Email: evarainbow@evarainbow.com

Terraform Components – Evaluate Cisco Automation and Orchestration Technologies

Terraform uses a declarative approach to describe the desired state of the devices in configuration files. Then the configuration files are organized into an execution plan. The plan contains all the needed information regarding the devices and how to reach the desired state. Before a Terraform plan can be executed, it needs to be confirmed. The configuration files are created using a proprietary syntax called HashiCorp Configuration Language (HCL)and there is also JSON support.

The Terraform configuration files use the “.tf” extension and some are special:

terraform-provider.tf – this is the file in which are described the providers that will be used. There can be listed multiple providers.

terraform.tfvars – this is the file that defines the variables. It can have different extensions, such as “.tfvars”, “.tfvar.json”, “.auto.tfvars”, “.auto.tfvars.json”

terraform.tfstate – this is the file which maintains the state of the managed infrastructure and objects, as it stores the bindings between the objects and the resource instances declared in the configuration.

Terraform-main.tf – this is the main configuration file. In it are defined the resources and the configuration that needs to be created.

The Terraform configuration file works with resources as the fundamental construct. The resources are organized in blocks. A resource block describes an infrastructure object, along with the needed characteristics and the intent.

The target infrastructure is defined as providers, which contain the target IP address, URL, credentials, and so on.

Cisco Systems is an official provider for HashiCorp, and the Terraform software can be used for automation and integration of the Cisco Data Center, Cloud, Security, Enterprise products.

The Cisco ACI Terraform provider contains the needed information to define how Terraform will interact with the Cisco APIC. The provider needs to be configured with the correct credentials for to be able to authenticate successfully against the Cisco APIC. In Example 17-8 can be seen how to include the Cisco ACI provider.

Example 17-8 Cisco ACI Terraform Provider Definition

terraform {
  required_providers {
    aci = {
      source = “CiscoDevNet/aci”
      version = “2.8.0”
    }
  }
}

provider “aci” {
  # Configuration options
}

As mentioned above, the configuration file defines the blocks of resources and what their configuration needs to be. In Example 17-9 is shown how you can start the basic configuration of a Cisco ACI to define the creation of tenant, bridge domainand subnet.

Example 17-9 Cisco ACI Resources in a Terraform Configuration File

provider “aci” {
  # cisco-aci user name
  username = “${var.username}”
  # cisco-aci password
  password = “${var.password}”
  # cisco-aci url
  url      =  “${var.apic_url}”
  insecure = true
}

resource “aci_tenant” “terraform_tenant” {
  name        = “tenant_for_terraform”
  description = “This tenant is created by the Terraform ACI provider”
}

resource “aci_bridge_domain” “bd_for_subnet” {
  tenant_dn   = “${aci_tenant.terraform_tenant.id}”
  name        = “bd_for_subnet”
  description = “This bridge domain is created by the Terraform ACI provider”
}

resource “aci_subnet” “demosubnet” {
  bridge_domain_dn                    =
“${aci_bridge_domain.bd_for_subnet.id}”
  ip                                  = “10.10.1.1/24”
  scope                               = “private”
  description                         = “This subject is created by Terraform”
}

When this plan is run against the Cisco APIC, Terraform will do a cross-checking. This means that it will first check is theses resources already exist on the system. If there are such resources, then no changes will be made. But, if Terraform finds a difference between the configuration file and the state on the target infrastructure, the Cisco ACI in this example, then it will force the needed changes, or the creation or removal of resources, as required by the definitions in the configuration file.

Leave a Reply

Your email address will not be published. Required fields are marked *