Coder Social home page Coder Social logo

provision_ise_in_aws's Introduction

Provision_ISE_in_AWS Playbook

Quick Start

  1. Clone this repository:

    git clone https://github.com/1homas/Provision_ISE_in_AWS.git

  2. Create your Python environment and install Ansible:

    python -m ensurepip --upgrade
pip3   install --upgrade pipenv     # use a virtual development environment
pipenv install --python 3.11        # use Python 3.9 or later
pipenv install ansible 
pipenv install boto boto3 botocore 
pipenv install ciscoisesdk 
pipenv install jmespath
pipenv install paramiko             # ISE CLI
pipenv shell

    โš  Installing Ansible using Linux packages (sudo apt install ansible) may info in a much older version of Ansible being installed. ๐Ÿ’ก Installing Ansible with Python packages will get you the latest. ๐Ÿ’ก If you have any problems installing Python or Ansible, see Installing Ansible.

  3. Export your various keys, tokens, and credentials for your shell environment.

    # AWS IAM API Keys
export AWS_REGION='us-west-1'
export AWS_ACCESS_KEY='AKIAIOSF/EXAMPLE+KEY'
export AWS_SECRET_KEY='wJalrXUtnFEMI/K7MDENG/bPxRfi/EXAMPLE+KEY'
    export ISE_HOSTNAME=ise.securitydemo.net
export ISE_USERNAME=admin
export ISE_PASSWORD=ISEisC00L
export ISE_VERIFY=False # optional, defaults to True
# export ISE_VERSION=3.1_Patch_1 # optional, defaults to 3.1_Patch_1
export ISE_WAIT_ON_RATE_LIMIT=True # optional, defaults to True
export ISE_USES_API_GATEWAY=True # optional, defaults to True
export ISE_DEBUG=False # optional, defaults to False
export ISE_RADIUS_SECRET=ISEisC00L
export ISE_TACACS_SECRET=ISEisC00L
export DCLOUD_SESSION_ID=1234567

    ๐Ÿ’ก The cisco.ise Ansible modules will automatically use the ISE_USERNAME, ISE_PASSWORD and ISE_VERIFY variables so you do not need to reference them in your tasks!

    or you may edit and source these variables from a file in your ~/.secrets directory :

    source ~/.secrets/aws.sh
source ~/.secrets/ise.sh

  4. Verify your AWS regions are listed in the inventory/aws_ec2.yaml dynamic inventory file to ensure updates will be fast.

  5. Review the settings in vars/main.yaml and change them to match your desired cloud environment. :

    • project_name
    • domain_name
    • aws_region if your AWS region is not us-west-1
    • AWS AMI identifiers
    • your preferred network CIDR ranges in AWS
    • your instance types sizes for your ISE node(s)
    • your default password(s) or pre-shared keys

  6. Edit the provision.yaml file and comment/uncomment the respective ise_deployment_*.yaml file for the deployment you want to provision.

โš  Be careful with the deployment and instance sizes... they may be very expensive to run if you are not actively using them!

Provision

Provision your ISE instance(s) and wait for them to be available:

ansible-playbook -i inventory provision.yaml

The provision.yaml playbook creates the following :

  • an AWS virtual private cloud (VPC) :
    • Internet Gateway
    • Public & Private Subnets
    • Public & Private Route Tables
  • security group(s) for ISE
  • ISE instance(s): software, CPU, RAM, storage, etc.
  • DNS entries for each ISE node (assumes you have a domain in AWS)

There are potentially many more resources that could be created and applied: VPN gateways, certificates, repository, patches, etc. You are encouraged to provision these based on your requirements.

You may also check availability with:

ansible-playbook -i inventory wait_for_ise.yaml

Deploy

Depending on the ISE deployment size and desired services, there are many more steps involved in making the provisioned Standalone ISE nodes above into an ISE deployment :

  • Import Certificates
  • Primary & Secondary Policy Administration Node (PAN) role election
  • Primary & Secondary Monitoring & Troubleshooting (MNT) role election
  • Policy Service Node (PSN) role election
    • Services configuration
    • Interfaces configuration
  • Node Group creation and PSN assignment

You may add your tasks for these to the deploy.yaml playbook and run it :

  1. Run the Ansible playbook:

    ansible-playbook deploy.yaml

Destroy

When you are done, you should terminate and remove all instances and associated resources to save money and prevent surprise bills from your cloud provider!

ansible-playbook destroy.yaml

Resources

License

This repository is licensed under the MIT License.

provision_ise_in_aws's People

Contributors

1homas avatar

Stargazers

avatar avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.