Developer

I have been playing on the fringes of Ansible for a while and now have a real opportunity to use but find the module  offering very confusing

I believe there are currently 4 different CX offerings with Ansible

1) aruba-switch-ansible ( https://github.com/aruba/aruba-switch-ansible) which is limited by the scripts although uses the Rest Interface  for access

2) aruba-ansible-modules ( https://github.com/aruba/aruba-ansible-modules) which requires a module to install and uses the Rest Interface  for access

3) aoscx-ansible-collection (https://github.com/aruba/aoscx-ansible-collection) limited to the library scripts

4) aoscx-ansible-role ( https://github.com/aruba/aoscx-ansible-role )- limited to the library scripts

I always assumed that Cli driven commands would be the easiest for transition, but believe using the rest interface has more functionality.

There seems to limitations with a lot of the modules, but I wanted to build large configured using Jinja2 templates i.e. 30-40 bgp peers etc.

What is the best method/module should I use, and which module has longevity?

I have also had limited success with test some of these. 

Hi and3p!

I'm sorry you're finding the AOS-CX module support confusing, let me break it down and see if that helps!

1)  aruba-switch-ansible - this repository currently holds 2 modules in the library/ directory, these modules are utilizing SSH and CLI to execute commands for both AOS-CX and AOS-Switch. The recommended use for this module is for commands that our REST API modules do not currently support.

2) aruba-ansible-modules - this repository no longer maintains any AOS-CX modules. This repository contains Ansible modules using REST API for the following products: AOS-Switch, ArubaOS Controller, Activate, Airwave, Clearpass, and Instant.

3+4) aoscx-ansible-collection and aoscx-ansible-role are the same modules just implemented in Ansible's Collection and Role structure to allow for easy installation and use. These are where the REST API modules are written for AOS-CX.

In regards to your orginal use case, "I wanted to build large configured using Jinja2 templates i.e. 30-40 bgp peers etc. What is the best method/module should I use, and which module has longevity?"

I would say, use Ansible's template module to generate configurations based on a Jinja2 template, then use the arubaos_cx_ssh_cli module to have the device copy the configuration to itself, something like the following:

- name: Generate Config for Device
  template: src="{{config_template}}" dest="{{temp_config_file}}"

- name: Copy Generated Config to Running through TFTP
  arubaos_cx_ssh_cli:
    ip: "{{ip | default(ansible_host)}}"
    user: "{{user | default(ansible_user)}}"
    password: "{{password | default(ansible_password)}}"
    commands: ["copy tftp://{{tftp_server}}/{{temp_config_file}} running-config vrf mgmt"]

Hopefully this answers your question, let me know if the solution provided isn't what you were looking for!

help - I'am not having much luck with the modules, 

progress so far the module 

arubaos_cx_ssh_cli:

is from https://github.com/aruba/aruba-switch-ansible which I have cloned and copied the library and task list to the Project Folder.

The templates are being created and put in the config folder, so my 

My playbook currently looks like this 

---
- name: Build Core Switch Config and Upload to device
gather_facts: no
hosts: localhost

roles:
- CoreSwitch

tasks:
- name: Upload Configuration
arubaos_cx_ssh_cli:
ip: "{{ip | default(ansible_host)}}"
user: "{{user | default(ansible_user)}}"
password: "{{password | default(ansible_password)}}"
commands: ["copy tftp://{{tftp_server}}/{{temp_config_file}} running-config vrf mgmt"]

but the response 

[root@localhost ProjectA]# ansible-playbook CoreSwitchBuild.yml
ERROR! Syntax Error while loading YAML.
mapping values are not allowed in this context

The error appears to be in '/root/ProjectA/CoreSwitchBuild.yml': line 11, column 25, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

- name: Upload Configuration
arubaos_cx_ssh_cli:
^ here

Am I using the module correctly?

I also have considerations towards the mode operation of ansible with the Aruba CX and Switch. I was originally aiming for more of an ad-hoc configuration scripting, while it seems the modules suit a more holistic environment, where configs are built and upload on change, or is the ssh_cli module suitable for sending adhoc commands?

Hi, if the formatting hasn't been changed during your posting, it appears the ansible problem is a simple indent issue:

The offending line appears to be:

- name: Upload Configuration
arubaos_cx_ssh_cli:
^ here

should be:

- name: Upload Configuration
  arubaos_cx_ssh_cli:

Good spot - rookie mistake.

Making progress, and trying to understand the Aruba module.

My play has the following:

---
- name: Build Core Switch Config and Upload to device
gather_facts: no
hosts: all
roles:
- CoreSwitch

tasks:
- name: Upload Configuration
delegate_to: all
arubaos_cx_ssh_cli:
ip: 192.168.5.8
user: admin
password: password
# Commands as a list
commands: ["copy tftp://192.168.56.1/coreswitch.cfg running-config vrf mgmt"]

The core switch role builds the config

and I get the following result.

TASK [Upload Configuration] **************************************************************************************************************************************************************************************************************
task path: /root/ProjectA/CoreSwitchBuild.yml:9
<all> ESTABLISH SSH CONNECTION FOR USER: None
<all> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=5 -o ControlPath=/root/.ansible/cp/ebdc3260a9 all '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<all> (255, '', 'ssh: Could not resolve hostname all: Name or service not known\r
')
fatal: [CoreSwitch]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname all: Name or service not known",
"unreachable": true
}

I have tested from the Ansible Host ssh access to the switch, although the error implies no connectivity. 

Hello! It appears Ansible might be having trouble connecting to your device in your inventory, this can be due to many reasons, I'm assuming you're able to ping/ssh to your device from your Ansible control machine without using Ansible? In that case, could you share a sample of what your inventory looks like? For security reasons you can change the values of the variables, I'm just trying to see if all the necessary variables are defined for Ansible to connect to your device.

Hi, it looks like the issue is configuration.

See the error message:

msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname all:

This shows that ansible is trying to resolve a hostname of "all" rather than connecting to one of your switches (I'm assuming you dont' have a switch called all).

Check through the script where you have "all" written and see if that should be {{all}} or some other variable.

Do you have look with a tcpdump (or wireshark/tshark) if your ansible server try to connect to the switch ?

I've had some success this morning after looking at the inventory file and running a simple play - posting code for visibility.

test-access.yml

---
- name: Test Access - Change the hostname
hosts: all
gather_facts: no
tasks:
- name: Change the Hostname
arubaos_cx_ssh_cli:
ip: 192.168.5.10
user: admin
password: password123
commands: ["conf", "hostname {{ ansible_hostname }}"]

inventory.yml

---
all:
children:
branch1:
vars:
hosts:
Core1:
ansible_host: 192.168.56.108
ansible_connection: local # Do not change
ansible_hostname: CoreSwitch-001

Which is great, keen to move it to the next step, build's the config and uploads to the switch, I have used roles for the config templates to allow it to scale.

CoreSwitchBuild.yml

---
- name: Build Core Switch Config and Upload to device
hosts: all
gather_facts: no
roles:
- CoreSwitch

tasks:
- name: Upload Configuration
# delegate_to: all
arubaos_cx_ssh_cli:
ip: 192.168.56.10
user: admin
password: password123
# Commands as a list
commands: ["copy tftp://192.168.5.1/{{ ansible_hostname }}.cfg running-config vrf mgmt"]

which is very nearly working, just the tftp-server setup on the ansible host.

I do have a bit of duplication in the code with the inventory and roles - vars files, which might be acceptable. 

Awesome work @and3p !! Thank you so much for sharing your code!! Yes variable files and an organized inventory can make all the difference when it comes to Ansible!! If you're looking for any resources on Variables and Variable Files in Ansible be sure to check out my video on the Airheads Broadcasting Channel!!