Developer

 View Only
last person joined: 7 days ago 

Back to discussions
Expand all | Collapse all

How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

This thread has been viewed 44 times

  • 1.  How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 26 days ago

    Trying to enable REST api for ANSIBLE logins by following 16.11 OS Guide, but having no success whatsoever:

    FAILED! => {"body": "{\"message\":\"Authentication failed.\"}", "changed": false, "connection": "close", "content-type": "application/json", "msg": "HTTP Error 400: Bad Request", "requestid": "", "server": "eHTTP v2.0", "status": 400, "transfer-encoding": "chunked", "url": "http://xx.xx.xx.xx:80/rest/v6.0/login-sessions"}

    or

    Http
    Invalid user name/password on the REST session; the user 'ansible' is trying to login from the Switch WEB GUI

    --------------------------------------------------------------------------------------------------------------------------------------------------------

    aaa server-group radius "SW-Radius" host xx.xx.xx.xx

    aaa accounting exec start-stop radius

    aaa accounting system stop-only radius

    aaa authentication rest login radius server-group "SW-Radius" local

    aaa authentication rest enable radius server-group "SW-Radius" local

    -----------------------------------------------------------------------------------------------

    rest-interface is enabled for HTTP/80

    What is the right configuration for Aruba OS 16.11 and up?



  • 2.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    MVP GURU
    Posted 26 days ago

    Hi,

    What your playbook configuration ?

    If you try with curl (or PowerArubaSW ;-)), it is working ?

    for curl example you can look : https://networkingsupport.hpe.com/downloads/documents/RmlsZTo5OTBmZmUwZS03YjE3LTExZWQtYTcwNS1jMzc4NjBkYWVhMDY%3D



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 3.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 26 days ago

    Here is my playbook:

     

    ---

    - hosts: all

      gather_facts: false

      collections:

        - arubanetworks.aos_switch

     

      vars:

        - ansible_connection: network_cli

        - ansible_network_os: arubanetworks.aos_switch.arubaoss

        - ansible_command_timeout: 300

        - ansible_httpapi_use_ssl: false

        - ansible_httpapi_validate_certs: false

     

      tasks:

        - name: Include Credentials

          include_vars:

            file: /home/ansible/secret/credentials-ansible.yml

          no_log: true

     

        - name: Create VLAN 300

          arubaoss_vlan:

            vlan_id: 300

            name: "vlan300"

            config: "create"

            command: config_vlan

     

        - name: Update vlan 300 with ipv4 address

          arubaoss_vlan:

            vlan_id: 300

            config: "create"

            command: config_vlan_ipaddress

            vlan_ip_address: "10.20.30.40"

            vlan_ip_mask: "255.255.255.0"

     

        - name: Delete vlan 300 ipv4 address

          arubaoss_vlan:

            vlan_id: 300

            config: "delete"

            command: config_vlan_ipaddress

            vlan_ip_address: "10.20.30.40"

            vlan_ip_mask: "255.255.255.0"

     

        - name: update vlan 300 with dhcp helper address

          arubaoss_vlan:

            vlan_id: 300

            config: "create"

            command: config_vlan_dhcpHelperAddress

            helper_addresses: "10.10.10.100"

     

     




    Original Message


  • 4.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    MVP GURU
    Posted 23 days ago

    Look good...

    what do you have on /home/ansible/secret/credentials-ansible.yml ?

    do you have try with curl ?



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 5.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 23 days ago

    What I have tried to figure (please look at the original message), is why RESTapi does NOT process logins. Any logins (not just ansible)

    • Http
      Invalid user name/password on the REST session; the user 'ansible' is trying to login from the Switch WEB GUI 

    any user that can login to HTTP, cannot login to RESTAPI (the very same ansible user produces HTTP 400 bad request&failed authentication via ansible, but logs in to GUI)

    so the question is what am I missing in the Aruba OS 16.11.xxxx switch config?


    Original Message


  • 6.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    MVP GURU
    Posted 23 days ago

    Ansible is a local user or remote (RADIUS ?)



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 7.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 21 days ago

    We are trying to make it RADIUS (or TACACS? - seen some threads that REST over RADIUS has troubles with Aruba OS)

    What is the best practice for Aruba OS 16.11 (16.08+)?


    Original Message


  • 8.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    MVP GURU
    Posted 21 days ago

    What minor release do you are using for 16.11 ?

    Your configuration is already good, there is already this :

    aaa authentication rest login radius server-group "SW-Radius" local

    aaa authentication rest enable radius server-group "SW-Radius" local



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 9.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 20 days ago

    Tried on 16.11.0011 and 0015 


    Original Message


  • 10.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    MVP GURU
    Posted 20 days ago

    can you try 16.11.0018 ?

    i will try to check today with 2530 and RADIUS



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 11.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 7 days ago

    Tried 16.11.0018 and this is the error message I am getting:

    FAILED! => {"body": "<HTML><HEAD><TITLE>307 Temporary Redirect</TITLE></HEAD><BODY bgcolor=\"white\"><CENTER><H1>307 Temporary Redirect</H1></CENTER></BODY></HTML>", "changed": false, "connection": "close", "content-length": "140", "content-type": "text/html", "location": "https://10.xx.xx.xx/rest/v6.0/login-sessions", "msg": "HTTP Error 307: Temporary Redirect", "status": 307, "url": "http://10.xx.xx.xx:80/rest/v6.0/login-sessions"}

    ----------------------------- 

    How were your tests?

    Does RESTAPI work on Aruba OS for real?

    What are the correct configurations for it?


    Original Message


  • 12.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    EMPLOYEE
    Posted 7 days ago

    From the error message it looks like you tried to authenticate to the API on HTTP and the switch is redirecting you to HTTPS. So try to use HTTPS for your API calls, where given you address the switch on IP address, you probably should disable certificate validation in your API script.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 13.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    MVP GURU
    Posted 6 days ago

    Like @herman say, try with 

    use_ssl = true
    port = 443

    You can also check the web-management (show web-managment)

    and also use local and not network_cli

    ansible_connection: local
    ansible_network_os: arubanetworks.aos_switch.arubaoss


    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 14.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 2 days ago

    This brings me back to the original question: Does Aruba OS support RESTAPI for real and if so, what would be the correct configuration to confirm that?


    Original Message


  • 15.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    MVP GURU
    Posted yesterday

    Yes, it work for me

    what your configuration ? on the switch ? it is work with curl or PowerArubaSW module ?



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 16.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 22 hours ago

    We'e got no Swagger and Curl is not exactly always working (because Ansible does not either)

    I no longer know what does not work.

    1. Switch Configuration (web interface works for ansible login, but shows authentication errors when RESTAPI connection is attempted; firmware version 16.11.0015/18; self-signed 1024 or 2048 certificate; REST interface enabled for HTTP only) 

         aaa server-group radius "MY-Radius"

         aaa authorization rest-uri radius (per Aruba manual)  

         aaa authentication login privilege-mode (per Aruba manual)

         aaa authentication rest login radius local (OR radius server-group "MY-Radius" local) - does not work either way

         aaa authentication rest enable radius local ( OR radius server-group "MY-Radius" local) - does not work either way

    2. ANSIBLE configurations:

        2.1 Inventory file

               ansible_host: 10.xx.xx.xxx

               ansible_connection: local

               ansible_network_os: arubanetworks.aos_switch.arubaoss    

        2.2 Playbook

              vars: 

                    - ansible_connection: local

                    - ansible_network_os: arubanetworks.aos_switch.arubaoss

                    - ansible_command_timeout: 300

                    - ansible_httpapi_use_ssl: true (OR false) - does not work either way

                    - ansible_httpapi_validate_certs: false (OR true) - does not work either way

             tasks:

                  - name: Include Credentials 

                    include _vars:

                         file: /path_to_file.yml (vault, works with non-REST playbooks)

                  - name: Create VLAN 300

                    arubaoss_vlan:

                          vlan_id: 100

                          name: "vlan100"

                          config: "create"

                          command: config_vlan   


    Original Message


  • 17.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    MVP GURU
    Posted 4 hours ago

    do you have try to disable HTTPS ? 

    i don't have 

       aaa authorization rest-uri radius

    On my configuration 

    and i try with the follwing playbook

    0

    - hosts: all
  collections:
    - arubanetworks.aos_switch

  vars_prompt:
    - name: ansible_user
      prompt: What is your username?
      private: no

    - name: ansible_password
      prompt: What is your password?

  gather_facts: False
  tasks:
    - name: Create VLAN 200
      arubaoss_vlan:
        vlan_id: 300
        name: "vlan300"
        config: "create"
        command: config_vlan
        use_ssl: false
        port: 80

    and the following inventory file

    all:
  hosts:
    aosswitch_1:
      ansible_host: 10.X.X.X
      ansible_connection: local 
      ansible_network_os: arubanetworks.aos_switch.arubaoss


    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 18.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 2 hours ago

    Hi again, thank you for the feedback. The first task fails with the same error (meaning that ansible user does not have REST access). I initially asked how to Configure Aruba OS switches (where the problem seems to be): fatal: [switch-NAME]: FAILED! => {"body": "{\"message\":\"Authentication failed.\"}", "changed": false, "connection": "close", "content-type": "application/json", "msg": "HTTP Error 400: Bad Request", "requestid": "", "server": "eHTTP v2.0", "status": 400, "transfer-encoding": "chunked", "url": "http://10.X.X.X:80/rest/v6.0/login-sessions"}


    Original Message


  • 19.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted an hour ago

    Hi @dlukinski! When enabling REST API for AOS-Switch you'll want to ensure a valid certificate is on the switch and you've enabled REST with the following commands and verify the output:

    switch(config)# web-management ssl
    switch(config)# rest-interface

    If you have RADIUS or TACACS you'll want to use these commands as well, I believe Alexis already mentioned:

    switch(config)# aaa authentication rest login radius local
    switch(config)# aaa authentication rest enable radius local

    Verify the output with "show web-management";

    Aruba-2930M-24G-PoEP# show web-management

     Web Management - Server Configuration

      HTTP Access    : Enabled
      HTTPS Access   : Enabled
      SSL Port       : 443
      Idle Timeout   : 600 seconds
      Management URL : http://h17007.www1.hpe.com/device_help
      Support URL    : https://www.hpe.com/us/en/networking.html
      User Interface : Improved
      Listen Mode    : both



    ------------------------------
    Ti Chiapuzio-Wong (they/them)
    HPE Aruba Networking
    ------------------------------

    Original Message