Cisco and Terraform
RESTAPI - VMM
During this session, we will be leveraging the aci_rest resource. The importance of this resource is that allows the
user to create and manage any object in the ACI Policy Model that it is not currently supported by Terraform (Resources) to be created.
For example, the creation of Virtual Networking -> Virtual Machine Manager is currently not supported. We need to find a workaround
solution to be able to create the VMM domain and this is a perfect solution to showcase the power aci_rest resource. We
will be leveraging the aci_rest resource. ACI allows the user
to understand the ACI Object Model by providing multiple tools in ACI. Some of the tools available are:
- API inspector
- Object Browser
Step 1 - Create the directory
The first step is to create a directory for the VMM terraform files. Using the IDE you can create folders. This directory will live under the ACI folder.
When you click on the directory create ICON then you will be prompted to enter the name of the directory. For this
directory it will be called vmm
Now in that directory you can create the terraform file. In this case it will be called vmm.tf
Step 2 - Add the VMM domain by using the aci_rest Resource
provider "aci" {
username = "admin"
password = "cisco.123"
url = "http://10.0.226.41"
insecure = true
}
resource "aci_rest" "vmm" {
path = "/api/node/mo/uni.json"
payload = <<EOF
{
"vmmDomP":{
"attributes":{
"dn":"uni/vmmp-VMware/dom-aci_p23_dc3_vds",
"name":"aci_p23_dc3_vds",
"rn":"dom-aci_p23_dc3_vds",
"status":"created"
},
"children":[
{
"vmmCtrlrP":{
"attributes":{
"dn":"uni/vmmp-VMware/dom-aci_p23_dc3_vds/ctrlr-acilab_vcenter",
"name":"acilab_vcenter",
"hostOrIp":"10.0.226.193",
"rootContName":"dc_pod23",
"rn":"ctrlr-acilab_vcenter",
"status":"created"
},
"children":[
{
"vmmRsAcc":{
"attributes":{
"tDn":"uni/vmmp-VMware/dom-aci_p23_dc3_vds/usracc-aci_p23_credentials",
"status":"created"
},
"children":[
]
}
}
]
},
},
{
"infraRsVlanNs":{
"attributes":{
"tDn":"uni/infra/vlanns-[aci_p23_dynamic_vlanpool]-dynamic",
"status":"created"
},
"children":[
]
}
},
{
"vmmUsrAccP":{
"attributes":{
"dn":"uni/vmmp-VMware/dom-aci_p23_dc3_vds/usracc-aci_p23_credentials",
"name":"aci_p23_credentials",
"usr":"Terra23",
"pwd":"sanse.2019",
"rn":"usracc-aci_p23_credentials",
"status":"created"
},
"children":[
]
}
},
{
"vmmVSwitchPolicyCont":{
"attributes":{
"dn":"uni/vmmp-VMware/dom-aci_p23_dc3_vds/vswitchpolcont",
"status":"created,modified"
},
"children":[
{
"vmmRsVswitchOverrideLacpPol":{
"attributes":{
"tDn":"uni/infra/lacplagp-aci_p23_dc3_vds_lacpLagPol",
"status":"created,modified"
},
"children":[
]
}
},
{
"vmmRsVswitchOverrideLldpIfPol":{
"attributes":{
"tDn":"uni/infra/lldpIfP-aci_p23_dc3_vds_lldpIfPol",
"status":"created,modified"
},
"children":[
]
}
}
]
}
}
]
}
}
EOF
}
resource "aci_rest" "vmmAEPrelationship" {
path = "/api/node/mo/uni/infra/attentp-aci_p23_vmm_aep.json"
payload = <<EOF
{
"infraRsDomP": {
"attributes": {
"tDn": "uni/vmmp-VMware/dom-aci_p23_dc3_vds",
"status": "created,modified"
},
"children": []
}
}
EOF
}
Step 3 - Initialize the Project
Make sure you are in the correct directory and initialize the project. This process will download the necessary plugins which will allow Terraform to interact with ACI.
cd ~/terraform/ACI/vmm
terraform init
labuser@terra-vm-pod23:~/terraform/ACI/vmm$ terraform init terraform init Initializing the backend... Initializing provider plugins... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.aci: version = "~> 0.3" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
Step 4 - Create the Terraform Plan for the VMM Domain
After successfully initialized Terraform in this directory, the next step is to execute the terraform plan.
terraform plan -out vmm.plan
labuser@terra-vm-pod23:~# terraform plan -out vmm.plan
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aci_rest.vmm will be created
+ resource "aci_rest" "vmm" {
+ class_name = (known after apply)
+ dn = (known after apply)
+ id = (known after apply)
+ path = "/api/node/mo/uni.json"
+ payload = <<~EOT
{
"vmmDomP":{
"attributes":{
"dn":"uni/vmmp-VMware/dom-aci_p23_dc3_vds",
"name":"aci_p23_dc3_vds",
"rn":"dom-aci_p23_dc3_vds",
"status":"created"
},
"children":[
{
"vmmCtrlrP":{
"attributes":{
"dn":"uni/vmmp-VMware/dom-aci_p23_dc3_vds/ctrlr-acilab_vcenter",
"name":"acilab_vcenter",
"hostOrIp":"10.0.226.193",
"rootContName":"dc_pod23",
"rn":"ctrlr-acilab_vcenter",
"status":"created"
},
"children":[
{
"vmmRsAcc":{
"attributes":{
"tDn":"uni/vmmp-VMware/dom-aci_p23_dc3_vds/usracc-aci_p23_credentials",
"status":"created"
},
"children":[
]
}
}
]
},
},
{
"infraRsVlanNs":{
"attributes":{
"tDn":"uni/infra/vlanns-[aci_p23_dynamic_vlanpool]-dynamic",
"status":"created"
},
"children":[
]
}
},
{
"vmmUsrAccP":{
"attributes":{
"dn":"uni/vmmp-VMware/dom-aci_p23_dc3_vds/usracc-aci_p23_credentials",
"name":"aci_p23_credentials",
"usr":"",
"pwd":"",
"rn":"usracc-aci_p23_credentials",
"status":"created"
},
"children":[
]
}
},
{
"vmmVSwitchPolicyCont":{
"attributes":{
"dn":"uni/vmmp-VMware/dom-aci_p23_dc3_vds/vswitchpolcont",
"status":"created,modified"
},
"children":[
{
"vmmRsVswitchOverrideLacpPol":{
"attributes":{
"tDn":"uni/infra/lacplagp-aci_p23_dc3_vds_lacpLagPol",
"status":"created,modified"
},
"children":[
]
}
},
{
"vmmRsVswitchOverrideLldpIfPol":{
"attributes":{
"tDn":"uni/infra/lldpIfP-aci_p23_dc3_vds_lldpIfPol",
"status":"created,modified"
},
"children":[
]
}
}
]
}
}
]
}
}
EOT
}
# aci_rest.vmmAEPrelationship will be created
+ resource "aci_rest" "vmmAEPrelationship" {
+ class_name = (known after apply)
+ dn = (known after apply)
+ id = (known after apply)
+ path = "/api/node/mo/uni/infra/attentp-aci_p23_vmm_aep.json"
+ payload = jsonencode(
{
+ infraRsDomP = {
+ attributes = {
+ status = "created,modified"
+ tDn = "uni/vmmp-VMware/dom-aci_p23_dc3_vds"
}
+ children = []
}
}
)
}
Plan: 2 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
This plan was saved to: vmm.plan
To perform exactly these actions, run the following command to apply:
terraform apply "vmm.plan"
Step 5 - Apply Terraform for the VMM Domain
terraform apply "vmm.plan"
labuser@terra-vm-pod23:~# terraform apply "vmm.plan"
aci_rest.vmm: Creating...
aci_rest.vmmAEPrelationship: Creating...
aci_rest.vmm: Creation complete after 0s [id={}]
aci_rest.vmmAEPrelationship: Creation complete after 0s [id={}]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.
State path: terraform.tfstate