12-14-2020 10:57 AM
Hi,
Some time ago, I've started PaloAlto automation using ansible. At first I've used roles, and everything worked fine, but it's no longer supported, so I decided to use collections.
I'm using Ansible 2.9.6, installed on Ubuntu 20.04LTS
I've installed things like python3, python2, pip3, pip, pan-python, pandevice, xmltodict, because I found them in various topics on the Internet. Of course PaloAlto collections are installed.
This is sample playbook:
This is complete output when I'm trying to execute it:
rafal@ansible2:~/ansible-playbooks$ ansible-playbook -i inventory test.yml -vvvv
[WARNING]: Ansible is being run in a world writable directory (/home/rafal/ansible-playbooks), ignoring it as an ansible.cfg source. For more information see
https://docs.ansible.com/ansible/devel/reference_appendices/config.html#cfg-in-world-writable-dir
ansible-playbook 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/rafal/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/rafal/ansible-playbooks/inventory as it did not pass its verify_file() method
auto declined parsing /home/rafal/ansible-playbooks/inventory as it did not pass its verify_file() method
Parsed /home/rafal/ansible-playbooks/inventory inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3/dist-packages/ansible/plugins/callback/default.py
PLAYBOOK: test.yml **************************************************************************************************************************************************************************************************************
Positional arguments: test.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/home/rafal/ansible-playbooks/inventory',)
forks: 5
1 plays in test.yml
PLAY [firewall] *****************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************
task path: /home/rafal/ansible-playbooks/test.yml:1
<firewall> ESTABLISH LOCAL CONNECTION FOR USER: rafal
<firewall> EXEC /bin/sh -c 'echo ~rafal && sleep 0'
<firewall> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/rafal/.ansible/tmp/ansible-tmp-1607351929.5420492-71774171656156 `" && echo ansible-tmp-1607351929.5420492-71774171656156="` echo /home/rafal/.ansible/tmp/ansible-tmp-1607351929.5420492-71774171656156 `" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/system/setup.py
<firewall> PUT /home/rafal/.ansible/tmp/ansible-local-695740dg9g2ji8/tmp2h1dszns TO /home/rafal/.ansible/tmp/ansible-tmp-1607351929.5420492-71774171656156/AnsiballZ_setup.py
<firewall> EXEC /bin/sh -c 'chmod u+x /home/rafal/.ansible/tmp/ansible-tmp-1607351929.5420492-71774171656156/ /home/rafal/.ansible/tmp/ansible-tmp-1607351929.5420492-71774171656156/AnsiballZ_setup.py && sleep 0'
<firewall> EXEC /bin/sh -c '/usr/bin/python3 /home/rafal/.ansible/tmp/ansible-tmp-1607351929.5420492-71774171656156/AnsiballZ_setup.py && sleep 0'
<firewall> EXEC /bin/sh -c 'rm -f -r /home/rafal/.ansible/tmp/ansible-tmp-1607351929.5420492-71774171656156/ > /dev/null 2>&1 && sleep 0'
ok: [firewall]
META: ran handlers
TASK [Add the service object to the firewall first] *****************************************************************************************************************************************************************************
task path: /home/rafal/ansible-playbooks/test.yml:11
<firewall> ESTABLISH LOCAL CONNECTION FOR USER: rafal
<firewall> EXEC /bin/sh -c 'echo ~rafal && sleep 0'
<firewall> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/rafal/.ansible/tmp/ansible-tmp-1607351930.6893418-59552147610272 `" && echo ansible-tmp-1607351930.6893418-59552147610272="` echo /home/rafal/.ansible/tmp/ansible-tmp-1607351930.6893418-59552147610272 `" ) && sleep 0'
Using module file /home/rafal/.ansible/collections/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_service_object.py
<firewall> PUT /home/rafal/.ansible/tmp/ansible-local-695740dg9g2ji8/tmpf4v_kjda TO /home/rafal/.ansible/tmp/ansible-tmp-1607351930.6893418-59552147610272/AnsiballZ_panos_service_object.py
<firewall> EXEC /bin/sh -c 'chmod u+x /home/rafal/.ansible/tmp/ansible-tmp-1607351930.6893418-59552147610272/ /home/rafal/.ansible/tmp/ansible-tmp-1607351930.6893418-59552147610272/AnsiballZ_panos_service_object.py && sleep 0'
<firewall> EXEC /bin/sh -c '/usr/bin/python3 /home/rafal/.ansible/tmp/ansible-tmp-1607351930.6893418-59552147610272/AnsiballZ_panos_service_object.py && sleep 0'
<firewall> EXEC /bin/sh -c 'rm -f -r /home/rafal/.ansible/tmp/ansible-tmp-1607351930.6893418-59552147610272/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/home/rafal/.ansible/tmp/ansible-tmp-1607351930.6893418-59552147610272/AnsiballZ_panos_service_object.py", line 102, in <module>
_ansiballz_main()
File "/home/rafal/.ansible/tmp/ansible-tmp-1607351930.6893418-59552147610272/AnsiballZ_panos_service_object.py", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/rafal/.ansible/tmp/ansible-tmp-1607351930.6893418-59552147610272/AnsiballZ_panos_service_object.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible_collections.paloaltonetworks.panos.plugins.modules.panos_service_object', init_globals=None, run_name='__main__', alter_sys=True)
File "/usr/lib/python3.8/runpy.py", line 207, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code
_run_code(code, mod_globals, init_globals,
File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/tmp/ansible_panos_service_object_payload_pzcqz4dd/ansible_panos_service_object_payload.zip/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_service_object.py", line 174, in <module>
File "/tmp/ansible_panos_service_object_payload_pzcqz4dd/ansible_panos_service_object_payload.zip/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_service_object.py", line 137, in main
File "/tmp/ansible_panos_service_object_payload_pzcqz4dd/ansible_panos_service_object_payload.zip/ansible_collections/paloaltonetworks/panos/plugins/module_utils/panos.py", line 127, in get_pandevice_parent
TypeError: deprecate() got an unexpected keyword argument 'collection_name'
fatal: [firewall]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File \"/home/rafal/.ansible/tmp/ansible-tmp-1607351930.6893418-59552147610272/AnsiballZ_panos_service_object.py\", line 102, in <module>\n _ansiballz_main()\n File \"/home/rafal/.ansible/tmp/ansible-tmp-1607351930.6893418-59552147610272/AnsiballZ_panos_service_object.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/rafal/.ansible/tmp/ansible-tmp-1607351930.6893418-59552147610272/AnsiballZ_panos_service_object.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible_collections.paloaltonetworks.panos.plugins.modules.panos_service_object', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib/python3.8/runpy.py\", line 207, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.8/runpy.py\", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib/python3.8/runpy.py\", line 87, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_panos_service_object_payload_pzcqz4dd/ansible_panos_service_object_payload.zip/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_service_object.py\", line 174, in <module>\n File \"/tmp/ansible_panos_service_object_payload_pzcqz4dd/ansible_panos_service_object_payload.zip/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_service_object.py\", line 137, in main\n File \"/tmp/ansible_panos_service_object_payload_pzcqz4dd/ansible_panos_service_object_payload.zip/ansible_collections/paloaltonetworks/panos/plugins/module_utils/panos.py\", line 127, in get_pandevice_parent\nTypeError: deprecate() got an unexpected keyword argument 'collection_name'\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
PLAY RECAP **********************************************************************************************************************************************************************************************************************
firewall : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
firewall.yml file is in ~/ansible-playbooks/host_vars, and it contains ip_address, username and password.
What am I doing wrong?
12-14-2020 11:55 AM
Try with Ansible 2.9.10 due to: https://github.com/PaloAltoNetworks/pan-os-ansible/releases/tag/v2.0.0
12-14-2020 11:55 AM
Try with Ansible 2.9.10 due to: https://github.com/PaloAltoNetworks/pan-os-ansible/releases/tag/v2.0.0
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
