Unable to add static route using Ansible module panos_static_route

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Unable to add static route using Ansible module panos_static_route

L0 Member

Hello Experts,

 

I am trying to add a static route in a PAN FW using the Palo Alto module panos_static_route.

 

Here is the variable file:

 

user@C02X67V3JG5J ➜ FW git:(master) ✗ $ cat host_vars/lap-pva01.domain.com/routing.yml
routing:
static_route:
- name: 'Test-One'
destination: '1.1.1.1/32'
nexthop_type: 'none'
interface: 'tunnel.18'
virtual_router: 'VR_VPN'
state: 'present'
user@C02X67V3JG5J ➜ FW git:(master) ✗ $

 

Here is the role file:


user@C02X67V3JG5J ➜ FW git:(master) ✗ $ cat roles/routing/tasks/main.yml
---
- name: Static Routes
panos_static_route:
provider: '{{ cli }}'
state: '{{ item.state }}'
name: '{{ item.name }}'
destination: "{{ item.destination }}"
interface: "{{ item.interface | default (omit)}} "
nexthop: '{{ item.nexthop | default (omit) }}'
nexthop_type: '{{ item.nexthop_type }}'
virtual_router: '{{ item.virtual_router }}'
template: '{{ system.template }}'
loop: "{{ routing.static_route }}"


I am getting this error when trying to execute the Playbook.

 

user@C02X67V3JG5J ➜ FW git:(master) ✗ $ ansible-playbook main.yml --ask-vault-pass --tags routing
Vault password:
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user configurable on deprecation. This feature will be removed in version 2.10.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details

What is your password?:

PLAY [FW Playbook] ***************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [lap-pva01.domain.com]

TASK [routing : Static Routes] ***************************************************************************************************************************************************************************************************************
failed: [lap-pva01.domain.com] (item={'name': 'Test-One', 'destination': '1.1.1.1/32', 'nexthop_type': 'none', 'interface': 'tunnel.18', 'virtual_router': 'VR_VPN', 'state': 'present'}) => {"ansible_loop_var": "item", "changed": false, "item": {"destination": "1.1.1.1/32", "interface": "tunnel.18", "name": "Test-One", "nexthop_type": "none", "state": "present", "virtual_router": "VR_VPN"}, "msg": "Failed create: Test-One -> interface 'tunnel.18 ' is not a valid reference\n Test-One -> interface is invalid"}

PLAY RECAP ***********************************************************************************************************************************************************************************************************************************
lap-pva01.domain.com : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

user@C02X67V3JG5J ➜ FW git:(master) ✗ $


Please note that I have other module(address,service,zone,VPN) configuration in the same Playbooks as different roles. They all are working fine. I am facing issue with only 'panos_static_route' module.

 

I have already read the documentation at "https://ansible-pan.readthedocs.io/en/latest/modules/panos_static_route_module.html", but that doesn't answer my issue.

 

I can share the entire Playbook if you need.

1 accepted solution

Accepted Solutions

@Krishna_R 

 

You are right it is not in your variables files, but the whitespace is actually in the module param, as you can see after the final curly brace.

DanielBostock_0-1591344336272.png

 

@BPry  - Was on the right path here, because the feedback from ansible is key here to how Ansible is receiving the string.

Try removing the whitespace and then re-rerun the playbook and let us know how you go.

 

Thanks,

Daniel.

 

Daniel Bostock | Senior IT Operations Engineer, EML Payments | Blog: https://danielbostock.com

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

@Krishna_R 

failed:"msg": "Failed create: Test-One -> interface 'tunnel.18 ' is not a valid reference\n Test-One -> interface is invalid"

 

Note the whitespace trailing tunnel.18 in the quote

@BPry , Here is my variable YAML file. There is not trailing whitespace:

 

user@C02X67V3JG5J ➜ FW git:(master) ✗ $ cat host_vars/lap-pva01.domain.com/routing.yml
routing:
static_route:
- name: 'Test-One'
destination: '1.1.1.1/32'
nexthop_type: 'none'
interface: 'tunnel.18'
virtual_router: 'VR_VPN'
state: 'present'
user@C02X67V3JG5J ➜ FW git:(master) ✗ $

@Krishna_R 

 

You are right it is not in your variables files, but the whitespace is actually in the module param, as you can see after the final curly brace.

DanielBostock_0-1591344336272.png

 

@BPry  - Was on the right path here, because the feedback from ansible is key here to how Ansible is receiving the string.

Try removing the whitespace and then re-rerun the playbook and let us know how you go.

 

Thanks,

Daniel.

 

Daniel Bostock | Senior IT Operations Engineer, EML Payments | Blog: https://danielbostock.com
  • 1 accepted solution
  • 5308 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!