Cisco Identity Services Engine (ISE) playbooks and roles for ISE automated deployment and configuration in labs and demos featured in the Cisco ISE Webinar, ISE Eternal Evaluation for Your Lab.
-
Clone this repository:
git clone https://github.com/1homas/ISE_Ansible_Sandbox.git
-
cd
into the repository on your local computercd ISE_Ansible_Sandbox
-
Install a local Python virtual environment with Ansible and other required packages:
python_environment_install.sh
⚠ Installing Ansible using Linux packages (
sudo apt install ansible
) may info in a much older version of Ansible being installed. 💡 Installing Ansible with Python packages will get you the latest. 💡 If you have any problems installing Python or Ansible, see Installing Ansible. -
Launch your virtual Python environment view your installed Python packages:
pipenv shell # virtual Python environment pip list # view installed Python packages
-
Export any environment variables that you need into your terminal shell environment:
export PROJECT=ISEEE # used to tag resources export ISE_REST_USERNAME=iseadmin # 💡 ISE 3.2+ cloud instances use `iseadmin` export ISE_REST_PASSWORD=C1sco12345 # ISE AAA Pre-Shared Keys export ISE_RADIUS_SECRET=C1sco12345 export ISE_TACACS_SECRET=C1sco12345 # ISE Sponsor Account for guestuser API export ISE_GUEST_SPONSOR_USERNAME=guest_api_sponsor export ISE_GUEST_SPONSOR_PASSWORD=C1sco12345 # Optional variables for the cisco.ise Ansible modules export ISE_VERIFY=False # optional, defaults to True export ISE_VERSION=3.1_Patch_1 # optional, defaults to 3.1_Patch_1 export ISE_WAIT_ON_RATE_LIMIT=True # optional, defaults to True export ISE_USES_API_GATEWAY=True # optional, defaults to True export ISE_DEBUG=False # optional, defaults to False export SSH_DIRECTORY=~/.ssh export SSH_KEY=id_rsa export SSH_KEY_PASSPHRASE=$SSH_KEY
or you may edit and
source
these variables from one or more files in your~/.secrets
directory :source ~/.secrets/aws.sh source ~/.secrets/iseee.sh source ~/.secrets/ise_dcloud.sh source ~/.secrets/ise_repository.sh
💡 The cisco.ise Ansible modules will automatically use the
ISE_REST_USERNAME
,ISE_REST_PASSWORD
andISE_VERIFY
variables so you do not need to reference them in your tasks! 💡 Add one or more spaces before theexport
commands to prevent these commands with your secrets from being saved to your shell history -
If you plan to use SSH keys for communicating with ISE or other servers, generate your local SSH key per
project_name
:ansible-playbook ssh_key_local.yaml
-
Edit the Ansible
inventory
directory to align with your ISE environment:- If you are using a static Ansible inventory file (
ise.yaml
), edit the file to specify the static IP address of your ISE node(s). - Rename the respective inventory filenames with or without a prefixed
.
to be excluded (.
prefix) or included (no.
prefix) by the Ansible inventory. If you are not sure, just use the staticise.yaml
file be default. - Rename the respective
inventory/group_vars/
filenames with or without a prefixed.
for in/exclusion.
- If you are using a static Ansible inventory file (
The ISE Eternal Evaluation (ISEEE) is meant to showcase many of the ISE application lifecycle operations using REST APIs and automation in a lab or proof of concept environment.
-
Edit the
project_name
invars/iseee.yaml
to your desired name - it will be used to tag any cloud resources:project_name: iseee # used for tagging all VPCs and resources stage: demo # ['demo','test','staging','production']
This is a convenience playbook to combine into a single playbook many different DevOps operations with their own respective playbooks. This makes it convenient to run a single or multiple playbooks using the iseee.yaml
playbook with one or more tags.
ansible-playbook iseee.yaml --ask-pass # run all of the included playbooks and ask for the SSH key password
ansible-playbook iseee.yaml -v # 💡 verbosity == 1 shows all task output automatically
ansible-playbook iseee.yaml --tags ssh --ask-pass # generate local SSH keys
ansible-playbook iseee.yaml --tags provision,deploy,licensing,facts,patch,certificates,configure
ansible-playbook iseee.yaml --tags deploy
ansible-playbook iseee.yaml --tags licensing
ansible-playbook iseee.yaml --tags password_reset --ask-pass # Requires SSH key for CLI password change
ansible-playbook iseee.yaml --tags facts
ansible-playbook iseee.yaml --tags patch
ansible-playbook iseee.yaml --tags certificates
ansible-playbook iseee.yaml --tags configure
ansible-playbook iseee.yaml --tags backup
ansible-playbook iseee.yaml --tags restore
ansible-playbook iseee.yaml --tags extend
ansible-playbook iseee.yaml --tags destroy
Ansible playbooks for use with labs in Cisco dCloud.
-
Rename and customize the dcloud inventory files (
inventory/dcloud_ise_*.yaml
) to match your dCloud lab:dcloud_ise.yaml
# for a single ISE node onlydcloud_ise_sandbox_lab.yaml
# for a complete dCloud lab
-
Review and customize the Ansible playbooks
dcloud.*.yaml
with the roles and tasks you want to execute and run them:ansible-playbook dcloud.ise_sandbox_deploy.yaml ansible-playbook dcloud.ise_sandbox_configure.yaml
This playbook with iterate through all resources of an ISE deployment, show them, and save them to YAML files. You may also limit the resources shown using the --tags {tag,[tag,...]}
option.
💡 Use
-v
option for verbosity level 1 to show all task output automatically for any Ansible playbook!
ansible-playbook ise.show.yaml
ansible-playbook ise.show.yaml -v
ansible-playbook ise.show.yaml --tags endpoint_groups
ansible-playbook ise.show.yaml --tags endpoints
ansible-playbook ise.show.yaml --tags policy
This repository is licensed under the MIT License.