ansible-tower-aci
Ansible Collection for use with Cisco ACI, focused on the use of Ansible Tower.
Available on Ansible Galaxy as a Collection: zjpeterson.aci
For best experience, read this documentation on GitHub Pages.
A walkthrough of aci_inventory can be found on the Ansible Blog.
Contents
Plugins
Please reference the full documentation README files and the examples under examples/.
| Plugin | Description |
|---|---|
| aci_inventory | Builds an Ansible inventory of the physical hardware involved in the associated ACI fabric. |
Roles
Please reference the full documentation README files and the example playbooks under playbooks/.
| Role | Description |
|---|---|
| aci_tower_credential_type | Creates an Ansible Tower Credential Type for Cisco ACI. |
| aci_aaa_user_security | Creates/maintains an APIC user to use with Ansible, applies desired security roles, updates Tower. |
| aci_aaa_certificate_rotate | Generates a new x509 certificate + RSA key pair, applies it to an APIC user, updates Tower. |
Integration
These pieces fit together. You can, for instance:
- Use
aci_tower_credential_typeto define a Cisco ACI credential type in Tower - Use
aci_aaa_user_securityto create an APIC user to manage other APIC users, and store the password in Tower - Use
aci_aaa_user_securityon a schedule to keep the password rotated, if that’s a requirement for your organization - Use
aci_aaa_user_securityagain to create an APIC admin user with wider permission to make changes - Use
aci_aaa_certificate_rotateto convert the APIC admin user to certificate-based authentication (a best practice) - Use
aci_aaa_certificate_rotateon a schedule to keep the certificate rotated, if that’s a requirement for your organization - Use
aci_inventorywith the APIC admin credential to keep Tower current with the physical inventory of your ACI fabric - Use the APIC admin credential to reliably provide
cisco.acimodules with login information