Versions Compared

Old Version 15

changes.mady.by.user Shay Naveh

Saved on

compared with

New Version Current

changes.mady.by.user Shay Naveh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Here, the test result of ping_output.failed is used to derive a “DECISION”, it also branch out an exit point (meta: end_play) therefore a conclusion has to be made here.

Retrieving device info

Some scripts do need model info to decide whether or not to run the script. Before device tags passing is implemented, this is how it is done at the beginning of the script, for example:

...

Device Tags

A playbook has dependency on devices' vendor/product/model/version.
For example, for Palo Alto, a firewall device has different command sets than Panorama. This means, a playbook designed for firewall may not work for Panorama and vice versa.

The collector has already acquired the information about device vendor/product/model/version as device tags. To avoid playbook re-collect those info from the device, the server should pass device tags to the playbook.

The following tags shall be used at the top of the playbook: os.name, product, model. A playbook should exit with a conclusion at the beginning if these tags do not meet the requirements.

Some device commands may have version difference (command or output format).

Such differences should be handled for the applicable command execution and parsing based on the version. For example (hypothetically),

Code Block
- name: show running logging
panos_op:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
cmd: 'show systemlogging infostatus'
registerWhen: cmd_output
ignore_errors: yesos.version == “1.0”

- name: thisshow isrunning not a palo alto device
block:
- indeni_conclusion:
triage_conclusion_title: this is not a palo alto device
triage_conclusion: >
this device {{ip_address}} is not a palo alto device.
triage_has_conclusion: true
triage_remediation_steps: >
This script works only on palo alto mgmt device.
triage_has_remediation_steps: true
- meta: end_play
when: cmd_output.failed

- name: indeni_step get system info
indeni_step:
task_description: "get system info"
task_type: "ACTION"
task_full_command: "show system info"
task_conclusion: "response received, need further parse"
task_full_output: "{{cmd_output}}"
- xml:
xmlstring: '{{cmd_output.stdout_xml}}'
xpath: '/response/result/system/model'
content: text
register: model
ignore_errors: yes
- indeni_step:
task_description: "parse system info"
task_type: "DECISION"
task_full_command: "parse show system info output"
task_conclusion: 'YES'
task_full_output: "{{model}}"
when: not model.failed

- name: this is not a firewall device
block:
- indeni_conclusion:
triage_conclusion_title: this is not a firewall device
triage_conclusion: >
this device {{ip_address}} is not a firewall device.
triage_has_conclusion: true
triage_remediation_steps: >
This script works only on firewall device.
triage_has_remediation_steps: true
- meta: end_play
 when: model.matches[0].model == 'Panorama'logging
panos_op:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
cmd: 'show logging state
When: os.version == “2.0”