Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2581
Views
0
Helpful
5
Replies

ACI Ansible Role AEP Domain Link Error

Go to solution
AJ Cruz
Level 3
Level 3

‎04-23-2020 09:15 AM

I'm not sure if this is the right area to post this, but has anyone played with the ACI Ansible role from Code Exchange?: https://developer.cisco.com/codeexchange/github/repo/datacenter/ansible-role-aci-model

 

I modified it to build an ACI topology in my home lab using the ACI Simulator. Everything works perfectly except linking AEPs to Domains.

Here's my Ansible inventory, AEP/Domain sections:

- aep:
        - name: External-AAEP
          domain:
          - name: L3-Ext-Dom
        - name: Phys-AAEP
          domain:
          - name: Phys-Dom
      - external_routed_domain:
        - name: L3-Ext-Dom
          vlan_pool: Phys-VLAN-Pool
          vlan_pool_alloc: static
      - physical_domain:
        - name: Phys-Dom
          vlan_pool: Phys-VLAN-Pool
          vlan_pool_alloc: static

When I run the Ansible playbook I get this:

failed: [apic1 -> localhost] (item={'access_policy_aep_name': 'External-AAEP', 'access_policy_aep_domain_name': 'L3-Ext-Dom'}) => {"ansible_loop_var": "item", "changed": false, "error": {"code": "120", "text": "unknown property value uni/infra/attentp-External-AAEP/rsdomP-[uni/L3-Ext-Dom], name dn, class infraRsDomP [(Dn0)] Dn0=, "}, "item": {"access_policy_aep_domain_name": "L3-Ext-Dom", "access_policy_aep_name": "External-AAEP"}, "msg": "APIC Error 120: unknown property value uni/infra/attentp-External-AAEP/rsdomP-[uni/L3-Ext-Dom], name dn, class infraRsDomP [(Dn0)] Dn0=, ", "status": -1}
failed: [apic1 -> localhost] (item={'access_policy_aep_name': 'Phys-AAEP', 'access_policy_aep_domain_name': 'Phys-Dom'}) => {"ansible_loop_var": "item", "changed": false, "error": {"code": "120", "text": "unknown property value uni/infra/attentp-Phys-AAEP/rsdomP-[uni/Phys-Dom], name dn, class infraRsDomP [(Dn0)] Dn0=, "}, "item": {"access_policy_aep_domain_name": "Phys-Dom", "access_policy_aep_name": "Phys-AAEP"}, "msg": "APIC Error 120: unknown property value uni/infra/attentp-Phys-AAEP/rsdomP-[uni/Phys-Dom], name dn, class infraRsDomP [(Dn0)] Dn0=, ", "status": -1}

 

Any ideas? Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎04-23-2020 10:43 AM - edited ‎04-23-2020 10:47 AM

Hi @AJ Cruz 

I noticed the same problem. There are some problems there because the role is using aci_rest module, an there are some limitations there, for example: you have multiple types of existing domains (example phys, l3domains as you have in your inventory file), and each have a different format for the DN. But in the role there is only a task which creates phy domains using aci_rest. So you either have to create multiple tasks for each type of domain, either, change most of tasks from the role, as I did, with existing specific modules. Here is how i changed it:

In the Inventory I added type attribute for domains:

      - aep:
        - name: ansible_aep
          domain:
          - name: ansible_phydom
            type: phys
          - name: ansible_l3dom
            type: l3dom

In the role, I changed aci_rest with aci_aep_to_domain:

  - name: Link AEPs to domains
    aci_aep_to_domain:
      <<: *aci_login
      aep: '{{ item.access_policy_aep_name }}'
      domain: '{{ item.access_policy_aep_domain_name }}'
      domain_type: '{{ item.access_policy_aep_domain_type }}'
    with_items: '{{ aci_model_data|aci_listify("access_policy","aep", "domain") }}'

Much cleaner and nicer. Of course, not all existing objects have dedicated modules (mostly related to L3Out), but if is there, why not use it.

 

I will update my project soon on github. You will find there a role for standalone Nexus switches as well.

 

Hope it helps,

Sergiu

 

 

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎04-23-2020 10:43 AM - edited ‎04-23-2020 10:47 AM

Hi @AJ Cruz 

I noticed the same problem. There are some problems there because the role is using aci_rest module, an there are some limitations there, for example: you have multiple types of existing domains (example phys, l3domains as you have in your inventory file), and each have a different format for the DN. But in the role there is only a task which creates phy domains using aci_rest. So you either have to create multiple tasks for each type of domain, either, change most of tasks from the role, as I did, with existing specific modules. Here is how i changed it:

In the Inventory I added type attribute for domains:

      - aep:
        - name: ansible_aep
          domain:
          - name: ansible_phydom
            type: phys
          - name: ansible_l3dom
            type: l3dom

In the role, I changed aci_rest with aci_aep_to_domain:

  - name: Link AEPs to domains
    aci_aep_to_domain:
      <<: *aci_login
      aep: '{{ item.access_policy_aep_name }}'
      domain: '{{ item.access_policy_aep_domain_name }}'
      domain_type: '{{ item.access_policy_aep_domain_type }}'
    with_items: '{{ aci_model_data|aci_listify("access_policy","aep", "domain") }}'

Much cleaner and nicer. Of course, not all existing objects have dedicated modules (mostly related to L3Out), but if is there, why not use it.

 

I will update my project soon on github. You will find there a role for standalone Nexus switches as well.

 

Hope it helps,

Sergiu

 

 

 

0 Helpful

Go to solution
AJ Cruz
Level 3
Level 3
In response to Sergiu.Daniluk

‎04-23-2020 11:09 AM

Thanks, I see it now, when I intercept the POST from creating the link in the GUI I noticed either a "uni/phys-" or a "uni/l3out-" in the tDn.

 

I'll re-structure the inventory as you suggested to fix that.

 

Thanks!

0 Helpful

Go to solution
Claudia de Luna
Spotlight
Spotlight

‎04-23-2020 11:50 AM

Hi @AJ Cruz ,

 

Looks like this is an older role.  

 

I have found that as ACI matures some subtle changes occur as the MIT gets enhanced and on occasion changed.

Looks like the role is balking at rsdomP.

 

"msg": "APIC Error 120: unknown property value uni/infra/attentp-Phys-AAEP/rsdomP-[uni/Phys-Dom], name dn, class infraRsDomP [(Dn0)] Dn0=, ",

which, if you look at the actual post URI and payload (below) wants infraRsDomP.

 

I actually can't get a clean run of this repo on my simulator but mine fails on other objects.

 

I'll fiddle with it and report back.

 

FWIW I have always found it much easier to work with the act_rest module if I'm using Ansible.  In truth I never use Ansible to build out the fabric (but it is handy for ongoing operations so good to learn for sure).  

 

url: https: //10.1.10.111/api/node/mo/uni/infra/attentp-EXTERNAL-AAEP.json
	payload {
		"infraRsDomP": {
			"attributes": {
				"tDn": "uni/l3dom-L3-Ext-Dom",
				"status": "created,modified"
			},
			"children": []
		}
	}
0 Helpful

Go to solution
Claudia de Luna
Spotlight
Spotlight
In response to Claudia de Luna

‎04-23-2020 11:51 AM

LOL!   Sergiu beat me to it and his solution is far more helpful than mine!

 

Good luck!

0 Helpful

Go to solution
AJ Cruz
Level 3
Level 3

‎05-21-2020 08:10 AM

I converted all the raw rest calls to use native ansible modules, restructured the topology file a bit, and made a small change to the jinja filter to allow it to accept a list as a value (for listing leaves when adding static paths).

 

Here it is: https://github.com/aj-cruz/aci-ansible-role.git

0 Helpful
Customers Also Viewed These Support Documents