cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
443
Views
0
Helpful
5
Replies
AJ Cruz
Beginner

ACI Ansible Role AEP Domain Link Error

I'm not sure if this is the right area to post this, but has anyone played with the ACI Ansible role from Code Exchange?: https://developer.cisco.com/codeexchange/github/repo/datacenter/ansible-role-aci-model

 

I modified it to build an ACI topology in my home lab using the ACI Simulator. Everything works perfectly except linking AEPs to Domains.

Here's my Ansible inventory, AEP/Domain sections:

- aep:
        - name: External-AAEP
          domain:
          - name: L3-Ext-Dom
        - name: Phys-AAEP
          domain:
          - name: Phys-Dom
      - external_routed_domain:
        - name: L3-Ext-Dom
          vlan_pool: Phys-VLAN-Pool
          vlan_pool_alloc: static
      - physical_domain:
        - name: Phys-Dom
          vlan_pool: Phys-VLAN-Pool
          vlan_pool_alloc: static

When I run the Ansible playbook I get this:

failed: [apic1 -> localhost] (item={'access_policy_aep_name': 'External-AAEP', 'access_policy_aep_domain_name': 'L3-Ext-Dom'}) => {"ansible_loop_var": "item", "changed": false, "error": {"code": "120", "text": "unknown property value uni/infra/attentp-External-AAEP/rsdomP-[uni/L3-Ext-Dom], name dn, class infraRsDomP [(Dn0)] Dn0=, "}, "item": {"access_policy_aep_domain_name": "L3-Ext-Dom", "access_policy_aep_name": "External-AAEP"}, "msg": "APIC Error 120: unknown property value uni/infra/attentp-External-AAEP/rsdomP-[uni/L3-Ext-Dom], name dn, class infraRsDomP [(Dn0)] Dn0=, ", "status": -1}
failed: [apic1 -> localhost] (item={'access_policy_aep_name': 'Phys-AAEP', 'access_policy_aep_domain_name': 'Phys-Dom'}) => {"ansible_loop_var": "item", "changed": false, "error": {"code": "120", "text": "unknown property value uni/infra/attentp-Phys-AAEP/rsdomP-[uni/Phys-Dom], name dn, class infraRsDomP [(Dn0)] Dn0=, "}, "item": {"access_policy_aep_domain_name": "Phys-Dom", "access_policy_aep_name": "Phys-AAEP"}, "msg": "APIC Error 120: unknown property value uni/infra/attentp-Phys-AAEP/rsdomP-[uni/Phys-Dom], name dn, class infraRsDomP [(Dn0)] Dn0=, ", "status": -1}

 

Any ideas? Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Sergiu.Daniluk
VIP Engager

Hi @AJ Cruz 

I noticed the same problem. There are some problems there because the role is using aci_rest module, an there are some limitations there, for example: you have multiple types of existing domains (example phys, l3domains as you have in your inventory file), and each have a different format for the DN. But in the role there is only a task which creates phy domains using aci_rest. So you either have to create multiple tasks for each type of domain, either, change most of tasks from the role, as I did, with existing specific modules. Here is how i changed it:

In the Inventory I added type attribute for domains:

      - aep:
        - name: ansible_aep
          domain:
          - name: ansible_phydom
            type: phys
          - name: ansible_l3dom
            type: l3dom

In the role, I changed aci_rest with aci_aep_to_domain:

  - name: Link AEPs to domains
    aci_aep_to_domain:
      <<: *aci_login
      aep: '{{ item.access_policy_aep_name }}'
      domain: '{{ item.access_policy_aep_domain_name }}'
      domain_type: '{{ item.access_policy_aep_domain_type }}'
    with_items: '{{ aci_model_data|aci_listify("access_policy","aep", "domain") }}'

Much cleaner and nicer. Of course, not all existing objects have dedicated modules (mostly related to L3Out), but if is there, why not use it.

 

I will update my project soon on github. You will find there a role for standalone Nexus switches as well.

 

Hope it helps,

Sergiu

 

 

 

View solution in original post

5 REPLIES 5
Sergiu.Daniluk
VIP Engager

Hi @AJ Cruz 

I noticed the same problem. There are some problems there because the role is using aci_rest module, an there are some limitations there, for example: you have multiple types of existing domains (example phys, l3domains as you have in your inventory file), and each have a different format for the DN. But in the role there is only a task which creates phy domains using aci_rest. So you either have to create multiple tasks for each type of domain, either, change most of tasks from the role, as I did, with existing specific modules. Here is how i changed it:

In the Inventory I added type attribute for domains:

      - aep:
        - name: ansible_aep
          domain:
          - name: ansible_phydom
            type: phys
          - name: ansible_l3dom
            type: l3dom

In the role, I changed aci_rest with aci_aep_to_domain:

  - name: Link AEPs to domains
    aci_aep_to_domain:
      <<: *aci_login
      aep: '{{ item.access_policy_aep_name }}'
      domain: '{{ item.access_policy_aep_domain_name }}'
      domain_type: '{{ item.access_policy_aep_domain_type }}'
    with_items: '{{ aci_model_data|aci_listify("access_policy","aep", "domain") }}'

Much cleaner and nicer. Of course, not all existing objects have dedicated modules (mostly related to L3Out), but if is there, why not use it.

 

I will update my project soon on github. You will find there a role for standalone Nexus switches as well.

 

Hope it helps,

Sergiu

 

 

 

View solution in original post

Thanks, I see it now, when I intercept the POST from creating the link in the GUI I noticed either a "uni/phys-" or a "uni/l3out-" in the tDn.

 

I'll re-structure the inventory as you suggested to fix that.

 

Thanks!

Claudia de Luna
Enthusiast

Hi @AJ Cruz ,

 

Looks like this is an older role.  

 

I have found that as ACI matures some subtle changes occur as the MIT gets enhanced and on occasion changed.

Looks like the role is balking at rsdomP.

 

"msg": "APIC Error 120: unknown property value uni/infra/attentp-Phys-AAEP/rsdomP-[uni/Phys-Dom], name dn, class infraRsDomP [(Dn0)] Dn0=, ",

which, if you look at the actual post URI and payload (below) wants infraRsDomP.

 

I actually can't get a clean run of this repo on my simulator but mine fails on other objects.

 

I'll fiddle with it and report back.

 

FWIW I have always found it much easier to work with the act_rest module if I'm using Ansible.  In truth I never use Ansible to build out the fabric (but it is handy for ongoing operations so good to learn for sure).  

 

url: https: //10.1.10.111/api/node/mo/uni/infra/attentp-EXTERNAL-AAEP.json
	payload {
		"infraRsDomP": {
			"attributes": {
				"tDn": "uni/l3dom-L3-Ext-Dom",
				"status": "created,modified"
			},
			"children": []
		}
	}

LOL!   Sergiu beat me to it and his solution is far more helpful than mine!

 

Good luck!

AJ Cruz
Beginner

I converted all the raw rest calls to use native ansible modules, restructured the topology file a bit, and made a small change to the jinja filter to allow it to accept a list as a value (for listing leaves when adding static paths).

 

Here it is: https://github.com/aj-cruz/aci-ansible-role.git

Content for Community-Ad

This widget could not be displayed.