Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-09-2022 01:37 PM
"Could not get vsys info for device xxxx in dg xxxx" when using panos_commit_push module in Ansible.
Commit and push via Panorama GUI is successful.
09-10-2022 01:15 AM
Hi @hbui01, could you share (redacted) the relevant code snippets please? And describe the equivalent Panorama GUI clicks you are performing and looking to replicate? Thanks!
09-12-2022 08:32 AM
09-12-2022 09:16 AM
Hi @hbui01, I can't see any code I am afraid.
Just FYI:
The commit in the GUI is the same as https://paloaltonetworks.github.io/pan-os-ansible/modules/panos_commit_panorama_module.html
The push in the GUI is the same as https://paloaltonetworks.github.io/pan-os-ansible/modules/panos_commit_push_module.html
The "commit and push" is the same as doing both of those two modules listed above, in that order.
09-13-2022 01:05 PM
Hi JimmyHolland,
I pasted code snippet.
- name: commit config on firewall panorama
panos_commit_push:
provider: '{{ provider }}'
style: 'device group'
name: '{{ device_groups }}'
description:
devices:
#- 000000000000
#- '{{ device_groups }}'
- 000000000000
- 000000000000
Panos_commit_panorama is successful but panos_commit_push is not.
Thank you.
09-14-2022 03:39 AM
Hi @hbui01, I was able to get the same error ("Could not get vsys info for device 012345678903 in dg lab-device-group") by trying to list a device serial number which was not in the device group, have you by chance done the same thing?
- name: commit config on firewall panorama
panos_commit_push:
provider: "{{ provider }}"
style: "device group"
name: "{{ device_group }}" <- The DeviceGroup referenced only has two firewalls
description:
devices:
- 012345678901 <- This firewall is in the DevceGroup referenced above
- 012345678902 <- This firewall is in the DevceGroup referenced above
- 012345678903 <- This firewall is NOT in the DevceGroup referenced above
I also noticed that your value for the name parameter is a variable called device_groups, (not singular device_group) please note that the name parameter is expecting a single string, not a list of strings, so we are looking for a single device group to be passed in. This is what led me to test a device serial number which was in a different device group to that specified in the name parameter.
Hope that helps!
09-14-2022 01:25 PM
Hi JimmyHolland,
Thank you. We are still receiving error message even with modifying value for name parameter and ensuring our device serial numbers are in the device-group.
- name: commit config on firewall panorama
panos_commit_push:
provider: '{{ provider }}'
style: 'device group'
name: 'LAS-DMZ'
description:
devices:
- 012345678901
- 012345678902
09-14-2022 01:41 PM
Hi @hbui01, what error message do you get now?
09-14-2022 01:45 PM
Hi JimmyHolland,
Still receiving the same error message ""Could not get vsys info for device 012345678903 in dg lab-device-group").
Thank you.
09-15-2022 12:08 AM
The only way I can replicate that error is with a serial number that does not match the Device Group, can you double check everything? Are the managed firewalls definitely connected too? Otherwise, I would engage your Palo Alto Networks point of contact, and share this conversation with them
09-15-2022 08:27 AM
Hi JimmyHolland,
I have a case open with Palo Alto Networks. I have double-checked device serial numbers are showing as part of the device-group, managed, and connected.
Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
