aci_rest – Direct access to the Cisco APIC REST API¶
New in version 2.4.
Synopsis¶
- Enables the management of the Cisco ACI fabric through direct access to the Cisco APIC REST API.
- Thanks to the idempotent nature of the APIC, this module is idempotent and reports changes.
Requirements¶
The below requirements are needed on the host that executes this module.
- lxml (when using XML payload)
- xmljson >= 0.1.8 (when using XML payload)
- python 2.7+ (when using xmljson)
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
certificate_name
-
|
The X.509 certificate name attached to the APIC AAA user used for signature-based authentication.
It defaults to the
private_key basename, without extension.aliases: cert_name |
|
|
content
-
|
When used instead of
src, sets the payload of the API request directly.This may be convenient to template simple requests.
For anything complex use the
template lookup plugin (see examples) or the template module with parameter src. |
|
|
host
-
/ required
|
IP Address or hostname of APIC resolvable by Ansible control host.
aliases: hostname |
|
|
method
-
|
|
The HTTP method of the request.
Using
delete is typically used for deleting objects.Using
get is typically used for querying objects.Using
post is typically used for modifying objects.aliases: action |
|
output_level
-
|
|
Influence the output of this ACI module.
normal means the standard output, incl. current dictinfo adds informational output, incl. previous, proposed and sent dictsdebug adds debugging output, incl. filter_string, method, response, status and url information |
|
password
-
/ required
|
The password to use for authentication.
This option is mutual exclusive with
private_key. If private_key is provided too, it will be used instead. |
|
|
path
-
/ required
|
URI being used to execute API calls.
Must end in
.xml or .json.aliases: uri |
|
|
port
-
|
Port number to be used for REST connection.
The default value depends on parameter `use_ssl`.
|
|
|
private_key
-
/ required
|
PEM formatted file that contains your private key to be used for signature-based authentication.
The name of the key (without extension) is used as the certificate name in ACI, unless
certificate_name is specified.This option is mutual exclusive with
password. If password is provided too, it will be ignored.aliases: cert_key |
|
|
src
path
|
Name of the absolute path of the filname that includes the body of the HTTP request being sent to the ACI fabric.
If you require a templated payload, use the
content parameter together with the template lookup plugin, or use template.aliases: config_file |
|
|
timeout
integer
|
Default: 30
|
The socket level timeout in seconds.
|
|
use_proxy
boolean
|
|
If
no, it will not use a proxy, even if one is defined in an environment variable on the target hosts. |
|
use_ssl
boolean
|
|
If
no, an HTTP connection will be used instead of the default HTTPS connection. |
|
username
-
|
Default: "admin"
|
The username to use for authentication.
aliases: user |
|
validate_certs
boolean
|
|
If
no, SSL certificates will not be validated.This should only set to
no when used on personally controlled sites using self-signed certificates. |
Notes¶
Note
- Certain payloads are known not to be idempotent, so be careful when constructing payloads, e.g. using
status="created"will cause idempotency issues, usestatus="modified"instead. More information in the ACI documentation. - Certain payloads (and used paths) are known to report no changes happened when changes did happen. This is a known APIC problem and has been reported to the vendor. A workaround for this issue exists. More information in the ACI documentation.
- XML payloads require the
lxmlandxmljsonpython libraries. For JSON payloads nothing special is needed. - More information regarding the APIC REST API is available from the Cisco APIC REST API Configuration Guide.
See Also¶
See also
- Cisco ACI Guide
- Detailed information on how to manage your ACI infrastructure using Ansible.
- Developing Cisco ACI modules
- Detailed guide on how to write your own Cisco ACI modules to contribute.
Examples¶
- name: Add a tenant using certificate authentication
aci_rest:
host: apic
username: admin
private_key: pki/admin.key
method: post
path: /api/mo/uni.xml
src: /home/cisco/ansible/aci/configs/aci_config.xml
delegate_to: localhost
- name: Add a tenant from a templated payload file from templates/
aci_rest:
host: apic
username: admin
private_key: pki/admin.key
method: post
path: /api/mo/uni.xml
content: "{{ lookup('template', 'aci/tenant.xml.j2') }}"
delegate_to: localhost
- name: Add a tenant using inline YAML
aci_rest:
host: apic
username: admin
private_key: pki/admin.key
validate_certs: no
path: /api/mo/uni.json
method: post
content:
fvTenant:
attributes:
name: Sales
descr: Sales departement
delegate_to: localhost
- name: Add a tenant using a JSON string
aci_rest:
host: apic
username: admin
private_key: pki/admin.key
validate_certs: no
path: /api/mo/uni.json
method: post
content:
{
"fvTenant": {
"attributes": {
"name": "Sales",
"descr": "Sales departement"
}
}
}
delegate_to: localhost
- name: Add a tenant using an XML string
aci_rest:
host: apic
username: admin
private_key: pki/{{ aci_username}}.key
validate_certs: no
path: /api/mo/uni.xml
method: post
content: '<fvTenant name="Sales" descr="Sales departement"/>'
delegate_to: localhost
- name: Get tenants using password authentication
aci_rest:
host: apic
username: admin
password: SomeSecretPassword
method: get
path: /api/node/class/fvTenant.json
delegate_to: localhost
register: query_result
- name: Configure contracts
aci_rest:
host: apic
username: admin
private_key: pki/admin.key
method: post
path: /api/mo/uni.xml
src: /home/cisco/ansible/aci/configs/contract_config.xml
delegate_to: localhost
- name: Register leaves and spines
aci_rest:
host: apic
username: admin
private_key: pki/admin.key
validate_certs: no
method: post
path: /api/mo/uni/controller/nodeidentpol.xml
content: |
<fabricNodeIdentPol>
<fabricNodeIdentP name="{{ item.name }}" nodeId="{{ item.nodeid }}" status="{{ item.status }}" serial="{{ item.serial }}"/>
</fabricNodeIdentPol>
with_items:
- '{{ apic_leavesspines }}'
delegate_to: localhost
- name: Wait for all controllers to become ready
aci_rest:
host: apic
username: admin
private_key: pki/admin.key
validate_certs: no
path: /api/node/class/topSystem.json?query-target-filter=eq(topSystem.role,"controller")
register: apics
until: "'totalCount' in apics and apics.totalCount|int >= groups['apic']|count"
retries: 120
delay: 30
delegate_to: localhost
run_once: yes
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
error_code
integer
|
always |
The REST ACI return code, useful for troubleshooting on failure
Sample:
122
|
|
error_text
string
|
always |
The REST ACI descriptive text, useful for troubleshooting on failure
Sample:
unknown managed object class foo
|
|
imdata
string
|
always |
Converted output returned by the APIC REST (register this for post-processing)
Sample:
[{'error': {'attributes': {'code': '122', 'text': 'unknown managed object class foo'}}}]
|
|
payload
string
|
always |
The (templated) payload send to the APIC REST API (xml or json)
Sample:
<foo bar="boo"/>
|
|
raw
string
|
parse error |
The raw output returned by the APIC REST API (xml or json)
Sample:
<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>
|
|
response
string
|
always |
HTTP response string
Sample:
HTTP Error 400: Bad Request
|
|
status
integer
|
always |
HTTP status code
Sample:
400
|
|
totalCount
string
|
always |
Number of items in the imdata array
Sample:
0
|
|
url
string
|
success |
URL used for APIC REST call
Sample:
https://1.2.3.4/api/mo/uni/tn-[Dag].json?rsp-subtree=modified
|
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by an Ansible Partner. [certified]
Authors¶
- Dag Wieers (@dagwieers)
Hint
If you notice any issues in this documentation you can edit this document to improve it.