Storage Provisioning Using OnCommand Workflow Automation ... - netapp.com · Technical Report Using OnCommand Workflow Automation with the WFA Pack for ACI to Provision Storage Networks

Technical Report

Using OnCommand Workflow Automation with the WFA Pack for ACI to Provision Storage Networks Dave Derry, NetApp

September 2017 | TR-4588

Abstract NetApp® OnCommand® Workflow Automation (WFA) is a powerful, easy-to-use framework for automating storage-centric administrative tasks. The WFA pack for ACI extends the WFA framework to include interaction with a Cisco ACI controller (APIC) so that storage-related networking administration can be included in the automated workflows in an ACI environment. This document introduces the WFA pack for ACI, along with some examples showing typical uses.

2 Using OnCommand Workflow Automation with the WFA Pack for ACI to Provision Storage Networks

© 2017 NetApp, Inc. All rights reserved. © 2016 NetApp, Inc. All rights reserved.

TABLE OF CONTENTS

1 Introduction ........................................................................................................................................... 3

2 New WFA Components for ACI ........................................................................................................... 3

2.1 Credentials: APIC ...........................................................................................................................................4

2.2 Data Source: APIC Data Source .....................................................................................................................5

2.3 Schemes: APIC ...............................................................................................................................................5

2.4 Dictionary ........................................................................................................................................................5

2.5 Commands ......................................................................................................................................................5

2.6 Workflows Included in the ACI WFA Pack .................................................................................................... 11

3 Example ACI Workflows .................................................................................................................... 13

3.1 Add ifgrp/vPC ................................................................................................................................................ 13

3.2 Add LUN with iSCSI Access ......................................................................................................................... 22

Version History ......................................................................................................................................... 26

LIST OF TABLES

Table 1) SQL for all query-type inputs in ACI – Add ifgrp/vPC example workflow. ....................................................... 19



1 Introduction

OnCommand Workflow Automation (WFA) is a NetApp software solution that helps to automate storage

management tasks, such as provisioning, migration, decommissioning, data protection configurations,

and cloning storage. You can use WFA to build workflows to complete tasks that are specified by your

organization’s processes.

WFA uses a client-server architecture. The server application software is available for Linux and Windows

hosts by download from the NetApp Support site. After the server application is installed, users access it

using a web browser.

The software that implements the automation is a set of modular workflow packs. Several packs covering

basic functionality are bundled into the server software download package and are available immediately.

More functionality can be added by downloading additional packs from NetApp’s Automation Store site

and importing them into the WFA server using the web browser interface. (Select the Administration menu

in the upper-left corner, then the Import menu item.)

Application Centric Infrastructure (ACI) is Cisco’s flagship software-defined networking (SDN) product,

based on Cisco Nexus 9000 series switches. Instead of the traditional model in which each switch in a

network is a discrete management point, ACI has a single management point: the Application Policy

Infrastructure Controller (APIC). Cisco recommends three physical APICs for redundancy; but all of the

APICs have a consistent copy of the network database and function as a single management point. The

APIC provides several interfaces (for example, web browser, API) for administrative tasks to be executed

on the network database that resides on the APIC. After the task is completed on the APIC, the APIC

pushes the new configuration out to the affected switches.

The WFA pack for ACI (ACI WFA pack) is a workflow pack written by NetApp that extends WFA capability

to support limited interaction with an APIC. The word “limited” indicates that the ACI WFA pack does not

convert a WFA server into a comprehensive ACI management platform. Rather, it means that a set of

storage-related network configuration functions are supported so that they can be included in WFA

workflows in an ACI environment.

This document describes how the ACI WFA pack interacts with an APIC and provides an example

workflow.

2 New WFA Components for ACI

The ACI WFA pack adds the following components to WFA:

• Credentials: APIC

• Data Sources: APIC Data Source

• Schemes: APIC

• Dictionary:

Application_Profile

contracts

Controller

End_Point_Group

physicalport

switch

Tenant

vpcbundle

• Commands:

http://automationstore.netapp.com/home.shtml



Create Storage Contract

Remove Storage Contracts

Create EPG

Remove EPG

Provide Storage Contract

Consume Storage Contract

Add VLAN Bundle

Delete VLAN Bundle

Create VPC Bundle

Create Port Specific VPC Bundle

2.1 Credentials: APIC

The ACI WFA pack configures the APIC, so suitable credentials must be provided.

Adding APIC credentials requires the following parameters:

• Match: Exact

• Type: APIC

• Name: Either an IP address or a host name that the underlying DNS service can resolve

• User name: User name to use for authentication on the APIC

• Password: Password to use for authentication on the APIC

The remaining parameters (Overwrite defaults, Protocol, Port, and Timeout) define the communications

behavior between WFA and the APIC. These parameters should be left at the default settings

(unchecked, HTTPS, 443, and 60) unless otherwise advised by NetApp Engineering.



2.2 Data Source: APIC Data Source

The ACI WFA pack must be able to query for existing data from the APIC, so the APIC must be

configured as a data source within WFA.

Adding an APIC DataSource requires the following parameters:

• Name: A string, to make it easy for admins to identify the object within WFA. It is not used during communications with the APIC.

• Host name: Either an IP address or a host name that the underlying DNS service can resolve.

• Port: TCP port on which to communicate (typically 443).

• User name: User name to use for authentication on the APIC.

• Password: Password to use for authentication on the APIC.

The remaining parameters (Database, Interval, and Timeout) define the communications behavior

between WFA and the APIC. These parameters should be left at the default settings (blank, 1440, and

600) unless otherwise advised by NetApp Engineering.

2.3 Schemes: APIC

The ACI WFA pack adds the APIC scheme to WFA.

2.4 Dictionary

The ACI WFA pack adds the following items to the WFA dictionary:

• Application_Profile

• contracts

• Controller

• End_Point_Group

• physicalport

• switch

• Tenant

• vpcbundle

2.5 Commands

The ACI WFA pack adds the following WFA commands:



• Create Storage Contract

• Remove Storage Contracts

• Create EPG

• Remove EPG

• Provide Storage Contract

• Consume Storage Contract

• Create VPC Bundle

• Create Port Specific VPC Bundle

• Add VLAN Bundle

• Delete VLAN Bundle

These commands perform specific configuration tasks on the APIC. They are implemented as Perl

scripts, which are visible through the WFA Designer page. These APIC-related commands are combined

with storage system-related commands to build automated workflows. The following section provides

more details about each command.

Create Storage Contract

This command creates a comprehensive set of storage-related protocol filters and contracts under a

tenant (and also a set under the common tenant) that are used by later provisioning steps. It is run each

time a new tenant is created and has the following two mandatory input parameters:

• APIC_IP (string): Must match an APIC that exists in the WFA credentials table.

• Tenant (string): Must exist on the specified APIC.

The command creates the following contracts (with the corresponding filters) within the specified tenant:

• naBasicNFS (TCP 111, 1110, 2049, 4045; UDP 111, 1110, 2049, 4045)

• naLDAPnfs (TCP 111, 389, 636, 1110, 2049, 4045; UDP 111, 389, 1110, 2049, 4045)

• naBasicCIFS (TCP from 137 to 139, 445; UDP from 135 to 137)

• naLDAPcifs (TCP from 137 to 139, 389, 445, 636; UDP from 135 to 137, 389)

• naISCSI (TCP 860, 3260)

• naFASMgmt (TCP 25, 80, 443)

• naVSCVSphere (TCP 8043, 8143)

• naVSCxen (TCP 25, 80, 443, 8143)

• naVSCrhev (TCP 25, 80, 443, 8143)

• naDataProtect (TCP from 11104 to 11105, UDP from 11104 to 11105)

• naSD (TCP from 4094 to 4095)

• naSMHyperV (TCP 808)

• naSMExchange (TCP 810)

• naSMSql (TCP 808)

• naSMO (TCP 1521, from 27214 to 27215)

• naSMSAP (TCP 1521, 1527, from 27314 to 27315)

• naSMSP (TCP from 14000 to 14007)

The command first creates the filters in the specified tenant; then it creates the contracts in the specified

tenant, specifying the appropriate filters. It then creates the filters in the common tenant and then the

contracts in the common tenant.



Note: Unidirectional filters in the preceding list indicate the direction; if no direction is listed, then the filter is bidirectional.

The command checks the return code from the APIC after each of the four creation steps: filters,

contracts, in the specified tenant, and in the common tenant. In any of these checks, anything other than

an HTTP 200 (OK) causes the command to log an error message with the return code and terminate.


This command deletes the comprehensive set of storage-related protocol filters and contracts under a

tenant that was created by the Create Storage Contract command. It runs each time a tenant is deleted,

and it has the following two mandatory input parameters:



Note: Unlike the Create Storage Contract command, this command only removes the filters and contracts in the specified tenant. It does not delete the contracts and filters from the common tenant. To remove them from the common tenant, simply invoke this command specifying the common tenant.

The command first deletes the contracts in the specified tenant, then deletes the filters in the specified

tenant. It checks the return code from the APIC after each of the deletion steps. In any of these checks,

anything other than an HTTP 200 (OK) causes the command to log an error message with the return

code and terminate.

Create EPG

Note: In the original release of this command, the values field of the six enum type parameters (EpgType, Intra_Epg_Isolation, QoS_Class, uSeg_Attribute, VM_Attribute_Filter_Operator, and VM_Attribute_Filter_Type) uses a newline as a delimiter for the enum options in the Parameter Definitions. That method works when testing the command by itself in the WFA Designer, but it may cause the command to fail when it is embedded in a workflow. This issue will be fixed in a future release of the ACI WFA pack. In the meantime, you can work around this issue by changing the newline delimiter to a comma. For example, the EpgType parameter in the affected version has “Application Epg” and “uSeg Epg” on two lines; the workaround is to have both strings, with a comma delimiter, on one line: “Application Epg,uSeg Epg”.

This command creates an Endpoint Group (EPG) on the APIC. The EPG can be either of the two types

supported in ACI: An Application EPG or a Microsegmentation EPG.

Application EPG. An Application EPG is a collection of endpoints (for example, physical or virtual servers) that have common policy requirements. In ACI, policies are applied at the EPG level, not the individual endpoint level. That simplifies adding, subtracting, and moving endpoints, because the policies do not change during these common admin tasks. An example of application EPGs is a set of web servers and the set of application servers that generate content for them: In that scenario, the web servers are in one EPG, and the application servers are in another EPG. The policies applied to the EPGs (such as protocol filters and access lists implemented as ACI contracts) dictate what traffic passes between members of the two EPGs.

Microsegmentation EPG. Because they deal with communications between client endpoints and their server endpoints, Application EPGs are said to have a “north-south” orientation; that is, they address communications between different tiers. However, they do not address “east-west” traffic; that is, communications within a tier. Load-balancing architectures within a tier will often have many parallel servers (for example, web servers) connected to the same subnet/broadcast domain. Since that architecture is so common, it has become a favorite target of security exploit developers. Microsegmentation (“uSeg”) was developed to allow more granular control of traffic, including east-west traffic. In ACI, microsegmentation is implemented at the EPG level and can be based on IP addresses, MAC addresses, or VM attributes defined on the virtualization controller (for example, vCenter).



This command is run whenever a new EPG is added, and it has 21 input parameters (14 of which are

mandatory, 7 of which are optional).

Parameters used in creation of both EPG types:

• APIC_IP (string; mandatory): Must match an APIC that exists in the WFA credentials table.

• ApplicationProfile (string; mandatory): Must exist on the specified APIC.

• BroadcastDomain (string; mandatory): In ACI parlance, this is the Bridge Domain.

• EpgType (enum; mandatory)

• Tenant (string; mandatory): Must exist on the specified APIC.

• Intra_Epg_Isolation (enum; optional)

• QoS_Class (enum; optional)

Parameters used in Application EPG creation:

• Application_Epg_Name (string; mandatory)

• CustomQOSPolicyName (string; optional)

• MonitoringPolicy (string; optional)

Parameters used in uSeg EPG creation (all filter types):

• uSeg_Epg_Name (string; mandatory)

• uSeg_Attribute (enum; optional)

Parameters used in IP-based uSeg EPG creation:

• IP_Address (string; mandatory)

• Ip_Attribute_Filter_Name (string; mandatory)

Parameters used in MAC-based uSeg EPG creation:

• MAC_Address (string; mandatory)

• MAC_Attribute_Filter_Name (string; mandatory)

Parameters used in VM Attribute-based uSeg EPG creation:

• VM_Attribute_Filter_Name (string; mandatory)

• VM_Attribute_Filter_Operator (enum; mandatory)

• VM_Attribute_Filter_Value (string; mandatory)

• VM_Attribute_Custom_Attribute_Name (string; mandatory)

• VM_Attribute_Filter_Type (enum; optional)

Each EPG/filter combination has a specific XML format with varying required and optional parameters.

The WFA mandatory parameters are the superset of all of the APIC-required parameters, for all EPG/filter

combinations. Therefore, it is important to know where each parameter is used.

For example, to create a MAC-based uSeg EPG, the operator has to specify accurate values for at least

eight parameters (the five mandatory for both EPG types; the one mandatory for all uSeg EPGs; and the

two required for MAC-based uSeg EPGs). The remaining seven WFA mandatory parameters (one for

Application EPGs; two for IP-based uSeg EPGs; and four for VM attribute-based EPGs) still have to be

non-null to pass input checking, but don’t have to be meaningful because they are not used to create the

MAC-based XML string.

This command is primarily about building the appropriate XML string from the input parameters to create

the desired EPG via the APIC’s REST API interface. After it submits the EPG create operation, it checks

the return code from the APIC. Anything other than an HTTP 200 (OK) causes the command to log an

error message with the return code and terminate.



Remove EPG

This command deletes the specified EPG from the APIC. It is run whenever an EPG is to be removed,

and has the following four mandatory parameters:


• ApplicationProfile (string): Must exist on the specified APIC.

• Epg (string): Must exist on the specified APIC.

• Tenant (string; mandatory): Must exist on the specified APIC.

The command deletes the EPG and checks the return code from the APIC. Anything other than an HTTP

200 (OK) causes the command to log an error message with the return code and terminate.


This command adds an existing contract as a provided contract on an existing endpoint group (EPG). It

runs each time a provider EPG is created, and it has the following five mandatory input parameters:



• ApplicationProfile (string): Must exist within the specified tenant.

• EndPointGroup (string): Must exist within the specified application profile.

• Contract (string): Must exist within the specified tenant or the common tenant.

The command adds the specified contract as a provided contract on the specified EPG. Finally, it checks

the return code from the APIC; anything other than an HTTP 200 (OK) causes the command to log an

error message with the return code and terminate.


This command adds an existing contract as a consumed contract on an existing EPG. It runs each time a

consumer EPG is created, and it has the following five mandatory input parameters:






The command adds the specified contract as a consumed contract on the specified EPG. Finally, it

checks the return code from the APIC; anything other than an HTTP 200 (OK) causes the command to

log an error message with the return code and terminate.

Create VPC Bundle and Create Port-Specific VPC Bundle

These two commands do the same thing: create a vPC using exactly two leaf switches. However, they

differ in the way the member ports are specified:

• Create VPC Bundle is for consecutive ports, supporting a range of one or more consecutive ports on each leaf switch.

• Create Port Specific VPC Bundle is for exactly two ports on each leaf switch; the ports can be either consecutive or nonconsecutive.

To illustrate the difference, here is what happens in each case when the fromPort is specified as eth1/1

and the toPort is specified as eth1/4: Create VPC Bundle creates a vPC with four member ports (eth1/1–

4), while Create Port Specific VPC Bundle creates a vPC with two member ports (eth1/1 and eth 1/4).



These commands are used whenever a new ifgroup from a storage system is connected to the ACI

fabric.

Note: This operation is the network-side corollary of creating an ifgroup on the storage system.

Both commands also create an Interface Policy Group corresponding to the vPC and store the name as a

WFA workflow parameter. That parameter is subsequently used by the Create VLAN Bundle command.

Important note about port specification: Port specification in this command is from a Cisco viewpoint,

where a slash (/) is used as the field delimiter. Each string that is entered to specify a port must contain

one /. This is necessary because the underlying Perl script only uses the consecutive numeric digits that

follow the / to identify the port. So eth1/1 works and 1/1 works, but 1 does not. Also note that if the APIC

is set up as a data source, this requirement is automatically dealt with: The ports are represented as 1/1

in the database.

Important note about subsequent editing of vPC created by this command: The APIC’s web-based

admin tool (which is the main tool for manual administration of the ACI fabric) is not able to view, edit, or

delete vPCs created by the APIC’s API, which is how this command works. The vPC is listed on the

Fabric > Inventory > Topology page of the APIC’s web-based admin tool, but the tool cannot do anything

with it. However, the vPC can be edited and deleted using the APIC CLI.

Both commands have the following nine mandatory input parameters:


• SwitchIDStart (string): The APIC switch ID of the first switch (for example, 103).

• SwitchIDStart_fromPort (string): The first port on the first switch (for example, 1/1).

• SwitchIDStart_toPort (string): The second port on the first switch (for example, 1/1).

• SwitchIDEnd (string): The APIC switch ID of the second switch (for example, 104).

• SwitchIDEnd_fromPort (string): The first port on the second switch (for example, 1/1).

• SwitchIDEnd_toPort (string): The second port on the second switch (for example, 1/1).

• VserverLifName (string): The command includes this string as it builds APIC object names to generate unique names for APIC objects.

• VserverName (string): The command includes this string as it builds APIC object names to generate unique names for APIC objects.

The command creates the vPC on the APIC using the specified switches and ports. It checks the return

code from the APIC; anything other than an HTTP 200 (OK) causes the command to log an error

message with the return code and terminate.

Add VLAN Bundle

This command adds a static port entry under the specified EPG associated with the specified vPC using

the VLAN encapsulation extracted from the port parameter (as discussed later). It is run after adding a

vPC connection to a storage system.

Note: This operation is the network-side corollary of adding a VLAN port to an existing storage system ifgroup.

Important note about port specification: Port specification in this command is from a NetApp VLAN

port viewpoint, where a dash (-) is used as the field delimiter between the ifgroup ID and the VLAN ID (for

example, a0a-3051). The underlying Perl script splits this string on the dash; everything before the dash

becomes the $Ifgrp variable (which is not used by the command) and everything after the dash becomes

the $Encapsulation variable. The command appends $Encapsulation to vlan- to create the encapsulation

parameter string (vlan-3051) that it sends to the APIC.

This command has the following eight mandatory input parameters:







• SwitchIDStart (string): The APIC switch ID of the first switch (for example, 103).

• SwitchIDEnd (string): The APIC switch ID of the second switch (for example, 104).

• Port (string): The corresponding storage system’s VLAN port name (for example, a0a-3051).

• OperationMode (enum: either Immediate or OnDemand).

The command adds the static port and checks the return code from the APIC; anything other than an

HTTP 200 (OK) causes the command to log an error message with the return code and terminate.

Delete VLAN Bundle

This command deletes the static port entry that was created by the Add VLAN Bundle command. It is run

before removing a vPC connection to a storage system and has the following six mandatory input

parameters:





• VpcBundleName (string): The name of the vPC that corresponds to the static port.

• Port (string): The corresponding storage system’s VLAN port name (for example, a0a-3051).

The command deletes the static port and checks the return code from the APIC; anything other than an

HTTP 200 (OK) causes the command to log an error message with the return code and terminate.

2.6 Workflows Included in the ACI WFA Pack

The ACI WFA pack includes the following WFA workflows under the APIC scheme:

• Create Storage Contracts

• Remove Storage Contracts

• Add VLAN tagged ifgrp to tn/app/epg

• Remove VLAN tagged ifgrp from tn/app/epg

• Provide Storage Contract

• Consume Storage Contract

Here are more details about each workflow.

Create Storage Contracts

This workflow does one thing: It calls the Create Storage Contract command to create a comprehensive

set of storage-related protocol filters and contracts under a specified tenant and under the common

tenant. It is run each time a new tenant is created and has the following two mandatory input parameters:

• Controller (string): Must match an APIC that exists in the WFA credentials table.


Official documentation for this workflow is available in WFA pack for ACI-Help-2 here:

https://automationstore.netapp.com/workflowHelp.shtml?packUuid=WFA_pack_for_ACI&packVersion=1.

0.0

https://automationstore.netapp.com/workflowHelp.shtml?packUuid=WFA_pack_for_ACI&packVersion=1.0.0





This workflow does one thing: It calls the Remove Storage Contract command to remove the

comprehensive set of storage-related protocol filters and contracts under the specified tenant that was

created by the Create Storage Contract command. It does not remove the set created under the common

tenant. It runs each time a tenant is deleted, and it has the following two mandatory input parameters:





0.0

Add VLAN Tagged ifgrp to tn/app/epg

This workflow calls seven WFA commands from both the APIC scheme and the cm_storage scheme. It is

intended to set up the vPC in ACI that corresponds to an existing ifgrp on a storage system. However,

there are a few aspects of the workflow that might limit its operational usefulness:

• This workflow does not create an ifgrp on the storage system; rather, it requires that the specified ifgrp already exist on the storage system. Operationally, it is probably more useful to include the storage system ifgrp creation in the workflow to reduce the number of workflows required to put a new storage system online.

• This workflow calls both the Create VPC Bundle command and the Create Port Specific VPC Bundle command. These commands do the same thing—create a vPC on two leaf switches—and differ only in how the ports are specified. Therefore, it is unlikely they would both be used in the same workflow.

However, this workflow serves as a great example of how to combine granular commands into a complex

workflow. Official documentation for this workflow is available in WFA pack for ACI-Help-1 here:


0.0

Remove VLAN Tagged ifgrp from tn/app/epg

This workflow calls four commands: three from the cm_storage scheme and one from the APIC scheme:

• verify ifgrp true (cm_storage)

• VLAN Tag (cm_storage)

• Remove a Port from FailoverGroup (cm_storage)

• Delete VLAN Bundle (APIC)

The name of this workflow suggests that the intent was to reverse the actions of the Add VLAN tagged

ifgrp to tn/app/epg: that is, remove the vPC from ACI that corresponds to an ifgrp on a storage system.

However, it does not do that: It goes as far as removing a static port (analogous to a VLAN port in the

storage system world) from the vPC, but it leaves the vPC intact in ACI. Official documentation for this

workflow is available in WFA pack for ACI-Help-6 here:


0.0


This workflow does one thing: It calls the Provide Storage Contract command to add an existing contract

as a provided contract on an existing EPG. It runs each time a provider EPG is created, and it has the

following five mandatory input parameters:
















0.0


This workflow does one thing: It calls the Consume Storage Contract command to add an existing

contract as a consumed contract on an existing EPG. It runs each time a provider EPG is created, and it

has the following five mandatory input parameters:








0.0

3 Example ACI Workflows

3.1 Add ifgrp/vPC

Adding network connectivity to a storage system is a common operational task. At layer 1 in a data center

context, that means connecting cables from at least two data ports on the storage system to one port

each on two redundant network switches, then configuring an ifgrp on the storage system and a vPC on

the two switches.

Although it would be great to automate running the cables, that is beyond the scope of WFA. However,

the configuration part is well within the current capabilities of WFA. Configuring the ifgrp is an existing

WFA capability, provided by the Day-0 WFA pack. Configuring the vPC is a new capability, provided by

the ACI WFA pack.

In this workflow, we use the Create Interface Groups command from the Day-0 WFA pack, along with the

Create VPC Bundle command from the ACI WFA pack. Both packs are available the NetApp Automation

Store.

To create the workflow, complete the following steps:

1. Go to the Designer tab in WFA and click the New Workflow button in the toolbar.

2. Add steps to the workflow by dragging them from the left pane (Available Steps) to the top section of the right pane.

To find the Create Interface Groups command more quickly, type “interface” in the search box at the top of the left pane to filter on that keyword. The result is depicted in the following screenshot.









3. Drag the Create Interface Groups command up to the workflow and then repeat with the Create VPC Bundle command (filtering on VPC to find it quickly). Save the workflow.



4. Next, define the parameters that each command expects.

You can look at the underlying code to see what it is expecting. Select the Edit button for the command from the workflow (as shown in the following image). That opens the definition for that command.



5. To open the parameters screen for a command, hover the mouse pointer in the main pane directly under the command and to the right of the 1 (which indicates this is row 1). A box with a + in the center displays under the mouse pointer; click that box to add the parameter definition. The parameters screen for the command opens automatically.

The parameter definitions for the Create Interface Groups command are as follows:

a. Enter $Cluster in the corresponding text box. Cluster is used verbatim to establish the connection to the storage system, so the value for Cluster must match an entry defined in Credentials.

b. Enter $Nodes in the corresponding text box. Nodes is split on commas to produce an array of nodes that is iterated through further down in the script.

c. Enter $IFGroup in the corresponding text box. IFGroup is also split on commas to produce an array of ifgrps that is iterated through further down in the script. (For this example, we are only doing one ifgrp.) However, there is more here than just a simple string. Each ifgrp string (after the whole string is split at the commas) is further split on /~/ into three fields: ifGroupName, mode, and ports. This suggests that the IFGroup data is entered using a table.

d. Click OK to save the parameter definitions.

6. Next, define the parameters for the Create VPC Bundle command. The parameters are entered across several tabs.

Because we discussed the inputs for that command in the Commands section, earlier, we know the nine strings that it is expecting as input:

a. Enter the following in the corresponding text boxes: $APIC_IP, $SwitchIDStart, $SwitchIDStart_Port, $SwitchIDEnd, $SwitchIDEnd_ Port, $VserverLifName, and $VserverName.

Note that this is seven strings, while the command requires nine strings. That is because we are only using one port on each switch, so we are using one input to cover the fromPort and toPort variable for each switch.



7. Next, move on to the Details tab to enter miscellaneous info about the workflow.

8. Next, enter information in the User Inputs tab, which is shown in the following three graphics.

The first graphic shows the full table.



The second graphic shows the edit screen for one of the inputs. This input type is Query, so the SQL Query screen (available at the highlighted link) is also open. Table 1 shows the SQL for all Query-type inputs used in this workflow.

The third graphic shows the edit screen for IFGroup Input, which is the table type. The Column Headers screen (available at the highlighted link) is also open, showing the column definitions.



Table 1) SQL for all query-type inputs in ACI – Add ifgrp/vPC example workflow.

SQL for … … Is This

Storage system cluster management IP

SELECT

cluster.primary_address AS 'Cluster IP',

cluster.name AS 'Cluster Name',

cluster.version AS 'ONTAP Version'

FROM

cm_storage.cluster

Storage system node name SELECT

distinct node.name as 'Node Name',

node.model as 'Model'

FROM

cm_storage.node,

cm_storage.cluster Cluster,

cm_storage.aggregate Aggregate

WHERE

node.id = aggregate.node_id

AND Cluster.id = Node.cluster_id

AND (

Cluster.name = '${Cluster}'

OR cluster.primary_address = '${Cluster}'

)



SQL for … … Is This

APIC SELECT

apic_mgmt_ip AS 'Controller IP Address'

FROM

APIC.controller

ORDER BY

apic_mgmt_ip ASC

ACI switches SELECT

distinct switch.switch_node_id AS 'Switch node ID'

FROM

APIC.switch,

APIC.controller

WHERE

switch.controller_id = controller.id

AND controller.apic_mgmt_ip = '${Controller}'

ACI switch ports SELECT

distinct physicalport.port AS "Port"

FROM

APIC.switch,

APIC.physicalport

WHERE

physicalport.switch_node_id = switch.id

AND switch.switch_node_id = '${SwitchIDStart}'

Note: Replace the highlighted Start with End for the second switch.

9. After the user inputs are defined, test the workflow by executing it from the Designer tab in WFA. Here is an example:



After the workflow is run, a confirmation message is shown.



3.2 Add LUN with iSCSI Access

Note: This workflow uses the Create EPG command, which may have a condition that affects its use in workflows. See the note in the Create EPG command description above.

Another common operational task is to provision storage, and then configure the required network

connectivity to provide access to that storage. In this example, we are building a WFA workflow that adds

a LUN on a storage cluster and then configures the ACI network to provide iSCSI access to that LUN. We

can draw from the existing automation and reuse other workflows.

1. In the WFA Designer, open the existing “Create, map, and protect Clustered Data ONTAP LUNs with SnapMirror” workflow and save it as a new workflow, named “ACI – Add LUN with iSCSI access”.

2. Delete the three SnapMirror-related commands (“Create Secondary Volume”, “Define Schedule”, and “Create SnapMirror relationship”) from the new workflow. To delete the commands, click the X that displays in the upper right corner of each command when you hover over it with the cursor (as indicated by the red arrow in the graphic).

In a production version of this workflow, it might be advisable to leave them in place as part of the data protection strategy for the LUN.



3. Next, add two instances of the Create EPG command (one for fabric A, the other for fabric B).

Recall that these two commands do not have the “APIC” schema set, so they will appear under the “none” schema. In the graphic, we filtered on “EPG” to make it easier to find them. We also use Create EPG X, which is a modified version of the Create EPG command that includes the enum delimiter workaround discussed in the Create EPG command description above.



4. Define the parameters for the two instances of the Create EPG command. Put them in row 3 because row 2 is a repeat row for LUN creation.

a) Hover the cursor in row 3 under the command you are working on to open the parameters screen. The parameters screen for the Create EPG presents us with 21 paramer boxes, 14 of which are mandatory.

b) Since we are creating an Application EPG, which only uses six of the 14 mandatory parameters, put the string “ignore” (including the quote marks) in seven of the eight mandatory, but unused, parameters.

c) Parameters EpgType and VM_Attribute_Filter_Operator are enums, so enter strings “Application Epg” and “Contains” (without the quote marks) for those, respectively.

The following graphic shows the completed parameter screen for EPG “iSCSI-A”.

5. Repeat the previous step for EPG “iSCSI-B”.

6. Update the descriptive info on the Details tab and remove all of the secondary_volume parameters on the Return Parameters tab.

Those parameters were related to the SnapMirror commands that you deleted. If you retained the SnapMirror commands in your workflow, then you can retain these SnapMirror-related return parameters.

The workflow has residual help content on the Help Content tab. We won’t update that in this example, but it should be updated in a production workflow.

7. Make two changes to the parameters from the original workflow on the User Inputs tab:

• In the NoOfLUNs parameter, change the default value from 5 to 1.



• In the Protocol parameter, remove the “fcp” and “mixed” options, leaving only “iscsi”.

Three of the six mandatory (and used) parameters for the Create EPG commands (Epg_Type, Application_Epg_Name, and BroadcastDomain) were entered as fixed values, so they do not display in the table on the User Inputs tab.

8. The other three mandatory (and used) parameters for the Create EPG commands (Controller, ApplicationProfile, and Tenant) display in the table. Change these to type “Query” (recall that we can get the query strings from other ACI workflows – see the previous example for details on how to do that) and add them to a group “ACI Details”.

Here is how the table looks after the changes:

9. After the user inputs are defined, test the workflow by executing it from the Designer tab in WFA.



The workflow successfully creates the volume, igroups, and mapped LUN(s) on the storage cluster; and it

creates the EPGs on the APIC. There are a few objects that must be added on the APIC after this

workflow is implemented to complete the ACI configuration. These are child objects of the EPGs and

must be created after the EPGs. These objects include the following items:

• Bridge Domain

• Physical Domains (these may exist already, but they need to be linked to the new EPGs)

• Static Paths

Version History

Version Date Document Version History

Version 1.0 September 2017 Initial release



Refer to the Interoperability Matrix Tool (IMT) on the NetApp Support site to validate that the exact product and feature versions described in this document are supported for your specific environment. The NetApp IMT defines the product components and versions that can be used to construct configurations that are supported by NetApp. Specific results depend on each customer’s installation in accordance with published specifications.

Copyright Information

Copyright © 2017 NetApp, Inc. All rights reserved. Printed in the U.S. No part of this document covered by copyright may be reproduced in any form or by any means—graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an electronic retrieval system—without prior written permission of the copyright owner.

Software derived from copyrighted NetApp material is subject to the following license and disclaimer:

THIS SOFTWARE IS PROVIDED BY NETAPP “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL NETAPP BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

NetApp reserves the right to change any products described herein at any time, and without notice. NetApp assumes no responsibility or liability arising from the use of products described herein, except as expressly agreed to in writing by NetApp. The use or purchase of this product does not convey a license under any patent rights, trademark rights, or any other intellectual property rights of NetApp.

The product described in this manual may be protected by one or more U.S. patents, foreign patents, or pending applications.

RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.277-7103 (October 1988) and FAR 52-227-19 (June 1987).

Trademark Information

NETAPP, the NETAPP logo, and the marks listed at http://www.netapp.com/TM are trademarks of NetApp, Inc. Other company and product names may be trademarks of their respective owners.

http://mysupport.netapp.com/matrix

http://www.netapp.com/TM

Documents

Storage Provisioning Using OnCommand Workflow Automation ... - netapp.com · Technical Report Using OnCommand Workflow Automation with the WFA Pack for ACI to Provision Storage Networks