Skip to content
Ansible Custom Modules, Handlers and Tasks for ISAM. Requires "ibmsecurity" python package.
Python
Branch: master
Clone or download
ram-ibm Merge pull request #123 from tombosmansibm/user_registry
Role to create a new user in the runtime local user registry (eg. eas…
Latest commit fc70dc5 May 24, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
aac Merge pull request #123 from tombosmansibm/user_registry May 24, 2019
activate_module Initial Release Mar 21, 2017
add_attribute_source New role for adding attribute sources Jul 6, 2017
add_chain_template New role for adding a chain template Jul 6, 2017
add_cluster_node Added signature file check and cleaned up start config to handle chec… May 1, 2017
add_federation Initial Release Mar 21, 2017
add_junction Adding default values for new attributes to allow for backward compat… Oct 15, 2018
add_junction_servers Fixed junctions server add for the new variable names for windows and… Aug 18, 2017
add_mgmtazn_role - Initial commit of all files for add_mgmtazn_role May 26, 2017
add_module_chain More Ansible roles for ISAM Aug 16, 2017
add_network_ipv4 Initial Release Mar 21, 2017
add_oauth_client Adds missing extProperties property to add_oauth_client and set_oauth… Apr 10, 2019
add_oauth_definition Update main.yml Sep 18, 2018
add_partner
add_reverseproxy_conf Remove inappropriate AAC reference in task name Sep 30, 2017
add_runtime_listening_interface
add_server_connection_ldap Update README.md May 18, 2018
add_server_connection_ws Implementation of Web Service server connection role Mar 7, 2018
add_static_route Initial Release Mar 21, 2017
add_suffix Initial Release Mar 21, 2017
add_sysaccount_group added sysaccount user and group roles Jul 25, 2017
add_sysaccount_user added sysaccount user and group roles Jul 25, 2017
add_system_alerts_rsyslog Initial Release Mar 21, 2017
add_system_alerts_smtp arranged indentation smtp Jul 18, 2017
add_system_alerts_snmp
archive_logs New roles for reverse proxy log archival and start/stop/restart execu… Jun 5, 2017
authenticate_policy_attachments Initial Release Mar 21, 2017
base Merge pull request #126 from tombosmansibm/add_bonding_interface May 24, 2019
bootstrap_local re-arrange first steps Apr 14, 2017
config_dns Initial Release Mar 21, 2017
config_failover_cookie Initial Release Mar 21, 2017
config_fed_dir Initial Release Mar 21, 2017
config_ntp Initial Release Mar 21, 2017
config_policy_attachments Initial Release Mar 21, 2017
config_policyserver Initial Release Mar 21, 2017
config_reverseproxy_aac Fixed bugs in new role to config isamcfg. Apr 17, 2019
config_reverseproxy_federation Initial Release Mar 21, 2017
config_reverseproxy_oauth New role to configure reverse proxy for oauth - replaces isamcfg util… Jul 27, 2018
config_snmp_monitoring Initial Release Mar 21, 2017
create_keystore Provide role variables Jul 4, 2017
create_mgmt_root_dir Removed restart (RP) handler Jul 26, 2017
create_mgmt_root_file Fixed handlers adding files to RP and also braces for RP operation ex… Jul 26, 2017
create_reverseproxy Initial Release Mar 21, 2017
create_runtime_template_directories added a role to import runtime template files and a role to create a … Jun 21, 2018
create_snapshot Added a new role to create a snapshot Jun 4, 2017
delete_activation Initial Release Mar 21, 2017
delete_mgmt_root_file Initial Release Mar 21, 2017
delete_reverseproxy_conf Remove inappropriate AAC reference in task name Sep 30, 2017
execute_compare Fixed issues with the compare role May 12, 2017
execute_isamcfg Initial Release Mar 21, 2017
execute_pdadmin Fix for issue #47 Dec 10, 2017
execute_rp_op Modify syntax on reference to item Jan 4, 2018
export_application_logs
export_cluster_sign Initial Release Mar 21, 2017
externalize_hvdb_db2 Initial Release Mar 21, 2017
fed BugFix+Typo+Default vars Jul 27, 2018
first_steps Added flag to allow for admin password change to be skipped May 12, 2017
gen_report Added roles for creating reports, added more checks to pdadmin execution Jun 4, 2017
get_federation Added roles for creating reports, added more checks to pdadmin execution Jun 4, 2017
get_firmware Added roles for creating reports, added more checks to pdadmin execution Jun 4, 2017
get_fixpack Added roles for creating reports, added more checks to pdadmin execution Jun 4, 2017
get_junction_details Added roles for creating reports, added more checks to pdadmin execution Jun 4, 2017
get_junctions Added roles for creating reports, added more checks to pdadmin execution Jun 4, 2017
get_reverseproxies Added roles for creating reports, added more checks to pdadmin execution Jun 4, 2017
import_ca_certs Initial Release Mar 21, 2017
import_client_cert_mapping Initial Release Mar 21, 2017
import_http_transformation Initial Release Mar 21, 2017
import_management_root Initial Release Mar 21, 2017
import_personal_cert Initial Release Mar 21, 2017
import_runtime_template_file Use 'id' parameter required by the python lib Apr 11, 2019
import_url_mapping Initial Release Mar 21, 2017
install_firmware Initial Release Mar 21, 2017
install_fixpack Initial Release Mar 21, 2017
install_license this commit fixes #35 Aug 25, 2017
load_signer_cert Initial Release Mar 21, 2017
meta Initial Release Mar 21, 2017
sanity_checks Split start_config role into sanity_checks and first_steps roles May 12, 2017
search_attribute_source More Ansible roles for ISAM Aug 16, 2017
search_mapping_rule More Ansible roles for ISAM Aug 16, 2017
set_access_control_policy Initial Release Mar 21, 2017
set_admin_cfg New role to configure reverse proxy for oauth - replaces isamcfg util… Jul 27, 2018
set_admin_pw Use old_password to authenticate with ISAM Mar 26, 2017
set_advanced_tuning_parameter Add optional support for 'comment' parameter of advanced tuning param… May 29, 2018
set_audit_configuration Initial Release Mar 21, 2017
set_auth_mech Initial Release Mar 21, 2017
set_auth_policy Initial Release Mar 21, 2017
set_cert_replication Initial Release Mar 21, 2017
set_cluster_config Invoke handler to restart AAC Runtime when appropriate Mar 12, 2018
set_current_point_of_contact Initial Release Mar 21, 2017
set_federation Initial Release Mar 21, 2017
set_host_records Initial Release Mar 21, 2017
set_junction Adding default values for new attributes to allow for backward compat… Oct 15, 2018
set_keystore_desc Set keystore description role Jul 4, 2017
set_ldap_root_pw Initial Release Mar 21, 2017
set_ldap_user_attr fix README.md format Apr 7, 2017
set_ldap_user_pw Force AAC Runtime restart should it be required after embedded ldap p… Mar 17, 2018
set_mapping_rule Initial Release Mar 21, 2017
set_mgmtazn_role_feature Initial Release Mar 21, 2017
set_network_hostname Initial Release Mar 21, 2017
set_network_ipv4_dhcp Initial Release Mar 21, 2017
set_oauth_client Adds missing extProperties property to add_oauth_client and set_oauth… Apr 10, 2019
set_oauth_definition Added oidc parameter Apr 19, 2018
set_partner Initial Release Mar 21, 2017
set_reverseproxy_conf Initial Release Mar 21, 2017
set_rsyslog_forwarder
set_rsyslog_forwarder_sources Basic implementation for rsyslog forwader Feb 7, 2019
set_runtime_replication Initial Release Mar 21, 2017
set_runtime_tuning_parameter Made snapshot optional and added handler for restarting AAC Runtime Jan 18, 2018
set_tcpip_tuning Fixed bug in setting port range as part of TCP/IP tuning. Mar 5, 2019
start_config New role to execute aac configuration to replace isamcfg. Apr 17, 2019
switch_auth Provide support for the 4 other out-of-the-box management AuthZ roles Jun 12, 2018
update_advanced_configuration Initial Release Mar 21, 2017
update_auth_mech Initial Release Mar 21, 2017
update_management_root Provide support for ZIP archive upload and deletion of unneede locales Mar 16, 2019
update_management_ssl_cert New role to update LMI management certificate keys store Dec 10, 2017
update_network_interface_vlan Initial Release Mar 21, 2017
update_network_ipv4 Fix snapshot variable name to appropriate variable: update_network_ip… Sep 13, 2018
update_point_of_contact Fix comment Mar 23, 2018
update_reverseproxy_conf Remove inappropriate AAC reference in task name Sep 30, 2017
update_static_route Initial Release Mar 21, 2017
upload_extension Initial Release Mar 21, 2017
upload_ltpa_key Added new role for uploading LTPA key files Jul 5, 2017
upload_mapping_rule Initial Release Mar 21, 2017
web Merge pull request #86 from svetterIO/master Apr 16, 2019
.gitignore update .gitignore Apr 7, 2017
LICENSE Initial Release Mar 21, 2017
README.md Update README.md Jun 7, 2018

README.md

IBM Sample Code

This repository contains Ansible Custom Modules and Roles for automating ISAM Appliance tasks. Custom Modules provide the interface to python idempotent functions in ibmsecurity package. Handlers are coded into the roles to ensure changes are committed (deployed) and relevant processes restarted.

Requirements

Python v2.7.10 and above is required for this package.

The following Python Packages are required (including their dependencies):

  1. ibmsecurity
  2. ansible

Appliances need to have an ip address defined for their LMI. This may mean that appliances have had their initial setup done with license acceptance.

Get Started

Use ansible-galaxy to install the roles like so: ansible-galaxy install git+https://github.com/ibm-security/isam-ansible-roles.git --roles-path <dest dir>

Using the --roles-path option allows installation to a desired location. This avoids the need to write to system directory.

Use the following setting in ansible.cfg to set the location of the installed roles:

[defaults]
roles_path = <dest dir>

Versioning

git tag will be used to indicate version numbers. The version numbers will be based on date. For example: "2017.03.20.0"

It is the date when the package is released with a sequence number at the end to handle when there are multiple releases in one day (expected to be uncommon).

Features

The start_config role is a requirement for every playbok. It contains the custom modules and all handlers. All other roles have a dependency on it and start_config will get automatically invoked as needed.This repository contains a small selection of roles - users are encouraged to add more as needed.

Custom Modules

”Modules (also referred to as “task plugins” or “library plugins”) are the ones that do the actual work in ansible, they are what gets executed in each playbook task. But you can also run a single one using the ‘ansible’ command.” http://docs.ansible.com/ansible/modules_intro.html

Ansible custom modules provide the glue to seamless invoke python functions to execute REST API calls against ISAM appliances. There are three custom modules. Each allows a different set of parameters to be passed.

isam - this module is for all calls to ISAM appliances except PDAdmin calls.

isamadmin - this module is for making PDAdmin calls. Check mode execution is not supported.

isamcompare - this module allows one to compare a feature of one appliance with another. This is read only call where the JSON data from one appliance is comapared against another.

Handlers

After a change happens, ansible can be set to execute "handlers" to commit changes and/or restart processes. Handlers are just other tasks. Handlers execute based on the sequence in which they are listed. See start_config role for details.

Roles

“Roles in Ansible build on the idea of include files and combine them to form clean, reusable abstractions – they allow you to focus more on the big picture and only dive down into the details when needed.” http://docs.ansible.com/ansible/playbooks_roles.html

Using roles allows one to concentrate on describing the business needs in a playbook. The actual call to the python function and the need to deploy and restart processes is taken care of isnide the role.

Naming of Roles and variables

Roles start with a verb like "set" or "add" followed by a name that describes either the task or the python function being called. This depends on whether the role contains a single tasks or a combination of tasks.

Preference should be given to using "set" roles versus ones that do an "add" or "update". This allows for the role to either do an add or an update as the situation demands.

License

The contents of this repository are open-source under the Apache 2.0 licence.

Copyright 2017 International Business Machines

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Ansible is a trademark of Red Hat, Inc.

You can’t perform that action at this time.