ansible-tower-aci

Ansible Collection for use with Cisco ACI, focused on the use of Ansible Tower.

Available on Ansible Galaxy as a Collection: zjpeterson.aci

For best experience, read this documentation on GitHub Pages.

A walkthrough of aci_inventory can be found on the Ansible Blog.

Please reference the full documentation README files and the examples under examples/.

Plugin	Description
aci_inventory	Builds an Ansible inventory of the physical hardware involved in the associated ACI fabric.

Please reference the full documentation README files and the example playbooks under playbooks/.

Role	Description
aci_tower_credential_type	Creates an Ansible Tower Credential Type for Cisco ACI.
aci_aaa_user_security	Creates/maintains an APIC user to use with Ansible, applies desired security roles, updates Tower.
aci_aaa_certificate_rotate	Generates a new x509 certificate + RSA key pair, applies it to an APIC user, updates Tower.

Integration

These pieces fit together. You can, for instance:

Use aci_tower_credential_type to define a Cisco ACI credential type in Tower
Use aci_aaa_user_security to create an APIC user to manage other APIC users, and store the password in Tower
Use aci_aaa_user_security on a schedule to keep the password rotated, if that's a requirement for your organization
Use aci_aaa_user_security again to create an APIC admin user with wider permission to make changes
Use aci_aaa_certificate_rotate to convert the APIC admin user to certificate-based authentication (a best practice)
Use aci_aaa_certificate_rotate on a schedule to keep the certificate rotated, if that's a requirement for your organization
Use aci_inventory with the APIC admin credential to keep Tower current with the physical inventory of your ACI fabric
Use the APIC admin credential to reliably provide cisco.aci modules with login information