Managing backups across mixed Aruba environments? Whether you're running the modern Aruba CX (AOS-CX) or older AOS switches, Ansible provides a flexible way to automate configuration snapshotsโwithout logging into each device manually.
Goal
Connect to both Aruba CX and legacy AOS switches via SSH and back up their current configurations to structured text files.
๐ Step 1: Use a Structured Inventory
Create an inventory.ini with groupings for each platform:
[aruba_cx]
cx-switch-1
cx-switch-2
[aruba_aos]
aos-switch-1
aos-switch-2
[aruba_cx:vars]
ansible_connection=network_cli
ansible_network_os=arubanetworks.aoscx.aoscx
ansible_user={{ vault_username }}
ansible_password={{ vault_password }}
[aruba_aos:vars]
ansible_connection=network_cli
ansible_user={{ vault_username }}
ansible_password={{ vault_password }}
ansible_become=yes
ansible_become_method=enable
ansible_become_password=
ansible_ssh_common_args='-o KexAlgorithms=+diffie-hellman-group14-sha1'๐ Step 2: Backup Playbook
This playbook handles both switch types using conditional logic and the appropriate command module:
- name: Backup running configs from Aruba switches
hosts: aruba_cx:aruba_aos
gather_facts: no
tasks:
- name: Get config from Aruba CX
when: "'aoscx' in ansible_network_os"
arubanetworks.aoscx.aoscx_command:
commands: show running-config
register: cx_output
- name: Get config from Aruba AOS (fallback using raw module)
when: "'aruba_aos' in group_names"
raw: show running-config
register: aos_output
ignore_errors: yes
- name: Save config to file (CX)
when: cx_output is defined
copy:
content: "{{ cx_output.stdout[0] }}"
dest: "./backups/{{ inventory_hostname }}.txt"
- name: Save config to file (AOS)
when: aos_output is defined
copy:
content: "{{ aos_output.stdout[0] }}"
dest: "./backups/{{ inventory_hostname }}.txt"โถ๏ธ Step 3: Run the Backup
Run the playbook while limiting concurrency to avoid AD lockouts:
ansible-playbook backup.yml -i inventory.ini -f 2๐ Step 4: Secure Credentials with Vault
Store your login details safely with ansible-vault. Create vault.yml:
vault_username: netadmin
vault_password: SuperSecurePassword
vault_enable_password: EnablePasswordIfNeededThen reference it in the playbook via:
vars_files:
- group_vars/aruba_aos/vault.ymlKey Benefits
- Mixed platform support: Handles both CX and AOS switches in one playbook
- Conditional logic: Uses appropriate modules for each platform
- Error handling: Continues backup process even if some devices fail
- Secure credentials: Uses Ansible Vault for password protection
- Concurrency control: Limits simultaneous connections to prevent AD lockouts
This approach provides a clean, maintainable solution for backing up mixed Aruba environments. The conditional logic ensures each platform gets the right treatment while keeping everything in a single, manageable playbook.