Home

Awesome

ciscomeraki-meraki

Table of Contents

  1. Description
  2. Setup - The basics of getting started with ciscomeraki-meraki
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Description

This Puppet module facilitates the configuration and management of Cisco Meraki via the Meraki Dashboard API and Puppet Resource API + Puppet Device.

Current capabilities of the module are limited in scope, but the desire is to gain functionality via community contribution... hint. hint.

Setup

Setup Requirements

Use of this module requires Puppet >= 4.10.x (although >= 5.3.6 is suggested) and the following

Agent (Puppet Device)

Puppet Resource API
Agent (Puppet Device) dependencies can be install with Puppet via the included meraki class or manually via

sudo /opt/puppetlabs/puppet/bin/gem install puppet-resource_api

Meraki dashboard-api manually via

sudo /opt/puppetlabs/puppet/bin/gem install dashboard-api

Master

Puppet Resource API
Resource API can be installed with Puppet via the puppetlabs/resource_api module and resource_api::server class or manually via

sudo /opt/puppetlabs/bin/puppetserver gem install puppet-resource_api

Beginning with ciscomeraki-meraki

Usage of the module requires a Meraki Dashboard API access enabled and an API access key. https://documentation.meraki.com/zGeneral_Administration/Other_Topics/The_Cisco_Meraki_Dashboard_API

Puppet device is to be configured per Meraki Organization and/or Network. A list of organizations or networks the user has access to can be gathered with the Puppet Tasks meraki::list_orgs and meraki::list_networks

Note if using Puppet Enterprise CLI execution of Tasks requires an access token

[root@puppet-device-devel tasks]# puppet task run meraki::list_orgs key=apikey123 -n puppet-device-devel.shermdog.local
Starting job ...
New job ID: 8
Nodes: 1

Started on puppet-device-devel.shermdog.local ...
Finished on node puppet-device-devel.shermdog.local
  status : success
  organizations : [{"id":549236,"name":"Meraki DevNet Sandbox"},{"id":646829496481088929,"name":"SD Test"}]

Job completed. 1/1 nodes succeeded.
Duration: 2 sec
[root@puppet-device-devel ~]# puppet task run meraki::list_networks key=apikey123 -n puppet-device-devel.shermdog.local
Starting job ...
New job ID: 22
Nodes: 1

Started on puppet-device-devel.shermdog.local ...
Finished on node puppet-device-devel.shermdog.local
  status : success
  networks : [{"id":"L_646829496481097728","name":"Wireless 2","tags":null,"type":"combined","timeZone":"America/Los_Angeles","organizationId":"646829496481088375"},{"id":"N_686235993220589511","name":"jr","tags":null,"type":"wireless","timeZone":"America/Los_Angeles","organizationId":"646829496481088375"},{"id":"L_686235993220583318","name":"branch office","tags":null,"type":"combined","timeZone":"America/Los_Angeles","organizationId":"646829496481088375"},{"id":"L_686235993220583319","name":"DC Branch","tags":null,"type":"combined","timeZone":"America/Los_Angeles","organizationId":"646829496481088375"}]

Job completed. 1/1 nodes succeeded.
Duration: 1 sec

vi /etc/puppetlabs/puppet/device.conf

[meraki-devnet-org]
  type meraki_organization
  url file:///root/meraki.yaml

[meraki-devnet-net]
  type meraki_network
  url file:///root/mnet.yaml

vi /root/meraki.yaml


default{
  node {
    dashboard_org_id = 123456
    dashboard_api_key = apikey789
  }
}

vi /root/mnet.yaml



default{
  node {
    dashboard_network_id = L_5678
    dashboard_api_key = apikey789
  }
}

Puppet Device nodes require a signed certificate from the master (just like an Agent). Adding and removing nodes

By default Puppet Device will process all nodes configured in device.conf. Output by default is suppressed, so include -v for interactive runs.

/opt/puppetlabs/puppet/bin/puppet device -v

Individual nodes (organizations) can be specified

/opt/puppetlabs/puppet/bin/puppet device -v --target meraki-devnet-org

Current administrators can be returned interactively as Puppet code

/opt/puppetlabs/puppet/bin/puppet device -v --target meraki-devnet-org --resource meraki_admin

Current administrators can be returned interactively as Puppet code and filtered by email

[root@puppet-device-devel ~]# /opt/puppetlabs/puppet/bin/puppet device -v --target meraki-devnet-org --resource meraki_admin shermdog@puppet.com
Info: retrieving resource: meraki_admin from meraki-devnet-org at file:///etc/puppetlabs/code/environments/production/meraki.yaml
meraki_admin { "shermdog@puppet.com": 
  fullname => 'Rick Sherman',
  ensure => 'present',
# id => '646829496481137785', # Read Only
  orgaccess => 'full',
  networks => [
  {
    'id' => 'L_646829496481099051',
    'access' => 'full'
  },
  {
    'id' => 'L_646829496481095933',
    'access' => 'full'
  },
  {
    'id' => 'N_646829496481143399',
    'access' => 'full'
  }],
  tags => [
  {
    'tag' => 'Sandbox',
    'access' => 'full'
  },
  {
    'tag' => 'branch',
    'access' => 'full'
  }],
}

Current VLANs can be returned interactively as Puppet code and filtered by ID

[root@puppet-device-devel ~]# puppet device -v -t meraki-devnet-net --resource meraki_vlan 99
Info: retrieving resource: meraki_vlan from meraki-devnet-net at file:///root/mnet.yaml
meraki_vlan { "99": 
  ensure => 'present',
  description => 'Managed by Puppet',
  subnet => '10.0.99.0/24',
  applianceip => '10.0.99.1',
  fixedipassignments => {
  '52:54:00:e3:5d:3d' => {
    'ip' => '10.0.99.202',
    'name' => 'test2'
  }
},
  reservedipranges => [
  {
    'start' => '10.0.99.1',
    'end' => '10.0.99.101',
    'comment' => 'test 1'
  },
  {
    'start' => '10.0.99.200',
    'end' => '10.0.99.225',
    'comment' => 'test 2'
  }],
  dnsnameservers => 'upstream_dns',
}

Reference

Puppet Strings REFERENCE.md

Limitations

meraki_vlan

The Meraki API currently does not allow for the removal of fixedIpAssignments once they have been set. Puppet will still try to remove them.

Development

This module leverages Puppet Resource API and is compatible with Puppet PDK

Additional information on contributing to the module will be forthcoming.