08-02-2018 02:30 AM
Seek for solution to fix the problem. Thanks.
1)host vars:
ansible_user: user
ansible_password: xxxxxxxxxxxxx
ansible_connection: network_cli
ansible_network_os: panos
2)command:
ansible --vault-id /xxx/xxx/vault_key -i ./hosts xxxx -m ping
3)error output:
xxxxx | FAILED! => {
"msg": "network os panos is not supported"
}
08-02-2018 06:46 AM
The Ansible modules for PAN-OS do not currently support the network_cli connection method. Today these modules leverage the pandevice libraries to make API calls from the Ansible host. You'll need to change your connection type to localhost.
Example:
---
- name: Panorama configuration demo
hosts: localhost
connection: local
gather_facts: False
tasks:
- name: include variables
include_vars: vars.yml
no_log: 'yes'
- name: create a database server
panos_object:
ip_address: '{{ ip_address }}'
api_key: '{{ api_key }}'
addressobject: 'prod-db1'
address: '10.0.50.10'
description: "Database server 1"
Hope this helps!
08-02-2018 06:46 AM
The Ansible modules for PAN-OS do not currently support the network_cli connection method. Today these modules leverage the pandevice libraries to make API calls from the Ansible host. You'll need to change your connection type to localhost.
Example:
---
- name: Panorama configuration demo
hosts: localhost
connection: local
gather_facts: False
tasks:
- name: include variables
include_vars: vars.yml
no_log: 'yes'
- name: create a database server
panos_object:
ip_address: '{{ ip_address }}'
api_key: '{{ api_key }}'
addressobject: 'prod-db1'
address: '10.0.50.10'
description: "Database server 1"
Hope this helps!
08-02-2018 08:14 AM
When you saying currently/today, does that mean that there are any plans in the future to use network_cli insted of pandevice for ansible?
08-02-2018 09:41 AM
I'll defer to @gfreeman on that question. 🙂
08-02-2018 11:25 AM
Cool
Its always good to have as few dependenties as possible 🙂
08-03-2018 01:56 AM
Thanks a lot.
It works when change connection from 'network_cli' to 'local'.
Further questions in vars:
1) how to use the 'api_key', where should I deternmine the value of 'api_key'
2) include vars: vars.yml.
the location of vars.yml is the same with playbook.yml ?
08-03-2018 01:55 PM
The API key is basically a hash of your username and password. You can generate it on the firewall using a cURL command such as:
curl -X POST 'https://192.168.55.5/api?type=keygen&user=admin&password=paloalto'
You'll still want to safeguard the API key from exposure - just like a username and password. Using an API key just makes it one less field to worry about in your Ansible task definitions. You may want to place the key in a credentials.yml file and then encrypt it with Ansible Vault.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
