- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-22-2019 11:32 AM
Hi All,
This is another issue I am encounting with PANOS Ansible's module. This time when using "PANOS_OP" into Panorama to add a static address into a group. This is the error I am getting when executing "cmd: set device-group MYCLOUD address-group MYCLOUD-GRP-1 static SMTP-10.10.20.30" in playbook:
fatal: [10.10.10.10]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"cmd": "set device-group MYCLOUD address-group MYCLOUD-GRP-1 static SMTP-10.10.20.30",
"cmd_is_xml": false,
"ip_address": "10.10.10.10",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"username": "pan_ansible"
}
}
}
MSG:
Failed to run command : set device-group MYCLOUD address-group MYCLOUD-GRP-1 static "CLOUD-10.10.20.30" : set -> device-group is unexpected
Let me know what is the solution to add more IP addresses to an Address group.
Thanks,
Roberto
My playbook is pretty simple; however, I am unable to find the error.
Thanks,
Roberto
05-28-2019 06:30 AM
Please make sure you are using the Ansible modules for PAN-OS that are published to Ansible Galaxy.
https://galaxy.ansible.com/paloaltonetworks/paloaltonetworks
The modules bundles with Ansible Engine are old and are being deprecated. The modules in Ansible Galaxy have all the latest features and bug fixes.
Regards,
-Bob-
05-28-2019 09:56 AM
Hi Bob,
I did install and reinstall PANOS galaxy many times before; however the error still happening. Here is my playbook:
---
- name: Adding IP address to an address group
connection: local
hosts: sfopanorama
gather_facts: yes
vars:
description: 'Task_Number_1234567'
firewall_host: '10.10.10.10'
server_address: '10.10.1.3'
address_group: 'MYTTP-GW-2'
dev_group: 'MLG'
address_mask: 'ip-netmask'
roles:
- role: PaloAltoNetworks.paloaltonetworks
tasks:
- name: Add IP Address to Address Group {{ dev_group }}
panos_op:
ip_address: '{{ firewall_host }}'
username: '{{ pan_username }}'
password: '{{ pan_password }}'
cmd: 'configure'
cmd: 'set device-group {{ dev_group }} address-group {{ address_group }} static SMTP-{{ server_address }}'
register: result_output2
I tried with and without the "configure" option, and changing the way the "set device-group" options; However, none of them works.
This is the only solution that can solve the "Panos_address_group" problem that I mentioned earlier. If only I can make it work.
Thanks,
Roberto
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!