ansible panos_dag_tags causes Panorama to crash.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

ansible panos_dag_tags causes Panorama to crash.

L0 Member

Hi PA devops! I'm trying to automate adding addresses and then adding tags to them. The first part succeeds but the second part causes Panorama to become unresponsive. I am wondering if I'm doing something dumb, or if this is a bug? I'm on Panorama v7.1.6. Here's my playbook:

 

- name: Get input from user
  hosts: panorama
  connection: local
  vars_prompt:
    - name: "pan_user"
      prompt: "Panorama Username"
      private: no
    - name: "pan_pass"
      prompt: "Panorama Password"
      private: yes
    - name: "new_address_cidr"
      prompt: "Address in CIDR notation"
      private: no
    - name: "new_address_tag"
      prompt: "Address Tag: (webserver, linux, windows, rdp, ssh)"
      private: no
    - name: "addr_name"
      prompt: "Friendly name for the address"
      private: no

  roles:
    - role: PaloAltoNetworks.paloaltonetworks

  tasks:
    - name: Create address object
      panos_object:
        ip_address: "{{ inventory_hostname }}"
        username: "{{ pan_user }}"
        password: "{{ pan_pass }}"
        address_type: "ip-netmask"
        devicegroup: "PA-5000s"
        operation: "add"
        address: "{{ new_address_cidr }}"
        description: "{{ addr_name }}"
        addressobject: "{{ addr_name }}"
      ignore_errors: yes #Will fail if it already exists.
      register: add_result

    - name: commit change
      when: add_result|succeeded
      panos_commit:
        ip_address: "{{ inventory_hostname }}"
        username: "{{ pan_user }}"
        password: "{{ pan_pass }}"
        devicegroup: "PA-5000s"

    - name: Create the tags to map IP addresses
      panos_dag_tags:
        ip_address: "{{ inventory_hostname }}"
        username: "{{ pan_user }}"
        password: "{{ pan_pass }}"
        ip_to_register: "{{ new_address_cidr }}"
        tag_names: "{{ new_address_tag }}"
        operation: 'add'
      tags: "add-dagip"

And here's the ansible-playbook output. :

TASK [Create address object] *****************************************************************************************
changed: [10.7.2.7]

TASK [commit change] *************************************************************************************************
changed: [10.7.2.7]

TASK [Create the tags to map IP addresses] ***************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: TypeError: Value of unknown type: <class 'pandevice.errors.PanURLError'>, URLError: code: 502 reason: Bad Gateway
fatal: [10.7.2.7]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_in3rPq/ansible_module_panos_dag_tags.py\", line 202, in <module>\n    main()\n  File \"/tmp/ansible_in3rPq/ansible_module_panos_dag_tags.py\", line 191, in main\n    module.fail_json(msg=exc)\n  File \"/tmp/ansible_in3rPq/ansible_modlib.zip/ansible/module_utils/basic.py\", line 1993, in fail_json\n  File \"/tmp/ansible_in3rPq/ansible_modlib.zip/ansible/module_utils/basic.py\", line 1973, in _return_formatted\n  File \"/tmp/ansible_in3rPq/ansible_modlib.zip/ansible/module_utils/basic.py\", line 414, in remove_values\n  File \"/tmp/ansible_in3rPq/ansible_modlib.zip/ansible/module_utils/basic.py\", line 414, in <genexpr>\n  File \"/tmp/ansible_in3rPq/ansible_modlib.zip/ansible/module_utils/basic.py\", line 425, in remove_values\nTypeError: Value of unknown type: <class 'pandevice.errors.PanURLError'>, URLError: code: 502 reason: Bad Gateway\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 0}
	to retry, use: --limit @/home/sgardne/ansible/tag_address.retry

PLAY RECAP ***********************************************************************************************************
10.7.2.7                   : ok=6    changed=2    unreachable=0    failed=1   

It looks to me like the web service is crashing and restarting, but I'm not sure. Anyone have any insight here? Thanks!

1 REPLY 1

L5 Sessionator

I believe user-id on Panorama wasn't supported until...  8.0..?  9.0...?  I know for sure that 7.1 is too early.  Just need to upgrade your Panorama a bit.

  • 2290 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!