-
Notifications
You must be signed in to change notification settings - Fork 25
Ansible Tower Integration
tchiapuziowong edited this page May 20, 2019
·
2 revisions
- Install Aruba Switching Modules
- Have a licensed version of Ansible Tower installed and setup
The following describes how to set up an example project and inventory for our Modules in Ansible Tower. This is not the same setup as used within the actual project. The documentation for the actual project can be found below.
The first step is to create custom credential which stores the ArubaOS-Switch's Username and Password (encrypted) for the usage of our Playbooks.
The following describes how to create custom credentials for the usage of only one module type (ArubaOS-Switch or ArubaOS-CX) within one Playbook.
- Please navigate in the Ansible Tower WebUI to Options (Gear in right corner).
- On the Options Page please select "Credential Types".
- Click the "+ADD" Button on the new Credential Types Page.
- Fill out the:
- Choose a Name your think that fits (e.g. Aruba-Custom-Credential)
- Fill the following into "Input Configuration" field below the first line ("---"). This will create a custom credential template in which you can later enter username and password.
fields: - type: string id: username label: Username - type: string id: password label: Password secret: true required: - username - password- Fill the following into "Injector Configuration" field below the first line ("---"). This will create variables which are going to be used by Ansible (Inventory and Playbooks). We are using these variables ("ansible_user", "ansible_password") for the connection automatically and they do not need to be used within the Playbook to connect.
extra_vars: ansible_password: '{{ password }}' ansible_user: '{{ username }}'- Click Save
The connection Plugin will need three more variable inside the host variable of the switch in the inventory to automatically connect. This will cover an example of just these variables. You could also add further variables into this Inventory if needed.
This is an example of how to create a test inventory:
- Prerequisite: Have an existing Inventory created.
- Move to the inventory and edit it
- Move to Hosts
- Add a new Host
- Give the Host a Name (e.g. switch1_aoss)
- Fill "Variables" below "---" with the following. Replace "TARGET_IP" with the IP of the Switch:
ansible_host: TARGET_IP ansible_connection: local ansible_network_os: arubaoss
- Click Save
Next up is creating custom credentials for ArubaOS-Switch devices:
- Move to Options
- Move to Credentials
- Click "+ADD"
- Choose a name (e.g.: "ArubaOS-Switch Credentials")
- Select Credential Type and choose the name you have chosen above for the Aruba Custom Credentials (in our case "Aruba-Custom-Credential-Switch")
- Enter Username and Password
- Click Save
You can now create a job template with the Inventory and the Custom Credentials for our Modules.
The connection Plugin will need three more variable inside the host variable of the switch in the inventory to automatically connect. This will cover an example of just these variables. You could also add further variables into this Inventory if needed.
This is an example of how to create a test inventory:
- Prerequisite: Have an existing Inventory created.
- Move to the inventory and edit it
- Move to Hosts
- Add a new Host
- Give the Host a Name (e.g. switch1_cx)
- Fill "Variables" below "---" with the following. Replace "TARGET_IP" with the IP of the CX:
ansible_host: TARGET_IP ansible_connection: arubaoscx_rest
- Click Save
Next up is creating custom credentials for ArubaOS-CX devices:
- Move to Options
- Move to Credentials
- Click "+ADD"
- Choose a name (e.g.: "ArubaOS-CX Credentials")
- Select Credential Type and choose the name you have chosen above for the Aruba Custom Credentials (in our case "Aruba-Custom-Credential-CX")
- Enter Username and Password
- Click Save
You can now create a job template with the Inventory and the Custom Credentials for our Modules.
The following describes how to create custom credentials for the usage of both module types within one Playbook.
- Please navigate in the Ansible Tower WebUI to Options (Gear in right corner).
- On the Options Page please select "Credential Types".
- Click the "+ADD" Button on the new Credential Types Page.
- Fill out the:
- Choose a Name your think that fits (e.g. Aruba-Custom-Credential Double)
- Fill the following into "Input Configuration" field below the first line ("---"). This will create a custom credential template in which you can later enter username and password.
fields: - type: string id: username label: Username Switch - secret: true type: string id: password label: Password Switch - type: string id: username_cx label: Username CX - secret: true type: string id: password_cx label: Password CX required: - username - password - username_cx - password_cx- Fill the following into "Injector Configuration" field below the first line ("---"). This will create variables which are going to be used by Ansible (Inventory and Playbooks). We are using these variables ("ansible_user", "ansible_password") for the connection automatically and they do not need to be used within the Playbook to connect. "password" and "user" will be parsed to the connection plugin within the playbook to not create variables with the same name.
extra_vars: ansible_password: '{{ password_cx }}' ansible_user: '{{ username_cx }}' password: '{{ password }}' user: '{{ username }}' - Create a credential similar to the process above but with this credential type and use it the for the Playbook.
If you want to use the example playbooks in the "aruba-ansible-modules/example_playbooks" directory, please follow the following instruction to set them up in Ansible Tower. These workflows expect to have everything in place from above.
- First, make sure to change the hosts line in all the example playbooks from
- hosts: switch1to- hosts: all. This allows for the playbooks to be ran with any Switch or CX host. - Then copy all Playbook examples into a directory in the "/var/lib/awx/projects" directory. You will need root permissions most of the time.
sudo mkdir /var/lib/awx/projects/aruba_examplessudo cp aruba-ansible-modules/example_playbooks/arubaoss/* /var/lib/awx/projects/aruba_examplessudo cp aruba-ansible-modules/example_playbooks/arubaoscx/* /var/lib/awx/projects/aruba_examples - Go to the WebUI of Ansible Tower and click on "Projects"
- Click "+ADD" and enter a Name
- Select "Manual" as "SCM TYPE"
- Choose the playbook directory you have created in "/var/lib/awx/projects", in the example we created the directory
aruba_examples - Click Save
This explains how to add the vlan.yml example playbook for ArubaOS-Switch into Tower.
- Go to Ansible Tower WebUI "Templates"
- Press "+ADD" -> "Job Template" and enter a name
- Select Inventory that is filled with the information above
- Select Project with the name from above
- Choose playbook "vlan.yml"
- Add Credentials "SSH Decoy" for Machine Type Credential and select "Aruba-Custom-Credential Single" Type and click on the name of your credential from above. Close window by clicking select.
- Press save
This explains how to add the vlan.yml example playbook for ArubaOS-CX into Tower.
- Go to Ansible Tower WebUI "Templates"
- Press "+ADD" -> "Job Template" and enter a name
- Select Inventory that is filled with the information above
- Select Project with the name from above
- Choose playbook "vlan.yml"
- Add Credentials "SSH Decoy" for Machine Type Credential and select "Aruba-Custom-Credential Single" Type and click on the name of your credential from above. Close window by clicking select.
- Press save
Enter the following commands and follow prompts
1. $: su # become root user 2. #: cd /var/lib/awx/projects # go to ansible tower project dir 3. _copy ansible tower project in this project_ (E.g.: sftp/winscp or something else) 4. cd into project 5. #: chmod +x ./prem.sh 6. #: ./prem.sh
The following part will cover the Ansible Tower setup for the Aruba Switching Ansible Automation project. Make sure that you already followed the Steps for Module Integration and Aruba Switching Project Integration.
- Go to the WebUI of Ansible Tower and click on "Projects"
- Click "+ADD" and enter a Name
- Select "Manual" as "SCM TYPE"
- Choose the playbook directory "aruba-switch-ansible-tower"
- Click Save
This is an example of how to create the inventory accordingly to the current project structure by hand. This will build an inventory which is capable to run all workflows. If you do not want certain variables do not enter them. Each block of specific variables is annotated by the workflow that needs them.
- Click on "Inventory"
- Click "+ADD" Inventory and enter a name
- Click on Save
- Click on Groups in the same window
- Click "+ADD GROUP" and enter the name "branch1"
- Enter the following variables below the "---" in the "Variables" Text Field in "YAML" Mode:
# General Vars cx_group_name: "branch1_cxs" # Group for the CX switches sw_group_name: "branch1_switches" # Group for the ArubaOS Switches # ZTP Vars peer1: "cx-aa-bb-cc-dd-ee-2f" # Name of Host Variable for AOS-CX Peer 1 Switch peer2: "cx-aa-bb-cc-dd-ee-1f" # Name of Host Variable for AOS-CX Peer 2 Switch
- Click save
- Click on "Groups" in the same window
- Click "+ADD" and then "New Group" and enter the name "branch1_cxs"
- Enter the following variables below the "---" in the "Variables" Text Field in "YAML" Mode:
group: "branch1" # Config Generator Vars isl_link1: "1/1/47" isl_link2: "1/1/48" isl_link_description: "link to SWAG for ISL & SVI OSPF Peering" upstream_link: "1/1/1"
- Click on save, click on "brnach1_cx" and then click on "Hosts" in the same window.
- Repeat the following steps for each AOS-CX Switch you want to add:
- Click "+ADD" and "New Host"
- Enter the mac address of the Host as name separated by "-" (e.g.: "cx-aa-bb-cc-dd-ee-1f"). If you want to use another name, make sure that you adopt the name in the branch1 group vars (Step 6) as well.
- Enter the following variables below the "---" in the "Variables" Text Field in "YAML" Mode:
ip: "TARGETIP" # Replace "TARGETIP" with the IP of the Switch # Config Generator Vars hostname: "cx-aa-bb-cc-dd-ee-1f" # This will be the name of the file that will be created by the config generator
- Click save
- Scroll down and click on "branch1" in the window of your inventory (Has the name you gave to it as a header)
- Click on "+ ADD" and then "New Group" in the Window at the top and enter the name "branch1_switches"
- Enter the following variables below the "---" in the "Variables" Text Field in "YAML" Mode:
group: "branch1" # Config Generator Vars uplinkvlan: 302 uplinkvlanname: "VLAN302" uplinktrunk: "trk1" oobmip: "10.6.7.29" oobmmask: "255.255.255.0" oobmgw: "10.6.7.1" # ZTP Vars cx_port_subnet: "255.255.255.0" cx_port_vlan: 302 - Click on save, click on "brnach1_switches" and then click on "Hosts" in the same window.
- Repeat the following steps for each AOS-Switch Switch you want to add:
- Click "+ADD" and "New Host"
- Enter the mac address of the Host as name separated by "-" and started by "sw- (e.g.: "sw-94-18-82-dd-f3-00").
- Enter the following variables below the "---" in the "Variables" Text Field in "YAML" Mode:
ip: "STATICIP" # Replace "STATICIP" with the intendet static IP of the Switch hostname: "branch1_2930M" # Intendet Hostname of the Switch sw_mac: "94:18:82:dd:f3:00" # Mac addresse seperated by ":" with "sw-" at start
- Click save
- Please navigate in the Ansible Tower WebUI to Options (Gear in right corner).
- On the Options Page please select "Credential Types".
- Click the "+ADD" Button on the new Credential Types Page.
- Fill out the:
- Choose a Name your think that fits (e.g. "Aruba Automation Custom Credentials-CX")
- Fill the following into "Input Configuration" field below the first line ("---"). This will create a custom credential template in which you can later enter username and password.
fields: - type: string id: username label: Username - type: string id: password label: Password secret: true required: - username - password- Fill the following into "Injector Configuration" field below the first line ("---"). This will create variables which are going to be used by Ansible (Inventory and Playbooks).
extra_vars: password_cx: '{{ password }}' user_cx: '{{ username }}'
- Please navigate in the Ansible Tower WebUI to Options (Gear in right corner).
- On the Options Page please select "Credential Types".
- Click the "+ADD" Button on the new Credential Types Page.
- Fill out the:
- Choose a Name your think that fits (e.g. "Aruba Automation Custom Credentials-Switch")
- Fill the following into "Input Configuration" field below the first line ("---"). This will create a custom credential template in which you can later enter username and password.
fields: - type: string id: username label: Username - type: string id: password label: Password secret: true required: - username - password- Fill the following into "Injector Configuration" field below the first line ("---"). This will create variables which are going to be used by Ansible (Inventory and Playbooks).
extra_vars: password: '{{ password }}' user: '{{ username }}'
- Please navigate in the Ansible Tower WebUI to Options (Gear in right corner).
- On the Options Page please select "Credential Types".
- Click the "+ADD" Button on the new Credential Types Page.
- Fill out the:
- Choose a Name your think that fits (e.g. "Aruba Automation Custom Credentials Switch and CX")
- Fill the following into "Input Configuration" field below the first line ("---"). This will create a custom credential template in which you can later enter username and password.
fields: - type: string id: username label: Username Switch - secret: true type: string id: password label: Password Switch - type: string id: username_cx label: Username CX - secret: true type: string id: password_cx label: Password CX required: - username - password - username_cx - password_cx- Fill the following into "Injector Configuration" field below the first line ("---"). This will create variables which are going to be used by Ansible (Inventory and Playbooks).
extra_vars: password: '{{ password }}' password_cx: '{{ password_cx }}' user: '{{ username }}' user_cx: '{{ username_cx }}'
Next up is creating custom credentials for AOS-Switch devices:
- Move to Options
- Move to Credentials
- Click "+ADD"
- Choose a name (e.g.: "AOS-Switch Credentials", "AOS-CX Credentials" or "AOS-Switch and AOS-CX Credentials")
- Select Credential Type and choose the name you have chosen above for the Aruba Custom Credentials (in our case "Aruba Automation Custom Credential" ending with "Switch", "CX" or both)
- Enter Username and Password
- Click Save
You can now create a job template with the Inventory and the Custom Credentials for our Modules.
Our templates will also use credentials called "SSH_Decoy". We must use them because Ansible is forcing you to add "Machine"-Credentials in the case of creating a Workflow template. But because our automation and modules do not need SSH credentials we are supplying it with empty SSH Decoy Machine credential which will not be used.
- Go to Credentials
- Add and enter name "SSH_Decoy"
- Select Credential Type "Machine"
- Click Save (it is not needed to supply a password or username!)
The following will describe how to set up the template for each Automation Workflow. It always starts with pressing the "+ADD" Button and ends with pressing save.
- Enter Name "AOS-CX Modules Example Workflow"
- Select the Inventory that you have created above
- Select the Project that you have created above
- Choose the Playbook "aoscx_module_config_example.yml"
- Add Credential "SSH_Decoy" from the "Machine" Credential Type and select the Custom Credential Type for AOS-CX, select the credential entry that will show and click select.
- Enter a Limit of Switches if you do not want to run it against all Switches. In our case, we want to only run it against one branch and thus enter "branch1_cxs" in the "Limit" field.
- Enter the following below "---" in the "extra variables" field:
state: configure # configure/unconfigure to decided what Workflow shall do
- Enter Name "AOS-Switch Modules Example Workflow"
- Select the Inventory that you have created above
- Select the Project that you have created above
- Choose the Playbook "aoss_module_config_example.yml"
- Add Credential "SSH_Decoy" from the "Machine" Credential Type and select the Custom Credential Type for AOS-Switch, select the credential entry that will show and click select.
- Enter a Limit of Switches if you do not want to run it against all Switches. In our case, we want to only run it against one branch and thus enter "branch1_switches" in the "Limit" field.
- Enter the following below "---" in the "extra variables" field:
state: configure # configure/unconfigure to decided what Workflow shall do
- Enter Name "AOS-Switch Modules Example Workflow"
- Select the Inventory that you have created above
- Select the Project that you have created above
- Choose the Playbook "arubaos_switch_config.yml"
- Add Credential "SSH_Decoy" from the "Machine" Credential Type and select the Custom Credential Type for AOS-Switch, select the credential entry that will show and click select.
- Enter a Limit of Switches if you do not want to run it against all Switches. In our case, we want to only run it against one branch and thus enter "branch1_switches" in the "Limit" field.
- Enter Name "AOS-Switch Firmware Workflow (SSH CLI)"
- Select the Inventory that you have created above
- Select the Project that you have created above
- Choose the Playbook "arubaos_switch_firmware.yml"
- Add Credential "SSH_Decoy" from the "Machine" Credential Type and select the Custom Credential Type for AOS-Switch, select the credential entry that will show and click select.
- Enter a Limit of Switches if you do not want to run it against all Switches. In our case, we want to only run it against one branch and thus enter "branch1_switches" in the "Limit" field.
- Enter Name "Config Generator Workflow"
- Select the Inventory that you have created above
- Select the Project that you have created above
- Choose the Playbook "config_generator.yml"
- Add Credential "SSH_Decoy" from the "Machine" Credential Type and select the Custom Credential Type for AOS-Switch and AOS-CX, select the credential entry that will show and click select.
- Enter a Limit of Switches if you do not want to run it against all Switches. In our case, we want to only run it against one branch and thus enter "branch1" in the "Limit" field.
- Enter Name "ZTP Solution Workflow"
- Select the Inventory that you have created above
- Select the Project that you have created above
- Choose the Playbook "ztp_start.yml"
- Add Credential "SSH_Decoy" from the "Machine" Credential Type and select the Custom Credential Type for AOS-Switch and AOS-CX, select the credential entry that will show and click select.
- Enter the following below "---" in the "extra variables" field:
site: branch1
In CLI:
ansible-tower-service restart
If the Ansible Tower installation is consisting of multiple nodes and you set up your project manually, you might need to set up the project and modules on each node. Ansible Tower might circle through each node to run its Jobs. If it runs the Job on a node where the project does not exist, the job will fail.
- The Error Message for this problem will occur in the Job details window of a failed Job and mention a "task.py" file.