Trying to turn of Preemption via Ansible Playbook failure

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Trying to turn of Preemption via Ansible Playbook failure

L1 Bithead

I am working on an ansible playbook for upgrading our Palo Alto Firewall, and one of the requirements that we have is that I have to disable Preemption.  I have not been able to find any examples of this so I have been working on creating my own task to add to the excellent examples that have been provided (https://github.com/PaloAltoNetworks/ansible-playbooks).  Here is my task so far:

 

  tasks:
    - name: Disable preemption on primary device
      paloaltonetworks.panos.panos_type_cmd:
        provider: '{{ primary }}'
        cmd: 'set'
        xpath: |
          /config/devices/entry[@name='localhost.localdomain']
          /deviceconfig/high-availability/group/election-option
        element: |
          <election-option>
            <preemptive>no
            </preemptive>
          </election-option>
 
When I run this task I get the following error:
FAILED! => {"changed": false, "msg": "set failed, may need to override template object first"}
 
And when I change to cmd to override I get the following error: 
FAILED! => {"changed": false, "msg": "Object cannot be overridden\n"}
Additionally the management plan becomes unresponsive for several minutes.
 
I'm sure I am doing something wrong and it is something simple that I am missing on this, but I'm so deep into the weeds on it that I can't see it anymore.
 
Thank you for the help.
 
 
1 accepted solution

Accepted Solutions

Hi @ryan.slater, here's the full playbook and output in case it helps...

 

Screenshot 2021-10-12 at 21.00.43.png

 

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

View solution in original post

5 REPLIES 5

L5 Sessionator

Hi @ryan.slater, I think it's a config format change you need. Try removing the election-option part of the xpath, leaving just 

/config/devices/entry[@name='localhost.localdomain']/deviceconfig/high-availability/group
Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

With this change doing a SET I get the following:

FAILED! => {"changed": false, "msg": " group -> election-option -> preemptive is invalid"}

 

And with OVERRIDE I get the following:

FAILED! => {"changed": false, "msg": "Object cannot be overridden\n"}

 

If I add a "/" to the end of the XPATH (/config/devices/entry[@name='localhost.localdomain']/deviceconfig/high-availability/group/) I still have the same errors as I previously had in my past post.

Hi @ryan.slater, here's the full playbook and output in case it helps...

 

Screenshot 2021-10-12 at 21.00.43.png

 

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

Not sure what I must have typo'ed in my first attempt, but after copying your entry, it is now working on my side as expected.  Thank you very much for your help.

 

RS

Hey @ryan.slater ; could you explain more what you possibly fixed? Was it a line break issue or something?

  • 1 accepted solution
  • 4825 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!