Example Workflows

Use-cases and workflows as working examples to kick start your AOS8 automation journey

This section consists of various example playbooks that lists single/multiple tasks to achieve different use cases. Below you will find modules used from the AOS WLAN Role that use AOS 8's REST API as well our SSH modules that communicates over the SSH interface.

Day 1 Automation

While configuring a new site, the typical tasks one would have to do can be listed as:
adding/creating node-hierarchy, adding a managed device to the hierarchy, changing the hostname of the managed device, create AP groups, whitelisting APs, adding APs to AP groups, creating new SSIDs, etc. Some of these task examples are listed below

-  name: Create and configure a site
     hosts: all
   connection: local
   gather_facts: no
   roles:
    - role: arubanetworks.aos_wlan_role
   tasks:
    - name: Creating node hierarchy
      aos_api_config:
        method: POST
        config_path: /md
        data:
          - configuration_node:
              node-path: /md/Boston

    - name: Adding a device
      aos_api_config:
        method: POST
        config_path: /md
        data:
          - configuration_device:
              dev-model: A7010
              mac-address: fa:fa:fa:fa:fa:fa
              config-path: md/Boston

        - name: Changnig hostname of the managed device
      aos_api_config:
        method: POST
        config_path: /md/Boston/fa:fa:fa:fa:fa:fa
        data:
          - hostname:
              hostname: new-md

    - name: Moveing Virtua-AP to AP-Group
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - ap_group:
              - profile-name: test_apgroup
                virtual-ap:
                  - profile-name: test_vap

    - name: Whitelisting an Access Point to the new AP-Group
      aos_cap_whitelist:
       action: add
       ap_name: test-ap-1
       ap_group: test_apgroup
       mac_address: "ab:32:32:32:32:32"
       description: Boston Office, Building-6, 2nd Floor

Run-Time Automation

Add a new Radius Server

-  hosts: all
   connection: local
     gather_facts: no
   roles:
    - role: arubanetworks.aos_wlan_role
   tasks:
    - name: Adding a RADIUS server
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - rad_server:
              - rad_server_name: test-server
                rad_host:
                  host: 1.1.1.1

Create a Guest SSID:
For creating a Guest SSID one would have to configure the following profiles: Radius Server, Server Group, RFC server, Dot1x Auth profile, AAA profiles, Captive Portal Profile, SSID Profile, VAP Profile, AP Group

---
-  name: Create and configure an internal Guest SSID
   hosts: all
   connection: local
   gather_facts: no
   roles:
    - role: arubanetworks.aos_wlan_role
   tasks:
    - name: Create the ssid profile with essid and opmode
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - ssid_prof:
              profile-name: ssid-guest-demo
              ssid_enable: {}
              essid:
                essid: guest-demo
              opmode:
                opensystem: true

    - name: Create the netdestination for the authenticated clients
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - netdst:
              dstname: netdst-guest-demo
              netdst__network:
                - address: 10.0.0.0
                  netmask: 255.0.0.0
                - address: 192.16.0.0
                  netmask: 255.255.0.0

    - name: Create the periodic time range
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - time_range_per:
              name: guest-demo-working-hrs
              time_range_per__day:
                - day: Weekday
                  StartTime: '07:00'
                  EndTime: '18:00'

    - name: Create the policy with session acls and time range
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - acl_sess:
              accname: acl-guest-demo-time-range
              acl_sess__v4policy:
                - suser: true
                  dany: true
                  service-name: svc-dhcp
                  permit: true
                  trname: guest-demo-working-hrs
                - suser: true
                  dany: true
                  service-name: svc-dns
                  permit: true
                  trname: guest-demo-working-hrs
                - suser: true
                  dstalias: netdst-guest-demo
                  service-any: true
                  permit: true
                  trname: guest-demo-working-hrs
                - suser: true
                  dany: true
                  service-name: svc-http
                  permit: true
                  trname: guest-demo-working-hrs
                - suser: true
                  dany: true
                  service-name: svc-https
                  permit: true
                  trname: guest-demo-working-hrs
                - suser: true
                  dany: true
                  service-any: true
                  deny: true

    - name: Create the user role assigned after captive portal authentication
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - role:
              rname: demo
              role__acl:
                - acl_type: session
                  pname: acl-guest-demo-time-range

    - name: Create the captive portal authentication profile
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - cp_auth_profile:
              profile-name: cp-guest-demo
              cp_default_role:
                default-role: demo
              cp_default_guest_role:
                default-guest-role: demo
              cp_server_group:
                server-group: internal
              allow_user: {}
              logout_popup: {}
              cp_proto_http: {}

    - name: Create the guest logon user role
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - role:
              rname: usr-guest-demo
              role__acl:
                - acl_type: session
                  pname: logon-control
                - acl_type: session
                  pname: captiveportal
                - acl_type: session
                  pname: v6-logon-control
                - acl_type: session
                  pname: captiveportal6
              role__cp:
                cp_profile_name: cp-guest-demo

    - name: Create the aaa profile
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - aaa_prof:
              profile-name: aaa-guest-demo
              default_user_role:
                role: usr-guest-demo

    - name: Create the virtual ap profile
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - virtual_ap:
              profile-name: vap-guest-demo
              aaa_prof:
                profile-name: aaa-guest-demo
              vlan:
                vlan: 16
              ssid_prof:
                profile-name: ssid-guest-demo

    - name: Create the AP group with virtual AP profile
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - ap_group:
              profile-name: apgrp-guest-demo
              virtual_ap:
                - profile-name: vap-guest-demo

Monitoring Automation

Showcommand API Example

- name: Execute a show command
  hosts: all
  connection: local
  gather_facts: no
  roles:
    - role: arubanetworks.aos_wlan_role
  tasks:
    - name: Get basic information about Access Points
      aos_show_command:
        command: show ap database

GET API Example to fetch VLANs

- hosts: all
  connection: local
  gather_facts: no
  roles:
    - role: arubanetworks.aos_wlan_role
  tasks:
    - name: Get a list of all VLANs from current as well as parent hierarchy
      aos_vlan:
       action: get
       type: all
       config_path: /md/Boston

SSH Modules

In order to automate tasks on the Mobility Conductor via the SSH interface, you can use our SSH modules for Ansible. There are two modules available for CLI automation through SSH:

aruba_config - to manage Aruba configuration sections

- name: configure top level configuration
  aruba_config:
    lines: hostname {{ inventory_hostname }}

aruba_command - to run commands on remote devices running Aruba Mobility Controller

- name: run multiple commands and evaluate the output
    aruba_command:
      commands:
        - show version
        - show interfaces
      wait_for:
        - result[0] contains Aruba
        - result[1] contains Loopback0

Did this page help you?