-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathiseee.extend.yaml
113 lines (92 loc) · 3.78 KB
/
iseee.extend.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
---
#
# ISE Eternal Evaluation - Extension
#
- name: ISE Eternal Evaluation (ISEEE) - Extend
hosts: iseee
gather_facts: no
vars:
vars_files: vars/iseee.yaml
roles:
- ise_login_await # ISE SSH & HTTPS for CLI & GUI Login Page
- ise_apis_enabled
#--------------------------------------------------------------------------
# Backup
#--------------------------------------------------------------------------
- ise_repository_name
# 💡 Saves backup filename in `ise_backup_filename` and `ise_restore_filename`
- role: ise_config_backup_now
vars:
ise_repository_name: "{{ lookup('env','ISE_REPOSITORY_NAME') }}"
ise_backup_encryption_key: "{{ lookup('env','ISE_BACKUP_ENCRYPTION_KEY') }}"
ise_backup_name_prefix: ISEEE
#--------------------------------------------------------------------------
# Terminate Old ISEEE
#--------------------------------------------------------------------------
- aws_ec2_show
- role: aws_ec2_instance_state
vars:
project: iseee
state_name: terminated # 💡 Stopping ISE takes ~90 seconds
- role: banner
when:
- ec2.changed
- ec2.state.name == 'terminated'
vars:
banner_name: cisco_iseee_logo_small
banner_text: Old ISEEE instance ( {{ inventory_hostname }} @ {{ ansible_host }} ) is terminated!
- refresh_inventory
- name: Extend - Provision New ISEEE Node
hosts: localhost
gather_facts: yes
vars:
# required for initial instance provisioning
ise_username: "{{ lookup('env','ISE_REST_USERNAME') | default( omit ) }}"
ise_password: "{{ lookup('env','ISE_REST_PASSWORD') | default( omit ) }}" # ⚠ ISE 3.2+ provisioning password must be changed on first login!
vars_files: vars/iseee.yaml
roles:
# SSH Keys should have been done with the VPC
- ssh_key_local
# Provision ISE in AWS
- aws_ec2_ssh_keypair_upload # upload SSH key for EC2 instances
- aws_ec2_vpc # AWS VPC
- aws_ec2_ise_security_groups # security group(s) for ISE
- aws_ec2_ise_nodes # see vars/iseee.yaml for node definitions
- aws_ec2_show # see what we provisioned
- aws_ec2_r53_public_dns_entry # add ISE nodes to AWS R53 DNS
- refresh_inventory
- name: Extend - Deploy ISE Nodes
hosts: iseee
gather_facts: no
vars:
vars_files: vars/iseee.yaml
roles:
# Sets `ec2` in preparation for R53 DNS entries
- name: Get EC2 instances running in project '{{ project }}''
role: aws_ec2_show
vars:
ec2_filters:
"tag:project": "{{ project }}"
instance-state-name: [ 'running' ]
- ise_login_await # ISE SSH & HTTPS for CLI & GUI Login Page
- ise_apis_enabled
- ise_facts
- ise_facts_table
- ise_repository_from_env # configure repository & set `ise_repository_name`
- ise_node_patch # requires `ise_patch_filename`
- role: ise_repository_filenames
vars:
filter: '^ISEEE.+\.gpg$' # ISEEE configuration backups
- ise_config_restore # requires `ise_restore_filename`
- ise_licensing_status
- name: ISEEE Extended!
role: banner
vars:
banner_name: cisco_secure_ise_logo_small
# 💡 Use single-quotes (') for banner text; \'s in "'s are a special char delimiter!
banner_line_3: ' _____ _ _ _ _ '
banner_line_4: '| ____|__ __| |_ ___ _ __ __| | ___ __| || |'
banner_line_5: '| _| \ \/ /| __|/ _ \| `_ \ / _` | / _ \ / _` || |'
banner_line_6: '| |___ > < | |_| __/| | | || (_| || __/| (_| ||_|'
banner_line_7: '|_____|/_/\_\ \__|\___||_| |_| \__,_| \___| \__,_|(_)'
banner_text: ISEEE is Extended for another 90 days!