Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Ansible cli on WC/YA16.10?

This thread has been viewed 13 times

  • 1.  Ansible cli on WC/YA16.10?

    Posted Dec 13, 2019 12:32 PM

    Hey,

     

    We're starting to migrate our internal switching to aruba as existing brocade devices retire. Just brought up the first pair, having some trouble getting our existing config backup solution to work.

     

    Right now we have a centos box running ansible 2.9.1/python 2.7. Using ios/nxos/nos/eos devices we're able to just do show run and then take the output and store it in a git repo.

     

    Having a lot of trouble getting this to work with aruba. using either aruba_command, cli_command, or raw using ansible_network_os=aruba ansible_connection=local we're able to successfully authenticate to the switches/WAPs, but do not receive any actual output from commands (no stdout stderr). A broad array of network devices from various vendors work flawlessly.

     

    This applies to some 2530s running YA16.10 as well as wireless controllers running WC16.10. we have AAA through radius and the accounts are privileged when authenticated.

     

    Trying to confirm that,

    1. aruba_command should work for this software version
    2. cli_command should work for this software version
    3. If that is not the case, is there a module which *can* do arbitrary cli commands against this software version
    4. If that is not the case, which of the official aruba modules is able to just echo the config to stdout. We currently do not (and do not intend) to automate config changes or deployment to the devices, merely backups and possibly other information gathering. Read only, only.

    Any help would be greatly appreciated, I've been banging my head against this for a few days and arrived at the assumption that Ya16.10 just does not support this, but would love to find out I'm wrong.



  • 2.  RE: Ansible cli on WC/YA16.10?

    MVP GURU
    Posted Dec 16, 2019 03:22 PM

    Hi jheman,

     

    Ansible work with 16.10 (and other release...)

     

    What do you have when use ansible -vvv ? i think it will be a good idea to ask also on dev catagories or on Aruba Ansible Github



  • 3.  RE: Ansible cli on WC/YA16.10?

    Posted Dec 16, 2019 03:33 PM

    I've been running it with -vvvv, both the playbook and adhoc. Switch is: 

     

    Product: HP J9776A
    Name: HP 2530-24G Switch

     

    I've tried the following adhoc commands without success, I've tried both the aruba_command, cli_command, and raw modules in playbook:

     

    ansible SWITCHNAME -m aruba_command -a "commands='show running-config'" -c local -u SERVICEACCOUNT -k

    ansible SWITCHNAME -m cli_command -a "commands='show running-config'" -c local -u SERVICEACCOUNT -k

     

    The output is consistently this: https://postimg.cc/yD85QHSy/fdbc6aa7

    It succeeds/connects but does not pull any informtion.

     

    I am not able to enable the api on this model per aruba support, so the arubaoss modules are out of the question.

     



  • 4.  RE: Ansible cli on WC/YA16.10?

    MVP GURU
    Posted Dec 16, 2019 04:41 PM

    Why you don't have API ? you need only to enable HTTPS (or HTTP but it is not secure...)



  • 5.  RE: Ansible cli on WC/YA16.10?

    Posted Dec 17, 2019 08:59 AM

    Because per Aruba support this specific version of the 2530 switch does not allow API authentication to be enabled and the api does not allow unauthenticated use.

     

    You can enable the API itself but none of the other cli commands to manage it exist on the switch.



  • 6.  RE: Ansible cli on WC/YA16.10?

    MVP GURU
    Posted Dec 17, 2019 11:28 AM
    @jheman wrote:

    Because per Aruba support this specific version of the 2530 switch does not allow API authentication to be enabled and the api does not allow unauthenticated use.

     

    You can enable the API itself but none of the other cli commands to manage it exist on the switch.

    ??? where i do you see that ?!

     



  • 7.  RE: Ansible cli on WC/YA16.10?

    Posted Dec 17, 2019 12:25 PM

    I was told that verbally by Aruba support. The specific model we bought is not listed as applicable in the 16.10 API documentation.



  • 8.  RE: Ansible cli on WC/YA16.10?

    MVP GURU
    Posted Dec 17, 2019 12:29 PM
    @jheman wrote:

    I was told that verbally by Aruba support. The specific model we bought is not listed as applicable in the 16.10 API documentation.

    ???

     

    work for me...



  • 9.  RE: Ansible cli on WC/YA16.10?

    Posted Dec 17, 2019 01:10 PM

    I am just basing this on what Aruba support told me. They said the specific version of the 2530 in question *did not support the api*, it was not licensed for it. The commands to enable authentication are not present. And I was advised we cannot use the API without authenticating. If this is not true, I'd love to know how to configure it. I'm not sure why Aruba support would revert by telling us it did and would not work if that was not the case however.

     



  • 10.  RE: Ansible cli on WC/YA16.10?

    MVP GURU
    Posted Dec 17, 2019 11:50 PM

    Yes, there is no aaa authentification rest if you need to use RADIUS authentification for REST

     

    but you can use manager/admin account to connect to the switch using API

     

     



  • 11.  RE: Ansible cli on WC/YA16.10?

    Posted Dec 18, 2019 08:51 AM

    Per Aruba support, that is also not possible. I'd have been happy with that as a failback was advised that it would also not work, as a command was requried to enabled it and was likewise not present.

     

    I will try that, if you believe it would work.