-
Notifications
You must be signed in to change notification settings - Fork 3
/
dcloud.ise_sandbox.yaml
97 lines (79 loc) · 3.25 KB
/
dcloud.ise_sandbox.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
---
#------------------------------------------------------------------------------
# dCloud ISE Sandbox Deployment Playbook
# - wait for ISE to be available
# - change the `admin` password from the initial dCloud Session ID
# - perform any patches
#------------------------------------------------------------------------------
- name: dCloud ISE Sandbox Deployment Playbook
hosts: ise
gather_facts: no
vars:
# ise_repository_name: "{{ lookup('env','ISE_REPOSITORY_NAME') }}"
# ise_backup_encryption_key: "{{ lookup('env','ISE_BACKUP_ENCRYPTION_KEY') }}"
# ise_restore_filename: ISEEE-CFG10-230803-0800.tar.gpg
vars_files:
- vars/ise_common.yaml
roles:
- ssh_key_local # Create local SSH keypair
- ise_login_await # ISE SSH & HTTPS for GUI Login
# 💡 ISE Application Server must be running to reset password!
- ise_cli_password_reset # `application reset-passwd ise [ise]admin`
# - ise_cli_dns_service_cache_enabled # 🐞 'cli prompt is not identified from the last received response window: b''exit\r\n'''
- ise_apis_enabled # Enable ISE ERS & OpenAPIs
- ise_facts # gather ISE version, patch, & node info
- ise_facts_table # show ISE nodes' facts in a table
- ise_repository # uses environment variables
- ise_node_patch # requires: ise_facts, ise_repository_name, ise_patch_filename
- ise_node_hotpatch # requires: ise_facts, ise_repository_name, ise_hotpatch_filenames
# - ise_config_restore # Restore from a previous saved configuration
# Identity Stores
# - ise_microsoft_active_directory_⚠
# - ise_microsoft_entra_id_⚠
# - ise_pxgrid_direct_⚠
# - role: show_vars
# vars:
# names:
# - internal_users
# - network_device_groups
# - network_devices
# - endpoint_groups
# - endpoints
# - identity_groups
# Network Device Groups & Network Devices
- ise_network_device_groups
- ise_network_devices
# Identity Groups & Users
- ise_identity_groups
- ise_internal_users
# Endpoint Groups & Endpoints
- ise_endpoint_groups
- ise_endpoints
# TrustSec
# - ise_sgacls_⚠
# - ise_sgts_⚠
# - ise_trustsec_matrix_default_⚠
# Guest Portals
# - Hotspot Portal
# - SelfReg Portal
# - Sponsor Portal
# Device Admin Policies
# Network Access Policies
# - ise_policy_wired_mab_⚠
# - ise_policy_iot_wireless_⚠
# pxGrid
# - pxGrid Settings (ISE 2.4+)
- name: dCloud ISE Sandbox is Ready
role: banner
vars:
# banner_name: cisco_secure_ise_logo_small
banner_name: cisco_secure_ise_logo_large_named
banner_text: dCloud ISE Sandbox is ready!
# 💡 Use single-quotes (') for banner text because \'s escape special chars within "'s!
banner_line_1:
banner_line_2: ' ____ _ _ '
banner_line_3: '| _ \ ___ __ _ __| | _ _ | |'
banner_line_4: '| |_) |/ _ \ / _` | / _` || | | || |'
banner_line_5: '| _ <| __/| (_| || (_| || |_| ||_|'
banner_line_6: '|_| \_\\___| \__,_| \__,_| \__, |(_)'
banner_line_7: ' |___/ '