aos-switch-ansible-collection
aos-switch-ansible-collection copied to clipboard
aruba
The handshake operation timed out
I'm having some issues deploying VLANs to several HPE switches - 2530 mostly - when using the module arubaoss_vlan with REST-API. I have all my VLANs in a variable file and use a simple loop to configure them. Sporadically I receive the error message "The handshake operation timed out".
Example of switch with OS: JL356A running YC.16.11.0005
Debug output from the play
Using module file /home/ansible/.ansible/collections/ansible_collections/arubanetworks/aos_switch/plugins/modules/arubaoss_vlan.py
Pipelining is enabled.
<bjo-swi-krom-hp2540-2> EXEC /bin/sh -c '/usr/bin/python3 && sleep 0'
failed: [bjo-swi-krom-hp2540-2] (item={'tag': 160, 'name': 'BJO-FW-COLLABORATION'}) => {
"ansible_loop_var": "item",
"changed": false,
"invocation": {
"module_args": {
"acl_direction": null,
"acl_id": null,
"acl_type": "AT_STANDARD_IPV4",
"api_version": "v8.0",
"command": "config_vlan",
"config": "create",
"helper_addresses": "",
"host": "bjo-swi-krom-hp2540-2",
"igmp_version": 2,
"interval": 125,
"ip_address_mode": "IAAM_STATIC",
"is_dhcp_server_enabled": false,
"is_dsnoop_enabled": false,
"is_igmp_enabled": false,
"is_jumbo_enabled": false,
"is_management_vlan": false,
"is_querier_enabled": true,
"is_voice_enabled": false,
"last_member_query_interval": 1,
"name": "BJO-FW-COLLABORATION",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": null,
"port_id": "",
"port_mode": "POM_UNTAGGED",
"provider": {
"api_version": "None",
"host": "bjo-swi-krom-hp2540-2",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": null,
"ssh_keyfile": null,
"timeout": null,
"transport": "aossapi",
"use_proxy": false,
"use_ssl": true,
"username": "manager",
"validate_certs": false
},
"qos_policy": null,
"query_max_response_time": 20,
"robustness": 5,
"ssh_keyfile": null,
"status": "VS_PORT_BASED",
"timeout": null,
"use_ssl": true,
"username": "manager",
"validate_certs": false,
"version": "IAV_IP_V4",
"vlan_id": 160,
"vlan_ip_address": "",
"vlan_ip_mask": "",
"vlantype": "VT_STATIC"
}
},
"item": {
"name": "BJO-FW-COLLABORATION",
"tag": 160
},
"status": -1,
"url": "https://bjo-swi-krom-hp2540-2:443/rest/v8.0/login-sessions"
}
MSG:
Request failed: urlopen error _ssl.c:1112: The handshake operation timed out
VLAN Role
- name: Configure VLANs - (HPE)
arubanetworks.aos_switch.arubaoss_vlan:
provider: '{{ hpe_provider }}'
command: config_vlan
config: create
name: '{{ item.name }}'
vlan_id: '{{ item.tag }}'
status: VS_PORT_BASED
vlantype: VT_STATIC
query_max_response_time: 20
robustness: 5
loop: '{{ vlans }}'
notify: Write configuration - (HPE)
Ansible version
ansible --version
ansible [core 2.12.4]
config file = /ansible/elkem/ansible.cfg
configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/ansible/.local/lib/python3.9/site-packages/ansible
ansible collection location = /home/ansible/.ansible/collections:/usr/share/ansible/collections
executable location = /home/ansible/.local/bin/ansible
python version = 3.9.5 (default, Nov 24 2021, 21:19:13) [GCC 10.3.1 20210424]
jinja version = 3.1.1
libyaml = True
Connection variables
---
# Login variables - SSH/CLI
ansible_user: '{{ vault_ansible_user }}'
ansible_pass: '{{ vault_ansible_pass }}'
ansible_ssh_user: '{{ ansible_user }}'
ansible_ssh_pass: '{{ ansible_pass }}'
# Login variables - REST API
hpe_provider:
username: '{{ vault_ansible_user }}'
password: '{{ vault_ansible_pass }}'
host: '{{ inventory_hostname }}'
use_ssl: true
# Connection variables
ansible_connection: local # REST API
# ansible_connection: ansible.netcommon.network_cli # SSH/CLI
ansible_network_os: arubanetworks.aos_switch.arubaoss
Hi @borgermeister,
What aos switch release ?
What firmware ?
do you have check switch REST API log ?
How many vlan do you want add ?
do you have try with HTTP ? (HTTPS can be very slow on this switch...)
Hi
I'm running aos_switch version 1.5.0 and this switch is running firmware version YC.16.11.0005.
I'm aware that HTTPS agains this switch model is pretty slow but HTTP is sadly not an option. The VLAN variable file contains around 30 VLANs so it is not that much.
It is not only provisioning of VLAN that are unstable. I also try to push out some global settings with arubaoss_dns, arubaoss_ntp and arubaoss_snmp and here I also experience handshake timeouts.
The workaround I am using is arubaoss_config and override ansible_connection with ansible_netcommon_network_cli It works but the VLAN-playbook is then not idempotency and every VLAN gets configured every time.
Hello,
I have the same problem with one difference : Despite "use_ssl" at "True", provider no use SSL and tcpdump show regular http exchange.
The switches are two 2930F stacked. This is a lab and switches has been reset before try use Ansible.
Result of playbook (I don't understand why use_ssl is set twice with different value, documentation don't explain that) :
<192.168.18.20> Using network group action arubanetworks.aos_switch.arubaoss for arubanetworks.aos_switch.arubaoss_vlan Loading collection ansible.netcommon from /root/.ansible/collections/ansible_collections/ansible/netcommon connection transport is aossapi for 192.168.18.20 None is not valid api version.using aossapi v6.0 instead <192.168.18.20> ESTABLISH LOCAL CONNECTION FOR USER: root <192.168.18.20> EXEC /bin/sh -c 'echo ~root && sleep 0' <192.168.18.20> EXEC /bin/sh -c '( umask 77 && mkdir -p "
echo /root/.ansible/tmp"&& mkdir "echo /root/.ansible/tmp/ansible-tmp-1681907182.7229478-1732688-3459823066963" && echo ansible-tmp-1681907182.7229478-1732688-3459823066963="echo /root/.ansible/tmp/ansible-tmp-1681907182.7229478-1732688-3459823066963" ) && sleep 0' redirecting module_util ansible.module_utils.network.common.utils to ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils Including module_utils file ansible/init.py Including module_utils file ansible/module_utils/init.py Including module_utils file ansible/module_utils/_text.py Including module_utils file ansible/module_utils/basic.py Including module_utils file ansible/module_utils/common/_collections_compat.py Including module_utils file ansible/module_utils/common/init.py Including module_utils file ansible/module_utils/common/_json_compat.py Including module_utils file ansible/module_utils/common/_utils.py Including module_utils file ansible/module_utils/common/arg_spec.py Including module_utils file ansible/module_utils/common/file.py Including module_utils file ansible/module_utils/common/locale.py Including module_utils file ansible/module_utils/common/parameters.py Including module_utils file ansible/module_utils/common/collections.py Including module_utils file ansible/module_utils/common/process.py Including module_utils file ansible/module_utils/common/sys_info.py Including module_utils file ansible/module_utils/common/text/converters.py Including module_utils file ansible/module_utils/common/text/init.py Including module_utils file ansible/module_utils/common/text/formatters.py Including module_utils file ansible/module_utils/common/validation.py Including module_utils file ansible/module_utils/common/warnings.py Including module_utils file ansible/module_utils/compat/selectors.py Including module_utils file ansible/module_utils/compat/init.py Including module_utils file ansible/module_utils/compat/_selectors2.py Including module_utils file ansible/module_utils/compat/selinux.py Including module_utils file ansible/module_utils/distro/init.py Including module_utils file ansible/module_utils/distro/_distro.py Including module_utils file ansible/module_utils/errors.py Including module_utils file ansible/module_utils/parsing/convert_bool.py Including module_utils file ansible/module_utils/parsing/init.py Including module_utils file ansible/module_utils/pycompat24.py Including module_utils file ansible/module_utils/six/init.py Including module_utils file ansible_collections/arubanetworks/aos_switch/plugins/module_utils/arubaoss.py Including module_utils file ansible/module_utils/connection.py Including module_utils file ansible/module_utils/common/json.py Including module_utils file ansible/module_utils/network/common/utils/init.py Including module_utils file ansible/module_utils/network/init.py Including module_utils file ansible/module_utils/network/common/init.py Including module_utils file ansible/module_utils/urls.py Including module_utils file ansible/module_utils/compat/typing.py Including module_utils file ansible_collections/init.py Including module_utils file ansible_collections/ansible/netcommon/plugins/module_utils/network/common/utils.py Including module_utils file ansible_collections/ansible/init.py Including module_utils file ansible_collections/ansible/netcommon/init.py Including module_utils file ansible_collections/ansible/netcommon/plugins/init.py Including module_utils file ansible_collections/ansible/netcommon/plugins/module_utils/init.py Including module_utils file ansible_collections/ansible/netcommon/plugins/module_utils/network/init.py Including module_utils file ansible_collections/ansible/netcommon/plugins/module_utils/network/common/init.py Including module_utils file ansible_collections/arubanetworks/init.py Including module_utils file ansible_collections/arubanetworks/aos_switch/init.py Including module_utils file ansible_collections/arubanetworks/aos_switch/plugins/init.py Including module_utils file ansible_collections/arubanetworks/aos_switch/plugins/module_utils/init.py Using module file /root/.ansible/collections/ansible_collections/arubanetworks/aos_switch/plugins/modules/arubaoss_vlan.py <192.168.18.20> PUT /root/.ansible/tmp/ansible-local-1732626okcz420y/tmp_1m1fllr TO /root/.ansible/tmp/ansible-tmp-1681907182.7229478-1732688-3459823066963/AnsiballZ_arubaoss_vlan.py <192.168.18.20> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1681907182.7229478-1732688-3459823066963/ /root/.ansible/tmp/ansible-tmp-1681907182.7229478-1732688-3459823066963/AnsiballZ_arubaoss_vlan.py && sleep 0' <192.168.18.20> EXEC /bin/sh -c '/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1681907182.7229478-1732688-3459823066963/AnsiballZ_arubaoss_vlan.py && sleep 0' <192.168.18.20> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1681907182.7229478-1732688-3459823066963/ > /dev/null 2>&1 && sleep 0' fatal: [test]: FAILED! => { "changed": false, "invocation": { "module_args": { "acl_direction": null, "acl_id": null, "acl_type": "AT_STANDARD_IPV4", "api_version": "v6.0", "command": "config_vlan", "config": "create", "helper_addresses": "", "host": "192.168.18.20", "igmp_version": 2, "interval": 125, "ip_address_mode": "IAAM_STATIC", "is_dhcp_server_enabled": false, "is_dsnoop_enabled": false, "is_igmp_enabled": false, "is_jumbo_enabled": false, "is_management_vlan": false, "is_querier_enabled": true, "is_voice_enabled": false, "last_member_query_interval": 1, "name": "vlan400", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "port": 80, "port_id": "", "port_mode": "POM_UNTAGGED", "provider": { "api_version": null, "host": "192.168.18.20", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "port": 80, "ssh_keyfile": null, "timeout": 30, "transport": "aossapi", "use_proxy": false, "use_ssl": false, "username": "admin", "validate_certs": false }, "qos_policy": null, "query_max_response_time": 10, "robustness": 2, "ssh_keyfile": null, "status": "VS_PORT_BASED", "timeout": 30, "use_ssl": true, "username": "admin", "validate_certs": false, "version": "IAV_IP_V4", "vlan_id": 400, "vlan_ip_address": "", "vlan_ip_mask": "", "vlantype": "VT_STATIC" } }, "msg": "Request failed: <urlopen error _ssl.c:880: The handshake operation timed out>", "status": -1, "url": "https://192.168.18.20:80/rest/v6.0/login-sessions" }
Host file :
all:
hosts:
test:
ansible_host: 192.168.18.20
ansible_user: admin
ansible_password: password
ansible_connection: local
ansible_network_os: arubanetworks.aos_switch.arubaoss
Playbook :
- hosts: test
collections:
- arubanetworks.aos_switch
tasks:
- name: Create VLAN 300
arubanetworks.aos_switch.arubaoss_vlan:
vlan_id: 400
name: "vlan400"
config: "create"
command: config_vlan
api_version: v6.0
use_ssl: True
tcpdump :
tcpdump -nn host 192.168.18.20 dropped privs to tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes 14:26:24.648799 IP 192.168.10.102.47838 > 192.168.18.20.80: Flags [S], seq 1443249027, win 29200, options [mss 1460,sackOK,TS val 91717330 ecr 0,nop,wscale 7], length 0 14:26:24.650381 IP 192.168.18.20.80 > 192.168.10.102.47838: Flags [S.], seq 3645016968, ack 1443249028, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK,nop,nop,TS val 85390210 ecr 91717330], length 0 14:26:24.650595 IP 192.168.10.102.47838 > 192.168.18.20.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 91717332 ecr 85390210], length 0 14:26:24.651191 IP 192.168.10.102.47838 > 192.168.18.20.80: Flags [P.], seq 1:518, ack 1, win 229, options [nop,nop,TS val 91717333 ecr 85390210], length 517: HTTP 14:26:24.651665 IP 192.168.18.20.80 > 192.168.10.102.47838: Flags [.], ack 518, win 33304, options [nop,nop,TS val 85390210 ecr 91717333], length 0 14:26:24.761829 IP 192.168.18.20.80 > 192.168.10.102.47838: Flags [.], ack 518, win 33304, options [nop,nop,TS val 85390210 ecr 91717333], length 0 14:26:34.658539 IP 192.168.10.102.47838 > 192.168.18.20.80: Flags [F.], seq 518, ack 1, win 229, options [nop,nop,TS val 91727340 ecr 85390210], length 0 14:26:34.659204 IP 192.168.18.20.80 > 192.168.10.102.47838: Flags [.], ack 519, win 33304, options [nop,nop,TS val 85390210 ecr 91727340], length 0 14:26:34.659840 IP 192.168.18.20.80 > 192.168.10.102.47838: Flags [F.], seq 1, ack 519, win 33303, options [nop,nop,TS val 85390210 ecr 91727340], length 0 14:26:34.659950 IP 192.168.10.102.47838 > 192.168.18.20.80: Flags [.], ack 2, win 229, options [nop,nop,TS val 91727341 ecr 85390210], length 0 10 packets captured 10 packets received by filter
Config on switches
SW39STACK01(config)# show running-config
Running configuration:
; hpStack_WC Configuration Editor; Created on release #WC.16.11.0008
; Ver #14:67.6f.f8.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:44
hostname "SW39STACK01"
vsf
enable domain 1
member 1
type "JL261A" mac-address 94f128-7dd2c0
priority 128
link 1 1/17-1/18
link 1 name "I-Link1_1"
link 2 name "I-Link1_2"
exit
member 2
type "JL261A" mac-address 94f128-7de220
priority 128
link 1 2/17-2/18
link 1 name "I-Link1_1"
link 2 name "I-Link1_2"
exit
port-speed 1g
exit
no telnet-server
web-management ssl
ip default-gateway 192.168.18.254
snmp-server community "public"
vlan 1
name "DEFAULT_VLAN"
untagged 1/1-1/16,1/19-1/28,2/1-2/16,2/19-2/28
ip address dhcp-bootp
ipv6 enable
ipv6 address dhcp full
exit
vlan 1520
name "MGR"
tagged 1/19
ip address 192.168.18.20 255.255.255.0
exit
password manager
SW39STACK01(config)# show rest-interface
REST Interface - Server Configuration
REST Interface : Enabled
REST Operational Status : Up
REST Session Idle Timeout : 600 seconds
HTTP Access : Enabled
HTTPS Access : Enabled
SSL Port : 443
