-
Notifications
You must be signed in to change notification settings - Fork 4
/
4_deployment.yaml
142 lines (132 loc) · 4.66 KB
/
4_deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
---
- name: Create ISE Deployment
hosts: localhost
gather_facts: no
vars_files: vars/main.yaml
vars:
ise_ppan_name: "{{ groups['role_PrimaryAdmin'] | first }}"
non_ppan_names: "{{ groups['ise'] | reject('search',ise_ppan_name) }}"
tasks:
- name: PPAN Node Info
delegate_to: localhost
cisco.ise.node_info:
ise_hostname: "{{ hostvars[ise_ppan_name].ansible_host }}"
ise_username: "{{ ise_username }}"
ise_password: "{{ ise_password }}"
ise_verify: "{{ ise_verify }}"
ise_debug: "{{ ise_debug }}"
name: "{{ ise_ppan_name }}"
register: node_info
# Example ISE PAN response:
# ```
# node_info:
# changed: false
# failed: false
# ise_response:
# displayName: ise-1
# fqdn: ise-1.trust0.net
# gateWay: 10.105.238.1
# id: da371490-545c-11ec-ba61-0050568a610e
# inDeployment: false
# ipAddress: 172.31.2.11
# ipAddresses:
# - 172.31.2.11
# ipV6Addresses: []
# name: ise-1
# nodeServiceTypes: SESSION,PROFILER,DEVICE ADMIN
# otherPapFqdn: ''
# papNode: true
# primaryPapNode: false
# pxGridNode: true
# sxpIpAddress: ''
# ```
# - ansible.builtin.debug: var=node_info
# -------------------------------------------------------------------------
# Standalone ⮕ Primary: 🕑 ~60 seconds
# -------------------------------------------------------------------------
#
# Ⰹ ISE REST API: POST /api/v1/deployment/primary
# Promotes the node on which the API is invoked to the primary ISE PAN.
# Approximate execution time ~60 seconds!
# This will not trigger an ISE Application Server Restart!
#
- name: Standalone to Primary | {{ ise_ppan_name }} ({{ hostvars[ise_ppan_name].ansible_host }})
when:
- not node_info.ise_response.inDeployment # standalone
- not node_info.ise_response.primaryPapNode # not PPAN
cisco.ise.node_standalone_to_primary:
ise_hostname: "{{ hostvars[ise_ppan_name].ansible_host }}" # PPAN!
ise_username: "{{ ise_username }}"
ise_password: "{{ ise_password }}"
ise_verify: "{{ ise_verify }}"
ise_debug: "{{ ise_debug }}"
register: standalone_to_primary
changed_when:
- standalone_to_primary is defined
- standalone_to_primary.ise_response is defined
- standalone_to_primary.ise_response.success is defined
- standalone_to_primary.ise_response.success.message is defined
- standalone_to_primary.ise_response.success.message is search("successfully")
# Example output:
# ```
# standalone_to_primary:
# changed: false
# failed: false
# ise_response:
# success:
# message: Node was updated successfully.
# version: 1.0.0
# result: ''
# ```
# - ansible.builtin.debug: var=standalone_to_primary
# If you do not give the PPAN a literal minute to settle you may get error:
# [500] - The server could not fulfill the request.
# - name: Give ISE PPAN a Minute
# when:
# - standalone_to_primary.changed
# ansible.builtin.pause:
# seconds: 60
- name: Register ISE Nodes to PPAN
loop: "{{ non_ppan_names }}"
ansible.builtin.include_role:
name: ise_node_deployment
- name: Get All ISE Deployment Nodes Status
cisco.ise.node_deployment_info:
ise_hostname: "{{ hostvars[ise_ppan_name].ansible_host }}"
ise_username: "{{ ise_username }}"
ise_password: "{{ ise_password }}"
ise_verify: "{{ ise_verify }}"
ise_debug: "{{ ise_debug }}"
register: node_deployment_info
- name: Show ISE Facts Summary Table
delegate_to: localhost
when:
- node_deployment_info is defined
- node_deployment_info.ise_response | length > 0
vars:
# maxw: 50
head: [
"hostname",
"fqdn",
"ipAddress",
"nodeStatus",
# 'roles',
# 'services',
]
rows: "{{ node_deployment_info.ise_response }}"
temp: "{{ lookup('template', 'list_of_dicts.j2') }}"
ansible.builtin.shell: "echo '{{ temp }}' > /dev/tty"
- name: Wait for ISE Nodes Synchronization
ansible.builtin.include_role:
name: wait_for_ise_nodes_sync
- name: Done!
hosts: localhost
gather_facts: no
vars_files: vars/main.yaml
roles:
- ise_facts
- ise_facts_table
- role: banner
vars:
banner_name: ise_logo_small_ready
banner_text: ISE deployment is synchronized!