aci_rest – Direct access to the Cisco APIC REST API

From Get docs
Ansible/docs/2.8/modules/aci rest module


aci_rest – Direct access to the Cisco APIC REST API

New in version 2.4.


Synopsis

  • Enables the management of the Cisco ACI fabric through direct access to the Cisco APIC REST API.
  • Thanks to the idempotent nature of the APIC, this module is idempotent and reports changes.

Requirements

The below requirements are needed on the host that executes this module.

  • lxml (when using XML payload)
  • xmljson >= 0.1.8 (when using XML payload)
  • python 2.7+ (when using xmljson)

Parameters

Parameter Choices/Defaults Comments

certificate_name

string

The X.509 certificate name attached to the APIC AAA user used for signature-based authentication.

If a private_key filename was provided, this defaults to the private_key basename, without extension.

If PEM-formatted content was provided for private_key, this defaults to the username value.


aliases: cert_name

content

raw

When used instead of src, sets the payload of the API request directly.

This may be convenient to template simple requests.

For anything complex use the template lookup plugin (see examples) or the template module with parameter src.

host

string / required

IP Address or hostname of APIC resolvable by Ansible control host.


aliases: hostname

method

string

  • delete
  • get

  • post

The HTTP method of the request.

Using delete is typically used for deleting objects.

Using get is typically used for querying objects.

Using post is typically used for modifying objects.


aliases: action

output_level

string

  • debug
  • info
  • normal

Influence the output of this ACI module.

normal means the standard output, incl. current dict

info adds informational output, incl. previous, proposed and sent dicts

debug adds debugging output, incl. filter_string, method, response, status and url information

password

string / required

The password to use for authentication.

This option is mutual exclusive with private_key. If private_key is provided too, it will be used instead.

path

string / required

URI being used to execute API calls.

Must end in .xml or .json.


aliases: uri

port

integer

Port number to be used for REST connection.

The default value depends on parameter use_ssl.

private_key

string / required

Either a PEM-formatted private key file or the private key content used for signature-based authentication.

This value also influences the default certificate_name that is used.

This option is mutual exclusive with password. If password is provided too, it will be ignored.


aliases: cert_key

src

path

Name of the absolute path of the filename that includes the body of the HTTP request being sent to the ACI fabric.

If you require a templated payload, use the content parameter together with the template lookup plugin, or use template.


aliases: config_file

timeout

integer

Default:

30

The socket level timeout in seconds.

use_proxy

boolean

  • no
  • yes

If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.

use_ssl

boolean

  • no
  • yes

If no, an HTTP connection will be used instead of the default HTTPS connection.

username

string

Default:

"admin"

The username to use for authentication.


aliases: user

validate_certs

boolean

  • no
  • yes

If no, SSL certificates will not be validated.

This should only set to no when used on personally controlled sites using self-signed certificates.



Notes

Note

  • Certain payloads are known not to be idempotent, so be careful when constructing payloads, e.g. using status="created" will cause idempotency issues, use status="modified" instead. More information in the ACI documentation.
  • Certain payloads (and used paths) are known to report no changes happened when changes did happen. This is a known APIC problem and has been reported to the vendor. A workaround for this issue exists. More information in the ACI documentation.
  • XML payloads require the lxml and xmljson python libraries. For JSON payloads nothing special is needed.


See Also

See also

aci_tenant – Manage tenants (fv:Tenant)
The official documentation on the aci_tenant module.
Cisco APIC REST API Configuration Guide
More information about the APIC REST API.
Cisco ACI Guide
Detailed information on how to manage your ACI infrastructure using Ansible.
Developing Cisco ACI modules
Detailed guide on how to write your own Cisco ACI modules to contribute.


Examples

- name: Add a tenant using certificate authentication
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    method: post
    path: /api/mo/uni.xml
    src: /home/cisco/ansible/aci/configs/aci_config.xml
  delegate_to: localhost

- name: Add a tenant from a templated payload file from templates/
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    method: post
    path: /api/mo/uni.xml
    content: "{{ lookup('template', 'aci/tenant.xml.j2') }}"
  delegate_to: localhost

- name: Add a tenant using inline YAML
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    validate_certs: no
    path: /api/mo/uni.json
    method: post
    content:
      fvTenant:
        attributes:
          name: Sales
          descr: Sales department
  delegate_to: localhost

- name: Add a tenant using a JSON string
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    validate_certs: no
    path: /api/mo/uni.json
    method: post
    content:
      {
        "fvTenant": {
          "attributes": {
            "name": "Sales",
            "descr": "Sales department"
          }
        }
      }
  delegate_to: localhost

- name: Add a tenant using an XML string
  aci_rest:
    host: apic
    username: admin
    private_key: pki/{{ aci_username }}.key
    validate_certs: no
    path: /api/mo/uni.xml
    method: post
    content: '<fvTenant name="Sales" descr="Sales departement"/>'
  delegate_to: localhost

- name: Get tenants using password authentication
  aci_rest:
    host: apic
    username: admin
    password: SomeSecretPassword
    method: get
    path: /api/node/class/fvTenant.json
  delegate_to: localhost
  register: query_result

- name: Configure contracts
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    method: post
    path: /api/mo/uni.xml
    src: /home/cisco/ansible/aci/configs/contract_config.xml
  delegate_to: localhost

- name: Register leaves and spines
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    validate_certs: no
    method: post
    path: /api/mo/uni/controller/nodeidentpol.xml
    content: |
      <fabricNodeIdentPol>
        <fabricNodeIdentP name="{{ item.name }}" nodeId="{{ item.nodeid }}" status="{{ item.status }}" serial="{{ item.serial }}"/>
      </fabricNodeIdentPol>
  with_items:
  - '{{ apic_leavesspines }}'
  delegate_to: localhost

- name: Wait for all controllers to become ready
  aci_rest:
    host: apic
    username: admin
    private_key: pki/admin.key
    validate_certs: no
    path: /api/node/class/topSystem.json?query-target-filter=eq(topSystem.role,"controller")
  register: apics
  until: "'totalCount' in apics and apics.totalCount|int >= groups['apic']|count"
  retries: 120
  delay: 30
  delegate_to: localhost
  run_once: yes

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

error_code

integer

always

The REST ACI return code, useful for troubleshooting on failure


Sample:

122

error_text

string

always

The REST ACI descriptive text, useful for troubleshooting on failure


Sample:

unknown managed object class foo

imdata

string

always

Converted output returned by the APIC REST (register this for post-processing)


Sample:

[{'error': {'attributes': {'code': '122', 'text': 'unknown managed object class foo'}}}]

payload

string

always

The (templated) payload send to the APIC REST API (xml or json)


Sample:


raw

string

parse error

The raw output returned by the APIC REST API (xml or json)


Sample:


response

string

always

HTTP response string


Sample:

HTTP Error 400: Bad Request

status

integer

always

HTTP status code


Sample:

400

totalCount

string

always

Number of items in the imdata array


Sample:

0

url

string

success

URL used for APIC REST call


Sample:

https://1.2.3.4/api/mo/uni/tn-[Dag].json?rsp-subtree=modified




Status

Authors

  • Dag Wieers (@dagwieers)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/aci_rest_module.html