Unable to add static route using Ansible module panos_static_route

Reply
Highlighted
L0 Member

Unable to add static route using Ansible module panos_static_route

Hello Experts,

 

I am trying to add a static route in a PAN FW using the Palo Alto module panos_static_route.

 

Here is the variable file:

 

user@C02X67V3JG5J ➜ FW git:(master) ✗ $ cat host_vars/lap-pva01.domain.com/routing.yml
routing:
static_route:
- name: 'Test-One'
destination: '1.1.1.1/32'
nexthop_type: 'none'
interface: 'tunnel.18'
virtual_router: 'VR_VPN'
state: 'present'
user@C02X67V3JG5J ➜ FW git:(master) ✗ $

 

Here is the role file:


user@C02X67V3JG5J ➜ FW git:(master) ✗ $ cat roles/routing/tasks/main.yml
---
- name: Static Routes
panos_static_route:
provider: '{{ cli }}'
state: '{{ item.state }}'
name: '{{ item.name }}'
destination: "{{ item.destination }}"
interface: "{{ item.interface | default (omit)}} "
nexthop: '{{ item.nexthop | default (omit) }}'
nexthop_type: '{{ item.nexthop_type }}'
virtual_router: '{{ item.virtual_router }}'
template: '{{ system.template }}'
loop: "{{ routing.static_route }}"


I am getting this error when trying to execute the Playbook.

 

user@C02X67V3JG5J ➜ FW git:(master) ✗ $ ansible-playbook main.yml --ask-vault-pass --tags routing
Vault password:
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user configurable on deprecation. This feature will be removed in version 2.10.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details

What is your password?:

PLAY [FW Playbook] ***************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [lap-pva01.domain.com]

TASK [routing : Static Routes] ***************************************************************************************************************************************************************************************************************
failed: [lap-pva01.domain.com] (item={'name': 'Test-One', 'destination': '1.1.1.1/32', 'nexthop_type': 'none', 'interface': 'tunnel.18', 'virtual_router': 'VR_VPN', 'state': 'present'}) => {"ansible_loop_var": "item", "changed": false, "item": {"destination": "1.1.1.1/32", "interface": "tunnel.18", "name": "Test-One", "nexthop_type": "none", "state": "present", "virtual_router": "VR_VPN"}, "msg": "Failed create: Test-One -> interface 'tunnel.18 ' is not a valid reference\n Test-One -> interface is invalid"}

PLAY RECAP ***********************************************************************************************************************************************************************************************************************************
lap-pva01.domain.com : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

user@C02X67V3JG5J ➜ FW git:(master) ✗ $


Please note that I have other module(address,service,zone,VPN) configuration in the same Playbooks as different roles. They all are working fine. I am facing issue with only 'panos_static_route' module.

 

I have already read the documentation at "https://ansible-pan.readthedocs.io/en/latest/modules/panos_static_route_module.html", but that doesn't answer my issue.

 

I can share the entire Playbook if you need.


Accepted Solutions
Highlighted
L2 Linker

Re: Unable to add static route using Ansible module panos_static_route

@Krishna_R 

 

You are right it is not in your variables files, but the whitespace is actually in the module param, as you can see after the final curly brace.

DanielBostock_0-1591344336272.png

 

@BPry  - Was on the right path here, because the feedback from ansible is key here to how Ansible is receiving the string.

Try removing the whitespace and then re-rerun the playbook and let us know how you go.

 

Thanks,

Daniel.

 

Daniel Bostock | Senior IT Operations Engineer, EML Payments | Blog: https://danielbostock.com

View solution in original post


All Replies
Highlighted
Cyber Elite

Re: Unable to add static route using Ansible module panos_static_route

@Krishna_R 

failed:"msg": "Failed create: Test-One -> interface 'tunnel.18 ' is not a valid reference\n Test-One -> interface is invalid"

 

Note the whitespace trailing tunnel.18 in the quote

Highlighted
L0 Member

Re: Unable to add static route using Ansible module panos_static_route

@BPry , Here is my variable YAML file. There is not trailing whitespace:

 

user@C02X67V3JG5J ➜ FW git:(master) ✗ $ cat host_vars/lap-pva01.domain.com/routing.yml
routing:
static_route:
- name: 'Test-One'
destination: '1.1.1.1/32'
nexthop_type: 'none'
interface: 'tunnel.18'
virtual_router: 'VR_VPN'
state: 'present'
user@C02X67V3JG5J ➜ FW git:(master) ✗ $

Highlighted
L2 Linker

Re: Unable to add static route using Ansible module panos_static_route

@Krishna_R 

 

You are right it is not in your variables files, but the whitespace is actually in the module param, as you can see after the final curly brace.

DanielBostock_0-1591344336272.png

 

@BPry  - Was on the right path here, because the feedback from ansible is key here to how Ansible is receiving the string.

Try removing the whitespace and then re-rerun the playbook and let us know how you go.

 

Thanks,

Daniel.

 

Daniel Bostock | Senior IT Operations Engineer, EML Payments | Blog: https://danielbostock.com

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!