Examples
This section consists of various example playbooks to achieve different use cases. This translates to either achieving a single task in a playbook or a list of tasks together.
Day 1 Automation:
While configuring a new site, the typical tasks one would have to do can be listed as:
add node-hierarchy, add a managed device to the hierarchy, change the hostname of the managed device, create AP groups, whitelist APs, add APs to AP groups, create new SSIDs.
- name: Create and configure a site
hosts: all
connection: local
gather_facts: no
roles:
- role: arubanetworks.aos_wlan_role
tasks:
- name: Creating node hierarchy
aos_api_config:
method: POST
config_path: /md
data:
- configuration_node:
node-path: /md/Boston
- name: Adding a device
aos_api_config:
method: POST
config_path: /md
data:
- configuration_device:
dev-model: A7010
mac-address: fa:fa:fa:fa:fa:fa
config-path: md/Boston
- name: Changnig hostname of the managed device
aos_api_config:
method: POST
config_path: /md/Boston/fa:fa:fa:fa:fa:fa
data:
- hostname:
hostname: new-md
- name: Moveing Virtua-AP to AP-Group
aos_api_config:
method: POST
config_path: /md/Boston
data:
- ap_group:
- profile-name: test_apgroup
virtual-ap:
- profile-name: test_vap
- name: Whitelisting an Access Point to the new AP-Group
aos_cap_whitelist:
action: add
ap_name: test-ap-1
ap_group: test_apgroup
mac_address: "ab:32:32:32:32:32"
description: Boston Office, Building-6, 2nd Floor
Run-Time Automation
Add a new Radius Server
- hosts: all
connection: local
gather_facts: no
roles:
- role: arubanetworks.aos_wlan_role
tasks:
- name: Adding a RADIUS server
aos_api_config:
method: POST
config_path: /md/Boston
data:
- rad_server:
- rad_server_name: test-server
rad_host:
host: 1.1.1.1
Create a Guest SSID:
For creating a Guest SSID one would have to configure the following profiles: Radius Server, Server Group, RFC server, Dot1x Auth profile, AAA profiles, Captive Portal Profile, SSID Profile, VAP Profile, AP Group
---
- name: Create and configure an internal Guest SSID
hosts: all
connection: local
gather_facts: no
roles:
- role: arubanetworks.aos_wlan_role
tasks:
- name: Create the ssid profile with essid and opmode
aos_api_config:
method: POST
config_path: /md/Boston
data:
- ssid_prof:
profile-name: ssid-guest-demo
ssid_enable: {}
essid:
essid: guest-demo
opmode:
opensystem: true
- name: Create the netdestination for the authenticated clients
aos_api_config:
method: POST
config_path: /md/Boston
data:
- netdst:
dstname: netdst-guest-demo
netdst__network:
- address: 10.0.0.0
netmask: 255.0.0.0
- address: 192.16.0.0
netmask: 255.255.0.0
- name: Create the periodic time range
aos_api_config:
method: POST
config_path: /md/Boston
data:
- time_range_per:
name: guest-demo-working-hrs
time_range_per__day:
- day: Weekday
StartTime: '07:00'
EndTime: '18:00'
- name: Create the policy with session acls and time range
aos_api_config:
method: POST
config_path: /md/Boston
data:
- acl_sess:
accname: acl-guest-demo-time-range
acl_sess__v4policy:
- suser: true
dany: true
service-name: svc-dhcp
permit: true
trname: guest-demo-working-hrs
- suser: true
dany: true
service-name: svc-dns
permit: true
trname: guest-demo-working-hrs
- suser: true
dstalias: netdst-guest-demo
service-any: true
permit: true
trname: guest-demo-working-hrs
- suser: true
dany: true
service-name: svc-http
permit: true
trname: guest-demo-working-hrs
- suser: true
dany: true
service-name: svc-https
permit: true
trname: guest-demo-working-hrs
- suser: true
dany: true
service-any: true
deny: true
- name: Create the user role assigned after captive portal authentication
aos_api_config:
method: POST
config_path: /md/Boston
data:
- role:
rname: demo
role__acl:
- acl_type: session
pname: acl-guest-demo-time-range
- name: Create the captive portal authentication profile
aos_api_config:
method: POST
config_path: /md/Boston
data:
- cp_auth_profile:
profile-name: cp-guest-demo
cp_default_role:
default-role: demo
cp_default_guest_role:
default-guest-role: demo
cp_server_group:
server-group: internal
allow_user: {}
logout_popup: {}
cp_proto_http: {}
- name: Create the guest logon user role
aos_api_config:
method: POST
config_path: /md/Boston
data:
- role:
rname: usr-guest-demo
role__acl:
- acl_type: session
pname: logon-control
- acl_type: session
pname: captiveportal
- acl_type: session
pname: v6-logon-control
- acl_type: session
pname: captiveportal6
role__cp:
cp_profile_name: cp-guest-demo
- name: Create the aaa profile
aos_api_config:
method: POST
config_path: /md/Boston
data:
- aaa_prof:
profile-name: aaa-guest-demo
default_user_role:
role: usr-guest-demo
- name: Create the virtual ap profile
aos_api_config:
method: POST
config_path: /md/Boston
data:
- virtual_ap:
profile-name: vap-guest-demo
aaa_prof:
profile-name: aaa-guest-demo
vlan:
vlan: 16
ssid_prof:
profile-name: ssid-guest-demo
- name: Create the AP group with virtual AP profile
aos_api_config:
method: POST
config_path: /md/Boston
data:
- ap_group:
profile-name: apgrp-guest-demo
virtual_ap:
- profile-name: vap-guest-demo
Monitoring Automation
Showcommand API Example to fetch the AP database
- name: Execute a show command
hosts: all
connection: local
gather_facts: no
roles:
- role: arubanetworks.aos_wlan_role
tasks:
- name: Get basic information about Access Points
aos_showcommand:
command: show ap database
GET API Example to fetch VLANs
- hosts: all
connection: local
gather_facts: no
roles:
- role: arubanetworks.aos_wlan_role
tasks:
- name: Get a list of all VLANs from current as well as parent hierarchy
aos_vlan:
action: get
type: all
config_path: /md/Boston
Updated almost 2 years ago