ISE proxy setting error on using ansible API

lanagna · ‎01-23-2024

Hi Team, Using below config -getting error as "None".

- name: Update all
cisco.ise.proxy_connection_settings:
ise_hostname: "{{ hostname }}.{{domain}}"
ise_username: "{{ username }}"
ise_password: "{{ password }}"
ise_verify: false
state: present
#bypassHosts: string
fqdn: "{{ fqdn_IPaddress }}"
#password: string
#passwordRequired: true
port: "{{ port }}"
register: result
#userName: admin

Error:

The full traceback is:
NoneType: None
fatal: [Node1]: FAILED! => {
"changed": false,
"msg": [
"debug, register, when. Supported parameters include: ise_debug, passwordRequired, password, ise_uses_csrf_token, ise_single_request_timeout, fqdn, state, ise_uses_api_gateway, ise_hostname, ise_verify, ise_username, port, ise_wait_on_rate_limit, userName, ise_password, bypassHosts, ise_version."
]
}
The full traceback is:
NoneType: None
fatal: [Node2]: FAILED! => {
"changed": false,
"msg": [
"debug, register, when. Supported parameters include: ise_debug, passwordRequired, password, ise_uses_csrf_token, ise_single_request_timeout, fqdn, state, ise_uses_api_gateway, ise_hostname, ise_verify, ise_username, port, ise_wait_on_rate_limit, userName, ise_password, bypassHosts, ise_version."
]
}

Charlie Moreton · ‎01-23-2024

ise_hostname: "{{ hostname }}.{{domain}}"

should just be

ise_hostname: "{{ hostname }}"

lanagna · ‎01-23-2024

@Charlie Moreton Thanks for the input, I tried the same still getting the same error.

And btw with domain, I can get the success result on using other API's.
Can you please provide me the alternate options.

Charlie Moreton · ‎01-24-2024

The error you are seeing is resolved by formatting the request.

- name: Update all
  cisco.ise.proxy_connection_settings:
    ise_hostname: "{{ hostname }}.{{domain}}"
    ise_username: "{{ username }}"
    ise_password: "{{ password }}"
    ise_verify: false
    state: present
    #bypassHosts: string
    fqdn: "{{ fqdn_IPaddress }}"
    #password: string
    #passwordRequired: true
    port: "{{ port }}"
    #userName: admin
  register: result

The `register: result` line is not a part of the `cisco.ise.proxy_connection_settings` module, which is causing the issue you are seeing. The indented lines are, since the `register` attribute is an Ansible system attribute, this is place at the same level as calling the module.

EDITED TO ADD:

Even when formatted correctly and not getting that error, I got the following error:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: NoneType: None
fatal: [localhost]: FAILED! => changed=false
  msg: Object does not exists, plugin only has update

so I went to https://cs.co/ise-api to look up the API equivalent to the ansible module. There is no API for this!

As a matter of fact, I couldn't find any reference to `proxy` on any page for the Cisco Identity Services Engine API

Charlie Moreton · ‎01-25-2024

I've done some digging and found that the API used in the ansible module is `/api/v1/system-settings/proxy` under System Settings.

I've tested this and here is the Ansible Play that I have working:

    - name: Enable proxy on {{ ise_hostname }}
      delegate_to: localhost
      ansible.builtin.uri:
        url: "https://{{ ise_hostname }}.securitydemo.net/api/v1/system-settings/proxy"
        method: PUT
        url_username: "{{ ise_username }}"
        url_password: "{{ ise_password }}"
        force_basic_auth: yes
        body: 
          {
            "fqdn": "{{ proxy_address }}",
            "passwordRequired": false,
            "port": 80,
          }
        status_code: [
                      200,  # OK
                      201,  # Created
                      500,  # Internal server error
                      ]
        body_format: json
        validate_certs: "{{ ise_verify }}"
        return_content: true
      register: response

Here's the link to the ISE System Settings APIs on Devnet: https://developer.cisco.com/docs/identity-services-engine/latest/#!system-settings-openapi