last person joined: 2 hours ago 

Expand all | Collapse all

Ansible on Aruba edge switches

Jump to Best Answer
  • 1.  Ansible on Aruba edge switches

    Posted Feb 23, 2020 02:05 PM

    I was looking for tools to automate configuration of a number of different types of network equipment and servers.  So far it looks like Ansible should be capable of doing what we need but I have had a reasonably difficult time getting going with it.  A lot of the trouble revolves around available modules. 


    The modules may or may not do what we need.  To me it looks like there are a few bugs and I can't tell whether the modules are capable of doing what we need or not.  The documentation isn't very robust.


    The CONTRIBUTING doc mentions both opening tickets in the github repo and creating threads here.  Is there a preferred place?  I assume bugs should be filed in github.  Should discussion be there or here?



    Currently, we are working with 2920 and 2930F switches.  I'm attempting to create extended access lists with the arubaoss_acl_policy module.  Is there documentation how to pass a destination port?  The examples show allowing or denying all TCP for example but not specific ports.  There doesn't appear to be a way to pass eq, lt, ge, neq, etc...  The module will create source and dest rules but not with port.  It may be a formatting issue and probably is from the error that's returned.  Is this the kind of thing for here or gitbub?


    We also need dhcp-snooping since that will give us some protection from rogue dhcp servers and is the mechanism used to determine client IP for radius accounting.  There is a feature request for it in the github repo but nothing that suggests someone is intending to deal with it.  It's been a while since I've coded something like that but I'd suspect the NTP module could be easily modified to handle the dhcp-snooping bits.  Where would this kind of thing be discussed and how could I tell if someone is doing anything about it?  If we write this up, we would be happy to contribute it back.  The same goes with documentation.


    In the README, it specifies "Python 2.7 or 3.5+" when the default python from Ubuntu 18.04 used, the modules work fine.  They are installed into a python 2.7 directory from the provided install script.  When python3 is used, the modules don't show up in the path and I'm not sure if they should work fine or not?  Has anyone used the modules with python3 and should they work correctly?


    Thanks for any assistance.



  • 2.  RE: Ansible on Aruba edge switches
    Best Answer

    Posted Mar 02, 2020 05:04 PM

    Hi @cross !


    I'm sorry to hear you're having difficulty using the modules, if you find issues/bugs with the modules please submit an issue on our Github. If you're asking more 'how-to' or advice from the community - this is a great forum for that!


    I just updated the documentation and examples for the arubaoss_acl_policy module here:


    So that should answer your question about how to use the destination port with the ACL rules.


    We're still working on developing the DHCP-snooping module so we thank you for your patience! We welcome any and all feedback/contribution so if there's anything you'd like to contribute whether that be code or documentation feel free to!


    For the installer to 'install' the modules in the python3 path your ansible python module location should be set to python3 path - we've tested these modules with Python3.5 and Python3.7 and haven't come across any issues. Please submit an issue on our Github if you come across any problems with Python3!






  • 3.  RE: Ansible on Aruba edge switches

    Posted Mar 09, 2020 08:56 AM

    The documentation update is a big help for the acl module.  It's still unclear to me whether local policies and local roles can be configure with a module or not.  There is an arubaoss_traffic_class module but not a policy or user-role module.


    The clearpass module also has a significant error in the documentation.  I'll file a bug report on that after I figure out whether the username and password feature work.  The module works if you have an OAuth token so it's usable.  Our OAuth service may not be configured correctly right now.  We are only using it for bulk imports right now so it wasn't an issue until now.