Search option for device group, address group
asgr8e opened this issue · 5 comments
Is there any way I can List down available device groups or check if specific device group is present or not, and if found how to perform the same search for checking address groups, if they exist or not?
Hi @asgr8e !
You would have two main options:
- Use gathered filter:
- name: Get device group info
paloaltonetworks.panos.panos_device_group:
provider: "{{ panorama_provider }}"
name: 'test_device_group'
state: 'gathered'
register: device_group_info- This one works but it also errors out if the device group is not present.
- Use an OP command and parse the output:
- name: show list of all device groups
paloaltonetworks.panos.panos_op:
provider: "{{ panorama_provider }}"
cmd: "show devicegroups"
register: devicegroup_status
- name: Parse devicegroup list
community.general.xml:
xmlstring: "{{ devicegroup_status.stdout_xml}}"
xpath: "/response/result/devicegroups/entry[@name='test_device_group']"
content: attribute
ignore_errors: true
register: parsed_software_xml
- name: Print parsed xml
ansible.builtin.debug:
var: parsed_software_xml
- name: Assert that there is a device group with that name
ansible.builtin.assert:
that:
- parsed_software_xml.failed == false
- parsed_software_xml.matches | length > 0
fail_msg: "Device group does not exist"
success_msg: "Device group exists"I hope that helps!
@asgr8e - did you manage to test out the above solution?
Unless we receive a reply soon - we will proceed to close the issue.
fatal: [192.168.1.249]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"gathered_filter": null,
"name": "device_group_1",
"parent": null,
"provider": {
"api_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"ip_address": "192.168.1.249",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"serial_number": null,
"username": "admin"
},
"state": "gathered",
"tag": null
}
},
"msg": "Object 'device_group_1' not found"
}
PLAY RECAP ****************************************************************************************************************************************************************************************************
192.168.1.249 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
First solution is giving this error
w list of all device groups] *************************************************************************************************************************************************************************
task path: /home/controller/ansible-projects/dg.yml:15
<192.168.1.249> ESTABLISH LOCAL CONNECTION FOR USER: controller
<192.168.1.249> EXEC /bin/sh -c 'echo ~controller && sleep 0'
<192.168.1.249> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/controller/.ansible/tmp"&& mkdir "echo /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665" && echo ansible-tmp-1713503864.0710075-2434794-102110648948665="echo /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665" ) && sleep 0'
Using module file /home/controller/.ansible/collections/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_op.py
<192.168.1.249> PUT /home/controller/.ansible/tmp/ansible-local-2434695nlfmit_v/tmp6j2hlygb TO /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/AnsiballZ_panos_op.py
<192.168.1.249> EXEC /bin/sh -c 'chmod u+x /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/ /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/AnsiballZ_panos_op.py && sleep 0'
<192.168.1.249> EXEC /bin/sh -c '/usr/bin/python3 /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/AnsiballZ_panos_op.py && sleep 0'
<192.168.1.249> EXEC /bin/sh -c 'rm -f -r /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/ > /dev/null 2>&1 && sleep 0'
ok: [192.168.1.249] => {
"changed": false,
"disconnected": false,
"invocation": {
"module_args": {
"api_key": null,
"cmd": "show devicegroups",
"cmd_is_xml": false,
"ignore_disconnect": null,
"ip_address": null,
"password": null,
"port": 443,
"provider": {
"api_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"ip_address": "192.168.1.249",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"serial_number": null,
"username": "admin"
},
"username": "admin",
"vsys": "vsys1"
}
},
"msg": "Done",
"stdout": "{"response": {"@status": "success", "result": {"devicegroups": {"entry": [{"@name": "Device_group_2", "shared-policy-md5sum": "cffb64a4d938e87724e498f2aab1430b"}, {"@name": "Device_group_1", "shared-policy-md5sum": "9107d510be07085d7903072e5f5822b9"}]}}}}",
"stdout_lines": [
"{"response": {"@status": "success", "result": {"devicegroups": {"entry": [{"@name": "Device_group_2", "shared-policy-md5sum": "cffb64a4d938e87724e498f2aab1430b"}, {"@name": "Device_group_1", "shared-policy-md5sum": "9107d510be07085d7903072e5f5822b9"}]}}}}"
],
"stdout_xml": "<response status="success"><entry name="Device_group_2">cffb64a4d938e87724e498f2aab1430b\n<entry name="Device_group_1">9107d510be07085d7903072e5f5822b9\n"
}
TASK [Parse devicegroup list] *********************************************************************************************************************************************************************************
task path: /home/controller/ansible-projects/dg.yml:20
<192.168.1.249> ESTABLISH LOCAL CONNECTION FOR USER: controller
<192.168.1.249> EXEC /bin/sh -c 'echo ~controller && sleep 0'
<192.168.1.249> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/controller/.ansible/tmp"&& mkdir "echo /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604" && echo ansible-tmp-1713503866.524177-2434820-254872599276604="echo /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604" ) && sleep 0'
Using module file /home/controller/.ansible/collections/ansible_collections/community/general/plugins/modules/xml.py
<192.168.1.249> PUT /home/controller/.ansible/tmp/ansible-local-2434695nlfmit_v/tmpmuaddzyq TO /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/AnsiballZ_xml.py
<192.168.1.249> EXEC /bin/sh -c 'chmod u+x /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/ /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/AnsiballZ_xml.py && sleep 0'
<192.168.1.249> EXEC /bin/sh -c '/usr/bin/python3 /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/AnsiballZ_xml.py && sleep 0'
<192.168.1.249> EXEC /bin/sh -c 'rm -f -r /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/ > /dev/null 2>&1 && sleep 0'
fatal: [192.168.1.249]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"add_children": null,
"attribute": null,
"backup": false,
"content": "attribute",
"count": false,
"input_type": "yaml",
"insertafter": false,
"insertbefore": false,
"namespaces": {},
"path": null,
"pretty_print": false,
"print_match": false,
"set_children": null,
"state": "present",
"strip_cdata_tags": false,
"value": null,
"xmlstring": "<response status="success"><entry name="Device_group_2">cffb64a4d938e87724e498f2aab1430b\n<entry name="Device_group_1">9107d510be07085d7903072e5f5822b9\n",
"xpath": "/response/result/devicegroups/entry[@name='device_group_1']"
}
},
"msg": "Xpath /response/result/devicegroups/entry[@name='device_group_1'] does not reference a node!"
}
...ignoring
TASK [Print parsed xml] ***************************************************************************************************************************************************************************************
task path: /home/controller/ansible-projects/dg.yml:28
ok: [192.168.1.249] => {
"parsed_software_xml": {
"changed": false,
"failed": true,
"msg": "Xpath /response/result/devicegroups/entry[@name='device_group_1'] does not reference a node!"
}
}
TASK [Assert that there is a device group with that name] *****************************************************************************************************************************************************
task path: /home/controller/ansible-projects/dg.yml:32
fatal: [192.168.1.249]: FAILED! => {
"assertion": "parsed_software_xml.failed == false",
"changed": false,
"evaluated_to": false,
"msg": "Device group does not exist"
second one gives this error
tasks:
- name: Get device group names
paloaltonetworks.panos.panos_op:
provider: '{{ device }}'
cmd: "show devicegroups"
register: devicegroups_output
- name: Debug stdout field
debug:
var: devicegroups_output.stdout
- name: Extract device group names using json_query
set_fact:
device_group_names: "{{ devicegroups_output.stdout | from_json | json_query('response.result.devicegroups.entry[*].\"@name\"') }}"
- name: Display extracted device group names
debug:
var: device_group_names
- name: Get device group info
paloaltonetworks.panos.panos_device_group:
provider: "{{ device }}"
name: "{{ item }}"
state: 'gathered'
loop: "{{ device_group_names }}"
register: device_group_info
This worked for me