Network Management

Reply

Re: AirWave 8.2.4 NO CLI

Well, the root access not comming back is really idiotic.

Since Aruba did not properly adress the concerns before and now "saying" that some things will be added. You have a really bad track record of that.

 

Downloading via the cli from aruba support has always been horrible. Many customers attest to that.

The normal support portal give normal speeds. And NO it is not my connections that is the problem. For once, own it and accually look into your own problems.

 

I am now locked out of the Web GUI. Thanks Aruba. Good testing..

Occasional Contributor I

Re: AirWave 8.2.4 NO CLI

So basically what Aruba is saying the one feature everyone is asking for back will not come back (cli/shell). So this tells me I should look into dropping Airwave completely from my environment and move to something else such as Solarwinds? or another product... But along with that might be ripping all Aruba out of the network... With this lack of meeting different customers needs customers will leave.

Re: AirWave 8.2.4 NO CLI

Does our bash scripts still work for moving backups off server?

Or is that now also broke? Well, we can never modify it again.

 

What is the solution here?

New Contributor

Re: AirWave 8.2.4 NO CLI

If the root CLI will not come back: I think there could be another way. 

Two Versions of Airwave, one Version is the appliance whithout root and full service. The other Version is a tar.gz, which can be installed in a distribution of my own choice....

Re: AirWave 8.2.4 NO CLI

Speed through the CLI upgrade should have a TAC case opened. If you're able to download from support faster than AMP is able to download from the CLI, from the same network, that needs to be looked at.

 

There is a mechanism now to automate moving nightly backups off the AMP from the AMPCLI. 

 

   4. Backup > 2. Configure Automatic Transfer 

 

While there are some customers that would like to retain access to the CLI and root, there are many, many more from both large enterprise and high security spaces (state and federal governments) that do not allow root access to the box, and leaving that access in, in any fashion, removes their ability to deploy. Additionally, future versions of airwave will have to absolutely remove access to shell to meet other high security certification requirements as a pre-requisite to even be looked at before deploying on a government network. This limitation (lack of access to root privledge) also applies to all of our other competitors in this space as well, so it's an industry direction and best practice for most all network appliances.

 

No other product in Aruba's portfolio allows access to root, AirWave was the anomaly and it's now being corrected for both reasons stated above. 

 

We of course regret that this negatively impacts some of our customers that use root on a regular basis, and we certainly hope they wouldn't leave, but this is a much larger product design requirement than just removing it for the sake of removing it to make our customers angry. We have asked for, and received, many enhancement requests on things they were using root access for and we will be adding them in upcoming releases. If you see missing features that you used the CLI for in previous posts on this thread, or have one that you use that are critical for your operations, feel free to post it here.

 

Thanks

Jerrod Howard
Sr. Techical Marketing Engineer
Contributor I

Re: AirWave 8.2.4 NO CLI

If you did not change the /etc/passwd file after the upgrade as  Sascha Becht suggested earlier you should be able to use sinlge user mode to get logged in.

You can follow the root password reset process from here.

 

To get it all in one spot.

 

1. Reboot the server with CTRL-ALT-DELETE.
2. When the blue boot screen pops up (depending on what OS you have, you may have an AirWave logo or CentOS or another OS logo on this page), press "e" to edit the boot configuration.
3. Move the cursor down to the line that starts with 'kernel', and press "e"
again to edit that line
4. Make sure you're at the end of the line, give a space and add the word "single" (without quotes) to the string, then hit 
5. Type 'b' to continue the boot process; you'll boot quickly into a shell without having to enter a password
6. Use the 'passwd' command to enter and confirm a new password for the root user
7. Write down the new password and keep it someplace safe.

8. Add root acces back vi /etc/passwd

9. change the first line to: root:x:0:0:root:/root:/bin/bash
10. Use the 'reboot' command to reboot the server into full operations mode.

11. Log back in and create new user so you can log in without root 

 

Re: AirWave 8.2.4 NO CLI

To SK and Mikael, the AMPCLI support custom commands, where you can work with TAC to create a loadable module that does something specific. While you wouldn't have unfettered root access, if you have a script that pulls something regularly, then TAC may be able to build a module that supports that function from the AMPCLI. Up to you though if you want to pursue that avenue or not.

Jerrod Howard
Sr. Techical Marketing Engineer
Occasional Contributor I

Re: AirWave 8.2.4 NO CLI

Jerrod,

 

I find your reply/comment BS. In high security government environments there is no way they would allow you to build a vpn tunnel back to TAC and allow them to work on the server without an overview watch. 

 

 

Secondly, 

To say TAC would have to build modules is another way to say "hey customer you need to pay us to build your module."

 

So come on lets cut the bs on that.

 

Now I will say yes other vendors don't allow access to the backend code, but Aruba basically ripped it out for no reason.

Re: AirWave 8.2.4 NO CLI

Well, the TAC support isn´t the most... fast so it would be interesting to see them look into the speed.

 

Create 2 versions of Airwave. One restricted (could be a FIPS version). One normal, for people who accually want stuff to work.

 

 Also, to say that TAC should build modules? Do you belive in that yourself? That will never happen. So I really do not belive you there.

 

This is a BAD decision. And how you are unable to open up root access on one version is beyond ridiculous. ./unlock root. How hard is it?

Re: AirWave 8.2.4 NO CLI

APKeene, you don't have to build secure tunnels to have a module created, you just need to exchage the GPG key so that we can sign modules that will work on your AMP. And while there is a 2-factor GPGkey tunnel established that, in some cases can meet the GOV requirement, if the customer's network disallows that, we can still support via the regular way (pull log files, diagnose over phone, with webex, etc. 

 

If you have a valid support contract, that service is included and is not any extra charge. 

 

The reasons are stated above, I cannot be any clearer. 

 

 

Jerrod Howard
Sr. Techical Marketing Engineer
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: