Automation

 View Only
last person joined: 22 hours ago 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.
  • 1.  Apstra and service provisioning

    Posted 14 days ago

    I'm about to give up trying to use Apstra CLI, documentation is scarce and seems to be meant to platform maintenance and not service provisioning.

    I've seen there's a Terraform provider but it's not clear to me:

    • Can it handle partial configuration (just defining some VNI/segments and devices vs the full blueprint)?

    usecase would be to provision services adhoc not necessarily knowing what was there in the blueprint before and without killing that configuration.



    ------------------------------
    CIRO IRIARTE
    ------------------------------


  • 2.  RE: Apstra and service provisioning

    Posted 14 days ago

    Additional question, should the Terraform implementation work with OpenTofu?



    ------------------------------
    CIRO IRIARTE
    ------------------------------



  • 3.  RE: Apstra and service provisioning

    Posted 11 days ago
    Edited by Jason Lochhead 11 days ago

    You are correct that the Terraform provider is the right approach for provisioning automation. It does support making incremental changes to existing blueprints.

    Take a look at this example for adding a virtual network. https://registry.terraform.io/providers/Juniper/apstra/latest/docs/resources/datacenter_virtual_network

    As for OpenTofu, I'll check with the Apstra team but I don't believe we have done any testing with it.

    ------------------------------
    Jason Lochhead
    ------------------------------



  • 4.  RE: Apstra and service provisioning

    Posted 11 days ago

    As you've correctly clocked, service provisioning with Apstra is composed of many layers, with each layer depending on the ones before it. A typical dependency graph might look like: template -> blueprint -> routing zone -> virtual network -> connectivity template

    None of these layers can be created in a vacuum, but that doesn't mean that a single terraform project needs to take responsibility for all of the layers.

    Terraform's data source feature permits us to look up the details of existing objects not created by the terraform project.

    This is a complete project which creates a new VN in an existing Blueprint named DC1

    terraform {
      required_providers {
        apstra = {
          source  = "Juniper/apstra"
          version = "0.77.0"
        }
      }
    }
    
    provider "apstra" {
      url                     = "https://redacted:redacted@redacted.com"
      blueprint_mutex_enabled = false
    }
    
    # Discover details of the Blueprint (we need its ID)
    data "apstra_datacenter_blueprint" "dc_1" {
      name = "DC1"
    }
    
    # Discover details of the Routing Zone (we need its ID)
    data "apstra_datacenter_routing_zone" "default" {
      blueprint_id = data.apstra_datacenter_blueprint.dc_1.id
      name         = "default"
    }
    
    # Create a Virtual Network using the discovered Blueprint and Routing Zone IDs
    resource "apstra_datacenter_virtual_network" "example" {
      blueprint_id    = data.apstra_datacenter_blueprint.dc_1.id
      routing_zone_id = data.apstra_datacenter_routing_zone.default.id
      type            = "vlan"
      name            = "my_vn"
    }
    

    The Apstra Terraform provider should be fully compatible with opentofu1

    If you find issues with Opentofu (or anything else), please open an issue.

    [1] We recently added an ephemeral resource  (a Terraform 1.10+ feature). Opentofu does not support these yet as far as I'm aware, but I expect they'll catch up soon.



    ------------------------------
    chris marget
    ------------------------------