Developer

 View Only
last person joined: 3 days ago 

Expand all | Collapse all

Authentication Issue accessing Aruba Central from AWX

This thread has been viewed 62 times
  • 1.  Authentication Issue accessing Aruba Central from AWX

    Posted Oct 07, 2022 02:58 PM

    Trying to switch from command line ansible to AWX and ran into an issue authenticating to Aruba Central.
    For native ansible command line I'm just following the example provided at https://developer.arubanetworks.com/aruba-central/docs/ansible-getting-started.

    The inventory file is defined as:

    A test playbook does the following:

    Executing the playbook works fine:

    When switching into AWX, however, I got a HTTP 401 error instead.

    The host central is defined with the exact same variables:

    Launching the exact same playbook, this is what I get: HTTP Error 401: Unauthorized.

    I tried a few tweaks including creating a custom credential type by passing ansible_httpapi_central_access_token as an environment variable, but still got the same result. I also made sure that my API token wasn't expired or anything when testing with AWX.

    Is there anything else I am missing?



  • 2.  RE: Authentication Issue accessing Aruba Central from AWX

    MVP GURU
    Posted Oct 10, 2022 04:22 AM
    What do you have when use -vvv ?

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 3.  RE: Authentication Issue accessing Aruba Central from AWX

    Posted Nov 08, 2022 04:59 PM

    After running the AWX template with verbosity 4 and comparing it with command line ansible with -vvvv, it seems that this is triggered by AWX attempting to remove local temporary files while executing the playbook:


    The test AWX implementation I have is a container deployed on Ubuntu microk8s, I'm still trying to nail down the root cause of this.




  • 4.  RE: Authentication Issue accessing Aruba Central from AWX

    MVP GURU
    Posted Jan 07, 2023 08:41 AM
    Hi @merlintong,

    do you have found the issue ?


    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 5.  RE: Authentication Issue accessing Aruba Central from AWX

    Posted May 08, 2023 09:47 AM

    Hi @merlintong ,

    Any luck? Did you happen to figure this out?  

    thanks,
    Barad




  • 6.  RE: Authentication Issue accessing Aruba Central from AWX

    Posted Feb 16, 2024 10:11 AM

    I've got this exact same issue.
    Works perfectly fine when doing it through curl with the same api endpoint and access token, but through AWX it's failing.
    @barads @merlintong




  • 7.  RE: Authentication Issue accessing Aruba Central from AWX

    MVP GURU
    Posted Feb 19, 2024 06:17 AM

    May be open an issue on github ansible aoscx repo ?

    https://github.com/aruba/aoscx-ansible-collection/issues



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 8.  RE: Authentication Issue accessing Aruba Central from AWX

    Posted Feb 26, 2024 03:36 PM

    Hi @merlintong! I'm sorry to hear you're experiencing issues - I've validated the Collection functions/works when using the Ansible Automation Platform but I believe this issue is due to AWX's docker deployment & temporary files used to store the Central token information. Let me look into this and get back to see if there's a workaround for defining the auth token file  path



    ------------------------------
    Ti Chiapuzio-Wong (they/them)
    HPE Aruba Networking
    ------------------------------



  • 9.  RE: Authentication Issue accessing Aruba Central from AWX

    Posted Feb 26, 2024 05:04 PM

    @merlintong

    I see in the playbook you're using the Role instead of the collection, could you modify your playbook and inventory file to use the collection instead and see if you receive the same issue? 

    Playbook should include this clause:

       collections:
         - arubanetworks.aruba_central

    Inventory variables must be set like so:

          ansible_connection: httpapi
          ansible_network_os: arubanetworks.aruba_central.aruba_central


    ------------------------------
    Ti Chiapuzio-Wong (they/them)
    HPE Aruba Networking
    ------------------------------



  • 10.  RE: Authentication Issue accessing Aruba Central from AWX

    Posted Mar 11, 2024 09:31 AM

    Hey, thank you for replying here!
    I've tried with both defining a role and defining a collection as you explain above.

    It seems to me that the issue is directly tied to the get_headers function defined in central_http.py.
    When setting up AWX to use the inventory plugin, it will dynamically create/import a host that will be built just like the "simple inventory" example based on the values provided in the inventory plugin config yaml.


    However when AWX runs e.g. the get_groups action, when it builds the path, that calls `headers = central_api.get_headers(False, "get")` to set the headers, the headers won't include the Authorization header entry, only the `{"Content-Type": "application/json"}` will be included because it seems hardcoded to do so..?
    I'm not expert at this in any sense, but this part is really confusing why it wouldn't include the auth part.

    Did some more diving and realised that the Authorization header is added later, in the send_request function. However I'm having a really hard time troubleshooting this, because I cannot get any type of debugging logging/prints to work for this file in particular. I've used `import logging` for other py-files, however it errors out when being added to this one.

    Need to figure out what's going wrong inside this function when running through AWX. Is it the access token that's not being picked up properly? Is it something else? @Tiffany.Chiapuzio-Wong

    All in all, this results in the 401 Unauthorised scenario when running it through AWX.




  • 11.  RE: Authentication Issue accessing Aruba Central from AWX

    Posted Mar 28, 2024 09:32 PM

    Can you open an issue on our github and provide the full text output of the error in verbose mode? This can allow for better debugging on our end



    ------------------------------
    Ti Chiapuzio-Wong (they/them)
    HPE Aruba Networking
    ------------------------------