Code ExchangeSearchRepository

terraform-aci-tenant

published

Terraform module for deploying Cisco ACI tenants

Tenant
  ├── VRFs
  ├── Bridge domains and subnets
  ├── Application profiles
  ├── EPGs
  ├── Contracts
  ├── Filter and Filter entries
  └── Contract bindings

Installation

When executing terraform init, the module will install automatically.

Usage

Copy and paste into your Terraform configuration, insert the variables, and run terraform init:

module "tenant" {
  source  = "insobi/tenant/aci"
  
  # insert required variables here
}

Example 1

Single tenant deployment

module "aci_tenants" {
  source  = "insobi/tenant/aci"

  tenant = {
    name = "tenant3"
  }

  vrfs = {
    TEST1-VRF = {}
    TEST2-VRF = {}
  }

  bridge_domains = {
    TEST1-BD = { vrf = "TEST1-VRF" }
    TEST2-BD = { vrf = "TEST1-VRF" }
    TEST3-BD = { vrf = "TEST2-VRF" }
    TEST4-BD = { vrf = "TEST2-VRF" }
  }

  subnets = {
    TEST1-SN = { bd = "TEST1-BD", ip = "10.225.3.1/24", scope = ["public"] }
    TEST2-SN = { bd = "TEST2-BD", ip = "10.225.4.1/24", scope = ["public"] }
    TEST3-SN = { bd = "TEST3-BD", ip = "10.225.5.1/24", scope = ["public"] }
    TEST4-SN = { bd = "TEST4-BD", ip = "10.225.6.1/24", scope = ["public"] }
  }

  app_profiles = {
    ap1 = { name = "TEST-AP" }
  }

  epgs = {
    TEST1-EPG = { bd = "TEST1-BD", ap = "TEST-AP", domain = "uni/phys-TEST" }
    TEST2-EPG = { bd = "TEST2-BD", ap = "TEST-AP", domain = "uni/phys-TEST" }
    TEST3-EPG = { bd = "TEST3-BD", ap = "TEST-AP", domain = "uni/phys-TEST" }
    TEST4-EPG = { bd = "TEST4-BD", ap = "TEST-AP", domain = "uni/phys-TEST" }
    TEST5-EPG = { bd = "TEST4-BD", ap = "TEST-AP", domain = "uni/phys-TEST" }
  }

  filters = {
    any = {}
    ssh = {}
    web = {}
  }

  filter_entries = {
    any  = { filter_name = "any", name = "any", dest_from_port = "unspecified", dest_to_port = "unspecified", ether_type = "unspecified", protocol = "unspecified" }, # unspecified icmp igmp tcp egp igp udp icmpv6 eigrp ospfigp pim l2tp           
    ssh  = { filter_name = "ssh", name = "ssh", dest_from_port = "22", dest_to_port = "22", ether_type = "ipv4", protocol = "tcp" },
    web1 = { filter_name = "web", name = "http", dest_from_port = "80", dest_to_port = "80", ether_type = "ipv4", protocol = "tcp" },
    web2 = { filter_name = "web", name = "https", dest_from_port = "443", dest_to_port = "443", ether_type = "ipv4", protocol = "tcp" }
  }

  contracts = {
    any  = { filter = ["any"] }
    ssh  = { filter = ["ssh"] }
    http = { filter = ["http", "https"] }
  }

  contract_bindings = {
    TEST1-EPG-P-1 = { epg = "TEST1-EPG", contract_type = "provider", contract = "any" },
    TEST2-EPG-P-1 = { epg = "TEST2-EPG", contract_type = "provider", contract = "ssh" },
    TEST3-EPG-P-1 = { epg = "TEST3-EPG", contract_type = "provider", contract = "ssh" },
    TEST4-EPG-P-1 = { epg = "TEST4-EPG", contract_type = "provider", contract = "ssh" },
    TEST5-EPG-P-1 = { epg = "TEST5-EPG", contract_type = "provider", contract = "ssh" },
    TEST5-EPG-P-2 = { epg = "TEST5-EPG", contract_type = "provider", contract = "ssh" },
    TEST1-EPG-C-1 = { epg = "TEST1-EPG", contract_type = "consumer", contract = "any" },
    TEST2-EPG-C-1 = { epg = "TEST2-EPG", contract_type = "consumer", contract = "any" },
    TEST3-EPG-C-1 = { epg = "TEST3-EPG", contract_type = "consumer", contract = "any" },
    TEST4-EPG-C-1 = { epg = "TEST4-EPG", contract_type = "consumer", contract = "any" },
    TEST5-EPG-C-1 = { epg = "TEST5-EPG", contract_type = "consumer", contract = "any" }
  }
}

Example 2

Multiple tenants deployment

module "aci_tenants" {
  source            = "insobi/tenant/aci"
  
  for_each          = var.tenants
  tenant            = each.value.tenant
  vrfs              = contains(keys(each.value), "vrfs") ? each.value.vrfs : {}
  bridge_domains    = contains(keys(each.value), "bridge_domains") ? each.value.bridge_domains : {}
  subnets           = contains(keys(each.value), "subnets") ? each.value.subnets : {}
  app_profiles      = contains(keys(each.value), "app_profiles") ? each.value.app_profiles : {}
  epgs              = contains(keys(each.value), "epgs") ? each.value.epgs : {}
  aci_domain        = contains(keys(each.value), "aci_domain") ? each.value.aci_domain : null
  filters           = contains(keys(each.value), "filters") ? each.value.filters : {}
  filter_entries    = contains(keys(each.value), "filter_entries") ? each.value.filter_entries : {}
  contracts         = contains(keys(each.value), "contracts") ? each.value.contracts : {}
  contract_bindings = contains(keys(each.value), "contract_bindings") ? each.value.contract_bindings : {}
}

Example of variable

tenants = {

  tn1 = {
    tenant = { name = "Tenant1" }
    vrfs = { ... }
    ... 
  }

  tn2 = {
    tenant = { name : "Tenant2" }
    vrfs = { ... }
    ...
  }

  ...
}

Requirements

Name Version
terraform >= 0.13.4
aci >= 4.1

Providers

Name Version
aci >= 2.1.0

Inputs

Name Description Type Default Required
tenant ACI Tenant 
map(object({
 name        = string,
 description = optional(string)
}))
 n/a yes
vrfs VRFs 
map(object({
 name = string
}))
 {} no
bridge_domains Bridge domains 
map(object({
 name = string,
 vrf  = string
}))
 {} no
subnets Subnets 
map(object({
 bd    = string,
 ip    = string,
 scope = list(string)
}))
 {} no
app_profile Application profiles 
map(object({
 name = string
}))
 {} no
epgs EPGs 
map(object({
 name      = string,
 bdName    = string,
 apName    = string,
 aciDomain = string
}))
 {} no
filters Filters 
map(object({
 name = string
}))
 {} no
filter_entries Filter entries 
map(object({
 name           = string,
 filter_name    = string,
 dest_from_port = string,
 dest_to_port   = string,
 ether_type     = string,
 protocol       = string
}))
 {} no
contracts Contracts 
map(object({
 name   = string,
 filter = list(string)
}))
 {} no
contract_bindings Contract bindings 
map(object({
 epg           = string,
 contract_type = string,
 contract      = string
}))
 {} no

Outputs

Name Description
tenant ID of Tenant
vrf IDs of VRF
bd IDs of Bridge domain
subnet IDs of Subnet
ap IDs of Application profiles
epg IDs of EPG
filter IDs of Filter
entry IDs of Filter entry
contract IDs of Contract
epg_contract IDs of Contract binding
domain IDs of ACI Domain

Resources

Name Type
aci_tenant resource
aci_vrf resource
aci_bridge_domain resource
aci_subnet resource
aci_application_profile resource
aci_application_epg resource
aci_filter resource
aci_filter_entry resource
aci_contract resource
aci_epg_to_contract resource
aci_epg_to_domain resource
View code on GitHub
Related code repos

    Code Exchange Community

    Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
    Disclaimer:
    Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.