Closed cjuhlin closed 4 years ago
Is there a timeline until this gets put into dev?
This is my code and output. Can you help me identify what's wrong?
hosts: localhost connection: local
roles:
tasks:
name: include login variables (free-form) include_vars: vars_login.yml
name: search for shared address object panos_object_facts: provider: ip_address: '{{ mgmt_ip }}' username: '{{ admin_username }}' password: '{{ admin_password }}' object_type: 'address' value: '192.168.0.34' register: results
debug: msg='{{ results }}'
fatal: [localhost]: FAILED! => { "changed": false, "invocation": { "module_args": { "object_type": "address", "provider": { "ip_address": "192.168.0.35", "password": "password", "username": "dave" }, "value": "192.168.0.34" } }, "msg": "Unsupported parameters for (panos_object_facts) module: value Supported parameters include: api_key, device_group, ip_address, name, name_regex, object_type, password, port, provider, username, vsys" }
This is my code and output. Can you help me identify what's wrong?
Which branch did you test with ? To get it to work you need to use my branch until they have accept my merge request.
I'm sorry, maybe I'm missing it, but I don't see in your branch the search ip address. I see the search object though. Thanks.
I'm using your branch, I cloned it from your link you provided. I believe I am also running into the issue GrayBeard80 is. I copied your example and modified it for my environment but it doesn't seem to like the value: '192.168.0.0/24' portion.
So I'm unable to search for an object by IP address.
This is the error I get, and in the error output I don't see 'value' specified there under supported parameters, not sure if that's relevant or not.
fatal: [PA1]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (panos_object_facts) module: value Supported pae_group, ip_address, name, name_regex, object_type, password, port, provider, username, vsys"}
snippet of my task:
Am I using it wrong?
I tried my branch in it's own new virtual-env and no problem .
git clone https://github.com/nebi/ansible-pan
- name: Find some objects on the firewall
hosts: all
connection: local
gather_facts: False
vars:
ansible_python_interpreter: $HOME/venv/ansible-test/bin/python3
vars_files:
- vars/vault.yml
roles:
- role: ansible-pan
tasks:
- name: Get all address object on the firewall
panos_object_facts:
provider: '{{ panos_provider }}'
object_type: 'address'
value_regex: '.*'
register: result
- name: Print out all address object
debug: msg='{{ result }}'
- name: Find a prefix in address object on the firewall
panos_object_facts:
provider: '{{ panos_provider }}'
object_type: 'address'
value: '1.1.1.1/32'
register: result
- name: Print out address object with matched prefix
debug: msg='{{ result }}'
PLAY [Find some objects on the firewall] ****************************************************************************************************************************************************************************************************************************
TASK [ansible-pan : Install pan-python required library] **** ok: [testfw]
TASK [ansible-pan : Install pandevice required library] ***** ok: [testfw]
TASK [ansible-pan : Install xmltodict required library] ***** ok: [testfw] [WARNING]: Found internal 'results' key in module return, renamed to 'ansible_module_results'.
TASK [Get all address object on the firewall] *** ok: [testfw]
TASK [Print out all address object] ***** ok: [testfw] => msg: ansible_module_results: {} changed: false failed: false objects:
TASK [Find a prefix in address object on the firewall] ** ok: [testfw]
TASK [Print out address object with matched prefix] ***** ok: [testfw] => msg: ansible_module_results: {} changed: false failed: false objects:
PLAY RECAP ** testfw : ok=7 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
2. moved folder into roles folder
Can you expand on step 2? you moved the ansible-pan folder into roles folder of your branch?
I have that same question too as well as what your 'panos_provider' variable is.
sorry, nevermind, I figured out 'provider'
Well I got it to work. I tried to just use the regex task to see if that would work, and it successfully pulled all the objects. I then changed "value_regex" to just value and put in an IP "value: '192.168.1.2' and it returned the object with that IP. I will say though there seems to be some issues with the IP scheme, palo alto lets you enter in either just an IP or an IP and netmask, for instance either "192.168.1.2" or "192.168.1.2/32" and both are valid addressing schemes. What I have found with this build is that if I have an object with the IP of "192.168.1.2/32" and in the playbook I use value: '192.168.1.2' it returns empty results. If I were to use value: '192.168.1.2/32' it works as it should.
Like the title saids. To search after IP instead of name in Addresses. Instead of using name/name_regex you use value/value_regex. It will also solve issue number #66
Exemple :
output :
Or with value_regex :
Output :