06-04-2020 03:25 PM
Hello Experts,
I am trying to add a static route in a PAN FW using the Palo Alto module panos_static_route.
Here is the variable file:
user@C02X67V3JG5J ➜ FW git:(master) ✗ $ cat host_vars/lap-pva01.domain.com/routing.yml
routing:
static_route:
- name: 'Test-One'
destination: '1.1.1.1/32'
nexthop_type: 'none'
interface: 'tunnel.18'
virtual_router: 'VR_VPN'
state: 'present'
user@C02X67V3JG5J ➜ FW git:(master) ✗ $
Here is the role file:
user@C02X67V3JG5J ➜ FW git:(master) ✗ $ cat roles/routing/tasks/main.yml
---
- name: Static Routes
panos_static_route:
provider: '{{ cli }}'
state: '{{ item.state }}'
name: '{{ item.name }}'
destination: "{{ item.destination }}"
interface: "{{ item.interface | default (omit)}} "
nexthop: '{{ item.nexthop | default (omit) }}'
nexthop_type: '{{ item.nexthop_type }}'
virtual_router: '{{ item.virtual_router }}'
template: '{{ system.template }}'
loop: "{{ routing.static_route }}"
I am getting this error when trying to execute the Playbook.
user@C02X67V3JG5J ➜ FW git:(master) ✗ $ ansible-playbook main.yml --ask-vault-pass --tags routing
Vault password:
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user configurable on deprecation. This feature will be removed in version 2.10.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
What is your password?:
PLAY [FW Playbook] ***************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [lap-pva01.domain.com]
TASK [routing : Static Routes] ***************************************************************************************************************************************************************************************************************
failed: [lap-pva01.domain.com] (item={'name': 'Test-One', 'destination': '1.1.1.1/32', 'nexthop_type': 'none', 'interface': 'tunnel.18', 'virtual_router': 'VR_VPN', 'state': 'present'}) => {"ansible_loop_var": "item", "changed": false, "item": {"destination": "1.1.1.1/32", "interface": "tunnel.18", "name": "Test-One", "nexthop_type": "none", "state": "present", "virtual_router": "VR_VPN"}, "msg": "Failed create: Test-One -> interface 'tunnel.18 ' is not a valid reference\n Test-One -> interface is invalid"}
PLAY RECAP ***********************************************************************************************************************************************************************************************************************************
lap-pva01.domain.com : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
user@C02X67V3JG5J ➜ FW git:(master) ✗ $
Please note that I have other module(address,service,zone,VPN) configuration in the same Playbooks as different roles. They all are working fine. I am facing issue with only 'panos_static_route' module.
I have already read the documentation at "https://ansible-pan.readthedocs.io/en/latest/modules/panos_static_route_module.html", but that doesn't answer my issue.
I can share the entire Playbook if you need.
06-05-2020 01:08 AM
You are right it is not in your variables files, but the whitespace is actually in the module param, as you can see after the final curly brace.
@BPry - Was on the right path here, because the feedback from ansible is key here to how Ansible is receiving the string.
Try removing the whitespace and then re-rerun the playbook and let us know how you go.
Thanks,
Daniel.
06-04-2020 04:49 PM
failed:"msg": "Failed create: Test-One -> interface 'tunnel.18 ' is not a valid reference\n Test-One -> interface is invalid"
Note the whitespace trailing tunnel.18 in the quote
06-04-2020 07:40 PM
@BPry , Here is my variable YAML file. There is not trailing whitespace:
user@C02X67V3JG5J ➜ FW git:(master) ✗ $ cat host_vars/lap-pva01.domain.com/routing.yml
routing:
static_route:
- name: 'Test-One'
destination: '1.1.1.1/32'
nexthop_type: 'none'
interface: 'tunnel.18'
virtual_router: 'VR_VPN'
state: 'present'
user@C02X67V3JG5J ➜ FW git:(master) ✗ $
06-05-2020 01:08 AM
You are right it is not in your variables files, but the whitespace is actually in the module param, as you can see after the final curly brace.
@BPry - Was on the right path here, because the feedback from ansible is key here to how Ansible is receiving the string.
Try removing the whitespace and then re-rerun the playbook and let us know how you go.
Thanks,
Daniel.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
