"set" instructions not working when using Ansible PANOS_OP to update Panorama Addresses group

Reply
L1 Bithead

"set" instructions not working when using Ansible PANOS_OP to update Panorama Addresses group

Hi All,

 

This is another issue I am encounting with PANOS Ansible's module. This time when using "PANOS_OP" into Panorama to add a static address into a group. This is the error I am getting when executing "cmd: set device-group MYCLOUD address-group MYCLOUD-GRP-1 static SMTP-10.10.20.30" in playbook:

 

fatal: [10.10.10.10]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"cmd": "set device-group MYCLOUD address-group MYCLOUD-GRP-1 static SMTP-10.10.20.30",
"cmd_is_xml": false,
"ip_address": "10.10.10.10",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"username": "pan_ansible"
}
}
}

MSG:

Failed to run command : set device-group MYCLOUD address-group MYCLOUD-GRP-1 static "CLOUD-10.10.20.30" : set -> device-group is unexpected

 

Let me know what is the solution to add more IP addresses to an Address group.

Thanks,

Roberto

 

My playbook is pretty simple; however, I am unable to find the error.

Thanks,

Roberto

L3 Networker

Re: "set" instructions not working when using Ansible PANOS_OP to update Panorama Addresse

Please make sure you are using the Ansible modules for PAN-OS that are published to Ansible Galaxy.

 

https://galaxy.ansible.com/paloaltonetworks/paloaltonetworks

 

The modules bundles with Ansible Engine are old and are being deprecated.  The modules in Ansible Galaxy have all the latest features and bug fixes.

 

Regards,

-Bob-

L1 Bithead

Re: "set" instructions not working when using Ansible PANOS_OP to update Panorama Addresse

Hi Bob,

I did install and reinstall PANOS galaxy many times before; however the error still happening. Here is my playbook:

 

---
- name: Adding IP address to an address group
connection: local
hosts: sfopanorama
gather_facts: yes
vars:
description: 'Task_Number_1234567'
firewall_host: '10.10.10.10'
server_address: '10.10.1.3'
address_group: 'MYTTP-GW-2'
dev_group: 'MLG'
address_mask: 'ip-netmask'

 

roles:
- role: PaloAltoNetworks.paloaltonetworks

 

tasks:
- name: Add IP Address to Address Group {{ dev_group }}
panos_op:
ip_address: '{{ firewall_host }}'
username: '{{ pan_username }}'
password: '{{ pan_password }}'
cmd: 'configure'
cmd: 'set device-group {{ dev_group }} address-group {{ address_group }} static SMTP-{{ server_address }}'
register: result_output2

 

I tried with and without the "configure" option, and changing the way the "set device-group" options; However, none of them works.

This is the only solution that can solve the "Panos_address_group" problem that I mentioned earlier. If only I can make it work.

Thanks,

Roberto

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!