Hello,
I am quite new to Terraform, using it for development environments on both AWS and Cisco ACI for the moment.
My main tool for Cisco ACI automation has been Ansible, but i have seen some added value in using Terraform for the ability to track the state of objects.
Now i am running into a problem that is very specific to the relation between Cisco ACI and Terraform. The .tf files are able to create the objects without any problems. In ACI terms this means that Terraform is able to create EPGs and Bridge Domains,....
But the relation between the objects is not created, so this means that and EPG will need a relation to Bridge Domain, however this relation is optional but for production it's really needed.
Also posted this in /r Terraform
resource "aci_bridge_domain" "webbd" {
tenant_dn = "${aci_tenant.default.id}"
description = "Bridge Domain for Webtier"
name = "bd_web_tier"
annotation = "webfrontend"
arp_flood = "no"
ip_learning = "yes"
bridge_domain_type = "default"
unicast_route = "yes"
ep_move_detect_mode = "garp"
relation_fv_rs_ctx = "${aci_vrf.default.id}"
}
For example here i create a bridge domain as a resource for terraform, all the options work but for the "relation_fv_rs_ctx". This does not get applied.
This is the same for the EPG example:
resource "aci_application_epg" "web1" {
application_profile_dn = "${aci_application_profile.web.id}"
name = "web-frontend-tier"
description = "EPG for the front end web"
annotation = "webfrontend"
flood_on_encap = "disabled"
prio = "unspecified"
relation_fv_rs_bd = "${aci_bridge_domain.webbd.id}"
}
Again the "relation_fv_rs_bd" is not called upon creation, however it looks properly defined.
When i perform a terraform plan i can see this:
# aci_application_epg.web2 will be created
+ resource "aci_application_epg" "web2" {
+ annotation = "webbackend"
+ application_profile_dn = (known after apply)
+ description = "EPG for the backend end web"
+ exception_tag = (known after apply)
+ flood_on_encap = "disabled"
+ fwd_ctrl = (known after apply)
+ has_mcast_source = (known after apply)
+ id = (known after apply)
+ is_attr_based_e_pg = (known after apply)
+ match_t = (known after apply)
+ name = "web-backend-tier"
+ name_alias = (known after apply)
+ pc_enf_pref = (known after apply)
+ pref_gr_memb = (known after apply)
+ prio = "unspecified"
+ relation_fv_rs_bd = (known after apply)
+ shutdown = (known after apply)
}
So it looks like it is called, but not applied. That is for the relation between the EPG and the Bridge Domain.
Same issue for linking an L3Out with a Bridge Domain subnet:
resource "aci_subnet" "websubnet" {
bridge_domain_dn = "${aci_bridge_domain.webbd.id}"
ip = "10.110.1.254/24"
annotation = "webfrontend"
scope = "public"
virtual = "no"
relation_fv_rs_bd_subnet_to_out = ["${aci_l3_outside.default.id}"]
}
Here it's a bit different also, because the resource expects a set of strings, so a list i presume.
Again in a plan:
# aci_subnet.websubnet will be created
+ resource "aci_subnet" "websubnet" {
+ annotation = "webfrontend"
+ bridge_domain_dn = (known after apply)
+ ctrl = (known after apply)
+ id = (known after apply)
+ ip = "10.110.1.254/24"
+ name_alias = (known after apply)
+ preferred = (known after apply)
+ relation_fv_rs_bd_subnet_to_out = (known after apply)
+ scope = "public"
+ virtual = "no"
}
Basically something is wrong or i am doing something wrong (Most likely the case), It really looks like i am missing something.
Cisco ACI it self will show me an error that the MO relation does not work and reverts to the relation with the common tenant object, and this is why terraform it self will not throw an error.
Anyone with any idea's?
No comments:
Post a Comment