A Terraform module to configure ACI.
This module is part of the Cisco Nexus-as-Code project. Its goal is to allow users to instantiate network fabrics in minutes using an easy to use, opinionated data model. It takes away the complexity of having to deal with references, dependencies or loops. By completely separating data (defining variables) from logic (infrastructure declaration), it allows the user to focus on describing the intended configuration while using a set of maintained and tested Terraform Modules without the need to understand the low-level ACI object model. More information can be found here: https://cisco.com/go/nexusascode.
A comprehensive example using this module is available here: https://github.com/netascode/nac-aci-comprehensive-example
This module supports an inventory driven approach, where a complete ACI configuration or parts of it are either modeled in one or more YAML files or natively using Terraform variables.
There are six configuration sections which can be selectively enabled or disabled using module flags:
fabric_policies: Configurations applied at the fabric level (e.g., fabric BGP route reflectors)access_policies: Configurations applied to external facing (downlink) interfaces (e.g., VLAN pools)pod_policies: Configurations applied at the pod level (e.g., TEP pool addresses)node_policies: Configurations applied at the node level (e.g., OOB node management address)interface_policies: Configurations applied at the interface level (e.g., assigning interface policy groups to physical ports)tenants: Configurations applied at the tenant level (e.g., VRFs and Bridge Domains)
The full data model documentation is available here: https://developer.cisco.com/docs/nexus-as-code/#!data-model
Configuring a VLAN Pool using YAML:
apic:
access_policies:
vlan_pools:
- name: VLAN_POOL_1
ranges:
- from: 1000
to: 1099module "vlan_pool" {
source = "netascode/nac-aci/aci"
version = ">= 0.7.0"
yaml_files = ["vlan_pool.yaml"]
manage_access_policies = true
}Configuring a Banner using native HCL:
module "banner" {
source = "netascode/nac-aci/aci"
version = ">= 0.7.0"
model = {
apic = {
fabric_policies = {
banners = {
apic_cli_banner = "My APIC Banner"
}
}
}
}
manage_fabric_policies = true
}Additional example repositories:
- https://github.com/netascode/nac-aci-simple-example
- https://github.com/netascode/nac-aci-comprehensive-example
| Name | Version |
|---|---|
| terraform | >= 1.3.0 |
| aci | >= 2.6.1 |
| local | >= 2.3.0 |
| utils | >= 0.2.5 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| manage_access_policies | Flag to indicate if access policies should be managed. | bool |
false |
no |
| manage_fabric_policies | Flag to indicate if fabric policies should be managed. | bool |
false |
no |
| manage_interface_policies | Flag to indicate if interface policies should be managed. | bool |
false |
no |
| manage_node_policies | Flag to indicate if node policies should be managed. | bool |
false |
no |
| manage_pod_policies | Flag to indicate if pod policies should be managed. | bool |
false |
no |
| manage_tenants | Flag to indicate if tenants should be managed. | bool |
false |
no |
| managed_interface_policies_nodes | List of node IDs for which interface policies should be managed. By default interface policies for all nodes will be managed. | list(number) |
[] |
no |
| managed_tenants | List of tenant names to be managed. By default all tenants will be managed. | list(string) |
[] |
no |
| model | As an alternative to YAML files, a native Terraform data structure can be provided as well. | map(any) |
{} |
no |
| write_default_values_file | Write all default values to a YAML file. Value is a path pointing to the file to be created. | string |
"" |
no |
| yaml_directories | List of paths to YAML directories. | list(string) |
[] |
no |
| yaml_files | List of paths to YAML files. | list(string) |
[] |
no |
| Name | Description |
|---|---|
| default_values | All default values. |
| model | Full model. |
| Name | Version |
|---|---|
| local | >= 2.3.0 |
| utils | >= 0.2.5 |
| Name | Type |
|---|---|
| local_sensitive_file.defaults | resource |
| utils_yaml_merge.defaults | data source |
| utils_yaml_merge.model | data source |
| utils_yaml_merge.modules | data source |
| Name | Source | Version |
|---|---|---|
| aci_aaa | netascode/aaa/aci | 0.1.0 |
| aci_aaep | netascode/aaep/aci | 0.2.0 |
| aci_access_fex_interface_profile_auto | netascode/access-fex-interface-profile/aci | 0.1.0 |
| aci_access_fex_interface_profile_manual | netascode/access-fex-interface-profile/aci | 0.1.0 |
| aci_access_fex_interface_selector_auto | netascode/access-fex-interface-selector/aci | 0.2.0 |
| aci_access_fex_interface_selector_manual | netascode/access-fex-interface-selector/aci | 0.2.0 |
| aci_access_leaf_interface_policy_group | netascode/access-leaf-interface-policy-group/aci | 0.1.4 |
| aci_access_leaf_interface_profile_auto | netascode/access-leaf-interface-profile/aci | 0.1.0 |
| aci_access_leaf_interface_profile_manual | netascode/access-leaf-interface-profile/aci | 0.1.0 |
| aci_access_leaf_interface_selector_auto | netascode/access-leaf-interface-selector/aci | 0.2.1 |
| aci_access_leaf_interface_selector_manual | netascode/access-leaf-interface-selector/aci | 0.2.1 |
| aci_access_leaf_interface_selector_sub_auto | netascode/access-leaf-interface-selector/aci | 0.2.1 |
| aci_access_leaf_switch_policy_group | netascode/access-leaf-switch-policy-group/aci | 0.1.0 |
| aci_access_leaf_switch_profile_auto | netascode/access-leaf-switch-profile/aci | 0.2.0 |
| aci_access_leaf_switch_profile_manual | netascode/access-leaf-switch-profile/aci | 0.2.0 |
| aci_access_span_destination_group | netascode/access-span-destination-group/aci | 0.1.3 |
| aci_access_span_filter_group | netascode/access-span-filter-group/aci | 0.1.2 |
| aci_access_span_source_group | netascode/access-span-source-group/aci | 0.1.0 |
| aci_access_spine_interface_policy_group | netascode/access-spine-interface-policy-group/aci | 0.1.0 |
| aci_access_spine_interface_profile_auto | netascode/access-spine-interface-profile/aci | 0.1.0 |
| aci_access_spine_interface_profile_manual | netascode/access-spine-interface-profile/aci | 0.1.0 |
| aci_access_spine_interface_selector_auto | netascode/access-spine-interface-selector/aci | 0.2.0 |
| aci_access_spine_interface_selector_manual | netascode/access-spine-interface-selector/aci | 0.2.0 |
| aci_access_spine_switch_policy_group | netascode/access-spine-switch-policy-group/aci | 0.1.0 |
| aci_access_spine_switch_profile_auto | netascode/access-spine-switch-profile/aci | 0.2.1 |
| aci_access_spine_switch_profile_manual | netascode/access-spine-switch-profile/aci | 0.2.1 |
| aci_apic_connectivity_preference | netascode/apic-connectivity-preference/aci | 0.1.0 |
| aci_application_profile | netascode/application-profile/aci | 0.1.0 |
| aci_banner | netascode/banner/aci | 0.1.1 |
| aci_bfd_interface_policy | netascode/bfd-interface-policy/aci | 0.1.0 |
| aci_bfd_multihop_node_policy | netascode/bfd-multihop-node-policy/aci | 0.1.0 |
| aci_bgp_address_family_context_policy | netascode/bgp-address-family-context-policy/aci | 0.1.1 |
| aci_bgp_best_path_policy | netascode/bgp-best-path-policy/aci | 0.1.0 |
| aci_bgp_peer_prefix_policy | netascode/bgp-peer-prefix-policy/aci | 0.1.0 |
| aci_bgp_policy | netascode/bgp-policy/aci | 0.2.0 |
| aci_bgp_timer_policy | netascode/bgp-timer-policy/aci | 0.1.0 |
| aci_bridge_domain | netascode/bridge-domain/aci | 0.2.2 |
| aci_ca_certificate | netascode/ca-certificate/aci | 0.1.0 |
| aci_cdp_policy | netascode/cdp-policy/aci | 0.1.0 |
| aci_config_export | netascode/config-export/aci | 0.1.1 |
| aci_config_passphrase | netascode/config-passphrase/aci | 0.1.1 |
| aci_contract | netascode/contract/aci | 0.2.2 |
| aci_coop_policy | netascode/coop-policy/aci | 0.1.0 |
| aci_date_time_format | netascode/date-time-format/aci | 0.1.0 |
| aci_date_time_policy | netascode/date-time-policy/aci | 0.2.2 |
| aci_device_selection_policy | netascode/device-selection-policy/aci | 0.1.1 |
| aci_dhcp_option_policy | netascode/dhcp-option-policy/aci | 0.2.0 |
| aci_dhcp_relay_policy | netascode/dhcp-relay-policy/aci | 0.2.0 |
| aci_dns_policy | netascode/dns-policy/aci | 0.2.0 |
| aci_endpoint_group | netascode/endpoint-group/aci | 0.2.10 |
| aci_endpoint_loop_protection | netascode/endpoint-loop-protection/aci | 0.1.0 |
| aci_endpoint_security_group | netascode/endpoint-security-group/aci | 0.2.5 |
| aci_error_disabled_recovery | netascode/error-disabled-recovery/aci | 0.1.0 |
| aci_external_connectivity_policy | netascode/external-connectivity-policy/aci | 0.2.1 |
| aci_external_endpoint_group | netascode/external-endpoint-group/aci | 0.2.2 |
| aci_fabric_isis_bfd | netascode/fabric-isis-bfd/aci | 0.1.0 |
| aci_fabric_isis_policy | netascode/fabric-isis-policy/aci | 0.1.0 |
| aci_fabric_l2_mtu | netascode/fabric-l2-mtu/aci | 0.1.0 |
| aci_fabric_leaf_interface_profile_auto | netascode/fabric-leaf-interface-profile/aci | 0.1.0 |
| aci_fabric_leaf_interface_profile_manual | netascode/fabric-leaf-interface-profile/aci | 0.1.0 |
| aci_fabric_leaf_switch_policy_group | netascode/fabric-leaf-switch-policy-group/aci | 0.1.0 |
| aci_fabric_leaf_switch_profile_auto | netascode/fabric-leaf-switch-profile/aci | 0.2.0 |
| aci_fabric_leaf_switch_profile_manual | netascode/fabric-leaf-switch-profile/aci | 0.2.0 |
| aci_fabric_pod_policy_group | netascode/fabric-pod-policy-group/aci | 0.1.1 |
| aci_fabric_pod_profile_auto | netascode/fabric-pod-profile/aci | 0.2.1 |
| aci_fabric_pod_profile_manual | netascode/fabric-pod-profile/aci | 0.2.1 |
| aci_fabric_scheduler | netascode/fabric-scheduler/aci | 0.2.0 |
| aci_fabric_span_destination_group | netascode/fabric-span-destination-group/aci | 0.1.1 |
| aci_fabric_span_source_group | netascode/fabric-span-source-group/aci | 0.1.1 |
| aci_fabric_spine_interface_profile_auto | netascode/fabric-spine-interface-profile/aci | 0.1.0 |
| aci_fabric_spine_interface_profile_manual | netascode/fabric-spine-interface-profile/aci | 0.1.0 |
| aci_fabric_spine_switch_policy_group | netascode/fabric-spine-switch-policy-group/aci | 0.1.0 |
| aci_fabric_spine_switch_profile_auto | netascode/fabric-spine-switch-profile/aci | 0.2.0 |
| aci_fabric_spine_switch_profile_manual | netascode/fabric-spine-switch-profile/aci | 0.2.0 |
| aci_fabric_wide_settings | netascode/fabric-wide-settings/aci | 0.1.1 |
| aci_filter | netascode/filter/aci | 0.2.1 |
| aci_firmware_group | netascode/firmware-group/aci | 0.1.0 |
| aci_forwarding_scale_policy | netascode/forwarding-scale-policy/aci | 0.1.0 |
| aci_geolocation | netascode/geolocation/aci | 0.2.0 |
| aci_health_score_evaluation_policy | netascode/health-score-evaluation-policy/aci | 0.1.0 |
| aci_igmp_interface_policy | netascode/igmp-interface-policy/aci | 0.1.1 |
| aci_igmp_snooping_policy | netascode/igmp-snooping-policy/aci | 0.1.0 |
| aci_imported_contract | netascode/imported-contract/aci | 0.1.0 |
| aci_inband_endpoint_group | netascode/inband-endpoint-group/aci | 0.1.2 |
| aci_inband_node_address | netascode/inband-node-address/aci | 0.2.0 |
| aci_infra_dscp_translation_policy | netascode/infra-dscp-translation-policy/aci | 0.1.0 |
| aci_interface_type | netascode/interface-type/aci | 0.1.0 |
| aci_ip_aging | netascode/ip-aging/aci | 0.1.0 |
| aci_ip_sla_policy | netascode/ip-sla-policy/aci | 0.1.0 |
| aci_keyring | netascode/keyring/aci | 0.1.1 |
| aci_l2_mtu_policy | netascode/l2-mtu-policy/aci | 0.1.0 |
| aci_l2_policy | netascode/l2-policy/aci | 0.1.1 |
| aci_l3out | netascode/l3out/aci | 0.2.5 |
| aci_l3out_interface_profile_auto | netascode/l3out-interface-profile/aci | 0.2.10 |
| aci_l3out_interface_profile_manual | netascode/l3out-interface-profile/aci | 0.2.10 |
| aci_l3out_node_profile_auto | netascode/l3out-node-profile/aci | 0.2.7 |
| aci_l3out_node_profile_manual | netascode/l3out-node-profile/aci | 0.2.7 |
| aci_l4l7_device | netascode/l4l7-device/aci | 0.2.3 |
| aci_ldap | netascode/ldap/aci | 0.1.0 |
| aci_link_level_policy | netascode/link-level-policy/aci | 0.1.1 |
| aci_lldp_policy | netascode/lldp-policy/aci | 0.1.0 |
| aci_login_domain | netascode/login-domain/aci | 0.2.1 |
| aci_maintenance_group | netascode/maintenance-group/aci | 0.1.0 |
| aci_management_access_policy | netascode/management-access-policy/aci | 0.1.0 |
| aci_match_rule | netascode/match-rule/aci | 0.2.1 |
| aci_mcp | netascode/mcp/aci | 0.1.1 |
| aci_mcp_policy | netascode/mcp-policy/aci | 0.1.0 |
| aci_monitoring_policy | netascode/monitoring-policy/aci | 0.2.1 |
| aci_mst_policy | netascode/mst-policy/aci | 0.2.0 |
| aci_multicast_route_map | netascode/multicast-route-map/aci | 0.1.2 |
| aci_node_control_policy | netascode/node-control-policy/aci | 0.1.0 |
| aci_node_registration | netascode/node-registration/aci | 0.1.1 |
| aci_oob_contract | netascode/oob-contract/aci | 0.2.0 |
| aci_oob_endpoint_group | netascode/oob-endpoint-group/aci | 0.1.1 |
| aci_oob_external_management_instance | netascode/oob-external-management-instance/aci | 0.1.0 |
| aci_oob_node_address | netascode/oob-node-address/aci | 0.1.3 |
| aci_ospf_interface_policy | netascode/ospf-interface-policy/aci | 0.1.0 |
| aci_physical_domain | netascode/physical-domain/aci | 0.1.1 |
| aci_pim_policy | netascode/pim-policy/aci | 0.1.1 |
| aci_pod_setup | netascode/pod-setup/aci | 0.1.1 |
| aci_port_channel_member_policy | netascode/port-channel-member-policy/aci | 0.1.0 |
| aci_port_channel_policy | netascode/port-channel-policy/aci | 0.1.0 |
| aci_port_tracking | netascode/port-tracking/aci | 0.1.0 |
| aci_psu_policy | netascode/psu-policy/aci | 0.1.0 |
| aci_ptp | netascode/ptp/aci | 0.1.1 |
| aci_qos | netascode/qos/aci | 0.2.1 |
| aci_qos_policy | netascode/qos-policy/aci | 0.1.3 |
| aci_redirect_backup_policy | netascode/redirect-backup-policy/aci | 0.1.0 |
| aci_redirect_health_group | netascode/redirect-health-group/aci | 0.1.0 |
| aci_redirect_policy | netascode/redirect-policy/aci | 0.2.1 |
| aci_remote_location | netascode/remote-location/aci | 0.1.1 |
| aci_rogue_endpoint_control | netascode/rogue-endpoint-control/aci | 0.1.0 |
| aci_route_control_route_map | netascode/route-control-route-map/aci | 0.1.1 |
| aci_route_tag_policy | netascode/route-tag-policy/aci | 0.1.0 |
| aci_routed_domain | netascode/routed-domain/aci | 0.1.1 |
| aci_service_epg_policy | netascode/service-epg-policy/aci | 0.1.0 |
| aci_service_graph_template | netascode/service-graph-template/aci | 0.1.0 |
| aci_set_rule | netascode/set-rule/aci | 0.2.2 |
| aci_smart_licensing | netascode/smart-licensing/aci | 0.1.2 |
| aci_snmp_policy | netascode/snmp-policy/aci | 0.2.2 |
| aci_snmp_trap_policy | netascode/snmp-trap-policy/aci | 0.2.1 |
| aci_spanning_tree_policy | netascode/spanning-tree-policy/aci | 0.1.0 |
| aci_sr_mpls_external_endpoint_group | netascode/external-endpoint-group/aci | 0.2.2 |
| aci_sr_mpls_l3out | netascode/l3out/aci | 0.2.5 |
| aci_sr_mpls_l3out_interface_profile_manual | netascode/l3out-interface-profile/aci | 0.2.10 |
| aci_sr_mpls_l3out_node_profile_manual | netascode/l3out-node-profile/aci | 0.2.7 |
| aci_storm_control_policy | netascode/storm-control-policy/aci | 0.1.0 |
| aci_syslog_policy | netascode/syslog-policy/aci | 0.2.1 |
| aci_system_global_gipo | netascode/system-global-gipo/aci | 0.1.0 |
| aci_tacacs | netascode/tacacs/aci | 0.1.1 |
| aci_tenant | netascode/tenant/aci | 0.1.1 |
| aci_tenant_span_destination_group | netascode/tenant-span-destination-group/aci | 0.1.1 |
| aci_tenant_span_source_group | netascode/tenant-span-source-group/aci | 0.1.0 |
| aci_trust_control_policy | netascode/trust-control-policy/aci | 0.1.0 |
| aci_user | netascode/user/aci | 0.2.1 |
| aci_vlan_pool | netascode/vlan-pool/aci | 0.2.2 |
| aci_vmware_vmm_domain | netascode/vmware-vmm-domain/aci | 0.2.5 |
| aci_vpc_group | netascode/vpc-group/aci | 0.2.0 |
| aci_vpc_policy | netascode/vpc-policy/aci | 0.1.0 |
| aci_vrf | netascode/vrf/aci | 0.2.4 |
| aci_vspan_destination_group | netascode/vspan-destination-group/aci | 0.1.1 |
| aci_vspan_session | netascode/vspan-session/aci | 0.1.0 |