KEMBAR78
Terraform & Cisco ACI: IaC Guide | PDF | Computer File | Command Line Interface
Scribd
Upload
153 views41 pages

Terraform & Cisco ACI: IaC Guide

This document discusses using Terraform and Cisco ACI for infrastructure as code. It provides an overview of Terraform capabilities and how to manage ACI application network configuration with Terraform plans. Key points include: Terraform is an infrastructure manager that uses configuration files to define and maintain infrastructure resources; it supports ACI through a provider that abstracts the ACI API; and Terraform graphs resource dependencies to determine apply/destroy order and allow interpolation between resources.

Uploaded by

Cesar David Felix Cardenas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
153 views41 pages

Terraform & Cisco ACI: IaC Guide

This document discusses using Terraform and Cisco ACI for infrastructure as code. It provides an overview of Terraform capabilities and how to manage ACI application network configuration with Terraform plans. Key points include: Terraform is an infrastructure manager that uses configuration files to define and maintain infrastructure resources; it supports ACI through a provider that abstracts the ACI API; and Terraform graphs resource dependencies to determine apply/destroy order and allow interpolation between resources.

Uploaded by

Cesar David Felix Cardenas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 41

DEVNET-2340

Infrastructure as Code with


Terraform and Cisco ACI
Don’t call me a CLI junkie anymore!

Devarshi Shah, TME – INSBU


Nicolas Vermande, TME - INSBU
Objectives of this session
• Get an understanding of Terraform capabilities
• Understand how ACI can be managed with
Infrastructure-as-Code paradigms
• Use Terraform plans to manage ACI application
network configuration
What is Terraform?
Terraform is an Infrastructure Resources Manager

• Compose and combine infrastructure resources to build


and maintain a desired state
• Plan and execution are distinct actions
• Manages all resources through APIs
• Resources and data can be re-used within modules
• Terraform use core and plugins components for basic
functions and extensibility

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
How to install it?
• Go to www.terraform.io/download.html

• Pick you platform


• Unzip
• Move binary somewhere in your PATH
(e.g: /usr/local/bin)
• Run terraform commands

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Terraform defines a high level syntax
• Resources are declared in TF file
• Syntax is HCL – HashiCorp Configuration Language
• Human understandable

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Terraform Providers
• Providers abstract the API layer of resources providers
• New resources are available for Terraform to provision and manage

• AAA configuration is required as part of the provider definition in the TF file


• ACI supports user and X509 certificate based authentication

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Arguments are used to compose Resources

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Arguments are used to compose Resources

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
How to use variables?
Declare variables and set default values

variable "aci_private_key" {
default = "/home/nvermand/fabric1_admin.key"
}
variable "aci_cert_name" {
default = "admin_cert"
}
variable "provider_profile_dn" {
default = "uni/vmmp-VMware"
}
variables.tf variable "bd_subnet" {}
variable "gateway" {}
variable "vmm_domain_dn" {}

terraform.tfvars

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
How to use variables?

variables.tf

terraform.tfvars Specific values for tf file, overriding default values

vsphere_compute_cluster = "pod-03"
folder = "ACI/demos"
aci_vm1_name="aci-tf-test1"
aci_vm2_name="aci-tf-test2"
aci_vm1_address = "1.1.1.10"
aci_vm2_address = "1.1.1.11"
bd_subnet = "1.1.1.1/24"
gateway = "1.1.1.1"
vmm_domain_dn = "uni/vmmp-VMware/dom-ACI-nv-POD03-VDS01"

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Data Sources vs Resources

Resources Data sources


• Managed by Terraform • Managed by Provider
• RW • RO
• Can be used for interpolation • Can be used for interpolation
• terraform apply and destroy modifies • terraform apply and destroy don’t alter
resources data sources lifecycle
• Displayed by terraform show and • Displayed by terraform show and
terraform state list terraform state list

resource "aci_tenant" "terraform_ten" { data "vsphere_datacenter" "dc" {


name = "terraform_ten" name = "${var.vsphere_datacenter}"
} }

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Interpolation is used to combine Resources

aci_vrf.vrf1
• Interpolation indicates dependency
• Used to build Direct Acyclic Graph (DAG) of dependencies
• Determines the order of Terraform tasks
• References attributes from other resources

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Terraform manages dependencies with DAG
• DAG – Direct Acyclic Graph is a directional tree without loop
• Walking through multiple graphs is handled in parallel

vSphere VM Tenant

ANP VRF

EPG BD

Subnet

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Main command options
• Terraform plan
• Terraform apply
• Terraform show
• Terraform console

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Terraform plan

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Terraform apply

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Terraform show

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Terraform console
• REPL console (Read-eval-print-loop)

• Can leverage sdtin as input for inline usage

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Anatomy of an ACI
Resource in Terraform
Infrastructure as Code with ACI
• ACI has a modeled representation of everything APIC knows
• ACI object model is a distributed MIT (Management Information Tree) structure, fully accessible
through REST API
• Every node is a managed object (MO) with class, attributes and a distinguished name (Dn)

API
Root

Policy
Universe
Fabric Hypervisors

Virtual
Tenants VLANs Network
Nodes

Applications

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Terraform and ACI Resource Mapping
• Terraform identifies ACI objects with their Dn
• Terraform resource id is the absolute path of ACI object in the DMIT

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
ACI Provider Resources
Available Future Resource Data Source
aci_tenant
aci_vrf
aci_bridge_domain
aci_subnet
aci_application_profile
aci_application_epg
aci_contract
aci_contract_subject
aci_filter
aci_filter_entry
aci_vmm_domain
aci_l3_outside
aci_external_network_instance_profile
aci_rest

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Connecting to ACI
• You can use user/password or certificate base authentication
• Certificates based authentication is recommended though

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Manage Relation Source Objects
• ACI leverages objects to build relations to other nodes in different part of the tree
• These objects are represented as arguments under the target Terraform resource
• Example with EPG that can have relation to VMM domain ( fvRsDomAtt), Bridge-
Domain (fvBD) and Contract consumer/provider (vzBrCP)

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
How to install the ACI provider
Prerequisites
Go latest version
Terraform v0.11.7 onwards

Clone from github: https://github.com/ciscoecosystem/terraform-provider-aci.git


Checkout relation_test branch and build the provider binary file
$ cd terraform-provider-aci
$ git checkout relation_test
Switched to branch 'relation_test'
Your branch is up-to-date with 'origin/relation_test’.
$ make build
==> Checking that code complies with gofmt requirements...
go install

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
How to install the ACI provider
• Go to you $GOBIN or $GOPATH/bin path and copy the provider binary to Terraform 3rd party plugins directory

$ cp $GOBIN/terraform-provier-aci ~/.terraform/plugins/linux_amd64

• Create your terraform working directory and build you configuration (main.tf, terraform.tfvars and
variables.tf)

• Initialize your configuration, which will download required providers and also reference the 3 rd party plugins
directory
$ terraform init
...
Initializing provider plugins...
...
Terraform has been successfully initialized!
...

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Let’s get some hands-on
Demo folder is available at
https://github.com/vfiftyfive/CLEUR19-Terraform.git

Note: ”git checkout no_module” tag for the first


part of the demo
What we’re going to do
• Create a Tenant in ACI
• Create VRF, BD, and attach BD to VRF
• Add subnet under BD
• Create an 2-Tier Application Profile with EPGs
and contracts
• Attach EPGs to BD
• Attach VMM Domain to EPG
• Deploy CentOS VMs and attach them to
corresponding EPGs
• Test connectivity
After your first Terraform
plan, you’ll probably want
to reuse some of your
work…
Terraform Modules are like Black Boxes
• Modules create reusable components
• Modules are Terraform configuration files within a folder (nothing more), but
variables are not usable in main TF file outside of the module stanza
• Modules only take inputs, return outputs and contain resources. From the outside,
they look like functions

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Add Module to TF file

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Create Module Outputs
• Modules outputs are variables that can be used for interpolation

modules/prod_app2/main.tf Main project TF file

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Next steps for our Demo
• Create a module to deploy a standardized
application network profile
• Change main project TF file to include the
module
• Use module outputs to derive new port-group
• Deploy new application from module
• Move VMs to the new network

Note: “git checkout master” for this part of


the demo
Q&A
Cisco Webex Teams

Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session

How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

cs.co/ciscolivebot#DEVNET-2340

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-
shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations

Don’t forget: Cisco Live sessions will be available for viewing


on demand after the event at ciscolive.cisco.com

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Continue Your Education

Demos in Meet the Related


Walk-in
the Cisco engineer sessions
self-paced
Showcase labs 1:1
meetings

DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Thank you

You might also like