Example Workflows
Use-cases and workflows as working examples to kick start your AOS8 automation journey
This section consists of various example playbooks that lists single/multiple tasks to achieve different use cases. Below you will find modules used from the AOS WLAN Role that use AOS 8's REST API as well our SSH modules that communicates over the SSH interface.
Day 1 Automation
While configuring a new site, the typical tasks one would have to do can be listed as:
adding/creating node-hierarchy, adding a managed device to the hierarchy, changing the hostname of the managed device, create AP groups, whitelisting APs, adding APs to AP groups, creating new SSIDs, etc. Some of these task examples are listed below
- name: Create and configure a site hosts: all connection: local gather_facts: no roles: - role: arubanetworks.aos_wlan_role tasks: - name: Creating node hierarchy aos_api_config: method: POST config_path: /md data: - configuration_node: node-path: /md/Boston - name: Adding a device aos_api_config: method: POST config_path: /md data: - configuration_device: dev-model: A7010 mac-address: fa:fa:fa:fa:fa:fa config-path: md/Boston - name: Changnig hostname of the managed device aos_api_config: method: POST config_path: /md/Boston/fa:fa:fa:fa:fa:fa data: - hostname: hostname: new-md - name: Moveing Virtua-AP to AP-Group aos_api_config: method: POST config_path: /md/Boston data: - ap_group: - profile-name: test_apgroup virtual-ap: - profile-name: test_vap - name: Whitelisting an Access Point to the new AP-Group aos_cap_whitelist: action: add ap_name: test-ap-1 ap_group: test_apgroup mac_address: "ab:32:32:32:32:32" description: Boston Office, Building-6, 2nd Floor
Run-Time Automation
Add a new Radius Server
——主机:所有连接:本地gather_facts:没有罗les: - role: arubanetworks.aos_wlan_role tasks: - name: Adding a RADIUS server aos_api_config: method: POST config_path: /md/Boston data: - rad_server: - rad_server_name: test-server rad_host: host: 1.1.1.1Create a Guest SSID:
For creating a Guest SSID one would have to configure the following profiles: Radius Server, Server Group, RFC server, Dot1x Auth profile, AAA profiles, Captive Portal Profile, SSID Profile, VAP Profile, AP Group
--- - name: Create and configure an internal Guest SSID hosts: all connection: local gather_facts: no roles: - role: arubanetworks.aos_wlan_role tasks: - name: Create the ssid profile with essid and opmode aos_api_config: method: POST config_path: /md/Boston data: - ssid_prof: profile-name: ssid-guest-demo ssid_enable: {} essid: essid: guest-demo opmode: opensystem: true - name: Create the netdestination for the authenticated clients aos_api_config: method: POST config_path: /md/Boston data: - netdst: dstname: netdst-guest-demo netdst__network: - address: 10.0.0.0 netmask: 255.0.0.0 - address: 192.16.0.0 netmask: 255.255.0.0 - name: Create the periodic time range aos_api_config: method: POST config_path: /md/Boston data: - time_range_per: name: guest-demo-working-hrs time_range_per__day: - day: Weekday StartTime: '07:00' EndTime: '18:00' - name: Create the policy with session acls and time range aos_api_config: method: POST config_path: /md/Boston data: - acl_sess: accname: acl-guest-demo-time-range acl_sess__v4policy: - suser: true dany: true service-name: svc-dhcp permit: true trname: guest-demo-working-hrs - suser: true dany: true service-name: svc-dns permit: true trname: guest-demo-working-hrs - suser: true dstalias: netdst-guest-demo service-any: true permit: true trname: guest-demo-working-hrs - suser: true dany: true service-name: svc-http permit: true trname: guest-demo-working-hrs - suser: true dany: true service-name: svc-https permit: true trname: guest-demo-working-hrs - suser: true dany: true service-any: true deny: true - name: Create the user role assigned after captive portal authentication aos_api_config: method: POST config_path: /md/Boston data: - role: rname: demo role__acl: - acl_type: session pname: acl-guest-demo-time-range - name: Create the captive portal authentication profile aos_api_config: method: POST config_path: /md/Boston data: - cp_auth_profile: profile-name: cp-guest-demo cp_default_role: default-role: demo cp_default_guest_role: default-guest-role: demo cp_server_group: server-group: internal allow_user: {} logout_popup: {} cp_proto_http: {} - name: Create the guest logon user role aos_api_config: method: POST config_path: /md/Boston data: - role: rname: usr-guest-demo role__acl: - acl_type: session pname: logon-control - acl_type: session pname: captiveportal - acl_type: session pname: v6-logon-control - acl_type: session pname: captiveportal6 role__cp: cp_profile_name: cp-guest-demo - name: Create the aaa profile aos_api_config: method: POST config_path: /md/Boston data: - aaa_prof: profile-name: aaa-guest-demo default_user_role: role: usr-guest-demo - name: Create the virtual ap profile aos_api_config: method: POST config_path: /md/Boston data: - virtual_ap: profile-name: vap-guest-demo aaa_prof: profile-name: aaa-guest-demo vlan: vlan: 16 ssid_prof: profile-name: ssid-guest-demo - name: Create the AP group with virtual AP profile aos_api_config: method: POST config_path: /md/Boston data: - ap_group: profile-name: apgrp-guest-demo virtual_ap: - profile-name: vap-guest-demo
Monitoring Automation
Showcommand API Example
- name: Execute a show command hosts: all connection: local gather_facts: no roles: - role: arubanetworks.aos_wlan_role tasks: - name: Get basic information about Access Points aos_show_command: command: show ap databaseGET API Example to fetch VLANs
——主机:所有连接:本地gather_facts:没有罗les: - role: arubanetworks.aos_wlan_role tasks: - name: Get a list of all VLANs from current as well as parent hierarchy aos_vlan: action: get type: all config_path: /md/Boston
SSH Modules
In order to automate tasks on the Mobility Conductor via the SSH interface, you can use our SSH modules for Ansible. There are two modules available for CLI automation through SSH:
aruba_config- to manage Aruba configuration sections
- name: configure top level configuration aruba_config: lines: hostname {{ inventory_hostname }}aruba_command- to run commands on remote devices running Aruba Mobility Controller
——名称:运行多个命令和评估put aruba_command: commands: - show version - show interfaces wait_for: - result[0] contains Aruba - result[1] contains Loopback0Updated 7 months ago