Network Management

Reply

Re: AirWave 8.2.4 NO CLI

apkeene, I will reach out to techpubs to get that added to the next release notes as well as file a request to get more detail about AMP CLI processes in the 8.2.4+ user guide (there's note of the AMP CLI in the UG, but no details on upgrades, etc). Thanks 

Jerrod Howard
Sr. Techical Marketing Engineer
New Contributor

Re: AirWave 8.2.4 NO CLI

We manage our own Airwave server (not an Aruba appliance) and need CLI access to monitor system health and to perform other management functions which are not available via the GUI, such as
1. Monitor individual SSD health using SMART statistics and RAID statistics and send weekly email reports of SSD status.
2. Local IP tables to allow access and disallow unwanted access.
3. Copy nightly backups to remote storage.
4. Periodic purge and rebuild of the database.
5. Weekly restart of AMP services (to prevent swap space from filling up, etc.)
6. Various other ad-hoc monitoring of the server to verify system status and troubleshoot issues like access to APs, controllers, SNMP issues, syslog issues, etc.

Several of these (e.g. SSD health and copy of nightly backups) are done via CRON, not manually. We don't specifically need root access, but some of these (iptables) require at least sudo.

 

 

 

Re: AirWave 8.2.4 NO CLI

1. Can look at filing an RFE to add advanced disk diagnostics to the 'Performance' page.

2. I thoguht we had an allowed networks list, but apparently not. That should be an easy RFE to file on the 'Networks' page to get parity with CPPM

3. This is already added in AMPCLI

4. This should not be necessary

5. Also should not be necessary.

6. More troubleshooting support will be added to AMPCLI over time

Jerrod Howard
Sr. Techical Marketing Engineer
Occasional Contributor I

Re: AirWave 8.2.4 NO CLI

Version 8.2.4 just got tagged in a vulnerability scan for HTTP TRACK/TRACE method.  Normally I would edit the .conf file to return 444 NO RESPONSE, but as files are currently inaccessible is this something that can be addressed in the next version?  Perhaps as advanced web server settings menu item.  Also, port 60001 being flagged for multiple issues (incorrect certificate name, weak cert, TRACK/TRACE)

 

 

Re: AirWave 8.2.4 NO CLI

You would open a TAC case along with the details of the finding (scanner used, output of the finding with details, etc) so that they can loop in our Security folks to determine if it's valid and then patch in a correction.

Jerrod Howard
Sr. Techical Marketing Engineer
Occasional Contributor I

Re: AirWave 8.2.4 NO CLI

Sadly it does not work if you use the centOS image Aruba provides. Anyone have an easy way to get past the GRUB password to get into single mode?

New Contributor

Re: AirWave 8.2.4 NO CLI

Hi Jerrod, I'd like to throw in another vote for scripting or cron management in some form or another, as we cannot upgrade without access to modify the custom scripts managing our ArubaOS controller via "on_controller" commands.

 

Support had some suggestions on how replace the scripts with some configuration changes on the controller, but I fear those adjustments will simply confuse my users.  The only real solution seemed to be configuring a device simply to remote into my controller for scripting.  I'd prefer to limit how many systems I need to manage my Aruba infrastructure (seems to be 5 separate UIs I need to access across 3 devices).

Contributor I

Re: AirWave 8.2.4 NO CLI

Get around/reset the GRUB password: 

 

Yes, you need to boot from a Live Distro, or mount the disk with another VM. Knppoix/Ubuntu/Backtrack are what I typically have on hand. If you use Ubunut make sure you use "Try without Installing" / Try Ubuntu and don't install over your AMP server

 

- Shutdown the AirWave VM

- Add CD ROM to VM, and mount ISO to CD ROM.

- Edit VM Options, Boot Options, Force BIOS setup

- Save 

 

- Boot the AirWave VM

- In the vm BIOS got right to the Boot option

- Hightlight the CD-ROM option, and ++ to move it above Hard Drive

- Exit, Save Changes, Yes

 

- If Ubuntu use "Try Ubuntu" Option

- open terminal

- sudo fdisk -l to find the boot partition

- sudo mount /dev/sda2 /mnt

- sudo nano /mnt/grub/grub.conf

- delete the line that starts with password

- save file

- umount /mnt

 

While you're here go ahead and re-enable root login.

Find the LVM to mount

- sudo pvs

- sudo lvdisplay /dev/VolGroup00

Mount it:

- sudo mount /dev/VolGroup00/Log/Vol00 /mnt

Change passwd file:

- sudo nano /mnt/etc/passwd

- change the root from nologon to /bin/bash

root:x:0:0:root:/root:/bin/bash

You can also change the ampadmin login over to a terminal rather than going directly into the "imporved" user interface.

Go to the bottom of the file and change /user/local/airwave/bin/ampcli to /bin/bash

- sudo umount /mnt

Shut the system down

-halt

 

Edit the VM setting to disconnect the CDROM and boot into AirWave. 

 

 

 

 

 

Occasional Contributor I

Re: AirWave 8.2.4 NO CLI

I can confirm that the solution to get around the GRUB password works. One thing to take note of if installed on a VM a couple of rescue boot disks could not see my drives. I had to use another Unix disk to get it to be able to find them and depending on type of file type you might have to hunt for the correct one that can mount the drive in read/write and not just write only.

Once I had the right version the instructions worked like a charm.

New Contributor

Re: AirWave 8.2.4 NO CLI

We would appriciate it if you had the 'additional functionality' in place prior to removing the regular functionality.  Many of us use OUR ( not your ) servers for other purposes and you have just removed our ability to levergage OUR hardware the way we see fit.   I do not know any of your customers who are happy with this change.  It has cerntainly pushed us to look for other solutions.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: