Cisco Identity Services Engine (ISE) playbooks and roles for ISE automated deployment and configuration in labs and demos featured in the Cisco ISE Webinar, ISE Eternal Evaluation for Your Lab.
-
Clone this repository:
git clone https://github.com/1homas/ISE_Ansible_Sandbox.git
-
cd
into the repository on your local computercd ISE_Ansible_Sandbox
-
Install a local Python virtual environment with Ansible and other required packages:
python_environment_install.sh
β Installing Ansible using Linux packages (
sudo apt install ansible
) may info in a much older version of Ansible being installed. π‘ Installing Ansible with Python packages will get you the latest. π‘ If you have any problems installing Python or Ansible, see Installing Ansible. -
Launch your virtual Python environment view your installed Python packages:
pipenv shell # virtual Python environment pip list # view installed Python packages
-
Export any environment variables that you need into your terminal shell environment:
export PROJECT=ISEEE # used to tag resources export ISE_REST_USERNAME=iseadmin # π‘ ISE 3.2+ cloud instances use `iseadmin` export ISE_REST_PASSWORD=C1sco12345 # ISE AAA Pre-Shared Keys export ISE_RADIUS_SECRET=C1sco12345 export ISE_TACACS_SECRET=C1sco12345 # ISE Sponsor Account for guestuser API export ISE_GUEST_SPONSOR_USERNAME=guest_api_sponsor export ISE_GUEST_SPONSOR_PASSWORD=C1sco12345 # Optional variables for the cisco.ise Ansible modules export ISE_VERIFY=False # optional, defaults to True export ISE_VERSION=3.1_Patch_1 # optional, defaults to 3.1_Patch_1 export ISE_WAIT_ON_RATE_LIMIT=True # optional, defaults to True export ISE_USES_API_GATEWAY=True # optional, defaults to True export ISE_DEBUG=False # optional, defaults to False export SSH_DIRECTORY=~/.ssh export SSH_KEY=id_rsa export SSH_KEY_PASSPHRASE=$SSH_KEY
or you may edit and
source
these variables from one or more files in your~/.secrets
directory :source ~/.secrets/aws.sh source ~/.secrets/iseee.sh source ~/.secrets/ise_dcloud.sh source ~/.secrets/ise_repository.sh
π‘ The cisco.ise Ansible modules will automatically use the
ISE_REST_USERNAME
,ISE_REST_PASSWORD
andISE_VERIFY
variables so you do not need to reference them in your tasks! π‘ Add one or more spaces before theexport
commands to prevent these commands with your secrets from being saved to your shell history -
If you plan to use SSH keys for communicating with ISE or other servers, generate your local SSH key per
project_name
:ansible-playbook ssh_key_local.yaml
-
Edit the Ansible
inventory
directory to align with your ISE environment:- If you are using a static Ansible inventory file (
ise.yaml
), edit the file to specify the static IP address of your ISE node(s). - Rename the respective inventory filenames with or without a prefixed
.
to be excluded (.
prefix) or included (no.
prefix) by the Ansible inventory. If you are not sure, just use the staticise.yaml
file be default. - Rename the respective
inventory/group_vars/
filenames with or without a prefixed.
for in/exclusion.
- If you are using a static Ansible inventory file (
The ISE Eternal Evaluation (ISEEE) is meant to showcase many of the ISE application lifecycle operations using REST APIs and automation in a lab or proof of concept environment.
-
Edit the
project_name
invars/iseee.yaml
to your desired name - it will be used to tag any cloud resources:project_name: iseee # used for tagging all VPCs and resources stage: demo # ['demo','test','staging','production']
This is a convenience playbook to combine into a single playbook many different DevOps operations with their own respective playbooks. This makes it convenient to run a single or multiple playbooks using the iseee.yaml
playbook with one or more tags.
ansible-playbook iseee.yaml --ask-pass # run all of the included playbooks and ask for the SSH key password
ansible-playbook iseee.yaml -v # π‘ verbosity == 1 shows all task output automatically
ansible-playbook iseee.yaml --tags ssh --ask-pass # generate local SSH keys
ansible-playbook iseee.yaml --tags provision,deploy,licensing,facts,patch,certificates,configure
ansible-playbook iseee.yaml --tags deploy
ansible-playbook iseee.yaml --tags licensing
ansible-playbook iseee.yaml --tags password_reset --ask-pass # Requires SSH key for CLI password change
ansible-playbook iseee.yaml --tags facts
ansible-playbook iseee.yaml --tags patch
ansible-playbook iseee.yaml --tags certificates
ansible-playbook iseee.yaml --tags configure
ansible-playbook iseee.yaml --tags backup
ansible-playbook iseee.yaml --tags restore
ansible-playbook iseee.yaml --tags extend
ansible-playbook iseee.yaml --tags destroy
Ansible playbooks for use with labs in Cisco dCloud.
-
Rename and customize the dcloud inventory files (
inventory/dcloud_ise_*.yaml
) to match your dCloud lab:dcloud_ise.yaml
# for a single ISE node onlydcloud_ise_sandbox_lab.yaml
# for a complete dCloud lab
-
Review and customize the Ansible playbooks
dcloud.*.yaml
with the roles and tasks you want to execute and run them:ansible-playbook dcloud.ise_sandbox_deploy.yaml ansible-playbook dcloud.ise_sandbox_configure.yaml
This playbook with iterate through all resources of an ISE deployment, show them, and save them to YAML files. You may also limit the resources shown using the --tags {tag,[tag,...]}
option.
π‘ Use
-v
option for verbosity level 1 to show all task output automatically for any Ansible playbook!
ansible-playbook ise.show.yaml
ansible-playbook ise.show.yaml -v
ansible-playbook ise.show.yaml --tags endpoint_groups
ansible-playbook ise.show.yaml --tags endpoints
ansible-playbook ise.show.yaml --tags policy
This repository is licensed under the MIT License.