pan-os-ansible icon indicating copy to clipboard operation
pan-os-ansible copied to clipboard

Published 20 hours ago verified publisher icon PaloAltoNetworks

Search option for device group, address group

Open asgr8e opened this issue 1 year ago • 5 comments

Is there any way I can List down available device groups or check if specific device group is present or not, and if found how to perform the same search for checking address groups, if they exist or not?

asgr8e avatar Feb 08 '24 10:02 asgr8e

Hi @asgr8e !

You would have two main options:

  1. Use gathered filter:
    - name: Get device group info
      paloaltonetworks.panos.panos_device_group:
        provider: "{{ panorama_provider }}"
        name: 'test_device_group'
        state: 'gathered'
      register: device_group_info
  • This one works but it also errors out if the device group is not present.
  1. Use an OP command and parse the output:
    - name: show list of all device groups
      paloaltonetworks.panos.panos_op:
        provider: "{{ panorama_provider }}"
        cmd: "show devicegroups"
      register: devicegroup_status
    - name: Parse devicegroup list
      community.general.xml:
        xmlstring: "{{ devicegroup_status.stdout_xml}}"
        xpath: "/response/result/devicegroups/entry[@name='test_device_group']"
        content: attribute
      ignore_errors: true
      register: parsed_software_xml

    - name: Print parsed xml
      ansible.builtin.debug:
        var: parsed_software_xml
    
    - name: Assert that there is a device group with that name
      ansible.builtin.assert:
        that:
          - parsed_software_xml.failed == false
          - parsed_software_xml.matches | length > 0
        fail_msg: "Device group does not exist"
        success_msg: "Device group exists"

I hope that helps!

horiagunica avatar Mar 27 '24 09:03 horiagunica

@asgr8e - did you manage to test out the above solution?

Unless we receive a reply soon - we will proceed to close the issue.

horiagunica avatar Mar 29 '24 09:03 horiagunica

fatal: [192.168.1.249]: FAILED! => { "changed": false, "invocation": { "module_args": { "gathered_filter": null, "name": "device_group_1", "parent": null, "provider": { "api_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ip_address": "192.168.1.249", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "port": 443, "serial_number": null, "username": "admin" }, "state": "gathered", "tag": null } }, "msg": "Object 'device_group_1' not found" }

PLAY RECAP **************************************************************************************************************************************************************************************************** 192.168.1.249 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

First solution is giving this error

asgr8e avatar Apr 19 '24 05:04 asgr8e

w list of all device groups] ************************************************************************************************************************************************************************* task path: /home/controller/ansible-projects/dg.yml:15 <192.168.1.249> ESTABLISH LOCAL CONNECTION FOR USER: controller <192.168.1.249> EXEC /bin/sh -c 'echo ~controller && sleep 0' <192.168.1.249> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/controller/.ansible/tmp"&& mkdir "echo /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665" && echo ansible-tmp-1713503864.0710075-2434794-102110648948665="echo /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665" ) && sleep 0' Using module file /home/controller/.ansible/collections/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_op.py <192.168.1.249> PUT /home/controller/.ansible/tmp/ansible-local-2434695nlfmit_v/tmp6j2hlygb TO /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/AnsiballZ_panos_op.py <192.168.1.249> EXEC /bin/sh -c 'chmod u+x /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/ /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/AnsiballZ_panos_op.py && sleep 0' <192.168.1.249> EXEC /bin/sh -c '/usr/bin/python3 /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/AnsiballZ_panos_op.py && sleep 0' <192.168.1.249> EXEC /bin/sh -c 'rm -f -r /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/ > /dev/null 2>&1 && sleep 0' ok: [192.168.1.249] => { "changed": false, "disconnected": false, "invocation": { "module_args": { "api_key": null, "cmd": "show devicegroups", "cmd_is_xml": false, "ignore_disconnect": null, "ip_address": null, "password": null, "port": 443, "provider": { "api_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ip_address": "192.168.1.249", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "port": 443, "serial_number": null, "username": "admin" }, "username": "admin", "vsys": "vsys1" } }, "msg": "Done", "stdout": "{"response": {"@status": "success", "result": {"devicegroups": {"entry": [{"@name": "Device_group_2", "shared-policy-md5sum": "cffb64a4d938e87724e498f2aab1430b"}, {"@name": "Device_group_1", "shared-policy-md5sum": "9107d510be07085d7903072e5f5822b9"}]}}}}", "stdout_lines": [ "{"response": {"@status": "success", "result": {"devicegroups": {"entry": [{"@name": "Device_group_2", "shared-policy-md5sum": "cffb64a4d938e87724e498f2aab1430b"}, {"@name": "Device_group_1", "shared-policy-md5sum": "9107d510be07085d7903072e5f5822b9"}]}}}}" ], "stdout_xml": "<response status="success"><entry name="Device_group_2">cffb64a4d938e87724e498f2aab1430b\n<entry name="Device_group_1">9107d510be07085d7903072e5f5822b9\n" }

TASK [Parse devicegroup list] ********************************************************************************************************************************************************************************* task path: /home/controller/ansible-projects/dg.yml:20 <192.168.1.249> ESTABLISH LOCAL CONNECTION FOR USER: controller <192.168.1.249> EXEC /bin/sh -c 'echo ~controller && sleep 0' <192.168.1.249> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/controller/.ansible/tmp"&& mkdir "echo /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604" && echo ansible-tmp-1713503866.524177-2434820-254872599276604="echo /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604" ) && sleep 0' Using module file /home/controller/.ansible/collections/ansible_collections/community/general/plugins/modules/xml.py <192.168.1.249> PUT /home/controller/.ansible/tmp/ansible-local-2434695nlfmit_v/tmpmuaddzyq TO /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/AnsiballZ_xml.py <192.168.1.249> EXEC /bin/sh -c 'chmod u+x /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/ /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/AnsiballZ_xml.py && sleep 0' <192.168.1.249> EXEC /bin/sh -c '/usr/bin/python3 /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/AnsiballZ_xml.py && sleep 0' <192.168.1.249> EXEC /bin/sh -c 'rm -f -r /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/ > /dev/null 2>&1 && sleep 0' fatal: [192.168.1.249]: FAILED! => { "changed": false, "invocation": { "module_args": { "add_children": null, "attribute": null, "backup": false, "content": "attribute", "count": false, "input_type": "yaml", "insertafter": false, "insertbefore": false, "namespaces": {}, "path": null, "pretty_print": false, "print_match": false, "set_children": null, "state": "present", "strip_cdata_tags": false, "value": null, "xmlstring": "<response status="success"><entry name="Device_group_2">cffb64a4d938e87724e498f2aab1430b\n<entry name="Device_group_1">9107d510be07085d7903072e5f5822b9\n", "xpath": "/response/result/devicegroups/entry[@name='device_group_1']" } }, "msg": "Xpath /response/result/devicegroups/entry[@name='device_group_1'] does not reference a node!" } ...ignoring

TASK [Print parsed xml] *************************************************************************************************************************************************************************************** task path: /home/controller/ansible-projects/dg.yml:28 ok: [192.168.1.249] => { "parsed_software_xml": { "changed": false, "failed": true, "msg": "Xpath /response/result/devicegroups/entry[@name='device_group_1'] does not reference a node!" } }

TASK [Assert that there is a device group with that name] ***************************************************************************************************************************************************** task path: /home/controller/ansible-projects/dg.yml:32 fatal: [192.168.1.249]: FAILED! => { "assertion": "parsed_software_xml.failed == false", "changed": false, "evaluated_to": false, "msg": "Device group does not exist"

second one gives this error

asgr8e avatar Apr 19 '24 05:04 asgr8e 

 tasks:
    - name: Get device group names
      paloaltonetworks.panos.panos_op:
        provider: '{{ device }}'
        cmd: "show devicegroups"
      register: devicegroups_output

    - name: Debug stdout field
      debug:
        var: devicegroups_output.stdout

    - name: Extract device group names using json_query
      set_fact:
        device_group_names: "{{ devicegroups_output.stdout | from_json | json_query('response.result.devicegroups.entry[*].\"@name\"') }}"

    - name: Display extracted device group names
      debug:
        var: device_group_names

    - name: Get device group info
      paloaltonetworks.panos.panos_device_group:
        provider: "{{ device }}"
        name: "{{ item }}"
        state: 'gathered'
      loop: "{{ device_group_names }}"
      register: device_group_info

This worked for me

asgr8e avatar Apr 19 '24 06:04 asgr8e