12-29-2022 10:07 AM
Hello,
TL;DR : I use PA-VM 10.0.4 and paloaltonetworks.panos 2.12.2 galaxy ansible modules. Do you know a way to automate a partial config load from xml ? Ideally using ansible but maybe using API or python ? I tried several things with ansible, none of them are working.
Ultimately I'd like to automate the use of this command, which is OK with CLI :
load config partial from-xpath /config/devices/entry[@name="localhost.localdomain"]/vsys/entry[@name="vsys1"] to-xpath /config/devices/entry[@name="localhost.localdomain"]/vsys/entry[@name="vsys1"] mode replace from capirca.xmlLet's consider this command first, which is also OK with CLI :
load config partial mode replace from capirca.xmlI tried to automate using ansible. The Ansible panos_loadcfg module does not allow partial config load.
So I tried this task using ansible :
- name: load configuration
paloaltonetworks.panos.panos_op:
provider: "{{ palo_provider }}"
cmd: 'load config partial mode replace from capirca.xml'
cmd_is_xml: falseI get this Error even though the command is OK using CLI : load config partial mode replace from \"capirca.xml\" : load -> config -> partial -> mode is invalid
The full traceback is:
File "/tmp/ansible_paloaltonetworks.panos.panos_op_payload_toh3va6v/ansible_paloaltonetworks.panos.panos_op_payload.zip/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_op.py", line 186, in main
File "/home/r0m/.local/lib/python3.9/site-packages/panos/firewall.py", line 242, in op
return super(Firewall, self).op(
File "/home/r0m/.local/lib/python3.9/site-packages/panos/base.py", line 4047, in op
element = self.xapi.op(cmd, vsys, False, extra_qs, retry_on_peer=retry_on_peer)
File "/home/r0m/.local/lib/python3.9/site-packages/panos/base.py", line 3899, in method
raise the_exception
fatal: [fw-test]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"cmd": "load config partial mode replace from capirca.xml",
"cmd_is_xml": false,
"ignore_disconnect": null,
"ip_address": null,
"password": null,
"port": 443,
"provider": {
"api_key": null,
"ip_address": "fw-test.local.r0.me",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"serial_number": null,
"username": "admin"
},
"username": "admin",
"vsys": "vsys1"
}
},
"msg": "Failed to run command : load config partial mode replace from \"capirca.xml\" : load -> config -> partial -> mode is invalid"It's worth noting that this command is working. Unfortunately, I really need a partial load.
- name: load configuration
paloaltonetworks.panos.panos_op:
provider: "{{ palo_provider }}"
cmd: 'load config from capirca.xml'
cmd_is_xml: falseWill anyone be able to help me with partial config load automation ?
Regards !
Romain
12-30-2022 06:06 AM
I found the solution :
- name: load configuration
paloaltonetworks.panos.panos_op:
provider: "{{ palo_provider }}"
cmd: '<load><config><partial><from-xpath>/config/devices/entry[@name="localhost.localdomain"]/vsys/entry[@name="vsys1"]</from-xpath><to-xpath>/config/devices/entry[@name="localhost.localdomain"]/vsys/entry[@name="vsys1"]</to-xpath><mode>replace</mode><from>capirca.xml</from></partial></config></load>'
cmd_is_xml: trueI was able to get the xml version of the command using
debug cli on
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
