Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-08-2018 10:08 PM
Hi,
I am having some issues with the panos_match_rule.py module. The details are below.
Any help would be appreciated.
Thanks.
COMPONENT NAME
panos_match_rule.py
ANSIBLE VERSION
ansible 2.5.2
config file = /var/lib/awx/projects/sccm_dp_tob_sr_v2/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, May 3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]
CONFIGURATION
DEFAULT_HOST_LIST(/var/lib/awx/projects/sccm_dp_tob_sr_v2/ansible.cfg) = [u'/var/lib/awx/projects/sccm_dp_to
HOST_KEY_CHECKING(/var/lib/awx/projects/sccm_dp_tob_sr_v2/ansible.cfg) = False
OS / ENVIRONMENT
PAN-OS 7.1.14
SUMMARY
Playbook fails when running playbook to check for the existence of an existing firewall rule
STEPS TO REPRODUCE
---
- hosts: palo_alto_sds
connection: local
gather_facts: no
environment:
PYTHONHTTPSVERIFY: '0'
tasks:
- name: <<< PA_Pre_Check >>> Matching Firewall Rule for IP(s) is already exist or not for Host Address
panos_match_rule:
ip_address: '10.10.10.104'
username: 'admin'
password: 'admin'
rule_type: 'security'
source_ip: '10.0.0.111'
destination_ip: '1.1.1.1'
destination_port: '443'
protocol: '6'
register: duplicate_host
EXPECTED RESULTS
Playbook able to run successfully and register variable "duplicate_host"
ACTUAL RESULTS
TASK [<<< PA_Pre_Check >>> Matching Firewall Rule for IP(s) is already exist or not for Host Address] **********************
task path: /var/lib/awx/projects/test-fw-rule/pa_pre_check.yml:10
Using module file /usr/lib/python2.7/site-packages/ansible/modules/network/panos/panos_match_rule.py
<10.10.10.104> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.10.10.104> EXEC /bin/sh -c 'echo ~ && sleep 0'
<10.10.10.104> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349 `" && echo ansible-tmp-1525428719.86-138760169373349="` echo /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349 `" ) && sleep 0'
<10.10.10.104> PUT /root/.ansible/tmp/ansible-local-4058kH9DBK/tmpe5Bz5F TO /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349/panos_match_rule.py
<10.10.10.104> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349/ /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349/panos_match_rule.py && sleep 0'
<10.10.10.104> EXEC /bin/sh -c 'PYTHONHTTPSVERIFY=0 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349/panos_match_rule.py && sleep 0'
<10.10.10.104> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
File "/tmp/ansible_WJfeij/ansible_module_panos_match_rule.py", line 360, in main
response = device.op(cmd=test_string, vsys=vsys_id)
File "/usr/lib/python2.7/site-packages/pandevice/firewall.py", line 175, in op
return super(Firewall, self).op(cmd, vsys, xml, cmd_xml, extra_qs, retry_on_peer)
File "/usr/lib/python2.7/site-packages/pandevice/base.py", line 3223, in op
element = self.xapi.op(cmd, vsys, cmd_xml, extra_qs, retry_on_peer=retry_on_peer)
File "/usr/lib/python2.7/site-packages/pandevice/base.py", line 3102, in method
raise the_exception
fatal: [10.10.10.104]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"application": null,
"category": null,
"destination_ip": "1.1.1.1",
"destination_port": 443,
"destination_zone": null,
"ip_address": "10.10.10.104",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"protocol": 6,
"rule_type": "security",
"source_ip": "10.0.0.111",
"source_port": null,
"source_user": null,
"source_zone": null,
"to_interface": null,
"username": "admin",
"vsys_id": "vsys1"
}
},
"msg": "ElementTree.fromstring ParseError: not well-formed (invalid token): line 44, column 20"
}
to retry, use: --limit @/var/lib/awx/projects/test-fw-rule/pa_pre_check.retry
PLAY RECAP *******************************************************************************************************************
10.10.10.104 : ok=0 changed=0 unreachable=0 failed=1
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
