Terraform を使って Cisco ACI に「シンプルなテナント」を作成する例をメモしておきます。
構成
Terraform で以下の構成を設定します。
Terraform の設定ファイル
Terraform の設定ファイルは以下の通りです。
- variables.tf
- main.tf
- aci.tf
variables.tf
variable "aci_url" { default = "https://10.0.0.1" }
variable "aci_username" { default = "admin" }
variable "aci_password" { default = "password" }
variable "tenant" { default = "Tenant1" }
variable "vrf" { default = "Vrf1" }
variable "bd1" { default = "Bd1" }
variable "bd1_subnet" { default = "10.0.1.254/24" }
variable "bd2" { default = "Bd2" }
variable "bd2_subnet" { default = "10.0.2.254/24" }
variable "contract1" { default = "Contract1" }
variable "ap1" { default = "Ap1" }
variable "physdom" { default = "PhysDom" }
variable "epg1" { default = "Epg1" }
variable "egp1_port1_tdn" { default = "topology/pod-1/paths-201/pathep-[eth1/1]" }
variable "egp1_port1_vlan" { default = "vlan-101" }
variable "epg1_contract1_type" { default = "consumer" }
variable "epg2" { default = "Epg2" }
variable "egp2_port1_tdn" { default = "topology/pod-1/paths-202/pathep-[eth1/1]" }
variable "egp2_port1_vlan" { default = "vlan-102" }
variable "epg2_contract1_type" { default = "provider" }main.tf
terraform {
required_providers {
aci = {
source = "CiscoDevNet/aci"
version = "0.5.4"
}
}
}
provider "aci" {
username = var.aci_username
password = var.aci_password
url = var.aci_url
insecure = true
}aci.tf
# Tenant
resource "aci_tenant" "tenant" {
name = var.tenant
}
# VRF
resource "aci_vrf" "vrf" {
tenant_dn = aci_tenant.tenant.id
name = var.vrf
}
# BD1
resource "aci_bridge_domain" "bd1" {
tenant_dn = aci_tenant.tenant.id
name = var.bd1
relation_fv_rs_ctx = aci_vrf.vrf.id
}
resource "aci_subnet" "bd1_subnet" {
parent_dn = aci_bridge_domain.bd1.id
ip = var.bd1_subnet
}
# BD2
resource "aci_bridge_domain" "bd2" {
tenant_dn = aci_tenant.tenant.id
name = var.bd2
relation_fv_rs_ctx = aci_vrf.vrf.id
}
resource "aci_subnet" "bd2_subnet" {
parent_dn = aci_bridge_domain.bd2.id
ip = var.bd2_subnet
}
# Contract / Subject / Filter
resource "aci_filter" "any" {
tenant_dn = aci_tenant.tenant.id
name = "Filter_Any"
}
resource "aci_filter_entry" "entry1" {
name = "0010"
filter_dn = aci_filter.any.id
ether_t = "unspecified"
}
resource "aci_contract" "contract1" {
tenant_dn = aci_tenant.tenant.id
name = var.contract1
}
resource "aci_contract_subject" "subject1" {
contract_dn = aci_contract.contract1.id
name = "Subject1"
relation_vz_rs_subj_filt_att = [aci_filter.any.id]
}
# Application Profile
resource "aci_application_profile" "ap1" {
tenant_dn = aci_tenant.tenant.id
name = var.ap1
}
# Domain
data "aci_physical_domain" "physdom" {
name = var.physdom
}
# EPG1
resource "aci_application_epg" "epg1" {
application_profile_dn = aci_application_profile.ap1.id
name = var.epg1
relation_fv_rs_bd = aci_bridge_domain.bd1.id
}
resource "aci_epg_to_domain" "epg1_physdom" {
application_epg_dn = aci_application_epg.epg1.id
tdn = data.aci_physical_domain.physdom.id
}
resource "aci_epg_to_static_path" "egp1_port1" {
application_epg_dn = aci_application_epg.epg1.id
tdn = var.egp1_port1_tdn
encap = var.egp1_port1_vlan
}
resource "aci_epg_to_contract" "epg1_contract1" {
application_epg_dn = aci_application_epg.epg1.id
contract_dn = aci_contract.contract1.id
contract_type = var.epg1_contract1_type
}
# EPG2
resource "aci_application_epg" "epg2" {
application_profile_dn = aci_application_profile.ap1.id
name = var.epg2
relation_fv_rs_bd = aci_bridge_domain.bd2.id
}
resource "aci_epg_to_domain" "epg2_physdom" {
application_epg_dn = aci_application_epg.epg2.id
tdn = data.aci_physical_domain.physdom.id
}
resource "aci_epg_to_static_path" "egp2_port1" {
application_epg_dn = aci_application_epg.epg2.id
tdn = var.egp2_port1_tdn
encap = var.egp2_port1_vlan
}
resource "aci_epg_to_contract" "epg2_contract1" {
application_epg_dn = aci_application_epg.epg2.id
contract_dn = aci_contract.contract1.id
contract_type = var.epg2_contract1_type
}
コメント