search

netascode / terraform-aci-nac-aci

Terraform Cisco ACI Nexus-as-Code Module
https://registry.terraform.io/modules/netascode/nac-aci/aci
Apache License 2.0
17 stars 14 forks source link

question: How can I create a useg epg #93

Open micronemo opened 1 month ago

micronemo commented 1 month ago

How can I create a useg epg

danischm commented 1 month ago

Will be included in the coming release.

micronemo commented 4 weeks ago

hi @danischm i see the new configuration of useg epg but i don't find a resource for fvVmAttr

resource "aci_rest_managed" "fvVmAttr" { class_name = "fvVmAttr" dn = "${aci_rest_managed.fvCrtrn_ubuntu.dn}/vmattr-0" content = { operator = "startsWith" type = "vm-name" value = "ubuntu" name = "0" } }

guilinyan commented 4 weeks ago

Hi @micronemo,

Currently VM based uSeg attribute is not supported and it needs to be implemented by updating sub-module terraform-aci-useg-endpoint-group. In my undertanding, VM based uSeg attribute supports unlimited nesting which makes it more complex than network based IP/MAC uSeg attribute (not support nesting).

micronemo commented 3 weeks ago

apic: tenants:

locals { model = yamldecode(file("${path.module}/../../custom_case_data/useg.yaml"))

useg_epg_list = flatten([ for tenant in local.model.apic.tenants : [ for ap in tenant.application_profiles : [ for epg in ap.useg_endpoint_groups : [ for atb in epg.useg_attributes.vm_attributes : { tenant = tenant.name application_profile = ap.name useg_endpoint_group = epg.name useg_attributes_match = epg.useg_attributes.match_type vm_attributes = atb } ] ] ] ]) }

resource "aci_rest_managed" "fvCrtrn" { for_each = { for blk in local.useg_epglist : "blk${blk.tenant}_${blk.applicationprofile}${blk.useg_endpointgroup}${blk.useg_attributesmatch}${blk.vm_attributes.block}" => blk } class_name = "fvCrtrn" dn = "uni/tn-${each.value.tenant}/ap-${each.value.application_profile}/epg-${each.value.useg_endpoint_group}/crtrn" content = { match = each.value.useg_attributes_match name = "default" prec = "0" scope = "scope-bd" } }

resource "aci_rest_managed" "fvVmAttr" { for_each = { for blk in local.useg_epglist : "blk${blk.tenant}_${blk.applicationprofile}${blk.useg_endpointgroup}${blk.useg_attributesmatch}${blk.vm_attributes.block}" => blk } class_name = "fvVmAttr" dn = "${aci_rest_managed.fvCrtrn[each.key].dn}/vmattr-${each.value.vm_attributes.block}" content = { operator = each.value.vm_attributes.operator type = each.value.vm_attributes.type value = each.value.vm_attributes.value name = each.value.vm_attributes.block } }

Exonical commented 2 weeks ago

VmAttr is much needed. Possibly could be supported by limiting the amount of tags so don't have to account for unlimited nesting? I don't think anyone uses huge amounts of nest so it could be limited to a certain number

guilinyan commented 2 weeks ago

Yeah, I'm also thinking this. Thanks for your suggestions and the sample code.