This repository will be archived. It is superseeded by a newer, more simplified Easy ACI, based on a YAML Schema Model.
This Module will be archived in September as I am no longer maintaining it. It is surperseeded above.
The two models were so different I didn't merge them here.
There are two examples in this Repository. The first example is shown in the primary folders:
access-policies/
admin/
fabric-policies/
switch/
system_settings/
tenants/
virtual-networking/
This is to show an example of how the module can be used with a single ACI Fabric.
The more complex example is shown in the ./RICH/
Folder Structure. This is what is being used for our lab in Richfield Ohio. In these examples there are four sub-folders.
RICH/Asgard
- The First ACI FabricRICH/Wakanda
- The Second ACI FabricRICH/Odin
- Nexus Dashboard Orchestrator managing the stretched Tenants Between the two FabricsRICH/shared_settings
- YAML Data that is the same between Asgard and WakandaThe Structure of the YAML Files is very flexible. You can have all the YAML Data in a single file or you can have it in multiple individual folders like is shown in this module. The important part is that the data.utils_yaml_merge.model
is configured to read the folders that you put the Data into. In the single Data Center example the data is read from all the folders in the root path described above (access-policies
, admin
, fabric-policies
, switch
, system-settings
, tenants
, virtual-networking
). In comparison, the Asgard and Wakanda Fabrics, read files in their respective home directory plus they shared data found in the ./RICH/shared_settings
folder.
Additionally because the ./RICH/Odin/
Nexus Dashboard Fabric Only supports pushing configuration with the tenants module, currently, only the built_in_tenants
and tenants
modules are defined. The additional function for Odin
is that it is pulling in the switch_profiles, from both Asgard
and Wakanda
, to build EPG -> Static Path Bindings
in NDO.
variables.auto.tfvars
to match environmentvariables.auto.tfvars
contains Terraform variables that I felt fit better outside of the YAML Data Model. These variables should be configured to be unique to the deployment environment, but examples are shown for the Richfield environemnt in the module.
variables.auto.tfvars
apic
.ndo
../RICH/Odin/
example, it is just using the tenant modules.built_in_tenants
vs tenants
is to make sure objects are always created in common/mgmt first. So they can be consumed by user tenants or Admin/Fabric etc (management EPGs for example). If nothing is being configured in common/mgmt/infra the built_in_tenant
is not necessary.If you would like to enable Autocompletion, Help Context, and Error Validation, (HIGHLY RECOMMENDED
) perform the following configuration in Visual Studio Code.
Extensions
: Search for YAML and Select the 'YAML Language Support by Red Hat'
Settings
» Settings
: Search for YAML:Schemas
.
Click: Edit in settings.json
Configure the following in yaml.schemas
"https://raw.githubusercontent.com/terraform-cisco-modules/easy-aci-complete/main/yaml_schemas/easy_aci.json": [ "easy-aci-complete/*/*.yaml", "easy-aci-complete/*/*/*/*.yaml" ]
apic_password
with the value of [your-apic-password] and sensitive set to truendo_password
with the value of [your-ndo-password] and sensitive set to truetfenv
Command line utility to transform environment variables for use with Terraform. (e.g. HOSTNAME → TF_VAR_hostname)
Recently I adopted the tfenv
runner to standardize environment variables with multiple orchestration tools. tfenv makes it so you don't need to add TF_VAR_ to the variables when you add them to the environment. But it doesn't work for windows would be the caveat.
In the export examples below, for the Linux Example, the 'TF_VAR_' is excluded because Cloud Posse tfenv is used to insert it during the run.
.bashrc
Additionally to Save time on typing commands I use the following aliases by editing the .bashrc
for my environment.
alias tfa='tfenv terraform apply main.plan' alias tfap='tfenv terraform apply -parallelism=1 main.plan' alias tfd='terraform destroy' alias tff='terraform fmt' alias tfi='terraform init' alias tfp='tfenv terraform plan -out=main.plan' alias tfu='terraform init -upgrade' alias tfv='terraform validate'
tfenv
in LINUXPassword Authentication
export apic_password='<your-apic-password>'
Certificate Authentication
export certificate_name='<your-certificate_name>' export private_key='<your-private_key>'
$env:TF_VAR_apic_password='<your-apic-password>'
export ndo_password='<your-ndo-password>'
$env:TF_VAR_ndo_password='<your-ndo-password>'
export mcp_instance_key='<mcp_instance_key>'
export vmm_password='<vmm_password>'
$env:TF_VAR_mcp_instance_key='<mcp_instance_key>'
$env:TF_VAR_vmm_password='<vmm_password>'
export remote_password='<remote_password>'
export ssh_key_contents='<ssh_key_contents>' export ssh_key_passphrase='<ssh_key_passphrase>'
$env:TF_VAR_remote_password='<remote_password>'
$env:TF_VAR_ssh_key_contents='<ssh_key_contents>' $env:TF_VAR_ssh_key_passphrase='<ssh_key_passphrase>'
export radius_key='<radius_key>'
export radius_monitoring_password='<radius_monitoring_password>'
$env:TF_VAR_radius_key='<radius_key>'
$env:TF_VAR_radius_monitoring_password='<radius_monitoring_password>'
export smtp_password='<smtp_password>'
$env:TF_VAR_smtp_password='<smtp_password>'
export tacacs_key='<tacacs_key>' export tacacs_monitoring_password='<tacacs_monitoring_password>'
$env:TF_VAR_tacacs_key='<tacacs_key>' $env:TF_VAR_tacacs_monitoring_password='<tacacs_monitoring_password>'
Note that ntp_key, snmp_authorization, snmp_community, snmp_privacy_key have multiple instances. This is only in the event you need multiple values for each variable. If only one value is needed only define one value in the export.
export ntp_key_1='<ntp_key_1>'
export ntp_key_2='<ntp_key_2>'
export ntp_key_3='<ntp_key_3>'
export ntp_key_4='<ntp_key_4>'
export ntp_key_5='<ntp_key_5>'
export snmp_community_1='<snmp_community_1>'
export snmp_community_2='<snmp_community_2>'
export snmp_community_3='<snmp_community_3>'
export snmp_community_4='<snmp_community_4>'
export snmp_community_5='<snmp_community_5>'
export snmp_authorization_key_1='<snmp_authorization_key_1>'
export snmp_authorization_key_2='<snmp_authorization_key_2>'
export snmp_authorization_key_3='<snmp_authorization_key_3>'
export snmp_authorization_key_4='<snmp_authorization_key_4>'
export snmp_authorization_key_5='<snmp_authorization_key_5>'
export snmp_privacy_key_1='<snmp_privacy_key_1>'
export snmp_privacy_key_2='<snmp_privacy_key_2>'
export snmp_privacy_key_3='<snmp_privacy_key_3>'
export snmp_privacy_key_4='<snmp_privacy_key_4>'
export snmp_privacy_key_5='<snmp_privacy_key_5>'
Global AES Passphrase Encryption Settings
export aes_passphrase='<aes_passphrase>'
export aws_secret_key='<aws_secret_key>'
export azure_client_secret='<azure_client_secret>'
export bgp_password_1='<bgp_password_1>'
export bgp_password_2='<bgp_password_2>'
export bgp_password_3='<bgp_password_3>'
export bgp_password_4='<bgp_password_4>'
export bgp_password_5='<bgp_password_5>'
export ospf_key_1='<ospf_key_1>'
export ospf_key_2='<ospf_key_2>'
export ospf_key_3='<ospf_key_3>'
export ospf_key_4='<ospf_key_4>'
export ospf_key_5='<ospf_key_5>'
export vrf_snmp_community_1='<vrf_snmp_community_1>'
export vrf_snmp_community_2='<vrf_snmp_community_2>'
export vrf_snmp_community_3='<vrf_snmp_community_3>'
export vrf_snmp_community_4='<vrf_snmp_community_4>'
export vrf_snmp_community_5='<vrf_snmp_community_5>'
Name | Version |
---|---|
terraform | >= 1.3.0 |
aci | 2.9.0 |
mso | 0.11.0 |
utils | 0.2.5 |
Name | Version |
---|---|
utils | 0.2.5 |
Name | Source | Version |
---|---|---|
access | terraform-cisco-modules/access/aci | 2.1.7 |
admin | terraform-cisco-modules/admin/aci | 2.1.7 |
built_in_tenants | terraform-cisco-modules/tenants/aci | 2.2.0 |
fabric | terraform-cisco-modules/fabric/aci | 2.1.7 |
switch | terraform-cisco-modules/switch/aci | 2.1.7 |
system_settings | terraform-cisco-modules/system-settings/aci | 2.1.7 |
tenants | terraform-cisco-modules/tenants/aci | 2.2.0 |
When the Data is merged from the YAML files, it will run through the modules using for_each loop(s). Sensitive Variables cannot be added to a for_each loop, instead use the variables below to add sensitive values for policies.
Name | Description | Type | Default | Required |
---|---|---|---|---|
apic_hostname | Cisco APIC Hostname | string |
"apic.example.com" |
no |
apic_password | Password for User based Authentication. | string |
"dummydummy" |
no |
apic_user | Username for User based Authentication. | string |
"admin" |
no |
certificate_name | Cisco ACI Certificate Name for SSL Based Authentication | string |
"" |
no |
private_key | Cisco ACI Private Key for SSL Based Authentication. | string |
"" |
no |
apic_version | The Version of ACI Running in the Environment. | string |
"5.2(4e)" |
no |
ndo_domain | Default is local . Authentication Domain for Nexus Dashboard Orchestrator Authentication. Only required if the Auhthenciation domain is not local. |
string |
"local" |
no |
ndo_hostname | Cisco Nexus Dashboard Orchestrator Hostname | string |
"ndo.example.com" |
no |
ndo_password | Password for Nexus Dashboard Orchestrator Authentication. | string |
"dummydummy" |
no |
ndo_user | Username for Nexus Dashboard Orchestrator Authentication. | string |
"admin" |
no |
ndo_version | The Version of Nexus Dashboard Orchestrator Running in the Environment. | string |
"5.2(1g)" |
no |
annotation | Depricated. Removing from Module. | string |
"orchestrator:terraform" |
no |
annotations | The Version of this Script. | list(object( |
[ |
no |
controller_type | The Type of Controller for this Site. - apic - ndo |
string |
"apic" |
no |
management_epgs | The Management EPG's that will be used by the script. - name: Name of the EPG - type: Type of EPG * inb * oob |
list(object( |
[ |
no |
mcp_instance_key | The key or password to uniquely identify the MCP packets within this fabric. | string |
"" |
no |
radius_key | RADIUS Key. | string |
"" |
no |
radius_monitoring_password | RADIUS Monitoring Password. | string |
"" |
no |
tacacs_key | TACACS Key. | string |
"" |
no |
tacacs_monitoring_password | TACACS Monitoring Password. | string |
"" |
no |
smtp_password | Password to use if Secure SMTP is enabled for the Smart CallHome Destination Group Mail Server. | string |
"" |
no |
remote_password | Remote Host Password. | string |
"" |
no |
ssh_key_contents | SSH Private Key Based Authentication Contents. | string |
"" |
no |
ssh_key_passphrase | SSH Private Key Based Authentication Passphrase. | string |
"" |
no |
apic_certificate_1 | APIC Certificate 1. | string |
"blah.txt" |
no |
apic_certificate_2 | APIC Certificate 2. | string |
"blah.txt" |
no |
apic_intermediate_plus_root_ca_1 | Intermediate and Root CA Certificate 1. | string |
"blah.txt" |
no |
apic_intermediate_plus_root_ca_2 | Intermediate and Root CA Certificate 2. | string |
"blah.txt" |
no |
apic_private_key_1 | APIC Private Key 1. | string |
"blah.txt" |
no |
apic_private_key_2 | APIC Private Key 2. | string |
"blah.txt" |
no |
ntp_key_1 | Key Assigned to NTP id 1. | string |
"" |
no |
ntp_key_2 | Key Assigned to NTP id 2. | string |
"" |
no |
ntp_key_3 | Key Assigned to NTP id 3. | string |
"" |
no |
ntp_key_4 | Key Assigned to NTP id 4. | string |
"" |
no |
ntp_key_5 | Key Assigned to NTP id 5. | string |
"" |
no |
snmp_authorization_key_1 | SNMP Authorization Key 1. | string |
"" |
no |
snmp_authorization_key_2 | SNMP Authorization Key 2. | string |
"" |
no |
snmp_authorization_key_3 | SNMP Authorization Key 3. | string |
"" |
no |
snmp_authorization_key_4 | SNMP Authorization Key 4. | string |
"" |
no |
snmp_authorization_key_5 | SNMP Authorization Key 5. | string |
"" |
no |
snmp_community_1 | SNMP Community 1. | string |
"" |
no |
snmp_community_2 | SNMP Community 2. | string |
"" |
no |
snmp_community_3 | SNMP Community 3. | string |
"" |
no |
snmp_community_4 | SNMP Community 4. | string |
"" |
no |
snmp_community_5 | SNMP Community 5. | string |
"" |
no |
snmp_privacy_key_1 | SNMP Privacy Key 1. | string |
"" |
no |
snmp_privacy_key_2 | SNMP Privacy Key 2. | string |
"" |
no |
snmp_privacy_key_3 | SNMP Privacy Key 3. | string |
"" |
no |
snmp_privacy_key_4 | SNMP Privacy Key 4. | string |
"" |
no |
snmp_privacy_key_5 | SNMP Privacy Key 5. | string |
"" |
no |
aes_passphrase | Global AES Passphrase. | string |
"" |
no |
vmm_password | Password for VMM Credentials Policy. | string |
"" |
no |
aws_secret_key | AWS Secret Key Id. It must be provided if the AWS account is not trusted. This parameter will only have effect with vendor = aws. | string |
"" |
no |
azure_client_secret | Azure Client Secret. It must be provided when azure_access_type to credentials. This parameter will only have effect with vendor = azure. | string |
"1" |
no |
bgp_password_1 | BGP Password 1. | string |
"" |
no |
bgp_password_2 | BGP Password 2. | string |
"" |
no |
bgp_password_3 | BGP Password 3. | string |
"" |
no |
bgp_password_4 | BGP Password 4. | string |
"" |
no |
bgp_password_5 | BGP Password 5. | string |
"" |
no |
ospf_key_1 | OSPF Key 1. | string |
"" |
no |
ospf_key_2 | OSPF Key 2. | string |
"" |
no |
ospf_key_3 | OSPF Key 3. | string |
"" |
no |
ospf_key_4 | OSPF Key 4. | string |
"" |
no |
ospf_key_5 | OSPF Key 5. | string |
"" |
no |
vrf_snmp_community_1 | SNMP Community 1. | string |
"" |
no |
vrf_snmp_community_2 | SNMP Community 2. | string |
"" |
no |
vrf_snmp_community_3 | SNMP Community 3. | string |
"" |
no |
vrf_snmp_community_4 | SNMP Community 4. | string |
"" |
no |
vrf_snmp_community_5 | SNMP Community 5. | string |
"" |
no |
Name | Description |
---|---|
access | Access module outputs. |
admin | Admin module outputs. |
built_in_tenants | Built-In Tenants module outputs (common|infra|mgmt). |
fabric | Fabric module outputs. |
switch | Switch module outputs. |
system_settings | System Settings module outputs. |
tenants | Tenants module outputs. |
If you want to see documentation on Variables for Submodules use the links below:
Owner
Contributors
Categories
Products
Application Centric Infrastructure (ACI)Nexus DashboardProgramming Languages
HCLLicense
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View Community