Configure ACI with Terraform and Gitlab CI/CD

By | 29/11/2019

Introduction

As promised, we’ll configure an ACI network using a CI/CD pipeline. If you understood this post, you’ll easily grasp this one as well. In the end, whether you configure an ACI resource or an ACI resource with Gitlab, the same principles apply. So we’ll run fast over this one.

In this blog post, we will be using exactly the same Terraform files as we used in the previous post so I won’t spend time describing them here.

Gitlab configuration

In this post, we used the online version of Gitlab. For this post, we will be installing our own Gitlab server since I cannot access our internal lab from outside. Hence the need to install the Community Edition of Gitlab in my lab. I won’t go over the installation in this blog post. A pretty easy guide can be found here.

Anyway, after installation, continue to create a project.

Once the project has been created, you will see the below page.

So let’s go ahead and add the files to our repository. Just follow the commands below.

cisco@wauterw-main:~/wim/terraform/ACI$ git init
Initialized empty Git repository in /home/cisco/wim/terraform/ACI/.git/
cisco@wauterw-main:~/wim/terraform/ACI$ git remote add origin http://10.16.2.230/cisco/terraform-aci.git
cisco@wauterw-main:~/wim/terraform/ACI$ git add .
cisco@wauterw-main:~/wim/terraform/ACI$ git commit -m "Initial Commit"
[master (root-commit) 7c7a905] Initial Commit
 4 files changed, 37 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 main.tf
 create mode 100644 terraform.tf
 create mode 100644 variables.tf
cisco@wauterw-main:~/wim/terraform/ACI$ git push -u origin master
Username for 'http://10.16.2.230': wauterw@cisco.com
Password for 'http://wauterw@cisco.com@10.16.2.230':
Counting objects: 6, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (6/6), 747 bytes | 747.00 KiB/s, done.
Total 6 (delta 0), reused 0 (delta 0)
To http://10.16.2.230/cisco/terraform-aci.git
 * [new branch]      master -> master
Branch 'master' set up to track remote branch 'master' from 'origin'.

Your files will be added to the repository now.

Gitlab CI/CD

As we learned in earlier posts, we need to create a ‘.gitlab-ci.yaml’ with the following content. It does define a number of stagesm essentially to do a ‘terraform init’, ‘terraform plan’ and ‘terraform apply’.

image:
  name: hashicorp/terraform:light
  entrypoint:
    - '/usr/bin/env'
    - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'

before_script:
  - rm -rf .terraform
  - terraform --version
  - export AWS_ACCESS_KEY_ID
  - export AWS_SECRET_ACCESS_KEY
  - terraform init

stages:
  - validate
  - plan
  - apply

validate:
  stage: validate
  script:
    - terraform validate

plan:
  stage: plan
  script:
    - terraform plan -out "planfile"
  dependencies:
    - validate
  artifacts:
    paths:
      - planfile

apply:
  stage: apply
  script:
    - terraform apply -input=false "planfile"
  dependencies:
    - plan
  when: manual

Save the .gitlab-ci.yaml into the same folder as the rest of your Terraform files.

cisco@wauterw-ubuntu-desktop:~/software/Terraform/ACI_Tenant_VRF_BD$ git add . 
cisco@wauterw-ubuntu-desktop:~/software/Terraform/ACI_Tenant_VRF_BD$ git commit -m "Adding CI/CD config"
[master 96adfe7] Adding CI/CD config
 1 file changed, 40 insertions(+)
 create mode 100644 .gitlab-ci.yml
cisco@wauterw-ubuntu-desktop:~/software/Terraform/ACI_Tenant_VRF_BD$ git push origin master
Username for 'http://10.16.2.230': cisco
Password for 'http://cisco@10.16.2.230': 
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Delta compression using up to 4 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 576 bytes | 576.00 KiB/s, done.
Total 3 (delta 1), reused 0 (delta 0)
To http://10.16.2.230/cisco/terraform-aci.git
   eb4693c..96adfe7  master -> master

After this is done, your repo will look as follows:

Once Gitlab detects that a .gitlab-ci.yml file is uploaded to your repo, it will automatically start the pipeline process.

And as we put in the .gitlab-ci.yml file that we wanted to manually approve before applying the configuration, you will see that the pipeline stops after the two first steps of the pipeline. Waiting until you approve manually. Once approved you will see that all three steps are completed.

And finally, you will also see the configuration on Cisco’s ACI platform.

Destroy ACI configuration

Let’s now use a pipeline to destroy the network constructs on ACI automatically.

image:
  name: hashicorp/terraform:light
  entrypoint:
    - '/usr/bin/env'
    - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'

before_script:
  - rm -rf .terraform
  - terraform --version
  - export AWS_ACCESS_KEY_ID
  - export AWS_SECRET_ACCESS_KEY
  - terraform init

stages:
  - validate
  - destroy

validate:
  stage: validate
  script:
    - terraform validate

destroy:
  stage: destroy
  script:
    - terraform destroy -auto-approve
  when: manual
cisco@wauterw-ubuntu-desktop:~/software/Terraform/ACI_Tenant_VRF_BD$ git add .gitlab-ci.yml 
cisco@wauterw-ubuntu-desktop:~/software/Terraform/ACI_Tenant_VRF_BD$ git commit -m "Adding new CI/CD config"
[master 31b894f] Adding new CI/CD config
 1 file changed, 11 deletions(-)
cisco@wauterw-ubuntu-desktop:~/software/Terraform/ACI_Tenant_VRF_BD$ git push origin master
Username for 'http://10.16.2.230': cisco
Password for 'http://cisco@10.16.2.230': 
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 4 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 299 bytes | 299.00 KiB/s, done.
Total 3 (delta 2), reused 0 (delta 0)
To http://10.16.2.230/cisco/terraform-aci.git
   c28c1ed..31b894f  master -> master

As you can see from below screenshot, we only have two steps now, the validate and destroy step.

Click on the trigger to destroy the network configuration on Cisco ACI. When all works well, you will see the below screen:

And obviously, the tenant, VRF and BD will be removed from the ACI network.

Leave a Reply

Your email address will not be published. Required fields are marked *