Example Workflows
Use-cases and workflows as working examples to kick start your AOS8 automation journey
This section consists of various example playbooks that lists single/multiple tasks to achieve different use cases. Below you will find modules used from the AOS WLAN Role that use AOS 8's REST API as well our SSH modules that communicates over the SSH interface.
Day 1 Automation
While configuring a new site, the typical tasks one would have to do can be listed as:
adding/creating node-hierarchy, adding a managed device to the hierarchy, changing the hostname of the managed device, create AP groups, whitelisting APs, adding APs to AP groups, creating new SSIDs, etc. Some of these task examples are listed below
- name: Create and configure a site
hosts: all
connection: local
gather_facts: no
roles:
- role: arubanetworks.aos_wlan_role
tasks:
- name: Creating node hierarchy
aos_api_config:
method: POST
config_path: /md
data:
- configuration_node:
node-path: /md/Boston
- name: Adding a device
aos_api_config:
method: POST
config_path: /md
data:
- configuration_device:
dev-model: A7010
mac-address: fa:fa:fa:fa:fa:fa
config-path: md/Boston
- name: Changnig hostname of the managed device
aos_api_config:
method: POST
config_path: /md/Boston/fa:fa:fa:fa:fa:fa
data:
- hostname:
hostname: new-md
- name: Moveing Virtua-AP to AP-Group
aos_api_config:
method: POST
config_path: /md/Boston
data:
- ap_group:
- profile-name: test_apgroup
virtual-ap:
- profile-name: test_vap
- name: Whitelisting an Access Point to the new AP-Group
aos_cap_whitelist:
action: add
ap_name: test-ap-1
ap_group: test_apgroup
mac_address: "ab:32:32:32:32:32"
description: Boston Office, Building-6, 2nd Floor
Run-Time Automation
Add a new Radius Server
- hosts: all
connection: local
gather_facts: no
roles:
- role: arubanetworks.aos_wlan_role
tasks:
- name: Adding a RADIUS server
aos_api_config:
method: POST
config_path: /md/Boston
data:
- rad_server:
- rad_server_name: test-server
rad_host:
host: 1.1.1.1
Create a Guest SSID:
For creating a Guest SSID one would have to configure the following profiles: Radius Server, Server Group, RFC server, Dot1x Auth profile, AAA profiles, Captive Portal Profile, SSID Profile, VAP Profile, AP Group
---
- name: Create and configure an internal Guest SSID
hosts: all
connection: local
gather_facts: no
roles:
- role: arubanetworks.aos_wlan_role
tasks:
- name: Create the ssid profile with essid and opmode
aos_api_config:
method: POST
config_path: /md/Boston
data:
- ssid_prof:
profile-name: ssid-guest-demo
ssid_enable: {}
essid:
essid: guest-demo
opmode:
opensystem: true
- name: Create the netdestination for the authenticated clients
aos_api_config:
method: POST
config_path: /md/Boston
data:
- netdst:
dstname: netdst-guest-demo
netdst__network:
- address: 10.0.0.0
netmask: 255.0.0.0
- address: 192.16.0.0
netmask: 255.255.0.0
- name: Create the periodic time range
aos_api_config:
method: POST
config_path: /md/Boston
data:
- time_range_per:
name: guest-demo-working-hrs
time_range_per__day:
- day: Weekday
StartTime: '07:00'
EndTime: '18:00'
- name: Create the policy with session acls and time range
aos_api_config:
method: POST
config_path: /md/Boston
data:
- acl_sess:
accname: acl-guest-demo-time-range
acl_sess__v4policy:
- suser: true
dany: true
service-name: svc-dhcp
permit: true
trname: guest-demo-working-hrs
- suser: true
dany: true
service-name: svc-dns
permit: true
trname: guest-demo-working-hrs
- suser: true
dstalias: netdst-guest-demo
service-any: true
permit: true
trname: guest-demo-working-hrs
- suser: true
dany: true
service-name: svc-http
permit: true
trname: guest-demo-working-hrs
- suser: true
dany: true
service-name: svc-https
permit: true
trname: guest-demo-working-hrs
- suser: true
dany: true
service-any: true
deny: true
- name: Create the user role assigned after captive portal authentication
aos_api_config:
method: POST
config_path: /md/Boston
data:
- role:
rname: demo
role__acl:
- acl_type: session
pname: acl-guest-demo-time-range
- name: Create the captive portal authentication profile
aos_api_config:
method: POST
config_path: /md/Boston
data:
- cp_auth_profile:
profile-name: cp-guest-demo
cp_default_role:
default-role: demo
cp_default_guest_role:
default-guest-role: demo
cp_server_group:
server-group: internal
allow_user: {}
logout_popup: {}
cp_proto_http: {}
- name: Create the guest logon user role
aos_api_config:
method: POST
config_path: /md/Boston
data:
- role:
rname: usr-guest-demo
role__acl:
- acl_type: session
pname: logon-control
- acl_type: session
pname: captiveportal
- acl_type: session
pname: v6-logon-control
- acl_type: session
pname: captiveportal6
role__cp:
cp_profile_name: cp-guest-demo
- name: Create the aaa profile
aos_api_config:
method: POST
config_path: /md/Boston
data:
- aaa_prof:
profile-name: aaa-guest-demo
default_user_role:
role: usr-guest-demo
- name: Create the virtual ap profile
aos_api_config:
method: POST
config_path: /md/Boston
data:
- virtual_ap:
profile-name: vap-guest-demo
aaa_prof:
profile-name: aaa-guest-demo
vlan:
vlan: 16
ssid_prof:
profile-name: ssid-guest-demo
- name: Create the AP group with virtual AP profile
aos_api_config:
method: POST
config_path: /md/Boston
data:
- ap_group:
profile-name: apgrp-guest-demo
virtual_ap:
- profile-name: vap-guest-demo
Monitoring Automation
Showcommand API Example
- name: Execute a show command
hosts: all
connection: local
gather_facts: no
roles:
- role: arubanetworks.aos_wlan_role
tasks:
- name: Get basic information about Access Points
aos_show_command:
command: show ap database
GET API Example to fetch VLANs
- hosts: all
connection: local
gather_facts: no
roles:
- role: arubanetworks.aos_wlan_role
tasks:
- name: Get a list of all VLANs from current as well as parent hierarchy
aos_vlan:
action: get
type: all
config_path: /md/Boston
SSH Modules
In order to automate tasks on the Mobility Conductor via the SSH interface, you can use our SSH modules for Ansible. There are two modules available for CLI automation through SSH:
aruba_config - to manage Aruba configuration sections
- name: configure top level configuration
aruba_config:
lines: hostname {{ inventory_hostname }}
aruba_command - to run commands on remote devices running Aruba Mobility Controller
- name: run multiple commands and evaluate the output
aruba_command:
commands:
- show version
- show interfaces
wait_for:
- result[0] contains Aruba
- result[1] contains Loopback0
Updated almost 2 years ago