├── intro_module ├── requirements.txt ├── inventory ├── 07_lab_cleanup.yml ├── 06_aci_rest_pb.yml ├── vars │ ├── intranet_vars.yml │ └── intranet_vars_full_config.yml ├── 01_aci_tenant_pb.yml ├── 02_aci_tenant_network_pb.yml ├── 04_aci_tenant_app_pb.yml ├── 03_aci_tenant_policies_pb.yml └── 05_aci_deploy_app.yml ├── README.md ├── .gitignore ├── contributing.md └── LICENSE /intro_module/requirements.txt: -------------------------------------------------------------------------------- 1 | ansible>=2.4.2.0 2 | -------------------------------------------------------------------------------- /intro_module/inventory: -------------------------------------------------------------------------------- 1 | [apic:vars] 2 | username=admin 3 | password=!v3G@!4@Y 4 | ansible_python_interpreter="/usr/bin/env python" 5 | 6 | [apic] 7 | sandboxapicdc.cisco.com 8 | -------------------------------------------------------------------------------- /intro_module/07_lab_cleanup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: USE ACI REST MODULE 3 | hosts: apic 4 | connection: local 5 | gather_facts: False 6 | 7 | tasks: 8 | - name: ENSURE LAB WORK IS CLEANED UP 9 | aci_rest: 10 | host: "{{ inventory_hostname }}" 11 | username: "{{ username }}" 12 | password: "{{ password }}" 13 | method: "delete" 14 | validate_certs: False 15 | path: "api/mo/uni/tn-CHANGEME.json" 16 | -------------------------------------------------------------------------------- /intro_module/06_aci_rest_pb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: USE ACI REST MODULE 3 | hosts: apic 4 | connection: local 5 | gather_facts: False 6 | 7 | tasks: 8 | - name: ENSURE TENANT HAS L3 EXTERNAL NETWORK 9 | aci_rest: 10 | host: "{{ inventory_hostname }}" 11 | username: "{{ username }}" 12 | password: "{{ password }}" 13 | validate_certs: False 14 | method: "post" 15 | path: "api/mo/uni/tn-CHANGEME/out-corp_l3.json" 16 | content: '{"l3extOut": {"attributes": {"descr":"Created Using Ansible", "name":"corp_l3"}}}' 17 | -------------------------------------------------------------------------------- /intro_module/vars/intranet_vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | tenant: CHANGEME 3 | ap: "intranet" 4 | epgs: 5 | - epg: "web" 6 | encap: "21" 7 | contract_type: "both" 8 | consumer: "sql" 9 | provider: "web" 10 | - epg: "sql" 11 | encap: "22" 12 | contract_type: "provider" 13 | provider: "sql" 14 | epg_contracts: 15 | - epg: "web" 16 | contract: "web" 17 | contract_type: "provider" 18 | - epg: "web" 19 | contract: "sql" 20 | contract_type: "consumer" 21 | - epg: "sql" 22 | contract: "sql" 23 | contract_type: "provider" 24 | -------------------------------------------------------------------------------- /intro_module/01_aci_tenant_pb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ENSURE APPLICATION CONFIGURATION EXISTS 3 | hosts: apic 4 | connection: local 5 | gather_facts: False 6 | vars_prompt: 7 | - name: "tenant" 8 | prompt: "What would you like to name your Tenant?" 9 | private: no 10 | 11 | tasks: 12 | - name: ENSURE APPLICATIONS TENANT EXISTS 13 | aci_tenant: 14 | host: "{{ ansible_host }}" 15 | username: "{{ username }}" 16 | password: "{{ password }}" 17 | state: "present" 18 | validate_certs: False 19 | tenant: "{{ tenant }}" 20 | description: "Tenant Created Using Ansible" 21 | -------------------------------------------------------------------------------- /intro_module/vars/intranet_vars_full_config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | tenant: CHANGEME 3 | vrf: "prod_vrf" 4 | bridge_domains: 5 | - bd: "prod_bd" 6 | gateway: "10.1.100.1" 7 | mask: "24" 8 | scope: "public" 9 | ap: "intranet" 10 | epgs: 11 | - epg: "web" 12 | bd: "prod_bd" 13 | encap: "21" 14 | - epg: "db" 15 | bd: "prod_bd" 16 | encap: "22" 17 | epg_contracts: 18 | - epg: "web" 19 | contract: "web" 20 | contract_type: "provider" 21 | - epg: "web" 22 | contract: "sql" 23 | contract_type: "consumer" 24 | - epg: "db" 25 | contract: "sql" 26 | contract_type: "provider" 27 | contracts: 28 | - contract: "web" 29 | subject: "https" 30 | filter: "https" 31 | - contract: "sql" 32 | subject: "sql" 33 | filter: "sql" 34 | filters: 35 | - filter: "https" 36 | entry: "https" 37 | protocol: "tcp" 38 | port: "443" 39 | - filter: "sql" 40 | entry: "sql" 41 | protocol: "tcp" 42 | port: "1433" 43 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Cisco DevNet Learning Labs: Code Samples for the ACI Ansible Learning Labs 2 | 3 | These code samples are for Learning Labs displayed within the [Cisco DevNet Learning Labs system](https://developer.cisco.com/learning). 4 | 5 | Contributions are welcome, and we are glad to review changes through pull requests. See [contributing.md](contributing.md) for details. 6 | 7 | The goal of these learning labs is to ensure a 'hands-on' learning approach rather than just theory or instructions. 8 | 9 | ## About these Learning Labs 10 | 11 | The YAML files contain Ansible playbooks for various scenarios of applying network configurations. 12 | 13 | If you want more help, please reach out to Cisco DevNet on Spark. 14 | 15 | ## Contributing 16 | 17 | These learning modules are for public consumption, so you must ensure that you have the rights to any content that you contribute. 18 | 19 | * If you'd like to contribute to an existing lab, refer to [contributing.md](contributing.md). 20 | * If you're interested in creating a new Cisco DevNet Learning Lab, please contact a DevNet administrator for guidance. 21 | 22 | 23 | -------------------------------------------------------------------------------- /intro_module/02_aci_tenant_network_pb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ENSURE APPLICATION CONFIGURATION EXISTS 3 | hosts: apic 4 | connection: local 5 | gather_facts: False 6 | vars_prompt: 7 | - name: "tenant" 8 | prompt: "What would you like to name your Tenant?" 9 | private: no 10 | 11 | tasks: 12 | - name: ENSURE TENANT VRF EXISTS 13 | aci_vrf: 14 | host: "{{ ansible_host }}" 15 | username: "{{ username }}" 16 | password: "{{ password }}" 17 | state: "present" 18 | validate_certs: False 19 | tenant: "{{ tenant }}" 20 | vrf: "{{ vrf }}" 21 | description: "VRF Created Using Ansible" 22 | 23 | - name: ENSURE TENANT BRIDGE DOMAIN EXISTS 24 | aci_bd: 25 | host: "{{ ansible_host }}" 26 | username: "{{ username }}" 27 | password: "{{ password }}" 28 | state: "present" 29 | validate_certs: False 30 | tenant: "{{ tenant }}" 31 | bd: "{{ bd | default('prod_bd') }}" 32 | vrf: "{{ vrf }}" 33 | description: "BD Created Using Ansible" 34 | 35 | - name: ENSURE BRIDGE DOMAIN SUBNET EXISTS 36 | aci_bd_subnet: 37 | host: "{{ ansible_host }}" 38 | username: "{{ username }}" 39 | password: "{{ password }}" 40 | state: "present" 41 | validate_certs: False 42 | tenant: "{{ tenant }}" 43 | bd: "{{ bd | default('prod_bd') }}" 44 | gateway: "10.10.101.1" 45 | mask: 24 46 | description: "Subnet Created Using Ansible" 47 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | wheels/ 24 | *.egg-info/ 25 | .installed.cfg 26 | *.egg 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | 49 | # Translations 50 | *.mo 51 | *.pot 52 | 53 | # Django stuff: 54 | *.log 55 | local_settings.py 56 | 57 | # Flask stuff: 58 | instance/ 59 | .webassets-cache 60 | 61 | # Scrapy stuff: 62 | .scrapy 63 | 64 | # Sphinx documentation 65 | docs/_build/ 66 | 67 | # PyBuilder 68 | target/ 69 | 70 | # Jupyter Notebook 71 | .ipynb_checkpoints 72 | 73 | # pyenv 74 | .python-version 75 | 76 | # celery beat schedule file 77 | celerybeat-schedule 78 | 79 | # SageMath parsed files 80 | *.sage.py 81 | 82 | # dotenv 83 | .env 84 | 85 | # virtualenv 86 | .venv 87 | venv/ 88 | ENV/ 89 | 90 | # Spyder project settings 91 | .spyderproject 92 | .spyproject 93 | 94 | # Rope project settings 95 | .ropeproject 96 | 97 | # mkdocs documentation 98 | /site 99 | 100 | # mypy 101 | .mypy_cache/ 102 | 103 | *.retry 104 | -------------------------------------------------------------------------------- /intro_module/04_aci_tenant_app_pb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ENSURE APPLICATION CONFIGURATION EXISTS 3 | hosts: apic 4 | connection: local 5 | gather_facts: False 6 | 7 | tasks: 8 | - name: ENSURE APPLICATION EXISTS 9 | aci_ap: 10 | host: "{{ inventory_hostname }}" 11 | username: "{{ username }}" 12 | password: "{{ password }}" 13 | state: "present" 14 | validate_certs: False 15 | tenant: "{{ tenant }}" 16 | ap: "{{ ap }}" 17 | descr: "App Profile Created Using Ansible" 18 | 19 | - name: ENSURE APPLICATION EPGS EXISTS 20 | aci_epg: 21 | host: "{{ inventory_hostname }}" 22 | username: "{{ username }}" 23 | password: "{{ password }}" 24 | state: "present" 25 | validate_certs: False 26 | tenant: "{{ tenant }}" 27 | ap: "{{ ap }}" 28 | epg: "{{ item.epg }}" 29 | bd: "prod_bd" 30 | description: "EPG Created Using Ansible" 31 | with_items: "{{ epgs }}" 32 | 33 | - name: ENSURE DOMAIN IS BOUND TO EPG 34 | aci_epg_to_domain: 35 | host: "{{ inventory_hostname }}" 36 | username: "{{ username }}" 37 | password: "{{ password }}" 38 | state: "present" 39 | validate_certs: false 40 | tenant: "{{ tenant }}" 41 | ap: "{{ ap }}" 42 | epg: "{{ item.epg }}" 43 | domain: "aci_ansible_lab" 44 | domain_type: "vmm" 45 | vm_provider: "vmware" 46 | encap_mode: "auto" 47 | encap: "{{ item.encap }}" 48 | with_items: "{{ epgs }}" 49 | 50 | - name: ENSURE EPG IS ASSOCIATED TO CONTRACTS 51 | aci_epg_to_contract: 52 | host: "{{ inventory_hostname }}" 53 | username: "{{ username }}" 54 | password: "{{ password }}" 55 | state: "present" 56 | validate_certs: False 57 | tenant: "{{ tenant }}" 58 | ap: "{{ ap }}" 59 | epg: "{{ item.epg }}" 60 | contract: "{{ item.contract }}" 61 | contract_type: "{{ item.contract_type }}" 62 | with_items: "{{ epg_contracts }}" 63 | -------------------------------------------------------------------------------- /contributing.md: -------------------------------------------------------------------------------- 1 | # How to contribute to a Learning Lab 2 | 3 | For Learning Labs, there are a few primary ways to help: 4 | - Testing the Learning Lab and then reporting issues in the repo or in the common issues tracking repo 5 | - Using the Issue tracker to report issues or comment that you will work on an issue 6 | - Updating the content in the Learning Lab repo 7 | - Requesting or creating a release 8 | - Contacting DevNet to publish new or updated Learning Labs 9 | 10 | ## Using the issue tracker 11 | 12 | For Learning Labs, there are two potential places to track issues, depending on 13 | whether the repo is a public or private repo. 14 | 15 | For public repo Learning Labs, use the issue tracker in the repo. All Learning Labs repos in the CiscoDevNet organization have a topic of `learning-labs`. 16 | 17 | For private Learning Labs, use the common Issue tracker in the [CiscoDevNet/learning-labs-issues](https://github.com/CiscoDevNet/learning-labs-issues) repo. 18 | 19 | For DevNet Express events, use these Issue tracker repos based on the content track: 20 | * https://github.com/CiscoDevNet/devnet-express-dna-issues 21 | * https://github.com/CiscoDevNet/devnet-express-cc-issues 22 | * https://github.com/CiscoDevNet/devnet-express-dci-issues 23 | * https://github.com/CiscoDevNet/devnet-express-security-issues 24 | 25 | Use the issue tracker to suggest additions, report bugs, and ask questions. 26 | This is also a great way to connect with the developers of the project as well 27 | as others who are interested in this solution. 28 | 29 | Also use the issue tracker to find ways to contribute. Test a lab, find a bug, 30 | log an issue, or offer an update, comment on the issue that you will take on 31 | that effort, then follow the _Changing the Learning Lab content_ guidance below. 32 | 33 | ## Changing the Learning Lab content 34 | 35 | Generally speaking, you should clone the Learning Lab repository, make changes locally, and then submit a pull request (PR). All new content should be tested 36 | to validate that documented tasks work correctly. Additionally, the content 37 | should follow the [Learning Lab Style Guide](https://github.com/CiscoDevNet/devnet-writing-guidelines/wiki/Lab-Style-Guide). 38 | 39 | The [DevNet Writing Guidelines Wiki](https://github.com/CiscoDevNet/devnet-writing-guidelines/wiki) 40 | describes the review and publishing process in detail. Please feel free to request reviews from DevNet contributors you see in the repository and we will review submissions. 41 | -------------------------------------------------------------------------------- /intro_module/03_aci_tenant_policies_pb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ENSURE APPLICATION CONFIGURATION EXISTS 3 | hosts: apic 4 | connection: local 5 | gather_facts: False 6 | vars_prompt: 7 | - name: "tenant" 8 | prompt: "What would you like to name your Tenant?" 9 | private: no 10 | 11 | tasks: 12 | - name: ENSURE TENANT FILTERS EXIST 13 | aci_filter: 14 | host: "{{ ansible_host }}" 15 | username: "{{ username }}" 16 | password: "{{ password }}" 17 | state: "present" 18 | validate_certs: False 19 | tenant: "{{ tenant }}" 20 | filter: "{{ item }}" 21 | descr: "Filter Created Using Ansible" 22 | with_items: 23 | - "https" 24 | - "sql" 25 | 26 | - name: ENSURE FILTERS HAVE FILTER ENTRIES 27 | aci_filter_entry: 28 | host: "{{ inventory_hostname }}" 29 | username: "{{ username }}" 30 | password: "{{ password }}" 31 | state: "present" 32 | validate_certs: False 33 | tenant: "{{ tenant }}" 34 | filter: "{{ item.filter }}" 35 | entry: "{{ item.entry }}" 36 | ether_type: "ip" 37 | ip_protocol: "tcp" 38 | dst_port_start: "{{ item.port }}" 39 | dst_port_end: "{{ item.port }}" 40 | with_items: 41 | - filter: "https" 42 | entry: "https" 43 | port: 443 44 | - filter: "sql" 45 | entry: "sql" 46 | port: 1433 47 | 48 | - name: ENSURE TENANT CONTRACTS EXIST 49 | aci_contract: 50 | host: "{{ inventory_hostname }}" 51 | username: "{{ username }}" 52 | password: "{{ password }}" 53 | state: "present" 54 | validate_certs: False 55 | tenant: "{{ tenant }}" 56 | contract: "{{ item }}" 57 | scope: "context" 58 | description: "Contract Created Using Ansible" 59 | with_items: 60 | - "web" 61 | - "sql" 62 | 63 | - name: ENSURE CONTRACTS HAVE CONTRACT SUBJECTS 64 | aci_contract_subject: 65 | host: "{{ inventory_hostname }}" 66 | username: "{{ username }}" 67 | password: "{{ password }}" 68 | state: "present" 69 | validate_certs: False 70 | tenant: "{{ tenant }}" 71 | contract: "{{ item.contract }}" 72 | subject: "{{ item.subject }}" 73 | with_items: 74 | - contract: "web" 75 | subject: "https" 76 | - contract: "sql" 77 | subject: "sql" 78 | 79 | - name: ENSURE CONTRACTS SUBJECTS ARE ASSOCIATED WITH FILTERS 80 | aci_contract_subject_to_filter: 81 | host: "{{ inventory_hostname }}" 82 | username: "{{ username }}" 83 | password: "{{ password }}" 84 | state: "present" 85 | validate_certs: False 86 | tenant_name: "{{ tenant }}" 87 | contract: "{{ item.contract }}" 88 | subject: "{{ item.subject }}" 89 | filter: "{{ item.filter }}" 90 | with_items: 91 | - contract: "web" 92 | subject: "https" 93 | filter: "https" 94 | - contract: "sql" 95 | subject: "sql" 96 | filter: "sql" 97 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | CISCO SAMPLE CODE LICENSE 2 | Version 1.0 3 | Copyright (c) 2017-2023 Cisco and/or its affiliates 4 | 5 | These terms govern this Cisco example or demo source code and its 6 | associated documentation (together, the "Sample Code"). By downloading, 7 | copying, modifying, compiling, or redistributing the Sample Code, you 8 | accept and agree to be bound by the following terms and conditions (the 9 | "License"). If you are accepting the License on behalf of an entity, you 10 | represent that you have the authority to do so (either you or the entity, 11 | "you"). Sample Code is not supported by Cisco TAC and is not tested for 12 | quality or performance. This is your only license to the Sample Code and 13 | all rights not expressly granted are reserved. 14 | 15 | 1. LICENSE GRANT: Subject to the terms and conditions of this License, 16 | Cisco hereby grants to you a perpetual, worldwide, non-exclusive, non- 17 | transferable, non-sublicensable, royalty-free license to copy and 18 | modify the Sample Code in source code form, and compile and 19 | redistribute the Sample Code in binary/object code or other executable 20 | forms, in whole or in part, solely for use with Cisco products and 21 | services. For interpreted languages like Java and Python, the 22 | executable form of the software may include source code and 23 | compilation is not required. 24 | 25 | 2. CONDITIONS: You shall not use the Sample Code independent of, or to 26 | replicate or compete with, a Cisco product or service. Cisco products 27 | and services are licensed under their own separate terms and you shall 28 | not use the Sample Code in any way that violates or is inconsistent 29 | with those terms (for more information, please visit: 30 | www.cisco.com/go/terms. 31 | 32 | 3. OWNERSHIP: Cisco retains sole and exclusive ownership of the Sample 33 | Code, including all intellectual property rights therein, except with 34 | respect to any third-party material that may be used in or by the 35 | Sample Code. Any such third-party material is licensed under its own 36 | separate terms (such as an open source license) and all use must be in 37 | full accordance with the applicable license. This License does not 38 | grant you permission to use any trade names, trademarks, service 39 | marks, or product names of Cisco. If you provide any feedback to Cisco 40 | regarding the Sample Code, you agree that Cisco, its partners, and its 41 | customers shall be free to use and incorporate such feedback into the 42 | Sample Code, and Cisco products and services, for any purpose, and 43 | without restriction, payment, or additional consideration of any kind. 44 | If you initiate or participate in any litigation against Cisco, its 45 | partners, or its customers (including cross-claims and counter-claims) 46 | alleging that the Sample Code and/or its use infringe any patent, 47 | copyright, or other intellectual property right, then all rights 48 | granted to you under this License shall terminate immediately without 49 | notice. 50 | 51 | 4. LIMITATION OF LIABILITY: CISCO SHALL HAVE NO LIABILITY IN CONNECTION 52 | WITH OR RELATING TO THIS LICENSE OR USE OF THE SAMPLE CODE, FOR 53 | DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO DIRECT, INCIDENTAL, 54 | AND CONSEQUENTIAL DAMAGES, OR FOR ANY LOSS OF USE, DATA, INFORMATION, 55 | PROFITS, BUSINESS, OR GOODWILL, HOWEVER CAUSED, EVEN IF ADVISED OF THE 56 | POSSIBILITY OF SUCH DAMAGES. 57 | 58 | 5. DISCLAIMER OF WARRANTY: SAMPLE CODE IS INTENDED FOR EXAMPLE PURPOSES 59 | ONLY AND IS PROVIDED BY CISCO "AS IS" WITH ALL FAULTS AND WITHOUT 60 | WARRANTY OR SUPPORT OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY 61 | LAW, ALL EXPRESS AND IMPLIED CONDITIONS, REPRESENTATIONS, AND 62 | WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR 63 | CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON- 64 | INFRINGEMENT, SATISFACTORY QUALITY, NON-INTERFERENCE, AND ACCURACY, 65 | ARE HEREBY EXCLUDED AND EXPRESSLY DISCLAIMED BY CISCO. CISCO DOES NOT 66 | WARRANT THAT THE SAMPLE CODE IS SUITABLE FOR PRODUCTION OR COMMERCIAL 67 | USE, WILL OPERATE PROPERLY, IS ACCURATE OR COMPLETE, OR IS WITHOUT 68 | ERROR OR DEFECT. 69 | 70 | 6. GENERAL: This License shall be governed by and interpreted in 71 | accordance with the laws of the State of California, excluding its 72 | conflict of laws provisions. You agree to comply with all applicable 73 | United States export laws, rules, and regulations. If any provision of 74 | this License is judged illegal, invalid, or otherwise unenforceable, 75 | that provision shall be severed and the rest of the License shall 76 | remain in full force and effect. No failure by Cisco to enforce any of 77 | its rights related to the Sample Code or to a breach of this License 78 | in a particular situation will act as a waiver of such rights. In the 79 | event of any inconsistencies with any other terms, this License shall 80 | take precedence. 81 | -------------------------------------------------------------------------------- /intro_module/05_aci_deploy_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ENSURE APPLICATION CONFIGURATION EXISTS 3 | hosts: apic 4 | connection: local 5 | gather_facts: False 6 | 7 | tasks: 8 | - name: TASK 01 - ENSURE APPLICATIONS TENANT EXISTS 9 | aci_tenant: 10 | host: "{{ inventory_hostname }}" 11 | username: "{{ username }}" 12 | password: "{{ password }}" 13 | state: "present" 14 | validate_certs: False 15 | tenant: "{{ tenant }}" 16 | descr: "Tenant Created Using Ansible" 17 | tags: tenant, vrf, bd, filter, contract, app, epg 18 | 19 | - name: TASK 02 - ENSURE TENANT VRF EXISTS 20 | aci_vrf: 21 | host: "{{ inventory_hostname }}" 22 | username: "{{ username }}" 23 | password: "{{ password }}" 24 | state: "present" 25 | validate_certs: False 26 | tenant: "{{ tenant }}" 27 | vrf: "{{ vrf }}" 28 | descr: "VRF Created Using Ansible" 29 | tags: vrf, bd 30 | 31 | - name: TASK 03 - ENSURE TENANT BRIDGE DOMAINS AND EXIST 32 | aci_bd: 33 | host: "{{ inventory_hostname }}" 34 | username: "{{ username }}" 35 | password: "{{ password }}" 36 | state: "present" 37 | validate_certs: False 38 | tenant: "{{ tenant }}" 39 | bd: "{{ item.bd | default('prod_bd') }}" 40 | vrf: "{{ vrf }}" 41 | with_items: "{{ bridge_domains }}" 42 | tags: bd 43 | 44 | - name: TASK 04 - ENSURE BRIDGE DOMAINS HAVE SUBNETS 45 | aci_bd_subnet: 46 | host: "{{ inventory_hostname }}" 47 | username: "{{ username }}" 48 | password: "{{ password }}" 49 | validate_certs: False 50 | state: "present" 51 | tenant: "{{ tenant }}" 52 | bd: "{{ item.bd }}" 53 | gateway: "{{ item.gateway }}" 54 | mask: "{{ item.mask }}" 55 | scope: "{{ item.scope }}" 56 | with_items: "{{ bridge_domains }}" 57 | 58 | - name: TASK 05 - ENSURE TENANT FILTERS EXIST 59 | aci_filter: 60 | host: "{{ inventory_hostname }}" 61 | username: "{{ username }}" 62 | password: "{{ password }}" 63 | validate_certs: False 64 | state: "present" 65 | tenant: "{{ tenant }}" 66 | filter: "{{ item.filter }}" 67 | descr: "Filter Created Using Ansible" 68 | with_items: "{{ filters }}" 69 | tags: filter, contract 70 | 71 | - name: TASK 06 - ENSURE FILTERS HAVE FILTER ENTRIES 72 | aci_filter_entry: 73 | host: "{{ inventory_hostname }}" 74 | username: "{{ username }}" 75 | password: "{{ password }}" 76 | state: "present" 77 | validate_certs: False 78 | tenant: "{{ tenant }}" 79 | filter: "{{ item.filter }}" 80 | entry: "{{ item.entry }}" 81 | ether_type: "ip" 82 | ip_protocol: "{{ item.protocol }}" 83 | dst_port_start: "{{ item.port }}" 84 | dst_port_end: "{{ item.port }}" 85 | with_items: "{{ filters }}" 86 | tags: filter, contract 87 | 88 | - name: TASK 07 - ENSURE TENANT CONTRACTS EXIST 89 | aci_contract: 90 | host: "{{ inventory_hostname }}" 91 | username: "{{ username }}" 92 | password: "{{ password }}" 93 | validate_certs: False 94 | state: "present" 95 | tenant: "{{ tenant }}" 96 | contract: "{{ item.contract }}" 97 | scope: "context" 98 | description: "Contract Created Using Ansible" 99 | with_items: "{{ contracts }}" 100 | tags: contract 101 | 102 | - name: TASK 08 - ENSURE CONTRACTS HAVE CONTRACT SUBJECTS 103 | aci_contract_subject: 104 | host: "{{ inventory_hostname }}" 105 | username: "{{ username }}" 106 | password: "{{ password }}" 107 | validate_certs: False 108 | state: "present" 109 | tenant: "{{ tenant }}" 110 | contract: "{{ item.contract }}" 111 | subject: "{{ item.subject }}" 112 | with_items: "{{ contracts }}" 113 | tags: contract 114 | 115 | - name: TASK 09 - ENSURE CONTRACT SUBJECTS HAVE FILTERS 116 | aci_contract_subject_to_filter: 117 | host: "{{ inventory_hostname }}" 118 | username: "{{ username }}" 119 | password: "{{ password }}" 120 | validate_certs: False 121 | state: "present" 122 | tenant: "{{ tenant }}" 123 | contract: "{{ item.contract }}" 124 | subject: "{{ item.subject }}" 125 | filter: "{{ item.filter }}" 126 | with_items: "{{ contracts }}" 127 | tags: contract 128 | 129 | - name: TASK 10 - ENSURE APPLICATION EXISTS 130 | aci_ap: 131 | host: "{{ inventory_hostname }}" 132 | username: "{{ username }}" 133 | password: "{{ password }}" 134 | validate_certs: False 135 | state: "present" 136 | tenant: "{{ tenant }}" 137 | ap: "{{ ap }}" 138 | descr: "App Profile Created Using Ansible" 139 | tags: app, epg 140 | 141 | - name: TASK 11 - ENSURE APPLICATION EPGS EXISTS 142 | aci_epg: 143 | host: "{{ inventory_hostname }}" 144 | username: "{{ username }}" 145 | password: "{{ password }}" 146 | validate_certs: False 147 | state: "present" 148 | tenant: "{{ tenant }}" 149 | ap: "{{ ap }}" 150 | epg: "{{ item.epg }}" 151 | bd: "{{ item.bd }}" 152 | descr: "EPG Created Using Ansible" 153 | with_items: "{{ epgs }}" 154 | tags: epg 155 | 156 | - name: TASK 12 - ENSURE DOMAIN IS BOUND TO EPG 157 | aci_epg_to_domain: 158 | host: "{{ inventory_hostname }}" 159 | username: "{{ username }}" 160 | password: "{{ password }}" 161 | validate_certs: False 162 | state: "present" 163 | tenant: "{{ tenant }}" 164 | ap: "{{ ap }}" 165 | epg: "{{ item.epg }}" 166 | domain: "aci_ansible_lab" 167 | domain_type: "vmm" 168 | vm_provider: "vmware" 169 | encap_mode: "auto" 170 | encap: "{{ item.encap }}" 171 | with_items: "{{ epgs }}" 172 | tags: epg 173 | 174 | - name: TASK 13 - ENSURE EPGS HAVE CONTRACTS 175 | aci_epg_to_contract: 176 | host: "{{ inventory_hostname }}" 177 | username: "{{ username }}" 178 | password: "{{ password }}" 179 | validate_certs: False 180 | state: "present" 181 | tenant: "{{ tenant }}" 182 | ap: "{{ ap }}" 183 | epg: "{{ item.epg }}" 184 | contract: "{{ item.contract }}" 185 | contract_type: "{{ item.contract_type }}" 186 | with_items: "{{ epg_contracts }}" 187 | tags: epg 188 | --------------------------------------------------------------------------------