Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

arubaoss_acl_policy module throws errors on #86

Open
bdbrassart opened this issue Sep 15, 2023 · 0 comments
Open

arubaoss_acl_policy module throws errors on #86

bdbrassart opened this issue Sep 15, 2023 · 0 comments

Comments

@bdbrassart
Copy link

bdbrassart commented Sep 15, 2023

ansible 2.13.11
arubanetworks.aos_switch 1.7.0

The switch is an Aruba JL075A 3810M-16SFP+
Code is 16.11.0013

My ansible_connection variable is set to local, and I have NETWORK_GROUP_MODULES=arubaoss in my ansible.cfg.

I'm building a playbook using the arubaoss_acl_policy, and looping through items to create an ACL with multiple ACE's. The playbook randomly times out sometimes.

Here is my items:

acl_entries:
      - { dstip: '10.0.0.1', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 1' }
      - { dstip: '10.0.0.2', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 2' }
      - { dstip: '10.0.0.3', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 3' }
      - { dstip: '10.0.0.4', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 4' }
      - { dstip: '10.0.0.5', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 5' }
      - { dstip: '10.0.0.6', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 6' }
      - { dstip: '10.0.0.7', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 7' }
      - { dstip: '10.0.0.8', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 8' }
      - { dstip: '10.0.0.9', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 9' }
      - { dstip: '10.0.0.10', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 10' }
      - { dstip: '10.0.0.11', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 11' }
      - { dstip: '0.0.0.0', dstmask: '255.255.255.255', action: 'AA_DENY', proto: 'PT_IP', remark: 'Test 12' }

Here's my task:

- name: Create Access Control Entry
      arubaoss_acl_policy:
        use_ssl: True
        port: '443'
        api_version: v6.0
        acl_name: "{{ acl_name }}"
        source_ip_address: "0.0.0.0"
        source_ip_mask: "255.255.255.255"
        destination_ip_address: "{{ item.dstip }}"
        destination_ip_mask: "{{ item.dstmask }}"
        acl_action: "{{ item.action }}"
        protocol_type: "{{ item.proto }}"
        acl_type: AT_EXTENDED_IPV4
        remark: "{{ item.remark }}"
      loop: "{{ acl_entries }}"
      loop_control:
        loop_var: item

I have the API version, use_ssl, and port set because I cannot have HTTP enabled in my environment.

Here is some output from running the play:

changed: [switch-name-removed] => (item={'dstip': '10.0.0.1', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 1'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.2', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 2'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.3', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 3'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.4', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 4'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.5', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 5'})
failed: [switch-name-removed] (item={'dstip': '10.0.0.6', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 6'}) => {"ansible_loop_var": "item", "changed": false, "item": {"action": "AA_PERMIT", "dstip": "10.0.0.6", "dstmask": "0.0.0.0", "proto": "PT_IP", "remark": "Test 6"}, "msg": "Request failed: <urlopen error _ssl.c:1114: The handshake operation timed out>", "status": -1, "url": "https://switch-name-removed.company.org:443/rest/v8.0/login-sessions"}
changed: [switch-name-removed] => (item={'dstip': '10.0.0.7', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 7'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.8', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 8'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.9', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 9'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.10', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 10'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.11', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 11'})
failed: [switch-name-removed] (item={'dstip': '0.0.0.0', 'dstmask': '255.255.255.255', 'action': 'AA_DENY', 'proto': 'PT_IP', 'remark': 'Test 12'}) => {"ansible_loop_var": "item", "changed": false, "item": {"action": "AA_DENY", "dstip": "0.0.0.0", "dstmask": "255.255.255.255", "proto": "PT_IP", "remark": "Test 12"}, "msg": "Request failed: <urlopen error _ssl.c:1114: The handshake operation timed out>", "status": -1, "url": "https://switch-name-removed.company.org:443/rest/v6.0/login-sessions"}

Running with -vvvv doesn't give me any more info beyond "The handshake operation timed out"

It also doesn't always fail on the same lines. Sometimes the same lines will fail, sometimes it's different ones.

I have also tried adding a pause in the loop_control, and it doesn't make a difference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant