aci_rest - Direct access to the Cisco APIC REST API¶

New in version 2.4.

Synopsis
- Requirements
Parameters
Notes
Examples
Return Values
Status
Maintenance
- Author

Synopsis ¶

Enables the management of the Cisco ACI fabric through direct access to the Cisco APIC REST API.
Thanks to the idempotent nature of the APIC, this module is idempotent and reports changes.

Requirements ¶

The below requirements are needed on the host that executes this module.

lxml (when using XML payload)
xmljson >= 0.1.8 (when using XML payload)
python 2.7+ (when using xmljson)

Parameters ¶

Parameter	Choices/Defaults	Comments
certificate_name		The X.509 certificate name attached to the APIC AAA user used for signature-based authentication. It defaults to the `private_key` basename, without extension. aliases: cert_name
content		When used instead of `src`, sets the payload of the API request directly. This may be convenient to template simple requests. For anything complex use the `template` lookup plugin (see examples) or the template module with parameter `src`.
host required		IP Address or hostname of APIC resolvable by Ansible control host. aliases: hostname
method	Choices: delete get ← post	The HTTP method of the request. Using `delete` is typically used for deleting objects. Using `get` is typically used for querying objects. Using `post` is typically used for modifying objects. aliases: action
output_level	Choices: debug info normal ←	Influence the output of this ACI module. `normal` means the standard output, incl. `current` dict `info` adds informational output, incl. `previous`, `proposed` and `sent` dicts `debug` adds debugging output, incl. `filter_string`, `method`, `response`, `status` and `url` information
password required		The password to use for authentication. This option is mutual exclusive with `private_key`. If `private_key` is provided too, it will be used instead.
path required		URI being used to execute API calls. Must end in `.xml` or `.json`. aliases: uri
port		Port number to be used for REST connection. The default value depends on parameter `use_ssl`.
private_key required		PEM formatted file that contains your private key to be used for signature-based authentication. The name of the key (without extension) is used as the certificate name in ACI, unless `certificate_name` is specified. This option is mutual exclusive with `password`. If `password` is provided too, it will be ignored. aliases: cert_key
src path		Name of the absolute path of the filname that includes the body of the HTTP request being sent to the ACI fabric. If you require a templated payload, use the `content` parameter together with the `template` lookup plugin, or use template. aliases: config_file
timeout int	Default: 30	The socket level timeout in seconds.
use_proxy bool	Choices: no yes ←	If `no`, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
use_ssl bool	Choices: no yes ←	If `no`, an HTTP connection will be used instead of the default HTTPS connection.
username	Default: admin	The username to use for authentication. aliases: user
validate_certs bool	Choices: no yes ←	If `no`, SSL certificates will not be validated. This should only set to `no` when used on personally controlled sites using self-signed certificates.

Notes ¶

Note

Certain payloads are known not to be idempotent, so be careful when constructing payloads, e.g. using status="created" will cause idempotency issues, use status="modified" instead. More information in the ACI documentation.
Certain payloads (and used paths) are known to report no changes happened when changes did happen. This is a known APIC problem and has been reported to the vendor. A workaround for this issue exists. More information in the ACI documentation.
XML payloads require the lxml and xmljson python libraries. For JSON payloads nothing special is needed.
More information regarding the APIC REST API is available from the Cisco APIC REST API Configuration Guide.
Please read the Cisco ACI Guide for more detailed information on how to manage your ACI infrastructure using Ansible.

Examples ¶

- name: Add a tenant using certificate authentication
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    method: post
    path: /api/mo/uni.xml
    src: /home/cisco/ansible/aci/configs/aci_config.xml
  delegate_to: localhost

- name: Add a tenant from a templated payload file from templates/
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    method: post
    path: /api/mo/uni.xml
    content: "{{ lookup('template', 'aci/tenant.xml.j2') }}"
  delegate_to: localhost

- name: Add a tenant using inline YAML
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    validate_certs: no
    path: /api/mo/uni.json
    method: post
    content:
      fvTenant:
        attributes:
          name: Sales
          descr: Sales departement
  delegate_to: localhost

- name: Add a tenant using a JSON string
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    validate_certs: no
    path: /api/mo/uni.json
    method: post
    content:
      {
        "fvTenant": {
          "attributes": {
            "name": "Sales",
            "descr": "Sales departement"
          }
        }
      }
  delegate_to: localhost

- name: Add a tenant using an XML string
  aci_rest:
    host: apic
    username: admin
    private_key: pki/{{ aci_username}}.key
    validate_certs: no
    path: /api/mo/uni.xml
    method: post
    content: '<fvTenant name="Sales" descr="Sales departement"/>'
  delegate_to: localhost

- name: Get tenants using password authentication
  aci_rest:
    host: apic
    username: admin
    password: SomeSecretPassword
    method: get
    path: /api/node/class/fvTenant.json
  delegate_to: localhost
  register: query_result

- name: Configure contracts
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    method: post
    path: /api/mo/uni.xml
    src: /home/cisco/ansible/aci/configs/contract_config.xml
  delegate_to: localhost

- name: Register leaves and spines
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    validate_certs: no
    method: post
    path: /api/mo/uni/controller/nodeidentpol.xml
    content: |
      <fabricNodeIdentPol>
        <fabricNodeIdentP name="{{ item.name }}" nodeId="{{ item.nodeid }}" status="{{ item.status }}" serial="{{ item.serial }}"/>
      </fabricNodeIdentPol>
  with_items:
  - '{{ apic_leavesspines }}'
  delegate_to: localhost

- name: Wait for all controllers to become ready
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    validate_certs: no
    path: /api/node/class/topSystem.json?query-target-filter=eq(topSystem.role,"controller")
  register: apics
  until: "'totalCount' in apics and apics.totalCount|int >= groups['apic']|count"
  retries: 120
  delay: 30
  delegate_to: localhost
  run_once: yes

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
error_code int	always	The REST ACI return code, useful for troubleshooting on failure Sample: 122
error_text string	always	The REST ACI descriptive text, useful for troubleshooting on failure Sample: unknown managed object class foo
imdata string	always	Converted output returned by the APIC REST (register this for post-processing) Sample: [{'error': {'attributes': {'text': 'unknown managed object class foo', 'code': '122'}}}]
payload string	always	The (templated) payload send to the APIC REST API (xml or json) Sample: <foo bar="boo"/>
raw string	parse error	The raw output returned by the APIC REST API (xml or json) Sample: <?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>
response string	always	HTTP response string Sample: HTTP Error 400: Bad Request
status int	always	HTTP status code Sample: 400
totalCount string	always	Number of items in the imdata array Sample: 0
url string	success	URL used for APIC REST call Sample: https://1.2.3.4/api/mo/uni/tn-[Dag].json?rsp-subtree=modified

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance ¶

This module is flagged as certified which means that it is maintained by an Ansible Partner. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by an Ansible Partner, see here.

Author ¶

Dag Wieers (@dagwieers)

Hint

If you notice any issues in this documentation you can edit this document to improve it.