12-09-2017 08:30 AM
Hello Friends,
I am new in terms of automation things, I belong to Cisco Network and Secuirty world, however I am learning and implementing Ansible taking help from documents but still no sucess - I still unable to Push Playbook config to directly my Palato Firewall -
I have installed asnible - below is version,
$ ansible --version
ansible 2.4.2.0
I created an new playbook configuration (Config pasted in last), while I executed playbook "palo_2.yml" find below output, I am pretty sure I am missing critical part which prevents connecting my playbook with to my Firewall - I also red http://panwansible.readthedocs.io/en/latest/readme.html but did not underatand the concept.
I would appreciate if anyone can share configuration of from scratch Step to Step - how to connect Anible to Palo Alto Firewall - what and how to install patches -
$ ansible-playbook palo_2.yml
PLAY [palo] ************************************************************************************************************
TASK [PaloAltoNetworks.paloaltonetworks : pip] *************************************************************************
changed: [10.1.1.1]
TASK [PaloAltoNetworks.paloaltonetworks : pip] *************************************************************************
changed: [10.1.1.1]
TASK [PaloAltoNetworks.paloaltonetworks : pip] *************************************************************************
changed: [10.1.1.1]
TASK [include variables (free-form)] ***********************************************************************************
ok: [10.1.1.1]
TASK [create an address group in devicegroup using API key] ************************************************************
fatal: [10.1.1.1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'LUFRPT1QVWxBZ2tZWkVCMlpmSW1IVnFhY1I4eVdsdjQ9WXpwZC9GY3NlYUIwN2ZaNm9Ca2J0QT09' is undefined\n\nThe error appears to have been in '/home/kaijaz/Development/ansible-personal-servers/palo_2.yml': line 15, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: create an address group in devicegroup using API key\n ^ here\n\nexception type: <class 'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'LUFRPT1QVWxBZ2tZWkVCMlpmSW1IVnFhY1I4eVdsdjQ9WXpwZC9GY3NlYUIwN2ZaNm9Ca2J0QT09' is undefined"}
to retry, use: --limit @/home/kaijaz/Development/ansible-personal-servers/palo_2.retry
PLAY RECAP *************************************************************************************************************
10.1.1.1 : ok=4 changed=3 unreachable=0 failed=1
--------------------
Playbook Configuration
---
- hosts: palo
gather_facts: no
connection: local
roles:
- role: PaloAltoNetworks.paloaltonetworks
tasks:
- name: include variables (free-form)
include_vars: vars1.yml
no_log: 'yes'
- name: create an address group in devicegroup using API key
panos_object:
ip_address: '{{ 10.20.20.20 }}'
api_key: '{{ LUFRPT1QVWxBZ2tZWkVCMlpmSW1IVnFhY1I4eVdsdjQ9WXpwZC9GY3NlYUIwN2ZaNm9Ca2J0QT09 }}'
operation: 'add'
addressgroup: 'ANSIBLE'
static_value: ['prod-db1', 'prod-db2', 'prod-db3']
description: 'ASIBLE TESTING'
tag_name: 'ANS'
devicegroup: 'ANSIBLE Firewalls'
~ ~ ~ ~ "palo_2.yml" 25L, 665C
Thank You
KM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
