arubanetworks.aoscx_role

Panoramica Versioni Approfondimenti

aoscx

This Ansible role helps you manage AOS-CX network devices with specific configuration tools designed for them.

Requirements

  • Python version 3 or higher
  • Ansible version 2.8.1 or higher
    • Check Ansible's documentation for how to install it.
    • If using Ansible 2.10 or newer, make sure to install the ansible.netcommon collection.
  • Minimum AOS-CX firmware version 10.04.
  • Enable REST on your AOS-CX device using these commands:
    switch(config)# https-server rest access-mode read-write
switch(config)# https-server vrf mgmt

Installation

To install via Galaxy:

ansible-galaxy install arubanetworks.aoscx_role

Example Output:

Starting galaxy role install process
- downloading role 'aoscx_role', owned by arubanetworks
...
- arubanetworks.aoscx_role (3.0.1) was installed successfully
ansible-control-machine$

  • Go to the roles directory where the Ansible role was installed, run ansible-galaxy role list to see:

    ansible-control-machine$ansible-galaxy role list
...
- arubanetworks.aoscx_role, 3.0.1
...
    • Install all Ansible requirements with:
      ansible-galaxy install -r requirements.yml
    • Install all Python requirements with:
      python3 -m pip install -r requirements.txt

  • Return to your working directory and start automating!

    ansible-control-machine$cd /users/chiapuzi/Desktop/sandbox/

SSH/CLI Modules

  • To use SSH/CLI modules like aoscx_config and aoscx_command, SSH access must be enabled on your AOS-CX device (it is on by default).
    • If needed, enable SSH access with:
    switch(config)# ssh server vrf mgmt
  • The control machine's known_hosts file must have the target device's public key. You can also disable host key checking, but it’s not recommended. If you do, modify ansible.cfg to include: host_key_checking = false

Notes

  • The default command timeout is 30 seconds. If a command runs longer, it will time out.
    • If you often see command timeout triggered, timeout value is 30 secs, consider changing the variable ANSIBLE_PERSISTENT_COMMAND_TIMEOUT to a higher value. Refer to Ansible documentation here for more info.

Inventory Variables

For your AOS-CX host, define the following variables in your inventory:

  • ansible_host: IP address of switch in A.B.C.D format. Use square brackets for IPv6, e.g., '[2001::1]'.
  • ansible_user: Switch username in plain text
  • ansible_password: Switch password in plain text
  • ansible_network_os: Always set this to aoscx
  • ansible_connection: Use httpapi for REST API modules, network_cli for SSH/CLI modules, and aoscx for pyaoscx modules
    • For more on pyaoscx, see here.
  • ansible_httpapi_use_ssl: (For REST API modules) Always set to True as AOS-CX uses port 443 for REST.
  • ansible_httpapi_validate_certs: (For REST API modules) Set this depending on whether you want Ansible to validate certificates.
  • ansible_acx_no_proxy: Set to True or False for proxy bypass to AOS-CX.
  • ansible_aoscx_validate_certs: Set whether Ansible should skip cert validation with AOS-CX. Needed when ansible_connection is aoscx.
  • ansible_aoscx_use_proxy: Set to True or False for proxy bypass when ansible_connection is aoscx.

pyaoscx Modules

To use our updated Python SDK for AOS-CX, called Pyaoscx, we've revamped our Ansible integration for REST API modules.

If you're already using Ansible with AOS-CX REST API modules: The previous approach will still work, but it won't be updated. You should update your Ansible Inventory variables to include ansible_network_os=aoscx and other necessary variables, and install pyaoscx with: pip3 install pyaoscx
The AOS-CX Ansible Role will check for pyaoscx and use it if installed. If ansible_network_os is set to httpapi, it will use the old method.

Sample Inventories:

For REST API Modules Only:

INI
aoscx_1 ansible_host=10.0.0.1 ansible_user=admin ansible_password=password ansible_network_os=aoscx ansible_connection=aoscx ansible_aoscx_validate_certs=False ansible_aoscx_use_proxy=False
YAML
all:
  hosts:
    aoscx_1:
      ansible_host: 10.0.0.1
      ansible_user: admin
      ansible_password: password
      ansible_network_os: aoscx
      ansible_connection: aoscx  # REST API via pyaoscx
      ansible_aoscx_validate_certs: False
      ansible_aoscx_use_proxy: False
      ansible_acx_no_proxy: True

For Legacy REST API Modules:

INI
aoscx_1 ansible_host=10.0.0.1 ansible_user=admin ansible_password=password ansible_network_os=aoscx ansible_connection=httpapi ansible_httpapi_validate_certs=False ansible_httpapi_use_ssl=True ansible_acx_no_proxy=True
YAML
all:
  hosts:
    aoscx_1:
      ansible_host: 10.0.0.1
      ansible_user: admin
      ansible_password: password
      ansible_network_os: aoscx
      ansible_connection: httpapi  # REST API connection
      ansible_httpapi_validate_certs: False
      ansible_httpapi_use_ssl: True
      ansible_acx_no_proxy: True

For SSH/CLI Modules Only:

INI
aoscx_1 ansible_host=10.0.0.1 ansible_user=admin ansible_password=password ansible_network_os=aoscx ansible_connection=network_cli
YAML
all:
  hosts:
    aoscx_1:
      ansible_host: 10.0.0.1
      ansible_user: admin
      ansible_password: password
      ansible_network_os: aoscx
      ansible_connection: network_cli  # SSH connection

Example Playbooks

Including the Role

If you installed the role via Galaxy, add arubanetworks.aoscx_role to your roles list:

- hosts: all
  roles:
    - role: arubanetworks.aoscx_role
  vars:
    ansible_python_interpreter: /usr/bin/python3
  gather_facts: False     
  tasks:
  - name: Create L3 Interface 1/1/3
    aoscx_l3_interface:
      interface: 1/1/3
      description: Uplink_Interface
      ipv4: ['10.20.1.3/24']
      ipv6: ['2001:db8::1234/64']

Using Both REST API and SSH/CLI Modules on a Host

To use both REST API and SSH/CLI modules on the same host, create separate plays. Each play can only use one type (either REST API or SSH/CLI). In each play, set ansible_connection to the right value based on the modules being used:

  • For REST API modules, use aoscx.
  • For SSH/CLI modules, use network_cli.

Here’s a suggested way to do it:

  1. Set the host variables to connect via REST API as shown above.
  2. In the playbook, for each play that uses SSH/CLI modules, set ansible_connection to network_cli.

Your inventory would look like this:

all:
  hosts:
    aoscx_1:
      ansible_host: 10.0.0.1
      ansible_user: admin
      ansible_password: password
      ansible_network_os: aoscx
      ansible_connection: aoscx  # REST API
      ansible_httpapi_validate_certs: False
      ansible_httpapi_use_ssl: True
      ansible_acx_no_proxy: True

And the playbook like this (the second play uses the SSH/CLI module aoscx_command with the right connection setting):

- hosts: all
  roles: 
    - role: arubanetworks.aoscx_role
  vars:
     ansible_python_interpreter: /usr/bin/python3
  gather_facts: False     
  tasks:
  - name: Adding or Updating Banner
    aoscx_banner:
      banner_type: banner
      banner: "Hi!"

- hosts: all
  roles: 
    - role: arubanetworks.aoscx_role
  vars:
    ansible_connection: network_cli
  gather_facts: False    
  tasks:
    - name: Execute show run on the switch
      aoscx_command:
        commands: ['show run']

Contribution

We at Aruba Networks are committed to high product quality. If you find any issues, please report them on our Github, and we will respond quickly!

You can find more ways to contribute in our CONTRIBUTING.md.

License

Apache 2.0

Authors

  • Madhusudan Pranav Venugopal
  • Yang Liu
  • Tiffany Chiapuzio-Wong
  • Derek Wang
  • Daniel Alvarado Bonilla
Informazioni sul progetto

Ansible modules for configuring AOS-CX switches. (github repo - https://github.com/aruba/aoscx-ansible-role)

role 8320 8400 aoscx aruba arubaoscx datacenter hpe networking switch switches
Installa
ansible-galaxy install arubanetworks.aoscx_role
GitHub repository
26 stelle
10 fork
7 problemi aperti
Licenza
Unknown
Download
97.4k
Proprietario