aruba / aruba-ansible-modules Goto Github PK
View Code? Open in Web Editor NEWAruba Ansible Modules
License: Apache License 2.0
Aruba Ansible Modules
License: Apache License 2.0
can we do the following with Ansible:
?
Can we enable igmp snooping on a peer VLAN basis via API?
Steps fail on the on the 2920 or 2930F switches using the aruba_config module if save is set to always. The failure states that the command is "copy running-config startup-config". That is not a valid command on either of those switch models. The only command that I know of which will save the config on all models of switches both wired and wireless is "write memory".
The only workaround has been to run a later step using aruba_command to "wr mem".
Hello everyone,
Is there somehow a way to get facts from arubaoss switches? For instance, I'd like to know the switch model or the os version.
Many thanks!
Trying to get the following commands executed on my switch:
aaa port-access authenticator 1-10 supplicant-timeout 10
aaa port-access authenticator 1-10 tx-period 10
aaa port-access authenticator 1-10 active
aaa port-access 1-10 mixed
I got the following enabled:
Port-access authenticator activated [No] : Yes
Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : Yes
With the below task:
- name: port_dot1x_1
arubaoss_dot1x:
client_limit: "10"
tx_period: "10"
supplicant_timeout: "10"
is_authenticator_enabled: true
is_dot1x_enabled: true
allow_gvrp_vlans: true
command: dot1x_config
But when I try to push any config to a port level, I struggle to get the command to run as I always get the error: "{"message":"Port 20 is not configured with any Authentication."}" with the following task:
- name: port_dot1x_2
arubaoss_dot1x:
port_id: 20
allow_mixed_users: true
command: authenticator_port_config
I have tried different "commands" but with the same result. Am I using the wrong command/combination/something?
Once I get this to run successfully I will (try to) implement a loop statement to run through the port ranges
- name: Remove IP-Address VLAN 300
arubaoss_vlan:
vlan_id: 300
config: "delete"
command: config_vlan_ipaddress
vlan_ip_address: "192.168.0.1"
vlan_ip_mask: "255.255.255.0
according to the 3rd example
YA.16.09.0003
HP J9854A
deleting the entire vlan works. setting the ip address works.
Hi,
I run this command:
- name: NTP Server configuration
arubaoss_ntp:
command: "config_ntp_ipv4addr"
config: "create"
ntp_ip4addr: "10.150.17.10"
keyId: 2
burst: True
iburst: True
timesyncType: ntp
and the output is that switch:ok
but looking at the switch config and there is nothing there?
I might have just missed it but where do we create a ClearPass download role?
radius-server cppm.....
I modified show_command.yml example to list clients like:
- name: Sample playbook to execute a show command and get all the configuration of a node
hosts: localhost
connection: local
gather_facts: no
vars_files:
- variables.txt
tasks:
- name: Execute a show version command
arubaos_controller_config:
host: "{{ mm_ip }}"
username: "{{ mm_username }}"
password: "{{ mm_password }}"
method: "GET"
config_path: "{{ configuration_path }}"
api_name: showcommand
data: { "command": "show user name 001695161738" }
When I run:
ansible-playbook -i inventory.txt show_commands.yml -vvvv
I do not get list but the answer: "This operation can take a while depending on nubmer of users. Please be patient ..."
ok: [localhost] => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"invocation": {
"module_args": {
"api_name": "showcommand",
"config_path": "/mm/mynode",
"data": {
"command": "show user name 001584161627"
},
"host": "10.16.121.253",
"method": "GET",
"password": "Caval0!@",
"username": "admin"
}
},
"msg": [
"This operation can take a while depending on number of users. Please be patient ...."
],
"response": {
"_data": [
"This operation can take a while depending on number of users. Please be patient ...."
]
},
"status_code": 200
}
This doesnt want to run either: apparently an issue with the " -name" line of the config?
- name: 802.1X port-access config
arubaoss_aaa_dot1x:
is_dot1x_enabled: true
server_group: "CPPM_Mgmt_IF"
primary_authentication_method: DPAM_EAP_RADIUS
allow_gvrp_vlans: true
is_authenticator_enabled: True
allow_mixed_users: True
supplicant_timeout: 10
tx_period: 10
Hi
my playbook looks like this
root@ansible:~# ansible-playbook play1.yml -i /etc/ansible/hosts -vv
ansible-playbook 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.13 (default, Sep 26 2018, 18:42:22) [GCC 6.3.0 20170516]
Using /etc/ansible/ansible.cfg as config file
PLAYBOOK: play1.yml ********************************************************************************************************************************************************************************************************************************************************
1 plays in play1.yml
PLAY [Show existing network] ***********************************************************************************************************************************************************************************************************************************************
META: ran handlers
TASK [Show existing network as a show command through API] *****************************************************************************************************************************************************************************************************************
task path: /root/play1.yml:6
[WARNING]: Module did not set no_log for password
[WARNING]: Platform linux on host 192.168.100.31 is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
fatal: [192.168.100.31]: FAILED! => changed=false
ansible_facts:
discovered_interpreter_python: /usr/bin/python
api_call:
api_name: hostname
config_path: null
data:
hostname_info:
hostname: AP-31
iap_ip_addr: 192.168.100.31
host: 192.168.100.31
method: POST
password: admin123
url: https://192.168.100.31:4343/rest/hostname?sid=YJPfZXOw0yoOQxdtJit4
username: admin
msg: API Call failed! Exception during api call
reason: '''Status'''
PLAY RECAP *****************************************************************************************************************************************************************************************************************************************************************
192.168.100.31 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
root@ansible:~#
something wrong with the playbook ?
When the source or destination are specified in cidr notation or any, the module doesn't detect that a change has to be made. The acl will be added but the acl will be empty.
- name: Allow access rule
arubaoss_acl_policy:
acl_name: Test
source_ip_address: any
destination_ip_address: 192.168.1.0/24
protocol_type: PT_IP
acl_action: AA_PERMIT
acl_type: AT_EXTENDED_IPV4
The switch OS allows you to specify either in cidr notation or any.
How can the destination port be specified? I couldn't find documentation how to specify if the port was a gt, lt, eq, range etc.
The following doesn't work to allow dhcp:
- name: Extended acl allow dhcp
arubaoss_acl_policy:
acl_name: Phone
source_ip_address: 0.0.0.0
source_ip_mask: 255.255.255.255
destination_ip_address: 0.0.0.0
destination_ip_mask: 255.255.255.255
protocol_type: PT_UDP
destination_port: 67
acl_action: AA_PERMIT
acl_type: AT_EXTENDED_IPV4
It would be nice to be able to set the access token directly instead of having to enter client credentials. This way you don't have to pass the credentials around, you just ask an admin for a 3h token and you can have your fun.
It also would have the advantage of not generating a token for each call to the module.
A call could then look like this:
arubaclearpass_config:
host: "{{ publisher_ip }}"
token: "{{ api_token }}"
method: POST
api_name: network-device
data: {....}
arubaoss_vlan
not able to create vlan, gives error bellow. tried different options from examples, same result.
deleting vlan worked just fine!
arubaoss_system_attributes
worked fine for changing hostname
fatal: [switch1]: FAILED! => {
"body": "{"message":"Invalid parameters"}",
"changed": false,
"connection": "close",
"content-type": "application/json",
"invocation": {
"module_args": {
"acl_direction": null,
"acl_id": null,
"acl_type": "AT_STANDARD_IPV4",
"api_version": "v5.0",
"command": "config_vlan",
"config": "create",
"helper_addresses": "",
"host": "switch",
"ip_address_mode": "IAAM_STATIC",
"is_dhcp_server_enabled": false,
"is_dsnoop_enabled": false,
"is_jumbo_enabled": false,
"is_management_vlan": false,
"is_voice_enabled": false,
"name": "vlan300",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 80,
"port_id": "",
"port_mode": "POM_UNTAGGED",
"provider": {
"api_version": null,
"host": "switch",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 80,
"ssh_keyfile": null,
"timeout": 10,
"transport": "aossapi",
"use_proxy": false,
"use_ssl": false,
"username": "Admin",
"validate_certs": false
},
"qos_policy": null,
"ssh_keyfile": null,
"status": "VS_PORT_BASED",
"timeout": 10,
"use_ssl": false,
"username": "Admin",
"validate_certs": false,
"version": "IAV_IP_V4",
"vlan_id": 300,
"vlan_ip_address": "",
"vlan_ip_mask": "",
"vlantype": "VT_STATIC"
}
},
"msg": "HTTP Error 400: Bad Request",
"requestid": "",
"server": "eHTTP v2.0",
"status": 400,
"transfer-encoding": "chunked",
"url": "http://switch:80/rest/v5.0/vlans"
}
Hello,
As the subject says, I would like to be able to remove the "sntp server priority 1 X.X.X.X" from my config, either using cli or API, but I don't know how to do it with the module.
I am trying to assign a QoS priority to the VLAN. However, after running the playbook, the QoS is not present.
Here's the relevant section from the playbook:
- name: Create Mgmt VLAN 10 arubaoss_vlan: vlan_id: 10 name: "Mgmt VLAN" config: "create" command: config_vlan qos_policy: "7"
On the CLI, I would typically just type: "qos priority 7" while configuring the specific VLAN.
Hello,
for some time there's a possibility to distribute additional modules and plugins to ansible via colections.
Are there any plans to do it for ansible modules?
I am trying to set a DHCP address on a vlan but cant figure out how to do so.
I tried:
- name: Set vlan 300 ipv4 address to DHCP
arubaoss_vlan:
command: config_vlan_ipaddress
vlan_id: 300
version: "IAV_IP_V4"
ip_address_mode: "IAAM_DHCP"
I get the message:
fatal: [xxxxx]: FAILED! => {"changed": false, "msg": "IP Address or version cannot be null"}
Hi,
Anyway to run 16.05 and 16.06? I'm sure it was possible to run on lower then 16.08 versions.
If not , would be wise mentioning that on the main page 😇
Thanks
Hello!
I'm trying to remove a Port (No. 6), which is assigned to another VLAN (ID: 10), from the DEFAULT_VLAN (ID: 1).
In the CLI it works with the following two commands:
vlan 1 untagged 6
no vlan 1 untagged 6
I tried this playbook:
---
- hosts: switch1
tasks:
- name: Set Port 6 untagged 6 on VLAN 1
arubaoss_vlan:
command: config_vlan_port
config: create
vlan_id: 1
port_id: 6
port_mode: POM_UNTAGGED
- name: Delete untagged 6 on VLAN 1
arubaoss_vlan:
command: config_vlan_port
config: delete
vlan_id: 1
port_id: 6
port_mode: POM_UNTAGGED
This is my current running config:
Running configuration:
; JL323A Configuration Editor; Created on release #WC.16.09.0004
; Ver #14:27.6f.f8.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:04
hostname "ArubaSwitch"
module 1 type jl323a
aruba-central disable
max-vlans 2048
time timezone 180
web-management ssl
ip ssh filetransfer
ip routing
interface 11
name "UPLINK_INTERFACE"
exit
snmp-server community "public" unrestricted
oobm
ip address dhcp-bootp
ipv6 enable
ipv6 address dhcp full
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 3
untagged 2
tagged 1,4-48
ip address 172.16.0.101 255.255.255.0
exit
vlan 10
name "TEST"
tagged 3,6
no ip address
exit
no tftp client
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
If I run the playbook the first command works.
The second command gives me: "Port association with default vlan cannot be removed"
How do I achieve this with the Ansible or the REST-API?
I think there is a command missing in the Playbook or even the REST-API...
Any help appreciated!
Regards
Sven
sabj is missing or i'm blind :)
Thanks
aruba@ansible1:~/aruba-ansible-modules/aruba_module_installer$ ls
aruba_module_installer.py library
aruba@ansible1:~/aruba-ansible-modules/aruba_module_installer$ sudo python aruba _module_installer.py
There was an issue finding your ansible version.
Please run 'ansible --version' from bash, resolve any errors, and verify version is release version 2.5 or later.
aruba@ansible1:~/aruba-ansible-modules/aruba_module_installer$ sudo ansible --ve rsion
ansible 2.8.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/usr/share/my_modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.16 (default, Apr 6 2019, 01:42:57) [GCC 8.3.0]
aruba@ansible1:~/aruba-ansible-modules/aruba_module_installer/library/plugins$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 19.04
Release: 19.04
Codename: disco
aruba@ansible1:~/aruba-ansible-modules/aruba_module_installer/library/plugins$
I'm used to assigning ports on cisco switches. I am new to the HP's switches and commands.
I've gone through the reference guide and googled how to assign ports to certain VLANS and I'm not sure if i'm doing it right.
I'm using these commands:
int vlan 2
tagged 6-24
If anyone has any input or constructive criticism, I'm more than happy to accept! Thanks!
Due to connection plugin changes with the new Ansible 2.8 update, the AOS-CX modules do not function, we are currently investigating this and will update once resolved. To use AOS-CX modules use Ansible version 2.7.
Hi
Could you please provide more examples for Instant Access AP Configuration ?
(wish there was a "question" section instead of "issues" but in any event)
:-)
Is there a way to have the file_name the hostname of the switch? i.e. add a variable in the file_name field.
- name: backup configuration files
arubaoss_config_bkup:
file_name: test1
server_type: ST_TFTP
server_ip: 192.168.1.2
- name: backup configuration files
arubaoss_config_bkup:
file_name: test1
config_type: CT_RUNNING_CONFIG
Hello,
I'm trying your module on my 2930F but the connection get refused because it only tries in HTTP.
On my 2930F, HTTP is disabled and I can't figured out how to force your module to go through HTTPS.
THIRD(config)# show rest-interface
REST Interface - Server Configuration
REST Interface : Enabled
REST Operational Status : Up
REST Session Idle Timeout : 7200 seconds
HTTP Access : Disabled
HTTPS Access : Enabled
SSL Port : 443
My switch_host.yml is like in the example given and the playbook is the creation of one VLAN, so quite basic.
The error :
TASK [Create VLAN 300] *********************************************************
fatal: [switch1]: FAILED! => {"changed": false, "msg": "Request failed: ", "status": -1, "url": "http://172.17.104.13:80/rest/version"}
The address should not use HTTP and port 80 but rather HTTPS and port 443.
Where and what should I add to force using SSL ?
Hey crew
This still doesnt work -- comes up with an error "mising username in cppm_details"
(2930F running 10.09)
- name: Configure Radius Profile CPPM details for User Roles
arubaoss_radius_profile:
command: config_radius_profile
cppm_details: {'username':'superman','password': 'upupandaway'}
Should be 'resp.msg' as in POST case
Hi all,
I recently configured two Aruba 2930M switches and am trying to deploy them. I am having trouble connecting both switches together. I was under the impression that it was plug and play. Below is a picture of the setup:
As you can see, I have a fiber-optic cable on the right side connecting the two switches. The orange lights are currently blinking, which I assume means that they aren't properly connected or there is something on each switch I need to configure.
I have tried manipulating the connection and restarted both switches just in case and it did not help. Any help would be greatly appreciated! The manual doesn't tell me much!
Hi
is there already a possibility to beautify the output from the playbooks ?
at the moment you have to use -v switch to get any output and that output is hard to read.
like this:
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
changed: [192.168.100.31] => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "msg": "{u'Status': u'Success', u'CLI Command executed': u'show network\n', u'IAP IP address': u'192.168.100.31', u'Command output': u'cli output: \n\nCOMMAND=show network\n\r\nNetworks\n--------\nProfile Name ESSID Clients Type Band Authentication Method Key Management IP Assignment Status Zone Coding Active Max IPv4 Users\n------------ ----- ------- ---- ---- --------------------- -------------- ------------- ------ ---- ------ ------ --------------\nSetMeUp SetMeUp-C0:AE:C3 0 employee 2.4 None none NAT Mode Enabled - Default Yes N/A', u'Status-code': 0}", "status_code": 200}
PLAY RECAP *******************************************************************************************************************************************************************************************************************************************************************
192.168.100.31 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
can i somehow "debug: var=output.stdout_lines" the output ?
Regards Markus
Hello,
Following all the documentation from: https://github.com/aruba/aruba-switch-ansible
I tried to test the upgrade using the example provided and it is not working, it seems that all your examples are based on the way you guys have setup the inventory.
I would like to know how to upgrade the switches using the arubaos_switch_ssh_cli .
Below is an example of my playbook to use to upgrade a switch:
---
- name: Upgrade
hosts: HP2530-24G-PoE,
gather_facts: no
connection: local
tasks:
- name: Upgrade Firmware via SSH CLI
arubaos_switch_ssh_cli:
ip: "{{ansible_host}}"
user: "{{ansible_user}}"
password: "{{ansible_password}}"
# path_to_swi, boot_image and enable_sftp have to be given at once otherwise the module will fail.
include: aruba_task_lists/aos_switch/firmware_upgrade.yml
vars:
ip: "{{ansible_host}}"
host_ip: "10.10.10.25"
path_to_swi: "./files/YA_16_06_0006.swi"
boot_image: "primary"
enable_sftp: True # If True is given, the system will enable ssh filetransfer and disable tftp | If False is given the system has to have ssh filetransfer enable otherwise the module will stop
state: "upgrade"
How can I accomplish this?
What I want to do is to upgrade the switch or switches via cli using ssh filetransfer, without having to spin up a website.
Hi there,
Is there a way using the module 'arubaoss_config_bkup' to backup the running config to an SFTP(or TFTP) server?
So far I have been able to get it to
What I am hoping for is to copy the config from the switch to the SFTP server.
Is this possible using this module?
Thanks.
I tried running one of the example playbooks on a test switch within a virtual environment and got the error No module named utils.display
:
(.venv) username@ansible-controller:~/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss$ ansible-playbo
ok system_attributes.yml -i switch_hosts.yml -vvv
ansible-playbook 2.8.6
config file = None
configured module search path = ['/home/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/username/projects/ansible/.venv/lib/python3.6/site-packages/ansible
executable location = /home/username/projects/ansible/.venv/bin/ansible-playbook
python version = 3.6.8 (default, Oct 7 2019, 12:59:55) [GCC 8.3.0]
No config file found; using defaults
host_list declined parsing /home/username/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss/swit
ch_hosts.yml as it did not pass it's verify_file() method
script declined parsing /home/username/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss/switch_
hosts.yml as it did not pass it's verify_file() method
Parsed /home/username/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss/switch_hosts.yml invento
ry source with yaml plugin
PLAYBOOK: system_attributes.yml ****************************************************************************************
1 plays in system_attributes.yml
PLAY [switch1] *********************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
task path: /home/username/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss/system_attributes.ym
l:2
<10.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: username
<10.0.0.1> EXEC /bin/sh -c 'echo ~username && sleep 0'
<10.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/username/.ansible/tmp/ansible-tmp-1572033180.9657285-26
6938989598041 `" && echo ansible-tmp-1572033180.9657285-266938989598041="` echo /home/username/.ansible/tmp/ansible-tmp-
1572033180.9657285-266938989598041 `" ) && sleep 0'
<switch1> Attempting python interpreter discovery
<10.0.0.1> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'pyth
on3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '
"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v
'"'"'python'"'"'; echo ENDFOUND && sleep 0'
<10.0.0.1> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
Using module file /home/username/projects/ansible/.venv/lib/python3.6/site-packages/ansible/modules/system/setup.py
<10.0.0.1> PUT /home/username/.ansible/tmp/ansible-local-1623ktfzpuub/tmponb0ysx9 TO /home/username/.ansible/tmp/ansible
-tmp-1572033180.9657285-266938989598041/AnsiballZ_setup.py
<10.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/username/.ansible/tmp/ansible-tmp-1572033180.9657285-266938989598041/ /home/
username/.ansible/tmp/ansible-tmp-1572033180.9657285-266938989598041/AnsiballZ_setup.py && sleep 0'
<10.0.0.1> EXEC /bin/sh -c '/usr/bin/python /home/username/.ansible/tmp/ansible-tmp-1572033180.9657285-266938989598041/A
nsiballZ_setup.py && sleep 0'
<10.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/username/.ansible/tmp/ansible-tmp-1572033180.9657285-266938989598041/ > /dev/
null 2>&1 && sleep 0'
ok: [switch1]
META: ran handlers
TASK [Update Switch System Attributes] *********************************************************************************
task path: /home/username/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss/system_attributes.ym
l:4
<10.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: username
<10.0.0.1> EXEC /bin/sh -c 'echo ~username && sleep 0'
<10.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263
559006300412 `" && echo ansible-tmp-1572033184.863418-263559006300412="` echo /home/username/.ansible/tmp/ansible-tmp-15
72033184.863418-263559006300412 `" ) && sleep 0'
Using module file /home/username/projects/ansible/.venv/lib/python3.6/site-packages/ansible/modules/network/arubaoss/aru
baoss_system_attributes.py
<10.0.0.1> PUT /home/username/.ansible/tmp/ansible-local-1623ktfzpuub/tmpvcut0t14 TO /home/username/.ansible/tmp/ansible
-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.py
<10.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/ /home/a
401r833/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.py && sleep 0'
<10.0.0.1> EXEC /bin/sh -c '/usr/bin/python /home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/An
siballZ_arubaoss_system_attributes.py && sleep 0'
<10.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/ > /dev/n
ull 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.p
y", line 114, in <module>
_ansiballz_main()
File "/home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.p
y", line 106, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.p
y", line 49, in invoke_module
imp.load_module('__main__', mod, module, MOD_DESC)
File "/tmp/ansible_arubaoss_system_attributes_payload_9URi0r/__main__.py", line 87, in <module>
File "/tmp/ansible_arubaoss_system_attributes_payload_9URi0r/ansible_arubaoss_system_attributes_payload.zip/ansible/mo
dule_utils/network/arubaoss/arubaoss.py", line 43, in <module>
ImportError: No module named utils.display
fatal: [switch1]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File \"/home/username/.ansible/tmp/ansible-tmp-1572033184.86
3418-263559006300412/AnsiballZ_arubaoss_system_attributes.py\", line 114, in <module>\n _ansiballz_main()\n File \"/
home/username/.ansible/tmp/ansible-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.py\", line
106, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/username/.ansible/t
mp/ansible-tmp-1572033184.863418-263559006300412/AnsiballZ_arubaoss_system_attributes.py\", line 49, in invoke_module\n
imp.load_module('__main__', mod, module, MOD_DESC)\n File \"/tmp/ansible_arubaoss_system_attributes_payload_9URi0r/_
_main__.py\", line 87, in <module>\n File \"/tmp/ansible_arubaoss_system_attributes_payload_9URi0r/ansible_arubaoss_sys
tem_attributes_payload.zip/ansible/module_utils/network/arubaoss/arubaoss.py\", line 43, in <module>\nImportError: No mo
dule named utils.display\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
PLAY RECAP *************************************************************************************************************
switch1 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Here is my ansible --version
:
(.venv) username@ansible-controller:~/projects/ansible/archive/aruba-ansible-modules/example_playbooks/arubaoss$ ansible --vers
ion
ansible 2.8.6
config file = None
configured module search path = ['/home/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/username/projects/ansible/.venv/lib/python3.6/site-packages/ansible
executable location = /home/username/projects/ansible/.venv/bin/ansible
python version = 3.6.8 (default, Oct 7 2019, 12:59:55) [GCC 8.3.0]
I would greatly appreciate any help in understanding this error.
how do we use Ansible to execute commands that will require a range of ports to be defined? especially across stacks with varying numbers. examples of config (colourless port config):
aaa authentication port-access eap-radius server-group "Mgmt_CPPM" aaa authentication mac-based chap-radius server-group "Mgmt_CPPM" aaa port-access gvrp-vlans aaa port-access authenticator 1/1-1/48,2/1-2/48 supplicant-timeout 10 aaa port-access authenticator 1/1-1/48,2/1-2/48 tx-period 10 aaa port-access authenticator 1/1-1/48,2/1-2/48 active aaa port-access 1/1-1/48,2/1-2/48 mixed
We're trying to automate config backups nightly for an aruba switch stack (currently one, we're planning to replace existing brocades with these and want a solution in place before we do so).
Model/OS Version:
Product: Aruba JL322
Name: Aruba 2930M-48G-PoE+ Switch
Date: Nov 1 2019 19:24:11
Build: 208
Version: WC.16.10.0002
We have the following in the hosts:
[aruba-sitecode]
HOSTNAME ansible_host=#.#.#.# ansible_network_os=aruba ansible_connection=local
[aruba-blr:vars]
ansible_user=serviceaccount
ansible_pass=password
ansible_command_timeout=80
hosts: aruba-sitecode
gather_facts: false
vars:
date: "{{ lookup('pipe', 'date +%Y%m%d') }}"
filename: "running_config_{{ inventory_hostname }}_{{date}}.txt"
tasks:
We are able to authenticate against the api with curl/postman and get a cookie. When we attempt to run the playbook we get the following failure:
fatal: [HOSTNAME]: FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"body": "<TITLE>400 Bad Request</TITLE>
",
"changed": false,
"connection": "close",
"content-length": "89",
"content-type": "text/html",
"invocation": {
"module_args": {
"api_version": "v7.0",
"config_type": "CT_RUNNING_CONFIG",
"file_name": "running_config_BLR-ARUBASTACK-01_20200102.txt",
"forced_reboot": null,
"host": "#.#.#.#",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"provider": {
"api_version": null,
"host": "#.#.#.#",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"ssh_keyfile": null,
"timeout": 30,
"transport": "aossapi",
"use_proxy": false,
"use_ssl": true,
"username": "serviceaccount",
"validate_certs": false
},
"recovery_mode": null,
"server_ip": "TFTPSERVERIP",
"server_name": null,
"server_passwd": null,
"server_type": "ST_TFTP",
"sftp_port": 22,
"ssh_keyfile": null,
"state": "create",
"timeout": 30,
"use_ssl": true,
"user_name": "serviceaccount",
"username": "serviceaccount",
"validate_certs": false,
"wait_for_apply": true
}
},
"msg": "HTTP Error 400: Bad Request",
"server": "eHTTP v2.0",
"status": 400,
"url": "https://#.#.#.#:443/rest/v7.0/system/config/cfg_backup_files"
}
We have the following questions:
Is there something obviously wrong with the playbook or am I omitting a setting? The only things I've been able to find on the airheads community are either people complaining about a lack of depth for the api and ansible documentation, or alagoutte referring people to open issues here rather than there.
Do we need to specify an api version? If I specify nothing I receive:
None is not valid api version. using aossapi v6.0 instead
if I specify 6.0(or 6, or 7.0) I receive:
6.0 is not valid api version. using aossapi v6.0 instead
And the output has a v7.0 uri.
Are we able to specify an SSL port? We would like the web interface port configured 8443 but as far as I can tell there isn't a way to feed it a port.
Last, is there a better way to get a running config locally to our ansible system? Its much easier on our arista, brocade, and cisco devices as we can just run show run and drop the output to file. I was not able to get that working with aruba_command, is there a module in this pack I can try which allows ssh/cli interface rather than API?
We're not in the string and it spits out some text about missing a version
HPE's api documentation is fairly unthorough in this case. We have aaa authorization none set, we're not specifying a command
When the following ran on two different switches with the same firmware version, the module worked differently. On a 2930F, the code ran find, on a 2920, the module failed.
- name: configure timesync to be ntp
arubaoss_ntp:
command: "config_timesync"
timesyncType: ntp
- name: Enable NTP in Unicast
arubaoss_ntp:
command: "config_ntp"
config: create
operate: "unicast"
- name: configure ntp server 10.1.1.1
arubaoss_ntp:
command: "config_ntp_ipv4addr"
ntp_ip4addr: "10.1.1.1"
mode: "iburst"
- name: configure ntp server 10.1.1.2
arubaoss_ntp:
command: "config_ntp_ipv4addr"
ntp_ip4addr: "10.1.1.2"
mode: "iburst"
2920 firmware
Image stamp: /ws/swbuildm/rel_ajanta_qaoff/code/build/anm(swbuildm_rel_ajanta_qaoff_rel_ajanta)
Jan 17 2020 05:52:16
WB.16.10.0003
rest debug from the switch:
0004:01:20:22.99 rest RestSrv-2:Method = GET, URI = /rest/v7.0/config/timesync
0004:01:20:22.99 rest mrest_ctrl:read len 206
0004:01:20:22.99 rest RestSrv-2:Redirection URL = /rest/v6/config/timesync
0004:01:20:22.99 rest RestSrv-2:Method = GET, URI = /rest/v6/config/timesync
0004:01:20:23.00 rest RestSrv-2:status = 404, reason = Not Found
If NTP is enabled for multicast, the module doesn't sees that ntp is configured and won't set unicast. ntp has to be disabled then enabled with unicast to configure unicast. This makes it impossible to verify unicast configuration on the switch.
I'm trying to create vlans on a 3810 switch that will be gateways for a building. The following will create the vlan and name it but that's all. We need a string of helper addresses for dhcp servers, clearpass nodes and netboot servers.
How do I set the address and helpers?
- name: Configure client vlan
arubaoss_vlan:
vlan_id: "{{ client_vlan }}"
name: "VLAN{{ client_vlan_name }}"
status: "VS_PORT_BASED"
vlantype: "VT_STATIC"
ip_address_mode: IAAM_STATIC
vlan_ip_address: "{{ client_sw1_ip }}"
vlan_ip_mask: "{{ client_mask }}"
helper_addresses: "10.1.1.10, 10.1.1.11, 10.1.1.12, 10.1.1.110, 10.1.1.111, 10.1.1.112"
config: "create"
command: config_vlan
This result does not allow to use the data sent back in the HTTP repsonse body.
I suggest returning a 'json' attribut in the result, containing the requests response body. THis way, data retrieved from the reauest can be used in further tasks, as in this example:
- name: Get Current Device List
arubaclearpass_config:
method: GET
api_name: network-device-group/{{ mc_nad_group_id }}
register: response
- set_fact:
nad_group_devices: "{{ response.json.value.split(' ,') }}"
module_documentation/arubaoss/arubaoss_snmp.md has an error per closed pull request (told to submit an issue instead of PR), I believe is was just a copy/paste error (stanza appeared multiple times).
refer to rejected pull request for details
If the switch have a user UT_OPERATOR configured, each API call need to be authenticated, even the '/rest/version'.
But the get_config()
or run_commands()
refers to get_version()
which does not use sessionId
cookies.
ASW2_ARU# sh ver
Image stamp: /ws/swbuildm/rel_yakima_qaoff/code/build/lvm(swbuildm_rel_yakima_qaoff_rel_yakima)
May 2 2019 19:24:38
WC.16.08.0003
692
Boot Image: Primary
Boot ROM Version: WC.17.02.0006
Active Boot ROM: Primary
ASW2_ARU(config)# sh run struc | inc pass
password manager user-name "root" sha1 "XXXXX"
$ curl -X GET http://10.215.151.41:80/rest/version
{"uri":"/version","collection_result":{"total_elements_count":5,"filtered_elements_count":5},"version_element":[{"version":"v3.0"},{"version":"v3.1"},{"version":"v4.0"},{"version":"v5.0"},{"version":"v6.0"}]}
ASW2_ARU(config)# password operator user-name "rezo" sha1 "YYYYY"
ASW2_ARU(config)#
ASW2_ARU(config)#
ASW2_ARU(config)# sh run struc | inc pass
password operator user-name "rezo" sha1 "YYYY"
password manager user-name "root" sha1 "XXXX"
$ curl -X GET http://10.215.151.41:80/rest/version
<HTML><TITLE>400 Bad Request</TITLE><H1>Bad Request</H1>Please login to access the resource.<P></HTML>
Would be nice to have dhcp-snooping parameters.
Thanks
Hi
you show in your code for IAP´s a example
I guess the session column means that i can use the session token for the REST API ?
But could you please explain a bit more how to use it?
just want to avoid to use user and password variable for every - name: etc.etc. in the playbooks
Maybe that it could looks like this ?
variables.yml
tasks:
name: NTP IP
arubainstant_config:
host: "{{ virtual_controller_ip }}"
username: "{{ virtual_controller_username }}"
password: "{{ virtual_controller_password }}"
method: POST
api_type: configuration
api_name: ntp-server
data: { "ntp-server" : { "action" :"create", "ntp_server_ip" : "1.1.1.3" }}
name: SYSLOG IP
arubainstant_config:
session: {{ session_dict.msg }} #used when previous play's output is registered
host: "{{ virtual_controller_ip }}"
method: POST
api_type: configuration
api_name: syslog-server
data: { "syslog-server" : { "action" :"create", "syslog_server_ip" : "1.1.1.3" }}
or maybe other solutions to shorten a complete IAP Configuration playbook ?
Bye Mac
Hi
used the nap playbook example for IAP´s and get the following error
oot@ansible:~# ansible-playbook play2.yml -i /etc/ansible/hosts -vvv
ansible-playbook 2.9.7
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.13 (default, Sep 26 2018, 18:42:22) [GCC 6.3.0 20170516]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
PLAYBOOK: play2.yml **********************************************************************************************************************************************************************************************************************************
1 plays in play2.yml
Read vars_file 'variables.yml'
Read vars_file 'variables.yml'
Read vars_file 'variables.yml'
PLAY [Set NTP server IP] *****************************************************************************************************************************************************************************************************************************
META: ran handlers
Read vars_file 'variables.yml'
TASK [NTP IP] ****************************************************************************************************************************************************************************************************************************************
task path: /root/play2.yml:8
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp
"&& mkdir /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478 && echo ansible-tmp-1588684077.83-32289-26631341423478="echo /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478
" ) && sleep 0'
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/network/aruba_instant/arubainstant_config.py
<127.0.0.1> PUT /root/.ansible/tmp/ansible-local-32271PUDkd0/tmp4y45CK TO /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478/AnsiballZ_arubainstant_config.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478/ /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478/AnsiballZ_arubainstant_config.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478/AnsiballZ_arubainstant_config.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1588684077.83-32289-26631341423478/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
WARNING: The below traceback may not be related to the actual failure.
File "/tmp/ansible_arubainstant_config_payload_pvbtly/ansible_arubainstant_config_payload.zip/ansible/modules/network/aruba_instant/arubainstant_config.py", line 191, in mm_api_call
[WARNING]: Module did not set no_log for password
fatal: [localhost]: FAILED! => changed=false
api_call:
api_name: ntp-server
config_path: null
data:
ntp-server:
action: create
ntp_server_ip: 1.1.1.2
host: 192.168.100.31
method: POST
password: admin123
url: https://192.168.100.31:4343/rest/ntp-server?sid=wOzXZlC3dbFKfBi3dEMc
username: admin
invocation:
module_args:
api_name: ntp-server
api_type: configuration
data:
ntp-server:
action: create
ntp_server_ip: 1.1.1.2
host: 192.168.100.31
iap_ip_addr: null
method: POST
password: admin123
session: null
username: admin
msg: API Call failed! Exception during api call
reason: '''Status'''
PLAY RECAP *******************************************************************************************************************************************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
root@ansible:~# cat play2.yml
Is this a Issue with the Playbook or Ansible itself ?
Regards Mac
Hello again,
I'm starting to work more with your modules and I have questions on what's possible or not.
In Aruba v16.04, there are new functionnalities AnyCLI and Batch_CLI.
Those REST API functions are quite useful and I was wondering if it was possible to use them in your module.
FYI, the URI is http(s)://IP/rest/v3/cli
with a JSON
{ "cmd" : "<your_cmd>" }
For example, I would like do show version
on my switchs.
So something like
- host: switch1
tasks:
- name: show version
aruba_cli:
cmd: show version
So first, is it possible to use it? I have not seen it in the different files on the Git
If not, how to get info like this?
Thank you,
Louis
I would like an option to be able to backup my running config to a file, meaning.. I would like a file to be created on whatever location I'm running ansible.
Example:
user1@Computer:~/ansible$ pwd
/home/user1/ansible
If I run:
user1@Computer:~/ansible$ ansible-playbook aruba_backup_using_api.yaml
tasks:
- name: backup configuration files
arubaoss_config_bkup:
file_name: "{{ inventory_hostname}}"
config_type: CT_RUNNING_CONFIG
I would like the file to be created on /home/user1/ansible
or any other location from where I run ansible-playbook.
option to remove interface description
option to have interface range (7,8 and 7-10 etc)
Thanks )
This parameter causes VLAN creation failures in platforms that do not support DHCPserver options on a VLAN. When set to True, this value fails to enable DHCP server on a VLAN. Raising this issue until module parameter fixed.
Hi,
I was referred to post here by an MVP on the airheads community board. I am trying to use the aruba_command module both in playbook and adhoc to pull information from a 2530-24g switch. Per aruba's support this model does not support the api so I'm forced to use the aruba_command module.
adhoc cmds with the respective change to connectiontype made in the hosts file. I've also tried raw, same result.
ansible SWITCHNAME -m aruba_command -a "commands='show running-config'" -c local -u SERVICEACCOUNT -k
ansible SWITCHNAME -m cli_command -a "commands='show running-config'" -c local -u SERVICEACCOUNT -k
I receive this output: https://i.postimg.cc/fRcNbWzp/Untitled.png, connection is successful but no information is returned. This has applied to multiple show commands.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.