arubaoss_acl_policy module throws errors on

Question

arubaoss_acl_policy module throws errors on

Opened this issue a year ago · 0 comments

ansible 2.13.11
arubanetworks.aos_switch 1.7.0

The switch is an Aruba JL075A 3810M-16SFP+
Code is 16.11.0013

My ansible_connection variable is set to local, and I have NETWORK_GROUP_MODULES=arubaoss in my ansible.cfg.

I'm building a playbook using the arubaoss_acl_policy, and looping through items to create an ACL with multiple ACE's. The playbook randomly times out sometimes.

Here is my items:

acl_entries:
      - { dstip: '10.0.0.1', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 1' }
      - { dstip: '10.0.0.2', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 2' }
      - { dstip: '10.0.0.3', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 3' }
      - { dstip: '10.0.0.4', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 4' }
      - { dstip: '10.0.0.5', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 5' }
      - { dstip: '10.0.0.6', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 6' }
      - { dstip: '10.0.0.7', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 7' }
      - { dstip: '10.0.0.8', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 8' }
      - { dstip: '10.0.0.9', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 9' }
      - { dstip: '10.0.0.10', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 10' }
      - { dstip: '10.0.0.11', dstmask: '0.0.0.0', action: 'AA_PERMIT', proto: 'PT_IP', remark: 'Test 11' }
      - { dstip: '0.0.0.0', dstmask: '255.255.255.255', action: 'AA_DENY', proto: 'PT_IP', remark: 'Test 12' }

Here's my task:

- name: Create Access Control Entry
      arubaoss_acl_policy:
        use_ssl: True
        port: '443'
        api_version: v6.0
        acl_name: "{{ acl_name }}"
        source_ip_address: "0.0.0.0"
        source_ip_mask: "255.255.255.255"
        destination_ip_address: "{{ item.dstip }}"
        destination_ip_mask: "{{ item.dstmask }}"
        acl_action: "{{ item.action }}"
        protocol_type: "{{ item.proto }}"
        acl_type: AT_EXTENDED_IPV4
        remark: "{{ item.remark }}"
      loop: "{{ acl_entries }}"
      loop_control:
        loop_var: item

I have the API version, use_ssl, and port set because I cannot have HTTP enabled in my environment.

Here is some output from running the play:

changed: [switch-name-removed] => (item={'dstip': '10.0.0.1', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 1'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.2', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 2'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.3', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 3'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.4', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 4'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.5', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 5'})
failed: [switch-name-removed] (item={'dstip': '10.0.0.6', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 6'}) => {"ansible_loop_var": "item", "changed": false, "item": {"action": "AA_PERMIT", "dstip": "10.0.0.6", "dstmask": "0.0.0.0", "proto": "PT_IP", "remark": "Test 6"}, "msg": "Request failed: <urlopen error _ssl.c:1114: The handshake operation timed out>", "status": -1, "url": "https://switch-name-removed.company.org:443/rest/v8.0/login-sessions"}
changed: [switch-name-removed] => (item={'dstip': '10.0.0.7', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 7'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.8', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 8'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.9', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 9'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.10', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 10'})
changed: [switch-name-removed] => (item={'dstip': '10.0.0.11', 'dstmask': '0.0.0.0', 'action': 'AA_PERMIT', 'proto': 'PT_IP', 'remark': 'Test 11'})
failed: [switch-name-removed] (item={'dstip': '0.0.0.0', 'dstmask': '255.255.255.255', 'action': 'AA_DENY', 'proto': 'PT_IP', 'remark': 'Test 12'}) => {"ansible_loop_var": "item", "changed": false, "item": {"action": "AA_DENY", "dstip": "0.0.0.0", "dstmask": "255.255.255.255", "proto": "PT_IP", "remark": "Test 12"}, "msg": "Request failed: <urlopen error _ssl.c:1114: The handshake operation timed out>", "status": -1, "url": "https://switch-name-removed.company.org:443/rest/v6.0/login-sessions"}

Running with -vvvv doesn't give me any more info beyond "The handshake operation timed out"

It also doesn't always fail on the same lines. Sometimes the same lines will fail, sometimes it's different ones.

I have also tried adding a pause in the loop_control, and it doesn't make a difference.