Once all ISE nodes have been deployed to AWS/Azure, we can use Ansible to build a multi-node ISE cluster with distinct ISE personas, such as Policy Administration nodes (PAN), Monitoring and Troubleshooting nodes (MNT), and Policy Services nodes (PSN). The Personas Deployment Terraform module acomplishes the following tasks:
- Checks whether or not all the nodes are in standalone mode. If not, the playbook exits with an error message.
- Exports into the primary node the certificates of all the other nodes
- Assigns the Primary PAN persona to one of the nodes
- Assigns the corresponding personas to the rest of the nodes
<!-- module "ise-deployment" {
source = "fmunozmiranda/ise-deployment/aws"
version = "1.0.8"
# insert the 17 required variables here
} -->
| Name | Version |
|---|---|
| [terraform] | >= 0.13.1 |
| [ciscoise] | >= 0.6.5-beta |
| [time] | >= 0.7.2 |
| Name | Version |
|---|---|
| [ciscoise] | >= 0.6.5-beta |
| [time] | >= 0.7.2 |
| Name | Type |
|---|---|
| large_deployment | internal |
| medium_deployment | internal |
| small_deployment | internal |
None.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ise_base_hostname | ISE Base Hostname | string |
- | yes |
| ise_password | Determines to create or not a new Resource Group. | boolean |
true |
no |
| ise_deployment | Determines to create or not a new Virtual Network. | string |
true |
no |
| ise_username | Determines to create or not a new Security Group. | string |
true |
no |
| ise_domain | Determines to create or not a new Subnet. | string |
true |
no |
| items | Details nodes deployed | object |
no | true |
| itemsToRegister | Details nodes to be register, only necesary on large deployment | object |
yes | false |
- This role assumes the nodes have already been deployed to the AWS platform using the AWS Deployment role included in this collection. However, the role can be easily modified to suit any other needs, such as an on-prem deployment.
None
Apache 2 Licensed. See LICENSE for full details.