aci_epg - Manage End Point Groups (EPG) objects (fv:AEPg)¶

New in version 2.4.

Synopsis
Parameters
Notes
Examples
Return Values
Status
Maintenance
- Author

Synopsis ¶

Manage End Point Groups (EPG) on Cisco ACI fabrics.

Parameters ¶

Parameter	Choices/Defaults	Comments
ap required		Name of an existing application network profile, that will contain the EPGs. aliases: app_profile, app_profile_name
bd required		Name of the bridge domain being associated with the EPG. aliases: bd_name, bridge_domain
certificate_name		The X.509 certificate name attached to the APIC AAA user used for signature-based authentication. It defaults to the `private_key` basename, without extension. aliases: cert_name
description		Description for the EPG. aliases: descr
epg required		Name of the end point group. aliases: epg_name, name
fwd_control	Choices: none proxy-arp	The forwarding control used by the EPG. The APIC defaults to `none` when unset during creation.
host required		IP Address or hostname of APIC resolvable by Ansible control host. aliases: hostname
intra_epg_isolation	Choices: enforced unenforced	The Intra EPG Isolation. The APIC defaults to `unenforced` when unset during creation.
output_level	Choices: debug info normal ←	Influence the output of this ACI module. `normal` means the standard output, incl. `current` dict `info` adds informational output, incl. `previous`, `proposed` and `sent` dicts `debug` adds debugging output, incl. `filter_string`, `method`, `response`, `status` and `url` information
password required		The password to use for authentication. This option is mutual exclusive with `private_key`. If `private_key` is provided too, it will be used instead.
port		Port number to be used for REST connection. The default value depends on parameter `use_ssl`.
preferred_group bool (added in 2.5)	Choices: no yes	Whether ot not the EPG is part of the Preferred Group and can communicate without contracts. This is very convenient for migration scenarios, or when ACI is used for network automation but not for policy. The APIC defaults to `no` when unset during creation.
priority	Choices: level1 level2 level3 unspecified	The QoS class. The APIC defaults to `unspecified` when unset during creation.
private_key required		PEM formatted file that contains your private key to be used for signature-based authentication. The name of the key (without extension) is used as the certificate name in ACI, unless `certificate_name` is specified. This option is mutual exclusive with `password`. If `password` is provided too, it will be ignored. aliases: cert_key
state	Choices: absent present ← query	Use `present` or `absent` for adding or removing. Use `query` for listing an object or multiple objects.
tenant		Name of an existing tenant. aliases: tenant_name
timeout int	Default: 30	The socket level timeout in seconds.
use_proxy bool	Choices: no yes ←	If `no`, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
use_ssl bool	Choices: no yes ←	If `no`, an HTTP connection will be used instead of the default HTTPS connection.
username	Default: admin	The username to use for authentication. aliases: user
validate_certs bool	Choices: no yes ←	If `no`, SSL certificates will not be validated. This should only set to `no` when used on personally controlled sites using self-signed certificates.

Notes ¶

Note

The tenant and app_profile used must exist before using this module in your playbook. The aci_tenant and aci_ap modules can be used for this.
More information about the internal APIC class fv:AEPg from the APIC Management Information Model reference.
Please read the Cisco ACI Guide for more detailed information on how to manage your ACI infrastructure using Ansible.

Examples ¶

- name: Add a new EPG
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    ap: intranet
    epg: web_epg
    description: Web Intranet EPG
    bd: prod_bd
    preferred_group: yes
    state: present
  delegate_to: localhost

- aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    ap: ticketing
    epg: "{{ item.epg }}"
    description: Ticketing EPG
    bd: "{{ item.bd }}"
    priority: unspecified
    intra_epg_isolation: unenforced
    state: present
  delegate_to: localhost
  with_items:
    - epg: web
      bd: web_bd
    - epg: database
      bd: database_bd

- name: Remove an EPG
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    validate_certs: no
    tenant: production
    app_profile: intranet
    epg: web_epg
    state: absent
  delegate_to: localhost

- name: Query an EPG
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    ap: ticketing
    epg: web_epg
    state: query
  delegate_to: localhost
  register: query_result

- name: Query all EPGs
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    state: query
  delegate_to: localhost
  register: query_result

- name: Query all EPGs with a Specific Name
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    validate_certs: no
    epg: web_epg
    state: query
  delegate_to: localhost
  register: query_result

- name: Query all EPGs of an App Profile
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    validate_certs: no
    ap: ticketing
    state: query
  delegate_to: localhost
  register: query_result

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
current list	success	The existing configuration from the APIC after the module has finished Sample: [{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production environment', 'nameAlias': '', 'ownerTag': ''}}}]
error dict	failure	The error information as returned from the APIC Sample: {'text': 'unknown managed object class foo', 'code': '122'}
filter_string string	failure or debug	The filter string used for the request Sample: ?rsp-prop-include=config-only
method string	failure or debug	The HTTP method used for the request to the APIC Sample: POST
previous list	info	The original configuration from the APIC before the module has started Sample: [{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production', 'nameAlias': '', 'ownerTag': ''}}}]
proposed dict	info	The assembled configuration from the user-provided parameters Sample: {'fvTenant': {'attributes': {'name': 'production', 'descr': 'Production environment'}}}
raw string	parse error	The raw output returned by the APIC REST API (xml or json) Sample: <?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>
response string	failure or debug	The HTTP response from the APIC Sample: OK (30 bytes)
sent list	info	The actual/minimal configuration pushed to the APIC Sample: {'fvTenant': {'attributes': {'descr': 'Production environment'}}}
status int	failure or debug	The HTTP status from the APIC Sample: 200
url string	failure or debug	The HTTP url used for the request to the APIC Sample: https://10.11.12.13/api/mo/uni/tn-production.json

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance ¶

This module is flagged as certified which means that it is maintained by an Ansible Partner. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by an Ansible Partner, see here.

Author ¶

Swetha Chunduri (@schunduri)

Hint

If you notice any issues in this documentation you can edit this document to improve it.