From db0959b4f81d05ab5e12c3c1b9412f03efa85f3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Ch=C3=A9ramy?= Date: Wed, 20 Nov 2024 19:53:45 +0100 Subject: [PATCH] Add model for Aruba Instant - Split model Arubainstant from AOS 8 (aosw) - Add a Unit test - Document HPE Aruba Models - Closes #3057 --- CHANGELOG.md | 1 + docs/Model-Notes/HPEAruba.md | 31 +++ docs/Supported-OS-Types.md | 5 +- .../device-simulation/cmdsets/arubainstant | 5 + .../arubainstant_IAP515_8.10.0.6_VWLC.yaml | 213 ++++++++++++++++++ lib/oxidized/model/arubainstant.rb | 90 ++++++++ spec/model/arubainstant_spec.rb | 39 ++++ 7 files changed, 382 insertions(+), 2 deletions(-) create mode 100644 docs/Model-Notes/HPEAruba.md create mode 100644 examples/device-simulation/cmdsets/arubainstant create mode 100644 examples/device-simulation/yaml/arubainstant_IAP515_8.10.0.6_VWLC.yaml create mode 100644 lib/oxidized/model/arubainstant.rb create mode 100644 spec/model/arubainstant_spec.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 2bc07b8c1..962151d47 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). - container-image: install x25519 gem package to support more ssh kex. Fixes #3070 (@benasse) - os6: Added support to Dell EMC Networking OS6 (@anubisg1) - Update net-ssh to 7.3 to enable support for aes(128|256)gcm. Fixes #3168 (@jacobw) +- model for HPE Aruba Networking Instant Mode (Aruba Instant). Fixes #3057 (@robertcheramy) ### Changed - h3c: change prompt to expect either angle (user-view) or square (system-view) brackets (@nl987) diff --git a/docs/Model-Notes/HPEAruba.md b/docs/Model-Notes/HPEAruba.md new file mode 100644 index 000000000..6bdf611f0 --- /dev/null +++ b/docs/Model-Notes/HPEAruba.md @@ -0,0 +1,31 @@ +# HPE Aruba Networking devices +HPE Aruba offers various networking devices with different operating systems. + +## HPE Aruba Networking Instant Mode (Aruba Instant) +[Aruba Instant](https://www.arubanetworks.com/techdocs/ArubaDocPortal/content/cons-instant-home.htm) +runs on IAPs (Instant Access points). + +The Oxidized model is [ArubaInstant](/lib/oxidized/model/arubainstant.rb). +When run on the virtual WLAN controller, it will also collect the list of the +WLAN-AP linked to the controller. + +The aosw model for AOS 8 used to be used for Aruba Instant, but it does not work +as well and may stop working in the future. + +## HPE Aruba Networking Wireless Operating System 8 (AOS 8) +[AOS 8](https://www.arubanetworks.com/techdocs/ArubaDocPortal/content/cons-aos-home.htm) +runs on WLAN controllers (mobility controllers) and controller-managed access +points. + +The Oxidized model is [aosw](/lib/oxidized/model/aosw.rb). + +## HPE Aruba Networking CX Switch Operating System (AOS-CX) +[AOS-CX](https://www.arubanetworks.com/techdocs/AOS-CX/help_portal/Content/home.htm) +is the operating system for the newer CX-Series. + +The Oxidized model is [aoscx](/lib/oxidized/model/aoscx.rb). + +## Older Models +Older Devices like ProCurve or 3Com/Comware are listed under the Vendor "HP" in +the [Supported OS Types](docs/Supported-OS-Types.md) list. + diff --git a/docs/Supported-OS-Types.md b/docs/Supported-OS-Types.md index 3c21d0ae0..817d4260e 100644 --- a/docs/Supported-OS-Types.md +++ b/docs/Supported-OS-Types.md @@ -20,8 +20,9 @@ |Arbor Networks |ArbOS |[arbos](/lib/oxidized/model/arbos.rb) | |[ArbOS](Model-Notes/ArbOS.md) |Arista |EOS |[eos](/lib/oxidized/model/eos.rb) | |[EOS](Model-Notes/EOS.md) |Arris |C4CMTS |[c4cmts](/lib/oxidized/model/c4cmts.rb) -|Aruba |AOS-CX |[aoscx](/lib/oxidized/model/aoscx.rb) |@robertcheramy -| |AOSW |[Aaosw](/lib/oxidized/model/aosw.rb) +|Aruba |AOS-CX |[aoscx](/lib/oxidized/model/aoscx.rb) |@robertcheramy |[HPE Aruba](Model-Notes/HPEAruba.md) +| |AOSW |[aosw](/lib/oxidized/model/aosw.rb) |[HPE Aruba](Model-Notes/HPEAruba.md) +| |ArubaInstant |[arubainstant](/lib/oxidized/model/arubainstant.rb)|@robertcheramy |[HPE Aruba](Model-Notes/HPEAruba.md) |Asterfusion |AsterNOS |[asternos](/lib/oxidized/model/asternos.rb) |AudioCodes |AudioCodes |[audiocodes](/lib/oxidized/model/audiocodes.rb) | |MediaPack MP-1xx, Mediant1000 |[audiocodesmp](/lib/oxidized/model/audiocodesmp.rb) diff --git a/examples/device-simulation/cmdsets/arubainstant b/examples/device-simulation/cmdsets/arubainstant new file mode 100644 index 000000000..479a86f36 --- /dev/null +++ b/examples/device-simulation/cmdsets/arubainstant @@ -0,0 +1,5 @@ +show version +show activate status +show aps +show running-config no-encrypt +exit diff --git a/examples/device-simulation/yaml/arubainstant_IAP515_8.10.0.6_VWLC.yaml b/examples/device-simulation/yaml/arubainstant_IAP515_8.10.0.6_VWLC.yaml new file mode 100644 index 000000000..ae30d936a --- /dev/null +++ b/examples/device-simulation/yaml/arubainstant_IAP515_8.10.0.6_VWLC.yaml @@ -0,0 +1,213 @@ +--- +init_prompt: |- + + show tech-support and show tech-support supplemental are the two most useful outputs to collect for any kind of troubleshooting session. + + OXRO-AP111117#\x20 +commands: + show version: |- + show version + Aruba Operating System Software. + ArubaOS (MODEL: 515), Version 8.10.0.6 LSR + Website: http://www.arubanetworks.com + (c) Copyright 2023 Hewlett Packard Enterprise Development LP. + Compiled on 2023-02-14 at 18:20:29 PST (build 86193) by jenkins + FIPS Mode :disabled + + AP uptime is 2 days 16 hours 32 minutes 26 seconds + Reboot Time and Cause: AP rebooted Fri Nov 15 14:59:50 UTC 2024; UI cmd at uptime 94D 5H 6M 31S: reload + OXRO-AP111117#\x20 + show activate status: |- + show activate status + \r + IAP MAC Address :54:d7:e3:00:11:22 + IAP Serial Number :CNQHAAAAAM + Cloud Activation Key : + Activate Server :device.arubanetworks.com + Activate Status :connection-failed + Activate fail reason :dns error + Provision interval :5 minutes + OXRO-AP111117#\x20 + show aps: |- + show aps + \r + 4 Access Points + --------------- + Name IP Address Mode Spectrum Clients Type IPv6 Address Mesh Role Zone Serial # radio0 Channel radio0 Power (dBm) radio0 Utilization (%) radio0 Noise Floor (dBm) radio1 Channel radio1 Power (dBm) radio1 Utilization (%) radio1 Noise Floor (dBm) radio2 Channel radio2 Power (dBm) radio2 Utilization (%) radio2 Noise Floor (dBm) Need Antenna Config From Port Config Id Config Csum Ext SSID Active Age Link Local IP Address Uplink Port Hierarchy Mode Crash Info \x20 + ---- ---------- ---- -------- ------- ---- ------------ --------- ---- -------- -------------- ------------------ ---------------------- ------------------------ -------------- ------------------ ---------------------- ------------------------ -------------- ------------------ ---------------------- ------------------------ ------------------- --------- --------- ----------- --------------- --- --------------------- ----------- -------------- ---------- \x20 + OXRO-AP111117 10.100.42.237* access enable 0 515(indoor) -- N/A - CNQHAAAAAM 36+ 18 3(good) -93(good) 1 9 7(good) -94(good) - - - - No none 0 1721 enable 2d:16h:30m:30s -- eth0 member No \x20 + OXRO-AP122229 10.100.42.242 access enable 0 315(indoor) -- N/A - CNK9AAAAAN 44+ 18 3(good) -89(good) 6 9 11(good) -86(ok) - - - - No none 0 1721 enable 2d:16h:30m:13s -- eth0 member No \x20 + OXRO-AP111118 10.100.42.241 access enable 0 515(indoor) -- N/A - CNQHAAAAAW 100+ 18 6(good) -90(good) 11 7 12(good) -95(good) - - - - No none 0 1721 enable 2d:16h:30m:9s -- eth0 member Yes \x20 + OXRO-AP122223 10.100.42.238 access enable 0 315(indoor) -- N/A - CNH6AAAAA6 60+ 18 3(good) -92(good) 11 6 14(good) -91(good) - - - - No none 0 1721 enable 2d:16h:26m:45s -- eth0 member No \x20 + OXRO-AP111117#\x20 + show running-config no-encrypt: |- + show running-config no-encrypt + version 8.10.0.0-8.10.0 + syslocation OXIDIZED + virtual-controller-country DE + virtual-controller-key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC + name OXIDIZED-VC + organization Oxidized-Rocks + virtual-controller-ip 10.100.42.254 + syslog-server 10.10.42.11 \x20 + terminal-access + ntp-server 10.10.42.123 + clock timezone Berlin 01 00 + clock summer-time CEST recurring last sunday march 02:00 last sunday october 03:00 + rf-band all + dynamic-radius-proxy + + allow-new-aps + + allowed-ap 54:d7:e3:00:11:22 + allowed-ap 54:d7:e3:00:11:24 + allowed-ap 7c:57:3c:00:11:2c + allowed-ap e8:26:89:00:11:26 + + + snmp-server community AAAAAAAAAABBBBBBBBBBCCCCCCCCCC + snmp-server host 10.10.42.12 version 2c AAAAAAAAAABBBBBBBBBBCCCCCCCCCC inform + snmp-server host 10.10.42.13 version 2c AAAAAAAAAABBBBBBBBBBCCCCCCCCCC inform + + + + hash-mgmt-password + hash-mgmt-user oxidized password hash AAAAAAAAAABBBBBBBBBBCCCCCCCCCC + hash-mgmt-user rocks password hash AAAAAAAAAABBBBBBBBBBCCCCCCCCCC usertype read-only + + + wlan access-rule default_wired_port_profile + index 0 + rule any any match any any any permit + + wlan access-rule 123-OXI--ED + utf8 + index 2 + rule any any match any any any permit + + wlan ssid-profile 123-OXI--ED + enable + index 0 + type employee + essid 123-OXI--ED + utf8 + wpa-passphrase AAAAAAAAAABBBBBBBBBBCCCCCCCCCC + opmode wpa2-psk-aes + max-authentication-failures 0 + vlan 123 + dot11k + dot11v + + mgmt-auth-server tacacs2 + mgmt-auth-server tacacs1 + + wlan tacacs-server tacacs1 + ip 10.10.42.21 + key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC + timeout 5 + session-authorization + + wlan tacacs-server tacacs2 + ip 10.10.42.22 + key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC + timeout 5 + session-authorization + + + + OXRO-AP111117#\x20 + exit: |- + exit +oxidized_output: | + # Aruba Operating System Software. + # ArubaOS (MODEL: 515), Version 8.10.0.6 LSR + # Website: http://www.arubanetworks.com + # (c) Copyright 2023 Hewlett Packard Enterprise Development LP. + # Compiled on 2023-02-14 at 18:20:29 PST (build 86193) by jenkins + # FIPS Mode :disabled + #\x20 + #\x20 + # IAP MAC Address :54:d7:e3:00:11:22 + # IAP Serial Number :CNQHAAAAAM + #\x20 + #\x20 + # 4 Access Points + # --------------- + # Name IP Address Type IPv6 Address Serial # + # ---- ---------- ---- ------------ -------- + # OXRO-AP111117 10.100.42.237* 515(indoor) -- CNQHAAAAAM + # OXRO-AP122229 10.100.42.242 315(indoor) -- CNK9AAAAAN + # OXRO-AP111118 10.100.42.241 515(indoor) -- CNQHAAAAAW + # OXRO-AP122223 10.100.42.238 315(indoor) -- CNH6AAAAA6 + #\x20 + version 8.10.0.0-8.10.0 + syslocation OXIDIZED + virtual-controller-country DE + virtual-controller-key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC + name OXIDIZED-VC + organization Oxidized-Rocks + virtual-controller-ip 10.100.42.254 + syslog-server 10.10.42.11 \x20 + terminal-access + ntp-server 10.10.42.123 + clock timezone Berlin 01 00 + clock summer-time CEST recurring last sunday march 02:00 last sunday october 03:00 + rf-band all + dynamic-radius-proxy + + allow-new-aps + + allowed-ap 54:d7:e3:00:11:22 + allowed-ap 54:d7:e3:00:11:24 + allowed-ap 7c:57:3c:00:11:2c + allowed-ap e8:26:89:00:11:26 + + + snmp-server community AAAAAAAAAABBBBBBBBBBCCCCCCCCCC + snmp-server host 10.10.42.12 version 2c AAAAAAAAAABBBBBBBBBBCCCCCCCCCC inform + snmp-server host 10.10.42.13 version 2c AAAAAAAAAABBBBBBBBBBCCCCCCCCCC inform + + + + hash-mgmt-password + hash-mgmt-user oxidized password hash AAAAAAAAAABBBBBBBBBBCCCCCCCCCC + hash-mgmt-user rocks password hash AAAAAAAAAABBBBBBBBBBCCCCCCCCCC usertype read-only + + + wlan access-rule default_wired_port_profile + index 0 + rule any any match any any any permit + + wlan access-rule 123-OXI--ED + utf8 + index 2 + rule any any match any any any permit + + wlan ssid-profile 123-OXI--ED + enable + index 0 + type employee + essid 123-OXI--ED + utf8 + wpa-passphrase AAAAAAAAAABBBBBBBBBBCCCCCCCCCC + opmode wpa2-psk-aes + max-authentication-failures 0 + vlan 123 + dot11k + dot11v + + mgmt-auth-server tacacs2 + mgmt-auth-server tacacs1 + + wlan tacacs-server tacacs1 + ip 10.10.42.21 + key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC + timeout 5 + session-authorization + + wlan tacacs-server tacacs2 + ip 10.10.42.22 + key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC + timeout 5 + session-authorization\n\n\n +# End of YAML file diff --git a/lib/oxidized/model/arubainstant.rb b/lib/oxidized/model/arubainstant.rb new file mode 100644 index 000000000..48f0f1bed --- /dev/null +++ b/lib/oxidized/model/arubainstant.rb @@ -0,0 +1,90 @@ +class ArubaInstant < Oxidized::Model + using Refinements + + # Aruba IAP, Instant Controller + + comment '# ' + prompt(/^[\w\:.@-]+[#>] $/) + + cmd :all do |cfg| + # Remove command echo and prompt + cfg.cut_both + end + + cmd :secret do |cfg| + cfg.gsub!(/ipsec (\S+)$/, 'ipsec ') + cfg.gsub!(/community (\S+)$/, 'community ') + cfg.gsub!(/^(snmp-server host [\d.]+ version 2c) \S+ (.*)$/, '\1 \2') + # MAS format: mgmt-user + # IAP format (root user): mgmt-user + # IAP format: mgmt-user + cfg.gsub!(/mgmt-user (\S+) (root|guest-provisioning|network-operations|read-only|location-api-mgmt) (\S+)$/, 'mgmt-user \1 \2 ') # MAS & Wireless Controler + cfg.gsub!(/mgmt-user (\S+) (\S+)( (read-only|guest-mgmt))?$/, 'mgmt-user \1 \3') # IAP + cfg.gsub!(/key (\S+)$/, 'key ') + cfg.gsub!(/wpa-passphrase (\S+)$/, 'wpa-passphrase ') + cfg.gsub!(/bkup-passwords (\S+)$/, 'bkup-passwords ') + cfg.gsub!(/user (\S+) (\S+) (\S+)$/, 'user \1 \3') + cfg.gsub!(/virtual-controller-key (\S+)$/, 'virtual-controller-key ') + cfg.gsub!(/^(hash-mgmt-user .* password \S+) \S+( usertype .*)?$/, '\1 \2') + cfg + end + + # get software version + cmd 'show version' do |cfg| + out = '' + cfg.each_line do |line| + next if line =~ /^(Switch|AP) uptime is / + + next if line =~ /^Reboot Time and Cause/ + + out += line + end + comment out + end + + # Get serial number + cmd 'show activate status' do |cfg| + out = '' + cfg.each_line do |line| + next if line =~ /^Activate / + + next if line =~ /^Provision interval/ + + next if line =~ /^Cloud Activation Key/ + + out += line + end + comment out + "\n" + end + + # Get controlled WLAN-AP + cmd 'show aps' do |cfg| + out = '' + cfg.each_line do |line| + out += if line.match?(/^Name/) + line.sub(/^(Name +IP Address +).*(Type +IPv6 Address +).*(Serial #).*$/, '\1\2\3') + else + line.sub(/^(\S+ +\S+ +)(?:\S+ +){3}(\S+ +\S+ +)(?:\S+ +){2}(\S+) +.*$/, '\1\2\3') + end + end + comment out + "\n" + end + + cmd 'show running-config no-encrypt' + + cfg :telnet do + username(/^User:\s*/) + password(/^Password:\s*/) + end + + cfg :telnet, :ssh do + if vars :enable + post_login do + cmd "enable", /^[pP]assword:/ + cmd vars(:enable) + end + end + pre_logout 'exit' if vars :enable + pre_logout 'exit' + end +end diff --git a/spec/model/arubainstant_spec.rb b/spec/model/arubainstant_spec.rb new file mode 100644 index 000000000..26421efaf --- /dev/null +++ b/spec/model/arubainstant_spec.rb @@ -0,0 +1,39 @@ +require_relative 'model_helper' + +describe 'model/IOS' do + before(:each) do + init_model_helper + @node = Oxidized::Node.new(name: 'example.com', + input: 'ssh', + model: 'arubainstant') + end + + it "matches different prompts" do + # Virtual controller - ArubaOS (MODEL: 515), Version 8.10.0.7 LSR + _('AAAA-AP123456# ').must_match ArubaInstant.prompt + end + + it 'runs on IAP516 with 8.10.0.6' do + mockmodel = MockSsh.new('examples/device-simulation/yaml/arubainstant_IAP515_8.10.0.6_VWLC.yaml') + Net::SSH.stubs(:start).returns mockmodel + + status, result = @node.run + + _(status).must_equal :success + _(result.to_cfg).must_equal mockmodel.oxidized_output + end + + it 'removes secrets' do + Oxidized.config.vars.remove_secret = true + mockmodel = MockSsh.new('examples/device-simulation/yaml/arubainstant_IAP515_8.10.0.6_VWLC.yaml') + Net::SSH.stubs(:start).returns mockmodel + + status, result = @node.run + + _(status).must_equal :success + _(result.to_cfg).wont_match(/AAAAAAAAAABBBBBBBBBBCCCCCCCCCC/) + _(result.to_cfg).must_match(/snmp-server host 10.10.42.12 version 2c inform/) + _(result.to_cfg).must_match(/hash-mgmt-user oxidized password hash /) + _(result.to_cfg).must_match(/hash-mgmt-user rocks password hash usertype read-only/) + end +end