Command of the Day

Reply
Guru Elite
Posts: 21,021
Registered: ‎03-29-2007

COTD: Automating Aruba Controller Tasks with Kiwi CatTools

Have you ever wanted to automate tasks on the Aruba Controller, but couldn't configure your SSH client correctly to login to the controller and type all the commands? If so, the very Free Kiwi CatTools is for you (http://www.solarwinds.com/products/kiwi_cattools/)

Kiwi Cattools allows you to write sets of commands for devices and run them either one time or periodically. The free version allows you to manage up to 20 Aruba Controllers in this manner.

A very popular use is to backup the contents of an Aruba Controller periodically. A script to copy the running config, backup the flash, export the user database and copy the logs.tar would look like this:


copy running-config tftp: 10.69.69.3 %DateISO%-%DeviceName%-running-config.cfg
backup flash
copy flash: flashbackup.tar.gz tftp: 10.69.69.3 %DateISO%-%DeviceName%-flashbackup.tar.gz
local-userdb export local-userdb-export
copy flash: local-userdb-export tftp: 10.69.69.3 %DateISO%-%DeviceName%-local-userdb.bin
tar logs tech-support
copy flash: logs.tar tftp: 10.69.69.3 %DateISO%-%DeviceName%-logs.tar


In this scripting language %DateISO% is the current date. %DeviceName% is the name of the Device in Kiwi. This simple script, can be run against all your Aruba Controllers nightly and it will copy all your important information AND name it with the date, as well as the name of the device. it is also a time saver in that it can do things like upgrade multiple controllers at the same time by running the copy tftp command and then rebooting, or even generating that daily guest access user and emailing the command output so that everyone can see the username and password of the day.

It would be interesting in this thread to hear about what other people are using it for.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 23
Registered: ‎01-23-2009

RANCID, too

I'm not sure how many RANCID users are out there, but in following the rancid-users listserv I know some have attempted to monitor changes with that tool.

Are there any RANCID users who have a working, Aruba-enhanced module? If not, perhaps someone from Aruba's team would be willing to spend a day or two on that?

I got one working for our Motorola CMTS in just a few hours.

Frank
MVP
Posts: 500
Registered: ‎04-03-2007

Yes, Rancid please

I second the desire for a Rancid + Aruba integration. Please reply if you have a working solution.
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Moderator
Posts: 245
Registered: ‎09-12-2007

Re: COTD: Automating Aruba Controller Tasks with Kiwi CatTools

RANCID is kind of painful to work with - it seems like everything is just hardcoded for Cisco in the Perl scripts. But I got something working I think - caveat that I am not a Perl programmer whatsoever, nor can I interpret regular expressions without going to a website to look them up. So this might be useless to you. :)

By the way, AirWave does everything RANCID does and then some. :D

First, edit rancid-fe to add Aruba:


%vendortable = (
'agm' => 'agmrancid',
'alteon' => 'arancid',
'aruba' => 'arubarancid',
'avocent' => 'avorancid',
...


And then drop the attached file called "arubarancid" (remove the .txt extension) into the bin directory.

router.db should look something like:


192.168.1.1:aruba:up


And that's it. All this is doing is dumping the config file - there's none of the fancy hardware change detection that the Cisco script offered. But then again how many times does that happen on most Aruba controllers? :)

I did not spend much time testing, so use at your own risk. It would be great if someone used this as a starting point to build something much more cool

-Jon
---
Jon Green, ACMX, CISSP
Security Guy
Moderator
Posts: 245
Registered: ‎09-12-2007

Re: COTD: Automating Aruba Controller Tasks with Kiwi CatTools

And OBTW - I ran this against my controller at home running a recent build of AOS 3.4, and I noticed certain encrypted keys such as the mesh recovery profile, the "localip" statement for master-local security, wpa-passphrase, and a few others were changing every single time I executed "wr t". I don't know if that's working as designed or a bug - I have a query into engineering to find out. If that's somehow working as designed then I'll need to modify that script to ignore those lines.
---
Jon Green, ACMX, CISSP
Security Guy
Guru Elite
Posts: 21,021
Registered: ‎03-29-2007

Ignore those lines

Yeah,

Ignore those lines.....


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Moderator
Posts: 245
Registered: ‎09-12-2007

Re: COTD: Automating Aruba Controller Tasks with Kiwi CatTools


Yeah,

Ignore those lines.....




Turns out it's a bug that those lines change each time. I'm off for some quality time with Bugzilla now. :)
---
Jon Green, ACMX, CISSP
Security Guy
Contributor I
Posts: 23
Registered: ‎05-01-2009

Re: COTD: Automating Aruba Controller Tasks with Kiwi CatTools

In reference to using KIWI CAT TOOLS.....KCT can do a LOT more. I contacted Aruba TAC wanting to know if they had a script for auto-genning Captive Portal Guest Account credentials so I wouldn't have to do so each and every day of the week. Was told NO....

I installed KCT on my RADIUS server, set it up for the Aruba 6K controller...set it up for email output results, set it up for login to the A6K, set it up for entering the CLI syntax for auto-gen'ing username/password for CP, set it up for exporting the "reply" back from the A6K. Now, I have the reply in a SSL hypertext page on my domain where all my sysadmins statewide can go to this webpage and get the "daily" login credentials for Captive Portal. Took me about a month to get it streamlined, but its so much better than having to wake up early in the morning and do this process manually. KCT has timers on it so you can regulate this script to execute only Monday thru Friday so CP is shutdown on Sat/Sun. Good Stuff...
Contributor I
Posts: 76
Registered: ‎05-14-2009

Version missmatch?

I have a 3200 controller and running 3.3 OS. I used this script to backup my controller but return this error.

Connect failed:(30012) Protocol version mismatch error.

Anybody know what's wrong there?
Guru Elite
Posts: 21,021
Registered: ‎03-29-2007

Try to Use SSH v2

Configure Kiwi to connect using SSH v2


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: