"set" instructions not working when using Ansible PANOS_OP to update Panorama Addresses group

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

"set" instructions not working when using Ansible PANOS_OP to update Panorama Addresses group

L1 Bithead

Hi All,

 

This is another issue I am encounting with PANOS Ansible's module. This time when using "PANOS_OP" into Panorama to add a static address into a group. This is the error I am getting when executing "cmd: set device-group MYCLOUD address-group MYCLOUD-GRP-1 static SMTP-10.10.20.30" in playbook:

 

fatal: [10.10.10.10]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"cmd": "set device-group MYCLOUD address-group MYCLOUD-GRP-1 static SMTP-10.10.20.30",
"cmd_is_xml": false,
"ip_address": "10.10.10.10",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"username": "pan_ansible"
}
}
}

MSG:

Failed to run command : set device-group MYCLOUD address-group MYCLOUD-GRP-1 static "CLOUD-10.10.20.30" : set -> device-group is unexpected

 

Let me know what is the solution to add more IP addresses to an Address group.

Thanks,

Roberto

 

My playbook is pretty simple; however, I am unable to find the error.

Thanks,

Roberto

2 REPLIES 2

L3 Networker

Please make sure you are using the Ansible modules for PAN-OS that are published to Ansible Galaxy.

 

https://galaxy.ansible.com/paloaltonetworks/paloaltonetworks

 

The modules bundles with Ansible Engine are old and are being deprecated.  The modules in Ansible Galaxy have all the latest features and bug fixes.

 

Regards,

-Bob-

Hi Bob,

I did install and reinstall PANOS galaxy many times before; however the error still happening. Here is my playbook:

 

---
- name: Adding IP address to an address group
connection: local
hosts: sfopanorama
gather_facts: yes
vars:
description: 'Task_Number_1234567'
firewall_host: '10.10.10.10'
server_address: '10.10.1.3'
address_group: 'MYTTP-GW-2'
dev_group: 'MLG'
address_mask: 'ip-netmask'

 

roles:
- role: PaloAltoNetworks.paloaltonetworks

 

tasks:
- name: Add IP Address to Address Group {{ dev_group }}
panos_op:
ip_address: '{{ firewall_host }}'
username: '{{ pan_username }}'
password: '{{ pan_password }}'
cmd: 'configure'
cmd: 'set device-group {{ dev_group }} address-group {{ address_group }} static SMTP-{{ server_address }}'
register: result_output2

 

I tried with and without the "configure" option, and changing the way the "set device-group" options; However, none of them works.

This is the only solution that can solve the "Panos_address_group" problem that I mentioned earlier. If only I can make it work.

Thanks,

Roberto

  • 4460 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!