netascode · manofcolombia · Aug 11, 2025 · Aug 13, 2025
diff --git a/aci_access_policies.tf b/aci_access_policies.tf
@@ -44,14 +44,15 @@ module "aci_routed_domain" {
 module "aci_aaep" {
   source = "./modules/terraform-aci-aaep"
 
-  for_each           = { for aaep in try(local.access_policies.aaeps, []) : aaep.name => aaep if local.modules.aci_aaep && var.manage_access_policies }
-  name               = "${each.value.name}${local.defaults.apic.access_policies.aaeps.name_suffix}"
-  description        = try(each.value.description, "")
-  infra_vlan         = try(each.value.infra_vlan, local.defaults.apic.access_policies.aaeps.infra_vlan) == true ? try(local.access_policies.infra_vlan, 0) : 0
-  physical_domains   = [for dom in try(each.value.physical_domains, []) : "${dom}${local.defaults.apic.access_policies.physical_domains.name_suffix}"]
-  routed_domains     = [for dom in try(each.value.routed_domains, []) : "${dom}${local.defaults.apic.access_policies.routed_domains.name_suffix}"]
-  vmware_vmm_domains = try(each.value.vmware_vmm_domains, [])
-  endpoint_groups    = try(each.value.endpoint_groups, [])
+  for_each            = { for aaep in try(local.access_policies.aaeps, []) : aaep.name => aaep if local.modules.aci_aaep && var.manage_access_policies }
+  name                = "${each.value.name}${local.defaults.apic.access_policies.aaeps.name_suffix}"
+  description         = try(each.value.description, "")
+  infra_vlan          = try(each.value.infra_vlan, local.defaults.apic.access_policies.aaeps.infra_vlan) == true ? try(local.access_policies.infra_vlan, 0) : 0
+  physical_domains    = [for dom in try(each.value.physical_domains, []) : "${dom}${local.defaults.apic.access_policies.physical_domains.name_suffix}"]
+  routed_domains      = [for dom in try(each.value.routed_domains, []) : "${dom}${local.defaults.apic.access_policies.routed_domains.name_suffix}"]
+  vmware_vmm_domains  = try(each.value.vmware_vmm_domains, [])
+  nutanix_vmm_domains = try(each.value.nutanix_vmm_domains, [])
+  endpoint_groups     = try(each.value.endpoint_groups, [])
 
   depends_on = [
     module.aci_physical_domain,

diff --git a/aci_tenants.tf b/aci_tenants.tf
@@ -382,6 +382,16 @@ locals {
             active_uplinks_order = try(vmm.active_uplinks_order, "")
             standby_uplinks      = try(vmm.standby_uplinks, "")
           }]
+          nutanix_vmm_domains = [for vmm in try(epg.nutanix_vmm_domains, []) : {
+            name                         = "${vmm.name}${local.defaults.apic.tenants.application_profiles.endpoint_groups.nutanix_vmm_domains.name_suffix}"
+            custom_epg_name              = try(vmm.custom_epg_name, "")
+            ipam                         = try(vmm.ipam, local.defaults.apic.tenants.application_profiles.endpoint_groups.nutanix_vmm_domains.ipam)
+            ipam_gateway                 = try(vmm.ipam_gateway, null)
+            dhcp_server_address_override = try(vmm.dhcp_server_address_override, null)
+            dhcp_address_pool            = try(vmm.dhcp_address_pool, null)
+            vlan                         = try(vmm.vlan, null)
+            deployment_immediacy         = try(vmm.deployment_immediacy, local.defaults.apic.tenants.application_profiles.endpoint_groups.nutanix_vmm_domains.deployment_immediacy)
+          }]
           static_ports = [for sp in try(epg.static_ports, []) : {
             node_id = try(sp.node_id, [for pg in local.leaf_interface_policy_group_mapping : pg.node_ids if pg.name == sp.channel][0][0], null)
             # set node2_id to "vpc" if channel IPG is vPC, otherwise "null"
@@ -469,6 +479,7 @@ module "aci_endpoint_group" {
   physical_domains            = each.value.physical_domains
   subnets                     = each.value.subnets
   vmware_vmm_domains          = each.value.vmware_vmm_domains
+  nutanix_vmm_domains         = each.value.nutanix_vmm_domains
   static_ports = [for sp in try(each.value.static_ports, []) : {
     description          = sp.description
     node_id              = sp.node_id

diff --git a/defaults/defaults.yaml b/defaults/defaults.yaml
@@ -1084,6 +1084,10 @@ defaults:
             allow_promiscuous: reject
             forged_transmits: reject
             mac_changes: reject
+          nutanix_vmm_domains:
+            name_suffix: ""
+            ipam: false
+            deployment_immediacy: lazy
           static_ports:
             module: 1
             mode: regular

diff --git a/modules/terraform-aci-aaep/README.md b/modules/terraform-aci-aaep/README.md
@@ -54,6 +54,7 @@ module "aci_aaep" {
 | <a name="input_physical_domains"></a> [physical\_domains](#input\_physical\_domains) | Physical domains. | `list(string)` | `[]` | no |
 | <a name="input_routed_domains"></a> [routed\_domains](#input\_routed\_domains) | Routed domains. | `list(string)` | `[]` | no |
 | <a name="input_vmware_vmm_domains"></a> [vmware\_vmm\_domains](#input\_vmware\_vmm\_domains) | VMware VMM domains. | `list(string)` | `[]` | no |
+| <a name="input_nutanix_vmm_domains"></a> [nutanix\_vmm\_domains](#input\_nutanix\_vmm\_domains) | Nutanix VMM Domains. | `list(string)` | `[]` | no |
 | <a name="input_endpoint_groups"></a> [endpoint\_groups](#input\_endpoint\_groups) | List of application endpoint groups. Allowed values `vlan`, `primary_vlan`, `secondary_vlan`: `1` - `4096`. Choices `mode`: `regular`, `native`, `untagged`. Default value `mode`: `regular`. Choices `deployment_immediacy`: `immediate`, `lazy`. Default value `deployment_immediacy`: `lazy`. | <pre>list(object({<br/>    tenant               = string<br/>    application_profile  = string<br/>    endpoint_group       = string<br/>    vlan                 = optional(number)<br/>    primary_vlan         = optional(number)<br/>    secondary_vlan       = optional(number)<br/>    mode                 = optional(string, "regular")<br/>    deployment_immediacy = optional(string, "lazy")<br/>  }))</pre> | `[]` | no |
 
 ## Outputs

diff --git a/modules/terraform-aci-aaep/main.tf b/modules/terraform-aci-aaep/main.tf
@@ -1,8 +1,9 @@
 locals {
-  physical_domains   = [for dom in var.physical_domains : "uni/phys-${dom}"]
-  routed_domains     = [for dom in var.routed_domains : "uni/l3dom-${dom}"]
-  vmware_vmm_domains = [for dom in var.vmware_vmm_domains : "uni/vmmp-VMware/dom-${dom}"]
-  domains            = concat(local.physical_domains, local.routed_domains, local.vmware_vmm_domains)
+  physical_domains    = [for dom in var.physical_domains : "uni/phys-${dom}"]
+  routed_domains      = [for dom in var.routed_domains : "uni/l3dom-${dom}"]
+  vmware_vmm_domains  = [for dom in var.vmware_vmm_domains : "uni/vmmp-VMware/dom-${dom}"]
+  nutanix_vmm_domains = [for dom in var.nutanix_vmm_domains : "uni/vmmp-Nutanix/dom-${dom}"]
+  domains             = concat(local.physical_domains, local.routed_domains, local.vmware_vmm_domains, local.nutanix_vmm_domains)
 }
 
 resource "aci_rest_managed" "infraAttEntityP" {

diff --git a/modules/terraform-aci-aaep/variables.tf b/modules/terraform-aci-aaep/variables.tf
@@ -69,6 +69,19 @@ variable "vmware_vmm_domains" {
   }
 }
 
+variable "nutanix_vmm_domains" {
+  description = "Nutanix VMM Domains."
+  type        = list(string)
+  default     = []
+
+  validation {
+    condition = alltrue([
+      for ntxd in var.nutanix_vmm_domains : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", ntxd))
+    ])
+    error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64."
+  }
+}
+
 variable "endpoint_groups" {
   description = "List of application endpoint groups. Allowed values `vlan`, `primary_vlan`, `secondary_vlan`: `1` - `4096`. Choices `mode`: `regular`, `native`, `untagged`. Default value `mode`: `regular`. Choices `deployment_immediacy`: `immediate`, `lazy`. Default value `deployment_immediacy`: `lazy`."
   type = list(object({

diff --git a/modules/terraform-aci-endpoint-group/README.md b/modules/terraform-aci-endpoint-group/README.md
@@ -112,12 +112,14 @@ module "aci_endpoint_group" {
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
 | <a name="requirement_aci"></a> [aci](#requirement\_aci) | >= 2.0.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.4 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aci"></a> [aci](#provider\_aci) | >= 2.0.0 |
+| <a name="provider_null"></a> [null](#provider\_null) | >= 3.2.4 |
 
 ## Inputs
 
@@ -146,6 +148,7 @@ module "aci_endpoint_group" {
 | <a name="input_physical_domains"></a> [physical\_domains](#input\_physical\_domains) | List of physical domains. | `list(string)` | `[]` | no |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | List of subnets. Default value `public`: `false`. Default value `shared`: `false`. Default value `igmp_querier`: `false`. Default value `nd_ra_prefix`: `true`. Default value `no_default_gateway`: `false`. `nlb_mode` allowed values: `mode-mcast-igmp`, `mode-uc` or `mode-mcast-static`. | <pre>list(object({<br/>    description           = optional(string, "")<br/>    ip                    = string<br/>    public                = optional(bool, false)<br/>    shared                = optional(bool, false)<br/>    igmp_querier          = optional(bool, false)<br/>    nd_ra_prefix          = optional(bool, true)<br/>    no_default_gateway    = optional(bool, false)<br/>    nd_ra_prefix_policy   = optional(string, "")<br/>    ip_dataplane_learning = optional(bool, null)<br/>    ip_pools = optional(list(object({<br/>      name              = string<br/>      start_ip          = optional(string, "0.0.0.0")<br/>      end_ip            = optional(string, "0.0.0.0")<br/>      dns_search_suffix = optional(string, "")<br/>      dns_server        = optional(string, "")<br/>      dns_suffix        = optional(string, "")<br/>      wins_server       = optional(string, "")<br/>    })), [])<br/>    next_hop_ip = optional(string, "")<br/>    anycast_mac = optional(string, "")<br/>    nlb_group   = optional(string, "0.0.0.0")<br/>    nlb_mac     = optional(string, "00:00:00:00:00:00")<br/>    nlb_mode    = optional(string, "")<br/>  }))</pre> | `[]` | no |
 | <a name="input_vmware_vmm_domains"></a> [vmware\_vmm\_domains](#input\_vmware\_vmm\_domains) | List of VMware VMM domains. Default value `u_segmentation`: `false`. Default value `netflow`: `false`. Choices `deployment_immediacy`: `immediate`, `lazy`. Default value `deployment_immediacy`: `lazy`. Choices `resolution_immediacy`: `immediate`, `lazy`, `pre-provision`. Default value `resolution_immediacy`: `immediate`. Default value `allow_promiscuous`: `false`. Default value `forged_transmits`: `false`. Default value `mac_changes`: `false`. | <pre>list(object({<br/>    name                 = string<br/>    u_segmentation       = optional(bool, false)<br/>    delimiter            = optional(string, "")<br/>    vlan                 = optional(number)<br/>    primary_vlan         = optional(number)<br/>    secondary_vlan       = optional(number)<br/>    netflow              = optional(bool, false)<br/>    deployment_immediacy = optional(string, "lazy")<br/>    resolution_immediacy = optional(string, "immediate")<br/>    allow_promiscuous    = optional(bool, false)<br/>    forged_transmits     = optional(bool, false)<br/>    mac_changes          = optional(bool, false)<br/>    custom_epg_name      = optional(string, "")<br/>    elag                 = optional(string, "")<br/>    active_uplinks_order = optional(string, "")<br/>    standby_uplinks      = optional(string, "")<br/>  }))</pre> | `[]` | no |
+| <a name="input_nutanix_vmm_domains"></a> [nutanix\_vmm\_domains](#input\_nutanix\_vmm\_domains) | List of Nutanix VMM Domains. | <pre>list(object({<br/>    name                         = string<br/>    custom_epg_name              = optional(string, "")<br/>    ipam                         = optional(bool, false)<br/>    ipam_gateway                 = optional(string)<br/>    dhcp_server_address_override = optional(string)<br/>    dhcp_address_pool            = optional(string)<br/>    vlan                         = optional(number)<br/>    deployment_immediacy         = optional(string, "lazy")<br/>  }))</pre> | `[]` | no |
 | <a name="input_static_leafs"></a> [static\_leafs](#input\_static\_leafs) | List of static leaf switches. Allowed values `pod_id`: `1` - `255`. Default value `pod_id`: `1`. Allowed values `node_id`: `1` - `4000`. Allowed values `vlan`: `1` - `4096`. Choices `mode`: `regular`, `native`, `untagged`. Default value `mode`: `regular`. Choices `deployment_immediacy`: `immediate`, `lazy`. Default value `deployment_immediacy`: `immediate` | <pre>list(object({<br/>    pod_id               = optional(number, 1)<br/>    node_id              = number<br/>    vlan                 = number<br/>    mode                 = optional(string, "regular")<br/>    deployment_immediacy = optional(string, "immediate")<br/>  }))</pre> | `[]` | no |
 | <a name="input_static_ports"></a> [static\_ports](#input\_static\_ports) | List of static ports. Allowed values `node_id`, `node2_id`: `1` - `4000`. Allowed values `fex_id`, `fex2_id`: `101` - `199`. Allowed values `vlan`: `1` - `4096`. Allowed values `pod_id`: `1` - `255`. Default value `pod_id`: `1`. Allowed values `port`: `1` - `127`. Allowed values `sub_port`: `1` - `16`. Allowed values `module`: `1` - `9`. Default value `module`: `1`. Choices `deployment_immediacy`: `immediate`, `lazy`. Default value `deployment_immediacy`: `lazy`. Choices `mode`: `regular`, `native`, `untagged`. Default value `mode`: `regular`. | <pre>list(object({<br/>    description          = optional(string, "")<br/>    node_id              = number<br/>    node2_id             = optional(number)<br/>    fex_id               = optional(number)<br/>    fex2_id              = optional(number)<br/>    vlan                 = number<br/>    primary_vlan         = optional(number)<br/>    pod_id               = optional(number, 1)<br/>    port                 = optional(number)<br/>    sub_port             = optional(number)<br/>    module               = optional(number, 1)<br/>    channel              = optional(string)<br/>    deployment_immediacy = optional(string, "lazy")<br/>    mode                 = optional(string, "regular")<br/>    ptp_source_ip        = optional(string, "0.0.0.0")<br/>    ptp_mode             = optional(string, "multicast")<br/>    ptp_profile          = optional(string)<br/>  }))</pre> | `[]` | no |
 | <a name="input_static_endpoints"></a> [static\_endpoints](#input\_static\_endpoints) | List of static endpoints. Format `mac`: `12:34:56:78:9A:BC`. Choices `type`: `silent-host`, `tep`, `vep`. Allowed values `node_id`, `node2_id`: `1` - `4000`. Allowed values `vlan`: `1` - `4096`. Allowed values `pod_id`: `1` - `255`. Default value `pod_id`: `1`. Allowed values `port`: `1` - `127`. Allowed values `module`: `1` - `9`. Default value `module`: `1`. | <pre>list(object({<br/>    name           = optional(string, "")<br/>    alias          = optional(string, "")<br/>    mac            = string<br/>    ip             = optional(string, "0.0.0.0")<br/>    type           = string<br/>    node_id        = optional(number)<br/>    node2_id       = optional(number)<br/>    vlan           = optional(number)<br/>    pod_id         = optional(number, 1)<br/>    port           = optional(number)<br/>    module         = optional(number, 1)<br/>    channel        = optional(string)<br/>    additional_ips = optional(list(string), [])<br/>  }))</pre> | `[]` | no |
@@ -165,6 +168,7 @@ module "aci_endpoint_group" {
 | Name | Type |
 |------|------|
 | [aci_rest_managed.fvAEPg](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
+| [aci_rest_managed.fvAEPgAddrMgmtPoolAtt_vmm_nutanix](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.fvAEPgLagPolAtt](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.fvCepNetCfgPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.fvEpAnycast](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
@@ -176,6 +180,7 @@ module "aci_endpoint_group" {
 | [aci_rest_managed.fvRsCustQosPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.fvRsDomAtt](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.fvRsDomAtt_vmm](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
+| [aci_rest_managed.fvRsDomAtt_vmm_nutanix](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.fvRsIntraEpg](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.fvRsNdPfxPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.fvRsNodeAtt](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
@@ -205,4 +210,5 @@ module "aci_endpoint_group" {
 | [aci_rest_managed.tagInst](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.vmmSecP](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.vnsAddrInst](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
+| [null_resource.nutanix_vmm_ipam_disable](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 <!-- END_TF_DOCS -->
diff --git a/modules/terraform-aci-endpoint-group/main.tf b/modules/terraform-aci-endpoint-group/main.tf
@@ -522,6 +522,50 @@ resource "aci_rest_managed" "fvRsDomAtt_vmm" {
   }
 }
 
+resource "null_resource" "nutanix_vmm_ipam_disable" {
+  for_each = { for vmm_ntx in var.nutanix_vmm_domains : vmm_ntx.name => vmm_ntx }
+
+  triggers = {
+    ipam_disable = each.value.ipam != false ? "yes" : "no"
+  }
+}
+
+resource "aci_rest_managed" "fvRsDomAtt_vmm_nutanix" {
+  for_each   = { for vmm_ntx in var.nutanix_vmm_domains : vmm_ntx.name => vmm_ntx }
+  dn         = "${aci_rest_managed.fvAEPg.dn}/rsdomAtt-[uni/vmmp-Nutanix/dom-${each.value.name}]"
+  class_name = "fvRsDomAtt"
+  content = {
+    tDn              = "uni/vmmp-Nutanix/dom-${each.value.name}"
+    customEpgName    = each.value.custom_epg_name
+    encapMode        = "auto"
+    encap            = each.value.vlan != null ? "vlan-${each.value.vlan}" : "unknown"
+    instrImedcy      = each.value.deployment_immediacy
+    resImedcy        = "pre-provision"
+    switchingMode    = "native"
+    ipamEnabled      = each.value.ipam != false ? "yes" : "no"
+    ipamGateway      = each.value.ipam_gateway != null ? each.value.ipam_gateway : "0.0.0.0"
+    ipamDhcpOverride = each.value.dhcp_server_address_override != null ? each.value.dhcp_server_address_override : "0.0.0.0"
+  }
+  lifecycle {
+    replace_triggered_by = [null_resource.nutanix_vmm_ipam_disable[each.key]]
+  }
+}
+
+resource "aci_rest_managed" "fvAEPgAddrMgmtPoolAtt_vmm_nutanix" {
+  for_each   = { for vmm_ntx in var.nutanix_vmm_domains : vmm_ntx.name => vmm_ntx if vmm_ntx.ipam && vmm_ntx.dhcp_address_pool != null }
+  dn         = "${aci_rest_managed.fvAEPg.dn}/rsdomAtt-[uni/vmmp-Nutanix/dom-${each.value.name}]/epgipampoolatt"
+  class_name = "fvAEPgAddrMgmtPoolAtt"
+  content    = {}
+  child {
+    class_name = "fvRsAddrMgmtPool"
+    rn         = "rsAddrMgmtPool"
+    content = {
+      tDn = "uni/tn-${var.tenant}/ipampool-${each.value.dhcp_address_pool}"
+    }
+  }
+  depends_on = [aci_rest_managed.fvRsDomAtt_vmm_nutanix]
+}
+
 resource "aci_rest_managed" "fvUplinkOrderCont" {
   for_each   = { for vmm_vwm in var.vmware_vmm_domains : vmm_vwm.name => vmm_vwm if vmm_vwm.active_uplinks_order != "" || vmm_vwm.standby_uplinks != "" }
   dn         = "${aci_rest_managed.fvRsDomAtt_vmm[each.key].dn}/uplinkorder"