Developer

 View Only
  • 1.  REST API - Error When trying to conenct with ansible

    Posted Dec 21, 2023 04:37 PM

    Hello,

    I'm using the arubanetworks.aos_switch collection for Ansible. Ansible version is 2.15.8 with all requirements.

    I am currently encountering an error when ansible tries to connect to the rest api :

    Using /app/f836712_exp/AWX/playbooks/ansible.cfg as config file
    
    PLAY [Switch Playbook VSF] **********************************************************************************************************************************
    
    TASK [Gathering Facts] **************************************************************************************************************************************
    ok: [CSXXX_MS12_SW_COEUR]
    
    TASK [Debug Test] *******************************************************************************************************************************************
    ok: [CSXXX_MS12_SW_COEUR] => {
        "msg": "10.120.3.65"
    }
    
    TASK [Test] *************************************************************************************************************************************************
    fatal: [CSXXX_MS12_SW_COEUR]: FAILED! => {"body": "{\"message\":\"Authentication failed.\"}", "changed": false, "connection": "close", "content-type": "application/json", "msg": "HTTP Error 400: Bad Request", "requestid": "", "server": "eHTTP v2.0", "status": 400, "transfer-encoding": "chunked", "url": "http://10.120.3.65:80/rest/v6.0/login-sessions"}
    
    PLAY RECAP **************************************************************************************************************************************************
    CSXXX_MS12_SW_COEUR        : ok=2    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
    

    My switch should be configured properly :

     REST Interface - Server Configuration
    
      REST Interface            : Enabled
      REST Operational Status   : Up
      REST Session Idle Timeout : 600 seconds
      HTTP Access               : Enabled
      HTTPS Access              : Enabled
      SSL Port                  : 443

    The playbook I'm using is fairly simple, since this is supposed to be a test :

    - name: Switch Playbook VSF
      hosts: CSXXX_MS12_SW_COEUR
      collections:
        arubanetworks.aos_switch
      vars:
        #ansible_connection: network_cli
      tasks:
      - name: Debug Test
        debug:
          msg: "{{ ansible_host }}"
      - name: Test
        arubaoss_system_attributes:
          hostname: CSXXX_MS12_SW_COEUR_2
          use_ssl: true
    Here are the variables for the specified host :
    ansible_host: xxxx
    ansible_connection: local
    ansible_network_os: arubanetworks.aos_switch.arubaoss
    ansible_user: xxxx
    ansible_password: xxxx

    Here's the command i'm using to run this task :

    >ansible-playbook -i switch-inventory.yml playbook_vsf.yml 

    I could not find a way to contrevent the error. Does anyone what could be causing it ?

    Sincerely,

    Etienne BOZEC



  • 2.  RE: REST API - Error When trying to conenct with ansible

    Posted Dec 22, 2023 04:10 AM

    Bonjour Etienne,

    Can you try without use_ssl: true ? (or add port: 443 ?) 

    Also what switch model and firmware ? do you use RBAC or local account ? 



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 3.  RE: REST API - Error When trying to conenct with ansible

    Posted Dec 22, 2023 04:28 AM
    Edited by ebozec Dec 22, 2023 04:30 AM

    Bonjour Alexis,

    The switch I am working on is an Aruba 2930F ( WC.16.01.0010) with VSF enabled. I'm using a tacacs account

    The error I posted was when trying with no ssl, I had the line commented, sorry about that.

    Still, here's the error, vith verbose :

    fatal: [CSXXX_MS12_SW_COEUR]: FAILED! => {
        "body": "{\"message\":\"Authentication failed.\"}",
        "changed": false,
        "connection": "close",
        "content-type": "application/json",
        "invocation": {
            "module_args": {
                "acl_direction": null,
                "acl_id": null,
                "acl_type": "AT_STANDARD_IPV4",
                "api_version": "None",
                "command": "config_vlan",
                "config": "create",
                "helper_addresses": "",
                "host": "10.120.3.65",
                "igmp_version": 2,
                "interval": 125,
                "ip_address_mode": "IAAM_STATIC",
                "is_dhcp_server_enabled": false,
                "is_dsnoop_enabled": false,
                "is_igmp_enabled": false,
                "is_jumbo_enabled": false,
                "is_management_vlan": false,
                "is_querier_enabled": true,
                "is_voice_enabled": false,
                "last_member_query_interval": 1,
                "name": "ansible_test",
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "port": 80,
                "port_id": "",
                "port_mode": "POM_UNTAGGED",
                "provider": {
                    "api_version": "None",
                    "host": "10.120.3.65",
                    "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                    "port": 80,
                    "ssh_keyfile": null,
                    "timeout": 30,
                    "transport": "aossapi",
                    "use_proxy": false,
                    "use_ssl": false,
                    "username": "SVCACC_ANSIBLE_SW",
                    "validate_certs": false
                },
                "qos_policy": null,
                "query_max_response_time": 10,
                "robustness": 2,
                "ssh_keyfile": null,
                "status": "VS_PORT_BASED",
                "timeout": 30,
                "use_ssl": false,
                "username": "SVCACC_ANSIBLE_SW",
                "validate_certs": false,
                "version": "IAV_IP_V4",
                "vlan_id": 900,
                "vlan_ip_address": "",
                "vlan_ip_mask": "",
                "vlantype": "VT_STATIC"
            }
        },
        "msg": "HTTP Error 400: Bad Request",
        "requestid": "",
        "server": "eHTTP v2.0",
        "status": 400,
        "transfer-encoding": "chunked",
        "url": "http://10.120.3.65:80/rest/v6.0/login-sessions"
    }
    




  • 4.  RE: REST API - Error When trying to conenct with ansible
    Best Answer

    Posted Dec 22, 2023 04:37 AM

    do you have

    switch(config)# aaa authentication rest login radius local
    switch(config)# aaa authentication rest enable radius local

    on your config ? (need to replace radius by tacacs on this case)



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 5.  RE: REST API - Error When trying to conenct with ansible

    Posted Dec 22, 2023 04:48 AM

    I had those two lines but I did not think to replace radius by tacacs... 

    It worked! Thank you very much!




  • 6.  RE: REST API - Error When trying to conenct with ansible

    Posted Dec 22, 2023 05:24 AM

    May be need update to README @Tiffany.Chiapuzio-Wong



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 7.  RE: REST API - Error When trying to conenct with ansible

    Posted Jan 02, 2024 05:07 PM

    Thanks @alagoutte! Tracking via Github issue: https://github.com/aruba/aos-switch-ansible-collection/issues/90



    ------------------------------
    Ti Chiapuzio-Wong (they/them)
    HPE Aruba Networking
    ------------------------------