SIMPLE-7648: Added configuration to the ISE node definition #62
Conversation
xorrkaz
left a comment
xorrkaz
left a comment
There was a problem hiding this comment.
Thanks for this! I'm going to hold it for now since this will break existing CML 2.x users. When 2.9 is released, I'll merge it. Ideally, this node def will ship with 2.9.
|
Dropping a note here to update these defaults a bit. |
node-definitions/cisco/ise/ise.yaml
Outdated
| - editable: true | ||
| name: ise-ztp.conf | ||
| content: |- | ||
| hostname=<hostname of Cisco ISE> |
There was a problem hiding this comment.
@BregaladTaran Can you fill some of these in with defaults? I'm thinking hostname, admin password, and domain.
There was a problem hiding this comment.
Can you submit the Windows changes as its own PR? That I can merge fairly quickly.
There was a problem hiding this comment.
Alright sorry... on it.
Updated some of the parameters of the config content; Commented all parameters which are not required to run ISE; For some parameters kept the <...> description but added a sample input to help fill them in;
| username=<admin> <--admin is the default for on-prem installations | ||
| password=<password> | ||
| username=admin | ||
| password=Cisc@123 |
There was a problem hiding this comment.
Does this password meet complexity requirements and do these settings work if IP is provided?
There was a problem hiding this comment.
-
This password does work, since it's the one I used in the last test of ISE.
-
I commented all the settings which are not required (i.e. ISE needed at the very least the settings I left uncommented)
-
Examples for nameserver and ntpserver are ones that work for me when NOT on VPN. I provided them specifically as an example, but I am assuming these will depend on the person running ISE.
-
I do have have all the values for the minimal working configuration (I can send them here if needed), but I have assumed that those should not go here since some of them work just for me (being on cisco vpn).
-
Next, I rewrote the boot timeout to 3600 since from my experience it takes at least an hour for ISE to bootup
-
issues with console:
- the console can freez-up, so it is preferred to only pay attention to VNC
- the output from console can be quite confusing - some strings get printed in the same line,
even though they should be on separate lines; sometimes an issue pops up but if ignored, the setup continues as normal; sometimes the user is prompted to "Press to continue" even though in the same lane it says that Booting OS please wait... and so on, I didn't write down all the weird things these are just some that I remember;
-
possible SERIOUS issue:
- since the ISE literally pulls 300 gigabytes of data (assuming it's started with external connector and
correct config), couldn't it be an issue if someone who maybe doesn't realize this fact, started ISE on
a machine, not knowing that there is not enough space and that if ISE is allowed to go on it wil
l completely fill the memory of said machine which will (or can) lag it out, or potentially even halt it
by filling all the memory?
(I feel like this is something which could realistically be done by accident and it could cause some
issues)
- since the ISE literally pulls 300 gigabytes of data (assuming it's started with external connector and
(These issue and observations were made using this image: http://10.122.58.4/CML2/2.9/images/Cisco-vISE-300-3.4.0.608.qcow2 )
There was a problem hiding this comment.
Wow. I've never seen an hour for the first boot. But I haven't used ISE 3.4 yet. My last experience was with 3.3. I think we should document things if it does a silent update from the internet. Again, that's not been my experience, but maybe ISE 3.4 is doing this? What does it pull down?
2 participants
No description provided.