diff --git a/README.md b/README.md index 70fab5f..315b7ac 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,6 @@ A Terraform module to configure ACI System Settings. | [aci_mgmt_preference.apic_connectivity_preference](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/mgmt_preference) | resource | | [aci_port_tracking.port_tracking](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/port_tracking) | resource | | [aci_rest.bgp_instance](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest) | resource | -| [aci_rest.endpoint_controls](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest) | resource | | [aci_rest_managed.bgp_autonomous_system_number](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.fabric_wide_settings](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.fabric_wide_settings_5_2_3](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | diff --git a/defaults.yaml b/defaults.yaml index 5f591a8..3cc0e97 100644 --- a/defaults.yaml +++ b/defaults.yaml @@ -3,10 +3,9 @@ defaults: system_settings: apic_connectivity_preference: interface_to_use_for_external_connections: inband - bgp: + bgp_route_reflector: autonomous_system_number: 65000 - bgp_route_reflectors: - # Remember to Test without + description: '' pods: - pod_id: 1 route_reflector_nodes: [101, 102] diff --git a/locals.tf b/locals.tf index 193c433..b124a7c 100644 --- a/locals.tf +++ b/locals.tf @@ -88,7 +88,7 @@ locals { local.endpoints, "rouge_ep_control", {})) > 0 ? merge({ create = true }, local.endpoint.rouge_ep_control, lookup(local.endpoints, "rouge_ep_control", {})) : local.rss.epctrl.rouge_ep_control == false ? merge( { create = false }, local.endpoint.rouge_ep_control - ) : merge({ create = true }, local.endpoint.ip_aging) + ) : merge({ create = true }, local.endpoint.rouge_ep_control) #__________________________________________________________ diff --git a/outputs.tf b/outputs.tf index eef6bc7..1b92802 100644 --- a/outputs.tf +++ b/outputs.tf @@ -83,4 +83,3 @@ output "ptp_and_latency_measurement" { value = { for v in sort(keys(aci_rest_managed.ptp_and_latency_measurement) ) : v => aci_rest_managed.ptp_and_latency_measurement[v].id } } - diff --git a/system-settings.tf b/system-settings.tf index 6828258..489bc13 100644 --- a/system-settings.tf +++ b/system-settings.tf @@ -8,6 +8,7 @@ ________________________________________________________________________________ */ resource "aci_mgmt_preference" "apic_connectivity_preference" { for_each = { for v in lookup(var.system_settings, "apic_connectivity_preference", []) : "default" => v } + annotation = "orchestrator:terraform" interface_pref = each.value } @@ -24,6 +25,7 @@ resource "aci_rest_managed" "bgp_autonomous_system_number" { class_name = "bgpAsP" dn = "uni/fabric/bgpInstP-default/as" content = { + #annotation = "orchestrator:terraform" asn = each.value.autonomous_system_number } } @@ -42,17 +44,21 @@ resource "aci_rest_managed" "route_reflector_nodes" { class_name = "bgpRRNodePEp" dn = "uni/fabric/bgpInstP-default/rr/node-${each.value.node_id}" content = { + #annotation = "orchestrator:terraform" id = each.value.node_id podId = each.value.pod_id } } resource "aci_rest" "bgp_instance" { - for_each = { for v in ["default"] : v => v if length(lookup(var.system_settings, "bgp_route_reflector", {})) > 0 } + for_each = { for v in ["default"] : v => merge( + local.defaults.bgp_route_reflector, lookup(var.system_settings, "bgp_route_reflector", {}) + ) if length(lookup(var.system_settings, "bgp_route_reflector", {})) > 0 } class_name = "bgpInstPol" path = "/api/mo/uni/fabric/bgpInstP-default.json" content = { annotation = "orchestrator:terraform" + descr = each.value.description } } /*_____________________________________________________________________________________________________________________ @@ -64,7 +70,8 @@ GUI Location: _______________________________________________________________________________________________________________________ */ resource "aci_coop_policy" "coop_group" { - for_each = { for v in [local.coop_group] : "default" => v if v.create == true } + for_each = { for v in [local.coop_group] : "default" => v if v.create == true || v.create == "true" } + annotation = "orchestrator:terraform" description = each.value.description type = each.value.type } @@ -79,8 +86,9 @@ GUI Location: _______________________________________________________________________________________________________________________ */ resource "aci_endpoint_controls" "rouge_ep_control" { - for_each = { for v in [local.rouge_ep_control] : "default" => v if v.create == true } - admin_st = each.value.administrative_state + for_each = { for v in [local.rouge_ep_control] : "default" => v if v.create == true || v.create == "true" } + admin_st = each.value.administrative_state + #description = each.value.description hold_intvl = each.value.hold_interval rogue_ep_detect_intvl = each.value.rouge_interval rogue_ep_detect_mult = each.value.rouge_multiplier @@ -95,7 +103,7 @@ GUI Location: _______________________________________________________________________________________________________________________ */ resource "aci_endpoint_ip_aging_profile" "ip_aging" { - for_each = { for v in [local.ip_aging] : "default" => v if v.create == true } + for_each = { for v in [local.ip_aging] : "default" => v if v.create == true || v.create == "true" } admin_st = lookup(local.ip_aging, "administrative_state", local.ipa.administrative_state) } @@ -107,31 +115,6 @@ GUI Location: - System > System Settings > Endpoint Controls > Ep Loop Protection _______________________________________________________________________________________________________________________ */ -#resource "aci_rest_managed" "ep_loop_protection" { -# for_each = { -# for v in toset( -# ["default"] -# ) : "default" => v if local.recommended_settings.endpoint_controls == true -# } -# dn = "uni/infra/epLoopProtectP-default" -# class_name = "epLoopProtectP" -# content = { -# action = anytrue( -# [ -# local.loop.action.bd_learn_disable, -# local.loop.action.port_disable -# ] -# ) ? trim(join(",", compact(concat( -# [length(regexall(true, local.loop.action.bd_learn_disable) -# ) > 0 ? "bd-learn-disable" : "" -# ], [length(regexall(true, local.loop.action.port_disable) -# ) > 0 ? "port-disable" : ""] -# ))), ",") : "" -# adminSt = local.loop.administrative_state -# loopDetectIntvl = local.loop.loop_detection_interval -# loopDetectMult = local.loop.loop_detection_multiplier -# } -#} resource "aci_endpoint_loop_protection" "ep_loop_protection" { for_each = { for v in [local.ep_loop_protection] : "default" => v if v.create == true } action = anytrue( @@ -148,14 +131,6 @@ resource "aci_endpoint_loop_protection" "ep_loop_protection" { loop_detect_mult = each.value.loop_detection_multiplier } -resource "aci_rest" "endpoint_controls" { - for_each = { for v in ["default"] : v => v if length(lookup(var.system_settings, "endpoint_controls", {})) > 0 } - class_name = "bgpInstPol" - path = "/api/mo/uni/fabric/bgpInstP-default.json" - content = { - annotation = "orchestrator:terraform" - } -} /*_____________________________________________________________________________________________________________________ API Information: - Class: "infraSetPol" @@ -167,10 +142,11 @@ ________________________________________________________________________________ resource "aci_rest_managed" "fabric_wide_settings" { for_each = { for v in [local.fabric_wide_settings] : "default" => v if v.create == true && length( regexall("(^[3-4]\\..*|^5.[0-1].*|^5.2\\([0-2].*\\))", var.apic_version) - ) > 0 } + ) > 0 || v.create == "true" && length(regexall("(^[3-4]\\..*|^5.[0-1].*|^5.2\\([0-2].*\\))", var.apic_version)) > 0 } class_name = "infraSetPol" dn = "uni/infra/settings" content = { + #annotation = "orchestrator:terraform" domainValidation = each.value.enforce_domain_validation == true ? "yes" : "no" enforceSubnetCheck = each.value.enforce_subnet_check == true ? "yes" : "no" opflexpAuthenticateClients = each.value.spine_opflex_client_authentication == true ? "yes" : "no" @@ -185,6 +161,8 @@ resource "aci_rest_managed" "fabric_wide_settings" { resource "aci_rest_managed" "fabric_wide_settings_5_2_3" { for_each = { for v in [local.fabric_wide_settings] : "default" => v if v.create == true && length( regexall("(^5\\.2\\(3[a-z]\\)|^5\\.2\\([4-9][a-z]\\)|^[6-9]\\.)", var.apic_version) + ) > 0 || v.create == "true" && length( + regexall("(^5\\.2\\(3[a-z]\\)|^5\\.2\\([4-9][a-z]\\)|^[6-9]\\.)", var.apic_version) ) > 0 } class_name = "infraSetPol" dn = "uni/infra/settings" @@ -193,6 +171,7 @@ resource "aci_rest_managed" "fabric_wide_settings_5_2_3" { # enableMoStreaming = each.value. # enableRemoteLeafDirect = each.value. # policySyncNodeBringup = each.value. + #annotation = "orchestrator:terraform" domainValidation = each.value.enforce_domain_validation == true ? "yes" : "no" enforceSubnetCheck = each.value.enforce_subnet_check == true ? "yes" : "no" leafOpflexpAuthenticateClients = each.value.leaf_opflex_client_authentication == true ? "yes" : "no" @@ -293,6 +272,7 @@ resource "aci_rest_managed" "ptp_and_latency_measurement" { class_name = "latencyPtpMode" dn = "uni/fabric/ptpmode" content = { + #annotation = "orchestrator:terraform" fabAnnounceIntvl = lookup(local.ptp_and_latency_measurement, "announce_interval", local.ptp.announce_interval) fabAnnounceTimeout = lookup(local.ptp_and_latency_measurement, "announce_timeout", local.ptp.announce_timeout) fabDelayIntvl = lookup(local.ptp_and_latency_measurement, "delay_request_interval", local.ptp.delay_request_interval)