Devnet 2340

DEVNET-2340
Infrastructure as Code with

Terraform and Cisco ACI
Don’t call me a CLI junkie anymore!
Devarshi Shah, TME – INSBU

Nicolas Vermande, TME - INSBU
Objectives of this session
• Get an understanding of Terraform capabilities
• Understand how ACI can be managed with
Infrastructure-as-Code paradigms
• Use Terraform plans to manage ACI application
network configuration
What is Terraform?
Terraform is an Infrastructure Resources Manager
• Compose and combine infrastructure resources to build

and maintain a desired state
• Plan and execution are distinct actions
• Manages all resources through APIs
• Resources and data can be re-used within modules
• Terraform use core and plugins components for basic
functions and extensibility
DEVNET-2340 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
How to install it?
• Go to www.terraform.io/download.html
• Pick you platform

• Unzip
• Move binary somewhere in your PATH
(e.g: /usr/local/bin)
• Run terraform commands
Terraform defines a high level syntax
• Resources are declared in TF file
• Syntax is HCL – HashiCorp Configuration Language
• Human understandable
Terraform Providers
• Providers abstract the API layer of resources providers
• New resources are available for Terraform to provision and manage
• AAA configuration is required as part of the provider definition in the TF file

• ACI supports user and X509 certificate based authentication
Arguments are used to compose Resources
Arguments are used to compose Resources
How to use variables?
Declare variables and set default values
variable "aci_private_key" {
default = "/home/nvermand/fabric1_admin.key"
}
variable "aci_cert_name" {
default = "admin_cert"
}
variable "provider_profile_dn" {
default = "uni/vmmp-VMware"
}
variables.tf variable "bd_subnet" {}
variable "gateway" {}
variable "vmm_domain_dn" {}
terraform.tfvars
How to use variables?
variables.tf
terraform.tfvars Specific values for tf file, overriding default values
vsphere_compute_cluster = "pod-03"
folder = "ACI/demos"
aci_vm1_name="aci-tf-test1"
aci_vm2_name="aci-tf-test2"
aci_vm1_address = "1.1.1.10"
aci_vm2_address = "1.1.1.11"
bd_subnet = "1.1.1.1/24"
gateway = "1.1.1.1"
vmm_domain_dn = "uni/vmmp-VMware/dom-ACI-nv-POD03-VDS01"
Data Sources vs Resources
Resources Data sources

• Managed by Terraform • Managed by Provider
• RW • RO
• Can be used for interpolation • Can be used for interpolation
• terraform apply and destroy modifies • terraform apply and destroy don’t alter
resources data sources lifecycle
• Displayed by terraform show and • Displayed by terraform show and
terraform state list terraform state list
resource "aci_tenant" "terraform_ten" { data "vsphere_datacenter" "dc" {

name = "terraform_ten" name = "${var.vsphere_datacenter}"
} }
Interpolation is used to combine Resources
aci_vrf.vrf1
• Interpolation indicates dependency
• Used to build Direct Acyclic Graph (DAG) of dependencies
• Determines the order of Terraform tasks
• References attributes from other resources
Terraform manages dependencies with DAG
• DAG – Direct Acyclic Graph is a directional tree without loop
• Walking through multiple graphs is handled in parallel
vSphere VM Tenant
ANP VRF
EPG BD
Subnet
Main command options
• Terraform plan
• Terraform apply
• Terraform show
• Terraform console
Terraform plan
Terraform apply
Terraform show
Terraform console
• REPL console (Read-eval-print-loop)
• Can leverage sdtin as input for inline usage
Anatomy of an ACI
Resource in Terraform
Infrastructure as Code with ACI
• ACI has a modeled representation of everything APIC knows
• ACI object model is a distributed MIT (Management Information Tree) structure, fully accessible
through REST API
• Every node is a managed object (MO) with class, attributes and a distinguished name (Dn)
API
Root
Policy
Universe
Fabric Hypervisors
Virtual
Tenants VLANs Network
Nodes
Applications
Terraform and ACI Resource Mapping
• Terraform identifies ACI objects with their Dn
• Terraform resource id is the absolute path of ACI object in the DMIT
ACI Provider Resources
Available Future Resource Data Source
aci_tenant
aci_vrf
aci_bridge_domain
aci_subnet
aci_application_profile
aci_application_epg
aci_contract
aci_contract_subject
aci_filter
aci_filter_entry
aci_vmm_domain
aci_l3_outside
aci_external_network_instance_profile
aci_rest
Connecting to ACI
• You can use user/password or certificate base authentication
• Certificates based authentication is recommended though
Manage Relation Source Objects
• ACI leverages objects to build relations to other nodes in different part of the tree
• These objects are represented as arguments under the target Terraform resource
• Example with EPG that can have relation to VMM domain ( fvRsDomAtt), Bridge-
Domain (fvBD) and Contract consumer/provider (vzBrCP)
How to install the ACI provider
Prerequisites
Go latest version
Terraform v0.11.7 onwards
Clone from github: https://github.com/ciscoecosystem/terraform-provider-aci.git

Checkout relation_test branch and build the provider binary file
$ cd terraform-provider-aci
$ git checkout relation_test
Switched to branch 'relation_test'
Your branch is up-to-date with 'origin/relation_test’.
$ make build
==> Checking that code complies with gofmt requirements...
go install
How to install the ACI provider
• Go to you $GOBIN or $GOPATH/bin path and copy the provider binary to Terraform 3rd party plugins directory
$ cp $GOBIN/terraform-provier-aci ~/.terraform/plugins/linux_amd64
• Create your terraform working directory and build you configuration (main.tf, terraform.tfvars and
variables.tf)
• Initialize your configuration, which will download required providers and also reference the 3 rd party plugins
directory
$ terraform init
...
Initializing provider plugins...
...
Terraform has been successfully initialized!
...
Let’s get some hands-on
Demo folder is available at
https://github.com/vfiftyfive/CLEUR19-Terraform.git
Note: ”git checkout no_module” tag for the first

part of the demo
What we’re going to do
• Create a Tenant in ACI
• Create VRF, BD, and attach BD to VRF
• Add subnet under BD
• Create an 2-Tier Application Profile with EPGs
and contracts
• Attach EPGs to BD
• Attach VMM Domain to EPG
• Deploy CentOS VMs and attach them to
corresponding EPGs
• Test connectivity
After your first Terraform
plan, you’ll probably want
to reuse some of your
work…
Terraform Modules are like Black Boxes
• Modules create reusable components
• Modules are Terraform configuration files within a folder (nothing more), but
variables are not usable in main TF file outside of the module stanza
• Modules only take inputs, return outputs and contain resources. From the outside,
they look like functions
Add Module to TF file
Create Module Outputs
• Modules outputs are variables that can be used for interpolation
modules/prod_app2/main.tf Main project TF file
Next steps for our Demo
• Create a module to deploy a standardized
application network profile
• Change main project TF file to include the
module
• Use module outputs to derive new port-group
• Deploy new application from module
• Move VMs to the new network
Note: “git checkout master” for this part of

the demo
Q&A
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#DEVNET-2340
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-
shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations
Don’t forget: Cisco Live sessions will be available for viewing

on demand after the event at ciscolive.cisco.com
Continue Your Education
Demos in Meet the Related

Walk-in
the Cisco engineer sessions
self-paced
Showcase labs 1:1
meetings
Thank you

Devnet 2340

Uploaded by

Copyright:

Available Formats

Devnet 2340

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Devnet 2340

Uploaded by

Copyright:

Available Formats

DEVNET-2340

Infrastructure as Code with

Devarshi Shah, TME – INSBU

• Compose and combine infrastructure resources to build

• Pick you platform

• AAA configuration is required as part of the provider definition in the TF file

terraform.tfvars Specific values for tf file, overriding default values

Resources Data sources

resource "aci_tenant" "terraform_ten" { data "vsphere_datacenter" "dc" {

• Can leverage sdtin as input for inline usage

Clone from github: https://github.com/ciscoecosystem/terraform-provider-aci.git

Note: ”git checkout no_module” tag for the first

modules/prod_app2/main.tf Main project TF file

Note: “git checkout master” for this part of

Don’t forget: Cisco Live sessions will be available for viewing

Demos in Meet the Related

You might also like