-
Notifications
You must be signed in to change notification settings - Fork 2
/
ise.configuration.yaml
162 lines (138 loc) · 5.2 KB
/
ise.configuration.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
---
# ⟁ Wait for ISE Application Server to be available after [re]boot
- name: Test for ISE Application Server Initialization
ansible.builtin.include_tasks: tasks/ise_initialized.yaml
# ⟁ Verify APIs are enabled *before* gathering facts and configuring
- name: Enable ISE ERS & OpenAPIs
ansible.builtin.include_tasks: tasks/ise_apis_enabled.yaml
- name: Include Repositories
ansible.builtin.include_vars: vars/repositories.yaml
tags:
- repository
- name: Create Repositories
when: repositories is defined and repositories | count > 0
loop: "{{ repositories }}"
ansible.builtin.include_tasks: tasks/repository.create.yaml
ignore_errors: true
tags:
- repository
- name: Create RADIUS Probes - identity_group and internal_users
ansible.builtin.include_tasks: tasks/radius_probes.yaml
ignore_errors: true
tags:
- internal_user
- name: Create Internal Users
block:
- name: Include Internal Users
ansible.builtin.include_vars: vars/internal_users.yaml
- name: Create Internal Users
loop: "{{ internal_users }}"
ansible.builtin.include_tasks: tasks/internal_user.create.yaml
ignore_errors: true
tags:
- internal_user
#----------------------------------------------------------------------------
# Network Device Groups
#----------------------------------------------------------------------------
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# 🐞 ISE 3.2.0.542 `networkdevicegroup` create fails.
# 🐞 It does not support the `othername` attribute.
# 🐞 It says it wants the `ndgtype` attribute that it does not recognize
# 💡 Fixed in ISE 3.2 + Patch 2 and later
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- name: Create network_device_groups
block:
- name: Include network_device_groups
ansible.builtin.include_vars: vars/network_device_groups.yaml
- name: Create Network Device Groups
loop: "{{ network_device_groups }}"
ansible.builtin.include_tasks: tasks/network_device_group.create.yaml
ignore_errors: true
tags:
- network_device
- network_device_group
- name: Create network_devices
block:
- name: Include demo network_devices
ansible.builtin.include_vars: vars/network_devices.yaml
- name: Create network_devices
when: network_devices is defined and network_devices | count > 0
loop: "{{ network_devices }}"
ansible.builtin.include_tasks: tasks/network_device.create.yaml
ignore_errors: true
tags:
- network_device
- name: Get All Meraki Devices in the Org+Network
delegate_to: localhost
cisco.meraki.meraki_device:
state: query
org_name: "{{ meraki_org_name }}"
net_name: "{{ meraki_lab_net_name }}"
register: meraki_devices
#---------------------------------------------------
# Example output
#---------------------------------------------------
# - configuration_updated_at: '2022-09-21T22:14:34Z'
# firmware: wireless-28-7-1
# lan_ip: 192.168.101.4
# lat: 37.0000000000000
# lng: -122.0000000000000
# mac: 2c:3f:0b:56:e3:6c
# model: MR46
# name: lab-mr46-1
# network_id: L_585467371558187322
# notes: ''
# product_type: wireless
# serial: Q3AC-JCYG-3NL5
#---------------------------------------------------
# - name: Show meraki_devices
# ansible.builtin.debug: var=meraki_devices
#
# Add Meraki Devices to ISE
#
- name: Add Meraki Network Devices to ISE
delegate_to: localhost
loop: "{{ meraki_devices.data }}"
when: item.lan_ip is defined # APs and Switches
cisco.ise.network_device:
ise_hostname: "{{ ansible_host }}"
ise_username: "{{ ise_username }}"
ise_password: "{{ ise_password }}"
ise_verify: "{{ ise_verify }}"
ise_debug: "{{ ise_debug }}"
state: "{{ item.state | default('present') }}"
name: "{{ item.name }}"
description: "{{ item.firmware | default('')}}"
profileName: "{{ item.profileName | default('Cisco') }}"
modelName: "{{ item.modelName | default( omit ) }}"
softwareVersion: "{{ item.softwareVersion | default( omit ) }}"
NetworkDeviceIPList:
- ipaddress: "{{ item.lan_ip }}"
mask: 32
NetworkDeviceGroupList: "{{ item.network_device_groups | default( omit ) }}"
authenticationSettings:
networkProtocol: RADIUS
radiusSharedSecret: "{{ radius_secret }}"
coaPort: "{{ item.coaPort | default(1700) }}"
ignore_errors: true
- name: Endpoint Groups
block:
- name: Include Endpoint Groups
ansible.builtin.include_vars: vars/endpoint_groups.yaml
- name: Create Endpoint Groups
loop: "{{ endpoint_groups }}"
ansible.builtin.include_tasks: tasks/endpoint_group.create.yaml
ignore_errors: true
tags:
- endpoint
- name: Create Endpoints
block:
- name: Include Endpoints
ansible.builtin.include_vars: vars/endpoints.yaml
- name: Create Endpoints
loop: "{{ endpoints }}"
ansible.builtin.include_tasks: tasks/endpoint.create.yaml
ignore_errors: true
tags:
- endpoint
...