From 72c6d8de65809a76da6e87a607028c48b66be2be Mon Sep 17 00:00:00 2001 From: Justyna Chowaniec Date: Fri, 9 May 2025 22:04:30 +0200 Subject: [PATCH 1/3] add support for subinterfaces --- README.md | 7 +++ nxos_interface.tf | 144 +++++++++++++++++++++++++++++++++++++++++++++- nxos_ospf.tf | 2 +- nxos_pim.tf | 2 +- 4 files changed, 150 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index d4b40d1..4d68d25 100644 --- a/README.md +++ b/README.md @@ -109,9 +109,12 @@ module "nxos" { | [nxos_hmm.hmm](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/hmm) | resource | | [nxos_hmm_instance.hmm_instance](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/hmm_instance) | resource | | [nxos_hmm_interface.hmm_interface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/hmm_interface) | resource | +| [nxos_icmpv4_interface.subinterface_icmpv4_interface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/icmpv4_interface) | resource | +| [nxos_icmpv4_vrf.subinterface_icmpv4_vrf](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/icmpv4_vrf) | resource | | [nxos_ipv4_interface.ethernet_ipv4_interface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface) | resource | | [nxos_ipv4_interface.loopback_ipv4_interface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface) | resource | | [nxos_ipv4_interface.port_channel_ipv4_interface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface) | resource | +| [nxos_ipv4_interface.subinterface_ipv4_interface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface) | resource | | [nxos_ipv4_interface.svi_ipv4_interface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface) | resource | | [nxos_ipv4_interface_address.ethernet_ipv4_interface_address](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface_address) | resource | | [nxos_ipv4_interface_address.ethernet_ipv4_secondary_interface_address](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface_address) | resource | @@ -119,6 +122,8 @@ module "nxos" { | [nxos_ipv4_interface_address.loopback_ipv4_secondary_interface_address](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface_address) | resource | | [nxos_ipv4_interface_address.port_channel_ipv4_interface_address](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface_address) | resource | | [nxos_ipv4_interface_address.port_channel_ipv4_secondary_interface_address](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface_address) | resource | +| [nxos_ipv4_interface_address.subinterface_ipv4_interface_address](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface_address) | resource | +| [nxos_ipv4_interface_address.subinterface_ipv4_secondary_interface_address](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface_address) | resource | | [nxos_ipv4_interface_address.svi_ipv4_interface_address](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface_address) | resource | | [nxos_ipv4_interface_address.svi_ipv4_secondary_interface_address](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface_address) | resource | | [nxos_ipv4_prefix_list_rule.ipv4_prefix_list_rule](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_prefix_list_rule) | resource | @@ -158,6 +163,8 @@ module "nxos" { | [nxos_route_map_rule_entry_set_regular_community.route_map_rule_entry_set_regular_community](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/route_map_rule_entry_set_regular_community) | resource | | [nxos_route_map_rule_entry_set_regular_community_item.route_map_rule_entry_set_regular_community_item](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/route_map_rule_entry_set_regular_community_item) | resource | | [nxos_save_config.save_config](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/save_config) | resource | +| [nxos_subinterface.subinterface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/subinterface) | resource | +| [nxos_subinterface_vrf.subinterface_vrf](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/subinterface_vrf) | resource | | [nxos_svi_interface.svi_interface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/svi_interface) | resource | | [nxos_svi_interface_vrf.svi_interface_vrf](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/svi_interface_vrf) | resource | | [nxos_system.system](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/system) | resource | diff --git a/nxos_interface.tf b/nxos_interface.tf index c58a49a..23a3cc9 100644 --- a/nxos_interface.tf +++ b/nxos_interface.tf @@ -42,7 +42,7 @@ locals { urpf = try(int.urpf, local.interfaces_ethernets_group_config[format("%s/%s", device.name, int.id)].urpf, local.defaults.nxos.devices.configuration.interfaces.ethernets.urpf, null) ipv4_address = try(int.ipv4_address, local.interfaces_ethernets_group_config[format("%s/%s", device.name, int.id)].ipv4_address, local.defaults.nxos.devices.configuration.interfaces.ethernets.ipv4_address, null) ospf_process_name = try(int.ospf.process_name, local.interfaces_ethernets_group_config[format("%s/%s", device.name, int.id)].ospf.process_name, local.defaults.nxos.devices.configuration.interfaces.ethernets.ospf.process_name, null) - ospf_advertise_secondaries = try(int.ospf.advertise_secondaries, local.interfaces_ethernets_group_config[format("%s/%s", device.name, int.id)].ospf.advertise_secondaries, local.defaults.nxos.devices.configuration.interfaces.ethernets.ospf.advertise_secondaries, false) + ospf_advertise_secondaries = try(int.ospf.advertise_secondaries, local.interfaces_ethernets_group_config[format("%s/%s", device.name, int.id)].ospf.advertise_secondaries, local.defaults.nxos.devices.configuration.interfaces.ethernets.ospf.advertise_secondaries, true) ospf_area = try(int.ospf.area, local.interfaces_ethernets_group_config[format("%s/%s", device.name, int.id)].ospf.area, local.defaults.nxos.devices.configuration.interfaces.ethernets.ospf.area, null) ospf_bfd = try(int.ospf.bfd, local.interfaces_ethernets_group_config[format("%s/%s", device.name, int.id)].ospf.bfd, local.defaults.nxos.devices.configuration.interfaces.ethernets.ospf.bfd, null) ospf_cost = try(int.ospf.cost, local.interfaces_ethernets_group_config[format("%s/%s", device.name, int.id)].ospf.cost, local.defaults.nxos.devices.configuration.interfaces.ethernets.ospf.cost, null) @@ -148,6 +148,144 @@ resource "nxos_ipv4_interface_address" "ethernet_ipv4_secondary_interface_addres ] } +locals { + interfaces_subinterfaces_group = flatten([ + for device in local.devices : [ + for int in try(local.device_config[device.name].interfaces.subinterfaces, []) : { + key = format("%s/%s", device.name, int.id) + configuration = yamldecode(provider::utils::yaml_merge([for g in try(int.interface_groups, []) : try([for ig in local.interface_groups : yamlencode(ig.configuration) if ig.name == g][0], "")])) + } + ] + ]) + interfaces_subinterfaces_group_config = { + for int in local.interfaces_subinterfaces_group : int.key => int.configuration + } + interfaces_subinterfaces = flatten([ + for device in local.devices : [ + for int in try(local.device_config[device.name].interfaces.subinterfaces, []) : { + key = format("%s/%s", device.name, int.id) + device = device.name + id = int.id + type = "eth" + admin_state = try(int.admin_state, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].admin_state, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.admin_state, false) + bandwidth = try(int.bandwidth, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].bandwidth, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.bandwidth, null) + delay = try(int.delay, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].delay, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.delay, null) + description = try(int.description, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].description, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.description, null) + encap = try(int.vlan, null) != null ? "vlan-${int.vlan}" : try(local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].vlan, null) != null ? "vlan-${local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].vlan}" : null + layer3 = try(int.layer3, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].layer3, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.layer3, false) + link_logging = try(int.link_logging, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].link_logging, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.link_logging, null) + medium = try(int.medium, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].medium, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.medium, null) + mtu = try(int.mtu, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].mtu, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.mtu, null) + vrf = try(int.vrf, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].vrf, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.vrf, "default") + ip_unnumbered = try(int.ip_unnumbered, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ip_unnumbered, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ip_unnumbered, null) + urpf = try(int.urpf, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].urpf, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.urpf, null) + ipv4_address = try(int.ipv4_address, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ipv4_address, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ipv4_address, null) + ospf_process_name = try(int.ospf.process_name, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.process_name, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.process_name, null) + ospf_advertise_secondaries = try(int.ospf.advertise_secondaries, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.advertise_secondaries, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.advertise_secondaries, true) + ospf_area = try(int.ospf.area, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.area, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.area, null) + ospf_bfd = try(int.ospf.bfd, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.bfd, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.bfd, null) + ospf_cost = try(int.ospf.cost, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.cost, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.cost, null) + ospf_dead_interval = try(int.ospf.dead_interval, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.dead_interval, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.dead_interval, null) + ospf_hello_interval = try(int.ospf.hello_interval, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.hello_interval, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.hello_interval, null) + ospf_network_type = try(int.ospf.network_type, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.network_type, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.network_type, null) + ospf_passive = try(int.ospf.passive, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.passive, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.passive, null) + ospf_priority = try(int.ospf.priority, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.priority, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.priority, null) + ospf_authentication_key = try(int.ospf.authentication_key, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.authentication_key, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.authentication_key, null) + ospf_authentication_key_id = try(int.ospf.authentication_key_id, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.authentication_key_id, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.authentication_key_id, null) + ospf_authentication_key_secure_mode = try(int.ospf.authentication_key_secure_mode, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.authentication_key_secure_mode, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.authentication_key_secure_mode, false) + ospf_authentication_keychain = try(int.ospf.authentication_keychain, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.authentication_keychain, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.authentication_keychain, null) + ospf_authentication_md5_key = try(int.ospf.authentication_md5_key, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.authentication_md5_key, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.authentication_md5_key, null) + ospf_authentication_md5_key_secure_mode = try(int.ospf.authentication_md5_key_secure_mode, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.authentication_md5_key_secure_mode, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.authentication_md5_key_secure_mode, false) + ospf_authentication_type = try(int.ospf.authentication_type, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].ospf.authentication_type, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.ospf.authentication_type, null) + pim_admin_state = try(int.pim.admin_state, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].pim.admin_state, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.pim.admin_state, null) + pim_bfd = try(int.pim.bfd, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].pim.bfd, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.pim.bfd, null) + pim_dr_priority = try(int.pim.dr_priority, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].pim.dr_priority, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.pim.dr_priority, null) + pim_passive = try(int.pim.passive, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].pim.passive, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.pim.passive, null) + pim_sparse_mode = try(int.pim.sparse_mode, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].pim.sparse_mode, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.pim.sparse_mode, null) + port_channel = try(int.port_channel, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].port_channel, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.port_channel, null) + icmp_control = join(",", concat(try(int.icmp_redirect, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].icmp_redirect, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.icmp_redirect, null) == true ? ["redirect"] : [], try(int.icmp_unreachable, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].icmp_unreachable, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.icmp_unreachable, null) == true ? ["unreachable"] : [])) + } + ] + ]) + interfaces_subinterfaces_ipv4_secondary_addresses = flatten([ + for device in local.devices : [ + for int in try(local.device_config[device.name].interfaces.subinterfaces, []) : [ + for ip in try(int.ipv4_secondary_addresses, []) : { + key = format("%s/%s/%s", device.name, int.id, ip) + device = device.name + interface_key = format("%s/%s", device.name, int.id) + vrf = try(int.vrf, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].vrf, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.vrf, "default") + ip = ip + } + ] + ] + ]) +} +resource "nxos_subinterface" "subinterface" { + for_each = { for v in local.interfaces_subinterfaces : v.key => v } + device = each.value.device + interface_id = "eth${each.value.id}" + admin_state = each.value.admin_state ? "up" : "down" + bandwidth = each.value.bandwidth + delay = each.value.delay + description = each.value.description + encap = each.value.encap + link_logging = each.value.link_logging + medium = each.value.medium + mtu = each.value.mtu +} + +resource "nxos_subinterface_vrf" "subinterface_vrf" { + for_each = { for v in local.interfaces_subinterfaces : v.key => v if v.layer3 } + device = each.value.device + interface_id = nxos_subinterface.subinterface[each.key].interface_id + vrf_dn = "sys/inst-${each.value.vrf}" +} + +resource "nxos_ipv4_interface" "subinterface_ipv4_interface" { + for_each = { for v in local.interfaces_subinterfaces : v.key => v if v.layer3 } + device = each.value.device + vrf = each.value.vrf + interface_id = nxos_subinterface_vrf.subinterface_vrf[each.key].interface_id + unnumbered = each.value.ip_unnumbered + urpf = each.value.urpf + + depends_on = [nxos_ipv4_vrf.ipv4_vrf_default] +} + +resource "nxos_ipv4_interface_address" "subinterface_ipv4_interface_address" { + for_each = { for v in local.interfaces_subinterfaces : v.key => v if v.layer3 && v.ipv4_address != null } + device = each.value.device + vrf = each.value.vrf + interface_id = nxos_ipv4_interface.subinterface_ipv4_interface[each.key].interface_id + address = each.value.ipv4_address +} + +resource "nxos_ipv4_interface_address" "subinterface_ipv4_secondary_interface_address" { + for_each = { for v in local.interfaces_subinterfaces_ipv4_secondary_addresses : v.key => v } + device = each.value.device + vrf = each.value.vrf + interface_id = nxos_ipv4_interface.subinterface_ipv4_interface[each.value.interface_key].interface_id + address = each.value.ip + type = "secondary" + + depends_on = [ + nxos_ipv4_interface_address.subinterface_ipv4_interface_address + ] +} + +resource "nxos_icmpv4_vrf" "subinterface_icmpv4_vrf" { + for_each = { for v in local.interfaces_subinterfaces : v.key => v if v.icmp_control != [] } + vrf_name = each.value.vrf +} + +resource "nxos_icmpv4_interface" "subinterface_icmpv4_interface" { + for_each = { for v in local.interfaces_subinterfaces : v.key => v if v.icmp_control != [] } + vrf_name = each.value.vrf + interface_id = nxos_ipv4_interface.subinterface_ipv4_interface[each.value.key].interface_id + control = each.value.icmp_control +} + locals { interfaces_port_channels_group = flatten([ for device in local.devices : [ @@ -307,7 +445,7 @@ locals { vrf = try(int.vrf, local.interfaces_loopbacks_group_config[format("%s/%s", device.name, int.id)].vrf, local.defaults.nxos.devices.configuration.interfaces.loopbacks.vrf, "default") ipv4_address = try(int.ipv4_address, local.interfaces_loopbacks_group_config[format("%s/%s", device.name, int.id)].ipv4_address, local.defaults.nxos.devices.configuration.interfaces.loopbacks.ipv4_address, null) ospf_process_name = try(int.ospf.process_name, local.interfaces_loopbacks_group_config[format("%s/%s", device.name, int.id)].ospf.process_name, local.defaults.nxos.devices.configuration.interfaces.loopbacks.ospf.process_name, null) - ospf_advertise_secondaries = try(int.ospf.advertise_secondaries, local.interfaces_loopbacks_group_config[format("%s/%s", device.name, int.id)].ospf.advertise_secondaries, local.defaults.nxos.devices.configuration.interfaces.loopbacks.ospf.advertise_secondaries, false) + ospf_advertise_secondaries = try(int.ospf.advertise_secondaries, local.interfaces_loopbacks_group_config[format("%s/%s", device.name, int.id)].ospf.advertise_secondaries, local.defaults.nxos.devices.configuration.interfaces.loopbacks.ospf.advertise_secondaries, true) ospf_area = try(int.ospf.area, local.interfaces_loopbacks_group_config[format("%s/%s", device.name, int.id)].ospf.area, local.defaults.nxos.devices.configuration.interfaces.loopbacks.ospf.area, null) ospf_bfd = try(int.ospf.bfd, local.interfaces_loopbacks_group_config[format("%s/%s", device.name, int.id)].ospf.bfd, local.defaults.nxos.devices.configuration.interfaces.loopbacks.ospf.bfd, null) ospf_cost = try(int.ospf.cost, local.interfaces_loopbacks_group_config[format("%s/%s", device.name, int.id)].ospf.cost, local.defaults.nxos.devices.configuration.interfaces.loopbacks.ospf.cost, null) @@ -423,7 +561,7 @@ locals { mtu = try(int.mtu, local.interfaces_vlans_group_config[format("%s/%s", device.name, int.id)].mtu, local.defaults.nxos.devices.configuration.interfaces.vlans.mtu, null) fabric_forwarding_mode = try(int.fabric_forwarding_mode, local.interfaces_vlans_group_config[format("%s/%s", device.name, int.id)].fabric_forwarding_mode, local.defaults.nxos.devices.configuration.interfaces.vlans.fabric_forwarding_mode, null) ospf_process_name = try(int.ospf.process_name, local.interfaces_vlans_group_config[format("%s/%s", device.name, int.id)].ospf.process_name, local.defaults.nxos.devices.configuration.interfaces.vlans.ospf.process_name, null) - ospf_advertise_secondaries = try(int.ospf.advertise_secondaries, local.interfaces_vlans_group_config[format("%s/%s", device.name, int.id)].ospf.advertise_secondaries, local.defaults.nxos.devices.configuration.interfaces.vlans.ospf.advertise_secondaries, false) + ospf_advertise_secondaries = try(int.ospf.advertise_secondaries, local.interfaces_vlans_group_config[format("%s/%s", device.name, int.id)].ospf.advertise_secondaries, local.defaults.nxos.devices.configuration.interfaces.vlans.ospf.advertise_secondaries, true) ospf_area = try(int.ospf.area, local.interfaces_vlans_group_config[format("%s/%s", device.name, int.id)].ospf.area, local.defaults.nxos.devices.configuration.interfaces.vlans.ospf.area, null) ospf_bfd = try(int.ospf.bfd, local.interfaces_vlans_group_config[format("%s/%s", device.name, int.id)].ospf.bfd, local.defaults.nxos.devices.configuration.interfaces.vlans.ospf.bfd, null) ospf_cost = try(int.ospf.cost, local.interfaces_vlans_group_config[format("%s/%s", device.name, int.id)].ospf.cost, local.defaults.nxos.devices.configuration.interfaces.vlans.ospf.cost, null) diff --git a/nxos_ospf.tf b/nxos_ospf.tf index 96d1f09..6744f48 100644 --- a/nxos_ospf.tf +++ b/nxos_ospf.tf @@ -95,7 +95,7 @@ resource "nxos_ospf_area" "ospf_area" { } locals { - ospf_interfaces = concat(local.interfaces_ethernets, local.interfaces_loopbacks, local.interfaces_vlans, local.interfaces_port_channels) + ospf_interfaces = concat(local.interfaces_ethernets, local.interfaces_subinterfaces, local.interfaces_loopbacks, local.interfaces_vlans, local.interfaces_port_channels) } resource "nxos_ospf_interface" "ospf_interface" { diff --git a/nxos_pim.tf b/nxos_pim.tf index f0182f9..a9dd558 100644 --- a/nxos_pim.tf +++ b/nxos_pim.tf @@ -115,7 +115,7 @@ resource "nxos_pim_anycast_rp_peer" "pim_anycast_rp_peer" { } locals { - pim_interfaces = concat(local.interfaces_ethernets, local.interfaces_loopbacks, local.interfaces_vlans, local.interfaces_port_channels) + pim_interfaces = concat(local.interfaces_ethernets, local.interfaces_subinterfaces, local.interfaces_loopbacks, local.interfaces_vlans, local.interfaces_port_channels) } resource "nxos_pim_interface" "pim_interface" { From 5b9ab7356dab59536e8bdf706e31999cac3dacad Mon Sep 17 00:00:00 2001 From: Justyna Chowaniec Date: Sat, 10 May 2025 18:00:25 +0200 Subject: [PATCH 2/3] add dhcp relay support for subineterfaces --- nxos_interface.tf | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/nxos_interface.tf b/nxos_interface.tf index 23a3cc9..e86c3a2 100644 --- a/nxos_interface.tf +++ b/nxos_interface.tf @@ -220,6 +220,28 @@ locals { ] ] ]) + interfaces_subinterfaces_dhcp_relay = flatten([ + for device in local.devices : [ + for int in try(local.device_config[device.name].interfaces.subinterfaces, []) : [{ + key = format("%s/%s", device.name, int.id) + device = device.name + interface_key = format("%s/%s", device.name, int.id) + }] if length(try(int.dhcp_relay.addresses, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].dhcp_relay.addresses, [])) > 0 + ] + ]) + interfaces_subinterfaces_dhcp_relay_addresses = flatten([ + for device in local.devices : [ + for int in try(local.device_config[device.name].interfaces.subinterfaces, []) : [ + for address in try(int.dhcp_relay.addresses, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].dhcp_relay.addresses, []) : { + key = format("%s/%s/%s", device.name, int.id, address.ip) + device = device.name + address = address.ip + vrf = try(address.vrf, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].address.vrf, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.vrf, "unspecified") == try(int.vrf, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].vrf) ? "unspecified" : try(address.vrf, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].address.vrf, "unspecified") + interface_key = format("%s/%s", device.name, int.id) + } + ] + ] + ]) } resource "nxos_subinterface" "subinterface" { for_each = { for v in local.interfaces_subinterfaces : v.key => v } @@ -284,8 +306,31 @@ resource "nxos_icmpv4_interface" "subinterface_icmpv4_interface" { vrf_name = each.value.vrf interface_id = nxos_ipv4_interface.subinterface_ipv4_interface[each.value.key].interface_id control = each.value.icmp_control + + depends_on = [ + nxos_icmpv4_vrf.subinterface_icmpv4_vrf + ] +} + +resource "nxos_dhcp_relay_interface" "subinterface_dhcp_relay_interface" { + for_each = { for v in local.interfaces_subinterfaces_dhcp_relay : v.key => v } + device = each.value.device + interface_id = nxos_ipv4_interface.subinterface_ipv4_interface[each.value.interface_key].interface_id +} + +resource "nxos_dhcp_relay_address" "subinterface_dhcp_relay_address" { + for_each = { for v in local.interfaces_subinterfaces_dhcp_relay_addresses : v.key => v } + device = each.value.device + interface_id = nxos_ipv4_interface.subinterface_ipv4_interface[each.value.interface_key].interface_id + vrf = each.value.vrf + address = each.value.address + + depends_on = [ + nxos_dhcp_relay_interface.subinterface_dhcp_relay_interface + ] } + locals { interfaces_port_channels_group = flatten([ for device in local.devices : [ From 4f1ea63d9395c568d1dd97f75b23bec92367318f Mon Sep 17 00:00:00 2001 From: Justyna Chowaniec Date: Mon, 12 May 2025 13:09:28 +0200 Subject: [PATCH 3/3] formatting --- README.md | 2 ++ nxos_interface.tf | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4d68d25..af7e470 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,8 @@ module "nxos" { | [nxos_bgp_route_redistribution.bgp_route_redistribution](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/bgp_route_redistribution) | resource | | [nxos_bgp_vrf.bgp_vrf](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/bgp_vrf) | resource | | [nxos_bridge_domain.bridge_domain](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/bridge_domain) | resource | +| [nxos_dhcp_relay_address.subinterface_dhcp_relay_address](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/dhcp_relay_address) | resource | +| [nxos_dhcp_relay_interface.subinterface_dhcp_relay_interface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/dhcp_relay_interface) | resource | | [nxos_ethernet.ethernet](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ethernet) | resource | | [nxos_evpn.evpn](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/evpn) | resource | | [nxos_evpn_vni.evpn_vni](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/evpn_vni) | resource | diff --git a/nxos_interface.tf b/nxos_interface.tf index e86c3a2..622837b 100644 --- a/nxos_interface.tf +++ b/nxos_interface.tf @@ -235,7 +235,7 @@ locals { for address in try(int.dhcp_relay.addresses, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].dhcp_relay.addresses, []) : { key = format("%s/%s/%s", device.name, int.id, address.ip) device = device.name - address = address.ip + address = address.ip vrf = try(address.vrf, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].address.vrf, local.defaults.nxos.devices.configuration.interfaces.subinterfaces.vrf, "unspecified") == try(int.vrf, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].vrf) ? "unspecified" : try(address.vrf, local.interfaces_subinterfaces_group_config[format("%s/%s", device.name, int.id)].address.vrf, "unspecified") interface_key = format("%s/%s", device.name, int.id) }