This Ansible network role provides a set of platform-dependent configuration management modules specifically designed for the AOS-CX network device.
- Python 2.7 or 3.5+
- Ansible 2.8.1 or later
- Minimum supported AOS-CX firmware version 10.03.
- Enable REST on your AOS-CX device with the following commands:
switch(config)# https-server rest access-mode read-write switch(config)# https-server vrf mgmt
- To use the SSH/CLI modules
aoscx_configandaoscx_command, SSH access must be enabled on your AOS-CX device. It is enabled by default.- If necessary, re-enable SSH access on the device with the following command:
switch(config)# ssh server vrf mgmt - The control machine's
known_hostsfile must contain the target device's public key.- Alternatively, host key checking by the control machine may be disabled, although this is not recommended.
- To disable host key checking modify the ansible.cfg file (default /etc/ansible/ansible.cfg) to include:
host_key_checking = false
- The default command timeout is 30 seconds. If a command takes more than 30
seconds to execute, the task will time out.
- If you regularly encounter the
command timeout triggered, timeout value is 30 secserror, consider setting the environment variableANSIBLE_PERSISTENT_COMMAND_TIMEOUTto a greater value. See Ansible documentation here.
- If you regularly encounter the
Through Github, use the following command. Use option -f to overwrite current role version:
ansible-galaxy install git+https://github.com/aruba/aoscx-ansible-role.git
Through Galaxy:
ansible-galaxy install arubanetworks.aoscx_role
The variables that should be defined in your inventory for your AOS-CX host are:
ansible_host: IP address of switch inA.B.C.Dformat. For IPv6 hosts use a string and enclose in square brackets E.G.'[2001::1]'.ansible_user: Username for switch inplaintextformatansible_password: Password for switch inplaintextformatansible_network_os: Must always be set toaoscxansible_connection: Set tohttpapito use REST API modules, and tonetwork_clito use SSH/CLI modules- See below for info on using both REST API modules and SSH/CLI modules on a host
ansible_httpapi_use_ssl: (Only required for REST API modules) Must always beTrueas AOS-CX uses port 443 for RESTansible_httpapi_validate_certs: (Only required for REST API modules) SetTrueorFalsedepending on if Ansible should attempt to validate certificatesansible_acx_no_proxy: Set toTrueorFalsedepending if Ansible should bypass environment proxies to connect to AOS-CX
aoscx_1 ansible_host=10.0.0.1 ansible_user=admin ansible_password=password ansible_network_os=aoscx ansible_connection=httpapi ansible_httpapi_validate_certs=False ansible_httpapi_use_ssl=True ansible_acx_no_proxy=Trueall:
hosts:
aoscx_1:
ansible_host: 10.0.0.1
ansible_user: admin
ansible_password: password
ansible_network_os: aoscx
ansible_connection: httpapi # REST API connection method
ansible_httpapi_validate_certs: False
ansible_httpapi_use_ssl: True
ansible_acx_no_proxy: Trueaoscx_1 ansible_host=10.0.0.1 ansible_user=admin ansible_password=password ansible_network_os=aoscx ansible_connection=network_cliall:
hosts:
aoscx_1:
ansible_host: 10.0.0.1
ansible_user: admin
ansible_password: password
ansible_network_os: aoscx
ansible_connection: network_cli # SSH connection methodIf role installed through Github
set role to aoscx-ansible-role:
- hosts: all
roles:
- role: aoscx-ansible-role
tasks:
- name: Create L3 Interface 1/1/3
aoscx_l3_interface:
interface: 1/1/3
description: Uplink_Interface
ipv4: ['10.20.1.3/24']
ipv6: ['2001:db8::1234/64']If role installed through Galaxy
set role to arubanetworks.aoscx_role:
- hosts: all
roles:
- role: arubanetworks.aoscx_role
tasks:
- name: Create L3 Interface 1/1/3
aoscx_l3_interface:
interface: 1/1/3
description: Uplink_Interface
ipv4: ['10.20.1.3/24']
ipv6: ['2001:db8::1234/64']To use both REST API and SSH/CLI modules on the same host,
you must create separate plays such
that each play uses either only REST API modules or only SSH/CLI modules.
A play cannot mix and match REST API and SSH/CLI module calls.
In each play, ansible_connection must possess the appropriate value
according to the modules used.
If the play uses REST API modules, the value should be httpapi.
If the play uses SSH/CLI modules, the value should be network_cli.
A recommended approach to successfully using both types of modules for a host is as follows:
- Set the host variables such that Ansible will connect to the host using REST API, like seen above.
- In the playbook, in each play wherein the SSH/CLI
modules are used, set the
ansible_connectiontonetwork_cli.
The inventory should look something like this:
all:
hosts:
aoscx_1:
ansible_host: 10.0.0.1
ansible_user: admin
ansible_password: password
ansible_network_os: aoscx
ansible_connection: httpapi # REST API connection method
ansible_httpapi_validate_certs: False
ansible_httpapi_use_ssl: True
ansible_acx_no_proxy: Trueand the playbook like this (note how the second play, which uses the SSH/CLI module aoscx_command,
sets the ansible_connection value accordingly):
- hosts: all
roles:
- role: arubanetworks.aoscx_role
tasks:
- name: Adding or Updating Banner
aoscx_banner:
banner_type: banner
banner: "Hi!"
- hosts: all
roles:
- role: arubanetworks.aoscx_role
vars:
ansible_connection: network_cli
tasks:
- name: Execute show run on the switch
aoscx_command:
commands: ['show run']At Aruba Networks we're dedicated to ensuring the quality of our products, so if you find any issues at all please open an issue on our Github and we'll be sure to respond promptly!
Apache 2.0
- Madhusudan Pranav Venugopal (@madhusudan-pranav-venugopal)
- Yang Liu (@yliu-aruba)
- Tiffany Chiapuzio-Wong (@tchiapuziowong)
- Derek Wang (@derekwangHPEAruba)