...
Here, the test result of ping_output.failed is used to derive a “DECISION”, it also branch out an exit point (meta: end_play) therefore a conclusion has to be made here.
Retrieving device info
Some scripts do need model info to decide whether or not to run the script. Before device tags passing is implemented, this is how it is done at the beginning of the script, for example:
...
Device Tags
A playbook has dependency on devices' vendor/product/model/version.
For example, for Palo Alto, a firewall device has different command sets than Panorama. This means, a playbook designed for firewall may not work for Panorama and vice versa.
The collector has already acquired the information about device vendor/product/model/version as device tags. To avoid playbook re-collect those info from the device, the server should pass device tags to the playbook.
The following tags shall be used at the top of the playbook: os.name, product, model. A playbook should exit with a conclusion at the beginning if these tags do not meet the requirements.
Some device commands may have version difference (command or output format).
Such differences should be handled for the applicable command execution and parsing based on the version. For example (hypothetically),
Code Block |
---|
- name: show running logging panos_op: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' cmd: 'show systemlogging infostatus' registerWhen: cmd_output ignore_errors: yesos.version == “1.0” - name: thisshow isrunning not a palo alto device block: - indeni_conclusion: triage_conclusion_title: this is not a palo alto device triage_conclusion: > this device {{ip_address}} is not a palo alto device. triage_has_conclusion: true triage_remediation_steps: > This script works only on palo alto mgmt device. triage_has_remediation_steps: true - meta: end_play when: cmd_output.failed - name: indeni_step get system info indeni_step: task_description: "get system info" task_type: "ACTION" task_full_command: "show system info" task_conclusion: "response received, need further parse" task_full_output: "{{cmd_output}}" - xml: xmlstring: '{{cmd_output.stdout_xml}}' xpath: '/response/result/system/model' content: text register: model ignore_errors: yes - indeni_step: task_description: "parse system info" task_type: "DECISION" task_full_command: "parse show system info output" task_conclusion: 'YES' task_full_output: "{{model}}" when: not model.failed - name: this is not a firewall device block: - indeni_conclusion: triage_conclusion_title: this is not a firewall device triage_conclusion: > this device {{ip_address}} is not a firewall device. triage_has_conclusion: true triage_remediation_steps: > This script works only on firewall device. triage_has_remediation_steps: true - meta: end_play when: model.matches[0].model == 'Panorama'logging panos_op: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' cmd: 'show logging state When: os.version == “2.0” |