Meraki

Archie98

Hello Meraki Community,

I am currently working on configuring Spanning Tree Protocol (STP) settings for my Meraki switches using Terraform, but I have run into some challenges that I hope to get some advice on.

Background

I am trying to set up STP configurations for different types of switches in my Meraki network, specifically for access, core, and external switches. The configurations need to handle both stacked and standalone switches.

Current Setup

I have implemented a Terraform configuration that attempts to create a single meraki_switch_stp resource with conditional logic to determine whether to use switch serial numbers or stack IDs based on whether the switches are stacked.

Here’s a simplified snippet of my Terraform configuration:

resource "meraki_switch_stp" "example" {
network_id = jsondecode(data.aws_secretsmanager_secret_version.meraki_network_id.secret_string)[var.meraki_network_id]
rstp_enabled = true

stp_bridge_priority = [
{
stp_priority = var.access_stp_priority
switches = var.enable_access_switch_stack ? [] : [
jsondecode(data.aws_secretsmanager_secret_version.meraki_switch_serials.secret_string)[var.access_switch1_serial],
jsondecode(data.aws_secretsmanager_secret_version.meraki_switch_serials.secret_string)[var.access_switch2_serial]
]
stacks = var.enable_access_switch_stack ? [
jsondecode(data.aws_secretsmanager_secret_version.stack_ids.secret_string)[var.access_stack_id]
] : []
},
# Repeated configurations for core and external switches...
]
}

Issue Encountered

When I run terraform apply, I receive the following error:
Error: Client Error
Failed to configure object (POST/PUT), got error: HTTP Request failed: StatusCode 400, JSON error: ["Each STP configuration must correspond to at least one switch or switch stack."]

It seems that when I enable stacking for either access or core switches, the corresponding switches list ends up empty, leading to the API rejection. (Although it still corresponds to a switch stack...)

Previous Attempts

I have attempted to create multiple resources for each scenario i.e.:

core-stack-stp-configuration
access-stack-stp-configuration
core-switch-stp-configuration
access-switch-stp-configuration
external-switch-stp-configuration (Never stacked)

And used a count argument to decide whether the stack resource is deployed or non stack resource, i.e.

If enable_core_switch_stack = True
Delpoy:
core-stack-stp-configuration

If enable_core_switch_stack = False
Deploy:

core-switch-stp-configuration

However they continue to overwrite each other leaving me with just the external switches assigned with an STP priority.

Request for Advice

I would appreciate any insights or suggestions on the following:

How to ensure that at least one switch or stack is included in the configuration without leading to an empty list.
Best practices for structuring the Terraform resource to handle both stacked and standalone configurations effectively.
Any experiences or tips you might have when working with the Meraki API and Terraform for STP configurations.

Thank you for your help!

Archie 🙂

Archie98

Hi People!

For what it's worth for_each was also tried but no luck.

The way I managed to get this resoucre working was by using a single resource (It doesnt seem multiple resources can be used for the "meraki_switch_stp" resource)

And unfortunately I had to remove the programmability of the resource and simply point to either a S/N or stack ID per device/stack. This meant that this resource couldnt reside in the module as different sites had diferent setups. Therefore a seperate folder was created per site for "global variables" which was ran seperately from the bulk/main configuration.

See below:

resource "meraki_switch_stp" "combined_stp_configuration" {

network_id = jsondecode(data.aws_secretsmanager_secret_version.meraki_network_id.secret_string)[var.meraki_network_id]

rstp_enabled = true

stp_bridge_priority = [

# Core stack priority

{

stp_priority = var.core_stp_priority

stacks = [jsondecode(data.aws_secretsmanager_secret_version.stack_ids.secret_string)[var.core_stack_id]]

},

# Access stack priority

{

stp_priority = var.access_stp_priority

stacks = [jsondecode(data.aws_secretsmanager_secret_version.stack_ids.secret_string)[var.access_stack_id]]

},

# External switch 1 priority

{

stp_priority = var.ext_stp_priority_1

switches = [

jsondecode(data.aws_secretsmanager_secret_version.meraki_switch_serials.secret_string)[var.external_switch1_serial]

]

},

# External switch 2 priority

{

stp_priority = var.ext_stp_priority_2

switches = [

jsondecode(data.aws_secretsmanager_secret_version.meraki_switch_serials.secret_string)[var.external_switch2_serial]

]

}

]

}

Archie

View solution in original post

alemabrahao

To ensure that at least one switch or stack is included in your configuration, you can use Terraform conditional expressions more efficiently.

To handle stacked and standalone configurations effectively, consider creating separate resources for stacked and standalone switches to avoid conflicts and ensure clarity, and use count or for_each with conditional logic to dynamically create resources based on your variables.

General MS Best Practices - Cisco Meraki Documentation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Archie98

Hi alemabrahao,

I thoroughly appreciate your rapid response and advice, however this solution doesnt seem to work and was actually the first option I attempted as mentioned under "Previous Attempts" in my original post.

Resources:

resource "meraki_switch_stp" "core-stack-stp-configuration" {
count = var.enable_core_switch_stack && var.core_stp_priority != null ? 1 : 0
network_id = jsondecode(data.aws_secretsmanager_secret_version.meraki_network_id.secret_string)[var.meraki_network_id]
rstp_enabled = true
stp_bridge_priority = [
{
stp_priority = var.core_stp_priority
stacks = [jsondecode(data.aws_secretsmanager_secret_version.stack_ids.secret_string)[var.core_stack_id]]
}
]
}

resource "meraki_switch_stp" "access-stack-stp-configuration" {
count = var.enable_access_switch_stack && var.access_stp_priority != null ? 1 : 0
network_id = jsondecode(data.aws_secretsmanager_secret_version.meraki_network_id.secret_string)[var.meraki_network_id]
rstp_enabled = true
stp_bridge_priority = [
{
stp_priority = var.access_stp_priority
stacks = [jsondecode(data.aws_secretsmanager_secret_version.stack_ids.secret_string)[var.access_stack_id]]
}
]
}

resource "meraki_switch_stp" "core-switch-stp-configuration" {
count = !var.enable_core_switch_stack && var.core_stp_priority != null && var.core_switch1_serial != "" && var.core_switch2_serial != "" ? 1 : 0
network_id = jsondecode(data.aws_secretsmanager_secret_version.meraki_network_id.secret_string)[var.meraki_network_id]
rstp_enabled = true
stp_bridge_priority = [
{
stp_priority = var.core_stp_priority
switches = [
jsondecode(data.aws_secretsmanager_secret_version.meraki_switch_serials.secret_string)[var.core_switch1_serial],
jsondecode(data.aws_secretsmanager_secret_version.meraki_switch_serials.secret_string)[var.core_switch2_serial]
]
}
]
}

resource "meraki_switch_stp" "access-switch-stp-configuration" {
count = !var.enable_access_switch_stack && var.access_stp_priority != null && var.access_switch1_serial != "" && var.access_switch2_serial != "" ? 1 : 0
network_id = jsondecode(data.aws_secretsmanager_secret_version.meraki_network_id.secret_string)[var.meraki_network_id]
rstp_enabled = true
stp_bridge_priority = [
{
stp_priority = var.access_stp_priority
switches = [
jsondecode(data.aws_secretsmanager_secret_version.meraki_switch_serials.secret_string)[var.access_switch1_serial],
jsondecode(data.aws_secretsmanager_secret_version.meraki_switch_serials.secret_string)[var.access_switch2_serial]
]
}
]
}

resource "meraki_switch_stp" "external-switch-stp-configuration" {
count = var.ext_stp_priority != null && var.external_switch1_serial != "" && var.external_switch2_serial != "" ? 1 : 0
network_id = jsondecode(data.aws_secretsmanager_secret_version.meraki_network_id.secret_string)[var.meraki_network_id]
rstp_enabled = true
stp_bridge_priority = [
{
stp_priority = var.ext_stp_priority
switches = [
jsondecode(data.aws_secretsmanager_secret_version.meraki_switch_serials.secret_string)[var.external_switch1_serial],
jsondecode(data.aws_secretsmanager_secret_version.meraki_switch_serials.secret_string)[var.external_switch2_serial]
]
}
]
}

The first two resources (core-stack-stp-configuration and access-stack-stp-configuration) are conditionally created based on their respective stack enabling variables.
The next two resources (core-switch-stp-configuration and access-switch-stp-configuration) are conditionally created based on the disabling of their respective stacks and additional checks for priority and serials.
The last resource (external-switch-stp-configuration) is simply based on the presence of non-null priority and non-empty serials.

See attached:
varibles being parsed = stp_variables.png

successfull terraform apply = terraform_apply1.png & terraform_apply2.png
GUI output = gui_output

Sorry for the information dump!

Thanks,
Archiegui_outputstp_variablesterraform_apply1terraform_apply2

alemabrahao

Instead of using count, try using for_each to dynamically create resources based on a list of configurations.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Archie98

Hi People!

For what it's worth for_each was also tried but no luck.

The way I managed to get this resoucre working was by using a single resource (It doesnt seem multiple resources can be used for the "meraki_switch_stp" resource)

And unfortunately I had to remove the programmability of the resource and simply point to either a S/N or stack ID per device/stack. This meant that this resource couldnt reside in the module as different sites had diferent setups. Therefore a seperate folder was created per site for "global variables" which was ran seperately from the bulk/main configuration.

See below:

resource "meraki_switch_stp" "combined_stp_configuration" {

network_id = jsondecode(data.aws_secretsmanager_secret_version.meraki_network_id.secret_string)[var.meraki_network_id]

rstp_enabled = true

stp_bridge_priority = [

# Core stack priority

{

stp_priority = var.core_stp_priority

stacks = [jsondecode(data.aws_secretsmanager_secret_version.stack_ids.secret_string)[var.core_stack_id]]

},

# Access stack priority

{

stp_priority = var.access_stp_priority

stacks = [jsondecode(data.aws_secretsmanager_secret_version.stack_ids.secret_string)[var.access_stack_id]]

},

# External switch 1 priority

{

stp_priority = var.ext_stp_priority_1

switches = [

jsondecode(data.aws_secretsmanager_secret_version.meraki_switch_serials.secret_string)[var.external_switch1_serial]

]

},

# External switch 2 priority

{

stp_priority = var.ext_stp_priority_2

switches = [

jsondecode(data.aws_secretsmanager_secret_version.meraki_switch_serials.secret_string)[var.external_switch2_serial]

]

}

]

}

Archie

Meraki

Community

Assistance Needed with Meraki STP Configuration via Terraform

Assistance Needed with Meraki STP Configuration via Terraform

Background

Current Setup

Issue Encountered

Previous Attempts

Request for Advice