Using Ansible to Create Cisco ACI Filters

Feb 3, 2016 Ansible Cisco ACI

Share on:

In the midst of rolling out Cisco ACI, we have a need to automation creation of filters to apply to contracts. I tried to use the ACI-PowerTool for this task, however it doesnt seem to work with the newer code we are on. So I went back and attempted to use the ansible modules and it worked flawlessly, below is a sample playbook that will create a filter and add the associated filter entries. The below example are the required ports for Horizon View.

Pre-Requsites

Link to Script

horizonviewports.yml

Preparing to Execute the Script

This script assumes you have already installed and configured Ansible, downloaded the Git Repo and installed the Cisco ACI Cobra SDK.

 1---
 2
 3- name: playbook to create HorizonViewPorts-FIL
 4  hosts: apic
 5  connection: local
 6  gather_facts: no
 7
 8  tasks:
 9      # ensure filters exist
10      - aci_filter: name={{ item }} tenant=common host={{ inventory_hostname }} username={{ user }} password={{ pass }}
11        with_items:
12        - HorizonViewPorts
13
14     # ensure filter entries exist
15      - aci_filter_entry: name=HighEndPorts-tcp proto=tcp tenant=common filter=HorizonViewPorts-FIL dest_from_port=40000 dest_to_port=65000 state=present host={{ inventory_hostname }} username={{ user }} password={{ pass }}
16      - aci_filter_entry: name=HighEndPorts-udp proto=udp tenant=common filter=HorizonViewPorts-FIL dest_from_port=40000 dest_to_port=65000 state=present host={{ inventory_hostname }} username={{ user }} password={{ pass }}
17      - aci_filter_entry: name=HTML-Access proto=tcp tenant=common filter=HorizonViewPorts-FIL dest_from_port=22443 dest_to_port=22443 state=present host={{ inventory_hostname }} username={{ user }} password={{ pass }}
18      - aci_filter_entry: name=http proto=tcp tenant=common filter=HorizonViewPorts-FIL dest_from_port=http dest_to_port=http state=present host={{ inventory_hostname }} username={{ user }} password={{ pass }}
19      - aci_filter_entry: name=https proto=tcp tenant=common filter=HorizonViewPorts-FIL dest_from_port=https dest_to_port=https state=present host={{ inventory_hostname }} username={{ user }} password={{ pass }}
20      - aci_filter_entry: name=JMS proto=tcp tenant=common filter=HorizonViewPorts-FIL dest_from_port=4001 dest_to_port=4002 state=present host={{ inventory_hostname }} username={{ user }} password={{ pass }}
21      - aci_filter_entry: name=MMR proto=tcp tenant=common filter=HorizonViewPorts-FIL dest_from_port=9427 dest_to_port=9427 state=present host={{ inventory_hostname }} username={{ user }} password={{ pass }}
22      - aci_filter_entry: name=PCoIP proto=tcp tenant=common filter=HorizonViewPorts-FIL dest_from_port=4172 dest_to_port=4172 state=present host={{ inventory_hostname }} username={{ user }} password={{ pass }}
23      - aci_filter_entry: name=PCoIP-udp proto=udp tenant=common filter=HorizonViewPorts-FIL dest_from_port=4172 dest_to_port=4172 state=present host={{ inventory_hostname }} username={{ user }} password={{ pass }}
24      - aci_filter_entry: name=USB proto=tcp tenant=common filter=HorizonViewPorts-FIL dest_from_port=32111 dest_to_port=32111 state=present host={{ inventory_hostname }} username={{ user }} password={{ pass }}

...

Execute the Script

Run ansible-playbook horizonviewports.yml -i hosts