I spoke too soon - further testing shows the error on trying to upload the golden config
the task looks like this
- name: Restore Stored Golden Config to startup through SFTP
vars:
ansible_connection: network_cli
aoscx_command:
commands: ['copy sftp://{{ server_user }}@{{ server }}/projects/TheEastCut/configs/golden_{{ hostname }}.cfg startup-config vrf mgmt','{{ server_password }}',]
when: golden_sha != running_sha
The Verbose output
TASK [Restore Stored Golden Config to startup through SFTP] ***************************************************************************************************************************************************
task path: /root/projects/TheEastCut/config-check.yml:54
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout
<10.154.0.2> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.154.0.2> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-25245BUfnKO `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884 `" && echo ansible-tmp-1607611970.41-25434-111224032290884="` echo /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884 `" ) && sleep 0'
Using module file /root/.ansible/roles/arubanetworks.aoscx_role/library/aoscx_command.py
<10.154.0.2> PUT /root/.ansible/tmp/ansible-local-25245BUfnKO/tmp6Ilkdr TO /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py
<10.154.0.2> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/ /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
WARNING: The below traceback may *not* be related to the actual failure.
File "/tmp/ansible_aoscx_command_payload_5ubEDp/ansible_aoscx_command_payload.zip/ansible/module_utils/aoscx.py", line 325, in run_commands
return conn.run_commands(commands=commands, check_rc=check_rc)
File "/tmp/ansible_aoscx_command_payload_5ubEDp/ansible_aoscx_command_payload.zip/ansible/module_utils/connection.py", line 185, in __rpc__
raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [ap-lab-01]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"commands": [
"copy sftp://
root@10.154.0.4/projects/TheEastCut/configs/golden_ap-lab-01.cfg startup-config vrf mgmt",
"Aruba123"
],
"interval": 1,
"match": "all",
"output_file": null,
"output_file_format": "json",
"provider": null,
"retries": 10,
"wait_for": null
}
},
"msg": "command timeout triggered, timeout value is 30 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide."
}
------------------------------
Andy Partridge
------------------------------
Original Message:
Sent: Dec 10, 2020 07:21 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API
Thanks, I am a little slow on the reply - thanks for the support
The play itself works, it's just during the stat task the error comes up. It looked as if it's trying to use the network_cli to do the checksum.
I got the following result
TASK [Get checksum of stored GOLDEN config] *******************************************************************************************************************************************************************
task path: /root/projects/TheEastCut/config-check.yml:29
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout
<10.154.0.2> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.154.0.2> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-22396HEFqnG `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198 `" && echo ansible-tmp-1607599290.46-22539-63296251257198="` echo /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198 `" ) && sleep 0'
Using module file /usr/lib/python2.7/site-packages/ansible/modules/files/stat.py
<10.154.0.2> PUT /root/.ansible/tmp/ansible-local-22396HEFqnG/tmprXm3zp TO /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py
<10.154.0.2> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/ /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/ > /dev/null 2>&1 && sleep 0'
ok: [ap-lab-01] => {
"changed": false,
"invocation": {
"module_args": {
"checksum_algorithm": "sha1",
"follow": false,
"get_attributes": true,
"get_checksum": true,
"get_md5": false,
"get_mime": true,
"path": "/root/projects/TheEastCut/configs/golden_ap-lab-01.cfg"
}
},
I tried adding ansible_connection = local to the playbook, and then ansible_connection = network_cli to just the tasks which connect to the switch ... and it solved it. No error and successful output.
:-)
Going to try the HTTPS and will upload the complete play it github.
Thanks
------------------------------
Andy Partridge
Original Message:
Sent: Nov 30, 2020 05:28 PM
From: Tiffany Chiapuzio-Wong
Subject: Ansible and OS-CX Secure config transfer with API
I'm not sure what the 1st issue is, could you run the execution in verbose mode and post the output?
For issue #2 that's expected behavior. The only way to replace the current running configuration would be to copy the startup-config to the running config of the switch, That would require you to copy the "golden" configuration to the startup which would require either TFTP or HTTPS when using the REST API or just TFTP using the ssh modules.
Another option besides TFTP could be to use an HTTPS server, if your customer is open to doing that, and that method is only available through the REST API upload config module.
------------------------------
Tiffany Chiapuzio-Wong
Original Message:
Sent: Nov 26, 2020 07:05 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API
Having written a playbook using the aoscx_command module
I am trying to achieve the network maintenance workflow - https://developer.arubanetworks.com/aruba-aoscx/docs/network-maintenance
2 issues I am coming across
1) An error creating the checksum of the golden_config - although the checksum is still valid
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout
2) The uploading on configs only adds to the existing - it doesn't replace.
For example, is somebody but a vlan on the live switch in error, and its not on the golden template my testing shows this VLAN is not removed.
This prevents this using this method to for configuration compliance?
------------------------------
Andy Partridge
Original Message:
Sent: Nov 26, 2020 03:53 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API
Hi,
Need some pointers, I am trying to do a secure download of configurations from an OS-CX using Ansible and the API.
I can only see support for TFTP configuration within the API and the Ansible aoscx-role.
https://10.154.0.2/rest/v1/fullconfigs/running-config?to=tftp%3A%2F%2F10.0.0.1%2Frunning&type=json&vrf=mgmt
to a server but our customers don't allow TFTP on the network.
I was looking for a command-line option within the API although secure options require user-name and password.
Is the only option to use SSH commands?
Thanks
AP.
------------------------------
Andy Partridge
------------------------------