __proxy__ variable, and then states that handle the 'stateful' part of making the integration 'salty'.

[tonybaloney]

@cro https://github.com/saltstack/salt/blob/develop/salt/modules/philips_hue.py#L58-L59 woah ok that seems really hacky. What is the appropriate way to do this? Which module should I use as a reference?

[cro]

I also recently stumbled on a pattern involving decorators while writing an integration for a customer:

def proxy_oneview_wrap(func):
    '''
    Decorator that wraps calls to hpov functions in such a way that they
    can be called outside a proxy minion, or when running inside a proxy
    minion.  If we are running in a proxy, retrieve the connection details
    from the __proxy__ injected variable.  If we are not, then
    use the connection information passed directly with the function.
    :param func:
    :return:
    '''
    def func_wrapper(*args, **kwargs):
        wrapped_global_namespace = func.func_globals
        kwarg_keys = kwargs.keys()
        if not (kwargs.get('host', None) and kwargs.get('username', None) and
                kwargs.get('password', None)):
            if not salt.utils.is_proxy():
                log.error('Call to hpeov module outside a proxy-minion and without credentials')
            wrapped_global_namespace['hpeov_con'] = __proxy__['hpeov.connection']()
            return func(*args, **kwargs)
        else:
            credential = {'username': kwargs['username'], 'password': kwargs['password']}
            if 'domain' in kwargs:
                credential['domain'] = kwargs['domain']
            try:
                wrapped_global_namespace['hpeov_con'] = hpov.connection(kwargs['host'])
                wrapped_global_namespace['hpeov_con'].login(credential)
            except HPOneViewException as e:
                log.error('Failed to connect and login to OneView.')
                log.error('Message: {0}'.format(e.msg))
                return 'Failed to login to OneView. See log for details.'

        return func(*args, **kwargs)
    return func_wrapper

Then if you have execution modules that could be called standalone without a proxy you can decorate functions in there like so:

def get_servers(host=None, username=None, password=None, domain=None, **kwargs):

Then if you just need to call something one-off you can call it from the command line and pass all the connection params. Or if it's being run inside a proxy, it will use the details provided by the decorator.

[cro]

Yeah, that is kind of hacky. None of our examples do any metaprogramming like that. The nxos proxy in develop might be a good place to look.

[tonybaloney]

@cro I've gone with a more explicit approach. This should help with the docstrings being published to the module docs.

[tonybaloney]

I'd like to get #32792 in before I add tests as well.

[rallytime]

@tonybaloney Did you mean to add three more files to this PR?

• servicenow.py
• tests/unit/init.py
• servicenow_test.py

I'd like to keep those changes separate so we can review them individually, if you don't mind. That way the people tagged in your test update PR can respond there. It kind of looks like GH is doing something tricky here, but I am not sure.

[tonybaloney]

@rallytime ooops! reverted

[tonybaloney]

@cro @rallytime I added a state module for ensuring the configuration of a specific device in the state tree matches a given dict.
That's this PR completed now pending review.

[rallytime]

Technically the changes diction should also have an old key, too, even if it's an empty string or something. Is it possible to get the current config data and place this is on, compare the difference, and report the new config? I'm not familiar with this service, so it might not be, but though I should at least ask. :)

[rallytime]

@tonybaloney OK, I had only one more question/comment. There's also some lint errors that need to be cleaned up.

Otherwise I think this looks good.

[tonybaloney]

@rallytime fixed lint issues and also added a dict compare class to the module to show changes between the actual and the desired states.
all done.