Cannot fetch api calls for Panorama software license plugin via panos_op
ShreyasNBS opened this issue · 2 comments
Describe the bug
I am attempting to get list of panorama api calls made for the sw_fw_license plugin. Code below
- name: check all api calls made by SW license plugin
paloaltonetworks.panos.panos_op:
provider: '{{ provider }}'
cmd: "<show><plugins><sw_fw_license><panorama-api-requests><all></all></panorama-api-requests></sw_fw_license></plugins></show>"
cmd_is_xml: true
ignore_disconnect: true
register: result
- name: show api calls
debug: msg="{{ result.stdout }}"
This results in the following error
TASK [check all api calls made by SW license plugin] *****************************************************************************************************************************************
task path: /opt/app/modules/panorama-config/ansible/playbooks/tasks/plugin-api-calls.yml:1
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: dockeruser
<127.0.0.1> EXEC /bin/sh -c 'echo ~dockeruser && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /opt/app/.ansible/tmp `"&& mkdir "` echo /opt/app/.ansible/tmp/ansible-tmp-1660670979.8453445-73-179492718327547 `" && echo ansible-tmp-1660670979.8453445-73-179492718327547="` echo /opt/app/.ansible/tmp/ansible-tmp-1660670979.8453445-73-179492718327547 `" ) && sleep 0'
Using module file /opt/app/.ansible/collections/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_op.py
<127.0.0.1> PUT /opt/app/.ansible/tmp/ansible-local-4789vjqo7l/tmpk1izwf1o TO /opt/app/.ansible/tmp/ansible-tmp-1660670979.8453445-73-179492718327547/AnsiballZ_panos_op.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /opt/app/.ansible/tmp/ansible-tmp-1660670979.8453445-73-179492718327547/ /opt/app/.ansible/tmp/ansible-tmp-1660670979.8453445-73-179492718327547/AnsiballZ_panos_op.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3 /opt/app/.ansible/tmp/ansible-tmp-1660670979.8453445-73-179492718327547/AnsiballZ_panos_op.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /opt/app/.ansible/tmp/ansible-tmp-1660670979.8453445-73-179492718327547/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
File "/tmp/ansible_paloaltonetworks.panos.panos_op_payload_0b7vrnun/ansible_paloaltonetworks.panos.panos_op_payload.zip/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_op.py", line 176, in main
File "/usr/lib/python3.9/site-packages/panos/panorama.py", line 498, in op
return super(Panorama, self).op(
File "/usr/lib/python3.9/site-packages/panos/base.py", line 4047, in op
element = self.xapi.op(cmd, vsys, False, extra_qs, retry_on_peer=retry_on_peer)
File "/usr/lib/python3.9/site-packages/panos/base.py", line 3899, in method
raise the_exception
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"cmd": "<show><plugins><sw_fw_license><panorama-api-requests><all></all></panorama-api-requests></sw_fw_license></plugins></show>",
"cmd_is_xml": true,
"ignore_disconnect": true,
"ip_address": null,
"password": null,
"port": 443,
"provider": {
"api_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"ip_address": "<panorama-ip-address>",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"serial_number": null,
"username": "admin"
},
"username": "admin",
"vsys": "vsys1"
}
},
"msg": "Failed to run XML command : <show><plugins><sw_fw_license><panorama-api-requests><all></all></panorama-api-requests></sw_fw_license></plugins></show> : ElementTree.fromstring ParseError: syntax error: line 1, column 0"
}
If I try to ssh into Panorama instance as admin, and run similar command I get
admin@Panorama# show plugins sw_fw_license panorama-api-requests
Invalid syntax.
Any clue as to what I am doing wrong here? I am not sure if the plugin has a Github repo. If you can point me to it, I am happy to raise a bug there.
Your Environment
- Collection: paloaltonetworks.panos
- Python: 3.9.12
- Ansible: 2.12
Ok further update. I managed to run the following command on panorama instance, and got the following output
show plugins sw_fw_license panorama-api-requests all time-window 1
However, running the same command via ansible gave me different errors. I believe the plugin is a bit flaky, and fails to response with panorama api requests. It sometimes errors with "Invalid Syntax", however if it does return a response, then I presume it might be in non-XML format?
- name: check all api calls made by SW license plugin
paloaltonetworks.panos.panos_op:
provider: '{{ provider }}'
cmd: "<show><plugins><sw_fw_license><panorama-api-requests><all><time-window>1</time-window></all></panorama-api-requests></sw_fw_license></plugins></show>"
cmd_is_xml: true
ignore_disconnect: true
register: result
- name: show api calls
debug: msg="{{ result.stdout }}"
Error response 1:
TASK [check all api calls made by SW license plugin] *****************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to run XML command : <show><plugins><sw_fw_license><panorama-api-requests><all><time-window>1</time-window></all></panorama-api-requests></sw_fw_license></plugins></show> : Could not run plugin command"}
Error response 2:
TASK [check all api calls made by SW license plugin] *****************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to run XML command : <show><plugins><sw_fw_license><panorama-api-requests><all><time-window>1</time-window></all></panorama-api-requests></sw_fw_license></plugins></show> : ElementTree.fromstring ParseError: syntax error: line 1, column 0"}
After discussion with Palo tech, it turns out that time-window needs to be supplied. So the official docs are wrong.