ciscomeraki-meraki

Table of Contents

1. Description
2. Setup - The basics of getting started with ciscomeraki-meraki
   • Setup requirements
   • Beginning with ciscomeraki-meraki
3. Usage - Configuration options and additional functionality
4. Reference - An under-the-hood peek at what the module is doing and how
5. Limitations - OS compatibility, etc.
6. Development - Guide for contributing to the module

Description

This Puppet module facilitates the configuration and management of Cisco Meraki via the Meraki Dashboard API and Puppet Resource API + Puppet Device.

Current capabilities of the module are limited in scope, but the desire is to gain functionality via community contribution... hint. hint.

Setup

Setup Requirements

Use of this module requires Puppet >= 4.10.x (although >= 5.3.6 is suggested) and the following

Agent (Puppet Device)

Puppet Resource API
Agent (Puppet Device) dependencies can be install with Puppet via the included meraki class or manually via

sudo /opt/puppetlabs/puppet/bin/gem install puppet-resource_api

Meraki dashboard-api manually via

sudo /opt/puppetlabs/puppet/bin/gem install dashboard-api

Master

Puppet Resource API
Resource API can be installed with Puppet via the puppetlabs/resource_api module and resource_api::server class or manually via

sudo /opt/puppetlabs/bin/puppetserver gem install puppet-resource_api

Beginning with ciscomeraki-meraki

Usage of the module requires a Meraki Dashboard API access enabled and an API access key. https://documentation.meraki.com/zGeneral_Administration/Other_Topics/The_Cisco_Meraki_Dashboard_API

Puppet device is to be configured per Meraki Organization and/or Network. A list of organizations or networks the user has access to can be gathered with the Puppet Tasks meraki::list_orgs and meraki::list_networks

Note if using Puppet Enterprise CLI execution of Tasks requires an access token

[root@puppet-device-devel tasks]# puppet task run meraki::list_orgs key=apikey123 -n puppet-device-devel.shermdog.local
Starting job ...
New job ID: 8
Nodes: 1

Started on puppet-device-devel.shermdog.local ...
Finished on node puppet-device-devel.shermdog.local
  status : success
  organizations : [{"id":549236,"name":"Meraki DevNet Sandbox"},{"id":646829496481088929,"name":"SD Test"}]

Job completed. 1/1 nodes succeeded.
Duration: 2 sec

[root@puppet-device-devel ~]# puppet task run meraki::list_networks key=apikey123 -n puppet-device-devel.shermdog.local
Starting job ...
New job ID: 22
Nodes: 1

Started on puppet-device-devel.shermdog.local ...
Finished on node puppet-device-devel.shermdog.local
  status : success
  networks : [{"id":"L_646829496481097728","name":"Wireless 2","tags":null,"type":"combined","timeZone":"America/Los_Angeles","organizationId":"646829496481088375"},{"id":"N_686235993220589511","name":"jr","tags":null,"type":"wireless","timeZone":"America/Los_Angeles","organizationId":"646829496481088375"},{"id":"L_686235993220583318","name":"branch office","tags":null,"type":"combined","timeZone":"America/Los_Angeles","organizationId":"646829496481088375"},{"id":"L_686235993220583319","name":"DC Branch","tags":null,"type":"combined","timeZone":"America/Los_Angeles","organizationId":"646829496481088375"}]

Job completed. 1/1 nodes succeeded.
Duration: 1 sec

vi /etc/puppetlabs/puppet/device.conf

[meraki-devnet-org]
  type meraki_organization
  url file:///root/meraki.yaml

[meraki-devnet-net]
  type meraki_network
  url file:///root/mnet.yaml

vi /root/meraki.yaml

default{
  node {
    dashboard_org_id = 123456
    dashboard_api_key = apikey789
  }
}

vi /root/mnet.yaml

default{
  node {
    dashboard_network_id = L_5678
    dashboard_api_key = apikey789
  }
}

Puppet Device nodes require a signed certificate from the master (just like an Agent). Adding and removing nodes

By default Puppet Device will process all nodes configured in device.conf. Output by default is suppressed, so include -v for interactive runs.

/opt/puppetlabs/puppet/bin/puppet device -v

Individual nodes (organizations) can be specified

/opt/puppetlabs/puppet/bin/puppet device -v --target meraki-devnet-org

Current administrators can be returned interactively as Puppet code

/opt/puppetlabs/puppet/bin/puppet device -v --target meraki-devnet-org --resource meraki_admin

Current administrators can be returned interactively as Puppet code and filtered by email

[root@puppet-device-devel ~]# /opt/puppetlabs/puppet/bin/puppet device -v --target meraki-devnet-org --resource meraki_admin shermdog@puppet.com
Info: retrieving resource: meraki_admin from meraki-devnet-org at file:///etc/puppetlabs/code/environments/production/meraki.yaml
meraki_admin { "shermdog@puppet.com": 
  fullname => 'Rick Sherman',
  ensure => 'present',
# id => '646829496481137785', # Read Only
  orgaccess => 'full',
  networks => [
  {
    'id' => 'L_646829496481099051',
    'access' => 'full'
  },
  {
    'id' => 'L_646829496481095933',
    'access' => 'full'
  },
  {
    'id' => 'N_646829496481143399',
    'access' => 'full'
  }],
  tags => [
  {
    'tag' => 'Sandbox',
    'access' => 'full'
  },
  {
    'tag' => 'branch',
    'access' => 'full'
  }],
}

Current VLANs can be returned interactively as Puppet code and filtered by ID

[root@puppet-device-devel ~]# puppet device -v -t meraki-devnet-net --resource meraki_vlan 99
Info: retrieving resource: meraki_vlan from meraki-devnet-net at file:///root/mnet.yaml
meraki_vlan { "99": 
  ensure => 'present',
  description => 'Managed by Puppet',
  subnet => '10.0.99.0/24',
  applianceip => '10.0.99.1',
  fixedipassignments => {
  '52:54:00:e3:5d:3d' => {
    'ip' => '10.0.99.202',
    'name' => 'test2'
  }
},
  reservedipranges => [
  {
    'start' => '10.0.99.1',
    'end' => '10.0.99.101',
    'comment' => 'test 1'
  },
  {
    'start' => '10.0.99.200',
    'end' => '10.0.99.225',
    'comment' => 'test 2'
  }],
  dnsnameservers => 'upstream_dns',
}

Reference

Puppet Strings REFERENCE.md

Limitations

meraki_vlan

The Meraki API currently does not allow for the removal of fixedIpAssignments once they have been set. Puppet will still try to remove them.

Development

This module leverages Puppet Resource API and is compatible with Puppet PDK

Additional information on contributing to the module will be forthcoming.

Reference

Classes

• meraki:
• meraki::install: Private class

Resource types

• meraki_admin: This type provides Puppet with the capabilities to manage Administators on the Meraki Dashboard
• meraki_vlan: This type provides Puppet with the capabilities to manage VLANs on the Meraki Dashboard

Tasks

• list_networks: List the organizations that the user has privileges on
• list_orgs: List the organizations that the user has privileges on

Classes

meraki

The meraki class.

meraki::install

Private class

Resource types

meraki_admin

This type provides Puppet with the capabilities to manage Administators on the Meraki Dashboard

Properties

The following properties are available in the meraki_admin type.

ensure

Data type: Enum[present, absent]

Resource is ensurable (present, absent).

Default value: present

fullname

Data type: String

The name of the dashboard administrator

id

Data type: Integer

ID of administrator

orgaccess

Data type: Enum["full","read-only","none"]

The privilege of the dashboard administrator on the organization (full, read-only, none)

networks

Data type: Optional[Array[Hash]]

The list of networks that the dashboard administrator has privileges on. Contains the network ID, and privilege of the dashboard administrator on the network

tags

Data type: Optional[Array[Hash]]

The list of tags that the dashboard administrator has privileges on. Contains the name of the tag and access privilege of the dashboard administrator on the tag

Parameters

The following parameters are available in the meraki_admin type.

email

namevar

Data type: String

The email of the dashboard administrator. This attribute can not be updated.

meraki_vlan

This type provides Puppet with the capabilities to manage VLANs on the Meraki Dashboard

Properties

The following properties are available in the meraki_vlan type.

ensure

Data type: Enum[present, absent]

Resource is ensurable (present, absent).

Default value: present

description

Data type: String

The name of the VLAN

subnet

Data type: String

The subnet of the VLAN

applianceip

Data type: String

The local IP of the appliance on the VLAN

fixedipassignments

Data type: Optional[Variant[Enum[unset], Hash]]

The DHCP fixed IP assignments on the VLAN. Can be removed via \'unset\' or empty Hash

reservedipranges

Data type: Optional[Variant[Enum[unset], Array[Hash]]]

The DHCP reserved IP ranges on the VLAN. Can be removed via \'unset\' or empty Array

vpnnatsubnet

Data type: Optional[String]

The translated VPN subnet if VPN and VPN subnet translation are enabled on the VLAN.

dnsnameservers

Data type: String

The DN nameservers used for DHCP responses, either "upstream_dns", "google_dns", "opendns", or a newline seperated string of IP addresses or domain names.

Default value: upstream_dns

Parameters

The following parameters are available in the meraki_vlan type.

id

namevar

Data type: String

The VLAN ID (must be between 1 and 4094)

Tasks

list_networks

List the organizations that the user has privileges on

Supports noop? false

Parameters

key

Data type: String[1]

API Key for Meraki Dashboard

organization

Data type: Optional[String[1]]

Organization ID

list_orgs

List the organizations that the user has privileges on

Supports noop? false

Parameters

key

Data type: String[1]

API Key for Meraki Dashboard

Changelog

All notable changes to this project will be documented in this file.

Release 0.1.0

Features

Bugfixes

Known Issues