search

aruba / aos-switch-ansible-collection

Ansible collection for AOS-Switch switches
67 stars 19 forks source link

arubaoss_dot1x error with port configuration #52

Open ad-ko opened 2 years ago

ad-ko commented 2 years ago

Hi,

I'm trying to do a port configuration with the module arubaoss_dot1x but get the error message "unable to load response from device".

Playbook

---
- hosts: all
  name: AAA Configuration
  gather_facts: true
  tasks:

    - name: Configure dot1x on port
      arubanetworks.aos_switch.arubaoss_dot1x:
        use_ssl: true
        port: 443
        command: authenticator_port_config
        port_id: 5
        is_authenticator_enabled: true
        reauth_period: 28800
        client_limit: 2
        tx_period: 10

This is the ansible error:

The full traceback is:
  File "/tmp/ansible_arubanetworks.aos_switch.arubaoss_dot1x_payload_hsoq2xyc/ansible_arubanetworks.aos_switch.arubaoss_dot1x_payload.zip/ansible_collections/arubanetworks/aos_switch/plugins/module_utils/arubaoss.py", line 333, in run_commands
    response = self._module.from_json(to_text(data, errors='surrogate_then_replace')) # NOQA
  File "/tmp/ansible_arubanetworks.aos_switch.arubaoss_dot1x_payload_hsoq2xyc/ansible_arubanetworks.aos_switch.arubaoss_dot1x_payload.zip/ansible/module_utils/basic.py", line 1461, in from_json
    return json.loads(data)
  File "/usr/lib/python3.10/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.10/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.10/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
fatal: [aosswitch_1]: FAILED! => {
    "changed": false,
    "data": "",
    "invocation": {
        "module_args": {
            "allow_gvrp_vlans": false,
            "allow_mbv": false,
            "allow_mixed_users": false,
            "api_version": "v8.0",
            "authorized_vlan_id": 0,
            "cached_reauth_delay": 0,
            "cached_reauth_period": 0,
            "client_limit": 2,
            "command": "authenticator_port_config",
            "control": "DAPC_AUTO",
            "controlled_direction": "DCD_BOTH",
            "enforce_cache_reauth": false,
            "host": "172.27.107.79",
            "is_authenticator_enabled": true,
            "is_dot1x_enabled": false,
            "is_port_speed_vsa_enabled": false,
            "logoff_period": 0,
            "max_requests": 0,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "port_id": "5",
            "primary_authentication_method": "DPAM_LOCAL",
            "provider": {
                "api_version": null,
                "host": "172.27.107.79",
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "port": 80,
                "ssh_keyfile": null,
                "timeout": 30,
                "transport": "aossapi",
                "use_proxy": false,
                "use_ssl": false,
                "username": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "validate_certs": false
            },
            "quiet_period": 0,
            "reauth_period": 28800,
            "secondary_authentication_method": "DSAM_NONE",
            "server_group": "",
            "server_timeout": 0,
            "ssh_keyfile": null,
            "supplicant_timeout": 0,
            "timeout": 30,
            "tx_period": 10,
            "unauth_period": 0,
            "unauthorized_vlan_id": 0,
            "use_lldp_data": false,
            "use_ssl": true,
            "username": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "validate_certs": false
        }
    },
    "msg": "unable to load response from device"
}

Ansible environment:

ansible [core 2.13.4]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ad/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  ansible collection location = /home/ad/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.7 (main, Sep  6 2022, 21:22:27) [GCC 12.2.0]
  jinja version = 3.1.2
  libyaml = True

REST Debug information: debug_rest.log

Switch version:

Aruba 2530-24G
Software revision  : YA.16.11.0007

All other used modules work as expected. Do you have any idea what could be wrong here?

Thank you and many greetings, Andreas

alagoutte commented 2 years ago

Hi Andreas

what the configuration of the switch ?

ad-ko commented 2 years ago

Running configuration:

; J9776A Configuration Editor; Created on release #YA.16.11.0007
; Ver #14:41.44.00.04.19.02.13.98.82.34.61.18.28.f3.84.9c.63.ff.37.27:05
hostname "aosswitch_1"
aruba-central disable
dhcp-snooping
dhcp-snooping vlan 400 500 600 666 
radius-server host 10.0.0.1 key "RADIUS!"
radius-server host 10.0.0.1 dyn-authorization
timesync ntp
no sntp
ntp server 192.53.103.103 iburst
ntp enable
no telnet-server
time daylight-time-rule western-europe
time timezone 60
no web-management
web-management ssl
ip ssh filetransfer
ip client-tracker probe-delay 15
interface 24
   dhcp-snooping trust
   name "UPLINK_INTERFACE"
   exit
interface 25
   dhcp-snooping trust
   name "UPLINK_INTERFACE"
   exit
interface 26
   dhcp-snooping trust
   name "UPLINK_INTERFACE"
   exit
interface 27
   dhcp-snooping trust
   name "UPLINK_INTERFACE"
   exit
interface 28
   dhcp-snooping trust
   name "UPLINK_INTERFACE"
   exit
snmpv3 enable
snmpv3 group managerpriv user "SNMPpf" sec-model ver3
snmpv3 user "SNMPpf"
aaa server-group radius "PacketFence" host 10.0.0.1
aaa authentication port-access eap-radius server-group "PacketFence"
aaa port-access authenticator active
vlan 1
   name "DEFAULT_VLAN"
   no untagged 5-9
   untagged 1-4,10-28
   ip address dhcp-bootp
   exit
vlan 400
   name "Server"
   tagged 24-28
   no ip address
   exit
vlan 500
   name "Clients"
   tagged 24-28
   no ip address
   exit
vlan 600
   name "WLAN-Clients"
   tagged 24-28
   no ip address
   exit
vlan 666
   name "Dummy"
   untagged 5-9
   no ip address
   exit
spanning-tree
spanning-tree 5 admin-edge-port
spanning-tree 5 bpdu-protection
spanning-tree 6 admin-edge-port
spanning-tree 6 bpdu-protection
spanning-tree 7 admin-edge-port
spanning-tree 7 bpdu-protection
spanning-tree 8 admin-edge-port
spanning-tree 8 bpdu-protection
spanning-tree 9 admin-edge-port
spanning-tree 9 bpdu-protection
no tftp client
no tftp server
no dhcp config-file-update
no dhcp image-file-update
no dhcp tr69-acs-url
password manager
password operator
ad-ko commented 2 years ago

After taking a closer look at this problem, I was able to figure out the cause.

I had to set some default values in the file "arubaoss_dot1x.py":

logoff_period=dict(type='int', required=False, default=300),
client_limit=dict(type='int', required=False, default=0),
quiet_period=dict(type='int', required=False, default=60),
tx_period=dict(type='int', required=False, default=30),
supplicant_timeout=dict(type='int', required=False, default=30),
server_timeout=dict(type='int', required=False, default=300),
max_requests=dict(type='int', required=False, default=2),

When the default values are set to 0, I get the error message described above.

{"port_id": "5", "is_authenticator_enabled": true, "control": "DAPC_AUTO", "unauthorized_vlan_id": 0,
"client_limit": 2, "quiet_period": 0, "tx_period": 10, "supplicant_timeout": 0, "server_timeout": 0,
"max_requests": 0, "reauth_period": 28800, "authorized_vlan_id": 0, "logoff_period": 0, "unauth_period": 0,
"cached_reauth_period": 0, "enforce_cache_reauth": false}HTTP/1.1 400 Bad Request

{"message":"Invalid input: 0"}
alagoutte commented 2 years ago

After taking a closer look at this problem, I was able to figure out the cause.

I had to set some default values in the file "arubaoss_dot1x.py":

logoff_period=dict(type='int', required=False, default=300),
client_limit=dict(type='int', required=False, default=0),
quiet_period=dict(type='int', required=False, default=60),
tx_period=dict(type='int', required=False, default=30),
supplicant_timeout=dict(type='int', required=False, default=30),
server_timeout=dict(type='int', required=False, default=300),
max_requests=dict(type='int', required=False, default=2),

When the default values are set to 0, I get the error message described above.

{"port_id": "5", "is_authenticator_enabled": true, "control": "DAPC_AUTO", "unauthorized_vlan_id": 0,
"client_limit": 2, "quiet_period": 0, "tx_period": 10, "supplicant_timeout": 0, "server_timeout": 0,
"max_requests": 0, "reauth_period": 28800, "authorized_vlan_id": 0, "logoff_period": 0, "unauth_period": 0,
"cached_reauth_period": 0, "enforce_cache_reauth": false}HTTP/1.1 400 Bad Request

{"message":"Invalid input: 0"}

Yes, good catch... there is a bug for this case @tchiapuziowong

tchiapuziowong commented 2 years ago

thank you @alagoutte I'll bring this up with development!