Check for existing ACI contract between 2 IPs using Ansbile

Archives Ansible Project
1

Hi,

I’m trying to figure out a way to check for any existing contract between 2 IPs in ACI using Ansible before creating a contract, any aci_rest get method?

Thanks,

2

Hi Dave,

In ACI you would typically do this check at the EPG level (as contracts are between EPGs).

Assuming that would help you (but that depends entirely on your design), There are a couple of approaches I can think of:

  • Query the EPGs
  • Query the Contract objects (more parsing)

Query the two EPGs in question and extract out the provided and consumed contracts.

For that I would use something like below. I set the Tenant, AP, and the two EPGs I want to check as variables and then use the aci_rest module to query each of those EPGs.


  vars:

    # These variables should be updated for the EPGs to pull and their corresponding tenant and anps.
    epgs:
      - Web
      - DB
    tenant: Heroes
    anp: Power_Up

    query_path: "/api/node/mo/uni/tn-{{ tenant }}/ap-{{ anp }}/epg-<EPG VALUE>.json?query-target=children"
    method: 'get'

  tasks:
  - name: "Execute REST Call Action: {{ method | upper }} Query: {{ query_path }} "
    aci_rest:
      host: "{{ aci_host }}"
      username: "{{ aci_user }}"
      password: "{{ aci_pwd }}"
      validate_certs: no
      method: "{{ method }}"
      path: "/api/node/mo/uni/tn-{{ tenant }}/ap-{{ anp }}/epg-{{ item }}.json?query-target=children"
    delegate_to: localhost
    with_items: "{{ epgs }}"
    register: query_result

  - name: Display RAW APIC Results
    debug:
      var: query_result

You will get back structured data that will allow you to pick out what you want.

If this is new to you take a look at the post below.
https://gratuitous-arp.net/decomposing-complex-json-data-structures/

There is also an ACI module that will allow you to check (query) this relationship. Thats probably the most important part of this, understanding the object relationships.

aci_epg_to_contract – Bind EPGs to Contracts (fv:RsCons, fv:RsProv)

Either way you will need to process the data as you need to.

I put together a simple playbook that shows you both approaches. Its set up to run agains the DevNet always on APIC Sandbox and its looking for specific Tenants, ANPs, and EPGs so you may need to change those accordingly.

https://github.com/cldeluna/cisco_aci/blob/master/aci_rest_epg.yml

There is probably a much easier way to do this and I’m hoping those in this community will show me the error of my ways!

Good luck!

Claudia