I want to extend my sincere appreciation to Cisco ACI-Ansible experts Lionel Hercot, Thomas Renzy and John McDonough for their invaluable suggestions and review of this blog.


As customers embrace the DevOps model to accelerate application deployment and achieve higher efficiency in operating their data centers, the infrastructure needs to change and respond faster than ever to business needs. DevOps can help you achieve an agile operational model by improving on automation, innovation, and consistency.  In this blog let us go on a quick journey of how Red Hat Ansible and Cisco ACI helps you address these challenges quickly and proficiently.

Ansible and Cisco ACI – The perfect pair that enables a true DevOps model

In many customer IT environments, network operations still remain entrenched in error-prone manual processes. Many of the earlier generation folks that were attracted to network operations didn’t want to be programmers, rather they were more interested in implementing and maintaining network policies using CLI and monolithic means on proprietary platforms. In recent times, best-practices in Server-side and DevOps practices have started influencing the networking world with Cloud Administrators forced to support both the compute and network resources. However, in many cases, entirely moving away from traditional network operations may not be possible, just as a 100% DevOps strategy may not be a good fit. The best strategy: The most with the least amount of change or energy. Automation is the natural solution here – it can make the most unproductive and repetitive tasks ideal candidates for automation.

Red Hat Ansible has fast emerged as one of the most popular platforms to automate these day-to-day manual tasks and bring unprecedented cost savings and operational efficiency. Cisco ACI’s Application Policy Infrastructure Controller (APIC) supports a robust and open API that Ansible can seamlessly leverage. Ansible is open source, works with many different operating systems that run on Cisco Networking platforms (ACI, IOS, NX-OS, IOS-XR), and supports the range of ACI offerings.

Together, Cisco ACI and Ansible provide a perfect combination enabling customers to embrace the DevOps model and accelerate ACI Deployment, Monitoring, day-to-day management, and more.

Cisco ACI – Red Hat Ansible solution

Ansible is the only solution in the market today to address network automation challenges, with its unified configuration, provisioning and application deployment, and creating favorable business outcomes like accelerated DevOps and a simplified IT environment.

Ansible brings lots of synergies to an ACI environment with its simple automation language, powerful features such as app-deployment, configuration. management and workflow orchestration and above all an agentless architecture that makes the execution environment predictable and secure.

In the latest Ansible release (2.9), there are over 100 ACI and Multisite modules in Ansible core. Modules for specific objects like, Tenant and Application Profiles as well as a module for interacting directly with the ACI REST API. This means that a broad set of ACI functionality is available as soon as you install Ansible. After installing Ansible only two things are required to start automating an ACI Network Fabric. First, an Ansible playbook, which is a set of automation instructions and two, the inventory file which lists the devices to be automated in this case an APIC. The playbooks are written in YAML to define the tasks to execute against an ACI fabric. Here is an ACI playbook sample that configures a Tenant on an APIC.


- name: ACI Tenant Management

  hosts: aci

  connection: local

  gather facts: no




      hostname: "{{ hostname }}"

      username: admin

      password: adminpass

      validate_certs: false

      tenant: "{{ tenant_name }}"

      description: "{{ tenant_name }} created Using Ansible"

      state: present

Refer to the Related Links section for detailed documentation on Ansible Modules/Playbooks Labs and Tutorials.

How Ansible-ACI integration works?

The picture below represents users creating inventory files (for the APICs we want Ansible to manage), creating the playbooks (what tasks we want to run/automate on the target systems – the APICs), and leverage the available ACI modules for the tasks you want to configure/automate. Ansible then pushes those configuration tasks via the APIC REST API through HTTPS to the target system, the APIC.

The ACI Ansible modules help cover a broad set of Data center use cases. These include,

  • Day 0 – Initial installation and deployment – Configuration of universal entities and policies, for example switch registration, naming, user configuration and firmware update.
  • Day 1 – Configuration and Operation – Initial Tenant creation, along with all the Tenant child configurations, for example VRF, AP, BDs, EPGs, etc.
  • Day 2 – Additional Configuration and Optimization – Add/Update/Remove Policies, Tenants, Applications, for example add a contract to support a new protocol in an existing EPG.

Key Benefits of ACI-Ansible solution

  • Enables Admins to align on a unified approach to managing ACI the same way they manage other Data Center and Cloud infrastructure.
  • ACI Ansible modules provide broad coverage for many ACI objects
  • ACI Ansible modules are idempotent ensuring that playbook results are always the same
  • ACI Ansible modules extend the trusted secure interaction of the ACI CLI and GUI.
  • No Programming Skills required with Ansible module.


Ansible Automation is fast gaining traction with support for multiple networking OS platforms. Ansible adoption is a journey, and new users need not to abandon their traditional network practices, rather helps build bridges between legacy and modern DevOps practices.

Important note – In Ansible 2.10, RedHat is moving 3rd party modules from its core into collections. ACI modules are already available in collections for you to use and our development effort is now concentrated there.

In closing, I want to invite our customers for a deep-dive webinar, scheduled for May 12, 10 AM PST, on topic “Cisco ACI with Red Hat Ansible collections”, presented by two leading industry experts namely, Red Hat’s Product Manager Andrius Benokraitis and Cisco’s Lionel Hercot respectively.

Register for the webinar to learn how Cisco ACI and Red Hat Ansible can help you embrace the DevOps model and accelerate ACI deployment:

Register for the webinar to learn how Cisco ACI and Red Hat Ansible
can help you embrace the DevOps model and accelerate ACI deployment:

Cisco ACI with Red Hat Ansible collections


Related Links



Ravi Balakrishnan

Senior Product Marketing Manager

Datacenter Solutions