Documentation

aci_vrf - Manage contexts or VRFs (fv:Ctx)

New in version 2.4.

Synopsis

  • Manage contexts or VRFs on Cisco ACI fabrics.
  • Each context is a private network associated to a tenant, i.e. VRF.

Parameters

Parameter Choices/Defaults Comments
certificate_name
The X.509 certificate name attached to the APIC AAA user used for signature-based authentication.
It defaults to the private_key basename, without extension.

aliases: cert_name
description
The description for the VRF.

aliases: descr
host
required
IP Address or hostname of APIC resolvable by Ansible control host.

aliases: hostname
output_level
    Choices:
  • debug
  • info
  • normal ←
Influence the output of this ACI module.
normal means the standard output, incl. current dict
info adds informational output, incl. previous, proposed and sent dicts
debug adds debugging output, incl. filter_string, method, response, status and url information
password
required
The password to use for authentication.
This option is mutual exclusive with private_key. If private_key is provided too, it will be used instead.
policy_control_direction
    Choices:
  • egress
  • ingress
Determines if the policy should be enforced by the fabric on ingress or egress.
policy_control_preference
    Choices:
  • enforced
  • unenforced
Determines if the Fabric should enforce Contrac Policies.
port
Port number to be used for REST connection.
The default value depends on parameter `use_ssl`.
private_key
required
PEM formatted file that contains your private key to be used for signature-based authentication.
The name of the key (without extension) is used as the certificate name in ACI, unless certificate_name is specified.
This option is mutual exclusive with password. If password is provided too, it will be ignored.

aliases: cert_key
state
    Choices:
  • absent
  • present ←
  • query
Use present or absent for adding or removing.
Use query for listing an object or multiple objects.
tenant
The name of the Tenant the VRF should belong to.

aliases: tenant_name
timeout
int
Default:
30
The socket level timeout in seconds.
use_proxy
bool
    Choices:
  • no
  • yes ←
If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
use_ssl
bool
    Choices:
  • no
  • yes ←
If no, an HTTP connection will be used instead of the default HTTPS connection.
username Default:
"admin"
The username to use for authentication.

aliases: user
validate_certs
bool
    Choices:
  • no
  • yes ←
If no, SSL certificates will not be validated.
This should only set to no when used on personally controlled sites using self-signed certificates.
vrf
The name of the VRF.

aliases: context, name, vrf_name

Notes

Note

Examples

- name: Add a new VRF to a tenant
  aci_vrf:
    host: apic
    username: admin
    password: SomeSecretPassword
    vrf: vrf_lab
    tenant: lab_tenant
    descr: Lab VRF
    policy_control_preference: enforced
    policy_control_direction: ingress
    state: present

- name: Remove a VRF for a tenant
  aci_vrf:
    host: apic
    username: admin
    password: SomeSecretPassword
    vrf: vrf_lab
    tenant: lab_tenant
    state: absent

- name: Query a VRF of a tenant
  aci_vrf:
    host: apic
    username: admin
    password: SomeSecretPassword
    vrf: vrf_lab
    tenant: lab_tenant
    state: query

- name: Query all VRFs
  aci_vrf:
    host: apic
    username: admin
    password: SomeSecretPassword
    state: query

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
current
list
success
The existing configuration from the APIC after the module has finished

Sample:
[{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production environment', 'nameAlias': '', 'ownerTag': ''}}}]
error
dict
failure
The error information as returned from the APIC

Sample:
{'text': 'unknown managed object class foo', 'code': '122'}
filter_string
string
failure or debug
The filter string used for the request

Sample:
?rsp-prop-include=config-only
method
string
failure or debug
The HTTP method used for the request to the APIC

Sample:
POST
previous
list
info
The original configuration from the APIC before the module has started

Sample:
[{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production', 'nameAlias': '', 'ownerTag': ''}}}]
proposed
dict
info
The assembled configuration from the user-provided parameters

Sample:
{'fvTenant': {'attributes': {'name': 'production', 'descr': 'Production environment'}}}
raw
string
parse error
The raw output returned by the APIC REST API (xml or json)

Sample:
<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>
response
string
failure or debug
The HTTP response from the APIC

Sample:
OK (30 bytes)
sent
list
info
The actual/minimal configuration pushed to the APIC

Sample:
{'fvTenant': {'attributes': {'descr': 'Production environment'}}}
status
int
failure or debug
The HTTP status from the APIC

Sample:
200
url
string
failure or debug
The HTTP url used for the request to the APIC

Sample:
https://10.11.12.13/api/mo/uni/tn-production.json


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author

  • Jacob McGill (@jmcgill298)

Hint

If you notice any issues in this documentation you can edit this document to improve it.