Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

parse error in module panos_match_rule.py

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

parse error in module panos_match_rule.py

L0 Member

Hi,

 

I am having some issues with the panos_match_rule.py module. The details are below.

 

Any help would be appreciated.

Thanks.

 

 

COMPONENT NAME

 

panos_match_rule.py

 

ANSIBLE VERSION

ansible 2.5.2

  config file = /var/lib/awx/projects/sccm_dp_tob_sr_v2/ansible.cfg

  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']

  ansible python module location = /usr/lib/python2.7/site-packages/ansible

  executable location = /usr/bin/ansible

  python version = 2.7.5 (default, May  3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]

 

 

CONFIGURATION

 

DEFAULT_HOST_LIST(/var/lib/awx/projects/sccm_dp_tob_sr_v2/ansible.cfg) = [u'/var/lib/awx/projects/sccm_dp_to

 HOST_KEY_CHECKING(/var/lib/awx/projects/sccm_dp_tob_sr_v2/ansible.cfg) = False

 

OS / ENVIRONMENT

 

PAN-OS 7.1.14

 

SUMMARY

 

Playbook fails when running playbook to check for the existence of an existing firewall rule

 

STEPS TO REPRODUCE

 

---

- hosts: palo_alto_sds

  connection: local

  gather_facts: no

  environment:

    PYTHONHTTPSVERIFY: '0'

 

  tasks:

 

    - name: <<<  PA_Pre_Check  >>> Matching Firewall Rule for IP(s) is already exist or not for Host Address

      panos_match_rule:

        ip_address: '10.10.10.104'

        username: 'admin'

        password: 'admin'

        rule_type: 'security'

        source_ip: '10.0.0.111'

        destination_ip: '1.1.1.1'

        destination_port: '443'

        protocol: '6'

      register: duplicate_host

 

 

EXPECTED RESULTS

 

Playbook able to run successfully and register variable "duplicate_host"

 

ACTUAL RESULTS

TASK [<<< PA_Pre_Check  >>> Matching Firewall Rule for IP(s) is already exist or not for Host Address] **********************

task path: /var/lib/awx/projects/test-fw-rule/pa_pre_check.yml:10

Using module file /usr/lib/python2.7/site-packages/ansible/modules/network/panos/panos_match_rule.py

<10.10.10.104> ESTABLISH LOCAL CONNECTION FOR USER: root

<10.10.10.104> EXEC /bin/sh -c 'echo ~ && sleep 0'

<10.10.10.104> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349 `" && echo ansible-tmp-1525428719.86-138760169373349="` echo /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349 `" ) && sleep 0'

<10.10.10.104> PUT /root/.ansible/tmp/ansible-local-4058kH9DBK/tmpe5Bz5F TO /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349/panos_match_rule.py

<10.10.10.104> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349/ /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349/panos_match_rule.py && sleep 0'

<10.10.10.104> EXEC /bin/sh -c 'PYTHONHTTPSVERIFY=0 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349/panos_match_rule.py && sleep 0'

<10.10.10.104> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1525428719.86-138760169373349/ > /dev/null 2>&1 && sleep 0'

The full traceback is:

  File "/tmp/ansible_WJfeij/ansible_module_panos_match_rule.py", line 360, in main

    response = device.op(cmd=test_string, vsys=vsys_id)

  File "/usr/lib/python2.7/site-packages/pandevice/firewall.py", line 175, in op

    return super(Firewall, self).op(cmd, vsys, xml, cmd_xml, extra_qs, retry_on_peer)

  File "/usr/lib/python2.7/site-packages/pandevice/base.py", line 3223, in op

    element = self.xapi.op(cmd, vsys, cmd_xml, extra_qs, retry_on_peer=retry_on_peer)

  File "/usr/lib/python2.7/site-packages/pandevice/base.py", line 3102, in method

    raise the_exception

 

fatal: [10.10.10.104]: FAILED! => {

    "changed": false,

    "invocation": {

        "module_args": {

            "api_key": null,

            "application": null,

            "category": null,

            "destination_ip": "1.1.1.1",

            "destination_port": 443,

            "destination_zone": null,

            "ip_address": "10.10.10.104",

            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",

            "protocol": 6,

            "rule_type": "security",

            "source_ip": "10.0.0.111",

            "source_port": null,

            "source_user": null,

            "source_zone": null,

            "to_interface": null,

            "username": "admin",

            "vsys_id": "vsys1"

        }

    },

    "msg": "ElementTree.fromstring ParseError: not well-formed (invalid token): line 44, column 20"

}

        to retry, use: --limit @/var/lib/awx/projects/test-fw-rule/pa_pre_check.retry

 

PLAY RECAP *******************************************************************************************************************

10.10.10.104               : ok=0    changed=0    unreachable=0    failed=1

 

 

0 REPLIES 0
  • 1780 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!