Solved: Cisco ACI - ansible - EPG Static Port-Mapping using a loop

jacktjmatemane · ‎04-11-2020

Dear Community,

Using Ansible aci_rest module, I would like to create a playbook to assign EPG static port-mapping, but I cannot get it working.

Anyone who might have done it before and can share their script I would highly appreciate it.

Kind Regards,

Tlatlaru

Sergiu.Daniluk · ‎04-11-2020

Hi,

Below is an example using aci_rest:

Note: make sure that the tenant>app>epg exists before running this playbook.

---
- name: Static Bind Using aci_rest
  hosts: apic
  connection: local
  gather_facts: False

  tasks:
    - name: Add static path
      aci_rest:
        host: "{{ inventory_hostname }}"
        username: "{{ username }}"
        password: "{{ password }}"
        validate_certs: False
        method: "post"
        path: "api/mo/tn-{{ item.tenant }}/ap-{{ item.app }}/epg-{{ item.epg }}.json"
        content: '{"fvRsPathAtt":{"attributes":{"annotation":"","descr":"","dn":"uni/tn-{{ item.tenant }}/ap-{{ item.app }}/epg-{{ item.epg }}/rspathAtt-[topology/pod-{{ item.pod }}/paths-{{ item.leaf }}/pathep-[eth1/{{ item.port }}]]","encap":"vlan-{{ item.vlan}","instrImedcy":"immediate","mode":"regular","primaryEncap":"unknown","tDn":"topology/pod-{{ item.pod }}/paths-{{ item.leaf }}/pathep-[eth1/{{ item.port }}]" }}}'
      with_items:
        - tenant: "Production"
          app: "AppCenter"
          epg: "Web"
          pod: "1"
          leaf: "101"
          port: "24"
          vlan: "2400"
        - tenant: "Production"
          app: "AppCenter"
          epg: "Web"
          pod: "1"
          leaf: "102"
          port: "22"
          vlan: "2400"

Alternatively, you can use aci_role: https://github.com/datacenter/ansible-role-aci-model

Regards,

Sergiu

View solution in original post

Sergiu.Daniluk · ‎04-11-2020

Hi,

Below is an example using aci_rest:

Note: make sure that the tenant>app>epg exists before running this playbook.

---
- name: Static Bind Using aci_rest
  hosts: apic
  connection: local
  gather_facts: False

  tasks:
    - name: Add static path
      aci_rest:
        host: "{{ inventory_hostname }}"
        username: "{{ username }}"
        password: "{{ password }}"
        validate_certs: False
        method: "post"
        path: "api/mo/tn-{{ item.tenant }}/ap-{{ item.app }}/epg-{{ item.epg }}.json"
        content: '{"fvRsPathAtt":{"attributes":{"annotation":"","descr":"","dn":"uni/tn-{{ item.tenant }}/ap-{{ item.app }}/epg-{{ item.epg }}/rspathAtt-[topology/pod-{{ item.pod }}/paths-{{ item.leaf }}/pathep-[eth1/{{ item.port }}]]","encap":"vlan-{{ item.vlan}","instrImedcy":"immediate","mode":"regular","primaryEncap":"unknown","tDn":"topology/pod-{{ item.pod }}/paths-{{ item.leaf }}/pathep-[eth1/{{ item.port }}]" }}}'
      with_items:
        - tenant: "Production"
          app: "AppCenter"
          epg: "Web"
          pod: "1"
          leaf: "101"
          port: "24"
          vlan: "2400"
        - tenant: "Production"
          app: "AppCenter"
          epg: "Web"
          pod: "1"
          leaf: "102"
          port: "22"
          vlan: "2400"

Alternatively, you can use aci_role: https://github.com/datacenter/ansible-role-aci-model

Regards,

Sergiu

jacktjmatemane · ‎04-12-2020

Hi Sergiu,

Thanks for your help, following your tip to do more.

Rob R. · ‎09-19-2020

Hello, thank you for posting this it is extremely helpful. I see your note there that says make sure that the endpoint group exist before you try to make these changes via the Ansible playbook. I was wondering if there was a way to check whether or not the endpoint group already existed via an easy method inside of Ansible?

Sergiu.Daniluk · ‎09-20-2020

Hi @Rob R.

Yes, you can use the "aci_epg" module: https://docs.ansible.com/ansible/latest/modules/aci_epg_module.html

- name: Add a new EPG
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    ap: intranet
    epg: web_epg
    description: Web Intranet EPG
    bd: prod_bd
    preferred_group: no
    state: present
 delegate_to: localhost

- name: Query an EPG
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    ap: ticketing
    epg: web_epg
    state: query
  delegate_to: localhost
  register: query_result

You can play with the state attribute to either create or query:

If you use the "create" state, if the EPG does not exist, it will create it, if it exists, it will either update the object if something is changed or simply bypass the task if all attributes match.
if you use the "query" state, it will simply verify if the EPG exists and will save the results in "query_result" variable.

Stay safe,

Sergiu

Sergiu.Daniluk · ‎04-11-2020

Hello again,

I would like to share with you how to create any ansible playbook, using aci_rest.

Rules are simple:

1. You need to have a working example of the desired object. Or at least have it configured. I will use the static binding, but same workflow will apply for any other object.

2. Save the configuration of the object. You can do that using right click on the object > Save as... ; A pop-up will appear. Download only the self-object configuration, in json.

Save as... Save as...

Download only self-configuration Download only self-configuration

3. The configuration will look like this:

{
  "totalCount": "1",
  "imdata": [
    {
      "fvRsPathAtt": {
        "attributes": {
          "annotation": "",
          "descr": "",
          "dn": "uni/tn-ANS/ap-App1/epg-EPG1/rspathAtt-[topology/pod-1/paths-101/pathep-[eth1/5]]",
          "encap": "vlan-3678",
          "instrImedcy": "immediate",
          "mode": "regular",
          "primaryEncap": "unknown",
          "tDn": "topology/pod-1/paths-101/pathep-[eth1/5]"
        }
      }
    }
  ]
}

There are a couple of things which are important in the config:

the DN of the object you are configuring: uni/tn-ANS/ap-App1/epg-EPG1 . DN represents the path parameter in aci_rest module.
the config you push to it: "fvRsPathAtt": {<everything-between-brakets>} . This is the content parameter.

4. Find the variables in the path & config (tenant, epg, vlan, interface etc) and change them with {{ item.variable }}. because you will use the with_items for looping. After the change, the config looks like this:

Object DN: 
uni/tn-{{ item.tenant }}/ap-{{ item.app }}/epg-{{ item.epg }}

Config:
{
  "fvRsPathAtt": {
    "attributes": {
      "annotation": "",
      "descr": "",
      "dn": "uni/tn-{{ item.tenant }}/ap-{{ item.app }}/epg-{{ item.epg }}/rspathAtt-[topology/pod-{{ item.pod }}/paths-{{ item.leaf }}/pathep-[eth1/{{ item.port }}]]",
      "encap": "vlan-{{ item.vlan}",
      "instrImedcy": "immediate",
      "mode": "regular",
      "primaryEncap": "unknown",
      "tDn": "topology/pod-{{ item.pod }}/paths-{{ item.leaf }}/pathep-[eth1/{{ item.port }}]"
    }
  }
}

5. Put all pieces together (see playbook code in my first post).

Hope it helps,

Sergiu

krishnakumar.raghunathan · ‎10-18-2022

need to add multiple ports to epg with ansible

below playbook is not working

Task

- name: Deploy Static Path binding for given EPG
aci_static_binding_to_epg:
host: apic
tenant: "{{ tenant }}"
hostname: "{{ inventory_hostname }}"
username: "{{ user }}"
password: "{{ pass }}"
ap: "POD01_APP"
epg: "database"
encap_id: 623
deploy_immediacy: lazy
interface_mode: regular
interface_type: switch_port
pod_id: 1
leafs: "{{leaf}}"
interface: "{{portlist}}"
state: present
validate_certs: false

Var

tenant: aciproglab01
vrf1: POD01_vrf_1
vrf2: POD01_vrf_2
app_profile_name: POD01_APP
leaf: 101
portlist:
- interface: "1/3"
- interface: "1/5"