Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to run most commands using panos_op #600

Open
shadycuz opened this issue Feb 11, 2025 · 0 comments
Open

Unable to run most commands using panos_op #600

shadycuz opened this issue Feb 11, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@shadycuz
Copy link

Describe the bug

The command will work when being entered directly into the device via the pan-os cli, but seems to get malformed when using ansible.

Expected behavior

I would expect that a command that runs correctly on the device to work with the panos_op module.

Current behavior

When running a command like the following...

- name: Get the traffic info
  paloaltonetworks.panos.panos_op:
    provider: "{{ device }}"
    cmd: "show session all filter from private to public"
    cmd_is_xml: false
  register: traffic_info

Fails with the following error:

TASK [verify : Get the traffic info] ****************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to run command : show session all filter from private to "public" : show -> session -> all -> filter -> from is invalid"}

Possible solution

A current work around is that if you convert the command to XML... it might work.

- name: Get the traffic info
  paloaltonetworks.panos.panos_op:
    provider: "{{ device }}"
    cmd: "<show><session><all><filter><from>private</from><to>public</to></filter></all></session></show>"
    cmd_is_xml: true
  register: traffic_info

The above example works but some commands still fail.. like

<show><log><traffic></traffic></log></show> fails with:

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to run XML command : : invalid client cli"}

Steps to reproduce

  1. Just run this command show session all filter from private to public

Context

I'm trying to test that our vm-series firewall in AWS has a valid configuration and is passing traffic correctly. I figured a good way to do that would be to pull down the traffic logs and make sure most of the "flows" are not ending in "ageing-out".

Your Environment

  • Collection: paloaltonetworks.panos 2.21.3
  • Python: 3.10.11
  • Ansible: ansible [core 2.17.8]
    config file = /etc/ansible/ansible.cfg
    configured module search path = ['/home/shadycuz/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
    ansible python module location = /home/shadycuz/.pyenv/versions/3.10.11/lib/python3.10/site-packages/ansible
    ansible collection location = /home/shadycuz/.ansible/collections:/usr/share/ansible/collections
    executable location = /home/shadycuz/.pyenv/versions/3.10.11/bin/ansible
    python version = 3.10.11 (main, Apr 19 2023, 15:29:50) [GCC 11.3.0] (/home/shadycuz/.pyenv/versions/3.10.11/bin/python3.10)
    jinja version = 3.1.2
    libyaml = True
  • PAN-OS Python Library & version (e.g. pandevice 0.14.0, pan-os-python 1.0.2):
    pan-os-python 1.8.0
    pan-python 0.17.0
    panos-upgrade-assurance 0.3.0
@shadycuz shadycuz added the bug Something isn't working label Feb 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shadycuz