/terraform-aci-nac-aci

Terraform Cisco ACI Nexus-as-Code Module

Primary LanguageHCLApache License 2.0Apache-2.0

Tests

Terraform ACI Nexus-as-Code Module

A Terraform module to configure ACI.

This module is part of the Cisco Nexus-as-Code project. Its goal is to allow users to instantiate network fabrics in minutes using an easy to use, opinionated data model. It takes away the complexity of having to deal with references, dependencies or loops. By completely separating data (defining variables) from logic (infrastructure declaration), it allows the user to focus on describing the intended configuration while using a set of maintained and tested Terraform Modules without the need to understand the low-level ACI object model. More information can be found here: https://cisco.com/go/nexusascode.

A comprehensive example using this module is available here: https://github.com/netascode/nac-aci-comprehensive-example

Usage

This module supports an inventory driven approach, where a complete ACI configuration or parts of it are either modeled in one or more YAML files or natively using Terraform variables.

There are six configuration sections which can be selectively enabled or disabled using module flags:

  • fabric_policies: Configurations applied at the fabric level (e.g., fabric BGP route reflectors)
  • access_policies: Configurations applied to external facing (downlink) interfaces (e.g., VLAN pools)
  • pod_policies: Configurations applied at the pod level (e.g., TEP pool addresses)
  • node_policies: Configurations applied at the node level (e.g., OOB node management address)
  • interface_policies: Configurations applied at the interface level (e.g., assigning interface policy groups to physical ports)
  • tenants: Configurations applied at the tenant level (e.g., VRFs and Bridge Domains)

The full data model documentation is available here: https://developer.cisco.com/docs/nexus-as-code/#!data-model

Examples

Configuring a VLAN Pool using YAML:

vlan_pool.yaml

apic:
  access_policies:
    vlan_pools:
      - name: VLAN_POOL_1
        ranges:
          - from: 1000
            to: 1099

main.tf

module "vlan_pool" {
  source  = "netascode/nac-aci/aci"
  version = ">= 0.7.0"

  yaml_files = ["vlan_pool.yaml"]

  manage_access_policies = true
}

Configuring a Banner using native HCL:

main.tf

module "banner" {
  source  = "netascode/nac-aci/aci"
  version = ">= 0.7.0"

  model = {
    apic = {
      fabric_policies = {
        banners = {
          apic_cli_banner = "My APIC Banner"
        }
      }
    }
  }

  manage_fabric_policies = true
}

Additional example repositories:

Requirements

Name Version
terraform >= 1.3.0
aci >= 2.15.0
local >= 2.3.0
utils >= 0.2.5

Inputs

Name Description Type Default Required
manage_access_policies Flag to indicate if access policies should be managed. bool false no
manage_fabric_policies Flag to indicate if fabric policies should be managed. bool false no
manage_interface_policies Flag to indicate if interface policies should be managed. bool false no
manage_node_policies Flag to indicate if node policies should be managed. bool false no
manage_pod_policies Flag to indicate if pod policies should be managed. bool false no
manage_tenants Flag to indicate if tenants should be managed. bool false no
managed_interface_policies_nodes List of node IDs for which interface policies should be managed. By default interface policies for all nodes will be managed. list(number) [] no
managed_tenants List of tenant names to be managed. By default all tenants will be managed. list(string) [] no
model As an alternative to YAML files, a native Terraform data structure can be provided as well. map(any) {} no
write_default_values_file Write all default values to a YAML file. Value is a path pointing to the file to be created. string "" no
yaml_directories List of paths to YAML directories. list(string) [] no
yaml_files List of paths to YAML files. list(string) [] no

Outputs

Name Description
default_values All default values.
model Full model.

Providers

Name Version
local >= 2.3.0
utils >= 0.2.5

Resources

Name Type
local_sensitive_file.defaults resource
utils_yaml_merge.defaults data source
utils_yaml_merge.model data source
utils_yaml_merge.modules data source

Modules

Name Source Version
aci_aaa ./modules/terraform-aci-aaa n/a
aci_aaep ./modules/terraform-aci-aaep n/a
aci_access_fex_interface_profile_auto ./modules/terraform-aci-access-fex-interface-profile n/a
aci_access_fex_interface_profile_manual ./modules/terraform-aci-access-fex-interface-profile n/a
aci_access_fex_interface_selector_auto ./modules/terraform-aci-access-fex-interface-selector n/a
aci_access_fex_interface_selector_manual ./modules/terraform-aci-access-fex-interface-selector n/a
aci_access_leaf_interface_policy_group ./modules/terraform-aci-access-leaf-interface-policy-group n/a
aci_access_leaf_interface_profile_auto ./modules/terraform-aci-access-leaf-interface-profile n/a
aci_access_leaf_interface_profile_manual ./modules/terraform-aci-access-leaf-interface-profile n/a
aci_access_leaf_interface_selector_auto ./modules/terraform-aci-access-leaf-interface-selector n/a
aci_access_leaf_interface_selector_manual ./modules/terraform-aci-access-leaf-interface-selector n/a
aci_access_leaf_interface_selector_sub_auto ./modules/terraform-aci-access-leaf-interface-selector n/a
aci_access_leaf_switch_configuration ./modules/terraform-aci-switch-configuration n/a
aci_access_leaf_switch_policy_group ./modules/terraform-aci-access-leaf-switch-policy-group n/a
aci_access_leaf_switch_profile_auto ./modules/terraform-aci-access-leaf-switch-profile n/a
aci_access_leaf_switch_profile_manual ./modules/terraform-aci-access-leaf-switch-profile n/a
aci_access_span_destination_group ./modules/terraform-aci-access-span-destination-group n/a
aci_access_span_filter_group ./modules/terraform-aci-access-span-filter-group n/a
aci_access_span_source_group ./modules/terraform-aci-access-span-source-group n/a
aci_access_spine_interface_policy_group ./modules/terraform-aci-access-spine-interface-policy-group n/a
aci_access_spine_interface_profile_auto ./modules/terraform-aci-access-spine-interface-profile n/a
aci_access_spine_interface_profile_manual ./modules/terraform-aci-access-spine-interface-profile n/a
aci_access_spine_interface_selector_auto ./modules/terraform-aci-access-spine-interface-selector n/a
aci_access_spine_interface_selector_manual ./modules/terraform-aci-access-spine-interface-selector n/a
aci_access_spine_switch_configuration ./modules/terraform-aci-switch-configuration n/a
aci_access_spine_switch_policy_group ./modules/terraform-aci-access-spine-switch-policy-group n/a
aci_access_spine_switch_profile_auto ./modules/terraform-aci-access-spine-switch-profile n/a
aci_access_spine_switch_profile_manual ./modules/terraform-aci-access-spine-switch-profile n/a
aci_apic_connectivity_preference ./modules/terraform-aci-apic-connectivity-preference n/a
aci_application_profile ./modules/terraform-aci-application-profile n/a
aci_banner ./modules/terraform-aci-banner n/a
aci_bfd_interface_policy ./modules/terraform-aci-bfd-interface-policy n/a
aci_bfd_ipv4_policy ./modules/terraform-aci-bfd-policy n/a
aci_bfd_ipv6_policy ./modules/terraform-aci-bfd-policy n/a
aci_bfd_multihop_node_policy ./modules/terraform-aci-bfd-multihop-node-policy n/a
aci_bgp_address_family_context_policy ./modules/terraform-aci-bgp-address-family-context-policy n/a
aci_bgp_best_path_policy ./modules/terraform-aci-bgp-best-path-policy n/a
aci_bgp_peer_prefix_policy ./modules/terraform-aci-bgp-peer-prefix-policy n/a
aci_bgp_policy ./modules/terraform-aci-bgp-policy n/a
aci_bgp_route_summarization_policy ./modules/terraform-aci-bgp-route-summarization-policy n/a
aci_bgp_timer_policy ./modules/terraform-aci-bgp-timer-policy n/a
aci_bridge_domain ./modules/terraform-aci-bridge-domain n/a
aci_ca_certificate ./modules/terraform-aci-ca-certificate n/a
aci_cdp_policy ./modules/terraform-aci-cdp-policy n/a
aci_config_export ./modules/terraform-aci-config-export n/a
aci_config_passphrase ./modules/terraform-aci-config-passphrase n/a
aci_contract ./modules/terraform-aci-contract n/a
aci_coop_policy ./modules/terraform-aci-coop-policy n/a
aci_date_time_format ./modules/terraform-aci-date-time-format n/a
aci_date_time_policy ./modules/terraform-aci-date-time-policy n/a
aci_device_selection_policy ./modules/terraform-aci-device-selection-policy n/a
aci_dhcp_option_policy ./modules/terraform-aci-dhcp-option-policy n/a
aci_dhcp_relay_policy ./modules/terraform-aci-dhcp-relay-policy n/a
aci_dns_policy ./modules/terraform-aci-dns-policy n/a
aci_eigrp_interface_policy ./modules/terraform-aci-eigrp-interface-policy n/a
aci_endpoint_group ./modules/terraform-aci-endpoint-group n/a
aci_endpoint_loop_protection ./modules/terraform-aci-endpoint-loop-protection n/a
aci_endpoint_security_group ./modules/terraform-aci-endpoint-security-group n/a
aci_error_disabled_recovery ./modules/terraform-aci-error-disabled-recovery n/a
aci_external_connectivity_policy ./modules/terraform-aci-external-connectivity-policy n/a
aci_external_endpoint_group ./modules/terraform-aci-external-endpoint-group n/a
aci_fabric_isis_bfd ./modules/terraform-aci-fabric-isis-bfd n/a
aci_fabric_isis_policy ./modules/terraform-aci-fabric-isis-policy n/a
aci_fabric_l2_mtu ./modules/terraform-aci-fabric-l2-mtu n/a
aci_fabric_leaf_interface_profile_auto ./modules/terraform-aci-fabric-leaf-interface-profile n/a
aci_fabric_leaf_interface_profile_manual ./modules/terraform-aci-fabric-leaf-interface-profile n/a
aci_fabric_leaf_switch_configuration ./modules/terraform-aci-switch-configuration n/a
aci_fabric_leaf_switch_policy_group ./modules/terraform-aci-fabric-leaf-switch-policy-group n/a
aci_fabric_leaf_switch_profile_auto ./modules/terraform-aci-fabric-leaf-switch-profile n/a
aci_fabric_leaf_switch_profile_manual ./modules/terraform-aci-fabric-leaf-switch-profile n/a
aci_fabric_link_level_policy ./modules/terraform-aci-fabric-link-level-policy n/a
aci_fabric_pod_policy_group ./modules/terraform-aci-fabric-pod-policy-group n/a
aci_fabric_pod_profile_auto ./modules/terraform-aci-fabric-pod-profile n/a
aci_fabric_pod_profile_manual ./modules/terraform-aci-fabric-pod-profile n/a
aci_fabric_scheduler ./modules/terraform-aci-fabric-scheduler n/a
aci_fabric_span_destination_group ./modules/terraform-aci-fabric-span-destination-group n/a
aci_fabric_span_source_group ./modules/terraform-aci-fabric-span-source-group n/a
aci_fabric_spine_interface_profile_auto ./modules/terraform-aci-fabric-spine-interface-profile n/a
aci_fabric_spine_interface_profile_manual ./modules/terraform-aci-fabric-spine-interface-profile n/a
aci_fabric_spine_switch_configuration ./modules/terraform-aci-switch-configuration n/a
aci_fabric_spine_switch_policy_group ./modules/terraform-aci-fabric-spine-switch-policy-group n/a
aci_fabric_spine_switch_profile_auto ./modules/terraform-aci-fabric-spine-switch-profile n/a
aci_fabric_spine_switch_profile_manual ./modules/terraform-aci-fabric-spine-switch-profile n/a
aci_fabric_wide_settings ./modules/terraform-aci-fabric-wide-settings n/a
aci_filter ./modules/terraform-aci-filter n/a
aci_firmware_group ./modules/terraform-aci-firmware-group n/a
aci_forwarding_scale_policy ./modules/terraform-aci-forwarding-scale-policy n/a
aci_geolocation ./modules/terraform-aci-geolocation n/a
aci_health_score_evaluation_policy ./modules/terraform-aci-health-score-evaluation-policy n/a
aci_igmp_interface_policy ./modules/terraform-aci-igmp-interface-policy n/a
aci_igmp_snooping_policy ./modules/terraform-aci-igmp-snooping-policy n/a
aci_imported_contract ./modules/terraform-aci-imported-contract n/a
aci_imported_l4l7_device ./modules/terraform-aci-imported-l4l7-device n/a
aci_inband_endpoint_group ./modules/terraform-aci-inband-endpoint-group n/a
aci_inband_node_address ./modules/terraform-aci-inband-node-address n/a
aci_infra_dhcp_relay_policy ./modules/terraform-aci-infra-dhcp-relay-policy n/a
aci_infra_dscp_translation_policy ./modules/terraform-aci-infra-dscp-translation-policy n/a
aci_interface_configuration_fex ./modules/terraform-aci-interface-configuration n/a
aci_interface_type ./modules/terraform-aci-interface-type n/a
aci_ip_aging ./modules/terraform-aci-ip-aging n/a
aci_ip_sla_policy ./modules/terraform-aci-ip-sla-policy n/a
aci_keyring ./modules/terraform-aci-keyring n/a
aci_l2_mtu_policy ./modules/terraform-aci-l2-mtu-policy n/a
aci_l2_policy ./modules/terraform-aci-l2-policy n/a
aci_l3out ./modules/terraform-aci-l3out n/a
aci_l3out_interface_profile_auto ./modules/terraform-aci-l3out-interface-profile n/a
aci_l3out_interface_profile_manual ./modules/terraform-aci-l3out-interface-profile n/a
aci_l3out_node_profile_auto ./modules/terraform-aci-l3out-node-profile n/a
aci_l3out_node_profile_manual ./modules/terraform-aci-l3out-node-profile n/a
aci_l4l7_device ./modules/terraform-aci-l4l7-device n/a
aci_ldap ./modules/terraform-aci-ldap n/a
aci_leaf_fabric_interface_configuration ./modules/terraform-aci-fabric-interface-configuration n/a
aci_leaf_fabric_interface_configuration_sub ./modules/terraform-aci-fabric-interface-configuration n/a
aci_leaf_interface_configuration ./modules/terraform-aci-interface-configuration n/a
aci_leaf_interface_configuration_sub ./modules/terraform-aci-interface-configuration n/a
aci_link_level_policy ./modules/terraform-aci-link-level-policy n/a
aci_lldp_policy ./modules/terraform-aci-lldp-policy n/a
aci_login_domain ./modules/terraform-aci-login-domain n/a
aci_maintenance_group ./modules/terraform-aci-maintenance-group n/a
aci_management_access_policy ./modules/terraform-aci-management-access-policy n/a
aci_match_rule ./modules/terraform-aci-match-rule n/a
aci_mcp ./modules/terraform-aci-mcp n/a
aci_mcp_policy ./modules/terraform-aci-mcp-policy n/a
aci_monitoring_policy ./modules/terraform-aci-monitoring-policy n/a
aci_mpls_custom_qos_policy ./modules/terraform-aci-mpls-custom-qos-policy n/a
aci_mst_policy ./modules/terraform-aci-mst-policy n/a
aci_multicast_route_map ./modules/terraform-aci-multicast-route-map n/a
aci_nd_interface_policy ./modules/terraform-aci-nd-interface-policy n/a
aci_nd_ra_prefix_policy ./modules/terraform-aci-nd-ra-prefix-policy n/a
aci_netflow_exporter ./modules/terraform-aci-netflow-exporter n/a
aci_netflow_monitor ./modules/terraform-aci-netflow-monitor n/a
aci_netflow_record ./modules/terraform-aci-netflow-record n/a
aci_node_control_policy ./modules/terraform-aci-node-control-policy n/a
aci_node_registration ./modules/terraform-aci-node-registration n/a
aci_oob_contract ./modules/terraform-aci-oob-contract n/a
aci_oob_endpoint_group ./modules/terraform-aci-oob-endpoint-group n/a
aci_oob_external_management_instance ./modules/terraform-aci-oob-external-management-instance n/a
aci_oob_node_address ./modules/terraform-aci-oob-node-address n/a
aci_ospf_interface_policy ./modules/terraform-aci-ospf-interface-policy n/a
aci_ospf_timer_policy ./modules/terraform-aci-ospf-timer-policy n/a
aci_physical_domain ./modules/terraform-aci-physical-domain n/a
aci_pim_policy ./modules/terraform-aci-pim-policy n/a
aci_pod_setup ./modules/terraform-aci-pod-setup n/a
aci_port_channel_member_policy ./modules/terraform-aci-port-channel-member-policy n/a
aci_port_channel_policy ./modules/terraform-aci-port-channel-policy n/a
aci_port_tracking ./modules/terraform-aci-port-tracking n/a
aci_psu_policy ./modules/terraform-aci-psu-policy n/a
aci_ptp ./modules/terraform-aci-ptp n/a
aci_ptp_profile ./modules/terraform-aci-ptp-profile n/a
aci_qos ./modules/terraform-aci-qos n/a
aci_qos_policy ./modules/terraform-aci-qos-policy n/a
aci_radius ./modules/terraform-aci-radius n/a
aci_rbac_node_rule ./modules/terraform-aci-rbac-node-rule n/a
aci_redirect_backup_policy ./modules/terraform-aci-redirect-backup-policy n/a
aci_redirect_health_group ./modules/terraform-aci-redirect-health-group n/a
aci_redirect_policy ./modules/terraform-aci-redirect-policy n/a
aci_remote_location ./modules/terraform-aci-remote-location n/a
aci_rogue_endpoint_control ./modules/terraform-aci-rogue-endpoint-control n/a
aci_route_control_route_map ./modules/terraform-aci-route-control-route-map n/a
aci_route_tag_policy ./modules/terraform-aci-route-tag-policy n/a
aci_routed_domain ./modules/terraform-aci-routed-domain n/a
aci_service_epg_policy ./modules/terraform-aci-service-epg-policy n/a
aci_service_graph_template ./modules/terraform-aci-service-graph-template n/a
aci_set_rule ./modules/terraform-aci-set-rule n/a
aci_smart_licensing ./modules/terraform-aci-smart-licensing n/a
aci_snmp_policy ./modules/terraform-aci-snmp-policy n/a
aci_snmp_trap_policy ./modules/terraform-aci-snmp-trap-policy n/a
aci_spanning_tree_policy ./modules/terraform-aci-spanning-tree-policy n/a
aci_spine_fabric_interface_configuration ./modules/terraform-aci-fabric-interface-configuration n/a
aci_spine_interface_configuration ./modules/terraform-aci-interface-configuration n/a
aci_sr_mpls_external_endpoint_group ./modules/terraform-aci-external-endpoint-group n/a
aci_sr_mpls_l3out ./modules/terraform-aci-l3out n/a
aci_sr_mpls_l3out_interface_profile_manual ./modules/terraform-aci-l3out-interface-profile n/a
aci_sr_mpls_l3out_node_profile_manual ./modules/terraform-aci-l3out-node-profile n/a
aci_storm_control_policy ./modules/terraform-aci-storm-control-policy n/a
aci_syslog_policy ./modules/terraform-aci-syslog-policy n/a
aci_system_global_gipo ./modules/terraform-aci-system-global-gipo n/a
aci_system_performance ./modules/terraform-aci-system-performance n/a
aci_tacacs ./modules/terraform-aci-tacacs n/a
aci_tenant ./modules/terraform-aci-tenant n/a
aci_tenant_span_destination_group ./modules/terraform-aci-tenant-span-destination-group n/a
aci_tenant_span_source_group ./modules/terraform-aci-tenant-span-source-group n/a
aci_track_list ./modules/terraform-aci-track-list n/a
aci_track_member ./modules/terraform-aci-track-member n/a
aci_trust_control_policy ./modules/terraform-aci-trust-control-policy n/a
aci_useg_endpoint_group ./modules/terraform-aci-useg-endpoint-group n/a
aci_user ./modules/terraform-aci-user n/a
aci_vlan_pool ./modules/terraform-aci-vlan-pool n/a
aci_vmware_vmm_domain ./modules/terraform-aci-vmware-vmm-domain n/a
aci_vpc_group ./modules/terraform-aci-vpc-group n/a
aci_vpc_policy ./modules/terraform-aci-vpc-policy n/a
aci_vrf ./modules/terraform-aci-vrf n/a
aci_vspan_destination_group ./modules/terraform-aci-vspan-destination-group n/a
aci_vspan_session ./modules/terraform-aci-vspan-session n/a