Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

arubaoss_dot1x error with port configuration #52

Open
ad-ko opened this issue Oct 17, 2022 · 5 comments
Open

arubaoss_dot1x error with port configuration #52

ad-ko opened this issue Oct 17, 2022 · 5 comments

Comments

@ad-ko
Copy link

ad-ko commented Oct 17, 2022

Hi,

I'm trying to do a port configuration with the module arubaoss_dot1x but get the error message "unable to load response from device".

Playbook

---
- hosts: all
  name: AAA Configuration
  gather_facts: true
  tasks:

    - name: Configure dot1x on port
      arubanetworks.aos_switch.arubaoss_dot1x:
        use_ssl: true
        port: 443
        command: authenticator_port_config
        port_id: 5
        is_authenticator_enabled: true
        reauth_period: 28800
        client_limit: 2
        tx_period: 10

This is the ansible error:

The full traceback is:
  File "/tmp/ansible_arubanetworks.aos_switch.arubaoss_dot1x_payload_hsoq2xyc/ansible_arubanetworks.aos_switch.arubaoss_dot1x_payload.zip/ansible_collections/arubanetworks/aos_switch/plugins/module_utils/arubaoss.py", line 333, in run_commands
    response = self._module.from_json(to_text(data, errors='surrogate_then_replace')) # NOQA
  File "/tmp/ansible_arubanetworks.aos_switch.arubaoss_dot1x_payload_hsoq2xyc/ansible_arubanetworks.aos_switch.arubaoss_dot1x_payload.zip/ansible/module_utils/basic.py", line 1461, in from_json
    return json.loads(data)
  File "/usr/lib/python3.10/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.10/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.10/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
fatal: [aosswitch_1]: FAILED! => {
    "changed": false,
    "data": "",
    "invocation": {
        "module_args": {
            "allow_gvrp_vlans": false,
            "allow_mbv": false,
            "allow_mixed_users": false,
            "api_version": "v8.0",
            "authorized_vlan_id": 0,
            "cached_reauth_delay": 0,
            "cached_reauth_period": 0,
            "client_limit": 2,
            "command": "authenticator_port_config",
            "control": "DAPC_AUTO",
            "controlled_direction": "DCD_BOTH",
            "enforce_cache_reauth": false,
            "host": "172.27.107.79",
            "is_authenticator_enabled": true,
            "is_dot1x_enabled": false,
            "is_port_speed_vsa_enabled": false,
            "logoff_period": 0,
            "max_requests": 0,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "port_id": "5",
            "primary_authentication_method": "DPAM_LOCAL",
            "provider": {
                "api_version": null,
                "host": "172.27.107.79",
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "port": 80,
                "ssh_keyfile": null,
                "timeout": 30,
                "transport": "aossapi",
                "use_proxy": false,
                "use_ssl": false,
                "username": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "validate_certs": false
            },
            "quiet_period": 0,
            "reauth_period": 28800,
            "secondary_authentication_method": "DSAM_NONE",
            "server_group": "",
            "server_timeout": 0,
            "ssh_keyfile": null,
            "supplicant_timeout": 0,
            "timeout": 30,
            "tx_period": 10,
            "unauth_period": 0,
            "unauthorized_vlan_id": 0,
            "use_lldp_data": false,
            "use_ssl": true,
            "username": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "validate_certs": false
        }
    },
    "msg": "unable to load response from device"
}

Ansible environment:

ansible [core 2.13.4]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ad/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  ansible collection location = /home/ad/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.7 (main, Sep  6 2022, 21:22:27) [GCC 12.2.0]
  jinja version = 3.1.2
  libyaml = True

REST Debug information:
debug_rest.log

Switch version:

Aruba 2530-24G
Software revision  : YA.16.11.0007

All other used modules work as expected.
Do you have any idea what could be wrong here?

Thank you and many greetings,
Andreas
@alagoutte
Copy link
Contributor

Hi Andreas

what the configuration of the switch ?

@ad-ko
Copy link
Author

ad-ko commented Oct 18, 2022

Running configuration:

; J9776A Configuration Editor; Created on release #YA.16.11.0007
; Ver #14:41.44.00.04.19.02.13.98.82.34.61.18.28.f3.84.9c.63.ff.37.27:05
hostname "aosswitch_1"
aruba-central disable
dhcp-snooping
dhcp-snooping vlan 400 500 600 666 
radius-server host 10.0.0.1 key "RADIUS!"
radius-server host 10.0.0.1 dyn-authorization
timesync ntp
no sntp
ntp server 192.53.103.103 iburst
ntp enable
no telnet-server
time daylight-time-rule western-europe
time timezone 60
no web-management
web-management ssl
ip ssh filetransfer
ip client-tracker probe-delay 15
interface 24
   dhcp-snooping trust
   name "UPLINK_INTERFACE"
   exit
interface 25
   dhcp-snooping trust
   name "UPLINK_INTERFACE"
   exit
interface 26
   dhcp-snooping trust
   name "UPLINK_INTERFACE"
   exit
interface 27
   dhcp-snooping trust
   name "UPLINK_INTERFACE"
   exit
interface 28
   dhcp-snooping trust
   name "UPLINK_INTERFACE"
   exit
snmpv3 enable
snmpv3 group managerpriv user "SNMPpf" sec-model ver3
snmpv3 user "SNMPpf"
aaa server-group radius "PacketFence" host 10.0.0.1
aaa authentication port-access eap-radius server-group "PacketFence"
aaa port-access authenticator active
vlan 1
   name "DEFAULT_VLAN"
   no untagged 5-9
   untagged 1-4,10-28
   ip address dhcp-bootp
   exit
vlan 400
   name "Server"
   tagged 24-28
   no ip address
   exit
vlan 500
   name "Clients"
   tagged 24-28
   no ip address
   exit
vlan 600
   name "WLAN-Clients"
   tagged 24-28
   no ip address
   exit
vlan 666
   name "Dummy"
   untagged 5-9
   no ip address
   exit
spanning-tree
spanning-tree 5 admin-edge-port
spanning-tree 5 bpdu-protection
spanning-tree 6 admin-edge-port
spanning-tree 6 bpdu-protection
spanning-tree 7 admin-edge-port
spanning-tree 7 bpdu-protection
spanning-tree 8 admin-edge-port
spanning-tree 8 bpdu-protection
spanning-tree 9 admin-edge-port
spanning-tree 9 bpdu-protection
no tftp client
no tftp server
no dhcp config-file-update
no dhcp image-file-update
no dhcp tr69-acs-url
password manager
password operator

@ad-ko
Copy link
Author

ad-ko commented Oct 27, 2022

After taking a closer look at this problem, I was able to figure out the cause.

I had to set some default values in the file "arubaoss_dot1x.py":

logoff_period=dict(type='int', required=False, default=300),
client_limit=dict(type='int', required=False, default=0),
quiet_period=dict(type='int', required=False, default=60),
tx_period=dict(type='int', required=False, default=30),
supplicant_timeout=dict(type='int', required=False, default=30),
server_timeout=dict(type='int', required=False, default=300),
max_requests=dict(type='int', required=False, default=2),

When the default values are set to 0, I get the error message described above.

{"port_id": "5", "is_authenticator_enabled": true, "control": "DAPC_AUTO", "unauthorized_vlan_id": 0,
"client_limit": 2, "quiet_period": 0, "tx_period": 10, "supplicant_timeout": 0, "server_timeout": 0,
"max_requests": 0, "reauth_period": 28800, "authorized_vlan_id": 0, "logoff_period": 0, "unauth_period": 0,
"cached_reauth_period": 0, "enforce_cache_reauth": false}HTTP/1.1 400 Bad Request

{"message":"Invalid input: 0"}

@alagoutte
Copy link
Contributor

After taking a closer look at this problem, I was able to figure out the cause.

I had to set some default values in the file "arubaoss_dot1x.py":

logoff_period=dict(type='int', required=False, default=300),
client_limit=dict(type='int', required=False, default=0),
quiet_period=dict(type='int', required=False, default=60),
tx_period=dict(type='int', required=False, default=30),
supplicant_timeout=dict(type='int', required=False, default=30),
server_timeout=dict(type='int', required=False, default=300),
max_requests=dict(type='int', required=False, default=2),

When the default values are set to 0, I get the error message described above.

{"port_id": "5", "is_authenticator_enabled": true, "control": "DAPC_AUTO", "unauthorized_vlan_id": 0,
"client_limit": 2, "quiet_period": 0, "tx_period": 10, "supplicant_timeout": 0, "server_timeout": 0,
"max_requests": 0, "reauth_period": 28800, "authorized_vlan_id": 0, "logoff_period": 0, "unauth_period": 0,
"cached_reauth_period": 0, "enforce_cache_reauth": false}HTTP/1.1 400 Bad Request

{"message":"Invalid input: 0"}

Yes, good catch... there is a bug for this case @tchiapuziowong

@tchiapuziowong
Copy link
Member

thank you @alagoutte I'll bring this up with development!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alagoutte @tchiapuziowong @ad-ko