can we do the following with Ansible:

1. disable telnet
2. enabled SSH

?

Can we enable igmp snooping on a peer VLAN basis via API?

Steps fail on the on the 2920 or 2930F switches using the aruba_config module if save is set to always. The failure states that the command is "copy running-config startup-config". That is not a valid command on either of those switch models. The only command that I know of which will save the config on all models of switches both wired and wireless is "write memory".

The only workaround has been to run a later step using aruba_command to "wr mem".

Hello everyone,

Is there somehow a way to get facts from arubaoss switches? For instance, I'd like to know the switch model or the os version.

Many thanks!

Trying to get the following commands executed on my switch:

aaa port-access authenticator 1-10 supplicant-timeout 10
aaa port-access authenticator 1-10 tx-period 10
aaa port-access authenticator 1-10 active
aaa port-access 1-10 mixed

I got the following enabled:

Port-access authenticator activated [No] : Yes
Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : Yes

With the below task:

 - name: port_dot1x_1
   arubaoss_dot1x:
    client_limit: "10"
    tx_period: "10"
    supplicant_timeout: "10"
    is_authenticator_enabled: true
    is_dot1x_enabled: true
    allow_gvrp_vlans: true
    command: dot1x_config

But when I try to push any config to a port level, I struggle to get the command to run as I always get the error: "{"message":"Port 20 is not configured with any Authentication."}" with the following task:

 - name: port_dot1x_2
   arubaoss_dot1x:
    port_id: 20
    allow_mixed_users: true        
    command: authenticator_port_config

I have tried different "commands" but with the same result. Am I using the wrong command/combination/something?

Once I get this to run successfully I will (try to) implement a loop statement to run through the port ranges

  - name: Remove IP-Address VLAN 300
    arubaoss_vlan:
      vlan_id: 300
      config: "delete"
      command: config_vlan_ipaddress
      vlan_ip_address: "192.168.0.1"
      vlan_ip_mask: "255.255.255.0

according to the 3rd example

YA.16.09.0003
HP J9854A

deleting the entire vlan works. setting the ip address works.

Hi,

I run this command:

 - name: NTP Server configuration
   arubaoss_ntp:
     command: "config_ntp_ipv4addr"
     config: "create"
     ntp_ip4addr: "10.150.17.10"
     keyId: 2
     burst: True
     iburst: True
     timesyncType: ntp

and the output is that switch:ok

but looking at the switch config and there is nothing there?

I might have just missed it but where do we create a ClearPass download role?

radius-server cppm.....

I modified show_command.yml example to list clients like:

- name: Sample playbook to execute a show command and get all the configuration of a node
  hosts: localhost
  connection: local
  gather_facts: no
  vars_files:
    - variables.txt
  tasks:
    - name: Execute a show version command
      arubaos_controller_config:
        host: "{{ mm_ip }}"
        username: "{{ mm_username }}"
        password: "{{ mm_password }}"
        method: "GET"
        config_path: "{{ configuration_path }}"
        api_name: showcommand
        data: { "command": "show user name 001695161738" }

When I run:

ansible-playbook -i inventory.txt show_commands.yml -vvvv

I do not get list but the answer: "This operation can take a while depending on nubmer of users. Please be patient ..."

ok: [localhost] => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "invocation": {
        "module_args": {
            "api_name": "showcommand",
            "config_path": "/mm/mynode",
            "data": {
                "command": "show user name 001584161627"
            },
            "host": "10.16.121.253",
            "method": "GET",
            "password": "Caval0!@",
            "username": "admin"
        }
    },
    "msg": [
        "This operation can take a while depending on number of users. Please be patient ...."
    ],
    "response": {
        "_data": [
            "This operation can take a while depending on number of users. Please be patient ...."
        ]
    },
    "status_code": 200
}

This doesnt want to run either: apparently an issue with the " -name" line of the config?

 - name: 802.1X port-access config
   arubaoss_aaa_dot1x:
     is_dot1x_enabled: true
     server_group: "CPPM_Mgmt_IF"
     primary_authentication_method: DPAM_EAP_RADIUS
     allow_gvrp_vlans: true
     is_authenticator_enabled: True
     allow_mixed_users: True
     supplicant_timeout: 10
     tx_period: 10

Hi
my playbook looks like this

• name: Show existing network
  hosts: aruba_ap315
  connection: local
  gather_facts: no
  tasks:
  • name: Show existing network as a show command through API
    arubainstant_config:
    host: 192.168.100.31
    username: admin
    password: admin123
    method: POST
    api_type: action
    api_name: hostname
    data: { "iap_ip_addr": "192.168.100.31", "hostname_info": {"hostname": "AP-31"}}
    ~
    and is seems to work because it changes the Hostname , but Ansible shows me a error

root@ansible:~# ansible-playbook play1.yml -i /etc/ansible/hosts -vv
ansible-playbook 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.13 (default, Sep 26 2018, 18:42:22) [GCC 6.3.0 20170516]
Using /etc/ansible/ansible.cfg as config file

PLAYBOOK: play1.yml ********************************************************************************************************************************************************************************************************************************************************
1 plays in play1.yml

PLAY [Show existing network] ***********************************************************************************************************************************************************************************************************************************************
META: ran handlers

TASK [Show existing network as a show command through API] *****************************************************************************************************************************************************************************************************************
task path: /root/play1.yml:6
[WARNING]: Module did not set no_log for password
[WARNING]: Platform linux on host 192.168.100.31 is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
fatal: [192.168.100.31]: FAILED! => changed=false
ansible_facts:
discovered_interpreter_python: /usr/bin/python
api_call:
api_name: hostname
config_path: null
data:
hostname_info:
hostname: AP-31
iap_ip_addr: 192.168.100.31
host: 192.168.100.31
method: POST
password: admin123
url: https://192.168.100.31:4343/rest/hostname?sid=YJPfZXOw0yoOQxdtJit4
username: admin
msg: API Call failed! Exception during api call
reason: '''Status'''

PLAY RECAP *****************************************************************************************************************************************************************************************************************************************************************
192.168.100.31 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

root@ansible:~#

something wrong with the playbook ?

When the source or destination are specified in cidr notation or any, the module doesn't detect that a change has to be made. The acl will be added but the acl will be empty.

- name: Allow access rule
  arubaoss_acl_policy:
    acl_name: Test
    source_ip_address: any
    destination_ip_address: 192.168.1.0/24
    protocol_type: PT_IP
    acl_action: AA_PERMIT
    acl_type: AT_EXTENDED_IPV4

The switch OS allows you to specify either in cidr notation or any.

How can the destination port be specified? I couldn't find documentation how to specify if the port was a gt, lt, eq, range etc.

The following doesn't work to allow dhcp:

- name: Extended acl allow dhcp
  arubaoss_acl_policy:
    acl_name: Phone
    source_ip_address: 0.0.0.0
    source_ip_mask: 255.255.255.255
    destination_ip_address: 0.0.0.0
    destination_ip_mask: 255.255.255.255
    protocol_type: PT_UDP
    destination_port: 67
    acl_action: AA_PERMIT
    acl_type: AT_EXTENDED_IPV4

It would be nice to be able to set the access token directly instead of having to enter client credentials. This way you don't have to pass the credentials around, you just ask an admin for a 3h token and you can have your fun.

It also would have the advantage of not generating a token for each call to the module.

A call could then look like this:

arubaclearpass_config:
      host: "{{ publisher_ip }}"
      token: "{{ api_token }}"
      method: POST
      api_name: network-device
      data: {....}

arubaoss_vlan
not able to create vlan, gives error bellow. tried different options from examples, same result.

deleting vlan worked just fine!

arubaoss_system_attributes
worked fine for changing hostname

fatal: [switch1]: FAILED! => {
"body": "{"message":"Invalid parameters"}",
"changed": false,
"connection": "close",
"content-type": "application/json",
"invocation": {
"module_args": {
"acl_direction": null,
"acl_id": null,
"acl_type": "AT_STANDARD_IPV4",
"api_version": "v5.0",
"command": "config_vlan",
"config": "create",
"helper_addresses": "",
"host": "switch",
"ip_address_mode": "IAAM_STATIC",
"is_dhcp_server_enabled": false,
"is_dsnoop_enabled": false,
"is_jumbo_enabled": false,
"is_management_vlan": false,
"is_voice_enabled": false,
"name": "vlan300",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 80,
"port_id": "",
"port_mode": "POM_UNTAGGED",
"provider": {
"api_version": null,
"host": "switch",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 80,
"ssh_keyfile": null,
"timeout": 10,
"transport": "aossapi",
"use_proxy": false,
"use_ssl": false,
"username": "Admin",
"validate_certs": false
},
"qos_policy": null,
"ssh_keyfile": null,
"status": "VS_PORT_BASED",
"timeout": 10,
"use_ssl": false,
"username": "Admin",
"validate_certs": false,
"version": "IAV_IP_V4",
"vlan_id": 300,
"vlan_ip_address": "",
"vlan_ip_mask": "",
"vlantype": "VT_STATIC"
}
},
"msg": "HTTP Error 400: Bad Request",
"requestid": "",
"server": "eHTTP v2.0",
"status": 400,
"transfer-encoding": "chunked",
"url": "http://switch:80/rest/v5.0/vlans"
}

Hello,

As the subject says, I would like to be able to remove the "sntp server priority 1 X.X.X.X" from my config, either using cli or API, but I don't know how to do it with the module.

I am trying to assign a QoS priority to the VLAN. However, after running the playbook, the QoS is not present.

Here's the relevant section from the playbook:
- name: Create Mgmt VLAN 10 arubaoss_vlan: vlan_id: 10 name: "Mgmt VLAN" config: "create" command: config_vlan qos_policy: "7"

On the CLI, I would typically just type: "qos priority 7" while configuring the specific VLAN.

Hello,
for some time there's a possibility to distribute additional modules and plugins to ansible via colections.
Are there any plans to do it for ansible modules?

I am trying to set a DHCP address on a vlan but cant figure out how to do so.
I tried:

- name: Set vlan 300 ipv4 address to DHCP
    arubaoss_vlan:
      command: config_vlan_ipaddress
      vlan_id: 300
      version: "IAV_IP_V4"
      ip_address_mode: "IAAM_DHCP"

I get the message:

fatal: [xxxxx]: FAILED! => {"changed": false, "msg": "IP Address or version cannot be null"}

Hi,

Anyway to run 16.05 and 16.06? I'm sure it was possible to run on lower then 16.08 versions.
If not , would be wise mentioning that on the main page 😇

Thanks

Hello!

I'm trying to remove a Port (No. 6), which is assigned to another VLAN (ID: 10), from the DEFAULT_VLAN (ID: 1).
In the CLI it works with the following two commands:

vlan 1 untagged 6
no vlan 1 untagged 6

I tried this playbook:

---
 - hosts: switch1
   tasks:

    - name: Set Port 6 untagged 6 on VLAN 1
      arubaoss_vlan:
        command: config_vlan_port
        config: create
        vlan_id: 1 
        port_id: 6
        port_mode: POM_UNTAGGED

    - name: Delete untagged 6 on VLAN 1
      arubaoss_vlan:
        command: config_vlan_port
        config: delete
        vlan_id: 1 
        port_id: 6
        port_mode: POM_UNTAGGED

This is my current running config:

Running configuration:

; JL323A Configuration Editor; Created on release #WC.16.09.0004
; Ver #14:27.6f.f8.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:04

hostname "ArubaSwitch"
module 1 type jl323a
aruba-central disable
max-vlans 2048
time timezone 180
web-management ssl
ip ssh filetransfer
ip routing
interface 11
   name "UPLINK_INTERFACE"
   exit
snmp-server community "public" unrestricted
oobm
   ip address dhcp-bootp
   ipv6 enable
   ipv6 address dhcp full
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged 3
   untagged 2
   tagged 1,4-48
   ip address 172.16.0.101 255.255.255.0
   exit
vlan 10
   name "TEST"
   tagged 3,6
   no ip address
   exit
no tftp client
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager

If I run the playbook the first command works.
The second command gives me: "Port association with default vlan cannot be removed"

How do I achieve this with the Ansible or the REST-API?
I think there is a command missing in the Playbook or even the REST-API...

Any help appreciated!

Regards
Sven

sabj is missing or i'm blind :)

Thanks

I'm used to assigning ports on cisco switches. I am new to the HP's switches and commands.
I've gone through the reference guide and googled how to assign ports to certain VLANS and I'm not sure if i'm doing it right.

I'm using these commands:

int vlan 2
tagged 6-24

If anyone has any input or constructive criticism, I'm more than happy to accept! Thanks!

Due to connection plugin changes with the new Ansible 2.8 update, the AOS-CX modules do not function, we are currently investigating this and will update once resolved. To use AOS-CX modules use Ansible version 2.7.

Hi
Could you please provide more examples for Instant Access AP Configuration ?

(wish there was a "question" section instead of "issues" but in any event)

:-)

Is there a way to have the file_name the hostname of the switch? i.e. add a variable in the file_name field.

  - name: backup configuration files
    arubaoss_config_bkup:
      file_name: test1
      server_type: ST_TFTP
      server_ip: 192.168.1.2
  - name: backup configuration files
    arubaoss_config_bkup:
      file_name: test1
      config_type: CT_RUNNING_CONFIG

Hello,

I'm trying your module on my 2930F but the connection get refused because it only tries in HTTP.
On my 2930F, HTTP is disabled and I can't figured out how to force your module to go through HTTPS.

THIRD(config)# show rest-interface

REST Interface - Server Configuration

REST Interface : Enabled
REST Operational Status : Up
REST Session Idle Timeout : 7200 seconds
HTTP Access : Disabled
HTTPS Access : Enabled
SSL Port : 443

My switch_host.yml is like in the example given and the playbook is the creation of one VLAN, so quite basic.

The error :

TASK [Create VLAN 300] *********************************************************
fatal: [switch1]: FAILED! => {"changed": false, "msg": "Request failed: ", "status": -1, "url": "http://172.17.104.13:80/rest/version"}

The address should not use HTTP and port 80 but rather HTTPS and port 443.
Where and what should I add to force using SSL ?

Hey crew

This still doesnt work -- comes up with an error "mising username in cppm_details"

(2930F running 10.09)

- name: Configure Radius Profile CPPM details for User Roles
  arubaoss_radius_profile:
    command: config_radius_profile
    cppm_details: {'username':'superman','password': 'upupandaway'}

Should be 'resp.msg' as in POST case

Hi all,

I recently configured two Aruba 2930M switches and am trying to deploy them. I am having trouble connecting both switches together. I was under the impression that it was plug and play. Below is a picture of the setup:

As you can see, I have a fiber-optic cable on the right side connecting the two switches. The orange lights are currently blinking, which I assume means that they aren't properly connected or there is something on each switch I need to configure.

I have tried manipulating the connection and restarted both switches just in case and it did not help. Any help would be greatly appreciated! The manual doesn't tell me much!

Hi
is there already a possibility to beautify the output from the playbooks ?
at the moment you have to use -v switch to get any output and that output is hard to read.
like this:
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
changed: [192.168.100.31] => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "msg": "{u'Status': u'Success', u'CLI Command executed': u'show network\n', u'IAP IP address': u'192.168.100.31', u'Command output': u'cli output: \n\nCOMMAND=show network\n\r\nNetworks\n--------\nProfile Name ESSID Clients Type Band Authentication Method Key Management IP Assignment Status Zone Coding Active Max IPv4 Users\n------------ ----- ------- ---- ---- --------------------- -------------- ------------- ------ ---- ------ ------ --------------\nSetMeUp SetMeUp-C0:AE:C3 0 employee 2.4 None none NAT Mode Enabled - Default Yes N/A', u'Status-code': 0}", "status_code": 200}

PLAY RECAP *******************************************************************************************************************************************************************************************************************************************************************
192.168.100.31 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

can i somehow "debug: var=output.stdout_lines" the output ?
Regards Markus

Where do i find all these? spent most of the day tooling around on the web and can't seem to find them. I pulled the json schema but i have no idea what configuation entities they're tied to.

Hello,

Following all the documentation from: https://github.com/aruba/aruba-switch-ansible
I tried to test the upgrade using the example provided and it is not working, it seems that all your examples are based on the way you guys have setup the inventory.
I would like to know how to upgrade the switches using the arubaos_switch_ssh_cli .
Below is an example of my playbook to use to upgrade a switch:

---
- name: Upgrade
  hosts: HP2530-24G-PoE,
  gather_facts: no
  connection: local
  tasks:
    - name: Upgrade Firmware via SSH CLI
      arubaos_switch_ssh_cli:
        ip: "{{ansible_host}}"
        user: "{{ansible_user}}" 
        password: "{{ansible_password}}"
        # path_to_swi, boot_image and enable_sftp have to be given at once otherwise the module will fail.
      include: aruba_task_lists/aos_switch/firmware_upgrade.yml
      vars:
        ip: "{{ansible_host}}"
        host_ip: "10.10.10.25"
        path_to_swi: "./files/YA_16_06_0006.swi"
        boot_image: "primary"
        enable_sftp: True # If True is given, the system will enable ssh filetransfer and disable tftp | If False is given the system has to have ssh filetransfer enable otherwise the module will stop
        state: "upgrade"

How can I accomplish this?
What I want to do is to upgrade the switch or switches via cli using ssh filetransfer, without having to spin up a website.

Hi there,
Is there a way using the module 'arubaoss_config_bkup' to backup the running config to an SFTP(or TFTP) server?

So far I have been able to get it to

1. Create a backup of the config locally on the switch
2. Restore/overwrite the running config from an SFTP server to the switch.

What I am hoping for is to copy the config from the switch to the SFTP server.
Is this possible using this module?

Thanks.

I tried running one of the example playbooks on a test switch within a virtual environment and got the error No module named utils.display:

(.venv) username@ansible-controller:~/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss$ ansible-playbo
ok system_attributes.yml -i switch_hosts.yml -vvv
ansible-playbook 2.8.6
  config file = None
  configured module search path = ['/home/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/username/projects/ansible/.venv/lib/python3.6/site-packages/ansible
  executable location = /home/username/projects/ansible/.venv/bin/ansible-playbook
  python version = 3.6.8 (default, Oct  7 2019, 12:59:55) [GCC 8.3.0]
No config file found; using defaults
host_list declined parsing /home/username/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss/swit
ch_hosts.yml as it did not pass it's verify_file() method
script declined parsing /home/username/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss/switch_
hosts.yml as it did not pass it's verify_file() method
Parsed /home/username/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss/switch_hosts.yml invento
ry source with yaml plugin

PLAYBOOK: system_attributes.yml ****************************************************************************************
1 plays in system_attributes.yml

PLAY [switch1] *********************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************
task path: /home/username/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss/system_attributes.ym
l:2
<10.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: username
<10.0.0.1> EXEC /bin/sh -c 'echo ~username && sleep 0'
<10.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/username/.ansible/tmp/ansible-tmp-1572033180.9657285-26
6938989598041 `" && echo ansible-tmp-1572033180.9657285-266938989598041="` echo /home/username/.ansible/tmp/ansible-tmp-
1572033180.9657285-266938989598041 `" ) && sleep 0'
<switch1> Attempting python interpreter discovery
<10.0.0.1> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'pyth
on3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '
"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v
 '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<10.0.0.1> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
Using module file /home/username/projects/ansible/.venv/lib/python3.6/site-packages/ansible/modules/system/setup.py
<10.0.0.1> PUT /home/username/.ansible/tmp/ansible-local-1623ktfzpuub/tmponb0ysx9 TO /home/username/.ansible/tmp/ansible
-tmp-1572033180.9657285-266938989598041/AnsiballZ_setup.py
<10.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/username/.ansible/tmp/ansible-tmp-1572033180.9657285-266938989598041/ /home/
username/.ansible/tmp/ansible-tmp-1572033180.9657285-266938989598041/AnsiballZ_setup.py && sleep 0'
<10.0.0.1> EXEC /bin/sh -c '/usr/bin/python /home/username/.ansible/tmp/ansible-tmp-1572033180.9657285-266938989598041/A
nsiballZ_setup.py && sleep 0'
<10.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/username/.ansible/tmp/ansible-tmp-1572033180.9657285-266938989598041/ > /dev/
null 2>&1 && sleep 0'
ok: [switch1]
META: ran handlers

TASK [Update Switch System Attributes] *********************************************************************************
task path: /home/username/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss/system_attributes.ym
l:4
<10.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: username
<10.0.0.1> EXEC /bin/sh -c 'echo ~username && sleep 0'
<10.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263
559006300412 `" && echo ansible-tmp-1572033184.863418-263559006300412="` echo /home/username/.ansible/tmp/ansible-tmp-15
72033184.863418-263559006300412 `" ) && sleep 0'
Using module file /home/username/projects/ansible/.venv/lib/python3.6/site-packages/ansible/modules/network/arubaoss/aru
baoss_system_attributes.py
<10.0.0.1> PUT /home/username/.ansible/tmp/ansible-local-1623ktfzpuub/tmpvcut0t14 TO /home/username/.ansible/tmp/ansible
-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.py
<10.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/ /home/a
401r833/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.py && sleep 0'
<10.0.0.1> EXEC /bin/sh -c '/usr/bin/python /home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/An
siballZ_arubaoss_system_attributes.py && sleep 0'
<10.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/ > /dev/n
ull 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.p
y", line 114, in <module>
    _ansiballz_main()
  File "/home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.p
y", line 106, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.p
y", line 49, in invoke_module
    imp.load_module('__main__', mod, module, MOD_DESC)
  File "/tmp/ansible_arubaoss_system_attributes_payload_9URi0r/__main__.py", line 87, in <module>
  File "/tmp/ansible_arubaoss_system_attributes_payload_9URi0r/ansible_arubaoss_system_attributes_payload.zip/ansible/mo
dule_utils/network/arubaoss/arubaoss.py", line 43, in <module>
ImportError: No module named utils.display

fatal: [switch1]: FAILED! => {
    "changed": false,
    "module_stderr": "Traceback (most recent call last):\n  File \"/home/username/.ansible/tmp/ansible-tmp-1572033184.86
3418-263559006300412/AnsiballZ_arubaoss_system_attributes.py\", line 114, in <module>\n    _ansiballz_main()\n  File \"/
home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.py\", line
 106, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/username/.ansible/t
mp/ansible-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.py\", line 49, in invoke_module\n
   imp.load_module('__main__', mod, module, MOD_DESC)\n  File \"/tmp/ansible_arubaoss_system_attributes_payload_9URi0r/_
_main__.py\", line 87, in <module>\n  File \"/tmp/ansible_arubaoss_system_attributes_payload_9URi0r/ansible_arubaoss_sys
tem_attributes_payload.zip/ansible/module_utils/network/arubaoss/arubaoss.py\", line 43, in <module>\nImportError: No mo
dule named utils.display\n",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}

PLAY RECAP *************************************************************************************************************
switch1                    : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Here is my ansible --version:

(.venv) username@ansible-controller:~/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss$ ansible --vers
ion
ansible 2.8.6
  config file = None
  configured module search path = ['/home/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/username/projects/ansible/.venv/lib/python3.6/site-packages/ansible
  executable location = /home/username/projects/ansible/.venv/bin/ansible
  python version = 3.6.8 (default, Oct  7 2019, 12:59:55) [GCC 8.3.0]

I would greatly appreciate any help in understanding this error.

how do we use Ansible to execute commands that will require a range of ports to be defined? especially across stacks with varying numbers. examples of config (colourless port config):

aaa authentication port-access eap-radius server-group "Mgmt_CPPM" aaa authentication mac-based chap-radius server-group "Mgmt_CPPM" aaa port-access gvrp-vlans aaa port-access authenticator 1/1-1/48,2/1-2/48 supplicant-timeout 10 aaa port-access authenticator 1/1-1/48,2/1-2/48 tx-period 10 aaa port-access authenticator 1/1-1/48,2/1-2/48 active aaa port-access 1/1-1/48,2/1-2/48 mixed

We're trying to automate config backups nightly for an aruba switch stack (currently one, we're planning to replace existing brocades with these and want a solution in place before we do so).

Model/OS Version:
Product: Aruba JL322
Name: Aruba 2930M-48G-PoE+ Switch
Date: Nov 1 2019 19:24:11
Build: 208
Version: WC.16.10.0002

We have the following in the hosts:

[aruba-sitecode]
HOSTNAME ansible_host=#.#.#.# ansible_network_os=aruba ansible_connection=local

[aruba-blr:vars]
ansible_user=serviceaccount
ansible_pass=password
ansible_command_timeout=80

And this playbook:

• hosts: aruba-sitecode
  gather_facts: false

  vars:
  date: "{{ lookup('pipe', 'date +%Y%m%d') }}"
  filename: "running_config_{{ inventory_hostname }}_{{date}}.txt"

  tasks:

  • name: show run
    arubaoss_config_bkup:
    config_type: CT_RUNNING_CONFIG
    server_type: ST_TFTP
    server_ip: #.#.#.#
    file_name: "{{filename}}"
    use_ssl: True
    user_name: "{{ ansible_user }}"
    password: "{{ ansible_pass }}"

We are able to authenticate against the api with curl/postman and get a cookie. When we attempt to run the playbook we get the following failure:

fatal: [HOSTNAME]: FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"body": "<TITLE>400 Bad Request</TITLE>

Bad Request

",
"changed": false,
"connection": "close",
"content-length": "89",
"content-type": "text/html",
"invocation": {
"module_args": {
"api_version": "v7.0",
"config_type": "CT_RUNNING_CONFIG",
"file_name": "running_config_BLR-ARUBASTACK-01_20200102.txt",
"forced_reboot": null,
"host": "#.#.#.#",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"provider": {
"api_version": null,
"host": "#.#.#.#",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"ssh_keyfile": null,
"timeout": 30,
"transport": "aossapi",
"use_proxy": false,
"use_ssl": true,
"username": "serviceaccount",
"validate_certs": false
},
"recovery_mode": null,
"server_ip": "TFTPSERVERIP",
"server_name": null,
"server_passwd": null,
"server_type": "ST_TFTP",
"sftp_port": 22,
"ssh_keyfile": null,
"state": "create",
"timeout": 30,
"use_ssl": true,
"user_name": "serviceaccount",
"username": "serviceaccount",
"validate_certs": false,
"wait_for_apply": true
}
},
"msg": "HTTP Error 400: Bad Request",
"server": "eHTTP v2.0",
"status": 400,
"url": "https://#.#.#.#:443/rest/v7.0/system/config/cfg_backup_files"
}

We have the following questions:

Is there something obviously wrong with the playbook or am I omitting a setting? The only things I've been able to find on the airheads community are either people complaining about a lack of depth for the api and ansible documentation, or alagoutte referring people to open issues here rather than there.

Do we need to specify an api version? If I specify nothing I receive:
None is not valid api version. using aossapi v6.0 instead
if I specify 6.0(or 6, or 7.0) I receive:
6.0 is not valid api version. using aossapi v6.0 instead
And the output has a v7.0 uri.

Are we able to specify an SSL port? We would like the web interface port configured 8443 but as far as I can tell there isn't a way to feed it a port.

Last, is there a better way to get a running config locally to our ansible system? Its much easier on our arista, brocade, and cisco devices as we can just run show run and drop the output to file. I was not able to get that working with aruba_command, is there a module in this pack I can try which allows ssh/cli interface rather than API?

We're not in the string and it spits out some text about missing a version

HPE's api documentation is fairly unthorough in this case. We have aaa authorization none set, we're not specifying a command

When the following ran on two different switches with the same firmware version, the module worked differently. On a 2930F, the code ran find, on a 2920, the module failed.

- name: configure timesync to be ntp
  arubaoss_ntp:
    command: "config_timesync"
    timesyncType: ntp

- name: Enable NTP in Unicast
  arubaoss_ntp:
    command: "config_ntp"
    config: create
    operate: "unicast"

- name: configure ntp server 10.1.1.1
  arubaoss_ntp:
    command: "config_ntp_ipv4addr"
    ntp_ip4addr: "10.1.1.1"
    mode: "iburst"

- name: configure ntp server 10.1.1.2
  arubaoss_ntp:
    command: "config_ntp_ipv4addr"
    ntp_ip4addr: "10.1.1.2"
    mode: "iburst"

2920 firmware
Image stamp: /ws/swbuildm/rel_ajanta_qaoff/code/build/anm(swbuildm_rel_ajanta_qaoff_rel_ajanta)
Jan 17 2020 05:52:16
WB.16.10.0003

rest debug from the switch:
0004:01:20:22.99 rest RestSrv-2:Method = GET, URI = /rest/v7.0/config/timesync
0004:01:20:22.99 rest mrest_ctrl:read len 206
0004:01:20:22.99 rest RestSrv-2:Redirection URL = /rest/v6/config/timesync
0004:01:20:22.99 rest RestSrv-2:Method = GET, URI = /rest/v6/config/timesync
0004:01:20:23.00 rest RestSrv-2:status = 404, reason = Not Found

If NTP is enabled for multicast, the module doesn't sees that ntp is configured and won't set unicast. ntp has to be disabled then enabled with unicast to configure unicast. This makes it impossible to verify unicast configuration on the switch.

I'm trying to create vlans on a 3810 switch that will be gateways for a building. The following will create the vlan and name it but that's all. We need a string of helper addresses for dhcp servers, clearpass nodes and netboot servers.

How do I set the address and helpers?

- name: Configure client vlan
  arubaoss_vlan:
    vlan_id: "{{ client_vlan }}"
    name: "VLAN{{ client_vlan_name }}"
    status: "VS_PORT_BASED"
    vlantype: "VT_STATIC"
    ip_address_mode: IAAM_STATIC
    vlan_ip_address: "{{ client_sw1_ip }}"
    vlan_ip_mask: "{{ client_mask }}"
    helper_addresses: "10.1.1.10, 10.1.1.11, 10.1.1.12, 10.1.1.110, 10.1.1.111, 10.1.1.112"
    config: "create"
    command: config_vlan

This result does not allow to use the data sent back in the HTTP repsonse body.

I suggest returning a 'json' attribut in the result, containing the requests response body. THis way, data retrieved from the reauest can be used in further tasks, as in this example:

   - name: Get Current Device List
      arubaclearpass_config:
        method: GET
        api_name: network-device-group/{{ mc_nad_group_id }}
      register: response

    - set_fact:
        nad_group_devices: "{{ response.json.value.split(' ,') }}"

module_documentation/arubaoss/arubaoss_snmp.md has an error per closed pull request (told to submit an issue instead of PR), I believe is was just a copy/paste error (stanza appeared multiple times).

refer to rejected pull request for details

If the switch have a user UT_OPERATOR configured, each API call need to be authenticated, even the '/rest/version'.
But the get_config() or run_commands() refers to get_version() which does not use sessionId cookies.

ASW2_ARU# sh ver

Image stamp:    /ws/swbuildm/rel_yakima_qaoff/code/build/lvm(swbuildm_rel_yakima_qaoff_rel_yakima)
                May  2 2019 19:24:38
                WC.16.08.0003
                692
Boot Image:     Primary

Boot ROM Version:    WC.17.02.0006
Active Boot ROM:     Primary

ASW2_ARU(config)# sh run struc | inc pass
password manager user-name "root" sha1 "XXXXX"

$ curl -X GET http://10.215.151.41:80/rest/version             
{"uri":"/version","collection_result":{"total_elements_count":5,"filtered_elements_count":5},"version_element":[{"version":"v3.0"},{"version":"v3.1"},{"version":"v4.0"},{"version":"v5.0"},{"version":"v6.0"}]}

ASW2_ARU(config)# password operator user-name "rezo" sha1 "YYYYY"
ASW2_ARU(config)# 
ASW2_ARU(config)# 
ASW2_ARU(config)# sh run struc | inc pass
password operator user-name "rezo" sha1 "YYYY"
password manager user-name "root" sha1 "XXXX"

$ curl -X GET http://10.215.151.41:80/rest/version
<HTML><TITLE>400 Bad Request</TITLE><H1>Bad Request</H1>Please login to access the resource.<P></HTML>

Would be nice to have dhcp-snooping parameters.
Thanks

Hi
you show in your code for IAP´s a example

• name: Change the hostname of a particular IAP
  arubainstant_config:
  session: {{ session_dict.msg }} #used when previous play's output is registered
  method: POST
  api_type: action
  api_name: hostname
  data: { "iap_ip_addr": "2.2.2.2", "hostname_info": {"hostname": "iap-floor1-building1"}}

I guess the session column means that i can use the session token for the REST API ?
But could you please explain a bit more how to use it?

just want to avoid to use user and password variable for every - name: etc.etc. in the playbooks
Maybe that it could looks like this ?

• name: Set NTP server IP
  hosts: localhost
  connection: local
  gather_facts: no
  vars_files:

  • variables.yml
    tasks:

  • name: NTP IP
    arubainstant_config:
    host: "{{ virtual_controller_ip }}"
    username: "{{ virtual_controller_username }}"
    password: "{{ virtual_controller_password }}"
    method: POST
    api_type: configuration
    api_name: ntp-server
    data: { "ntp-server" : { "action" :"create", "ntp_server_ip" : "1.1.1.3" }}

  • name: SYSLOG IP
    arubainstant_config:
    session: {{ session_dict.msg }} #used when previous play's output is registered
    host: "{{ virtual_controller_ip }}"
    method: POST
    api_type: configuration
    api_name: syslog-server
    data: { "syslog-server" : { "action" :"create", "syslog_server_ip" : "1.1.1.3" }}

or maybe other solutions to shorten a complete IAP Configuration playbook ?
Bye Mac

Hi
used the nap playbook example for IAP´s and get the following error
oot@ansible:~# ansible-playbook play2.yml -i /etc/ansible/hosts -vvv
ansible-playbook 2.9.7
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.13 (default, Sep 26 2018, 18:42:22) [GCC 6.3.0 20170516]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin

PLAYBOOK: play2.yml **********************************************************************************************************************************************************************************************************************************
1 plays in play2.yml
Read vars_file 'variables.yml'
Read vars_file 'variables.yml'
Read vars_file 'variables.yml'

PLAY [Set NTP server IP] *****************************************************************************************************************************************************************************************************************************
META: ran handlers
Read vars_file 'variables.yml'

TASK [NTP IP] ****************************************************************************************************************************************************************************************************************************************
task path: /root/play2.yml:8
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp"&& mkdir /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478 && echo ansible-tmp-1588684077.83-32289-26631341423478="echo /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478" ) && sleep 0'
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/network/aruba_instant/arubainstant_config.py
<127.0.0.1> PUT /root/.ansible/tmp/ansible-local-32271PUDkd0/tmp4y45CK TO /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478/AnsiballZ_arubainstant_config.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478/ /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478/AnsiballZ_arubainstant_config.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478/AnsiballZ_arubainstant_config.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
WARNING: The below traceback may not be related to the actual failure.
File "/tmp/ansible_arubainstant_config_payload_pvbtly/ansible_arubainstant_config_payload.zip/ansible/modules/network/aruba_instant/arubainstant_config.py", line 191, in mm_api_call
[WARNING]: Module did not set no_log for password
fatal: [localhost]: FAILED! => changed=false
api_call:
api_name: ntp-server
config_path: null
data:
ntp-server:
action: create
ntp_server_ip: 1.1.1.2
host: 192.168.100.31
method: POST
password: admin123
url: https://192.168.100.31:4343/rest/ntp-server?sid=wOzXZlC3dbFKfBi3dEMc
username: admin
invocation:
module_args:
api_name: ntp-server
api_type: configuration
data:
ntp-server:
action: create
ntp_server_ip: 1.1.1.2
host: 192.168.100.31
iap_ip_addr: null
method: POST
password: admin123
session: null
username: admin
msg: API Call failed! Exception during api call
reason: '''Status'''

PLAY RECAP *******************************************************************************************************************************************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

root@ansible:~# cat play2.yml

• name: Set NTP server IP
  hosts: localhost
  connection: local
  gather_facts: no
  vars_files:
  • variables.yml
    tasks:
  • name: NTP IP
    arubainstant_config:
    host: "{{ virtual_controller_ip }}"
    username: "{{ virtual_controller_username }}"
    password: "{{ virtual_controller_password }}"
    method: POST
    api_type: configuration
    api_name: ntp-server
    data: { "ntp-server" : { "action" :"create", "ntp_server_ip" : "1.1.1.2" }}
    root@ansible:~#

Is this a Issue with the Playbook or Ansible itself ?
Regards Mac

Hello again,

I'm starting to work more with your modules and I have questions on what's possible or not.
In Aruba v16.04, there are new functionnalities AnyCLI and Batch_CLI.
Those REST API functions are quite useful and I was wondering if it was possible to use them in your module.

FYI, the URI is http(s)://IP/rest/v3/cli
with a JSON

{ "cmd" : "<your_cmd>" }

For example, I would like do show version on my switchs.
So something like

- host: switch1
tasks: 
  - name: show version
    aruba_cli: 
      cmd: show version

So first, is it possible to use it? I have not seen it in the different files on the Git
If not, how to get info like this?

Thank you,

Louis

I would like an option to be able to backup my running config to a file, meaning.. I would like a file to be created on whatever location I'm running ansible.
Example:
user1@Computer:~/ansible$ pwd
/home/user1/ansible

If I run:
user1@Computer:~/ansible$ ansible-playbook aruba_backup_using_api.yaml

tasks:
- name: backup configuration files
arubaoss_config_bkup:
file_name: "{{ inventory_hostname}}"
config_type: CT_RUNNING_CONFIG

I would like the file to be created on /home/user1/ansible or any other location from where I run ansible-playbook.

option to remove interface description
option to have interface range (7,8 and 7-10 etc)

Thanks )

This parameter causes VLAN creation failures in platforms that do not support DHCPserver options on a VLAN. When set to True, this value fails to enable DHCP server on a VLAN. Raising this issue until module parameter fixed.

Hi,

I was referred to post here by an MVP on the airheads community board. I am trying to use the aruba_command module both in playbook and adhoc to pull information from a 2530-24g switch. Per aruba's support this model does not support the api so I'm forced to use the aruba_command module.

adhoc cmds with the respective change to connectiontype made in the hosts file. I've also tried raw, same result.

ansible SWITCHNAME -m aruba_command -a "commands='show running-config'" -c local -u SERVICEACCOUNT -k
ansible SWITCHNAME -m cli_command -a "commands='show running-config'" -c local -u SERVICEACCOUNT -k

I receive this output: https://i.postimg.cc/fRcNbWzp/Untitled.png, connection is successful but no information is returned. This has applied to multiple show commands.