Server IP : 85.214.239.14 / Your IP : 18.117.10.173 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /usr/lib/python3/dist-packages/ansible_collections/cisco/ise/playbooks/ |
Upload File : |
--- - hosts: ise_servers gather_facts: false vars: itemTest: name: "Cisco_Ansible_Test_09_12" accessType: "ACCESS_ACCEPT" description: "Test" authzProfileType: "SWITCH" vlan: nameID: "172_28_1_0-VN_IOT" tagID: 1 trackMovement: false agentlessPosture: false serviceTemplate: false profileName: "Cisco" tasks: ## https://github.com/CiscoISE/ansible-ise/issues/72 ## post 400 # - name: Get all Network Access Authorization Rules # cisco.ise.network_access_authorization_rules: # state: present # policyId: acd4b55d-dca3-4b93-a160-8a2d01669827 # rule: # default: false # #id: d9e67664-799d-4ad9-a407-8365117c18e5 # name: Ansible B TEST # hitCounts: 0 # rank: 0 # state: enabled # condition: # conditionType: ConditionAndBlock # isNegate: false # children: # - conditionType: ConditionReference # isNegate: false # name: Wireless_Access # id: ff6008e0-5c35-48a3-9fab-e0e709983369 # # description: >- # # Default condition used to match any authentication request from Cisco # # Wireless LAN Controller. # - conditionType: ConditionAttributes # isNegate: false # dictionaryName: IdentityGroup # attributeName: Name # operator: equals # #dictionaryValue: null # attributeValue: 'Endpoint Identity Groups:Blocked List' # profile: # - Blackhole_Wireless_Access # #securityGroup: null # register: result # - name: Get all Network Access Authorization Rules # cisco.ise.network_access_authorization_rules_info: # policyId: acd4b55d-dca3-4b93-a160-8a2d01669827 # register: result ## https://github.com/CiscoISE/ansible-ise/issues/74 # - name: Create or update Authorization profile # cisco.ise.authorization_profile: # name: "{{ itemTest.name }}" # accessType: "{{ itemTest.accessType }}" # description: "{{ itemTest.description }}" # authzProfileType: "{{ itemTest.authzProfileType }}" # vlan: # nameID: "{{ itemTest.vlan.nameID }}" # tagID: # "{{itemTest.vlan.tagID|int}}" # trackMovement: "{{ itemTest.trackMovement }}" # agentlessPosture: "{{ itemTest.agentlessPosture }}" # serviceTemplate: "{{ itemTest.serviceTemplate }}" # profileName: "{{ itemTest.profileName }}" # register: result # - name: Get all Authorization Profile # cisco.ise.authorization_profile_info: # name: Cisco_Temporal_Onboard # register: result # - name: debug # debug: # msg: "{{ itemTest.vlan.tagID | int == 0 }}" # - name: debug # debug: # msg: | # {{ item.vlanID | int }} # loop: # - { "vlanID": "1" } # - { "vlanID": "2" } # - { "vlanID": 2 } # - name: debug # debug: # var: |- # {{ item.vlanID | int }} # loop: # - { "vlanID": 1 } # - { "vlanID": "2" } ## https://github.com/CiscoISE/ansible-ise/issues/76 ## Node group creation is not idempotent ## fatal: [localhost]: FAILED! => {"changed": false, "msg": "An error occured when executing operation. The error was: [409] - The request could not be processed because it conflicts with some established rule of the system.\n{\n \"error\" : {\n \"message\" : \"NodeGroup 'TestGroup1' already exist.\"\n },\n \"version\" : \"1.0.0\"\n}"} # - name: Create test node group. # cisco.ise.node_group: # state: present # description: "Testing creation and idempotency" # name: "TesAnsible76" # nodeGroupName: "TesAnsible76" # forceDelete: true # register: result # - name: Get all Node Group # cisco.ise.node_group_info: # nodeGroupName: "NodeGroup2" # register: result ##https://github.com/CiscoISE/ansible-ise/issues/79 ## Cannot update # - name: Create or update an network_access_authentication_rules # cisco.ise.network_access_authentication_rules: # state: present # rule: # default: false # name: TestAnsibleIssue79 # hitCounts: 00 # rank: 0 # state: enabled # #id: b086e85e-6118-4b67-8efc-05d692423afb # condition: # conditionType: ConditionReference # isNegate: false # dictionaryName: Network Access # attributeName: EapAuthentication # operator: equals # attributeValue: EAP-MSCHAPv2 # name: EAP-MSCHAPv2 # id: c456a490-0429-4fd4-91d7-efd1eb1f855a # ifAuthFail: REJECT # ifUserNotFound: REJECT # ifProcessFail: DROP # policyId: acd4b55d-dca3-4b93-a160-8a2d01669827 # register: result ##https://github.com/CiscoISE/ansible-ise/issues/77 ## Get error ## node_group_node_info # - name: Get all Node Group Node # cisco.ise.node_group_node_info: # nodeGroupName: TesAnsible76 # register: result ##https://github.com/CiscoISE/ansible-ise/issues/81 ## Unable to update Authorization Policies ##network_access_authorization_rules - name: CRUD cisco.ise.network_access_authorization_rules: state: present #state: absent rule: default: false name: TestAnsibleIssue81 rank: 0 state: enabled condition: conditionType: ConditionAttributes isNegate: false dictionaryName: IdentityGroup attributeName: Name operator: equals attributeValue: 'Endpoint Identity Groups:IAC_Lab1' profile: - Blackhole_Wireless_Access #securityGroup: BYOD policyId: acd4b55d-dca3-4b93-a160-8a2d01669827 register: result - name: Print Authorization profile ansible.builtin.debug: var: result