Developer Community

Reply
Occasional Contributor I

HTTP 400 error from arubaoss_config_bkup / api modules

Crossposting from the github on the off chance others have solved this, since there seems to be very little activity from the developers there.

 

We're trying to automate config backups nightly for an aruba switch stack (currently one, we're planning to replace existing brocades with these and want a solution in place before we do so).

 

Model/OS Version:
Product: Aruba JL322
Name: Aruba 2930M-48G-PoE+ Switch
Date: Nov 1 2019 19:24:11
Build: 208
Version: WC.16.10.0002

 

We have the following in the hosts:

 

[aruba-sitecode]
HOSTNAME ansible_host=#.#.#.# ansible_network_os=aruba ansible_connection=local

[aruba-blr:vars]
ansible_user=serviceaccount
ansible_pass=password
ansible_command_timeout=80

And this playbook:

  • hosts: aruba-sitecode
    gather_facts: false

    vars:
    date: "{{ lookup('pipe', 'date +%Y%m%d') }}"
    filename: "running_config_{{ inventory_hostname }}_{{date}}.txt"

    tasks:

    • name: show run
      arubaoss_config_bkup:
      config_type: CT_RUNNING_CONFIG
      server_type: ST_TFTP
      server_ip: #.#.#.#
      file_name: "{{filename}}"
      use_ssl: True
      user_name: "{{ ansible_user }}"
      password: "{{ ansible_pass }}"

We are able to authenticate against the api with curl/postman and get a cookie. When we attempt to run the playbook we get the following failure:

 

fatal: [HOSTNAME]: FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"body": "<TITLE>400 Bad Request</TITLE>

Bad Request

Access is unauthorized.

",
"changed": false,
"connection": "close",
"content-length": "89",
"content-type": "text/html",
"invocation": {
"module_args": {
"api_version": "v7.0",
"config_type": "CT_RUNNING_CONFIG",
"file_name": "running_config_BLR-ARUBASTACK-01_20200102.txt",
"forced_reboot": null,
"host": "#.#.#.#",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"provider": {
"api_version": null,
"host": "#.#.#.#",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"ssh_keyfile": null,
"timeout": 30,
"transport": "aossapi",
"use_proxy": false,
"use_ssl": true,
"username": "serviceaccount",
"validate_certs": false
},
"recovery_mode": null,
"server_ip": "TFTPSERVERIP",
"server_name": null,
"server_passwd": null,
"server_type": "ST_TFTP",
"sftp_port": 22,
"ssh_keyfile": null,
"state": "create",
"timeout": 30,
"use_ssl": true,
"user_name": "serviceaccount",
"username": "serviceaccount",
"validate_certs": false,
"wait_for_apply": true
}
},
"msg": "HTTP Error 400: Bad Request",
"server": "eHTTP v2.0",
"status": 400,
"url": "https://#.#.#.#:443/rest/v7.0/system/config/cfg_backup_files"
}

 

We have the following questions:

 

Is there something obviously wrong with the playbook or am I omitting a setting? The only things I've been able to find on the airheads community are either people complaining about a lack of depth for the api and ansible documentation.

 

Do we need to specify an api version? If I specify nothing I receive:
None is not valid api version. using aossapi v6.0 instead
if I specify 6.0(or 6, or 7.0) I receive:
6.0 is not valid api version. using aossapi v6.0 instead
And the output has a v7.0 uri.

 

Are we able to specify an SSL port? We would like the web interface port configured 8443 but as far as I can tell there isn't a way to feed it a port.

 

Last, is there a better way to get a running config locally to our ansible system? Its much easier on our arista, brocade, and cisco devices as we can just run show run and drop the output to file.

 


Accepted Solutions
Highlighted

Re: HTTP 400 error from arubaoss_config_bkup / api modules

We've verified this isn't an Ansible issue but more an environement authentication issue that the user will work on resolving with the support team: https://github.com/aruba/aruba-ansible-modules/issues/76

View solution in original post


All Replies
Highlighted

Re: HTTP 400 error from arubaoss_config_bkup / api modules

Hi @jheman!

 

Looking at your sample inventory, it appears you're setting the ansible_network_os to be aruba when it should be arubaoss , you can see an example inventory for an AOS-Switch device here.  That is most likely the culprit for your 400 error.

 

In regards to your questions:

  • Do we need to specify an api version? 
    • No you do not need to specify an API version, our modules will get the latest supported API version for you.
  • Are we able to specify an SSL port? 
    • At this time our modules use port 443 and there is no option to pass in a specific port. If you wish to have this functionality as an enhancement please submit an enhancement issue on our Github! 
  • Last, is there a better way to get a running config locally to our ansible system?

 

We're constantly looking to improve our modules and make them better! Please feel free to submit any issues or enhancement requests on our Github!

 

Let me know if changing the network OS resolves your issue or not!

 

 

Highlighted
Occasional Contributor I

Re: HTTP 400 error from arubaoss_config_bkup / api modules

Ooooh good catch. I neglected to change that when I moved from trying to leverage the aruba_command module to this one.

 

After changing the os to arubaoss the behavior remains unchanged. I receive the same error output from the playbook:

 

"body": "<HTML><TITLE>400 Bad Request</TITLE><H1>Bad Request</H1>Access is unauthorized.<P></HTML>",

 

I have aaa authorization rest-uri none, which looks like it should permit unauthorized use of the api. I can set it to aaa authorization rest-uri radius, but will need to specify the uri values in our windows nps server. Is there a way to validate what the vendor ID is for ArubaOS 16.10? The API guide includes what the vendor specific attributes are, but not the vendor ID and windows requires that. this thread specifies the command:

 

show aaa radius-attributes | include Aruba,Value

but that is not valid on this switch/OS version. If I change it to aaa authorization rest-uri radius without that  populated the output from the playbook changes to

"body": "{\"message\":\"Authentication failed.\"}", and when I run the curl command suggested in the API documentation I likewise receive authentication failed.

Highlighted
MVP Guru Elite

Re: HTTP 400 error from arubaoss_config_bkup / api modules

Hi jheman,

 

The error coming from wrong settings for API authorization ?

 



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted

Re: HTTP 400 error from arubaoss_config_bkup / api modules

We've verified this isn't an Ansible issue but more an environement authentication issue that the user will work on resolving with the support team: https://github.com/aruba/aruba-ansible-modules/issues/76

View solution in original post

Highlighted
Occasional Contributor I

Re: HTTP 400 error from arubaoss_config_bkup / api modules

Yes, apologies. The website appeared down this morning.

 

Thanks for your help, I'm currently working with someone in HPE support to diagnose.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: