Developer

Hi,

Need some pointers, I am trying to do a secure download of configurations from an OS-CX using Ansible and the API. 

I can only see support for TFTP configuration within the API and the Ansible aoscx-role.

https://10.154.0.2/rest/v1/fullconfigs/running-config?to=tftp%3A%2F%2F10.0.0.1%2Frunning&type=json&vrf=mgmt

to a server but our customers don't allow TFTP on the network. 

I was looking for a command-line option within the API although secure options require user-name and password.

Is the only option to use SSH commands?
 

Thanks
AP.


------------------------------
Andy Partridge
------------------------------

Having written a playbook using the aoscx_command module 
I am trying to achieve the network maintenance workflow - https://developer.arubanetworks.com/aruba-aoscx/docs/network-maintenance

2 issues I am coming across
1) An error creating the checksum of the golden_config - although the checksum is still valid
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout

2) The uploading on configs only adds to the existing - it doesn't replace.

For example, is somebody but a vlan on the live switch in error, and its not on the golden template my testing shows this VLAN is not removed. 
This prevents this using this method to for configuration compliance?

------------------------------
Andy Partridge
------------------------------

Original Message:
Sent: Nov 26, 2020 03:53 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Hi,

Need some pointers, I am trying to do a secure download of configurations from an OS-CX using Ansible and the API. 

I can only see support for TFTP configuration within the API and the Ansible aoscx-role.

https://10.154.0.2/rest/v1/fullconfigs/running-config?to=tftp%3A%2F%2F10.0.0.1%2Frunning&type=json&vrf=mgmt

to a server but our customers don't allow TFTP on the network. 

I was looking for a command-line option within the API although secure options require user-name and password.

Is the only option to use SSH commands?
 

Thanks
AP.


------------------------------
Andy Partridge
------------------------------

having worked on this I've removed the first error by moving the vars connection - thought I had it but no luck

I'm not sure what the 1st issue is, could you run the execution in verbose mode and post the output?

For issue #2 that's expected behavior. The only way to replace the current running configuration would be to copy the startup-config to the running config of the switch,  That would require you to copy the "golden" configuration to the startup which would require either TFTP or HTTPS when using the REST API or just TFTP using the ssh modules.

Another option besides TFTP could be to use an HTTPS server, if your customer is open to doing that, and that method is only available through the REST API upload config module.

------------------------------
Tiffany Chiapuzio-Wong
------------------------------

Original Message:
Sent: Nov 26, 2020 07:05 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Having written a playbook using the aoscx_command module 
I am trying to achieve the network maintenance workflow - https://developer.arubanetworks.com/aruba-aoscx/docs/network-maintenance

2 issues I am coming across
1) An error creating the checksum of the golden_config - although the checksum is still valid
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout

2) The uploading on configs only adds to the existing - it doesn't replace.

For example, is somebody but a vlan on the live switch in error, and its not on the golden template my testing shows this VLAN is not removed. 
This prevents this using this method to for configuration compliance?

------------------------------
Andy Partridge

Original Message:
Sent: Nov 26, 2020 03:53 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Hi,

Need some pointers, I am trying to do a secure download of configurations from an OS-CX using Ansible and the API. 

I can only see support for TFTP configuration within the API and the Ansible aoscx-role.

https://10.154.0.2/rest/v1/fullconfigs/running-config?to=tftp%3A%2F%2F10.0.0.1%2Frunning&type=json&vrf=mgmt

to a server but our customers don't allow TFTP on the network. 

I was looking for a command-line option within the API although secure options require user-name and password.

Is the only option to use SSH commands?
 

Thanks
AP.


------------------------------
Andy Partridge
------------------------------

Thanks, I am a little slow on the reply  - thanks for the support

The play itself works, it's just during the stat task the error comes up. It looked as if it's trying to use the network_cli to do the checksum. 

I got the following result

TASK [Get checksum of stored GOLDEN config] *******************************************************************************************************************************************************************
task path: /root/projects/TheEastCut/config-check.yml:29
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout
<10.154.0.2> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.154.0.2> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-22396HEFqnG `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198 `" && echo ansible-tmp-1607599290.46-22539-63296251257198="` echo /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198 `" ) && sleep 0'
Using module file /usr/lib/python2.7/site-packages/ansible/modules/files/stat.py
<10.154.0.2> PUT /root/.ansible/tmp/ansible-local-22396HEFqnG/tmprXm3zp TO /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py
<10.154.0.2> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/ /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/ > /dev/null 2>&1 && sleep 0'
ok: [ap-lab-01] => {
"changed": false,
"invocation": {
"module_args": {
"checksum_algorithm": "sha1",
"follow": false,
"get_attributes": true,
"get_checksum": true,
"get_md5": false,
"get_mime": true,
"path": "/root/projects/TheEastCut/configs/golden_ap-lab-01.cfg"
}
},



I tried adding ansible_connection = local to the playbook, and then ansible_connection = network_cli to just the tasks which connect to the switch ... and it solved it. No error and successful output.
:-)

Going to try the HTTPS and will upload the complete play it github.

Thanks








------------------------------
Andy Partridge
------------------------------

Original Message:
Sent: Nov 30, 2020 05:28 PM
From: Tiffany Chiapuzio-Wong
Subject: Ansible and OS-CX Secure config transfer with API

I'm not sure what the 1st issue is, could you run the execution in verbose mode and post the output?

For issue #2 that's expected behavior. The only way to replace the current running configuration would be to copy the startup-config to the running config of the switch,  That would require you to copy the "golden" configuration to the startup which would require either TFTP or HTTPS when using the REST API or just TFTP using the ssh modules.

Another option besides TFTP could be to use an HTTPS server, if your customer is open to doing that, and that method is only available through the REST API upload config module.

------------------------------
Tiffany Chiapuzio-Wong

Original Message:
Sent: Nov 26, 2020 07:05 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Having written a playbook using the aoscx_command module 
I am trying to achieve the network maintenance workflow - https://developer.arubanetworks.com/aruba-aoscx/docs/network-maintenance

2 issues I am coming across
1) An error creating the checksum of the golden_config - although the checksum is still valid
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout

2) The uploading on configs only adds to the existing - it doesn't replace.

For example, is somebody but a vlan on the live switch in error, and its not on the golden template my testing shows this VLAN is not removed. 
This prevents this using this method to for configuration compliance?

------------------------------
Andy Partridge

Original Message:
Sent: Nov 26, 2020 03:53 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Hi,

Need some pointers, I am trying to do a secure download of configurations from an OS-CX using Ansible and the API. 

I can only see support for TFTP configuration within the API and the Ansible aoscx-role.

https://10.154.0.2/rest/v1/fullconfigs/running-config?to=tftp%3A%2F%2F10.0.0.1%2Frunning&type=json&vrf=mgmt

to a server but our customers don't allow TFTP on the network. 

I was looking for a command-line option within the API although secure options require user-name and password.

Is the only option to use SSH commands?
 

Thanks
AP.


------------------------------
Andy Partridge
------------------------------

I spoke too soon - further testing shows the error on trying to upload the golden config

the task looks like this 

- name: Restore Stored Golden Config to startup through SFTP
vars:
ansible_connection: network_cli
aoscx_command:
commands: ['copy sftp://{{ server_user }}@{{ server }}/projects/TheEastCut/configs/golden_{{ hostname }}.cfg startup-config vrf mgmt','{{ server_password }}',]
when: golden_sha != running_sha


The Verbose output

TASK [Restore Stored Golden Config to startup through SFTP] ***************************************************************************************************************************************************
task path: /root/projects/TheEastCut/config-check.yml:54
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout
<10.154.0.2> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.154.0.2> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-25245BUfnKO `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884 `" && echo ansible-tmp-1607611970.41-25434-111224032290884="` echo /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884 `" ) && sleep 0'
Using module file /root/.ansible/roles/arubanetworks.aoscx_role/library/aoscx_command.py
<10.154.0.2> PUT /root/.ansible/tmp/ansible-local-25245BUfnKO/tmp6Ilkdr TO /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py
<10.154.0.2> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/ /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
WARNING: The below traceback may *not* be related to the actual failure.
File "/tmp/ansible_aoscx_command_payload_5ubEDp/ansible_aoscx_command_payload.zip/ansible/module_utils/aoscx.py", line 325, in run_commands
return conn.run_commands(commands=commands, check_rc=check_rc)
File "/tmp/ansible_aoscx_command_payload_5ubEDp/ansible_aoscx_command_payload.zip/ansible/module_utils/connection.py", line 185, in __rpc__
raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [ap-lab-01]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"commands": [
"copy sftp://root@10.154.0.4/projects/TheEastCut/configs/golden_ap-lab-01.cfg startup-config vrf mgmt",
"Aruba123"
],
"interval": 1,
"match": "all",
"output_file": null,
"output_file_format": "json",
"provider": null,
"retries": 10,
"wait_for": null
}
},
"msg": "command timeout triggered, timeout value is 30 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide."
}



------------------------------
Andy Partridge
------------------------------

Original Message:
Sent: Dec 10, 2020 07:21 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Thanks, I am a little slow on the reply  - thanks for the support

The play itself works, it's just during the stat task the error comes up. It looked as if it's trying to use the network_cli to do the checksum. 

I got the following result

TASK [Get checksum of stored GOLDEN config] *******************************************************************************************************************************************************************
task path: /root/projects/TheEastCut/config-check.yml:29
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout
<10.154.0.2> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.154.0.2> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-22396HEFqnG `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198 `" && echo ansible-tmp-1607599290.46-22539-63296251257198="` echo /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198 `" ) && sleep 0'
Using module file /usr/lib/python2.7/site-packages/ansible/modules/files/stat.py
<10.154.0.2> PUT /root/.ansible/tmp/ansible-local-22396HEFqnG/tmprXm3zp TO /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py
<10.154.0.2> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/ /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/ > /dev/null 2>&1 && sleep 0'
ok: [ap-lab-01] => {
"changed": false,
"invocation": {
"module_args": {
"checksum_algorithm": "sha1",
"follow": false,
"get_attributes": true,
"get_checksum": true,
"get_md5": false,
"get_mime": true,
"path": "/root/projects/TheEastCut/configs/golden_ap-lab-01.cfg"
}
},



I tried adding ansible_connection = local to the playbook, and then ansible_connection = network_cli to just the tasks which connect to the switch ... and it solved it. No error and successful output.
:-)

Going to try the HTTPS and will upload the complete play it github.

Thanks








------------------------------
Andy Partridge

Original Message:
Sent: Nov 30, 2020 05:28 PM
From: Tiffany Chiapuzio-Wong
Subject: Ansible and OS-CX Secure config transfer with API

I'm not sure what the 1st issue is, could you run the execution in verbose mode and post the output?

For issue #2 that's expected behavior. The only way to replace the current running configuration would be to copy the startup-config to the running config of the switch,  That would require you to copy the "golden" configuration to the startup which would require either TFTP or HTTPS when using the REST API or just TFTP using the ssh modules.

Another option besides TFTP could be to use an HTTPS server, if your customer is open to doing that, and that method is only available through the REST API upload config module.

------------------------------
Tiffany Chiapuzio-Wong

Original Message:
Sent: Nov 26, 2020 07:05 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Having written a playbook using the aoscx_command module 
I am trying to achieve the network maintenance workflow - https://developer.arubanetworks.com/aruba-aoscx/docs/network-maintenance

2 issues I am coming across
1) An error creating the checksum of the golden_config - although the checksum is still valid
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout

2) The uploading on configs only adds to the existing - it doesn't replace.

For example, is somebody but a vlan on the live switch in error, and its not on the golden template my testing shows this VLAN is not removed. 
This prevents this using this method to for configuration compliance?

------------------------------
Andy Partridge

Original Message:
Sent: Nov 26, 2020 03:53 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Hi,

Need some pointers, I am trying to do a secure download of configurations from an OS-CX using Ansible and the API. 

I can only see support for TFTP configuration within the API and the Ansible aoscx-role.

https://10.154.0.2/rest/v1/fullconfigs/running-config?to=tftp%3A%2F%2F10.0.0.1%2Frunning&type=json&vrf=mgmt

to a server but our customers don't allow TFTP on the network. 

I was looking for a command-line option within the API although secure options require user-name and password.

Is the only option to use SSH commands?
 

Thanks
AP.


------------------------------
Andy Partridge
------------------------------

Hi @and3p unfortunately our SSH modules `aoscx_command` and `aoscx_config` are unable to respond to prompts. Therefore using the `copy` command with SFTP ​​will fail because the module cannot match on the prompt for password/username input.

------------------------------
Tiffany Chiapuzio-Wong
------------------------------

Original Message:
Sent: Dec 10, 2020 09:56 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

I spoke too soon - further testing shows the error on trying to upload the golden config

the task looks like this 

- name: Restore Stored Golden Config to startup through SFTP
vars:
ansible_connection: network_cli
aoscx_command:
commands: ['copy sftp://{{ server_user }}@{{ server }}/projects/TheEastCut/configs/golden_{{ hostname }}.cfg startup-config vrf mgmt','{{ server_password }}',]
when: golden_sha != running_sha


The Verbose output

TASK [Restore Stored Golden Config to startup through SFTP] ***************************************************************************************************************************************************
task path: /root/projects/TheEastCut/config-check.yml:54
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout
<10.154.0.2> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.154.0.2> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-25245BUfnKO `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884 `" && echo ansible-tmp-1607611970.41-25434-111224032290884="` echo /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884 `" ) && sleep 0'
Using module file /root/.ansible/roles/arubanetworks.aoscx_role/library/aoscx_command.py
<10.154.0.2> PUT /root/.ansible/tmp/ansible-local-25245BUfnKO/tmp6Ilkdr TO /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py
<10.154.0.2> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/ /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
WARNING: The below traceback may *not* be related to the actual failure.
File "/tmp/ansible_aoscx_command_payload_5ubEDp/ansible_aoscx_command_payload.zip/ansible/module_utils/aoscx.py", line 325, in run_commands
return conn.run_commands(commands=commands, check_rc=check_rc)
File "/tmp/ansible_aoscx_command_payload_5ubEDp/ansible_aoscx_command_payload.zip/ansible/module_utils/connection.py", line 185, in __rpc__
raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [ap-lab-01]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"commands": [
"copy sftp://root@10.154.0.4/projects/TheEastCut/configs/golden_ap-lab-01.cfg startup-config vrf mgmt",
"Aruba123"
],
"interval": 1,
"match": "all",
"output_file": null,
"output_file_format": "json",
"provider": null,
"retries": 10,
"wait_for": null
}
},
"msg": "command timeout triggered, timeout value is 30 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide."
}



------------------------------
Andy Partridge

Original Message:
Sent: Dec 10, 2020 07:21 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Thanks, I am a little slow on the reply  - thanks for the support

The play itself works, it's just during the stat task the error comes up. It looked as if it's trying to use the network_cli to do the checksum. 

I got the following result

TASK [Get checksum of stored GOLDEN config] *******************************************************************************************************************************************************************
task path: /root/projects/TheEastCut/config-check.yml:29
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout
<10.154.0.2> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.154.0.2> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-22396HEFqnG `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198 `" && echo ansible-tmp-1607599290.46-22539-63296251257198="` echo /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198 `" ) && sleep 0'
Using module file /usr/lib/python2.7/site-packages/ansible/modules/files/stat.py
<10.154.0.2> PUT /root/.ansible/tmp/ansible-local-22396HEFqnG/tmprXm3zp TO /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py
<10.154.0.2> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/ /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/ > /dev/null 2>&1 && sleep 0'
ok: [ap-lab-01] => {
"changed": false,
"invocation": {
"module_args": {
"checksum_algorithm": "sha1",
"follow": false,
"get_attributes": true,
"get_checksum": true,
"get_md5": false,
"get_mime": true,
"path": "/root/projects/TheEastCut/configs/golden_ap-lab-01.cfg"
}
},



I tried adding ansible_connection = local to the playbook, and then ansible_connection = network_cli to just the tasks which connect to the switch ... and it solved it. No error and successful output.
:-)

Going to try the HTTPS and will upload the complete play it github.

Thanks








------------------------------
Andy Partridge

Original Message:
Sent: Nov 30, 2020 05:28 PM
From: Tiffany Chiapuzio-Wong
Subject: Ansible and OS-CX Secure config transfer with API

I'm not sure what the 1st issue is, could you run the execution in verbose mode and post the output?

For issue #2 that's expected behavior. The only way to replace the current running configuration would be to copy the startup-config to the running config of the switch,  That would require you to copy the "golden" configuration to the startup which would require either TFTP or HTTPS when using the REST API or just TFTP using the ssh modules.

Another option besides TFTP could be to use an HTTPS server, if your customer is open to doing that, and that method is only available through the REST API upload config module.

------------------------------
Tiffany Chiapuzio-Wong

Original Message:
Sent: Nov 26, 2020 07:05 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Having written a playbook using the aoscx_command module 
I am trying to achieve the network maintenance workflow - https://developer.arubanetworks.com/aruba-aoscx/docs/network-maintenance

2 issues I am coming across
1) An error creating the checksum of the golden_config - although the checksum is still valid
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout

2) The uploading on configs only adds to the existing - it doesn't replace.

For example, is somebody but a vlan on the live switch in error, and its not on the golden template my testing shows this VLAN is not removed. 
This prevents this using this method to for configuration compliance?

------------------------------
Andy Partridge

Original Message:
Sent: Nov 26, 2020 03:53 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Hi,

Need some pointers, I am trying to do a secure download of configurations from an OS-CX using Ansible and the API. 

I can only see support for TFTP configuration within the API and the Ansible aoscx-role.

https://10.154.0.2/rest/v1/fullconfigs/running-config?to=tftp%3A%2F%2F10.0.0.1%2Frunning&type=json&vrf=mgmt

to a server but our customers don't allow TFTP on the network. 

I was looking for a command-line option within the API although secure options require user-name and password.

Is the only option to use SSH commands?
 

Thanks
AP.


------------------------------
Andy Partridge
------------------------------

@Tiffany.Chiapuzio-Wong,

I am having this same issue as well - copying startup config from ArubaOS-CX to SFTP server via SSH command. 

Any plans to enable prompts (for yes, no and other inputs like password) in future?
Original Message:
Sent: Dec 14, 2020 01:57 PM
From: Tiffany Chiapuzio-Wong
Subject: Ansible and OS-CX Secure config transfer with API

Hi @and3p unfortunately our SSH modules `aoscx_command` and `aoscx_config` are unable to respond to prompts. Therefore using the `copy` command with SFTP ​​will fail because the module cannot match on the prompt for password/username input.

------------------------------
Tiffany Chiapuzio-Wong

Original Message:
Sent: Dec 10, 2020 09:56 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

I spoke too soon - further testing shows the error on trying to upload the golden config

the task looks like this 

- name: Restore Stored Golden Config to startup through SFTP
vars:
ansible_connection: network_cli
aoscx_command:
commands: ['copy sftp://{{ server_user }}@{{ server }}/projects/TheEastCut/configs/golden_{{ hostname }}.cfg startup-config vrf mgmt','{{ server_password }}',]
when: golden_sha != running_sha


The Verbose output

TASK [Restore Stored Golden Config to startup through SFTP] ***************************************************************************************************************************************************
task path: /root/projects/TheEastCut/config-check.yml:54
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout
<10.154.0.2> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.154.0.2> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-25245BUfnKO `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884 `" && echo ansible-tmp-1607611970.41-25434-111224032290884="` echo /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884 `" ) && sleep 0'
Using module file /root/.ansible/roles/arubanetworks.aoscx_role/library/aoscx_command.py
<10.154.0.2> PUT /root/.ansible/tmp/ansible-local-25245BUfnKO/tmp6Ilkdr TO /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py
<10.154.0.2> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/ /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
WARNING: The below traceback may *not* be related to the actual failure.
File "/tmp/ansible_aoscx_command_payload_5ubEDp/ansible_aoscx_command_payload.zip/ansible/module_utils/aoscx.py", line 325, in run_commands
return conn.run_commands(commands=commands, check_rc=check_rc)
File "/tmp/ansible_aoscx_command_payload_5ubEDp/ansible_aoscx_command_payload.zip/ansible/module_utils/connection.py", line 185, in __rpc__
raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [ap-lab-01]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"commands": [
"copy sftp://root@10.154.0.4/projects/TheEastCut/configs/golden_ap-lab-01.cfg startup-config vrf mgmt",
"Aruba123"
],
"interval": 1,
"match": "all",
"output_file": null,
"output_file_format": "json",
"provider": null,
"retries": 10,
"wait_for": null
}
},
"msg": "command timeout triggered, timeout value is 30 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide."
}



------------------------------
Andy Partridge

Original Message:
Sent: Dec 10, 2020 07:21 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Thanks, I am a little slow on the reply  - thanks for the support

The play itself works, it's just during the stat task the error comes up. It looked as if it's trying to use the network_cli to do the checksum. 

I got the following result

TASK [Get checksum of stored GOLDEN config] *******************************************************************************************************************************************************************
task path: /root/projects/TheEastCut/config-check.yml:29
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout
<10.154.0.2> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.154.0.2> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-22396HEFqnG `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198 `" && echo ansible-tmp-1607599290.46-22539-63296251257198="` echo /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198 `" ) && sleep 0'
Using module file /usr/lib/python2.7/site-packages/ansible/modules/files/stat.py
<10.154.0.2> PUT /root/.ansible/tmp/ansible-local-22396HEFqnG/tmprXm3zp TO /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py
<10.154.0.2> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/ /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/ > /dev/null 2>&1 && sleep 0'
ok: [ap-lab-01] => {
"changed": false,
"invocation": {
"module_args": {
"checksum_algorithm": "sha1",
"follow": false,
"get_attributes": true,
"get_checksum": true,
"get_md5": false,
"get_mime": true,
"path": "/root/projects/TheEastCut/configs/golden_ap-lab-01.cfg"
}
},



I tried adding ansible_connection = local to the playbook, and then ansible_connection = network_cli to just the tasks which connect to the switch ... and it solved it. No error and successful output.
:-)

Going to try the HTTPS and will upload the complete play it github.

Thanks








------------------------------
Andy Partridge

Original Message:
Sent: Nov 30, 2020 05:28 PM
From: Tiffany Chiapuzio-Wong
Subject: Ansible and OS-CX Secure config transfer with API

I'm not sure what the 1st issue is, could you run the execution in verbose mode and post the output?

For issue #2 that's expected behavior. The only way to replace the current running configuration would be to copy the startup-config to the running config of the switch,  That would require you to copy the "golden" configuration to the startup which would require either TFTP or HTTPS when using the REST API or just TFTP using the ssh modules.

Another option besides TFTP could be to use an HTTPS server, if your customer is open to doing that, and that method is only available through the REST API upload config module.

------------------------------
Tiffany Chiapuzio-Wong

Original Message:
Sent: Nov 26, 2020 07:05 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Having written a playbook using the aoscx_command module 
I am trying to achieve the network maintenance workflow - https://developer.arubanetworks.com/aruba-aoscx/docs/network-maintenance

2 issues I am coming across
1) An error creating the checksum of the golden_config - although the checksum is still valid
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout

2) The uploading on configs only adds to the existing - it doesn't replace.

For example, is somebody but a vlan on the live switch in error, and its not on the golden template my testing shows this VLAN is not removed. 
This prevents this using this method to for configuration compliance?

------------------------------
Andy Partridge

Original Message:
Sent: Nov 26, 2020 03:53 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Hi,

Need some pointers, I am trying to do a secure download of configurations from an OS-CX using Ansible and the API. 

I can only see support for TFTP configuration within the API and the Ansible aoscx-role.

https://10.154.0.2/rest/v1/fullconfigs/running-config?to=tftp%3A%2F%2F10.0.0.1%2Frunning&type=json&vrf=mgmt

to a server but our customers don't allow TFTP on the network. 

I was looking for a command-line option within the API although secure options require user-name and password.

Is the only option to use SSH commands?
 

Thanks
AP.


------------------------------
Andy Partridge
------------------------------

Hey D.I,

Since we're making a push towards automation via REST API and moving away from CLI automation, there are no plans to modify the modules to support responding to prompts.

------------------------------
Derek Wang
------------------------------

Original Message:
Sent: Jan 24, 2021 09:39 AM
From: David Ibrahim
Subject: Ansible and OS-CX Secure config transfer with API

@Tiffany.Chiapuzio-Wong,

I am having this same issue as well - copying startup config from ArubaOS-CX to SFTP server via SSH command. 

Any plans to enable prompts (for yes, no and other inputs like password) in future?
Original Message:
Sent: Dec 14, 2020 01:57 PM
From: Tiffany Chiapuzio-Wong
Subject: Ansible and OS-CX Secure config transfer with API

Hi @and3p unfortunately our SSH modules `aoscx_command` and `aoscx_config` are unable to respond to prompts. Therefore using the `copy` command with SFTP ​​will fail because the module cannot match on the prompt for password/username input.

------------------------------
Tiffany Chiapuzio-Wong

Original Message:
Sent: Dec 10, 2020 09:56 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

I spoke too soon - further testing shows the error on trying to upload the golden config

the task looks like this 

- name: Restore Stored Golden Config to startup through SFTP
vars:
ansible_connection: network_cli
aoscx_command:
commands: ['copy sftp://{{ server_user }}@{{ server }}/projects/TheEastCut/configs/golden_{{ hostname }}.cfg startup-config vrf mgmt','{{ server_password }}',]
when: golden_sha != running_sha


The Verbose output

TASK [Restore Stored Golden Config to startup through SFTP] ***************************************************************************************************************************************************
task path: /root/projects/TheEastCut/config-check.yml:54
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout
<10.154.0.2> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.154.0.2> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-25245BUfnKO `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884 `" && echo ansible-tmp-1607611970.41-25434-111224032290884="` echo /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884 `" ) && sleep 0'
Using module file /root/.ansible/roles/arubanetworks.aoscx_role/library/aoscx_command.py
<10.154.0.2> PUT /root/.ansible/tmp/ansible-local-25245BUfnKO/tmp6Ilkdr TO /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py
<10.154.0.2> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/ /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/AnsiballZ_aoscx_command.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-25245BUfnKO/ansible-tmp-1607611970.41-25434-111224032290884/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
WARNING: The below traceback may *not* be related to the actual failure.
File "/tmp/ansible_aoscx_command_payload_5ubEDp/ansible_aoscx_command_payload.zip/ansible/module_utils/aoscx.py", line 325, in run_commands
return conn.run_commands(commands=commands, check_rc=check_rc)
File "/tmp/ansible_aoscx_command_payload_5ubEDp/ansible_aoscx_command_payload.zip/ansible/module_utils/connection.py", line 185, in __rpc__
raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [ap-lab-01]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"commands": [
"copy sftp://root@10.154.0.4/projects/TheEastCut/configs/golden_ap-lab-01.cfg startup-config vrf mgmt",
"Aruba123"
],
"interval": 1,
"match": "all",
"output_file": null,
"output_file_format": "json",
"provider": null,
"retries": 10,
"wait_for": null
}
},
"msg": "command timeout triggered, timeout value is 30 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide."
}



------------------------------
Andy Partridge

Original Message:
Sent: Dec 10, 2020 07:21 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Thanks, I am a little slow on the reply  - thanks for the support

The play itself works, it's just during the stat task the error comes up. It looked as if it's trying to use the network_cli to do the checksum. 

I got the following result

TASK [Get checksum of stored GOLDEN config] *******************************************************************************************************************************************************************
task path: /root/projects/TheEastCut/config-check.yml:29
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout
<10.154.0.2> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.154.0.2> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-22396HEFqnG `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198 `" && echo ansible-tmp-1607599290.46-22539-63296251257198="` echo /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198 `" ) && sleep 0'
Using module file /usr/lib/python2.7/site-packages/ansible/modules/files/stat.py
<10.154.0.2> PUT /root/.ansible/tmp/ansible-local-22396HEFqnG/tmprXm3zp TO /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py
<10.154.0.2> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/ /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/AnsiballZ_stat.py && sleep 0'
<10.154.0.2> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-22396HEFqnG/ansible-tmp-1607599290.46-22539-63296251257198/ > /dev/null 2>&1 && sleep 0'
ok: [ap-lab-01] => {
"changed": false,
"invocation": {
"module_args": {
"checksum_algorithm": "sha1",
"follow": false,
"get_attributes": true,
"get_checksum": true,
"get_md5": false,
"get_mime": true,
"path": "/root/projects/TheEastCut/configs/golden_ap-lab-01.cfg"
}
},



I tried adding ansible_connection = local to the playbook, and then ansible_connection = network_cli to just the tasks which connect to the switch ... and it solved it. No error and successful output.
:-)

Going to try the HTTPS and will upload the complete play it github.

Thanks








------------------------------
Andy Partridge

Original Message:
Sent: Nov 30, 2020 05:28 PM
From: Tiffany Chiapuzio-Wong
Subject: Ansible and OS-CX Secure config transfer with API

I'm not sure what the 1st issue is, could you run the execution in verbose mode and post the output?

For issue #2 that's expected behavior. The only way to replace the current running configuration would be to copy the startup-config to the running config of the switch,  That would require you to copy the "golden" configuration to the startup which would require either TFTP or HTTPS when using the REST API or just TFTP using the ssh modules.

Another option besides TFTP could be to use an HTTPS server, if your customer is open to doing that, and that method is only available through the REST API upload config module.

------------------------------
Tiffany Chiapuzio-Wong

Original Message:
Sent: Nov 26, 2020 07:05 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Having written a playbook using the aoscx_command module 
I am trying to achieve the network maintenance workflow - https://developer.arubanetworks.com/aruba-aoscx/docs/network-maintenance

2 issues I am coming across
1) An error creating the checksum of the golden_config - although the checksum is still valid
[ERROR]: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 611, in send response = self.receive(command, prompt, answer,
newline, prompt_retry_check, check_all) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/network_cli.py", line 559, in receive data = self._ssh_shell.recv(256) File
"/usr/lib/python2.7/site-packages/paramiko/channel.py", line 667, in recv raise socket.timeout() timeout

2) The uploading on configs only adds to the existing - it doesn't replace.

For example, is somebody but a vlan on the live switch in error, and its not on the golden template my testing shows this VLAN is not removed. 
This prevents this using this method to for configuration compliance?

------------------------------
Andy Partridge

Original Message:
Sent: Nov 26, 2020 03:53 AM
From: Andy Partridge
Subject: Ansible and OS-CX Secure config transfer with API

Hi,

Need some pointers, I am trying to do a secure download of configurations from an OS-CX using Ansible and the API. 

I can only see support for TFTP configuration within the API and the Ansible aoscx-role.

https://10.154.0.2/rest/v1/fullconfigs/running-config?to=tftp%3A%2F%2F10.0.0.1%2Frunning&type=json&vrf=mgmt

to a server but our customers don't allow TFTP on the network. 

I was looking for a command-line option within the API although secure options require user-name and password.

Is the only option to use SSH commands?
 

Thanks
AP.


------------------------------
Andy Partridge
------------------------------