FY22 Hackathon: Single and Simple interface to accelerate multi-domain adoption with DevOps Automation"

by Team “Never Enough”

DevOps Automation can streamline daily operations and eliminate the need to navigate through multiple GUI interfaces to accomplish such routine tasks as house-keeping static routes, VLANs or EPGs.

This Hackathon example is to showcase how we leverage Terraform Cloud, Webex Chatbot and Webhook programming to integrate Cisco Application Centric Infrastructure (ACI), Cisco Firepower Management Center (FMC) and Virtualized Compute infrastructure (VMware in this example) to automate end-to-end Data Center infrastructural provisoning.
image

Pre-requisites

The repository is originally developed to be triggered by a Terraform Cloud account to execute planning, cost estimation and then deployment. Therefore, the login credentials to APIC controller as well as such parameters as the target ACI tenant name are defined in "Variables" section of the Terraform Cloud environment. If the code is to be tested in a private Terraform environment, one may have to manually include these parameters in the variable file.

Requirements

Name Version
terraform >= 1.0.4

Providers

Name Version
aci >= 0.7.1
fmc >= 0.1.1
vsphere >= 2.0.2

Compatibility

This sample is developed and tested with Cisco ACI 5.2(1g) and Terraform Cloud 1.0.4. However, it is expected to work with Cisco ACI >=4.2 and terraform >=0.13.

Use Case Description

A 3-Tier application composing of Web, App and Database Tiers with 2-armed mode Service Graph between App-Tier and Database-Tier is a very typical application profile. This sample serves as a quick reference to create all the necessary components on APIC with Terraform HCL. More complicated applicatioon profiles can be derived from this sample.

image

End-to-end provisioning automation comprises of 3 main steps:

Step 1: Solicit end-user input via a Service Portal

End users input parameters such as EPGs, BDs, Contracts, VM names and what-nots will be gathered by a service portal.
image

image

The input will be converted into tfvars files to be consumed by Terraform Cloud. The update of these files to GitHub repository will trigger Terraform Cloud to kick-start its processing.
image

Step 2: Terraform Cloud and Cisco Multi-Cloud Infrastructure Integration

Terraform files (main.tf, variables.tf.json) will be modified and pushed to github repository which is linked to Terraform Cloud. A Terraform Cloud agent on-premise will push the changes to the APIC controller, the Firepower Management Center and the hypervisor controller.

image

Step 3: Approver will be notified by Webex Chabot for review and approval

A Webhook application will be notified by Terraform Cloud on the change request. This webhook will call Webex Chatbot to formulate an actionable message and post it on the webex team room for attention and follow-up. Once the approver has approved or denied the change request, the webhook will trigger Terraform to continue run or discard the change request. It will also delete the webex actionable message and post another confirmation message as record.
image

Installation

  1. Install and setup your Terraform environment
  2. Copy files (main.tf and variable.tf) onto your Terraform runtime environment
  3. Deploy the webhook program (app/main.py) in your environment which can be accessed by Terraform Cloud and Webex Teams API.
  4. Service Portal can be deployed in your web serving environment which can access your github repository.

Configuration

All terraform variables in this use case are around the 3-tier application sample. It can be modified to cater for any application profile or scenario.

Usage

To provision:

  • Execute with usual terraform init, terraform plan and terraform apply

To destroy:

  • Destroy the deployment with terraform destroy command.

Credits and references

  1. Cisco Infrastructure As Code
  2. ACI provider Terraform
  3. FMC provider Terraform
View code on GitHub

Code Exchange Community

Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
Disclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.