Awesome
ciscomeraki-meraki
Table of Contents
- Description
- Setup - The basics of getting started with ciscomeraki-meraki
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
This Puppet module facilitates the configuration and management of Cisco Meraki via the Meraki Dashboard API and Puppet Resource API + Puppet Device.
Current capabilities of the module are limited in scope, but the desire is to gain functionality via community contribution... hint. hint.
Setup
Setup Requirements
Use of this module requires Puppet >= 4.10.x (although >= 5.3.6 is suggested) and the following
Agent (Puppet Device)
Puppet Resource API
Agent (Puppet Device) dependencies can be install with Puppet via the included meraki class or manually via
sudo /opt/puppetlabs/puppet/bin/gem install puppet-resource_api
Meraki dashboard-api manually via
sudo /opt/puppetlabs/puppet/bin/gem install dashboard-api
Master
Puppet Resource API
Resource API can be installed with Puppet via the puppetlabs/resource_api module and resource_api::server class or manually via
sudo /opt/puppetlabs/bin/puppetserver gem install puppet-resource_api
Beginning with ciscomeraki-meraki
Usage of the module requires a Meraki Dashboard API access enabled and an API access key. https://documentation.meraki.com/zGeneral_Administration/Other_Topics/The_Cisco_Meraki_Dashboard_API
Puppet device is to be configured per Meraki Organization and/or Network. A list of organizations or networks the user has access to can be gathered with the Puppet Tasks meraki::list_orgs and meraki::list_networks
Note if using Puppet Enterprise CLI execution of Tasks requires an access token
[root@puppet-device-devel tasks]# puppet task run meraki::list_orgs key=apikey123 -n puppet-device-devel.shermdog.local
Starting job ...
New job ID: 8
Nodes: 1
Started on puppet-device-devel.shermdog.local ...
Finished on node puppet-device-devel.shermdog.local
status : success
organizations : [{"id":549236,"name":"Meraki DevNet Sandbox"},{"id":646829496481088929,"name":"SD Test"}]
Job completed. 1/1 nodes succeeded.
Duration: 2 sec
[root@puppet-device-devel ~]# puppet task run meraki::list_networks key=apikey123 -n puppet-device-devel.shermdog.local
Starting job ...
New job ID: 22
Nodes: 1
Started on puppet-device-devel.shermdog.local ...
Finished on node puppet-device-devel.shermdog.local
status : success
networks : [{"id":"L_646829496481097728","name":"Wireless 2","tags":null,"type":"combined","timeZone":"America/Los_Angeles","organizationId":"646829496481088375"},{"id":"N_686235993220589511","name":"jr","tags":null,"type":"wireless","timeZone":"America/Los_Angeles","organizationId":"646829496481088375"},{"id":"L_686235993220583318","name":"branch office","tags":null,"type":"combined","timeZone":"America/Los_Angeles","organizationId":"646829496481088375"},{"id":"L_686235993220583319","name":"DC Branch","tags":null,"type":"combined","timeZone":"America/Los_Angeles","organizationId":"646829496481088375"}]
Job completed. 1/1 nodes succeeded.
Duration: 1 sec
vi /etc/puppetlabs/puppet/device.conf
[meraki-devnet-org]
type meraki_organization
url file:///root/meraki.yaml
[meraki-devnet-net]
type meraki_network
url file:///root/mnet.yaml
vi /root/meraki.yaml
default{
node {
dashboard_org_id = 123456
dashboard_api_key = apikey789
}
}
vi /root/mnet.yaml
default{
node {
dashboard_network_id = L_5678
dashboard_api_key = apikey789
}
}
Puppet Device nodes require a signed certificate from the master (just like an Agent). Adding and removing nodes
By default Puppet Device will process all nodes configured in device.conf. Output by default is suppressed, so include -v for interactive runs.
/opt/puppetlabs/puppet/bin/puppet device -v
Individual nodes (organizations) can be specified
/opt/puppetlabs/puppet/bin/puppet device -v --target meraki-devnet-org
Current administrators can be returned interactively as Puppet code
/opt/puppetlabs/puppet/bin/puppet device -v --target meraki-devnet-org --resource meraki_admin
Current administrators can be returned interactively as Puppet code and filtered by email
[root@puppet-device-devel ~]# /opt/puppetlabs/puppet/bin/puppet device -v --target meraki-devnet-org --resource meraki_admin shermdog@puppet.com
Info: retrieving resource: meraki_admin from meraki-devnet-org at file:///etc/puppetlabs/code/environments/production/meraki.yaml
meraki_admin { "shermdog@puppet.com":
fullname => 'Rick Sherman',
ensure => 'present',
# id => '646829496481137785', # Read Only
orgaccess => 'full',
networks => [
{
'id' => 'L_646829496481099051',
'access' => 'full'
},
{
'id' => 'L_646829496481095933',
'access' => 'full'
},
{
'id' => 'N_646829496481143399',
'access' => 'full'
}],
tags => [
{
'tag' => 'Sandbox',
'access' => 'full'
},
{
'tag' => 'branch',
'access' => 'full'
}],
}
Current VLANs can be returned interactively as Puppet code and filtered by ID
[root@puppet-device-devel ~]# puppet device -v -t meraki-devnet-net --resource meraki_vlan 99
Info: retrieving resource: meraki_vlan from meraki-devnet-net at file:///root/mnet.yaml
meraki_vlan { "99":
ensure => 'present',
description => 'Managed by Puppet',
subnet => '10.0.99.0/24',
applianceip => '10.0.99.1',
fixedipassignments => {
'52:54:00:e3:5d:3d' => {
'ip' => '10.0.99.202',
'name' => 'test2'
}
},
reservedipranges => [
{
'start' => '10.0.99.1',
'end' => '10.0.99.101',
'comment' => 'test 1'
},
{
'start' => '10.0.99.200',
'end' => '10.0.99.225',
'comment' => 'test 2'
}],
dnsnameservers => 'upstream_dns',
}
Reference
Limitations
meraki_vlan
The Meraki API currently does not allow for the removal of fixedIpAssignments once they have been set. Puppet will still try to remove them.
Development
This module leverages Puppet Resource API and is compatible with Puppet PDK
Additional information on contributing to the module will be forthcoming.