The playbooks contained within this repository are examples only. They are intended to illustrate some basic functions against an ACI Fabric utilizing the ACI Ansible Core modules.
To get started right away, I have some purpose built Docker images that are useful for quick tests.
As usual, many of these public playbooks use the DevNet Always On Sandbox devices so you don't even need a lab!
Ansible Server in Docker for Network Engineers
These playbook use the following ACI Modules:
- aci_tenant – Manage tenants (fv:Tenant)
- aci_vrf – Manage contexts or VRFs (fv:Ctx)
- aci_rest – Direct access to the Cisco APIC REST API
REF: Ansible Network Module Index
- aci_lab.yml
-- Basic starter Playbook to Query Tenants in an ACI Fabric - aci_tenant_prompt.yml
-- Basic Playbook which prompts for tenant name and action and then displays all tenants in the ACI Fabric - aci_new_vrf.yml
-- Playbook which queries Tenants and allows user to select the specific Tenant which requires a VRF action (add state=present, remove state=absent, or query (default), performs requested action and queries specified tenant for list of VRfs
Note: These are "works in progress"!
- aci_tenant_query.yml
-- Test Playbook - aci_tenant_query2.yml
-- Test Playbook for tenant interactivce input - all_host_vars.yml
-- Sample Playbook to display all variables for a host defined in the playbook namespace - port_blacklist.yml -- Sample Playbook which takes a payload data YAML file (group_vars/port_blacklist_payload_data.yml), builds the required payload to disable (blacklist) or enable interfaces using a Jinja2 template (templates/int_enable_disable.j2) and pushes that payload to the APIC.
(aci_build) Claudias-iMac:cisco_aci claudia$ tree
.
├── YAML-Payload
├── aci_lab.yml
├── aci_new_vrf.yml
├── aci_rest.yml
├── aci_rest_get.yml
├── aci_tenant_prompt.yml
├── aci_tenant_query.yml
├── aci_tenant_query2.yml
├── all_host_vars.yml
├── ansible.cfg
├── group_vars
│ ├── creds.yml
│ └── port_blacklist_payload_data.yml
├── host_vars
│ └── host_var_directory
├── hosts
├── logs
│ └── output_directory
├── payload
│ └── TEST123-port-blacklist.json
├── port-switch-inspector\ output.log
├── port_blacklist.yml
├── readme.MD
└── templates
├── aci_tenant_report_template.j2
└── int_enable_disable.j2
5 directories, 21 files
(aci_build) Claudias-iMac:cisco_aci claudia$
hosts file
root@0bd4731cb725:/ansible/cisco_aci# cat hosts
[local]
localhost ansible_connection=local
[aci]
sandboxapicdc.cisco.com
root@0bd4731cb725:/ansible/cisco_aci# ansible-playbook -i hosts aci_tenant_prompt.yml
Enter Tenant Name: [LAX_Tenant]: AMS_Tenant
Enter Tenant State (absent | present | query) [query]: present
PLAY [ACI Playbook to Perform User Prompted Action on Tenant] ****************************************************************************************************************
TASK [Set Date] **************************************************************************************************************************************************************
ok: [sandboxapicdc.cisco.com]
TASK [Add, Delete, or Query Tenant AMS_Tenant] *******************************************************************************************************************************
changed: [sandboxapicdc.cisco.com -> localhost]
TASK [debug] *****************************************************************************************************************************************************************
ok: [sandboxapicdc.cisco.com] => {
"tenant_results": {
"changed": true,
"current": [
{
"fvTenant": {
"attributes": {
"descr": "Tenant AMS_Tenant Action present on 2019-02-24 22:00",
"dn": "uni/tn-AMS_Tenant",
"name": "AMS_Tenant",
"nameAlias": "",
"ownerKey": "",
"ownerTag": ""
}
}
}
],
"failed": false
}
}
TASK [Query all tenants] *****************************************************************************************************************************************************
ok: [sandboxapicdc.cisco.com -> localhost]
TASK [Display RAW APIC Results] **********************************************************************************************************************************************
skipping: [sandboxapicdc.cisco.com]
TASK [set_fact] **************************************************************************************************************************************************************
ok: [sandboxapicdc.cisco.com]
TASK [Tenants returned in Query ==>] *****************************************************************************************************************************************
ok: [sandboxapicdc.cisco.com] => {
"tenantlist": [
"common",
"mgmt",
"infra",
"Heroes",
"SnV",
"API_Test",
"production",
"GDL_Tenant",
"Mostafa_Tenant",
"LAX_Tenant",
"AMS_Tenant"
]
}
PLAY RECAP *******************************************************************************************************************************************************************
sandboxapicdc.cisco.com : ok=6 changed=1 unreachable=0 failed=0
root@0bd4731cb725:/ansible/cisco_aci#
The lab environment used for development and initial testing utilizes the DevNet APIC Sandbox.
The Ansible Control System was hosted on a Docker Cotainer for Ansible 2.4 (upgraded to Ansible 2.6 using the pip install command below)
pip install ansible==2.6.8.0
https://hub.docker.com/r/cldeluna/xenial-ansible/
root@0bd4731cb725:/ansible/cisco_wlc# ansible --version
ansible 2.6.8
config file = /ansible/cisco_wlc/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609]
root@0bd4731cb725:/ansible/cisco_wlc#
As of Ansible 2.5 significant changes were introduced to some well established methods (provider, username, password) for connecting to network devices. In short, these new methods allow for consistency in connecting to any type of target be it server or network device. This is good for the many, to be sure, but will result in rework for those of us who have older playbooks. We will also have to keep an eye out on our favorite modules to ascertain when they can support the new constructs.
Top-level connection arguments will be removed in 2.9
Top-level connection arguments like username, host, and password are deprecated and will be removed in version 2.9.
- Using the REST module
- More complicated playbooks with validation
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.