Examples

This section consists of various example playbooks to achieve different use cases. This translates to either achieving a single task in a playbook or a list of tasks together.

Day 1 Automation:

While configuring a new site, the typical tasks one would have to do can be listed as:
add node-hierarchy, add a managed device to the hierarchy, change the hostname of the managed device, create AP groups, whitelist APs, add APs to AP groups, create new SSIDs.

-  name: Create and configure a site
     hosts: all
   connection: local
   gather_facts: no
   roles:
    - role: arubanetworks.aos_wlan_role
   tasks:
    - name: Creating node hierarchy
      aos_api_config:
        method: POST
        config_path: /md
        data:
          - configuration_node:
              node-path: /md/Boston

    - name: Adding a device
      aos_api_config:
        method: POST
        config_path: /md
        data:
          - configuration_device:
              dev-model: A7010
              mac-address: fa:fa:fa:fa:fa:fa
              config-path: md/Boston

        - name: Changnig hostname of the managed device
      aos_api_config:
        method: POST
        config_path: /md/Boston/fa:fa:fa:fa:fa:fa
        data:
          - hostname:
              hostname: new-md

    - name: Moveing Virtua-AP to AP-Group
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - ap_group:
              - profile-name: test_apgroup
                virtual-ap:
                  - profile-name: test_vap
    - name: Whitelisting an Access Point to the new AP-Group
      aos_cap_whitelist:
       action: add
       ap_name: test-ap-1
       ap_group: test_apgroup
       mac_address: "ab:32:32:32:32:32"
       description: Boston Office, Building-6, 2nd Floor

 

Run-Time Automation

Add a new Radius Server

-  hosts: all
   connection: local
     gather_facts: no
   roles:
    - role: arubanetworks.aos_wlan_role
   tasks:
    - name: Adding a RADIUS server
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - rad_server:
              - rad_server_name: test-server
                rad_host:
                  host: 1.1.1.1

 
Create a Guest SSID:
For creating a Guest SSID one would have to configure the following profiles: Radius Server, Server Group, RFC server, Dot1x Auth profile, AAA profiles, Captive Portal Profile, SSID Profile, VAP Profile, AP Group

---
-  name: Create and configure an internal Guest SSID
   hosts: all
   connection: local
   gather_facts: no
   roles:
    - role: arubanetworks.aos_wlan_role
   tasks:
    - name: Create the ssid profile with essid and opmode
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - ssid_prof:
              profile-name: ssid-guest-demo
              ssid_enable: {}
              essid:
                essid: guest-demo
              opmode:
                opensystem: true

    - name: Create the netdestination for the authenticated clients
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - netdst:
              dstname: netdst-guest-demo
              netdst__network:
                - address: 10.0.0.0
                  netmask: 255.0.0.0
                - address: 192.16.0.0
                  netmask: 255.255.0.0

    - name: Create the periodic time range
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - time_range_per:
              name: guest-demo-working-hrs
              time_range_per__day:
                - day: Weekday
                  StartTime: '07:00'
                  EndTime: '18:00'

    - name: Create the policy with session acls and time range
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - acl_sess:
              accname: acl-guest-demo-time-range
              acl_sess__v4policy:
                - suser: true
                  dany: true
                  service-name: svc-dhcp
                  permit: true
                  trname: guest-demo-working-hrs
                - suser: true
                  dany: true
                  service-name: svc-dns
                  permit: true
                  trname: guest-demo-working-hrs
                - suser: true
                  dstalias: netdst-guest-demo
                  service-any: true
                  permit: true
                  trname: guest-demo-working-hrs
                - suser: true
                  dany: true
                  service-name: svc-http
                  permit: true
                  trname: guest-demo-working-hrs
                - suser: true
                  dany: true
                  service-name: svc-https
                  permit: true
                  trname: guest-demo-working-hrs
                - suser: true
                  dany: true
                  service-any: true
                  deny: true

    - name: Create the user role assigned after captive portal authentication
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - role:
              rname: demo
              role__acl:
                - acl_type: session
                  pname: acl-guest-demo-time-range

    - name: Create the captive portal authentication profile
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - cp_auth_profile:
              profile-name: cp-guest-demo
              cp_default_role:
                default-role: demo
              cp_default_guest_role:
                default-guest-role: demo
              cp_server_group:
                server-group: internal
              allow_user: {}
              logout_popup: {}
              cp_proto_http: {}

    - name: Create the guest logon user role
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - role:
              rname: usr-guest-demo
              role__acl:
                - acl_type: session
                  pname: logon-control
                - acl_type: session
                  pname: captiveportal
                - acl_type: session
                  pname: v6-logon-control
                - acl_type: session
                  pname: captiveportal6
              role__cp:
                cp_profile_name: cp-guest-demo

    - name: Create the aaa profile
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - aaa_prof:
              profile-name: aaa-guest-demo
              default_user_role:
                role: usr-guest-demo

    - name: Create the virtual ap profile
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - virtual_ap:
              profile-name: vap-guest-demo
              aaa_prof:
                profile-name: aaa-guest-demo
              vlan:
                vlan: 16
              ssid_prof:
                profile-name: ssid-guest-demo

    - name: Create the AP group with virtual AP profile
      aos_api_config:
        method: POST
        config_path: /md/Boston
        data:
          - ap_group:
              profile-name: apgrp-guest-demo
              virtual_ap:
                - profile-name: vap-guest-demo

 

Monitoring Automation

Showcommand API Example to fetch the AP database

- name: Execute a show command
  hosts: all
  connection: local
  gather_facts: no
  roles:
    - role: arubanetworks.aos_wlan_role
  tasks:
    - name: Get basic information about Access Points
      aos_showcommand:
        command: show ap database

GET API Example to fetch VLANs

- hosts: all
  connection: local
  gather_facts: no
  roles:
    - role: arubanetworks.aos_wlan_role
  tasks:
    - name: Get a list of all VLANs from current as well as parent hierarchy
      aos_vlan:
       action: get
       type: all
       config_path: /md/Boston

Did this page help you?