Note
This plugin is part of the cisco.aci collection (version 2.1.0).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.aci
.
To use it in a playbook, specify: cisco.aci.aci_rest
.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments |
---|---|---|
annotation string | User-defined string for annotating an object. If the value is not specified in the task, the value of environment variable ACI_ANNOTATION will be used instead. | |
certificate_name string | The X.509 certificate name attached to the APIC AAA user used for signature-based authentication. If a private_key filename was provided, this defaults to the private_key basename, without extension.If PEM-formatted content was provided for private_key , this defaults to the username value.If the value is not specified in the task, the value of environment variable ACI_CERTIFICATE_NAME will be used instead.aliases: cert_name | |
content raw | When used instead of src , sets the payload of the API request directly.This may be convenient to template simple requests. For anything complex use the template lookup plugin (see examples) or the M(template) module with parameter src . | |
host string / required | IP Address or hostname of APIC resolvable by Ansible control host. If the value is not specified in the task, the value of environment variable ACI_HOST will be used instead.aliases: hostname | |
method string |
| The HTTP method of the request. Using delete is typically used for deleting objects.Using get is typically used for querying objects.Using post is typically used for modifying objects.aliases: action |
output_level string |
| Influence the output of this ACI module. normal means the standard output, incl. current dictinfo adds informational output, incl. previous , proposed and sent dictsdebug adds debugging output, incl. filter_string , method , response , status and url informationIf the value is not specified in the task, the value of environment variable ACI_OUTPUT_LEVEL will be used instead. |
output_path string | Path to a file that will be used to dump the ACI JSON configuration objects generated by the module. If the value is not specified in the task, the value of environment variable ACI_OUTPUT_PATH will be used instead. | |
owner_key string | User-defined string for the ownerKey attribute of an ACI object. This attribute represents a key for enabling clients to own their data for entity correlation. If the value is not specified in the task, the value of environment variable ACI_OWNER_KEY will be used instead. | |
owner_tag string | User-defined string for the ownerTag attribute of an ACI object. This attribute represents a tag for enabling clients to add their own data. For example, to indicate who created this object. If the value is not specified in the task, the value of environment variable ACI_OWNER_TAG will be used instead. | |
password string | The password to use for authentication. This option is mutual exclusive with private_key . If private_key is provided too, it will be used instead.If the value is not specified in the task, the value of environment variables ACI_PASSWORD or ANSIBLE_NET_PASSWORD will be used instead. | |
path string / required | URI being used to execute API calls. Must end in .xml or .json .aliases: uri | |
port integer | Port number to be used for REST connection. The default value depends on parameter use_ssl .If the value is not specified in the task, the value of environment variable ACI_PORT will be used instead. | |
private_key string | Either a PEM-formatted private key file or the private key content used for signature-based authentication. This value also influences the default certificate_name that is used.This option is mutual exclusive with password . If password is provided too, it will be ignored.If the value is not specified in the task, the value of environment variable ACI_PRIVATE_KEY or ANSIBLE_NET_SSH_KEYFILE will be used instead.aliases: cert_key | |
src path | Name of the absolute path of the filename that includes the body of the HTTP request being sent to the ACI fabric. If you require a templated payload, use the content parameter together with the template lookup plugin, or use M(template).aliases: config_file | |
timeout integer | Default: 30 | The socket level timeout in seconds. If the value is not specified in the task, the value of environment variable ACI_TIMEOUT will be used instead. |
use_proxy boolean |
| If no , it will not use a proxy, even if one is defined in an environment variable on the target hosts.If the value is not specified in the task, the value of environment variable ACI_USE_PROXY will be used instead. |
use_ssl boolean |
| If no , an HTTP connection will be used instead of the default HTTPS connection.If the value is not specified in the task, the value of environment variable ACI_USE_SSL will be used instead. |
username string | Default: "admin" | The username to use for authentication. If the value is not specified in the task, the value of environment variables ACI_USERNAME or ANSIBLE_NET_USERNAME will be used instead.aliases: user |
validate_certs boolean |
| If no , SSL certificates will not be validated.This should only set to no when used on personally controlled sites using self-signed certificates.If the value is not specified in the task, the value of environment variable ACI_VALIDATE_CERTS will be used instead. |
Note
status="created"
will cause idempotency issues, use status="modified"
instead. More information in the ACI documentation.lxml
and xmljson
python libraries. For JSON payloads nothing special is needed.See also
The official documentation on the cisco.aci.aci_tenant module.
More information about the APIC REST API.
Detailed information on how to manage your ACI infrastructure using Ansible.
Detailed guide on how to write your own Cisco ACI modules to contribute.
- name: Add a tenant using certificate authentication cisco.aci.aci_rest: host: apic username: admin private_key: pki/admin.key method: post path: /api/mo/uni.xml src: /home/cisco/ansible/aci/configs/aci_config.xml delegate_to: localhost - name: Add a tenant from a templated payload file from templates/ cisco.aci.aci_rest: host: apic username: admin private_key: pki/admin.key method: post path: /api/mo/uni.xml content: "{{ lookup('template', 'aci/tenant.xml.j2') }}" delegate_to: localhost - name: Add a tenant using inline YAML cisco.aci.aci_rest: host: apic username: admin private_key: pki/admin.key validate_certs: no path: /api/mo/uni.json method: post content: fvTenant: attributes: name: Sales descr: Sales department delegate_to: localhost - name: Add a tenant using a JSON string cisco.aci.aci_rest: host: apic username: admin private_key: pki/admin.key validate_certs: no path: /api/mo/uni.json method: post content: { "fvTenant": { "attributes": { "name": "Sales", "descr": "Sales department" } } } delegate_to: localhost - name: Add a tenant using an XML string cisco.aci.aci_rest: host: apic username: admin private_key: pki/{{ aci_username }}.key validate_certs: no path: /api/mo/uni.xml method: post content: '<fvTenant name="Sales" descr="Sales departement"/>' delegate_to: localhost - name: Get tenants using password authentication cisco.aci.aci_rest: host: apic username: admin password: SomeSecretPassword method: get path: /api/node/class/fvTenant.json delegate_to: localhost register: query_result - name: Configure contracts cisco.aci.aci_rest: host: apic username: admin private_key: pki/admin.key method: post path: /api/mo/uni.xml src: /home/cisco/ansible/aci/configs/contract_config.xml delegate_to: localhost - name: Register leaves and spines cisco.aci.aci_rest: host: apic username: admin private_key: pki/admin.key validate_certs: no method: post path: /api/mo/uni/controller/nodeidentpol.xml content: <fabricNodeIdentPol> <fabricNodeIdentP name="{{ item.name }}" nodeId="{{ item.nodeid }}" status="{{ item.status }}" serial="{{ item.serial }}"/> </fabricNodeIdentPol> with_items: - '{{ apic_leavesspines }}' delegate_to: localhost - name: Wait for all controllers to become ready cisco.aci.aci_rest: host: apic username: admin private_key: pki/admin.key validate_certs: no path: /api/node/class/topSystem.json?query-target-filter=eq(topSystem.role,"controller") register: apics until: "'totalCount' in apics and apics.totalCount|int >= groups['apic']|count" retries: 120 delay: 30 delegate_to: localhost run_once: yes
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
error_code integer | always | The REST ACI return code, useful for troubleshooting on failure Sample: 122 |
error_text string | always | The REST ACI descriptive text, useful for troubleshooting on failure Sample: unknown managed object class foo |
imdata string | always | Converted output returned by the APIC REST (register this for post-processing) Sample: [{'error': {'attributes': {'code': '122', 'text': 'unknown managed object class foo'}}}] |
payload string | always | The (templated) payload send to the APIC REST API (xml or json) Sample: <foo bar="boo"/> |
raw string | parse error | The raw output returned by the APIC REST API (xml or json) Sample: <?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata> |
response string | always | HTTP response string Sample: HTTP Error 400: Bad Request |
status integer | always | HTTP status code Sample: 400 |
totalCount string | always | Number of items in the imdata array Sample: 0 |
url string | success | URL used for APIC REST call Sample: https://1.2.3.4/api/mo/uni/tn-[Dag].json?rsp-subtree=modified |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/cisco/aci/aci_rest_module.html