12-09-2017 08:30 AM
Hello Friends,
I am new in terms of automation things, I belong to Cisco Network and Secuirty world, however I am learning and implementing Ansible taking help from documents but still no sucess - I still unable to Push Playbook config to directly my Palato Firewall -
I have installed asnible - below is version,
$ ansible --version
ansible 2.4.2.0
I created an new playbook configuration (Config pasted in last), while I executed playbook "palo_2.yml" find below output, I am pretty sure I am missing critical part which prevents connecting my playbook with to my Firewall - I also red http://panwansible.readthedocs.io/en/latest/readme.html but did not underatand the concept.
I would appreciate if anyone can share configuration of from scratch Step to Step - how to connect Anible to Palo Alto Firewall - what and how to install patches -
$ ansible-playbook palo_2.yml
PLAY [palo] ************************************************************************************************************
TASK [PaloAltoNetworks.paloaltonetworks : pip] *************************************************************************
changed: [10.1.1.1]
TASK [PaloAltoNetworks.paloaltonetworks : pip] *************************************************************************
changed: [10.1.1.1]
TASK [PaloAltoNetworks.paloaltonetworks : pip] *************************************************************************
changed: [10.1.1.1]
TASK [include variables (free-form)] ***********************************************************************************
ok: [10.1.1.1]
TASK [create an address group in devicegroup using API key] ************************************************************
fatal: [10.1.1.1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'LUFRPT1QVWxBZ2tZWkVCMlpmSW1IVnFhY1I4eVdsdjQ9WXpwZC9GY3NlYUIwN2ZaNm9Ca2J0QT09' is undefined\n\nThe error appears to have been in '/home/kaijaz/Development/ansible-personal-servers/palo_2.yml': line 15, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: create an address group in devicegroup using API key\n ^ here\n\nexception type: <class 'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'LUFRPT1QVWxBZ2tZWkVCMlpmSW1IVnFhY1I4eVdsdjQ9WXpwZC9GY3NlYUIwN2ZaNm9Ca2J0QT09' is undefined"}
to retry, use: --limit @/home/kaijaz/Development/ansible-personal-servers/palo_2.retry
PLAY RECAP *************************************************************************************************************
10.1.1.1 : ok=4 changed=3 unreachable=0 failed=1
--------------------
Playbook Configuration
---
- hosts: palo
gather_facts: no
connection: local
roles:
- role: PaloAltoNetworks.paloaltonetworks
tasks:
- name: include variables (free-form)
include_vars: vars1.yml
no_log: 'yes'
- name: create an address group in devicegroup using API key
panos_object:
ip_address: '{{ 10.20.20.20 }}'
api_key: '{{ LUFRPT1QVWxBZ2tZWkVCMlpmSW1IVnFhY1I4eVdsdjQ9WXpwZC9GY3NlYUIwN2ZaNm9Ca2J0QT09 }}'
operation: 'add'
addressgroup: 'ANSIBLE'
static_value: ['prod-db1', 'prod-db2', 'prod-db3']
description: 'ASIBLE TESTING'
tag_name: 'ANS'
devicegroup: 'ANSIBLE Firewalls'
~ ~ ~ ~ "palo_2.yml" 25L, 665C
Thank You
KM
