Terraform module for deploying Cisco ACI tenants
Tenant
├── VRFs
├── Bridge domains and subnets
├── Application profiles
├── EPGs
├── Contracts
├── Filter and Filter entries
└── Contract bindings
When executing terraform init, the module will install automatically.
Copy and paste into your Terraform configuration, insert the variables, and run terraform init:
module "tenant" {
source = "insobi/tenant/aci"
# insert required variables here
}Single tenant deployment
module "aci_tenants" {
source = "insobi/tenant/aci"
tenant = {
name = "tenant3"
}
vrfs = {
TEST1-VRF = {}
TEST2-VRF = {}
}
bridge_domains = {
TEST1-BD = { vrf = "TEST1-VRF" }
TEST2-BD = { vrf = "TEST1-VRF" }
TEST3-BD = { vrf = "TEST2-VRF" }
TEST4-BD = { vrf = "TEST2-VRF" }
}
subnets = {
TEST1-SN = { bd = "TEST1-BD", ip = "10.225.3.1/24", scope = ["public"] }
TEST2-SN = { bd = "TEST2-BD", ip = "10.225.4.1/24", scope = ["public"] }
TEST3-SN = { bd = "TEST3-BD", ip = "10.225.5.1/24", scope = ["public"] }
TEST4-SN = { bd = "TEST4-BD", ip = "10.225.6.1/24", scope = ["public"] }
}
app_profiles = {
ap1 = { name = "TEST-AP" }
}
epgs = {
TEST1-EPG = { bd = "TEST1-BD", ap = "TEST-AP", domain = "uni/phys-TEST" }
TEST2-EPG = { bd = "TEST2-BD", ap = "TEST-AP", domain = "uni/phys-TEST" }
TEST3-EPG = { bd = "TEST3-BD", ap = "TEST-AP", domain = "uni/phys-TEST" }
TEST4-EPG = { bd = "TEST4-BD", ap = "TEST-AP", domain = "uni/phys-TEST" }
TEST5-EPG = { bd = "TEST4-BD", ap = "TEST-AP", domain = "uni/phys-TEST" }
}
filters = {
any = {}
ssh = {}
web = {}
}
filter_entries = {
any = { filter_name = "any", name = "any", dest_from_port = "unspecified", dest_to_port = "unspecified", ether_type = "unspecified", protocol = "unspecified" }, # unspecified icmp igmp tcp egp igp udp icmpv6 eigrp ospfigp pim l2tp
ssh = { filter_name = "ssh", name = "ssh", dest_from_port = "22", dest_to_port = "22", ether_type = "ipv4", protocol = "tcp" },
web1 = { filter_name = "web", name = "http", dest_from_port = "80", dest_to_port = "80", ether_type = "ipv4", protocol = "tcp" },
web2 = { filter_name = "web", name = "https", dest_from_port = "443", dest_to_port = "443", ether_type = "ipv4", protocol = "tcp" }
}
contracts = {
any = { filter = ["any"] }
ssh = { filter = ["ssh"] }
http = { filter = ["http", "https"] }
}
contract_bindings = {
TEST1-EPG-P-1 = { epg = "TEST1-EPG", contract_type = "provider", contract = "any" },
TEST2-EPG-P-1 = { epg = "TEST2-EPG", contract_type = "provider", contract = "ssh" },
TEST3-EPG-P-1 = { epg = "TEST3-EPG", contract_type = "provider", contract = "ssh" },
TEST4-EPG-P-1 = { epg = "TEST4-EPG", contract_type = "provider", contract = "ssh" },
TEST5-EPG-P-1 = { epg = "TEST5-EPG", contract_type = "provider", contract = "ssh" },
TEST5-EPG-P-2 = { epg = "TEST5-EPG", contract_type = "provider", contract = "ssh" },
TEST1-EPG-C-1 = { epg = "TEST1-EPG", contract_type = "consumer", contract = "any" },
TEST2-EPG-C-1 = { epg = "TEST2-EPG", contract_type = "consumer", contract = "any" },
TEST3-EPG-C-1 = { epg = "TEST3-EPG", contract_type = "consumer", contract = "any" },
TEST4-EPG-C-1 = { epg = "TEST4-EPG", contract_type = "consumer", contract = "any" },
TEST5-EPG-C-1 = { epg = "TEST5-EPG", contract_type = "consumer", contract = "any" }
}
}Multiple tenants deployment
module "aci_tenants" {
source = "insobi/tenant/aci"
for_each = var.tenants
tenant = each.value.tenant
vrfs = contains(keys(each.value), "vrfs") ? each.value.vrfs : {}
bridge_domains = contains(keys(each.value), "bridge_domains") ? each.value.bridge_domains : {}
subnets = contains(keys(each.value), "subnets") ? each.value.subnets : {}
app_profiles = contains(keys(each.value), "app_profiles") ? each.value.app_profiles : {}
epgs = contains(keys(each.value), "epgs") ? each.value.epgs : {}
aci_domain = contains(keys(each.value), "aci_domain") ? each.value.aci_domain : null
filters = contains(keys(each.value), "filters") ? each.value.filters : {}
filter_entries = contains(keys(each.value), "filter_entries") ? each.value.filter_entries : {}
contracts = contains(keys(each.value), "contracts") ? each.value.contracts : {}
contract_bindings = contains(keys(each.value), "contract_bindings") ? each.value.contract_bindings : {}
}Example of variable
tenants = {
tn1 = {
tenant = { name = "Tenant1" }
vrfs = { ... }
...
}
tn2 = {
tenant = { name : "Tenant2" }
vrfs = { ... }
...
}
...
}
| Name | Version |
|---|---|
| terraform | >= 0.13.4 |
| aci | >= 4.1 |
| Name | Version |
|---|---|
| aci | >= 2.1.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| tenant | ACI Tenant | map(object({ |
n/a | yes |
| vrfs | VRFs | map(object({ |
{} |
no |
| bridge_domains | Bridge domains | map(object({ |
{} |
no |
| subnets | Subnets | map(object({ |
{} |
no |
| app_profile | Application profiles | map(object({ |
{} |
no |
| epgs | EPGs | map(object({ |
{} |
no |
| filters | Filters | map(object({ |
{} |
no |
| filter_entries | Filter entries | map(object({ |
{} |
no |
| contracts | Contracts | map(object({ |
{} |
no |
| contract_bindings | Contract bindings | map(object({ |
{} |
no |
| Name | Description |
|---|---|
| tenant | ID of Tenant |
| vrf | IDs of VRF |
| bd | IDs of Bridge domain |
| subnet | IDs of Subnet |
| ap | IDs of Application profiles |
| epg | IDs of EPG |
| filter | IDs of Filter |
| entry | IDs of Filter entry |
| contract | IDs of Contract |
| epg_contract | IDs of Contract binding |
| domain | IDs of ACI Domain |
| Name | Type |
|---|---|
| aci_tenant | resource |
| aci_vrf | resource |
| aci_bridge_domain | resource |
| aci_subnet | resource |
| aci_application_profile | resource |
| aci_application_epg | resource |
| aci_filter | resource |
| aci_filter_entry | resource |
| aci_contract | resource |
| aci_epg_to_contract | resource |
| aci_epg_to_domain | resource |