diff --git a/README.md b/README.md index 74d6e3f..8a4570f 100644 --- a/README.md +++ b/README.md @@ -397,7 +397,7 @@ export vrf_snmp_community_5='' |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | | [aci](#requirement\_aci) | 2.9.0 | -| [mso](#requirement\_mso) | 0.11.0 | +| [mso](#requirement\_mso) | 0.11.1 | | [utils](#requirement\_utils) | 0.2.5 | ## Providers @@ -408,13 +408,13 @@ export vrf_snmp_community_5='' | Name | Source | Version | |------|--------|---------| -| [access](#module\_access) | terraform-cisco-modules/access/aci | 2.2.5 | -| [admin](#module\_admin) | terraform-cisco-modules/admin/aci | 2.1.7 | -| [built\_in\_tenants](#module\_built\_in\_tenants) | terraform-cisco-modules/tenants/aci | 2.2.5 | -| [fabric](#module\_fabric) | terraform-cisco-modules/fabric/aci | 2.1.7 | -| [switch](#module\_switch) | terraform-cisco-modules/switch/aci | 2.2.5 | -| [system\_settings](#module\_system\_settings) | terraform-cisco-modules/system-settings/aci | 2.2.5 | -| [tenants](#module\_tenants) | terraform-cisco-modules/tenants/aci | 2.2.5 | +| [access](#module\_access) | terraform-cisco-modules/access/aci | 2.5.1 | +| [admin](#module\_admin) | terraform-cisco-modules/admin/aci | 2.5.1 | +| [built\_in\_tenants](#module\_built\_in\_tenants) | terraform-cisco-modules/tenants/aci | 2.5.1 | +| [fabric](#module\_fabric) | terraform-cisco-modules/fabric/aci | 2.5.1 | +| [switch](#module\_switch) | terraform-cisco-modules/switch/aci | 2.5.1 | +| [system\_settings](#module\_system\_settings) | terraform-cisco-modules/system-settings/aci | 2.5.2 | +| [tenants](#module\_tenants) | terraform-cisco-modules/tenants/aci | 2.5.1 | ## NOTE: **When the Data is merged from the YAML files, it will run through the modules using for_each loop(s). Sensitive Variables cannot be added to a for_each loop, instead use the variables below to add sensitive values for policies.** @@ -443,16 +443,16 @@ export vrf_snmp_community_5='' | [radius\_monitoring\_password](#input\_radius\_monitoring\_password) | RADIUS Monitoring Password. | `string` | `""` | no | | [tacacs\_key](#input\_tacacs\_key) | TACACS Key. | `string` | `""` | no | | [tacacs\_monitoring\_password](#input\_tacacs\_monitoring\_password) | TACACS Monitoring Password. | `string` | `""` | no | +| [apic\_ca\_certificate\_chain\_1](#input\_apic\_ca\_certificate\_chain\_1) | Certificate Authority Certificate Chain. i.e. Intermediate and Root CA Certificate. | `string` | `""` | no | +| [apic\_ca\_certificate\_chain\_2](#input\_apic\_ca\_certificate\_chain\_2) | Certificate Authority Certificate Chain. i.e. Intermediate and Root CA Certificate. | `string` | `""` | no | +| [apic\_certificate\_1](#input\_apic\_certificate\_1) | APIC Certificate 1. | `string` | `""` | no | +| [apic\_certificate\_2](#input\_apic\_certificate\_2) | APIC Certificate 2. | `string` | `""` | no | +| [apic\_private\_key\_1](#input\_apic\_private\_key\_1) | APIC Certificate Private Key 1. | `string` | `""` | no | +| [apic\_private\_key\_2](#input\_apic\_private\_key\_2) | APIC Certificate Private Key 2. | `string` | `""` | no | | [smtp\_password](#input\_smtp\_password) | Password to use if Secure SMTP is enabled for the Smart CallHome Destination Group Mail Server. | `string` | `""` | no | | [remote\_password](#input\_remote\_password) | Remote Host Password. | `string` | `""` | no | | [ssh\_key\_contents](#input\_ssh\_key\_contents) | SSH Private Key Based Authentication Contents. | `string` | `""` | no | | [ssh\_key\_passphrase](#input\_ssh\_key\_passphrase) | SSH Private Key Based Authentication Passphrase. | `string` | `""` | no | -| [apic\_certificate\_1](#input\_apic\_certificate\_1) | APIC Certificate 1. | `string` | `"blah.txt"` | no | -| [apic\_certificate\_2](#input\_apic\_certificate\_2) | APIC Certificate 2. | `string` | `"blah.txt"` | no | -| [apic\_intermediate\_plus\_root\_ca\_1](#input\_apic\_intermediate\_plus\_root\_ca\_1) | Intermediate and Root CA Certificate 1. | `string` | `"blah.txt"` | no | -| [apic\_intermediate\_plus\_root\_ca\_2](#input\_apic\_intermediate\_plus\_root\_ca\_2) | Intermediate and Root CA Certificate 2. | `string` | `"blah.txt"` | no | -| [apic\_private\_key\_1](#input\_apic\_private\_key\_1) | APIC Private Key 1. | `string` | `"blah.txt"` | no | -| [apic\_private\_key\_2](#input\_apic\_private\_key\_2) | APIC Private Key 2. | `string` | `"blah.txt"` | no | | [ntp\_key\_1](#input\_ntp\_key\_1) | Key Assigned to NTP id 1. | `string` | `""` | no | | [ntp\_key\_2](#input\_ntp\_key\_2) | Key Assigned to NTP id 2. | `string` | `""` | no | | [ntp\_key\_3](#input\_ntp\_key\_3) | Key Assigned to NTP id 3. | `string` | `""` | no | diff --git a/RICH/Asgard/main.tf b/RICH/Asgard/main.tf index 5de9e72..ecb99a5 100644 --- a/RICH/Asgard/main.tf +++ b/RICH/Asgard/main.tf @@ -13,9 +13,9 @@ module "access" { depends_on = [ module.system_settings ] - source = "../../../terraform-aci-access" - #source = "terraform-cisco-modules/access/aci" - #version = "2.2.5" + #source = "../../../terraform-aci-access" + source = "terraform-cisco-modules/access/aci" + version = "2.5.1" for_each = { for v in ["default"] : v => v if length( lookup(local.model, "access", {})) > 0 || length(lookup(local.model, "virtual_networking", {})) > 0 @@ -37,9 +37,9 @@ module "admin" { depends_on = [ module.built_in_tenants ] - source = "../../../terraform-aci-admin" - #source = "terraform-cisco-modules/admin/aci" - #version = "2.1.7" + #source = "../../../terraform-aci-admin" + source = "terraform-cisco-modules/admin/aci" + version = "2.5.1" for_each = { for v in ["default"] : v => v if length(lookup(local.model, "admin", {})) > 0 } admin = lookup(local.model, "admin", {}) annotations = var.annotations @@ -56,9 +56,9 @@ module "built_in_tenants" { depends_on = [ module.access ] - source = "../../../terraform-aci-tenants" - #source = "terraform-cisco-modules/tenants/aci" - #version = "2.2.5" + #source = "../../../terraform-aci-tenants" + source = "terraform-cisco-modules/tenants/aci" + version = "2.5.1" for_each = { for v in lookup(local.model, "tenants", []) : v.name => v if length(regexall("^(common|infra|mgmt)$", v.name)) > 0 @@ -80,9 +80,9 @@ module "fabric" { depends_on = [ module.built_in_tenants ] - source = "../../../terraform-aci-fabric" - #source = "terraform-cisco-modules/fabric/aci" - #version = "2.1.7" + #source = "../../../terraform-aci-fabric" + source = "terraform-cisco-modules/fabric/aci" + version = "2.5.1" for_each = { for v in ["default"] : v => v if length(lookup(local.model, "fabric", {})) > 0 } fabric = lookup(local.model, "fabric", {}) management_epgs = var.management_epgs @@ -98,9 +98,9 @@ module "switch" { depends_on = [ module.built_in_tenants ] - source = "../../../terraform-aci-switch" - #source = "terraform-cisco-modules/switch/aci" - #version = "2.2.5" + #source = "../../../terraform-aci-switch" + source = "terraform-cisco-modules/switch/aci" + version = "2.5.1" for_each = { for v in ["default"] : v => v if length(lookup(local.model, "switch", {})) > 0 } annotations = var.annotations @@ -109,9 +109,9 @@ module "switch" { } module "system_settings" { - source = "../../../terraform-aci-system-settings" - #source = "terraform-cisco-modules/system-settings/aci" - #version = "2.2.5" + #source = "../../../terraform-aci-system-settings" + source = "terraform-cisco-modules/system-settings/aci" + version = "2.5.2" for_each = { for v in ["default"] : v => v if length(lookup(local.model, "system_settings", {})) > 0 } annotations = var.annotations @@ -125,9 +125,9 @@ module "tenants" { depends_on = [ module.built_in_tenants ] - source = "../../../terraform-aci-tenants" - #source = "terraform-cisco-modules/tenants/aci" - #version = "2.2.5" + #source = "../../../terraform-aci-tenants" + source = "terraform-cisco-modules/tenants/aci" + version = "2.5.1" for_each = { for v in lookup(local.model, "tenants", []) : v.name => v if length(regexall("^(common|infra|mgmt)$", v.name)) == 0 diff --git a/RICH/Asgard/variables.auto.tfvars b/RICH/Asgard/variables.auto.tfvars index 6d6f5fe..a634340 100644 --- a/RICH/Asgard/variables.auto.tfvars +++ b/RICH/Asgard/variables.auto.tfvars @@ -7,7 +7,7 @@ annotations = [ { key = "orchestrator" - value = "terraform:easy-aci:v2.1.7" + value = "terraform:easy-aci:v2.5.1" } ] apic_hostname = "asgard-apic01.rich.ciscolabs.com" diff --git a/RICH/Odin/variables.auto.tfvars b/RICH/Odin/variables.auto.tfvars index 762c39f..99a259e 100644 --- a/RICH/Odin/variables.auto.tfvars +++ b/RICH/Odin/variables.auto.tfvars @@ -7,7 +7,7 @@ annotations = [ { key = "orchestrator" - value = "terraform:easy-aci:v2.1.7" + value = "terraform:easy-aci:v2.5.1" } ] controller_type = "ndo" diff --git a/RICH/Wakanda/main.tf b/RICH/Wakanda/main.tf index 9a0ba28..ecb99a5 100644 --- a/RICH/Wakanda/main.tf +++ b/RICH/Wakanda/main.tf @@ -13,9 +13,9 @@ module "access" { depends_on = [ module.system_settings ] - source = "../../../terraform-aci-access" - #source = "terraform-cisco-modules/access/aci" - #version = "2.2.5" + #source = "../../../terraform-aci-access" + source = "terraform-cisco-modules/access/aci" + version = "2.5.1" for_each = { for v in ["default"] : v => v if length( lookup(local.model, "access", {})) > 0 || length(lookup(local.model, "virtual_networking", {})) > 0 @@ -37,9 +37,9 @@ module "admin" { depends_on = [ module.built_in_tenants ] - source = "../../../terraform-aci-admin" - #source = "terraform-cisco-modules/admin/aci" - #version = "2.1.7" + #source = "../../../terraform-aci-admin" + source = "terraform-cisco-modules/admin/aci" + version = "2.5.1" for_each = { for v in ["default"] : v => v if length(lookup(local.model, "admin", {})) > 0 } admin = lookup(local.model, "admin", {}) annotations = var.annotations @@ -56,9 +56,9 @@ module "built_in_tenants" { depends_on = [ module.access ] - source = "../../../terraform-aci-tenants" - #source = "terraform-cisco-modules/tenants/aci" - #version = "2.2.5" + #source = "../../../terraform-aci-tenants" + source = "terraform-cisco-modules/tenants/aci" + version = "2.5.1" for_each = { for v in lookup(local.model, "tenants", []) : v.name => v if length(regexall("^(common|infra|mgmt)$", v.name)) > 0 @@ -82,7 +82,7 @@ module "fabric" { ] #source = "../../../terraform-aci-fabric" source = "terraform-cisco-modules/fabric/aci" - version = "2.1.7" + version = "2.5.1" for_each = { for v in ["default"] : v => v if length(lookup(local.model, "fabric", {})) > 0 } fabric = lookup(local.model, "fabric", {}) management_epgs = var.management_epgs @@ -98,9 +98,9 @@ module "switch" { depends_on = [ module.built_in_tenants ] - source = "../../../terraform-aci-switch" - #source = "terraform-cisco-modules/switch/aci" - #version = "2.2.5" + #source = "../../../terraform-aci-switch" + source = "terraform-cisco-modules/switch/aci" + version = "2.5.1" for_each = { for v in ["default"] : v => v if length(lookup(local.model, "switch", {})) > 0 } annotations = var.annotations @@ -111,7 +111,7 @@ module "switch" { module "system_settings" { #source = "../../../terraform-aci-system-settings" source = "terraform-cisco-modules/system-settings/aci" - version = "2.2.5" + version = "2.5.2" for_each = { for v in ["default"] : v => v if length(lookup(local.model, "system_settings", {})) > 0 } annotations = var.annotations @@ -125,9 +125,9 @@ module "tenants" { depends_on = [ module.built_in_tenants ] - source = "../../../terraform-aci-tenants" - #source = "terraform-cisco-modules/tenants/aci" - #version = "2.2.5" + #source = "../../../terraform-aci-tenants" + source = "terraform-cisco-modules/tenants/aci" + version = "2.5.1" for_each = { for v in lookup(local.model, "tenants", []) : v.name => v if length(regexall("^(common|infra|mgmt)$", v.name)) == 0 diff --git a/RICH/Wakanda/variables.auto.tfvars b/RICH/Wakanda/variables.auto.tfvars index 9b360f1..2d79336 100644 --- a/RICH/Wakanda/variables.auto.tfvars +++ b/RICH/Wakanda/variables.auto.tfvars @@ -7,7 +7,7 @@ annotations = [ { key = "orchestrator" - value = "terraform:easy-aci:v2.1.7" + value = "terraform:easy-aci:v2.5.1" } ] apic_hostname = "wakanda-apic01.rich.ciscolabs.com" diff --git a/main.tf b/main.tf index 110506f..c987d75 100644 --- a/main.tf +++ b/main.tf @@ -20,7 +20,7 @@ module "access" { ] #source = "../../../terraform-aci-access" source = "terraform-cisco-modules/access/aci" - version = "2.2.5" + version = "2.5.1" for_each = { for v in ["default"] : v => v if length( lookup(local.model, "access", {})) > 0 || length(lookup(local.model, "virtual_networking", {})) > 0 @@ -44,7 +44,7 @@ module "admin" { ] #source = "../../../terraform-aci-admin" source = "terraform-cisco-modules/admin/aci" - version = "2.1.7" + version = "2.5.1" for_each = { for v in ["default"] : v => v if length(lookup(local.model, "admin", {})) > 0 } admin = lookup(local.model, "admin", {}) annotations = var.annotations @@ -79,7 +79,7 @@ module "built_in_tenants" { ] #source = "../../../terraform-aci-tenants" source = "terraform-cisco-modules/tenants/aci" - version = "2.2.5" + version = "2.5.1" for_each = { for v in lookup(local.model, "tenants", []) : v.name => v if length(regexall("^(common|infra|mgmt)$", v.name)) > 0 @@ -121,7 +121,7 @@ module "fabric" { ] #source = "../../../terraform-aci-fabric" source = "terraform-cisco-modules/fabric/aci" - version = "2.1.7" + version = "2.5.1" for_each = { for v in ["default"] : v => v if length(lookup(local.model, "fabric", {})) > 0 } fabric = lookup(local.model, "fabric", {}) management_epgs = var.management_epgs @@ -156,7 +156,7 @@ module "switch" { ] #source = "../../../terraform-aci-switch" source = "terraform-cisco-modules/switch/aci" - version = "2.2.5" + version = "2.5.1" for_each = { for v in ["default"] : v => v if length(lookup(local.model, "switch", {})) > 0 } annotations = var.annotations @@ -167,7 +167,7 @@ module "switch" { module "system_settings" { #source = "../../../terraform-aci-system-settings" source = "terraform-cisco-modules/system-settings/aci" - version = "2.2.5" + version = "2.5.2" for_each = { for v in ["default"] : v => v if length(lookup(local.model, "system_settings", {})) > 0 } annotations = var.annotations @@ -183,7 +183,7 @@ module "tenants" { ] #source = "../../../terraform-aci-tenants" source = "terraform-cisco-modules/tenants/aci" - version = "2.2.5" + version = "2.5.1" for_each = { for v in lookup(local.model, "tenants", []) : v.name => v if length(regexall("^(common|infra|mgmt)$", v.name)) == 0 diff --git a/tenants/templates.eza.yaml b/tenants/templates.eza.yaml index ff89c73..73e28e8 100644 --- a/tenants/templates.eza.yaml +++ b/tenants/templates.eza.yaml @@ -53,7 +53,7 @@ templates: l3_unknown_multicast_flooding: flood limit_ip_learn_to_subnets: true mld_snoop_policy: default - multi_destionation_flooding: bd-flood + multi_destination_flooding: bd-flood pim: false pimv6: false type: regular @@ -65,7 +65,6 @@ templates: - l3outs: [asgard-dmz] tenant: common ep_move_detection_mode: false - nd_policy: default unicast_routing: true template_name: dmz_optimize - advanced_troubleshooting: @@ -86,7 +85,7 @@ templates: l3_unknown_multicast_flooding: flood limit_ip_learn_to_subnets: true mld_snoop_policy: default - multi_destionation_flooding: bd-flood + multi_destination_flooding: bd-flood pim: false pimv6: false type: regular @@ -98,7 +97,6 @@ templates: - l3outs: [inband] tenant: mgmt ep_move_detection_mode: false - nd_policy: default unicast_routing: true template_name: inband_optimize - advanced_troubleshooting: @@ -124,7 +122,7 @@ templates: l3_unknown_multicast_flooding: flood limit_ip_learn_to_subnets: true mld_snoop_policy: default - multi_destionation_flooding: bd-flood + multi_destination_flooding: bd-flood pim: false pimv6: false type: regular @@ -136,7 +134,6 @@ templates: - l3outs: [asgard-prod] tenant: common ep_move_detection_mode: false - nd_policy: default unicast_routing: true template_name: prod_optimize subnets: diff --git a/variables.auto.tfvars b/variables.auto.tfvars index 17bbf70..2cf900a 100644 --- a/variables.auto.tfvars +++ b/variables.auto.tfvars @@ -7,7 +7,7 @@ annotations = [ { key = "orchestrator" - value = "terraform:easy-aci:v2.1.9" + value = "terraform:easy-aci:v2.5.1" } ] apic_hostname = "asgard-apic01.rich.ciscolabs.com" diff --git a/virtual-networking/virtual-networking.eza.yaml b/virtual-networking/virtual-networking.eza.yaml index 5f05a39..d932735 100644 --- a/virtual-networking/virtual-networking.eza.yaml +++ b/virtual-networking/virtual-networking.eza.yaml @@ -3,37 +3,24 @@ # Virtual Networking - Variables #====================================== virtual_networking: - vmm: - - controllers: + domains: + - access_mode: read-write + controllers: - datacenter: Asgard dvs_version: '7.0' - hostname: asgard-vcenter.rich.ciscolabs.com + hostname: vcenter.rich.ciscolabs.com management_epg: ooband monitoring_policy: default stats_collection: enabled - switch_scope: vm trigger_inventory_sync: untriggered - credentials: - - domain_name: Asgard - username: administrator@rich.local - domain: - - access_mode: read-write - delimiter: '|' - enable_tag_collection: false - enable_vm_folder_data_retrieval: false - endpoint_retention_time: 0 - name: Asgard - site_group: '1' - switch_mode: default - switch_provider: VMware - vlan_pool: all-vlans - enhanced_lag_policy: - - load_balancing_mode: src-dst-ip - mode: active - number_of_links: '2' + credentials: + username: administrator@rich.local + delimiter: '|' name: Asgard + switch_scope: vm + vlan_pool: allVlans vswitch_policy: - - cdp_interface_policy: cdpEnabled - lldp_interface_policy: lldpEnabled + cdp_policy: cdpEnabled + lldp_policy: lldpDisabled mtu_policy: default port_channel_policy: macPin diff --git a/yaml_schema/easy-aci.json b/yaml_schema/easy-aci.json index 65f8c8c..9211a58 100644 --- a/yaml_schema/easy-aci.json +++ b/yaml_schema/easy-aci.json @@ -6250,28 +6250,22 @@ "title": "autonomous_system_number - asn" }, "route_reflector_nodes": { - "type": "array", - "additionalProperties": false, - "description": "Attribute is:\n * pods\n=================================================\nAPI Information:\n - Class: `bgpRRNodePEp`\n - Distinguished Name: `uni/fabric/bgpInstP-default/rr/node-{node_id}`\nGUI Location:\n - System > System Settings > BGP Route Reflector: Route Reflector Nodes", - "items": { - "$ref": "#/definitions/SystemSettings:BgpRouteReflector:RouteReflectorNodes" - }, - "title": "route_reflector_nodes - bgpRRNodePEp" + "$ref": "#/definitions/SystemSettings:BgpRouteReflector:RouteReflectorNodes" } }, "required": [ "autonomous_system_number" ], - "title": "bgp - bgpAsP" + "title": "bgp_route_reflector - bgpAsP" }, "SystemSettings:BgpRouteReflector:RouteReflectorNodes": { "type": "object", "additionalProperties": false, - "description": "", + "description": "List of Pod Spine Route Reflectors.\nRequired:\n * pods\n=================================================\nAPI Information:\n - Class: `bgpRRNodePEp`\n - Distinguished Name: `uni/fabric/bgpInstP-default/rr/node-{node_id}`\nGUI Location:\n - System > System Settings > BGP Route Reflector: Route Reflector Nodes", "properties": { "pods": { "type": "array", - "description": "Required:\n * pod_id\n * route_reflector_nodes", + "description": "Required:\n * pod_id\n * nodes", "items": { "$ref": "#/definitions/SystemSettings:BgpRouteReflector:RouteReflectorNodes:Pods" }, @@ -6281,13 +6275,13 @@ "required": [ "pods" ], - "title": "route_reflector_nodes" + "title": "route_reflector_nodes - bgpRRNodePEp" }, "SystemSettings:BgpRouteReflector:RouteReflectorNodes:Pods": { "type": "object", "additionalProperties": false, "class": "bgpRRNodePEp", - "description": "", + "description": "Required:\n * pod_id\n * route_reflector_nodes", "dn": "uni/fabric/bgpInstP-default/rr/node-{node_id}", "properties": { "pod_id": { @@ -6299,7 +6293,7 @@ "maximum": 12, "title": "pod_id - podId" }, - "route_reflector_nodes": { + "nodes": { "type": "array", "description": "List of BGP Route Reflector Nodes.", "items": { @@ -6311,12 +6305,12 @@ "maximum": 4000, "title": "node_id - id" }, - "title": "route_reflector_nodes" + "title": "nodes" } }, "required": [ "pod_id", - "route_reflector_nodes" + "nodes" ], "title": "pods" },