-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathserver_profiles.yml
167 lines (167 loc) · 5.81 KB
/
server_profiles.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
---
#
# Configure Server Profiles and Policies
#
# The hosts group used is provided by the group variable or defaulted to 'Intersight_Servers'.
# You can specify a specific host (or host group) on the command line:
# ansible-playbook ... -e group=<your host group>
# e.g., ansible-playbook server_profiles.yml -e group=TME_Demo
#
- hosts: "{{ group | default('Intersight_Servers') }}"
connection: local
gather_facts: false
vars:
# Create an anchor for api_info that can be used throughout the file
api_info: &api_info
api_private_key: "{{ api_private_key }}"
api_key_id: "{{ api_key_id }}"
api_uri: "{{ api_uri | default(omit) }}"
validate_certs: "{{ validate_certs | default(omit) }}"
state: "{{ state | default(omit) }}"
# Server Profile name default
profile_name: "SP-{{ inventory_hostname }}"
tasks:
#
# Configure profiles specific to server (run for each server in the inventory)
# Server Profiles role will register a profile_resp and profile_resp list (from all hosts) can be used by policy tasks
#
- name: "Configure {{ profile_name }} Server Profile"
intersight_rest_api:
<<: *api_info
resource_path: /server/Profiles
query_params:
$filter: "Name eq '{{ profile_name }}'"
api_body: {
"Name": "{{ profile_name }}",
"AssignedServer": {
"Moid": "{{ server_moid }}"
}
}
register: profile_resp
when: server_moid is defined
delegate_to: localhost
tags: server_profiles
# Deploy (or perform other profile_action) when tag is set, e.g., --tags deploy
# profile_action can be given on the command line if needed, e.g., ansible-playbook ... -e profile_action=Unassign
- name: Deploy (or user defined profile_action) Server Profile
intersight_rest_api:
<<: *api_info
resource_path: /server/Profiles
query_params:
$filter: "Name eq '{{ profile_name }}'"
api_body: {
"Action": "{{ profile_action | default('Deploy') }}"
}
delegate_to: localhost
tags: [never, deploy]
#
# Enclose policy tasks in a block that runs once
# Policy API body is specified in a role specific vars section for each role import
# See https://intersight.com/apidocs/ or https://intersight.com/mobrowser/ for information on setting resource_path and api_body
#
- block:
# Boot Order policy config
- import_role:
name: policies/server_policies
vars:
resource_path: /boot/PrecisionPolicies
api_body: {
"Name": "vmedia-local-disk",
"ConfiguredBootMode": "Legacy",
"BootDevices": [
{
"ObjectType": "boot.LocalDisk",
"Enabled": true,
"Name": "boot",
"Slot": "HBA"
},
{
"ObjectType": "boot.VirtualMedia",
"Enabled": true,
"Name": "remote-vmedia",
"Subtype": "cimc-mapped-dvd"
}
]
}
tags: boot_order
# Virtual Media policy config
- import_role:
name: policies/server_policies
vars:
resource_path: /vmedia/Policies
api_body: {
"Name": "nfs-cdd",
"Mappings": [
{
"MountProtocol": "nfs",
"VolumeName": "nfs-cdd",
"DeviceType": "cdd",
"HostName": "172.28.224.77",
"RemotePath": "/mnt/SHARE/ISOS/CENTOS",
"RemoteFile": "CentOS-7-x86_64-DVD-1810.iso"
},
{
"MountProtocol": "nfs",
"VolumeName": "nfs-hdd",
"DeviceType": "hdd",
"HostName": "172.28.224.77",
"RemotePath": "/mnt/SHARE/ISOS/CENTOS/vmedia_images",
"RemoteFile": "{{ profile_name }}.img"
}
]
}
tags: virtual_media
# Bios policy config
- import_role:
name: policies/server_policies
vars:
resource_path: /bios/Policies
api_body: {
"Name": "adaptive-memory",
"CiscoAdaptiveMemTraining": "enabled"
}
tags: bios
# Snmp policy config
- import_role:
name: policies/server_policies
vars:
resource_path: /snmp/Policies
api_body: {
"Name": "snmp-local",
"Enabled": true,
"AccessCommunityString": "galaxy",
"CommunityAccess": "Disabled",
"SnmpPort": 161,
"SnmpUsers": [
{
"AuthType": "SHA",
"IsAuthPasswordSet": true,
"IsPrivacyPasswordSet": true,
"Name": "TMEUCS",
"PrivacyType": "AES",
"SecurityLevel": "AuthPriv",
"AuthPassword": "password",
"PrivacyPassword": "password"
}
],
"SysContact": "Cisco TME",
"SysLocation": "Cisco TME DC",
"TrapCommunity": "galaxy"
}
tags: snmp
# NTP policy config
- import_role:
name: policies/server_policies
vars:
resource_path: /ntp/Policies
api_body: {
"Name": "MVP_NTP",
"Enabled": true,
"NtpServers": [
"ntp.esl.cisco.com"
]
}
tags: ntp
# Policies are common, so only run this block once and not for every host
run_once: true
delegate_to: localhost