-> Disclaimer: Please refer to our General Support Statement before proceeding with the use of this collection. You can also refer to our troubleshooting guide for guidance on typical problems.
Example Ansible playbooks using the Zscaler Private Access Ansible Collection, and what you'll need to get started writing your own. We try to add interesting things to this repository over time based on customer questions, so check back from time to time.
- Free software: MIT License
- Documentation
- Repository
- Example Playbooks
This collection is tested with the most current Ansible releases. Ansible versions before 2.15 are not supported.
The minimum python version for this collection is python 3.9.
First, you'll need to install Ansible on the machine that will execute your playbooks (called the control node). The control node can be as simple as a laptop, and can be running any Unix-like OS (Linux, BSD, macOS).
You'll want to generally follow the Ansible documentation for installing Ansible on your machine, but here are quick instructions for popular choices:
Install from Pip (Python package manager):
pip3 install --user ansible
export PATH=$PATH:$HOME/Library/Python/3.9/binInstall from EPEL:
sudo yum install epel-release
sudo yum install ansibleInstall from the Ansible PPA:
sudo apt update
sudo apt install software-properties-common
sudo apt-add-repository --yes --update ppa:ansible/ansible
sudo apt install ansibleYou'll want to permanently modify the PATH in your shell's config file as well.
Install this collection using the Ansible Galaxy CLI:
ansible-galaxy collection install zscaler.zpacloudYou can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml, using the format:
collections:
- zscaler.zpacloudOnce you're done with installing Ansible, clone this repo, and install the ZPA collection from Ansible Galaxy as well as the Python modules it depends on:
git clone https://github.com/zscaler/zpacloud-playbooks.git
cd ansible-playbooks/
ansible-galaxy collection install -r collections/requirements.yml
pip3 install --user -r requirements.txt$ ansible-playbook main.yml -e @creds.ymlThe credential file must be in yaml format:
client_id: "your_client_id"
client_secret: "your_client_secret"
customer_id: "your_customer_id"
cloud: "PRODUCTION" export ZPA_CLIENT_ID="your_client_id"
export ZPA_CLIENT_SECRET="your_client_secret"
export ZPA_CUSTOMER_ID="your_customer_id"
export ZPA_CLOUD="PRODUCTION"You can use these playbooks as a base by cloning this repository. Each of them is documented with how to run them via
ansible-playbook and their customization options.
- zpa_app_connector_groups - Create/Update/Delete an app connector group.
- zpa_app_connector_groups_info - Gather information details (ID and/or Name) of a app connector group.
- zpa_application_segment - Create/Update/Delete an application segment.
- zpa_application_segment_info - Gather information details (ID and/or Name) of a application segment.
- zpa_application_server - Create/Update/Delete an Application Server.
- zpa_application_server_info - Gather information details (ID and/or Name) of an application server.
- zpa_ba_certificate_info - Gather information details (ID and/or Name) of an browser access certificate.
- zpa_cloud_connector_group_info - Gather information details (ID and/or Name) of an cloud connector group.
- zpa_enrollment_cert_info - Gather information details (ID and/or Name) of an enrollment certificate for use when creating provisioning keys for connector groups or service edge groups.
- zpa_idp_controller_info - Gather information details (ID and/or Name) of an identity provider (IdP) created in the ZPA tenant.
- zpa_machine_group_info - Gather information details (ID and/or Name) of an machine group for use in a policy access and/or forwarding rules.
- zpa_policy_access_rule - Create/Update/Delete a policy access rule.
- zpa_policy_access_rule_info - Gather information details (ID and/or Name) of a policy access rule.
- zpa_policy_access_timeout_rule - Create/Update/Delete a policy access timeout rule.
- zpa_policy_timeout_rule_info - Gather information details (ID and/or Name) of a policy access timeout rule.
- zpa_policy_forwarding_rule - Create/Update/Delete a policy access forwarding rule.
- zpa_policy_forwarding_rule_info - Gather information details (ID and/or Name) of a policy access forwarding rule.
- zpa_posture_profile_info - Gather information details (ID and/or Name) of a posture profile to use in a policy access, timeout or forwarding rules.
- zpa_provisioning_key - Create/Update/Delete a provisioning key.
- zpa_provisioning_key_info - Gather information details (ID and/or Name) of a provisioning key.
- zpa_saml_attribute_info - Gather information details (ID and/or Name) of a saml attribute.
- zpa_scim_attribute_header_info - Gather information details (ID and/or Name) of a scim attribute header.
- zpa_scim_group_info - Gather information details (ID and/or Name) of a scim group.
- zpa_segment_group - Create/Update/Delete a segment group.
- zpa_segment_group_info - Gather information details (ID and/or Name) of a segment group.
- zpa_server_group - Create/Update/Delete a segment group.
- zpa_server_group_info - Gather information details (ID and/or Name) of a server group.
- zpa_service_edge_group_info - Gather information details (ID and/or Name) of a service edge group.
- zpa_service_edge_group - Create/Update/Delete an service edge group.
- zpa_trusted_network_info - Gather information details (ID and/or Name) of a trusted network for use in a policy access and/or forwarding rules.
Copyright (c) 2023 Zscaler
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.