Terraform で ACI 上に Microsegmentation EPG を含む Tenant を作成する

Terraform を使って Cisco ACI に「Microsegmentation EPG (uSeg EPG)を作成する」サンプルをメモしておきます。

構成
Terraform の設定ファイル
1. main.tf
2. aci.tf

構成

Terraform で以下の構成を設定します。

Terraform の設定ファイル

Terraform の設定ファイルは以下の通りです。

main.tf
aci.tf

main.tf

terraform {
  required_providers {
    aci = {
      source  = "CiscoDevNet/aci"
      version = "0.5.4"
    }
  }
}

provider "aci" {
  username = "admin"
  password = "password"
  url      = "https://10.0.0.1"
  insecure = true
}

aci.tf

# Tenant
resource "aci_tenant" "tenant" {
  name = "Tenant1"
}

# VRF
resource "aci_vrf" "vrf1" {
  tenant_dn = aci_tenant.tenant.id
  name      = "Vrf1"
}

# BD1
resource "aci_bridge_domain" "bd1" {
  tenant_dn                = aci_tenant.tenant.id
  name                     = "Bd1"
  relation_fv_rs_ctx       = aci_vrf.vrf1.id
}

resource "aci_subnet" "bd1_subnet" {
  parent_dn = aci_bridge_domain.bd1.id
  ip        = "10.0.101.254/24"
  scope     = ["private"]
}

# Application Profile
resource "aci_application_profile" "ap1" {
  tenant_dn = aci_tenant.tenant.id
  name      = "Ap1"
}

# Domain
data "aci_physical_domain" "physdom" {
  name = "PhysDom"
}

# EPG1
resource "aci_application_epg" "epg1" {
  application_profile_dn = aci_application_profile.ap1.id
  name                   = "Epg1"
  relation_fv_rs_bd      = aci_bridge_domain.bd1.id
}

resource "aci_epg_to_domain" "epg1_physdom" {
  application_epg_dn = aci_application_epg.epg1.id
  tdn                = data.aci_physical_domain.physdom.id
}

resource "aci_epg_to_static_path" "egp1_port1" {
  application_epg_dn = aci_application_epg.epg1.id
  tdn                = "topology/pod-1/paths-201/pathep-[eth1/1]"
  encap              = "vlan-101"
}

# Microsegmentation EPG1
resource "aci_application_epg" "useg1" {
  application_profile_dn = aci_application_profile.ap1.id
  is_attr_based_epg      = "yes"
  name                   = "uSeg1"
  relation_fv_rs_bd      = aci_bridge_domain.bd1.id
}

resource "aci_epg_to_domain" "useg1_physdom" {
  application_epg_dn = aci_application_epg.useg1.id
  tdn                = data.aci_physical_domain.physdom.id
}

resource "aci_rest" "useg1_node" {
  path       = "/api/mo/uni/tn-Tenant1/ap-Ap1/epg-uSeg1.json"
  class_name = "fvRsNodeAtt"
  content = {
    instrImedcy = "immediate"
    mode        = "regular"
    tDn         = "topology/pod-1/node-201"
  }
  depends_on = [
    aci_application_epg.useg1
  ]
}

resource "aci_rest" "useg1_crtrn" {
  path       = "/api/mo/uni/tn-Tenant1/ap-Ap1/epg-uSeg1.json"
  class_name = "fvCrtrn"
  content = {
    match = "any"
  }
  depends_on = [
    aci_application_epg.useg1
  ]
}

resource "aci_rest" "useg1_ipattr" {
  path       = "/api/mo/uni/tn-Tenant1/ap-Ap1/epg-uSeg1/crtrn/ipattr-0.json"
  class_name = "fvIpAttr"
  content = {
    ip          = "10.0.101.1/32"
    usefvSubnet = "no"
  }
  depends_on = [
    aci_rest.useg1_crtrn
  ]
}