aruboss_file_transfer using https
Opened this issue · 4 comments
How do I make the switch trust my SSL certificate where the OS image is located? I'm trying to use arubaoss_file_transfer and https and it's failing. I'm getting "status": "FTS_CONN_FAILED", "result": "Peer unreachable." error message. I think it's because the switch doesn't trust the SSL certificate. I'm testing on a 3810M switch on KB.16.10.0015 image. I didn't find a command in the cli to use https to transfer file.
Hi,
What the playbook ?
What do you have on the log ? (you can enable debug rest on cli)
Do you have check the web server log ? it is self signed certificate or public certificate ?
Do you have try to include CA on the switch ?
Playbook
-
hosts: all
gather_facts: False
vars:
new_os_version: "16_11_0004"
collections:
- arubanetworks.aos_switch
- ansible.netcommon
tasks:
- name: Retrieve platform
arubaoss_facts:
gather_subset: ['host_system_info']
provider:
host: "{{ ansible_host }}"
use_ssl: true
register: facts_output- name: Transfer KB image arubaoss_file_transfer: file_url: "http://fileserver.netops.uth.edu/images/KB_{{ new_os_version }}.swi" file_type: "FTT_FIRMWARE" action: "FTA_DOWNLOAD" boot_image: "BI_PRIMARY_IMAGE" provider: host: "{{ ansible_host }}" use_ssl: true when: facts_output.ansible_facts.ansible_net_host_system_info.firmware_version is search("KB.")
Output from Ansible
{
"msg": "image transfer failed with code: FTS_CONN_FAILED",
"total_time": 1,
"invocation": {
"module_args": {
"file_url": "https://fileserver.netops.uth.edu/images/KB_16_11_0004.swi",
"file_type": "FTT_FIRMWARE",
"action": "FTA_DOWNLOAD",
"boot_image": "BI_PRIMARY_IMAGE",
"provider": {
"host": "10.18.253.95",
"username": "switchapi",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"use_proxy": false,
"transport": "aossapi",
"validate_certs": false,
"api_version": "None",
"port": null,
"ssh_keyfile": null,
"use_ssl": null,
"timeout": null
},
"use_ssl": true,
"copy_iter": 20,
"validate_certs": false,
"api_version": "v7.0",
"show_tech_option": null,
"host": "10.18.253.95",
"port": null,
"username": "switchapi",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"ssh_keyfile": null,
"timeout": null
}
},
"_ansible_no_log": false,
"changed": false
}
Logs from the switch:
I 05/20/22 15:29:43 00159 update: FT file transfer failed
W 05/20/22 15:29:43 04186 http: Connection to
https://fileserver.netops.uth.edu/images/KB_16_11_0004.swi failed
(server response 0).
When I use http, it works. I see in the firewall logs the switch attempts to use https and it's allow through the firewall.
I don't know how to "include CA on the switch". This is my question. I tried to create 3 new ta_profiles and copy the CA to them. I created 3 because 1 root and 2 intermediaries. The are INCOMMON profiles below. Is this right?
uct-m60lab-playground# sh crypto pki ta-profile
Profile Name Profile Status CRL Configured OCSP Configured
IDEVID_ROOT Root Certificate Installed
AAA Certific... Root Certificate Installed No No
default Self-signed Certificate Ins... No No
GEOTRUST_CA Root Certificate Installed No No
ARUBA_CA Root Certificate Installed No No
COMODO_RSA_CA Root Certificate Installed No No
AddTrust Ext... Root Certificate Installed No No
USERTrust RS... Root Certificate Installed No No
INCOMMON_INTER1 Root Certificate Installed No No
INCOMMON_CA Root Certificate Installed No No
INCOMMON_INTER2 Root Certificate Installed No No
I just notice in the switch log, the switch is trying to use http and the url starts with https.
I just notice in the switch log, the switch is trying to use http and the url starts with https.
Need to check if upgrade via HTTPS is supported...