Skip to content

Cisco Identity Services Engine (ISE) playbooks and roles for ISE automated deployment and configuration in labs and demos, beginning with the ISE Eternal Evaluation (ISEEE)..

License

Notifications You must be signed in to change notification settings

1homas/ISE_Ansible_Sandbox

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ISE Ansible Sandbox

Cisco Identity Services Engine (ISE) playbooks and roles for ISE automated deployment and configuration in labs and demos featured in the Cisco ISE Webinar, ISE Eternal Evaluation for Your Lab. 20230803 ISE Eternal Evaluation for Your Lab in YouTube

Quick Start

  1. Clone this repository:

    git clone https://github.com/1homas/ISE_Ansible_Sandbox.git
  2. cd into the repository on your local computer

    cd ISE_Ansible_Sandbox
  3. Install a local Python virtual environment with Ansible and other required packages:

    python_environment_install.sh

    ⚠ Installing Ansible using Linux packages (sudo apt install ansible) may info in a much older version of Ansible being installed. 💡 Installing Ansible with Python packages will get you the latest. 💡 If you have any problems installing Python or Ansible, see Installing Ansible.

  4. Launch your virtual Python environment view your installed Python packages:

    pipenv shell    # virtual Python environment 
    pip list        # view installed Python packages
  5. Export any environment variables that you need into your terminal shell environment:

    export PROJECT=ISEEE                   # used to tag resources
    
    export ISE_REST_USERNAME=iseadmin           # 💡 ISE 3.2+ cloud instances use `iseadmin`
    export ISE_REST_PASSWORD=C1sco12345
    
    # ISE AAA Pre-Shared Keys
    export ISE_RADIUS_SECRET=C1sco12345
    export ISE_TACACS_SECRET=C1sco12345
    
    # ISE Sponsor Account for guestuser API
    export ISE_GUEST_SPONSOR_USERNAME=guest_api_sponsor
    export ISE_GUEST_SPONSOR_PASSWORD=C1sco12345
    
    # Optional variables for the cisco.ise Ansible modules
    export ISE_VERIFY=False # optional, defaults to True
    export ISE_VERSION=3.1_Patch_1 # optional, defaults to 3.1_Patch_1
    export ISE_WAIT_ON_RATE_LIMIT=True # optional, defaults to True
    export ISE_USES_API_GATEWAY=True # optional, defaults to True
    export ISE_DEBUG=False # optional, defaults to False
    
    export SSH_DIRECTORY=~/.ssh
    export SSH_KEY=id_rsa
    export SSH_KEY_PASSPHRASE=$SSH_KEY

    or you may edit and source these variables from one or more files in your ~/.secrets directory :

    source ~/.secrets/aws.sh
    source ~/.secrets/iseee.sh
    source ~/.secrets/ise_dcloud.sh
    source ~/.secrets/ise_repository.sh

    💡 The cisco.ise Ansible modules will automatically use the ISE_REST_USERNAME, ISE_REST_PASSWORD and ISE_VERIFY variables so you do not need to reference them in your tasks! 💡 Add one or more spaces before the export commands to prevent these commands with your secrets from being saved to your shell history

  6. If you plan to use SSH keys for communicating with ISE or other servers, generate your local SSH key per project_name:

    ansible-playbook ssh_key_local.yaml
  7. Edit the Ansible inventory directory to align with your ISE environment:

    1. If you are using a static Ansible inventory file (ise.yaml), edit the file to specify the static IP address of your ISE node(s).
    2. Rename the respective inventory filenames with or without a prefixed . to be excluded (. prefix) or included (no . prefix) by the Ansible inventory. If you are not sure, just use the static ise.yaml file be default.
    3. Rename the respective inventory/group_vars/ filenames with or without a prefixed . for in/exclusion.

ISE Eternal Evaluation (ISEEE)

The ISE Eternal Evaluation (ISEEE) is meant to showcase many of the ISE application lifecycle operations using REST APIs and automation in a lab or proof of concept environment.

  1. Edit the project_name in vars/iseee.yaml to your desired name - it will be used to tag any cloud resources:

    project_name: iseee # used for tagging all VPCs and resources
    stage: demo # ['demo','test','staging','production']

iseee.yaml

This is a convenience playbook to combine into a single playbook many different DevOps operations with their own respective playbooks. This makes it convenient to run a single or multiple playbooks using the iseee.yaml playbook with one or more tags.

ansible-playbook iseee.yaml --ask-pass  # run all of the included playbooks and ask for the SSH key password
ansible-playbook iseee.yaml -v          # 💡 verbosity == 1 shows all task output automatically
ansible-playbook iseee.yaml --tags ssh --ask-pass # generate local SSH keys
ansible-playbook iseee.yaml --tags provision,deploy,licensing,facts,patch,certificates,configure
ansible-playbook iseee.yaml --tags deploy
ansible-playbook iseee.yaml --tags licensing
ansible-playbook iseee.yaml --tags password_reset --ask-pass # Requires SSH key for CLI password change
ansible-playbook iseee.yaml --tags facts
ansible-playbook iseee.yaml --tags patch
ansible-playbook iseee.yaml --tags certificates
ansible-playbook iseee.yaml --tags configure
ansible-playbook iseee.yaml --tags backup
ansible-playbook iseee.yaml --tags restore
ansible-playbook iseee.yaml --tags extend
ansible-playbook iseee.yaml --tags destroy

dCloud

Ansible playbooks for use with labs in Cisco dCloud.

  1. Rename and customize the dcloud inventory files (inventory/dcloud_ise_*.yaml) to match your dCloud lab:

    • dcloud_ise.yaml # for a single ISE node only
    • dcloud_ise_sandbox_lab.yaml # for a complete dCloud lab
  2. Review and customize the Ansible playbooks dcloud.*.yaml with the roles and tasks you want to execute and run them:

    ansible-playbook dcloud.ise_sandbox_deploy.yaml
    ansible-playbook dcloud.ise_sandbox_configure.yaml

ise.show.yaml

This playbook with iterate through all resources of an ISE deployment, show them, and save them to YAML files. You may also limit the resources shown using the --tags {tag,[tag,...]} option.

💡 Use -v option for verbosity level 1 to show all task output automatically for any Ansible playbook!

ansible-playbook ise.show.yaml
ansible-playbook ise.show.yaml -v
ansible-playbook ise.show.yaml --tags endpoint_groups
ansible-playbook ise.show.yaml --tags endpoints
ansible-playbook ise.show.yaml --tags policy

License

This repository is licensed under the MIT License.

About

Cisco Identity Services Engine (ISE) playbooks and roles for ISE automated deployment and configuration in labs and demos, beginning with the ISE Eternal Evaluation (ISEEE)..

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published