-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaci_automator.yml
117 lines (110 loc) · 4.31 KB
/
aci_automator.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
---
- name: Bind contract to EPGs
hosts: "{{ apic }}"
connection: local
gather_facts: no
vars:
scope: "context"
apic_info: &apic_info
host: "{{ apic_ip }}"
username: "{{ lookup('env', 'ANSIBLE_NET_USERNAME') }}"
password: "{{ lookup('env', 'ANSIBLE_NET_PASSWORD') }}"
validate_certs: no
debug_on_state: "{{ debug_on | default(false) }}"
filter_name: "fl:{{ subj_name }}_{{ dst_port }}"
filter_entry_name: "flEn:{{ dst_port }}"
contract_name: "ticket_id:{{ticket_id}}-{{ prov_ap_name }}:{{ prov_epg_name }}_to_{{ cons_ap_name }}:{{ cons_epg_name }}"
tasks:
# Create an ACI snapshot
- name: Create an APIC Snapshot
aci_config_snapshot:
<<: *apic_info
validate_certs: no
state: present
export_policy: config_backup
max_count: 10
description: Snapshot Created by Ansible
# Create a filter
- name: Create Filter
aci_filter:
<<: *apic_info
validate_certs: no
use_proxy: no
tenant: "common"
filter: "{{ filter_name }}"
state: "present"
register: flt
# Create a new filter entry
- name: Create Filter Entry
aci_filter_entry:
<<: *apic_info
validate_certs: no
use_proxy: no
filter: "{{ filter_name }}"
entry: "{{ filter_entry_name }}"
tenant: "common"
ether_type: "ip"
ip_protocol: "{{ subj_name }}"
dst_port: "{{ dst_port }}"
state: "present"
register: flt_entry
# Create contract
- name: Create Contract
aci_rest:
<<: *apic_info
validate_certs: no
use_proxy: no
path: /api/node/mo/uni/{{ contract_tn_name }}/brc-{{ contract_name }}.json
method: post
content:
vzBrCP:
attributes:
name: "{{ contract_name }}"
scope: "{{ scope }}"
status: "created,modified"
# Add subject and filter to the contract
- name: Add the subject and filter
aci_rest:
<<: *apic_info
validate_certs: no
use_proxy: no
path: /api/node/mo/uni/tn-{{ prov_tn_name }}/brc-{{ contract_name }}/subj-{{ subj_name }}.json
method: post
content:
vzSubj:
attributes:
name: "{{ subj_name }}"
status: "created,modified"
children:
-
vzRsSubjFiltAtt:
attributes:
tnVzFilterName: "{{ filter_name }}"
status: "created,modified"
register: subj_and_flt
# Bind the contract to the source host's EPG
- name: Bind Contract to Source EPG
aci_epg_to_contract:
<<: *apic_info
validate_certs: no
use_proxy: no
tenant: "{{ prov_tn_name }}"
ap: "{{ prov_ap_name }}"
epg: "{{ prov_epg_name }}"
contract: "{{ contract_name }}"
contract_type: provider
state: present
register: prov_epg_contract
# Bind the contract to the destination host's EPG
- name: Bind Contract to Destination EPG
aci_epg_to_contract:
<<: *apic_info
validate_certs: no
use_proxy: no
tenant: "{{ cons_tn_name }}"
ap: "{{ cons_ap_name }}"
epg: "{{ cons_epg_name }}"
contract: "{{ contract_name }}"
contract_type: consumer
state: present
register: cons_epg_contract