pan-os-ansible icon indicating copy to clipboard operation
pan-os-ansible copied to clipboard

Published 20 hours ago verified publisher icon PaloAltoNetworks

Ansible hanging via SSH

Open Montana opened this issue 3 years ago • 4 comments

Hey PaloAltoNetworks,

Just for a glance over, I have a setup similar to this:

- name: montana
      panos_commit_firewall:
        provider: '{{ provider }}'

As you've probably guessed now I'm using the admpwd, there was link to an issue, and surprisingly the person had a GCP VM-Series firewall, which I have the same. I'm very familiar with .yml, so I know my inventory.yml is correct, I also have my connection:local. Thought this might be worth posting about, I'll do a hard reset. I've shut the GCP VM down before by just running in CentOS:

sudo shutdown -h now

I'm thinking this might also have to do with a setIamPolicy. In the mean time, I'll do a hard reset, I doubt that'll work -- but you never know.

Thank you so much guys!

Cheers, Montana Mendy.

Montana avatar Jan 13 '22 05:01 Montana

:tada: Thanks for opening your first issue here! Welcome to the community!

welcome-to-palo-alto-networks[bot] avatar Jan 13 '22 05:01 welcome-to-palo-alto-networks[bot]

hey @montana have you tested with both python3 and python2 environments on panorama instances launched in was?

npmguy avatar Jan 13 '22 23:01 npmguy

I ended up enforcing a new library into the panos_admpwd module:

from ansible.module_utils._text import to_text

This ultimately acts like an wrapper for PROMPTBUFF, so next it should look like this:

shell.recv(_PROMPTBUFF) with to_text(shell.recv(_PROMPTBUFF))

I've found this is a non-breaking change which fixes my issue. To be clear though, yes I've tried the python2 and python3 environments.

Thank you for the questions!

Cheers, Montana Mendy

Montana avatar Jan 14 '22 00:01 Montana

Has palo released a fix for this?

RyanMBess avatar Oct 12 '22 17:10 RyanMBess

Hi folks, what is the root problem for this one? Personally, I have been doing a bunch of testing on five different major/minor versions of PAN-OS, five different VM-Series in GCP, and configured them all with a playbook including this task, which worked fine:

    - name: Admin password (includes a commit)
      paloaltonetworks.panos.panos_admpwd:
        ip_address: '{{ ip_address }}'
        username: '{{ username }}'
        key_filename: "./ssh.key"
        newpassword: '{{ password }}'
      register: result
      until: "result is not failed"
      retries: 10
      delay: 3

Can someone clarify which module is problematic, under which situations and conditions, etc? Thanks :-)

jamesholland-uk avatar Feb 13 '23 13:02 jamesholland-uk

Closing for now. Please reopen if you can clarify what the issue is, the sample code, the error/behaviour experienced, etc. Thanks :-)

jamesholland-uk avatar Feb 24 '23 17:02 jamesholland-uk