aci_rest - Direct access to the Cisco APIC REST API

New in version 2.4.

Synopsis
Requirements (on host that executes module)
Options
Examples
Return Values
Notes
- Status

Synopsis

Enables the management of the Cisco ACI fabric through direct access to the Cisco APIC REST API.
More information regarding the Cisco APIC REST API is available from http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide.html.

Requirements (on host that executes module)

lxml (when using XML content)
xmljson >= 0.1.8 (when using XML content)
python 2.7+ (when using xmljson)

Options

parameter	required	default	choices	comments
content	no			When used instead of `src`, sets the content of the API request directly. This may be convenient to template simple requests, for anything complex use the template module.
hostname	yes			IP Address or hostname of APIC resolvable by Ansible control host. aliases: host
method	yes	get	delete get post	The HTTP method of the request. Using `delete` is typically used for deleting objects. Using `get` is typically used for querying objects. Using `post` is typically used for modifying objects. aliases: action
password	yes			The password to use for authentication.
path	yes			URI being used to execute API calls. Must end in `.xml` or `.json`. aliases: uri
src	no			Name of the absolute path of the filname that includes the body of the http request being sent to the ACI fabric. aliases: config_file
timeout	no	30		The socket level timeout in seconds.
use_proxy	no	yes	yes no	If `no`, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
use_ssl	no	yes	yes no	If `no`, an HTTP connection will be used instead of the default HTTPS connection.
username	yes	admin		The username to use for authentication. aliases: user
validate_certs	no	yes	yes no	If `no`, SSL certificates will not be validated. This should only set to `no` used on personally controlled sites using self-signed certificates.

Examples

- name: Add a tenant
  aci_rest:
    hostname: '{{ inventory_hostname }}'
    username: '{{ aci_username }}'
    password: '{{ aci_password }}'
    method: post
    path: /api/mo/uni.xml
    src: /home/cisco/ansible/aci/configs/aci_config.xml
  delegate_to: localhost

- name: Add a tenant using inline YAML
  aci_rest:
    hostname: '{{ inventory_hostname }}'
    username: '{{ aci_username }}'
    password: '{{ aci_password }}'
    validate_certs: no
    path: /api/mo/uni/tn-[Sales].json
    method: post
    content:
      fvTenant:
        attributes:
          name: Sales
          descr: Sales departement
  delegate_to: localhost

- name: Add a tenant using a JSON string
  aci_rest:
    hostname: '{{ inventory_hostname }}'
    username: '{{ aci_username }}'
    password: '{{ aci_password }}'
    validate_certs: no
    path: /api/mo/uni/tn-[Sales].json
    method: post
    content: |
      {
        "fvTenant": {
          "attributes": {
            "name": "Sales",
            "descr": "Sales departement"
          }
        }
      }
  delegate_to: localhost

- name: Add a tenant using an XML string
  aci_rest:
    hostname: '{{ inventory_hostname }}'
    username: '{{ aci_username }}'
    password: '{{ aci_password }}'
    validate_certs: no
    path: /api/mo/uni/tn-[Sales].xml
    method: post
    content: |
      <fvTenant name="Sales" descr="Sales departement"/>
  delegate_to: localhost

- name: Get tenants
  aci_rest:
    hostname: '{{ inventory_hostname }}'
    username: '{{ aci_username }}'
    password: '{{ aci_password }}'
    method: get
    path: /api/node/class/fvTenant.json
  delegate_to: localhost

- name: Configure contracts
  aci_rest:
    hostname: '{{ inventory_hostname }}'
    username: '{{ aci_username }}'
    password: '{{ aci_password }}'
    method: post
    path: /api/mo/uni.xml
    src: /home/cisco/ansible/aci/configs/contract_config.xml
  delegate_to: localhost

- name: Register leaves and spines
  aci_rest:
    hostname: '{{ inventory_hostname }}'
    username: '{{ aci_username }}'
    password: '{{ aci_password }}'
    validate_certs: no
    method: post
    path: /api/mo/uni/controller/nodeidentpol.xml
    content: |
      <fabricNodeIdentPol>
        <fabricNodeIdentP name="{{ item.name }}" nodeId="{{ item.nodeid }}" status="{{ item.status }}" serial="{{ item.serial }}"/>
      </fabricNodeIdentPol>
  with_items:
  - '{{ apic_leavesspines }}'
  delegate_to: localhost

- name: Wait for all controllers to become ready
  aci_rest:
    hostname: '{{ inventory_hostname }}'
    username: '{{ aci_username }}'
    password: '{{ aci_password }}'
    validate_certs: no
    path: /api/node/class/topSystem.json?query-target-filter=eq(topSystem.role,"controller")
  register: apics
  until: "'totalCount' in apics and apics.totalCount|int >= groups['apic']|count"
  retries: 120
  delay: 30
  delegate_to: localhost
  run_once: yes

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
error_code	The REST ACI return code, useful for troubleshooting on failure	always	int	122
error_text	The REST ACI descriptive text, useful for troubleshooting on failure	always	string	unknown managed object class foo
imdata	Converted output returned by the APIC REST (register this for post-processing)	always	string	[{'error': {'attributes': {'text': 'unknown managed object class foo', 'code': '122'}}}]
payload	The (templated) payload send to the APIC REST API (xml or json)	always	string	<foo bar="boo"/>
raw	The raw output returned by the APIC REST API (xml or json)	parse error	string	<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>
response	HTTP response string	always	string	HTTP Error 400: Bad Request
status	HTTP status code	always	int	400
totalCount	Number of items in the imdata array	always	string	0
url	URL used for APIC REST call	success	string	https://1.2.3.4/api/mo/uni/tn-[Dag].json?rsp-subtree=modified

Notes

Note

When using inline-JSON (using content), YAML requires to start with a blank line. Otherwise the JSON statement will be parsed as a YAML mapping (dictionary) and translated into invalid JSON as a result.
XML payloads require the lxml and xmljson python libraries. For JSON payloads nothing special is needed.
By default, if an environment variable <protocol>_proxy is set on the target host, requests will be sent through that proxy. This behaviour can be overridden by setting a variable for this task (see setting the environment), or by using the use_proxy option.
HTTP redirects can redirect from HTTP to HTTPS so you should be sure that your proxy environment for both protocols is correct.

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/aci_rest_module.html