Network Management

Reply
Highlighted
Contributor II

AirWave 8.2.4 NO CLI

Was about to update AirWave and noticed a nice little warning message that the CLI would no longer be available.

 

At least it was in the Relase Notes, unlike the whole adding docker to AirWave.

 

Looking at 8.2.4 User Guide Appendix B it looks like the replacement to the CentOS shell is a choose your ending number menu.

 

Way to suck...

At least give me a number option to drop back out to a real shell.

 

 


Accepted Solutions
Highlighted
Contributor II

Re: AirWave 8.2.4 NO CLI

Get around/reset the GRUB password: 

 

Yes, you need to boot from a Live Distro, or mount the disk with another VM. Knppoix/Ubuntu/Backtrack are what I typically have on hand. If you use Ubunut make sure you use "Try without Installing" / Try Ubuntu and don't install over your AMP server

 

- Shutdown the AirWave VM

- Add CD ROM to VM, and mount ISO to CD ROM.

- Edit VM Options, Boot Options, Force BIOS setup

- Save 

 

- Boot the AirWave VM

- In the vm BIOS got right to the Boot option

- Hightlight the CD-ROM option, and ++ to move it above Hard Drive

- Exit, Save Changes, Yes

 

- If Ubuntu use "Try Ubuntu" Option

- open terminal

- sudo fdisk -l to find the boot partition

- sudo mount /dev/sda2 /mnt

- sudo nano /mnt/grub/grub.conf

- delete the line that starts with password

- save file

- umount /mnt

 

While you're here go ahead and re-enable root login.

Find the LVM to mount

- sudo pvs

- sudo lvdisplay /dev/VolGroup00

Mount it:

- sudo mount /dev/VolGroup00/Log/Vol00 /mnt

Change passwd file:

- sudo nano /mnt/etc/passwd

- change the root from nologon to /bin/bash

root:x:0:0:root:/root:/bin/bash

You can also change the ampadmin login over to a terminal rather than going directly into the "imporved" user interface.

Go to the bottom of the file and change /user/local/airwave/bin/ampcli to /bin/bash

- sudo umount /mnt

Shut the system down

-halt

 

Edit the VM setting to disconnect the CDROM and boot into AirWave. 

 

 

 

 

 

View solution in original post

Highlighted
Contributor II

Re: AirWave 8.2.4 NO CLI

AirWave 8.2.10.0 CentOS7 install:

Re-Enable Root, Reset Password, and delete GRUB

 

Yes, you need to boot from a Live Distro, or mount the disk with another VM. Knppoix/Ubuntu/Backtrack are what I typically have on hand. If you use Ubuntu make sure you use

"Try without Installing" / Try Ubuntu and don't install over your AMP server

 

- Shutdown the AirWave VM

- Add CD ROM to VM, and mount ISO to CD ROM.

- Edit VM Options, Boot Options, Force BIOS setup

              You may have Boot from EFI option with 6.7U3

- Save 

 

- Boot the AirWave VM

- In the vm BIOS got right to the Boot option

- Hightlight the CD-ROM option, and ++ to move it above Hard Drive

- Exit, Save Changes, Yes

 

- If Ubuntu use "Try Ubuntu" Option

- open terminal:

 

 Remove Grub Password

You probably don’t need this but here if you need to get into the boot loader:

sudo mount /dev/sda2 /mnt

sudo nano /mnt/grub/grub.conf

- delete the line that starts with password

- save file

umount /mnt

 

Enable Root Login

While you're here go ahead and re-enable root login.

Mount the / drive:

sudo mount /dev/mapper/vg_system-lv_root /mnt

Change passwd file:

sudo nano /mnt/etc/passwd

 

change the root from nologon to /bin/bash

root:x:0:0:bin:/bin:/sbin/nologin  to  root:x:0:0:root:/root:/bin/bash

 

Set/Reset Root/Console Password

- set the root password / reset the ampadmin password

cd /mnt

sudo chroot /mnt

passwd ampadmin

passwd root

exit

 

Unmount the drive and reboot

cd /

sudo umount /mnt

 

Reboot Ubuntu/Linux and edit the VM setting to disconnect the CDROM and boot into AirWave. 

View solution in original post


All Replies
Highlighted
Moderator

Re: AirWave 8.2.4 NO CLI

Thanks for the feedback.

 

There was much debate that went into this feature, and this is just the initial roll out.  As we continue forward, we're hoping to develop custom modules to restore some of the functionality lost by not having direct access to the shell.  If you could help us distinguish which CLI operations you commonly perform from the CLI, we can start to plan out improvements.

 

We already have a request for a subset of network debugging tools: ping, traceroute, tcpdump, nslookup.  And we're keeping a watchful eye on all inbound requests.  So expanding on your feedback response would help a lot in shaping the future of the product.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Highlighted
New Contributor

Re: AirWave 8.2.4 NO CLI

A way to escape to the full shell would be much appreciated.

Highlighted
Contributor II

Re: AirWave 8.2.4 NO CLI

I'd like to add a request for a full shell menu option.  

Do I need to add that to the idea's feature request? 

Highlighted
MVP Expert

Re: AirWave 8.2.4 NO CLI

mholden, while we appreciate the deep, insightful feedback of "Way to suck", it would be far more helpful to inform us on how you are using the CLI and why you require access to the root shell.

 

Access to the shell has causedd no end of support issues long-term where changes were made, packages installed that resulted in stability issues, modifications to settings made that created long, difficult to pin down root-causes that were impacting customer perception of the product. Additionally, leaving root access was a threat vector of bad actors having access to the system adding in software that exposed the machine to additional risk (packages that added CSS vulnerabilities and exploits via some web interface installed as part of the 3rd party package).

 

No other product in the Aruba portfolio leave access to the shell open and this is just the evolution of AirWave into a more secure and stable product. While we can appreicate a small handful of customers that like having access to the shell, it's not a requirement and so long as our customers are informing us as to what they need from the shell that they aren't getting from the AMP CLI and GUI, we can add those support features in as needed. 

 

Thanks, as always. 


Jerrod Howard
Distinguished Technologist, TME
Highlighted
MVP Expert

Re: AirWave 8.2.4 NO CLI

Menchini, again, what needs do you have critical to the operation of the AMP do you need root access for? 


Jerrod Howard
Distinguished Technologist, TME
Highlighted
MVP Expert

Re: AirWave 8.2.4 NO CLI

There will not likely be any addition to the AMPCLI to enable full root access, it defies the purpose of putting this in in the first place. 

 

A list of what you need root access for that is critical to the operation of the AMP server would help us understand your needs and requirements, or address them via the other alternative paths provided in the GUI or AMP CLI, and if they aren't there, we can add them. But root access, just to have it, is not likely going to be a valid reason. 


Jerrod Howard
Distinguished Technologist, TME
Highlighted
Contributor II

Re: AirWave 8.2.4 NO CLI

Jerrod sorry, you are correct, knee jerk reaction. 

 

While full root access is not strickly needed, shell access has been VERY useful.

I've always hated loggin in a root, a user accuont is much better, and I've in some cases created such an account. 

Shell access is VERY much appreciated and used. 

I've used it as everything from a make shift SCP server so that we can get flash backups off the controllers, to a jump box for being able to change the default route on controllers. 

 

Root access has also been required when creating mount and backup scripts in order to have AirWave backups go to CIFS shares. sudoers would be fine for these functions. 

 

Another reason for shell Troubleshooting and Upgrading. 

 

Perhaps a balanced approach of going therough a couple of menu options to get to a user shell, and doing the one time key to get full root access like on the controllers would allow for flexablity while reducing the support calls.

Highlighted
MVP Expert

Re: AirWave 8.2.4 NO CLI

Some of those have been discussed to be added in future versions (adding a module to enable offline backups or to make the scripting of backups easier). Downloading of the logs should contain all the troubleshooting logs moving forward (and if not, TAC case will file a bug to add that in). A jump box, while handy (and I've used it many times), it's not a feature we support or advocate so losing it shouldn't be a critical loss. 

 

SCP server host still works with the AMP CLI, you can load up and down files into the AMP via the AMP CLI to use for controller firmware, move files in and out, load certs and new packages, etc. 

 

However, there will not likely be any steps or processes that ends up with the ability to get any root access to the system, via user account, sudo, or otherwise. Thanks for the feedback, we will bring this up with PLM and engineering as things to add in. 


Jerrod Howard
Distinguished Technologist, TME
Highlighted
Contributor II

Re: AirWave 8.2.4 NO CLI

One other use for the CLI.

I didn't see how you are able to load a Web https certificate for AirWave now. 

 

Was there a feature in 8.2.4 that allows us to change the web cert in the GUI?