aci_epg - Manage End Point Groups (EPG) objects (fv:AEPg)

New in version 2.4.

Synopsis
Parameters
Notes
Examples
Return Values
Status
- Author

Synopsis

Manage End Point Groups (EPG) on Cisco ACI fabrics.

Parameters

Parameter	Choices/Defaults	Comments
ap required		Name of an existing application network profile, that will contain the EPGs. aliases: app_profile, app_profile_name
bd required		Name of the bridge domain being associated with the EPG. aliases: bd_name, bridge_domain
certificate_name	Default: C(private_key) basename	The X.509 certificate name attached to the APIC AAA user used for signature-based authentication. It defaults to the `private_key` basename, without extension. aliases: cert_name
description		Description for the EPG. aliases: descr
epg required		Name of the end point group. aliases: epg_name, name
fwd_control	Choices: none ← proxy-arp	The forwarding control used by the EPG. The APIC defaults new EPGs to `none`.
host required		IP Address or hostname of APIC resolvable by Ansible control host. aliases: hostname
intra_epg_isolation	Choices: enforced unenforced ←	Intra EPG Isolation.
output_level	Choices: debug info normal ←	Influence the output of this ACI module. `normal` means the standard output, incl. `current` dict `info` means informational output, incl. `previous`, `proposed` and `sent` dicts `debug` means debugging output, incl. `filter_string`, `method`, `response`, `status` and `url` information
password required		The password to use for authentication.
port	Default: 443 (for https) and 80 (for http)	Port number to be used for REST connection.
preferred_group (added in 2.5)	Choices: no ← yes	Whether ot not the EPG is part of the Preferred Group and can communicate without contracts. This is very convenient for migration scenarios, or when ACI is used for network automation but not for policy.
priority	Choices: level1 level2 level3 unspecified ←	QoS class.
private_key		PEM formatted file that contains your private key to be used for signature-based authentication. The name of the key (without extension) is used as the certificate name in ACI, unless `certificate_name` is specified. aliases: cert_key
state	Choices: absent present ← query	Use `present` or `absent` for adding or removing. Use `query` for listing an object or multiple objects.
tenant		Name of an existing tenant. aliases: tenant_name
timeout	Default: 30	The socket level timeout in seconds.
use_proxy	Choices: no yes ←	If `no`, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
use_ssl	Choices: no yes ←	If `no`, an HTTP connection will be used instead of the default HTTPS connection.
username required	Default: admin	The username to use for authentication. aliases: user
validate_certs	Choices: no yes ←	If `no`, SSL certificates will not be validated. This should only set to `no` used on personally controlled sites using self-signed certificates.

Notes

Note

The tenant and app_profile used must exist before using this module in your playbook. The aci_tenant and aci_ap modules can be used for this.
More information about the internal APIC class fv:AEPg from the APIC Management Information Model reference.
By default, if an environment variable <protocol>_proxy is set on the target host, requests will be sent through that proxy. This behaviour can be overridden by setting a variable for this task (see setting the environment), or by using the use_proxy option.
HTTP redirects can redirect from HTTP to HTTPS so you should be sure that your proxy environment for both protocols is correct.

Examples

- name: Add a new EPG
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    ap: intranet
    epg: web_epg
    description: Web Intranet EPG
    bd: prod_bd
    preferred_group: yes

- aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    ap: ticketing
    epg: "{{ item.epg }}"
    description: Ticketing EPG
    bd: "{{ item.bd }}"
    priority: unspecified
    intra_epg_isolation: unenforced
    state: present
  with_items:
    - epg: web
      bd: web_bd
    - epg: database
      bd: database_bd

- name: Remove an EPG
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    validate_certs: no
    tenant: production
    app_profile: intranet
    epg: web_epg
    state: absent

- name: Query an EPG
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    ap: ticketing
    epg: web_epg
    state: query

- name: Query all EPGs
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    state: query

- name: Query all EPGs with a Specific Name
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    validate_certs: no
    epg: web_epg
    state: query

- name: Query all EPGs of an App Profile
  aci_epg:
    host: apic
    username: admin
    password: SomeSecretPassword
    validate_certs: no
    ap: ticketing
    state: query

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
current list	success	The existing configuration from the APIC after the module has finished Sample: [{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production environment', 'nameAlias': '', 'ownerTag': ''}}}]
error dict	failure	The error information as returned from the APIC Sample: {'text': 'unknown managed object class foo', 'code': '122'}
filter_string string	failure or debug	The filter string used for the request Sample: ?rsp-prop-include=config-only
method string	failure or debug	The HTTP method used for the request to the APIC Sample: POST
previous list	info	The original configuration from the APIC before the module has started Sample: [{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production', 'nameAlias': '', 'ownerTag': ''}}}]
proposed dict	info	The assembled configuration from the user-provided parameters Sample: {'fvTenant': {'attributes': {'name': 'production', 'descr': 'Production environment'}}}
raw string	parse error	The raw output returned by the APIC REST API (xml or json) Sample: <?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>
response string	failure or debug	The HTTP response from the APIC Sample: OK (30 bytes)
sent list	info	The actual/minimal configuration pushed to the APIC Sample: {'fvTenant': {'attributes': {'descr': 'Production environment'}}}
status int	failure or debug	The HTTP status from the APIC Sample: 200
url string	failure or debug	The HTTP url used for the request to the APIC Sample: https://10.11.12.13/api/mo/uni/tn-production.json

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Author

Swetha Chunduri (@schunduri)

Hint

If you notice any issues in this documentation you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.5/modules/aci_epg_module.html