Solved: Re: Cisco ACI - ansible - putting epgs in shutdown

Geir Sand-Strand · ‎05-16-2019

I have an Tenant with an AP an several EPGs. Before migration to ACI I have used ansible to create the tenant, ap, epg, bd and so on...

When I create the EPGs, I would like to put them in shutdown. But not by using GUI and clickinto into each of them and putting them in shutdown. I looks like the shutdown-parameter is not in the ansible epg module.

Is there a way to easily do this? Is the alternative doing a POST for shutting them down or is there a way by using ansible that I haven't found yet?

Br

Geir

Marcel Zehnder · ‎05-21-2019

You will need to introduce loops in your ansible task:

https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html

It will look something like that:

- name: SHUTDOWN EPG
  aci_rest:
    hostname: 'YOUR APIC IP'
    username: 'yourUsername'
    password: 'yourPassword'
    method: post
    path: /api/mo.json
    content: |
       {
       "fvAEPg": {
       "attributes": {
        "dn":  "{{ item }}",
        "shutdown": "true"
      }
     }
    loop:
     - uni/tn-MZE/ap-TEST/epg-APP1
     - uni/tn-MZE/ap-TEST/epg-APP2
     - uni/tn-MZE/ap-TEST/epg-APP3
  delegate_to: localhost

/Marcel

View solution in original post

Jayesh Singh · ‎05-16-2019

Hi Geir,

I am failing to understand your following statement:

"When I create the EPGs, I would like to put them in shutdown."

There is no way we can shut down the EPGs, however we can detach the domains(physical or VMM domain) from the EPGs to keep them inactive.

I am unable to interpret the requirement here precisely, it would be helpful if you share more details on what we want to achieve here.

Regards,

Jayesh

***Rate all posts that are helpful***

Remi Astruc · ‎05-17-2019

Hello,

I guess Geir talks about the new feature in 4.0.1 which allows to "shutdown" an EPG.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/release-notes/Cisco-APIC-Release-Notes-401.html#FabricScaleandOtherEnhancements

There may not be an Ansible way to do that today.

Remi Astruc

Jayesh Singh · ‎05-17-2019

Thanks Remi!

Now that makes me feel like an old guy :-P

Need to get my hands on ACI 4.x ASAP

Geir Sand-Strand · ‎05-20-2019

Thx for the reply.

We are running 4.1.(1j) so there are a shutdown under the EPG in the GUI. Would sure like to have that done with ansible, but it doesn't seem to be an option.

Geir

RedNectar · ‎05-20-2019

Hi Geir,

I've been watching this thread with interest over a few days hoping someone would tell you how to achieve what you want using the APIs - I can't remember exactly what you need to do, but I do remember going to a Cisco Live presentation that outlined how you can set any value using Ansible, so long as you knew the right dn in xml or json format (just like Postman). But I don't know enough to tell you HOW to do it, but hopefully I might point you in the direction where you might find the answer, and presumably you already know how to determine the xml/json payload you need using the API inspector.

This might be a good place to start: https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general_aci.html

which if you follow the links will take you to: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide/b_Cisco_APIC_REST_API_Configuration_Guide_chapter_01.html

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Marcel Zehnder · ‎05-21-2019

Hi

You can use the aci_rest ansible module (https://docs.ansible.com/ansible/2.4/aci_rest_module.html) to post the following json-dict to /api/mo.json - you need to replace <YOUR-EPG-DN> with your actual EPG-DN (for example epg "APP" in application-profile "TEST" in tenant "MZE" is "uni/tn-MZE/ap-TEST/epg-APP")

HTH

Marcel

{
  "fvAEPg": {
    "attributes": {
      "dn": "<YOUR-EPG-DN>",
      "shutdown": "true"
    }
  }
}

Marcel Zehnder · ‎05-21-2019

The complete example:

ansible task:

- name: SHUTDOWN EPG
  aci_rest:
    hostname: 'YOUR APIC IP'
    username: 'yourUsername'
    password: 'yourPassword'
    method: post
    path: /api/mo.json
    src: /path/to/json/file.json
  delegate_to: localhost

Config File (/path/to/json/file.json)

{
  "fvAEPg": {
    "attributes": {
      "dn": "uni/tn-MZE/ap-TEST/epg-APP",
      "shutdown": "true"
    }
  }

Or without a config file:

- name: SHUTDOWN EPG
  aci_rest:
    hostname: 'YOUR APIC IP'
    username: 'yourUsername'
    password: 'yourPassword'
    method: post
    path: /api/mo.json
    content: |
       {
       "fvAEPg": {
       "attributes": {
        "dn": "uni/tn-MZE/ap-TEST/epg-APP",
        "shutdown": "true"
      }
     }
  delegate_to: localhost

Geir Sand-Strand · ‎05-21-2019

That worked nice :-)

But what if I want to shutdown more epgs, can I do that in the same json-section? How would it the look like?

Br

Geir

Marcel Zehnder · ‎05-21-2019

You will need to introduce loops in your ansible task:

https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html

It will look something like that:

- name: SHUTDOWN EPG
  aci_rest:
    hostname: 'YOUR APIC IP'
    username: 'yourUsername'
    password: 'yourPassword'
    method: post
    path: /api/mo.json
    content: |
       {
       "fvAEPg": {
       "attributes": {
        "dn":  "{{ item }}",
        "shutdown": "true"
      }
     }
    loop:
     - uni/tn-MZE/ap-TEST/epg-APP1
     - uni/tn-MZE/ap-TEST/epg-APP2
     - uni/tn-MZE/ap-TEST/epg-APP3
  delegate_to: localhost

/Marcel

Geir Sand-Strand · ‎05-21-2019

Thx, that worked :-)

Now I can create all the epgs and put them i shutdown. When we start migrating old core to ACI, I can easily move the epgs to "no shutdown".

Geir