A comprehensive Ansible role to model and deploy Cisco ACI fabrics
Home Page: https://galaxy.ansible.com/datacenter/aci-model/
License: GNU General Public License v3.0
This role has been configured to run on python 2 and is not compatible with python 3.
In the example inventory the string «997_998» (name attribute of leaf selector) is unquoted. This is interpreted as number 997998 in YAML: https://yaml.org/type/int.html
«Any “_” characters in the number are ignored, allowing a readable representation of large values.»
Hi!
First of all, great work!
I've been testing this against the public Sandbox APIC.
I get an error message when it hits the "aci-model : Create OSPF Interface Profile" task.
Request failed: 400 incomplete node at line '1'
The payloads from Ansible and the APIC GUI (API inspector) are seemingly identical.
{
"ospfIfPol": {
"attributes": {
"dn": "uni/tn-99_Customer01/ospfIfPol-router_01_ospf",
"name": "router_01_ospf",
"nwT": "bcast",
"ctrl": "advert-subnet,mtu-ignore",
"rn": "ospfIfPol-Test"
}
}
}Also tried changing the rn value:
@@ -111,11 +111,11 @@
method: post
path: '/api/node/mo/uni/tn-{{item.tenant_name}}/ospfIfPol-{{item.tenant_protocol_policy_ospf_interface_name}}.json'
content: |
- '{"ospfIfPol":{"attributes":{"dn":"uni/tn-{{item.tenant_name}}/ospfIfPol-{{item.tenant_protocol_policy_ospf_interface_name}}","name":"{{item.tenant_protocol_policy_ospf_interface_name}}","nwT":"bcast","ctrl":"advert-subnet,mtu-ignore","rn":"ospfIfPol-Test"}}}'
+ '{"ospfIfPol":{"attributes":{"dn":"uni/tn-{{item.tenant_name}}/ospfIfPol-{{item.tenant_protocol_policy_ospf_interface_name}}","name":"{{item.tenant_protocol_policy_ospf_interface_name}}","nwT":"bcast","ctrl":"advert-subnet,mtu-ignore","rn":"ospfIfPol-{{item.tenant_protocol_policy_ospf_interface_name}}"}}}'
with_items:
- '{{ aci_model_data|aci_listify("tenant","protocol_policy","ospf_interface") }}'
delegate_to: localhost
Found a work-around by switching to YAML, but then the error message reappears in the Associate BDs to L3out task.
Most likely something simple I'm missing here :-)
Complete error message:
TASK [aci-model : Create OSPF Interface Profile] ***************************************************************************************************************************
task path: /Users/username/Dev/ansible-role-aci-model/roles/aci-model/tasks/main.yml:108
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/network/aci/aci_rest.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: username
<localhost> EXEC /bin/sh -c 'echo ~ && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/username/.ansible/tmp/ansible-tmp-1505848052.99-66417759575054 `" && echo ansible-tmp-1505848052.99-66417759575054="` echo /Users/username/.ansible/tmp/ansible-tmp-1505848052.99-66417759575054 `" ) && sleep 0'
<localhost> PUT /var/folders/45/x8mn02154hx92jgkftm213gh0000gn/T/tmpGoqeob TO /Users/username/.ansible/tmp/ansible-tmp-1505848052.99-66417759575054/aci_rest.py
<localhost> EXEC /bin/sh -c 'chmod u+x /Users/username/.ansible/tmp/ansible-tmp-1505848052.99-66417759575054/ /Users/username/.ansible/tmp/ansible-tmp-1505848052.99-66417759575054/aci_rest.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/local/opt/python/bin/python2.7 /Users/username/.ansible/tmp/ansible-tmp-1505848052.99-66417759575054/aci_rest.py; rm -rf "/Users/username/.ansible/tmp/ansible-tmp-1505848052.99-66417759575054/" > /dev/null 2>&1 && sleep 0'
The full traceback is:
File "/var/folders/45/x8mn02154hx92jgkftm213gh0000gn/T/ansible_tsKeLZ/ansible_module_aci_rest.py", line 236, in <module>
from xmljson import cobra
failed: [localhost -> localhost] (item={u'tenant_name': u'99_Customer01', u'tenant_protocol_policy_ospf_interface_name': u'router_01_ospf', u'tenant_description': u'Customer01'}) => {
"changed": false,
"error_code": "400",
"error_text": "incomplete node at line '1'",
"failed": true,
"imdata": [
{
"error": {
"attributes": {
"code": "400",
"text": "incomplete node at line '1'"
}
}
}
],
"invocation": {
"module_args": {
"content": "'{\"ospfIfPol\":{\"attributes\":{\"dn\":\"uni/tn-99_Customer01/ospfIfPol-router_01_ospf\",\"name\":\"router_01_ospf\",\"nwT\":\"bcast\",\"ctrl\":\"advert-subnet,mtu-ignore\",\"rn\":\"ospfIfPol-Test\"}}}'\n",
"hostname": "sandboxapicdc.cisco.com",
"method": "post",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"path": "/api/node/mo/uni/tn-99_Customer01/ospfIfPol-router_01_ospf.json",
"protocol": "https",
"src": null,
"timeout": 30,
"use_proxy": true,
"use_ssl": true,
"username": "admin",
"validate_certs": false
}
},
"item": {
"tenant_description": "Customer01",
"tenant_name": "99_Customer01",
"tenant_protocol_policy_ospf_interface_name": "router_01_ospf"
},
"msg": "Request failed: 400 incomplete node at line '1'",
"payload": "\"{\\\"ospfIfPol\\\":{\\\"attributes\\\":{\\\"dn\\\":\\\"uni/tn-99_Customer01/ospfIfPol-router_01_ospf\\\",\\\"name\\\":\\\"router_01_ospf\\\",\\\"nwT\\\":\\\"bcast\\\",\\\"ctrl\\\":\\\"advert-subnet,mtu-ignore\\\",\\\"rn\\\":\\\"ospfIfPol-Test\\\"}}}\"",
"response": "HTTP Error 400: Bad Request",
"status": 400,
"totalCount": "1",
"url": "https://sandboxapicdc.cisco.com/api/node/mo/uni/tn-99_Customer01/ospfIfPol-router_01_ospf.json?rsp-subtree=modified"
}
to retry, use: --limit @/Users/username/Dev/ansible-role-aci-model/example-playbook.retry
PLAY RECAP *****************************************************************************************************************************************************************
localhost : ok=10 changed=0 unreachable=0 failed=1
(venv) simba@XXX:~/datacenter.aci-model$ ansible-playbook -i myinventory.yml myplaybook.yml -v
Using /home/simba/datacenter.aci-model/ansible.cfg as config file
PLAY [Deploy topology using ACI model] ***********************************************************************************************************************
TASK [datacenter.aci-model : include_tasks] ******************************************************************************************************************
included: /home/simba/datacenter.aci-model/tasks/my-test-yaml.yml for apic1
TASK [datacenter.aci-model : Create LLDP interface policies] *************************************************************************************************
failed: [apic1 -> localhost] (item={'access_policy_interface_policy_lldp_name': 'LLDP-ENABLE', 'access_policy_interface_policy_lldp_state': 'present', 'access_policy_interface_policy_lldp_receive_state': 'enabled', 'access_policy_interface_policy_lldp_transmit_state': 'enabled'}) => {"ansible_loop_var": "item", "changed": false, "item": {"access_policy_interface_policy_lldp_name": "LLDP-ENABLE", "access_policy_interface_policy_lldp_receive_state": "enabled", "access_policy_interface_policy_lldp_state": "present", "access_policy_interface_policy_lldp_transmit_state": "enabled"}, "msg": "argument 'receive_state' is of type <class 'str'> and we were unable to convert to bool: The value 'enabled' is not a valid boolean. Valid booleans include: 'off', 'y', 1, 0, 'on', 'f', '1', 't', 'yes', 'no', 'false', '0', 'true', 'n'"}
ok: [apic1 -> localhost] => (item={'access_policy_interface_policy_lldp_name': 'LLDP-DISABLE', 'access_policy_interface_policy_lldp_state': 'present', 'access_policy_interface_policy_lldp_receive_state': False, 'access_policy_interface_policy_lldp_transmit_state': False}) => {"ansible_loop_var": "item", "changed": false, "current": [{"lldpIfPol": {"attributes": {"adminRxSt": "disabled", "adminTxSt": "disabled", "annotation": "orchestrator:ansible", "descr": "", "dn": "uni/infra/lldpIfP-LLDP-DISABLE", "name": "LLDP-DISABLE", "nameAlias": "", "ownerKey": "", "ownerTag": "", "userdom": ":all:"}}}], "item": {"access_policy_interface_policy_lldp_name": "LLDP-DISABLE", "access_policy_interface_policy_lldp_receive_state": false, "access_policy_interface_policy_lldp_state": "present", "access_policy_interface_policy_lldp_transmit_state": false}, "mo": {"lldpIfPol": {"attributes": {"adminRxSt": "disabled", "adminTxSt": "disabled", "annotation": "orchestrator:ansible", "dn": "uni/infra/lldpIfP-LLDP-DISABLE", "name": "LLDP-DISABLE"}}}}
PLAY RECAP ***************************************************************************************************************************************************
apic1 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Need to update inventory file
- interface_policy_lldp:
- name: LLDP-ENABLE
state: present
receive_state: **on**
transmit_state: **on**
- name: LLDP-DISABLE
state: present
receive_state: **off**
transmit_state: **off**
After updating ...its work fine
(venv) simba@XXX:~/datacenter.aci-model$ ansible-playbook -i myinventory.yml myplaybook.yml -v
Using /home/simba/datacenter.aci-model/ansible.cfg as config file
PLAY [Deploy topology using ACI model] ***********************************************************************************************************************
TASK [datacenter.aci-model : include_tasks] ******************************************************************************************************************
included: /home/simba/datacenter.aci-model/tasks/my-test-yaml.yml for apic1
TASK [datacenter.aci-model : Create LLDP interface policies] *************************************************************************************************
ok: [apic1 -> localhost] => (item={'access_policy_interface_policy_lldp_name': 'LLDP-ENABLE', 'access_policy_interface_policy_lldp_state': 'present', 'access_policy_interface_policy_lldp_receive_state': True, 'access_policy_interface_policy_lldp_transmit_state': True}) => {"ansible_loop_var": "item", "changed": false, "current": [{"lldpIfPol": {"attributes": {"adminRxSt": "enabled", "adminTxSt": "enabled", "annotation": "orchestrator:ansible", "descr": "", "dn": "uni/infra/lldpIfP-LLDP-ENABLE", "name": "LLDP-ENABLE", "nameAlias": "", "ownerKey": "", "ownerTag": "", "userdom": ":all:"}}}], "item": {"access_policy_interface_policy_lldp_name": "LLDP-ENABLE", "access_policy_interface_policy_lldp_receive_state": true, "access_policy_interface_policy_lldp_state": "present", "access_policy_interface_policy_lldp_transmit_state": true}, "mo": {"lldpIfPol": {"attributes": {"adminRxSt": "enabled", "adminTxSt": "enabled", "annotation": "orchestrator:ansible", "dn": "uni/infra/lldpIfP-LLDP-ENABLE", "name": "LLDP-ENABLE"}}}}
ok: [apic1 -> localhost] => (item={'access_policy_interface_policy_lldp_name': 'LLDP-DISABLE', 'access_policy_interface_policy_lldp_state': 'present', 'access_policy_interface_policy_lldp_receive_state': False, 'access_policy_interface_policy_lldp_transmit_state': False}) => {"ansible_loop_var": "item", "changed": false, "current": [{"lldpIfPol": {"attributes": {"adminRxSt": "disabled", "adminTxSt": "disabled", "annotation": "orchestrator:ansible", "descr": "", "dn": "uni/infra/lldpIfP-LLDP-DISABLE", "name": "LLDP-DISABLE", "nameAlias": "", "ownerKey": "", "ownerTag": "", "userdom": ":all:"}}}], "item": {"access_policy_interface_policy_lldp_name": "LLDP-DISABLE", "access_policy_interface_policy_lldp_receive_state": false, "access_policy_interface_policy_lldp_state": "present", "access_policy_interface_policy_lldp_transmit_state": false}, "mo": {"lldpIfPol": {"attributes": {"adminRxSt": "disabled", "adminTxSt": "disabled", "annotation": "orchestrator:ansible", "dn": "uni/infra/lldpIfP-LLDP-DISABLE", "name": "LLDP-DISABLE"}}}}
PLAY RECAP ***************************************************************************************************************************************************
apic1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Hi there.
Is it possible to get the login information from the host file ?
When linking AEPs to Domains, the "domain type" is required in 4.x (and maybe others). The module fails when I use the existing master branch. I updated my local copy of the "main-json.yml" task file to include this update in the "Link AEPs to domains" section, adding "{{ item.access_policy_aep_domain_type }}-" to the DN in both places:
content:
{"infraRsDomP":{"attributes":{"childAction":"","dn":"uni/infra/attentp-{{ item.access_policy_aep_name }}/rsdomP-[uni/{{ item.access_policy_aep_domain_type }}-{{ item.access_policy_aep_domain_name }}]","tDn":"uni/{{ item.access_policy_aep_domain_type }}-{{ item.access_policy_aep_domain_name }}"}}}
This code worked for ACI release 4.2. I did not test against other versions.
I have a playbook just to create a simple tenant. Tenant is created but i get the following error. Note i am not configuring any L3out.
inventory file
fabric01:
hosts:
apic:
apic_host: 10.114.217.xx
apic_username: admin
apic_password: xxxxxx
vars:
apic_use_proxy: no
apic_validate_certs: no
aci_topology:
tenant:
- name: Example99
description: Example99Playbook
- name: Configuring APIC
hosts: apic
gather_facts: no
roles:
- role: datacenter.aci-model
aci_model_data: "{{ aci_topology }}"TASK [datacenter.aci-model : Associate BDs to l3outs] **************************************************
task path: /Users/hemakuma/.ansible/roles/datacenter.aci-model/tasks/main-json.yml:116
ERROR! Unexpected Exception, this is probably a bug: 'access_policy'
the full traceback was:
Traceback (most recent call last):
File "/usr/local/bin/ansible-playbook", line 106, in <module>
exit_code = cli.run()
File "/usr/local/lib/python2.7/site-packages/ansible/cli/playbook.py", line 130, in run
results = pbex.run()
File "/usr/local/lib/python2.7/site-packages/ansible/executor/playbook_executor.py", line 154, in run
result = self._tqm.run(play=play)
File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_queue_manager.py", line 292, in run
play_return = strategy.run(iterator, play_context)
File "/usr/local/lib/python2.7/site-packages/ansible/plugins/strategy/linear.py", line 248, in run
task_vars = self._variable_manager.get_vars(play=iterator._play, host=host, task=task)
File "/usr/local/lib/python2.7/site-packages/ansible/vars/manager.py", line 440, in get_vars
all_vars['ansible_delegated_vars'] = self._get_delegated_vars(play, task, all_vars)
File "/usr/local/lib/python2.7/site-packages/ansible/vars/manager.py", line 509, in _get_delegated_vars
loader=self._loader, fail_on_undefined=True, convert_bare=False)
File "/usr/local/lib/python2.7/site-packages/ansible/utils/listify.py", line 34, in listify_lookup_plugin_terms
terms = templar.template(terms.strip(), convert_bare=convert_bare, fail_on_undefined=fail_on_undefined)
File "/usr/local/lib/python2.7/site-packages/ansible/template/__init__.py", line 450, in template
disable_lookups=disable_lookups,
File "/usr/local/lib/python2.7/site-packages/ansible/template/__init__.py", line 672, in do_template
res = j2_concat(rf)
File "<template>", line 12, in root
File "/Users/hemakuma/.ansible/roles/datacenter.aci-model/plugins/filter/aci.py", line 8, in listify
return listify_worker(d, keys, 0, [], {}, '')
File "/Users/hemakuma/.ansible/roles/datacenter.aci-model/plugins/filter/aci.py", line 13, in listify_worker
for item in d[keys[depth]]:
The example playbook identifies an idempotency issue with the aci_rest module (in what could ultimately be an issue within the APIC itself).
Rerunning the playbook always indicates the below task has changed the configuration.
TASK [datacenter.aci-model : Add interface selector to interface policy profile] *****************************************************************************************************************
changed: [apic1 -> localhost] => (item={u'access_policy_interface_policy_profile_name': u'leaf_997_998', u'access_policy_interface_policy_profile_interface_selector_int_card': 1, u'access_policy_interface_policy_profile_interface_selector_int_to': 22, u'access_policy_interface_policy_profile_interface_selector_policy_group': u'99_router_01', u'access_policy_interface_policy_profile_interface_selector_policy_group_type': u'accbundle', u'access_policy_interface_policy_profile_interface_selector_name': u'Router01', u'access_policy_interface_policy_profile_interface_selector_int_from': 22})
changed: [apic1 -> localhost] => (item={u'access_policy_interface_policy_profile_name': u'leaf_997', u'access_policy_interface_policy_profile_interface_selector_int_card': 1, u'access_policy_interface_policy_profile_interface_selector_int_to': 33, u'access_policy_interface_policy_profile_interface_selector_policy_group': u'99_baremetal_01', u'access_policy_interface_policy_profile_interface_selector_policy_group_type': u'accportgrp', u'access_policy_interface_policy_profile_interface_selector_name': u'Server01', u'access_policy_interface_policy_profile_interface_selector_int_from': 33})
changed: [apic1 -> localhost] => (item={u'access_policy_interface_policy_profile_name': u'leaf_997', u'access_policy_interface_policy_profile_interface_selector_int_card': 1, u'access_policy_interface_policy_profile_interface_selector_int_to': 34, u'access_policy_interface_policy_profile_interface_selector_policy_group': u'99_baremetal_01', u'access_policy_interface_policy_profile_interface_selector_policy_group_type': u'accportgrp', u'access_policy_interface_policy_profile_interface_selector_name': u'Server02', u'access_policy_interface_policy_profile_interface_selector_int_from': 34})
changed: [apic1 -> localhost] => (item={u'access_policy_interface_policy_profile_name': u'leaf_998', u'access_policy_interface_policy_profile_interface_selector_int_card': 1, u'access_policy_interface_policy_profile_interface_selector_int_to': 35, u'access_policy_interface_policy_profile_interface_selector_policy_group': u'99_baremetal_01', u'access_policy_interface_policy_profile_interface_selector_policy_group_type': u'accportgrp', u'access_policy_interface_policy_profile_interface_selector_name': u'Server02', u'access_policy_interface_policy_profile_interface_selector_int_from': 35})The location of the issue:
ansible-role-aci-model/tasks/main-json.yml
Lines 159 to 168 in c9dc052
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.