Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1113
Views
1
Helpful
8
Replies

Ansible collection cisco.ise version 2.6.2

Go to solution
cnarducci
Level 1
Level 1

‎12-09-2023 01:34 PM

I think there is something wrong iin the module "cisco.ise.network_device_group" in cisco.ise 2.6.2 collection for ansible.
If I use a task, with collection version 2.5.16 it works as aspected, but with 2.6.2 it does not work.
With cisco.ise collection version 2.6.2:

TASK [Create network device group] *************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: NoneType: None
fatal: [10.36.200.20]: FAILED! => {"changed": false, "msg": ["othername. Supported parameters include: description, id, ise_debug, ise_hostname, ise_password, ise_single_request_timeout, ise_username, ise_uses_api_gateway, ise_uses_csrf_token, ise_verify, ise_version, ise_wait_on_rate_limit, name, ndgtype, state."]}

 

 
With cisco.ise collection version 2.15.5:
TASK [Create network device group] *************************************************************************************************
changed: [10.36.200.20]

I had to do this command to make my play working:
"ansible-galaxy collection install cisco.ise:==2.5.16"

The play is:

   - name: Create network device group # noqa: run-once[task]
      cisco.ise.network_device_group:
        <<: *ise_connection
        state: present
        name: "Device Type#All Device Types#{{ network_device_group_name }}"
        othername: Device Type
 
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎12-12-2023 09:52 AM

Update, this is covered in CSCwd24304 .  Unfortunately, since the `ndgtype` attribute was reverted back to `othername`, the `cisco.ise` Ansible collection has not been updated to reflect this.  You'll have to use the API, for example:

    - name: Create network device group # noqa: run-once[task]
      delegate_to: localhost
      ansible.builtin.uri:
        url: "https://{{ ise_url }}/ers/config/networkdevicegroup"
        method: POST
        url_username: "{{ ise_username }}"
        url_password: "{{ ise_init_password }}"
        force_basic_auth: yes
        body: |
          { 
            "name": "Device Type#All Device Types#{{ network_device_group_name }}",
            "description": "All Device Types",
            "othername": "Device Type"
          }
        body_format: json
        validate_certs: "{{ ise_verify }}"

View solution in original post

8 Replies 8

Go to solution
cnarducci
Level 1
Level 1

‎12-09-2023 01:45 PM

I missed I tested it with ISE version 3.2 path 4 and 3.1 path 8

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎12-10-2023 01:09 PM

Issues with the Ansible modules should be posted to the Issues page for the GitHub project.
https://github.com/CiscoISE/ansible-ise/issues

 

0 Helpful

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎12-11-2023 06:28 AM - edited ‎12-11-2023 06:29 AM

What version of ciscoisesdk are you using?  It likely needs to be updated.  I show the instructions below on my GitHub repo (direct link: https://github.com/ISEDemoLab/Upgrade_ISE_in_Hybrid_Cloud#minimum-version-of-ciscoisesdk ).

 

Minimum version of ciscoisesdk

If you already have Ansible installed and have been using it, you can see the version of the SDKs being used with the command pip show <name_of_sdk>. If your ISE version is 3.1 Patch 1 or newer, you need at least version 2.0.10 of ciscoisesdk

ISE Demo Lab:~/Upgrade_ISE_in_Hybrid_Cloud$ pip show ciscoisesdk
Name: ciscoisesdk
Version: 2.0.10
Summary: Cisco Identity Services Engine Platform SDK
Home-page: https://ciscoisesdk.readthedocs.io/en/latest/
Author: Jose Bogarin Solano
Author-email: jbogarin@altus.cr
License: MIT
Location: /home/charlie/Upgrade_ISE_in_Hybrid_Cloud/.venv/lib/python3.10/site-packages
Requires: fastjsonschema, future, requests, requests-toolbelt, xmltodict
Required-by:

If your version is older than 2.0.10, you can upgrade with the following command:

$ pip install ciscoisesdk --upgrade

 

 

0 Helpful

Go to solution
cnarducci
Level 1
Level 1

‎12-11-2023 09:05 AM

I'm using the latest version of ciscoisesdk, 2.1.2

0 Helpful

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee
In response to cnarducci

‎12-12-2023 07:12 AM - edited ‎12-12-2023 07:17 AM

What happens if you comment out the `othername` entry?

 

   - name: Create network device group # noqa: run-once[task]
      cisco.ise.network_device_group:
        <<: *ise_connection
        state: present
        name: "Device Type#All Device Types#{{ network_device_group_name }}"
        # othername: Device Type

 

https://docs.ansible.com/ansible/latest/collections/cisco/ise/network_device_group_module.html#ansible-collections-cisco-ise-network-device-group-module shows the attribute value is now `ndgtype` (2.6.2).  Change `othername` to `ndgtype`

0 Helpful

Go to solution
cnarducci
Level 1
Level 1

‎12-12-2023 08:39 AM

'othername' seems to be a mandatory attribute for the ISE API, the error is:

TASK [Create network device group] *************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: }
fatal: [10.36.200.20]: FAILED! => {"changed": false, "msg": "An error occured when executing operation. The error was: [400] - Validation Error - Mandatory fields missing: [othername]\n{\n  \"ERSResponse\" : {\n    \"operation\" : \"POST-create-networkdevicegroup\",\n    \"messages\" : [ {\n      \"title\" : \"Validation Error - Mandatory fields missing: [othername]\",\n      \"type\" : \"ERROR\",\n      \"code\" : \"Application resource validation exception\"\n    } ],\n    \"link\" : {\n      \"rel\" : \"related\",\n      \"href\" : \"https://172.21.1.21/ers/config/networkdevicegroup\",\n      \"type\" : \"application/xml\"\n    }\n  }\n}"}

In the ISE ansible collection 2.6.2 documentation, othername attribute is replaced by ndgtype, but this is the error the error using ndgtype:

TASK [Create network device group] *************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: }
fatal: [10.36.200.20]: FAILED! => {"changed": false, "msg": "An error occured when executing operation. The error was: [400] - Resource Initialization Failed: Invalid JSON: Unrecognized field \"ndgtype\" (Class network.NetworkDeviceGroup), not marked as ignorable\n \n{\n  \"ERSResponse\" : {\n    \"operation\" : \"POST-create-networkdevicegroup\",\n    \"messages\" : [ {\n      \"title\" : \"Resource Initialization Failed: Invalid JSON: Unrecognized field \\\"ndgtype\\\" (Class network.NetworkDeviceGroup), not marked as ignorable\\n \",\n      \"type\" : \"ERROR\",\n      \"code\" : \"Application resource validation exception\"\n    } ],\n    \"link\" : {\n      \"rel\" : \"related\",\n      \"href\" : \"https://172.21.1.21/ers/config/networkdevicegroup\",\n      \"type\" : \"application/xml\"\n    }\n  }\n}"}

Software versions are:

[root@rl9-tools ise]# ansible --version
ansible [core 2.16.1]
  config file = /root/ise/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.11/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/local/lib/python3.11/site-packages:/usr/lib/python3.11/site-packages
  executable location = /usr/local/bin/ansible
  python version = 3.11.2 (main, Sep 12 2023, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True
[root@rl9-tools ise]# ansible-galaxy collection list | grep cisco\.ise
cisco.ise                     2.6.2  
[root@rl9-tools ise]# pip list | grep -E 'ciscoise|ansible'
ansible                   9.1.0
ansible-core              2.16.1
ansible-lint              6.22.1
ansible-pylibssh          1.1.0
ciscoisesdk               2.1.2

It seems that ansible collection uses 'ndgtype' as attribute, but then it is not translated to 'othername' calling the ISE API.

 

 

0 Helpful

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee
In response to cnarducci

‎12-12-2023 08:46 AM

Interesting.  Please open a case with TAC and PM me the case number.


CharlieMoreton_0-1702399543684.png

 

0 Helpful

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎12-12-2023 09:52 AM

Update, this is covered in CSCwd24304 .  Unfortunately, since the `ndgtype` attribute was reverted back to `othername`, the `cisco.ise` Ansible collection has not been updated to reflect this.  You'll have to use the API, for example:

    - name: Create network device group # noqa: run-once[task]
      delegate_to: localhost
      ansible.builtin.uri:
        url: "https://{{ ise_url }}/ers/config/networkdevicegroup"
        method: POST
        url_username: "{{ ise_username }}"
        url_password: "{{ ise_init_password }}"
        force_basic_auth: yes
        body: |
          { 
            "name": "Device Type#All Device Types#{{ network_device_group_name }}",
            "description": "All Device Types",
            "othername": "Device Type"
          }
        body_format: json
        validate_certs: "{{ ise_verify }}"
Customers Also Viewed These Support Documents