Skip to content

Terraform で ACI の Tenant を作成する

Terraform を使って Cisco ACI に「シンプルなテナント」を作成する例をメモしておきます。

構成

Terraform で以下の構成を設定します。

file

Terraform の設定ファイル

Terraform の設定ファイルは以下の通りです。

  1. variables.tf
  2. main.tf
  3. aci.tf

variables.tf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
variable "aci_url" { default = "https://10.0.0.1" }
variable "aci_username" { default = "admin" }
variable "aci_password" { default = "password" }
variable "tenant" { default = "Tenant1" }
variable "vrf" { default = "Vrf1" }
variable "bd1" { default = "Bd1" }
variable "bd1_subnet" { default = "10.0.1.254/24" }
variable "bd2" { default = "Bd2" }
variable "bd2_subnet" { default = "10.0.2.254/24" }
variable "contract1" { default = "Contract1" }
variable "ap1" { default = "Ap1" }
variable "physdom" { default = "PhysDom" }
variable "epg1" { default = "Epg1" }
variable "egp1_port1_tdn" { default = "topology/pod-1/paths-201/pathep-[eth1/1]" }
variable "egp1_port1_vlan" { default = "vlan-101" }
variable "epg1_contract1_type" { default = "consumer" }
variable "epg2" { default = "Epg2" }
variable "egp2_port1_tdn" { default = "topology/pod-1/paths-202/pathep-[eth1/1]" }
variable "egp2_port1_vlan" { default = "vlan-102" }
variable "epg2_contract1_type" { default = "provider" }

main.tf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
terraform {
  required_providers {
    aci = {
      source  = "CiscoDevNet/aci"
      version = "0.5.4"
    }
  }
}

provider "aci" {
  username = var.aci_username
  password = var.aci_password
  url      = var.aci_url
  insecure = true
}

aci.tf

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# Tenant
resource "aci_tenant" "tenant" {
  name = var.tenant
}

# VRF
resource "aci_vrf" "vrf" {
  tenant_dn = aci_tenant.tenant.id
  name      = var.vrf
}

# BD1
resource "aci_bridge_domain" "bd1" {
  tenant_dn          = aci_tenant.tenant.id
  name               = var.bd1
  relation_fv_rs_ctx = aci_vrf.vrf.id
}

resource "aci_subnet" "bd1_subnet" {
  parent_dn = aci_bridge_domain.bd1.id
  ip        = var.bd1_subnet
} 

# BD2
resource "aci_bridge_domain" "bd2" {
  tenant_dn          = aci_tenant.tenant.id
  name               = var.bd2
  relation_fv_rs_ctx = aci_vrf.vrf.id
}

resource "aci_subnet" "bd2_subnet" {
  parent_dn = aci_bridge_domain.bd2.id
  ip        = var.bd2_subnet
} 

# Contract / Subject / Filter
resource "aci_filter" "any" {
    tenant_dn = aci_tenant.tenant.id
    name      = "Filter_Any"
}

resource "aci_filter_entry" "entry1" {
    name        = "0010"
    filter_dn   = aci_filter.any.id
    ether_t     = "unspecified"
}

resource "aci_contract" "contract1" {
    tenant_dn = aci_tenant.tenant.id
    name      = var.contract1
}

resource "aci_contract_subject" "subject1" {
    contract_dn                  = aci_contract.contract1.id
    name                         = "Subject1"
    relation_vz_rs_subj_filt_att = [aci_filter.any.id]
}

# Application Profile
resource "aci_application_profile" "ap1" {
  tenant_dn = aci_tenant.tenant.id
  name      = var.ap1
}

# Domain
data "aci_physical_domain" "physdom" {
  name = var.physdom
}

# EPG1
resource "aci_application_epg" "epg1" {
  application_profile_dn = aci_application_profile.ap1.id
  name                   = var.epg1
  relation_fv_rs_bd      = aci_bridge_domain.bd1.id
}

resource "aci_epg_to_domain" "epg1_physdom" {
  application_epg_dn = aci_application_epg.epg1.id
  tdn                = data.aci_physical_domain.physdom.id
}

resource "aci_epg_to_static_path" "egp1_port1" {
  application_epg_dn = aci_application_epg.epg1.id
  tdn                = var.egp1_port1_tdn
  encap              = var.egp1_port1_vlan
}

resource "aci_epg_to_contract" "epg1_contract1" {
    application_epg_dn = aci_application_epg.epg1.id
    contract_dn        = aci_contract.contract1.id
    contract_type      = var.epg1_contract1_type
}

# EPG2
resource "aci_application_epg" "epg2" {
  application_profile_dn = aci_application_profile.ap1.id
  name                   = var.epg2
  relation_fv_rs_bd      = aci_bridge_domain.bd2.id
}

resource "aci_epg_to_domain" "epg2_physdom" {
  application_epg_dn = aci_application_epg.epg2.id
  tdn                = data.aci_physical_domain.physdom.id
}

resource "aci_epg_to_static_path" "egp2_port1" {
  application_epg_dn = aci_application_epg.epg2.id
  tdn                = var.egp2_port1_tdn
  encap              = var.egp2_port1_vlan
}

resource "aci_epg_to_contract" "epg2_contract1" {
    application_epg_dn = aci_application_epg.epg2.id
    contract_dn        = aci_contract.contract1.id
    contract_type      = var.epg2_contract1_type
}