aci_l3out – Manage Layer 3 Outside (L3Out) objects (l3ext:Out)

New in version 2.6.

Synopsis

  • Manage Layer 3 Outside (L3Out) on Cisco ACI fabrics.

Parameters

Parameter Choices/Defaults Comments
certificate_name
-
The X.509 certificate name attached to the APIC AAA user used for signature-based authentication.
It defaults to the private_key basename, without extension.

aliases: cert_name
description
-
Description for the L3Out.

aliases: descr
domain
- / required
Name of the external L3 domain being associated with the L3Out.

aliases: ext_routed_domain_name, routed_domain
dscp
-
    Choices:
  • AF11
  • AF12
  • AF13
  • AF21
  • AF22
  • AF23
  • AF31
  • AF32
  • AF33
  • AF41
  • AF42
  • AF43
  • CS0
  • CS1
  • CS2
  • CS3
  • CS4
  • CS5
  • CS6
  • CS7
  • EF
  • VA
  • unspecified
The target Differentiated Service (DSCP) value.
The APIC defaults to unspecified when unset during creation.

aliases: target
host
- / required
IP Address or hostname of APIC resolvable by Ansible control host.

aliases: hostname
l3out
- / required
Name of L3Out being created.

aliases: l3out_name, name
l3protocol
list
    Choices:
  • static
  • bgp
  • ospf
  • pim
Routing protocol for the L3Out
output_level
-
    Choices:
  • debug
  • info
  • normal ←
Influence the output of this ACI module.
normal means the standard output, incl. current dict
info adds informational output, incl. previous, proposed and sent dicts
debug adds debugging output, incl. filter_string, method, response, status and url information
password
- / required
The password to use for authentication.
This option is mutual exclusive with private_key. If private_key is provided too, it will be used instead.
port
-
Port number to be used for REST connection.
The default value depends on parameter `use_ssl`.
private_key
- / required
PEM formatted file that contains your private key to be used for signature-based authentication.
The name of the key (without extension) is used as the certificate name in ACI, unless certificate_name is specified.
This option is mutual exclusive with password. If password is provided too, it will be ignored.

aliases: cert_key
route_control
list
    Choices:
  • export
  • import
Route Control enforcement direction. The only allowed values are export or import,export.

aliases: route_control_enforcement
state
-
    Choices:
  • absent
  • present ←
  • query
Use present or absent for adding or removing.
Use query for listing an object or multiple objects.
tenant
- / required
Name of an existing tenant.

aliases: tenant_name
timeout
integer
Default:
30
The socket level timeout in seconds.
use_proxy
boolean
    Choices:
  • no
  • yes ←
If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
use_ssl
boolean
    Choices:
  • no
  • yes ←
If no, an HTTP connection will be used instead of the default HTTPS connection.
username
-
Default:
"admin"
The username to use for authentication.

aliases: user
validate_certs
boolean
    Choices:
  • no
  • yes ←
If no, SSL certificates will not be validated.
This should only set to no when used on personally controlled sites using self-signed certificates.
vrf
- / required
Name of the VRF being associated with the L3Out.

aliases: vrf_name

Notes

Note

See Also

See also

Cisco ACI Guide
Detailed information on how to manage your ACI infrastructure using Ansible.
Developing Cisco ACI modules
Detailed guide on how to write your own Cisco ACI modules to contribute.

Examples

- name: Add a new L3Out
  aci_l3out:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    name: prod_l3out
    description: L3Out for Production tenant
    domain: l3dom_prod
    vrf: prod
    l3protocol: ospf
    state: present
  delegate_to: localhost

- name: Delete L3Out
  aci_l3out:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    name: prod_l3out
    state: absent
  delegate_to: localhost

- name: Query L3Out information
  aci_l3out:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    name: prod_l3out
    state: query
  delegate_to: localhost
  register: query_result

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
current
list
success
The existing configuration from the APIC after the module has finished

Sample:
[{'fvTenant': {'attributes': {'descr': 'Production environment', 'dn': 'uni/tn-production', 'name': 'production', 'nameAlias': '', 'ownerKey': '', 'ownerTag': ''}}}]
error
dictionary
failure
The error information as returned from the APIC

Sample:
{'code': '122', 'text': 'unknown managed object class foo'}
filter_string
string
failure or debug
The filter string used for the request

Sample:
?rsp-prop-include=config-only
method
string
failure or debug
The HTTP method used for the request to the APIC

Sample:
POST
previous
list
info
The original configuration from the APIC before the module has started

Sample:
[{'fvTenant': {'attributes': {'descr': 'Production', 'dn': 'uni/tn-production', 'name': 'production', 'nameAlias': '', 'ownerKey': '', 'ownerTag': ''}}}]
proposed
dictionary
info
The assembled configuration from the user-provided parameters

Sample:
{'fvTenant': {'attributes': {'descr': 'Production environment', 'name': 'production'}}}
raw
string
parse error
The raw output returned by the APIC REST API (xml or json)

Sample:
<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>
response
string
failure or debug
The HTTP response from the APIC

Sample:
OK (30 bytes)
sent
list
info
The actual/minimal configuration pushed to the APIC

Sample:
{'fvTenant': {'attributes': {'descr': 'Production environment'}}}
status
integer
failure or debug
The HTTP status from the APIC

Sample:
200
url
string
failure or debug
The HTTP url used for the request to the APIC

Sample:
https://10.11.12.13/api/mo/uni/tn-production.json


Status

Authors

  • Rostyslav Davydenko (@rost-d)

Hint

If you notice any issues in this documentation you can edit this document to improve it.