Terraform を使って Cisco ACI に「Microsegmentation EPG (uSeg EPG)を作成する」サンプルをメモしておきます。

構成

Terraform で以下の構成を設定します。

Terraform の設定ファイル

Terraform の設定ファイルは以下の通りです。

1. main.tf
2. aci.tf

main.tf

terraform {
  required_providers {
    aci = {
      source  = "CiscoDevNet/aci"
      version = "0.5.4"
    }
  }
}

provider "aci" {
  username = "admin"
  password = "password"
  url      = "https://10.0.0.1"
  insecure = true
}

aci.tf

# Tenant
resource "aci_tenant" "tenant" {
  name = "Tenant1"
}

# VRF
resource "aci_vrf" "vrf1" {
  tenant_dn = aci_tenant.tenant.id
  name      = "Vrf1"
}

# BD1
resource "aci_bridge_domain" "bd1" {
  tenant_dn                = aci_tenant.tenant.id
  name                     = "Bd1"
  relation_fv_rs_ctx       = aci_vrf.vrf1.id
}

resource "aci_subnet" "bd1_subnet" {
  parent_dn = aci_bridge_domain.bd1.id
  ip        = "10.0.101.254/24"
  scope     = ["private"]
}

# Application Profile
resource "aci_application_profile" "ap1" {
  tenant_dn = aci_tenant.tenant.id
  name      = "Ap1"
}

# Domain
data "aci_physical_domain" "physdom" {
  name = "PhysDom"
}

# EPG1
resource "aci_application_epg" "epg1" {
  application_profile_dn = aci_application_profile.ap1.id
  name                   = "Epg1"
  relation_fv_rs_bd      = aci_bridge_domain.bd1.id
}

resource "aci_epg_to_domain" "epg1_physdom" {
  application_epg_dn = aci_application_epg.epg1.id
  tdn                = data.aci_physical_domain.physdom.id
}

resource "aci_epg_to_static_path" "egp1_port1" {
  application_epg_dn = aci_application_epg.epg1.id
  tdn                = "topology/pod-1/paths-201/pathep-[eth1/1]"
  encap              = "vlan-101"
}

# Microsegmentation EPG1
resource "aci_application_epg" "useg1" {
  application_profile_dn = aci_application_profile.ap1.id
  is_attr_based_epg      = "yes"
  name                   = "uSeg1"
  relation_fv_rs_bd      = aci_bridge_domain.bd1.id
}

resource "aci_epg_to_domain" "useg1_physdom" {
  application_epg_dn = aci_application_epg.useg1.id
  tdn                = data.aci_physical_domain.physdom.id
}

resource "aci_rest" "useg1_node" {
  path       = "/api/mo/uni/tn-Tenant1/ap-Ap1/epg-uSeg1.json"
  class_name = "fvRsNodeAtt"
  content = {
    instrImedcy = "immediate"
    mode        = "regular"
    tDn         = "topology/pod-1/node-201"
  }
  depends_on = [
    aci_application_epg.useg1
  ]
}

resource "aci_rest" "useg1_crtrn" {
  path       = "/api/mo/uni/tn-Tenant1/ap-Ap1/epg-uSeg1.json"
  class_name = "fvCrtrn"
  content = {
    match = "any"
  }
  depends_on = [
    aci_application_epg.useg1
  ]
}

resource "aci_rest" "useg1_ipattr" {
  path       = "/api/mo/uni/tn-Tenant1/ap-Ap1/epg-uSeg1/crtrn/ipattr-0.json"
  class_name = "fvIpAttr"
  content = {
    ip          = "10.0.101.1/32"
    usefvSubnet = "no"
  }
  depends_on = [
    aci_rest.useg1_crtrn
  ]
}