search

PaloAltoNetworks / pan-os-ansible

Ansible collection for easy automation of Palo Alto Networks next generation firewalls and Panorama, in both physical and virtual form factors.
https://pan.dev/ansible/docs/panos
Apache License 2.0
203 stars 97 forks source link

Ansible playbook using panos_op "Missing required library." #352

Closed rbolze closed 1 year ago

rbolze commented 1 year ago

Describe the bug

Trying the run an existing playbook via Github Actions and the error message is "Missing required library." I cannot figure out which library could be missing. As specify in the docs of panos_op module , the 3 python librairies are installed

Current behavior

The execution of the playbook is returning me (with -vvvv option in command line)

TASK [show list of all interfaces] *********************************************
task path: /opt/actions-runner/_work/playbooks/get_interface_logical.yaml:15
<XX.XX.XX.XX> ESTABLISH LOCAL CONNECTION FOR USER: runners
<XX.XX.XX.XX> EXEC /bin/sh -c 'echo ~runners && sleep 0'
<XX.XX.XX.XX> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/runners/.ansible/tmp `"&& mkdir "` echo /home/runners/.ansible/tmp/ansible-tmp-1668465228.5914114-3653-188195413439237 `" && echo ansible-tmp-1668465228.5914114-3653-188195413439237="` echo /home/runners/.ansible/tmp/ansible-tmp-1668465228.5914114-3653-188195413439237 `" ) && sleep 0'
<FW> Attempting python interpreter discovery
<XX.XX.XX.XX> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'python3.10'"'"'; command -v '"'"'python3.9'"'"'; command -v '"'"'python3.8'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<XX.XX.XX.XX> EXEC /bin/sh -c '/opt/actions-runner/_work/_tool/Python/3.10.8/x64/bin/python3.10 && sleep 0'
Using module file /home/runners/.ansible/collections/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_op.py
<XX.XX.XX.XX> PUT /home/runners/.ansible/tmp/ansible-local-3649no1gltbg/tmpduhjtz2w TO /home/runners/.ansible/tmp/ansible-tmp-1668465228.5914114-3653-188195413439237/AnsiballZ_panos_op.py
<XX.XX.XX.XX> EXEC /bin/sh -c 'chmod u+x /home/runners/.ansible/tmp/ansible-tmp-1668465228.5914114-3653-188195413439237/ /home/runners/.ansible/tmp/ansible-tmp-1668465228.5914114-3653-188195413439237/AnsiballZ_panos_op.py && sleep 0'
<XX.XX.XX.XX> EXEC /bin/sh -c '/usr/bin/python3 /home/runners/.ansible/tmp/ansible-tmp-1668465228.5914114-3653-188195413439237/AnsiballZ_panos_op.py && sleep 0'
<XX.XX.XX.XX> EXEC /bin/sh -c 'rm -f -r /home/runners/.ansible/tmp/ansible-tmp-1668465228.5914114-3653-188195413439237/ > /dev/null 2>&1 && sleep 0'
fatal: [FW]: FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "invocation": {
        "module_args": {
            "api_key": null,
            "cmd": "show interface logical",
            "cmd_is_xml": false,
            "ignore_disconnect": null,
            "ip_address": null,
            "password": null,
            "port": 443,
            "provider": {
                "api_key": null,
                "ip_address": "XX.XX.XX.XX",
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "port": 443,
                "serial_number": null,
                "username": "***"
            },
            "username": "admin",
            "vsys": "vsys1"
        }
    },
    "msg": "Missing required libraries."
}

Steps to reproduce

task use in playbook

- name: show list of all interfaces
  paloaltonetworks.panos.panos_op:
     provider: '{{ palo_provider }}'
     cmd: "show interface logical"
  register: show_interface_logical

Context

Execute python scripts via Entreprise Github Actions with several call to ansible-playbook.

Your Environment

ansible --version

ansible-playbook [core 2.13.6]
  config file = None
  configured module search path = ['/home/runners/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/actions-runner/_work/_tool/Python/3.10.8/x64/lib/python3.10/site-packages/ansible
  ansible collection location = /home/runners/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/actions-runner/_work/_tool/Python/3.10.8/x64/bin/ansible-playbook
  python version = 3.10.8 (main, Oct 18 2022, 06:43:21) [GCC 9.4.0]
  jinja version = 3.1.2
  libyaml = True

pip list

Package            Version
------------------ ---------
ansible            6.6.0
ansible-core       2.13.6
ansible-pylibssh   1.0.0
ansicolors         1.1.8
bcrypt             4.0.1
certifi            2022.9.24
cffi               1.15.1
charset-normalizer 2.1.1
cryptography       38.0.3
future             0.18.2
idna               3.4
Jinja2             3.1.2
MarkupSafe         2.1.1
ntc-templates      3.1.0
numpy              1.23.4
packaging          21.3
pan-os-python      1.7.3
pan-python         0.17.0
pandas             1.5.1
pandevice          0.14.0
paramiko           2.12.0
pip                22.3.1
pycparser          2.21
PyNaCl             1.5.0
pyparsing          3.0.9
python-dateutil    2.8.2
python-dotenv      0.21.0
pytz               2022.6
PyYAML             6.0
requests           2.28.1
resolvelib         0.8.1
setuptools         63.2.0
six                1.16.0
termcolor          2.1.0
textfsm            1.1.3
urllib3            1.26.12
xmltodict          0.13.0

ansible-galaxy collection list

# /home/runners/.ansible/collections/ansible_collections
Collection             Version
---------------------- -------
ansible.netcommon      4.1.0  
ansible.utils          2.7.0  
cisco.ios              4.0.0  
paloaltonetworks.panos 2.12.0 

# /opt/actions-runner/_work/_tool/Python/3.10.8/x64/lib/python3.10/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    3.5.0  
ansible.netcommon             3.1.3  
ansible.posix                 1.4.0  
ansible.utils                 2.7.0  
ansible.windows               1.12.0 
arista.eos                    5.0.1  
awx.awx                       21.8.0 
azure.azcollection            1.14.0 
check_point.mgmt              2.3.0  
chocolatey.chocolatey         1.3.1  
cisco.aci                     2.3.0  
cisco.asa                     3.1.0  
cisco.dnac                    6.6.0  
cisco.intersight              1.0.20 
cisco.ios                     3.3.2  
cisco.iosxr                   3.3.1  
cisco.ise                     2.5.8  
cisco.meraki                  2.11.0 
cisco.mso                     2.1.0  
cisco.nso                     1.0.3  
cisco.nxos                    3.2.0  
cisco.ucs                     1.8.0  
cloud.common                  2.1.2  
cloudscale_ch.cloud           2.2.2  
community.aws                 3.6.0  
community.azure               1.1.0  
community.ciscosmb            1.0.5  
community.crypto              2.8.1  
community.digitalocean        1.22.0 
community.dns                 2.4.0  
community.docker              2.7.1  
community.fortios             1.0.0  
community.general             5.8.0  
community.google              1.0.0  
community.grafana             1.5.3  
community.hashi_vault         3.4.0  
community.hrobot              1.6.0  
community.libvirt             1.2.0  
community.mongodb             1.4.2  
community.mysql               3.5.1  
community.network             4.0.1  
community.okd                 2.2.0  
community.postgresql          2.3.0  
community.proxysql            1.4.0  
community.rabbitmq            1.2.3  
community.routeros            2.3.1  
community.sap                 1.0.0  
community.sap_libs            1.3.0  
community.skydive             1.0.0  
community.sops                1.4.1  
community.vmware              2.10.1 
community.windows             1.11.1 
community.zabbix              1.8.0  
containers.podman             1.9.4  
cyberark.conjur               1.2.0  
cyberark.pas                  1.0.14 
dellemc.enterprise_sonic      1.1.2  
dellemc.openmanage            5.5.0  
dellemc.os10                  1.1.1  
dellemc.os6                   1.0.7  
dellemc.os9                   1.0.4  
f5networks.f5_modules         1.20.0 
fortinet.fortimanager         2.1.6  
fortinet.fortios              2.1.7  
frr.frr                       2.0.0  
gluster.gluster               1.0.2  
google.cloud                  1.0.2  
hetzner.hcloud                1.8.2  
hpe.nimble                    1.1.4  
ibm.qradar                    2.1.0  
ibm.spectrum_virtualize       1.10.0 
infinidat.infinibox           1.3.7  
infoblox.nios_modules         1.4.0  
inspur.ispim                  1.2.0  
inspur.sm                     2.3.0  
junipernetworks.junos         3.1.0  
kubernetes.core               2.3.2  
lowlydba.sqlserver            1.0.4  
mellanox.onyx                 1.0.0  
netapp.aws                    21.7.0 
netapp.azure                  21.10.0
netapp.cloudmanager           21.21.0
netapp.elementsw              21.7.0 
netapp.ontap                  21.24.1
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0 
netapp_eseries.santricity     1.3.1  
netbox.netbox                 3.8.1  
ngine_io.cloudstack           2.2.4  
ngine_io.exoscale             1.0.0  
ngine_io.vultr                1.1.2  
openstack.cloud               1.10.0 
openvswitch.openvswitch       2.1.0  
ovirt.ovirt                   2.3.1  
purestorage.flasharray        1.14.0 
purestorage.flashblade        1.10.0 
purestorage.fusion            1.1.1  
sensu.sensu_go                1.13.1 
servicenow.servicenow         1.0.6  
splunk.es                     2.1.0  
t_systems_mms.icinga_director 1.31.4 
theforeman.foreman            3.7.0  
vmware.vmware_rest            2.2.0  
vultr.cloud                   1.3.0  
vyos.vyos                     3.0.1  
wti.remote                    1.0.4
welcome-to-palo-alto-networks[bot] commented 1 year ago

:tada: Thanks for opening your first issue here! Welcome to the community!

rbolze commented 1 year ago

finally, not really a bug in panos_op module. the issue was with the python interpreter which was not set correctly.

more details here : paloalto LIVEcommunity

I would suggest to update the failure message in _panos_op.py_ with something more accurage like : 

    if not HAS_LIB:
        module.fail_json(msg="Missing required libraries xmltodict")
shinmog commented 1 year ago

Ok, closing out this issue then :)