search

ytti / oxidized

Oxidized is a network device configuration backup tool. It's a RANCID replacement!
Apache License 2.0
2.77k stars 916 forks source link

Aruba Instant Access Points always generating new configs #3057

Open seederp2p opened 7 months ago

seederp2p commented 7 months ago

Hi!

I've a 13 Aruba Instant AP Cluster.

Oxidized has 5000+ configuration diffs... it looks like the APs keep generating different HASH for the saved password (SSID Passwords, RADIUS Passwords, SNMP Comunities, etc).

So this basically generates a "new config".

I'm using Oxidized v.0.29.1

systeembeheerder commented 7 months ago 
models:
  aosw:
    vars:
      remove_secret: true

in your config filters those out.

robertcheramy commented 2 months ago

We need to run show running-config no-encrypt on the IAPs. This command is not available on hardware WLCs, so we need a way to find out if we are fetching from an IAP of from an Hardware controller.

robertcheramy commented 2 months ago

After looking into the details, I've come to the conclusion that Aruba OS (Hardware WLAN Controllers) an Aruba Instant (IAP) are two different Operating Systems with two different command sets. I plan to provide a new arubainstant.rb model for Aruba Instant.

systeembeheerder commented 3 weeks ago

Not sure if these have different OS. Aruba 505 AP's run without a hardware wlan controller. One of the AP's hosts a "virtual controller". It identifies itself as Aruba OS. No mentioning of "instant" anywhere.

AP-TD# show version
Aruba Operating System Software.
ArubaOS (MODEL: 505), Version 8.12.0.2 SSR
Website: http://www.arubanetworks.com
(c) Copyright 2024 Hewlett Packard Enterprise Development LP.
Compiled on 2024-07-31 at 08:54:55 UTC (build 90468) by jenkins
FIPS Mode :disabled

AP uptime is 12 minutes 2 seconds
Reboot Time and Cause: AP rebooted Mon Sep 9 16:21:27 CEST 2024; System cmd at uptime 62D 13H 8M 58S: Image Upgrade Successful
AP-TD# show running-config <TAB>
<cr>
no-encrypt     Disable Encrypted display

AP-TD# show running-config
seederp2p commented 3 weeks ago

I think it's better to clearly split this into IAP vs Controller infrastructure.

One .rb should be used for IAP's and the other one for controllers. :)

robertcheramy commented 3 weeks ago

Yes, they both display Aruba Operating System Software when doing show version, but the command sets are very different. I have written a new model für Aruba Instant, and will commit it soon.