pan-os-ansible
pan-os-ansible copied to clipboard
Published
20 hours ago •
PaloAltoNetworks
PaloAltoNetworks
panos_facts has typo when returning gather_subset "vsys"
Describe the bug
When using panos_facts to return vsys values from a device, there is a typo in the returned value ansible_net_virtual_systems - it is returned as ansible_net_virtual-systems
This means that any value under Virtual System Information cannot be used for subsequent tasks.
Expected behavior
I would expect a list of Security Zones to be returned.
The example below shows the same playbook but using a different return value (hostname) successfully:
TASK [../roles/palo_alto_manage : zones from config] **************************************************************************************************************************************************************************************************
ok: [BLU-PALOALTO] => {
"vsys": {
"ansible_facts": {
"ansible_net_full_commit_required": false,
"ansible_net_gather_subset": [
"vsys",
"system"
],
"ansible_net_hostname": "BLU-PALOALTO",
"ansible_net_model": "PA-VM",
"ansible_net_multivsys": "off",
"ansible_net_serial": "unknown",
"ansible_net_uncommitted_changes": false,
"ansible_net_uptime": "2 days, 16:58:46",
"ansible_net_version": "8.1.15",
"ansible_net_virtual-systems": [
{
"vsys_currentsessions": "0",
"vsys_description": null,
"vsys_id": "1",
"vsys_iflist": [
"ethernet1/1",
"ethernet1/2",
"ethernet1/3",
"ethernet1/4"
],
"vsys_maxsessions": "0",
"vsys_name": "vsys1",
"vsys_vrlist": [],
"vsys_zonelist": [
"TEST-ZONE-1",
"TEST-ZONE-2"
]
}
]
},
"changed": false,
"failed": false
}
}
TASK [../roles/palo_alto_manage : Extract security zones from vsys] ***********************************************************************************************************************************************************************************
ok: [BLU-PALOALTO]
TASK [../roles/palo_alto_manage : zones from vsys] ****************************************************************************************************************************************************************************************************
ok: [BLU-PALOALTO] => {
"discovered_zones": "BLU-PALOALTO"
Current behavior
included: /playbooks/roles/palo_alto_manage/tasks/zones.yml for BLU-PALOALTO
TASK [../roles/palo_alto_manage : Gather existing security zones from device] *************************************************************************************************************************************************************************
ok: [BLU-PALOALTO]
TASK [../roles/palo_alto_manage : zones from config] **************************************************************************************************************************************************************************************************
ok: [BLU-PALOALTO] => {
"vsys": {
"ansible_facts": {
"ansible_net_full_commit_required": false,
"ansible_net_gather_subset": [
"vsys",
"system"
],
"ansible_net_hostname": "BLU-PALOALTO",
"ansible_net_model": "PA-VM",
"ansible_net_multivsys": "off",
"ansible_net_serial": "unknown",
"ansible_net_uncommitted_changes": false,
"ansible_net_uptime": "2 days, 16:54:21",
"ansible_net_version": "8.1.15",
"ansible_net_virtual-systems": [
{
"vsys_currentsessions": "0",
"vsys_description": null,
"vsys_id": "1",
"vsys_iflist": [
"ethernet1/1",
"ethernet1/2",
"ethernet1/3",
"ethernet1/4"
],
"vsys_maxsessions": "0",
"vsys_name": "vsys1",
"vsys_vrlist": [],
"vsys_zonelist": [
"TEST-ZONE-1",
"TEST-ZONE-2"
]
}
]
},
"changed": false,
"failed": false
}
}
TASK [../roles/palo_alto_manage : Extract security zones from vsys] ***********************************************************************************************************************************************************************************
fatal: [BLU-PALOALTO]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'ansible_net_virtual_systems'. 'dict object' has no attribute 'ansible_net_virtual_systems'\n\nThe error appears to be in '/playbooks/roles/palo_alto_manage/tasks/zones.yml': line 16, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Extract security zones from vsys\n ^ here\n"}
Possible solution
Steps to reproduce
Run the following against a target device with one or more Security Zones defined:
- name: Gather existing security zones from device
paloaltonetworks.panos.panos_facts:
provider: '{{ palo_provider }}'
gather_subset: vsys
register: vsys
- name: Extract security zones from vsys
ansible.builtin.set_fact:
discovered_zones: '{{ vsys.ansible_facts.ansible_net_virtual_systems.vsys_zonelist }}'
- name: zones from vsys
debug:
var: discovered_zones
Screenshots
Context
I am creating a role to delete any Security Zones from a device and add new ones. I can add new Security Zones but cannot gather the information required to delete current zones on the target device(s)
Your Environment
- Collection: paloaltonetworks.panos 2.18.0
- Python: 3.9.18
- Ansible: 2.15.7
- PAN-OS Python Library & version (e.g. pandevice 0.14.0, pan-os-python 1.0.2):
