cancel
Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

Configuration of PA Firewall from Asnible - need assitance

L0 Member

Hello Friends,

 

I am new in terms of automation things, I belong to Cisco Network and Secuirty world, however I am learning and implementing Ansible taking help from documents but still no sucess - I still unable to Push Playbook config to directly my Palato Firewall -

 

I have installed asnible - below is version,

$ ansible --version
ansible 2.4.2.0

 

I created an new playbook configuration (Config pasted in last), while I executed playbook "palo_2.yml" find below output, I am pretty sure I am missing critical part which prevents connecting my playbook with to my Firewall - I also red http://panwansible.readthedocs.io/en/latest/readme.html but did not underatand the concept.

 

I would appreciate if anyone can share configuration of from scratch Step to Step - how to connect Anible to Palo Alto Firewall - what and how to install patches - 

 

$ ansible-playbook palo_2.yml


PLAY [palo] ************************************************************************************************************

TASK [PaloAltoNetworks.paloaltonetworks : pip] *************************************************************************
changed: [10.1.1.1]

TASK [PaloAltoNetworks.paloaltonetworks : pip] *************************************************************************
changed: [10.1.1.1]

TASK [PaloAltoNetworks.paloaltonetworks : pip] *************************************************************************
changed: [10.1.1.1]

TASK [include variables (free-form)] ***********************************************************************************
ok: [10.1.1.1]


TASK [create an address group in devicegroup using API key] ************************************************************
fatal: [10.1.1.1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'LUFRPT1QVWxBZ2tZWkVCMlpmSW1IVnFhY1I4eVdsdjQ9WXpwZC9GY3NlYUIwN2ZaNm9Ca2J0QT09' is undefined\n\nThe error appears to have been in '/home/kaijaz/Development/ansible-personal-servers/palo_2.yml': line 15, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n    - name: create an address group in devicegroup using API key\n      ^ here\n\nexception type: <class 'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'LUFRPT1QVWxBZ2tZWkVCMlpmSW1IVnFhY1I4eVdsdjQ9WXpwZC9GY3NlYUIwN2ZaNm9Ca2J0QT09' is undefined"}
        to retry, use: --limit @/home/kaijaz/Development/ansible-personal-servers/palo_2.retry

PLAY RECAP *************************************************************************************************************
10.1.1.1                : ok=4    changed=3    unreachable=0    failed=1

 

 

 

--------------------

Playbook Configuration

 

---

- hosts: palo
  gather_facts: no
  connection: local

  roles:
    - role: PaloAltoNetworks.paloaltonetworks

  tasks:
    - name: include variables (free-form)
      include_vars: vars1.yml
      no_log: 'yes'

    - name: create an address group in devicegroup using API key
      panos_object:
        ip_address: '{{ 10.20.20.20 }}'
        api_key: '{{ LUFRPT1QVWxBZ2tZWkVCMlpmSW1IVnFhY1I4eVdsdjQ9WXpwZC9GY3NlYUIwN2ZaNm9Ca2J0QT09 }}'
        operation: 'add'
        addressgroup: 'ANSIBLE'
        static_value: ['prod-db1', 'prod-db2', 'prod-db3']
        description: 'ASIBLE TESTING'
        tag_name: 'ANS'
        devicegroup: 'ANSIBLE Firewalls'

~                                                                                                                       ~                                                                                                                       ~                                                                                                                       ~                                                                                                                       "palo_2.yml" 25L, 665C

 

 

 

Thank You

KM

Who Me Too'd this topic