aci_bd_subnet – Manage Subnets (fv:Subnet)

From Get docs
Ansible/docs/2.7/modules/aci bd subnet module


aci_bd_subnet – Manage Subnets (fv:Subnet)

New in version 2.4.


Synopsis

  • Manage Subnets on Cisco ACI fabrics.

Parameters

Parameter Choices/Defaults Comments

bd

-

The name of the Bridge Domain.


aliases: bd_name

certificate_name

-

The X.509 certificate name attached to the APIC AAA user used for signature-based authentication.

It defaults to the private_key basename, without extension.


aliases: cert_name

description

-

The description for the Subnet.


aliases: descr

enable_vip

boolean

  • no
  • yes

Determines if the Subnet should be treated as a VIP; used when the BD is extended to multiple sites.

The APIC defaults to no when unset during creation.

gateway

-

The IPv4 or IPv6 gateway address for the Subnet.


aliases: gateway_ip

host

- / required

IP Address or hostname of APIC resolvable by Ansible control host.


aliases: hostname

mask

integer

The subnet mask for the Subnet.

This is the number assocated with CIDR notation.

For IPv4 addresses, accepted values range between 0 and 32.

For IPv6 addresses, accepted Values range between 0 and 128.


aliases: subnet_mask

nd_prefix_policy

-

The IPv6 Neighbor Discovery Prefix Policy to associate with the Subnet.

output_level

-

  • debug
  • info
  • normal

Influence the output of this ACI module.

normal means the standard output, incl. current dict

info adds informational output, incl. previous, proposed and sent dicts

debug adds debugging output, incl. filter_string, method, response, status and url information

password

- / required

The password to use for authentication.

This option is mutual exclusive with private_key. If private_key is provided too, it will be used instead.

port

-

Port number to be used for REST connection.

The default value depends on parameter `use_ssl`.

preferred

boolean

  • no
  • yes

Determines if the Subnet is preferred over all available Subnets. Only one Subnet per Address Family (IPv4/IPv6). can be preferred in the Bridge Domain.

The APIC defaults to no when unset during creation.

private_key

- / required

PEM formatted file that contains your private key to be used for signature-based authentication.

The name of the key (without extension) is used as the certificate name in ACI, unless certificate_name is specified.

This option is mutual exclusive with password. If password is provided too, it will be ignored.


aliases: cert_key

route_profile

-

The Route Profile to the associate with the Subnet.

route_profile_l3_out

-

The L3 Out that contains the assocated Route Profile.

scope

list

  • private
  • public
  • shared

Determines the scope of the Subnet.

The private option only allows communication with hosts in the same VRF.

The public option allows the Subnet to be advertised outside of the ACI Fabric, and allows communication with hosts in other VRFs.

The shared option limits communication to hosts in either the same VRF or the shared VRF.

The value is a list of options, private and public are mutually exclusive, but both can be used with shared.

The APIC defaults to private when unset during creation.

state

-

  • absent
  • present

  • query

Use present or absent for adding or removing.

Use query for listing an object or multiple objects.

subnet_control

-

  • nd_ra
  • no_gw
  • querier_ip
  • unspecified

Determines the Subnet's Control State.

The querier_ip option is used to treat the gateway_ip as an IGMP querier source IP.

The nd_ra option is used to treate the gateway_ip address as a Neighbor Discovery Router Advertisement Prefix.

The no_gw option is used to remove default gateway functionality from the gateway address.

The APIC defaults to nd_ra when unset during creation.

subnet_name

-

The name of the Subnet.


aliases: name

tenant

-

The name of the Tenant.


aliases: tenant_name

timeout

integer

Default:

30

The socket level timeout in seconds.

use_proxy

boolean

  • no
  • yes

If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.

use_ssl

boolean

  • no
  • yes

If no, an HTTP connection will be used instead of the default HTTPS connection.

username

-

Default:

"admin"

The username to use for authentication.


aliases: user

validate_certs

boolean

  • no
  • yes

If no, SSL certificates will not be validated.

This should only set to no when used on personally controlled sites using self-signed certificates.



Notes

Note

  • The gateway parameter is the root key used to access the Subnet (not name), so the gateway is required when the state is absent or present.
  • The tenant and bd used must exist before using this module in your playbook. The aci_tenant module and aci_bd can be used for these.


See Also

See also

aci_bd – Manage Bridge Domains (BD) objects (fv:BD)
The official documentation on the aci_bd module.
aci_tenant – Manage tenants (fv:Tenant)
The official documentation on the aci_tenant module.
Cisco ACI Guide
Detailed information on how to manage your ACI infrastructure using Ansible.
Developing Cisco ACI modules
Detailed guide on how to write your own Cisco ACI modules to contribute.


Examples

- name: Create a tenant
  aci_tenant:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    state: present
  delegate_to: localhost

- name: Create a bridge domain
  aci_bd:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    bd: database
    state: present
  delegate_to: localhost

- name: Create a subnet
  aci_bd_subnet:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    bd: database
    gateway: 10.1.1.1
    mask: 24
    state: present
  delegate_to: localhost

- name: Create a subnet with options
  aci_bd_subnet:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    bd: database
    subnet_name: sql
    gateway: 10.1.2.1
    mask: 23
    description: SQL Servers
    scope: public
    route_profile_l3_out: corp
    route_profile: corp_route_profile
    state: present
  delegate_to: localhost

- name: Update a subnets scope to private and shared
  aci_bd_subnet:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    bd: database
    gateway: 10.1.1.1
    mask: 24
    scope: [private, shared]
    state: present
  delegate_to: localhost

- name: Get all subnets
  aci_bd_subnet:
    host: apic
    username: admin
    password: SomeSecretPassword
    state: query
  delegate_to: localhost

- name: Get all subnets of specific gateway in specified tenant
  aci_bd_subnet:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    gateway: 10.1.1.1
    mask: 24
    state: query
  delegate_to: localhost
  register: query_result

- name: Get specific subnet
  aci_bd_subnet:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    bd: database
    gateway: 10.1.1.1
    mask: 24
    state: query
  delegate_to: localhost
  register: query_result

- name: Delete a subnet
  aci_bd_subnet:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    bd: database
    gateway: 10.1.1.1
    mask: 24
    state: absent
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

current

list

success

The existing configuration from the APIC after the module has finished


Sample:

[{'fvTenant': {'attributes': {'descr': 'Production environment', 'dn': 'uni/tn-production', 'name': 'production', 'nameAlias': , 'ownerKey': , 'ownerTag': }}}]

error

dictionary

failure

The error information as returned from the APIC


Sample:

{'code': '122', 'text': 'unknown managed object class foo'}

filter_string

string

failure or debug

The filter string used for the request


Sample:

?rsp-prop-include=config-only

method

string

failure or debug

The HTTP method used for the request to the APIC


Sample:

POST

previous

list

info

The original configuration from the APIC before the module has started


Sample:

[{'fvTenant': {'attributes': {'descr': 'Production', 'dn': 'uni/tn-production', 'name': 'production', 'nameAlias': , 'ownerKey': , 'ownerTag': }}}]

proposed

dictionary

info

The assembled configuration from the user-provided parameters


Sample:

{'fvTenant': {'attributes': {'descr': 'Production environment', 'name': 'production'}}}

raw

string

parse error

The raw output returned by the APIC REST API (xml or json)


Sample:


response

string

failure or debug

The HTTP response from the APIC


Sample:

OK (30 bytes)

sent

list

info

The actual/minimal configuration pushed to the APIC


Sample:

{'fvTenant': {'attributes': {'descr': 'Production environment'}}}

status

integer

failure or debug

The HTTP status from the APIC


Sample:

200

url

string

failure or debug

The HTTP url used for the request to the APIC


Sample:




Status

Authors

  • Jacob McGill (@jmcgill298)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/aci_bd_subnet_module.html