WIP: Aruba switches #103

Draft
jeltz wants to merge 10 commits from aruba into master
5 changed files with 211 additions and 34 deletions
Showing only changes of commit 01ece9dbcb - Show all commits

View file

@ -0,0 +1,83 @@
#!/usr/bin/env python3
import base64
import time
import functools
import urllib.parse
import requests
from ansible.errors import AnsibleActionFail
from ansible.plugins.action import ActionBase
class Aruba:
def __init__(self, base_url):
self._session = requests.session()
self._base_url = base_url
def _url(self, url):
return urllib.parse.urljoin(self._base_url, url)
def login(self, username, password):
response = self._session.post(
self._url("/rest/v4/login-sessions"),
json={"userName": username, "password": password},
)
if response.status_code != requests.codes.created:
raise AnsibleActionFail("Login failed")
def logout(self):
response = self._session.delete(self._url("/rest/v4/login-sessions"))
if response.status_code != requests.codes.no_content:
raise AnsibleActionFail("Logout failed")
def restore(self, config):
response = self._session.post(
self._url(
"/rest/v4/system/config/cfg_restore/payload"
),
json={
"config_base64_encoded": base64.b64encode(config.encode()),
"is_forced_reboot_enabled": True,
},
)
if response.status_code != requests.codes.accepted:
raise AnsibleActionFail("Restore failed")
response = self._session.get(
self._url(
"/rest/v4/system/config/cfg_restore/payload/status"
)
)
print(response.text)
class ActionModule(ActionBase):
_VALID_ARGS = frozenset(("username", "password", "config", "url"))
def _require_arg(self, name):
try:
return self._task.args[name]
except KeyError:
raise AnsibleActionFail("Missing argument: {}".format(name))
def run(self, tmp=None, task_vars=None):
task_vars = task_vars or {}
result = super().run(tmp, task_vars)
base_url = self._task.args.get("url")
username = self._require_arg("username")
password = self._require_arg("password")
config = self._require_arg("config")
aruba = Aruba(base_url)
aruba.login(username, password)
try:
aruba.restore(config)
except:
raise
else:
aruba.logout()
return result

View file

@ -4,6 +4,7 @@ roles_path = ./roles
retry_files_enabled = False retry_files_enabled = False
inventory = ./hosts inventory = ./hosts
filter_plugins = ./filter_plugins filter_plugins = ./filter_plugins
action_plugins = ./action_plugins
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
nocows = 1 nocows = 1
forks = 15 forks = 15

View file

@ -4,7 +4,12 @@
- test-1.switch.infra.auro.re - test-1.switch.infra.auro.re
gather_facts: false gather_facts: false
vars: vars:
aruba__hostname: "{{ inventory_hostname }}" aruba__api_url: "http://{{ inventory_hostname }}"
aruba__api_username: "manager"
aruba__api_password: "manager"
aruba__model: J9773A
aruba__release: YA.16.11.002
aruba__hostname: "{{ inventory_hostname | hostname }}"
aruba__rest_enabled: true aruba__rest_enabled: true
aruba__ssh_enabled: true aruba__ssh_enabled: true
aruba__ntp_servers: aruba__ntp_servers:
@ -17,18 +22,20 @@
aruba__dns_domain_names: aruba__dns_domain_names:
- switch.infra.auro.re - switch.infra.auro.re
- infra.auro.re - infra.auro.re
- auro.re - toto.auro.re
aruba__manager_password: "P@ssw0rd!" aruba__manager_password: "manager"
aruba__operator_password: "P@ssw0rd!" aruba__operator_password: "operator"
aruba__default_gateways: aruba__default_gateways:
- 10.131.0.1 - 10.131.0.1
- 2a09:6840:131:0:1::1 - 2a09:6840:131:0:1::1
aruba__vlans: aruba__vlans:
1:
name: Default
131: 131:
name: Switchs name: Switchs
addresses: addresses:
- 10.131.0.1/16 - 10.131.1.1/16
- 2a09:6840:131:0:1::1/56 - 2a09:6840:131:1:1::1/56
1000: 1000:
name: "Client 0" name: "Client 0"
1001: 1001:
@ -62,8 +69,7 @@
4: 4:
name: "Client 2" name: "Client 2"
untagged: 1002 untagged: 1002
speed: 1000 speed_duplex: 100-full
duplex: half
loop_protect: true loop_protect: true
5: 5:
name: "Client 3" name: "Client 3"

View file

@ -1,12 +1,97 @@
--- ---
- name: Generate configuration
- name: Generation configuration
set_fact: set_fact:
aruba__config: "{{ lookup('template', './config.j2') }}" aruba__config: "{{ lookup('template', './config.j2') }}"
when: "aruba__config is not defined"
- name: Write configuration - name: Restore configuration
delegate_to: localhost aruba_cfg_restore:
copy: url: "http://{{ inventory_hostname }}/"
content: "{{ aruba__config }}" username: "{{ aruba__api_username }}"
dest: /tmp/aruba.config password: "{{ aruba__api_password }}"
config: "{{ aruba__config }}"
#- name: Login to switch
# delegate_to: localhost
# uri:
# url: "{{ aruba__api_base_url }}/rest/v4/login-sessions"
# method: POST
# status_code: 201
# body_format: json
# body:
# userName: "{{ aruba__api_username }}"
# password: "{{ aruba__api_password }}"
# register: login
#- name: Get diff
# delegate_to: localhost
# uri:
# url: "{{ aruba__api_base_url }}/rest/v4/system/config/cfg_restore/payload/latest_diff"
# method: POST
# body_format: json
# status_code: 202
# body:
# config_base64_encoded: "{{ aruba__config | b64encode }}"
# headers:
# Cookie: "{{ login.json.cookie }}"
# register: diff
#- name: Diff
# debug:
# msg: "{{ diff }}"
#- name: Get diff
# delegate_to: localhost
# uri:
# url: "{{ aruba__api_base_url }}/rest/v4/system/config/cfg_restore/payload/latest_diff/status"
# method: GET
# status_code: 200
# headers:
# Cookie: "{{ login.json.cookie }}"
# register: diff
#- name: Diff
# debug:
# msg: "{{ diff }}"
#- name: Restore configuration
# delegate_to: localhost
# uri:
# url: "{{ aruba__api_base_url }}/rest/v4/system/config/cfg_restore/payload"
# method: POST
# body_format: json
# status_code: 202
# body:
# config_base64_encoded: "{{ aruba__config | b64encode }}"
# is_forced_reboot_enabled: true
# headers:
# Cookie: "{{ login.json.cookie }}"
# register: status
#
#- name: XX
# debug:
# msg: "{{ status }}"
#
#- name: Get diff
# delegate_to: localhost
# uri:
# url: "{{ aruba__api_base_url }}/rest/v4/system/config/cfg_restore/payload/status"
# method: GET
# status_code: 200
# headers:
# Cookie: "{{ login.json.cookie }}"
# register: diff
#- name: Diff
# debug:
# msg: "{{ diff }}"
#- name: Logout
# delegate_to: localhost
# uri:
# url: "{{ aruba__api_base_url }}/rest/v4/login-sessions"
# method: DELETE
# status_code: 204
# headers:
# Cookie: "{{ login.json.cookie }}"
... ...

View file

@ -1,4 +1,4 @@
{{ ansible_managed | comment(decoration="; ") }} ; {{ aruba__model }} Configuration Editor; Created on release #{{ aruba__release }}
hostname {{ aruba__hostname | hostname | truncate(32) | enquote }} hostname {{ aruba__hostname | hostname | truncate(32) | enquote }}
@ -24,13 +24,15 @@ ip dns server-address priority {{ loop.index }} {{ addr | ipaddr }}
ip dns domain-name {{ domain | enquote }} ip dns domain-name {{ domain | enquote }}
{% endfor %} {% endfor %}
; TODO activate provision disable
activate software-update disable
{% if False %} {% if False %}
snmpv3 enable snmpv3 enable
snmpv3 only snmpv3 only
snmpv3 user "re2o" snmpv3 user "re2o"
;snmpv3 group ManagerPriv user "re2o" sec-model ver3 snmpv3 group ManagerPriv user "re2o" sec-model ver3
;snmp-server community "public" Operator snmp-server community "public" Operator
{% endif %} {% endif %}
no cdp run no cdp run
@ -50,25 +52,27 @@ set lldp_disabled =
lldp admin-status {{ lldp_disabled | aruba_ints }} disable lldp admin-status {{ lldp_disabled | aruba_ints }} disable
{% endif %} {% endif %}
password manager plaintext {{ aruba__manager_password | enquote }} password manager sha1 {{ aruba__manager_password | hash("sha1") }}
{% if aruba__operator_password is defined %} {% if aruba__operator_password is defined %}
password operator plaintext {{ aruba__operator_password | enquote }} password operator sha1 {{ aruba__operator_password | hash("sha1") }}
{% endif %} {% endif %}
#}
{% if aruba__ssh_enabled %} {% if aruba__ssh_enabled %}
ip ssh ip ssh
ip ssh ciphertype aes256ctr {# ip ssh cipher aes256ctr #}
ip ssh kex ecdh-sha2-nistp521 {# ip ssh kex ecdh-sha2-nistp521 #}
ip ssh mac hmac-sha2-256 {# ip ssh mac hmac-sha2-256 #}
ip ssh filetransfer ip ssh filetransfer
{% else %} {% else %}
no ip ssh no ip ssh
{% endif %} {% endif %}
no telnet-server no telnet-server
no tftp
{% if aruba__rest_enabled %} {% if aruba__rest_enabled %}
; FIXME: ssl {# FIXME: ssl #}
web-management plaintext web-management plaintext
rest-interface rest-interface
{% endif %} {% endif %}
@ -92,7 +96,7 @@ loop-protect {{ loop_protect | aruba_ints }}
ip default-gateway {{ aruba__default_gateways | ipv4 | first }} ip default-gateway {{ aruba__default_gateways | ipv4 | first }}
{% endif %} {% endif %}
{% if aruba__default_gateways | ipv6 %} {% if aruba__default_gateways | ipv6 %}
ipv6 default-gateway {{ aruba__default_gateways | ipv6 | first }} {# ipv6 default-gateway {{ aruba__default_gateways | ipv6 | first }} #}
{% endif %} {% endif %}
{% for id, vlan in aruba__vlans.items() %} {% for id, vlan in aruba__vlans.items() %}
@ -126,15 +130,14 @@ set tagged =
{% endif %} {% endif %}
{% if vlan.addresses | default([]) %} {% if vlan.addresses | default([]) %}
{% for addr in vlan.addresses | ipv4 %} {% for addr in vlan.addresses | ipv4 %}
ip address {{ addr | ipaddr("address") }} {{ addr | ipaddr("netmask") }} ip address {{ addr | ipaddr("host") }}
{% endfor %} {% endfor %}
{% for addr in vlan.addresses | ipv6 %} {% for addr in vlan.addresses | ipv6 %}
ipv6 address {{ addr | ipaddr("address") }} {{ addr | ipaddr("netmask") }} ipv6 address {{ addr | ipaddr("host") }}
{% endfor %} {% endfor %}
{% else %} {% else %}
no ip address no ip address
{% endif %} {% endif %}
no flow-control
exit exit
{% endfor %} {% endfor %}
@ -149,12 +152,11 @@ interface {{ id | int }}
{% else %} {% else %}
no enable no enable
{% endif %} {% endif %}
{% if iface.speed is defined %} {# TODO: split and check speed/duplex #}
speed {{ iface.speed | int | choices([10, 100, 1000]) }} {% if iface.speed_duplex is defined %}
{% endif %} speed-duplex {{ iface.speed_duplex }}
{% if iface.duplex is defined %}
duplex {{ iface.duplex | choices(["full", "half", "auto"]) }}
{% endif %} {% endif %}
no flow-control
exit exit
{% endfor %} {% endfor %}