Developer

Does anyone have any working Ansible playbooks for 8.x controllers and MM? I'm having nothing but issues getting some basic CLI commands to work. The first couple playbooks I want to setup are for automating config backups and collecting tech support logs. Both of these require straight SSH CLI commands that aren't in any of the Aruba Ansible modules, so I've been trying the built-in Ansible 'aruba_command' module, but not having any luck getting a working setup. I've also tried the 'raw' module to just issue straight SSH commands, but that one doesn't support 'wait_for', or any other way I can find to collect logs, copy to ftp, and enter the FTP password with the correct timing. 

TL;DR: does anyone have working examples of Ansible playbooks for something like a simple config backup to FTP? 

I'm not into Ansible, so apologies if I respond with stupid suggestions.

Did you find these ArubaOS 8 Ansible playbooks already?

CLI/SSH scripting should probably be avoided as there is extensive API access to ArubaOS 8 MM/MD.

Ansible would use the API with the custom modules/playbooks you've referenced. The issue is that all of those modules/playbooks that Aruba has created are all 'config' modules, not 'command' modules. There is no module or playbook that will run 'tar logs tech-support,' for example. There is also no API that I can find for this. The closest thing I can find is the API to 'run show commands', maybe I can just stick other CLI commands in there and just see if it will take them? But still there are some commands such as the 'copy ftp: ....' commands where you have to enter the base command, then it prompts to enter a password on a second line, not sure how that could be done via the API. And i'm not seeing an API for 'copy', 'tar', etc. 

Update, the 'showcommand' API does appear to run just about any CLI command, so that is a start. I still have an issue with file copies though, because that process is interactive asking for a password. 

Is there a way to generate SSH keys on the controllers and use those for SCP copies rather than username/password? 

I'm not aware of that. You might (yuk) fallback to TFTP.

Not Ansible, not sure if it collects log-tars, but might be a solution as well: AirRecorder.

https://github.com/ansible/ansible/pull/54261/commits

There is a pull request for this I had the same issue made these changes and my playbooks work using SSH

After the fix in the Mike's response for aruba_command ansible module, I have created a sample playbook to collect techsupport logs and copy it to a remote server from the aruba controller via SSH and CLI commands. 

Sample Ansible Playbook:

- name: Sample Playbook for mobility master SSH command
  hosts: controller
  connection: local
  gather_facts: no
  vars_files:
    - mm_variables.yml

  tasks:
     - name: Collect tech-support logs
       aruba_command:
         commands: "tar logs tech-support"
         interval: 300
         provider: "{{ provider }}"

     - name: Copy tech support logs to log server
       aruba_command:
         commands:
           -  "copy flash: logs.tar scp: {{ log_server_ip }} {{ log_server_username }} {{ log_filename}}"
           -  "{{ log_server_pswd }}"
         interval: 300
         provider: "{{ provider }}"
         retries: 1
         match: any
         wait_for:
           -  result[0] contains Password
           -  result[1] contains File

You could place the variables in the "mm_variables.yml" file as mentioned in the playbook.

Thanks all, those last two posts help. I'm checking with Red Had on the status of that module fix. I also developed just about the same playbook and was able to get it working, except the wait_for statements don't work, likely because of the code issue.