- Introduction and Ansible playbook download
- Script flow charts
- Introduction of REST API and Cisco FMC API Explorer
- Script prerequisites
- Request Access Token
- Get policy content, modify content and "PUT' in FMC - Part 1
- Get policy content, modify content and "PUT' in FMC - Part 2
- Get deployable devices and deploy policy
Before writing the main task script, we have to prepare couple of things:
1. Define the Ansible hosts file
We know that the Hosts file is the inventory file of Ansible. Here we define the Cisco FMC IP and it's hostname "Cisco_FMC".
location: /etc/ansible/hosts
2. Build the login detail files
In order to login to the FMC, we need to give the login details to the system. This is sensitive information. So we need to encrypted by the Ansible Vault.
First, we build the vault file under "/etc/ansible/group_vars/all/" by issue command "ansible-vault create vault" and the following is the file content:
Please be noted that the above "vault" file is NOT only for this FMC script. It will be used for all of your Ansible scripts in this Linux host. In the next step, we will write a login detail file dedicated for our FMC playbook and reference the details from the "vault" file:
location: /etc/ansible/group_vars/FMC
The file name "FMC" will be matching the "FMC" group in the hosts file. The values of {{FMC_username}} & {{FMC_pass}} will be obtained from the "vault" file.
3. Build site yaml file
Here is the site YML file. It links the hosts "FMC" and the ansible role "FMC-enable-policyrule" together.
location: /etc/ansible/FMC-enable-policyrule.yml
4. Initial the ansible role
Issue the command "ansible-galaxy init FMC-enable-policyrule" under "/etc/ansible/role" folder.
5. build the var file
location: /etc/ansible/roles/FMC-enable-policyrule/vars/main.yml
After finishing all the above steps, we are ready to start writing our main task playbook. In the next post, I will introduce the way to obtain the access token from FMC.
1. Define the Ansible hosts file
We know that the Hosts file is the inventory file of Ansible. Here we define the Cisco FMC IP and it's hostname "Cisco_FMC".
location: /etc/ansible/hosts
[FMC]
Cisco_FMC ansible_host=192.168.1.205 |
In order to login to the FMC, we need to give the login details to the system. This is sensitive information. So we need to encrypted by the Ansible Vault.
First, we build the vault file under "/etc/ansible/group_vars/all/" by issue command "ansible-vault create vault" and the following is the file content:
location: /etc/ansible/group_vars/all/vault
---
FMC_username: admin
FMC_pass: cisco123
|
location: /etc/ansible/group_vars/FMC
---
username: "{{FMC_username}}"
password: "{{FMC_pass}}"
|
The file name "FMC" will be matching the "FMC" group in the hosts file. The values of {{FMC_username}} & {{FMC_pass}} will be obtained from the "vault" file.
3. Build site yaml file
Here is the site YML file. It links the hosts "FMC" and the ansible role "FMC-enable-policyrule" together.
location: /etc/ansible/FMC-enable-policyrule.yml
---
- hosts: FMC
gather_facts: no
connection: local
roles:
- FMC-enable-policyrule
|
4. Initial the ansible role
Issue the command "ansible-galaxy init FMC-enable-policyrule" under "/etc/ansible/role" folder.
5. build the var file
location: /etc/ansible/roles/FMC-enable-policyrule/vars/main.yml
---
FMC_IP: "192.168.1.205" # define the FMC IP address
# here is the domain ID obtained from FMC's api explorer
domain: "dd731f3e-8297-5b05-7ac3-000000000001"
# here is the access policy name
policy_name: "FTD-1-Access-Policy-SYD"
# here is the access policy rule name which needs to be enabled.
policy_rule_name: "URL Filter"
# here we define a variable which indicates whether the config has been modified
config_has_been_changed: false
|
After finishing all the above steps, we are ready to start writing our main task playbook. In the next post, I will introduce the way to obtain the access token from FMC.
No comments:
Post a Comment