-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy path06_create-sgts.yaml
38 lines (35 loc) · 1.45 KB
/
06_create-sgts.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# 06_create-sgts.yaml
#
# This file will create Scalable Group Tags (SGTs) in ISE that can be used for policy
# with Cisco Software-Defined Access.
#
# In a typical SD-Access environment these SGTs would be created with Cisco DNA Center, so this
# playbook isn't strictly necessary, however these SGTs need to exist before the authorization policies
# are created.
#
# Either way, you should not need to modify this file - You should list your SGTs in policy.yaml
#
- hosts: ise_servers
# Read in some variables
vars_files:
- credentials.yaml # read the ISE host and admin credentials
- policy.yaml # read in policy settings (SGTs for this playbook)
gather_facts: false
tasks:
- name: Create
cisco.ise.sgt:
ise_hostname: "{{ ise_hostname }}"
ise_username: "{{ ise_username }}"
ise_password: "{{ ise_password }}"
ise_verify: "{{ ise_verify }}"
state: present
description: "{{ item.sgtdesc }}" # SGT description pulled from policy.yaml
name: "{{ item.sgtname }}" # SGT description pulled from policy.yaml
value: -1 # auto generate the SGT ID
loop: "{{ sgtvars }}" # the group list variable from policy.yaml
# Uncomment everything below this line if you want to see more information about the results.
# You can move this block under any task to get more info.
# register: result
# - name: Print Authorization profile
# ansible.builtin.debug:
# var: result