Hello there.
As far as I am aware, there has been support for ansible from the beginning in the ArubaOS-CX switches, but there are not many guides on this (except the official webpage of course). So, I want to learn and while doing that, create this guide.
I showed how to setup ansible on Linux, with a short example, in a previous post. So if you don’t have a working ansible installation, check that one out first or go for one of the other dozens of excellent guides on the internet :-).
For this, I am using GNS3 with 4 ArubaOS-CX switches. Those are attached to my local network, which allows me to access them from my PC. The firmware on the switches is “10.08.0001”.
Using ansible we will create a LAG on ports 1/1/8-1/1/9 on every switch for the ISL link and configure VSX. Ports 1/1/1 and 1/1/2 will be the uplink ports using MC-LAG. Other than that, we will create a VLAN for the keepalive and set the hostname.
Preparing the ArubaOS-CX Switches
Let’s start with the switches. There are two things (three if you are not using the OOBM interface) we need to do before we can configure them via ansible. These steps are the same on every switch.
I am using the OOBM interface for the configuration with ansible. If you want to use a dedicated VLAN, you need to allow the https-server and the ssh connection from the attached VRF as well.
For the first steps, I will be using the GNS3 interface to connect to the switches. If these were actual hardware, I would use the serial port.
switch# conf switch(config)# https-server rest access-mode read-write If you don't use the OOBM interface switch# conf switch(config)# https-server rest access-mode read-write vrf default switch(config)# ssh server vrf default
Next set a static IP.
switch(config)# interface mgmt switch(config-if-mgmt)# ip static 192.168.133.10/24 switch(config-if-mgmt)# write mem
ArubaOS-CX Ansible Galaxy
On the ansible side, we need the modules etc. provided by Aruba through ansible galaxy.
fedora-kde :: ~ » ansible-galaxy collection install arubanetworks.aoscx Process install dependency map Starting collection install process Skipping 'arubanetworks.aoscx' as it is already installed
I get a different message since I already installed it. If we want to update the collection we need to add “-f”.
fedora-kde :: ~ » ansible-galaxy collection install arubanetworks.aoscx -f Process install dependency map Starting collection install process Installing 'arubanetworks.aoscx:3.1.0' to '/home/gokhan/.ansible/collections/ansible_collections/arubanetworks/aoscx' Skipping 'ansible.netcommon' as it is already installed
Next, switch to the newly created folder and install the additional requirements.
fedora-kde :: ~ » cd ~/.ansible/collections/ansible_collections/arubanetworks/aoscx fedora-kde :: aoscx » ansible-galaxy install -r requirements.yml fedora-kde :: aoscx » python3 -m pip install -r requirements.txt
That’s it for the preparation. Let’s create the files for ansible.
Creating the hosts file
Here is an example of a “hosts” file. If you set a password on the switches, make sure to fill that out (marked green). I will leave it empty since this is only a test environment.
Under the hostname of each switch, we have the host-specific variables. “ansible_host” defines the name or IP of each switch you want to connect to. Everything below that are variables we will use in the playbooks.
Under “vars” we have the global variables for the connection. At the bottom we have the global variables for the switches we will use in the playbooks.
fedora-kde :: ~ » cat ~/Nextcloud/Ansible/aruba-switch-hosts
all:
children:
all_aruba_switches:
hosts:
core1:
ansible_host: 192.168.133.10
hostname: core1
vsx_role: primary
keepalive_ip: 192.168.255.10/24
keepalive_peer: 192.168.255.11
keepalive_source: 192.168.255.10
system_mac: 00:00:00:00:01:01
core2:
ansible_host: 192.168.133.11
hostname: core2
vsx_role: secondary
keepalive_ip: 192.168.255.11/24
keepalive_peer: 192.168.255.10
keepalive_source: 192.168.255.11
system_mac: 00:00:00:00:01:01
agg01:
ansible_host: 192.168.133.12
hostname: agg01
vsx_role: primary
keepalive_ip: 192.168.255.12/24
keepalive_peer: 192.168.255.13
keepalive_source: 192.168.255.12
system_mac: 00:00:00:00:02:02
agg02:
ansible_host: 192.168.133.13
hostname: agg02
vsx_role: secondary
keepalive_ip: 192.168.255.13/24
keepalive_peer: 192.168.255.12
keepalive_source: 192.168.255.13
system_mac: 00:00:00:00:02:02
vars:
ansible_user: 'admin'
ansible_password: ''
ansible_connection: arubanetworks.aoscx.aoscx
ansible_network_os: arubanetworks.aoscx.aoscx
ansible_aoscx_validate_certs: False
ansible_aoscx_use_proxy: False
ansible_acx_no_proxy: True
host_key_checking: False
### global variables for VSX
keepalive_description: "KEEPALIVE"
isl_interfaces: "1/1/8,1/1/9"
isl_lag: "lag 128"
keepalive_vlan: "999"
mclag_interfaces: "1/1/1-1/1/2"
mclag_id: "lag 1"
Creating the playbook
Next is a simple playbook.
We will create a single VLAN for the VSX keepalive using the REST API. The “command” module is used to set the hostname, create the LAG 128, add the interfaces to it and configure the SVI (Switch Virtual Interface) for the keepalive link.
We could create the LAG using the “aoscx_l2_interface”, but this won’t allow us to set specific parameters. Like the LACP mode for instance.
I will use it as an example and create LAG 127 with that module.
I wanted to show a few different examples using the dedicated module like “aoscx_vsx” or “aoscx_vlan_interface” but I keeps getting an error message when executing the playbook, telling me that ansible could not find the VSX module, while the VLAN interface module just wouldn’t create the interface itself. So I would have to manually create the interface first, which kinda defeats the purpose.
That’s why I will setup most of it, using the “command” module.
The task “Aruba facts” is used to gather facts about the switch for the next task. Here it will check if the VLAN already exists and skip if it does. This is not really necessary, but I wanted to see if and how it would work.
fedora-kde :: ~ » cat ~/Nextcloud/Ansible/playbooks/aruba/arubaos-cx/aruba-vsx-creation.yml
- hosts: all_aruba_switches
collections:
- arubanetworks.aoscx
gather_facts: true
tasks:
- name: Aruba facts
aoscx_facts:
gather_network_resources: ['vlans', 'interfaces']
register: facts_vlan_output
- name: Create VLAN {{ keepalive_vlan }} with description and name
aoscx_vlan:
vlan_id: "{{ keepalive_vlan }}"
name: Keepalive
description: VLAN {{ keepalive_vlan }} for Keepalive
admin_state: up # Optional. Default is "up"
state: create # Optional. Default is "create"
with_items: "{{ facts_vlan_output.ansible_facts.ansible_network_resources.vlans.keys() | list | string | regex_search( keepalive_vlan ) }}"
when: item != "{{ keepalive_vlan }}"
- name: Create LAG 127 as an example
aoscx_l2_interface:
interface: lag127
vlan_mode: trunk
admin_state: up
state: create
- hosts: all_aruba_switches
collections:
- arubanetworks.aoscx
vars:
ansible_connection: network_cli # For SSH connection
tasks:
- name: VSX Preparation
aoscx_command:
commands: ['config',
'hostname {{ hostname }}',
'interface {{ isl_lag }}',
'no routing',
'no shutdown',
'lacp mode active',
'vlan trunk native 1',
'exit',
'interface {{ isl_interfaces }}',
'{{ isl_lag }}',
'no shutdown',
'exit',
'interface vlan {{ keepalive_vlan }}',
'description {{ keepalive_description }}',
'ip address {{ keepalive_ip }}',
'no shutdown',
'exit',
'end']
- name: Create VSX configuration
aoscx_command:
commands: ['config',
'vsx',
'role {{ vsx_role }}',
'keepalive peer {{ keepalive_peer }} source {{ keepalive_source }}',
'system-mac {{ system_mac }}',
'inter-switch-link {{ isl_lag }}',
'end']
- name: Create MC-LAG
aoscx_command:
commands: ['config',
'interface {{ mclag_id }} multi-chassis',
'no routing',
'no shutdown',
'lacp mode active',
'vlan trunk native 1',
'exit',
'interface {{ mclag_interfaces }}',
'{{ mclag_id }}',
'no shutdown',
'exit',
'end']
Take notice of the “vars” entry in the second playbook (marked red). This is required for the “aoscx_command” module since it cannot be used with the REST API. The “ansible_connection: network_cli” tells ansible to connect to the switches with SSH for this module to work.
I will attach a more readable version of the configuration files at the bottom of the post.
Running the playbook
Now with the configuration files, we can run the playbook.
“-i” specifies the “hosts” file.
fedora-kde :: ~ » ansible-playbook -i ~/Nextcloud/Ansible/aruba-switch-hosts ~/Nextcloud/Ansible/playbooks/aruba/arubaos-cx/aruba-vsx-creation.yml .... TASK [Create MC-LAG] ************************************************************************************************************************************ ok: [core1] ok: [core2] ok: [agg01] ok: [agg02] PLAY RECAP ********************************************************************************************************************************************** agg01 : ok=7 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 agg02 : ok=7 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 core1 : ok=7 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 core2 : ok=7 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Listing the module documentation
Using “ansible-docs” we can get more information about the possible options the modules support.
“-M” defines the path to the module folder.
Here is an example for the “aoscx_vlan” module.
fedora-kde :: ~ » ansible-doc aoscx_vlan -M ~/.ansible/collections/ansible_collections/arubanetworks/aoscx/plugins/modules/
You could also just access the text files under.:
/home/$USERNAME/.ansible/collections/ansible_collections/arubanetworks/aoscx/docs
Checking the running-config
Let’s take a look at one of the running configs.
agg01(config)# show running-config
Current configuration:
!
!Version ArubaOS-CX Virtual.10.08.0001
!export-password: default
hostname agg01
led locator on
!
!
!
!
!
!
ssh server vrf mgmt
vlan 1
vlan 999
name Keepalive
description VLAN 999 for Keepalive
interface mgmt
no shutdown
ip static 192.168.133.12/24
interface lag 1 multi-chassis
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
interface lag 127
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode passive
interface lag 128
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
interface 1/1/1
no shutdown
lag 1
interface 1/1/2
no shutdown
lag 1
interface 1/1/8
no shutdown
lag 128
interface 1/1/9
no shutdown
lag 128
interface vlan 999
description KEEPALIVE
ip address 192.168.255.12/24
vsx
system-mac 00:00:00:00:02:02
inter-switch-link lag 128
role primary
keepalive peer 192.168.255.13 source 192.168.255.12
!
!
!
!
!
https-server vrf mgmt
I am quite happy with the results. It actually worked better than I expected. (Except the skipping the VLAN task part. That took me days to figure out).
I will see if I can implement this into future projects since it makes it so much more simple and is a lot of fun.
Well, I have nothing else to add.
See you next time.
Hosts file.:
Playbook.:
Links: