Minemeld installation, Part 1

calendar Feb 24, 2019 · 9 min read · Linux Home Lab Network Security  ·
Share on: linkedin copy

Palo Alto Networks has provided a tool for public use - Minemeld - that will collate threat intelligence feeds and other indicators for a more dynamic security policy enforcement strategy with their firewalls:
https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/minemeld

I have a slightly different use case - I want my lab firewall to be aware of each virtual machine in my lab, and to be able to use it intelligently. Some of this is available via the "VM Information Sources" (more information here) feature, but it doesn't appear to be aware of details like NSX-T security groups, etc. My goal will be to implement these features using Minemeld, with some future uses on the horizon as well.

Getting Started

First I browse to https://live.paloaltonetworks.com/t5/MineMeld/ct-p/MineMeld to download any requisite packages.

Just a note - the provided OVA is based off Ubuntu 14.04 - a pretty old release. Performing a deeper search, I discovered that an ansible playbook is provided for install on recommended systems!
https://github.com/PaloAltoNetworks/minemeld-ansible

I'm going to install this on my ansible host - running openSUSE Tumbleweed:

  1admin@ansible:~> sudo zypper in wget git gcc python-devel libffi-devel openssl-devel  
  2Loading repository data...  
  3Reading installed packages...  
  4'openssl-devel' not found in package names. Trying capabilities.  
  5'wget' is already installed.  
  6No update candidate for 'wget-1.20.1-2.1.x86_64'. The highest available version is already installed.  
  7Resolving package dependencies...  
  83 Problems:  
  9Problem: python-devel-2.7.15-4.3.x86_64 requires glibc-devel, but this requirement cannot be provided  
 10Problem: gcc-8-2.4.x86_64 requires gcc8, but this requirement cannot be provided  
 11Problem: ruby2.5-rubygem-cfa-0.7.0-1.1.x86_64 requires ruby(abi) = 2.5.0, but this requirement cannot be provided  
 12  
 13Problem: python-devel-2.7.15-4.3.x86_64 requires glibc-devel, but this requirement cannot be provided  
 14  not installable providers: glibc-devel-2.29-1.3.i586[download.opensuse.org-oss]  
 15                   glibc-devel-2.29-1.3.i686[download.opensuse.org-oss]  
 16                   glibc-devel-2.29-1.3.x86_64[download.opensuse.org-oss]  
 17                   glibc-devel-2.29-1.3.i586[openSUSE-20190126-0]  
 18                   glibc-devel-2.29-1.3.i686[openSUSE-20190126-0]  
 19                   glibc-devel-2.29-1.3.x86_64[openSUSE-20190126-0]  
 20 Solution 1: Following actions will be done:  
 21  deinstallation of yast2-ruby-bindings-4.1.2-1.1.x86_64  
 22  deinstallation of yast2-samba-client-4.0.4-1.1.noarch  
 23  deinstallation of yast2-ntp-client-4.1.7-1.1.noarch  
 24  deinstallation of yast2-packager-4.1.24-1.1.x86_64  
 25  deinstallation of yast2-tftp-server-4.1.6-1.1.noarch  
 26  deinstallation of yast2-snapper-4.1.0-1.1.x86_64  
 27  deinstallation of yast2-vpn-4.0.1-1.2.noarch  
 28  deinstallation of yast2-users-4.1.7-1.1.x86_64  
 29  deinstallation of yast2-update-4.1.8-1.1.x86_64  
 30  deinstallation of yast2-tune-4.0.2-1.2.x86_64  
 31  deinstallation of yast2-transfer-4.0.0-1.3.x86_64  
 32  deinstallation of yast2-sysconfig-4.1.2-1.2.noarch  
 33  deinstallation of yast2-support-4.1.0-1.1.noarch  
 34  deinstallation of yast2-sudo-4.0.1-1.2.noarch  
 35  deinstallation of yast2-slp-4.0.0-1.3.x86_64  
 36  deinstallation of yast2-services-manager-4.1.14-1.1.noarch  
 37  deinstallation of yast2-security-4.1.2-1.2.noarch  
 38  deinstallation of yast2-samba-server-4.1.3-1.2.noarch  
 39  deinstallation of yast2-storage-ng-4.1.48-1.1.x86_64  
 40  deinstallation of yast2-proxy-4.1.0-1.1.noarch  
 41  deinstallation of yast2-printer-4.0.3-1.2.x86_64  
 42  deinstallation of yast2-pam-4.0.0-1.2.noarch  
 43  deinstallation of yast2-online-update-4.0.2-1.2.noarch  
 44  deinstallation of yast2-nis-client-4.1.0-1.1.x86_64  
 45  deinstallation of yast2-nfs-client-4.1.4-1.1.noarch  
 46  deinstallation of yast2-metapackage-handler-4.0.0-1.2.noarch  
 47  deinstallation of yast2-mail-4.1.0-1.2.noarch  
 48  deinstallation of yast2-journal-4.1.5-1.1.noarch  
 49  deinstallation of yast2-iscsi-client-4.1.4-1.1.noarch  
 50  deinstallation of yast2-hardware-detection-4.0.0-1.6.x86_64  
 51  deinstallation of yast2-firewall-4.1.10-1.1.noarch  
 52  deinstallation of yast2-country-data-4.1.7-1.2.x86_64  
 53  deinstallation of yast2-auth-server-4.1.0-1.2.noarch  
 54  deinstallation of yast2-auth-client-4.1.0-1.2.noarch  
 55  deinstallation of yast2-apparmor-4.1.7-1.1.noarch  
 56  deinstallation of yast2-add-on-4.1.10-1.1.noarch  
 57  deinstallation of autoyast2-installation-4.1.1-1.1.noarch  
 58  deinstallation of yast2-installation-4.1.34-1.1.noarch  
 59  deinstallation of yast2-online-update-frontend-4.0.2-1.2.noarch  
 60 Solution 2: Following actions will be done:  
 61  deinstallation of ruby2.5-2.5.3-2.1.x86_64  
 62  deinstallation of ruby2.5-rubygem-cfa_grub2-1.0.1-1.1.x86_64  
 63  deinstallation of ruby2.5-rubygem-cheetah-0.5.0-1.10.x86_64  
 64  deinstallation of ruby2.5-rubygem-fast_gettext-2.0.0-1.1.x86_64  
 65  deinstallation of ruby2.5-rubygem-gem2rpm-0.10.1-13.6.x86_64  
 66  deinstallation of ruby2.5-rubygem-ruby-augeas-0.5.0-3.9.x86_64  
 67  deinstallation of ruby2.5-rubygem-ruby-dbus-0.15.0-1.1.x86_64  
 68  deinstallation of ruby2.5-rubygem-simpleidn-0.1.1-1.1.x86_64  
 69  deinstallation of ruby2.5-rubygem-unf-0.1.4-1.9.x86_64  
 70  deinstallation of ruby2.5-rubygem-unf_ext-0.0.7.5-1.2.x86_64  
 71  deinstallation of ruby2.5-stdlib-2.5.3-2.1.x86_64  
 72 Solution 3: do not install python-devel-2.7.15-4.3.x86_64  
 73 Solution 4: break python-devel-2.7.15-4.3.x86_64 by ignoring some of its dependencies  
 74  
 75Choose from above solutions by number or skip, retry or cancel [1/2/3/4/s/r/c] (c): 2  
 76  
 77Problem: gcc-8-2.4.x86_64 requires gcc8, but this requirement cannot be provided  
 78  not installable providers: gcc8-8.2.1+r268506-1.1.i586[download.opensuse.org-oss]  
 79                   gcc8-8.2.1+r268506-1.1.x86_64[download.opensuse.org-oss]  
 80                   gcc8-8.2.1+r268506-1.1.i586[openSUSE-20190126-0]  
 81                   gcc8-8.2.1+r268506-1.1.x86_64[openSUSE-20190126-0]  
 82 Solution 1: Following actions will be done:  
 83  deinstallation of yast2-4.1.53-1.1.x86_64  
 84  deinstallation of yast2-ntp-client-4.1.7-1.1.noarch  
 85  deinstallation of yast2-packager-4.1.24-1.1.x86_64  
 86  deinstallation of yast2-tftp-server-4.1.6-1.1.noarch  
 87  deinstallation of yast2-snapper-4.1.0-1.1.x86_64  
 88  deinstallation of yast2-vpn-4.0.1-1.2.noarch  
 89  deinstallation of yast2-users-4.1.7-1.1.x86_64  
 90  deinstallation of yast2-update-4.1.8-1.1.x86_64  
 91  deinstallation of yast2-tune-4.0.2-1.2.x86_64  
 92  deinstallation of yast2-transfer-4.0.0-1.3.x86_64  
 93  deinstallation of yast2-sysconfig-4.1.2-1.2.noarch  
 94  deinstallation of yast2-support-4.1.0-1.1.noarch  
 95  deinstallation of yast2-sudo-4.0.1-1.2.noarch  
 96  deinstallation of yast2-slp-4.0.0-1.3.x86_64  
 97  deinstallation of yast2-services-manager-4.1.14-1.1.noarch  
 98  deinstallation of yast2-security-4.1.2-1.2.noarch  
 99  deinstallation of yast2-samba-server-4.1.3-1.2.noarch  
100  deinstallation of yast2-storage-ng-4.1.48-1.1.x86_64  
101  deinstallation of yast2-proxy-4.1.0-1.1.noarch  
102  deinstallation of yast2-printer-4.0.3-1.2.x86_64  
103  deinstallation of yast2-pam-4.0.0-1.2.noarch  
104  deinstallation of yast2-online-update-4.0.2-1.2.noarch  
105  deinstallation of yast2-nis-client-4.1.0-1.1.x86_64  
106  deinstallation of yast2-nfs-client-4.1.4-1.1.noarch  
107  deinstallation of yast2-metapackage-handler-4.0.0-1.2.noarch  
108  deinstallation of yast2-mail-4.1.0-1.2.noarch  
109  deinstallation of yast2-journal-4.1.5-1.1.noarch  
110  deinstallation of yast2-iscsi-client-4.1.4-1.1.noarch  
111  deinstallation of yast2-hardware-detection-4.0.0-1.6.x86_64  
112  deinstallation of yast2-firewall-4.1.10-1.1.noarch  
113  deinstallation of yast2-country-data-4.1.7-1.2.x86_64  
114  deinstallation of yast2-auth-server-4.1.0-1.2.noarch  
115  deinstallation of yast2-auth-client-4.1.0-1.2.noarch  
116  deinstallation of yast2-apparmor-4.1.7-1.1.noarch  
117  deinstallation of yast2-add-on-4.1.10-1.1.noarch  
118  deinstallation of autoyast2-installation-4.1.1-1.1.noarch  
119  deinstallation of yast2-installation-4.1.34-1.1.noarch  
120  deinstallation of yast2-ldap-4.0.0-1.5.x86_64  
121  deinstallation of patterns-yast-yast2_basis-20181130-1.1.x86_64  
122  deinstallation of yast2-online-update-frontend-4.0.2-1.2.noarch  
123 Solution 2: Following actions will be done:  
124  deinstallation of ruby2.5-rubygem-abstract_method-1.2.1-2.10.x86_64  
125  deinstallation of ruby2.5-rubygem-ruby-augeas-0.5.0-3.9.x86_64  
126  deinstallation of ruby2.5-rubygem-ruby-dbus-0.15.0-1.1.x86_64  
127  deinstallation of ruby2.5-rubygem-simpleidn-0.1.1-1.1.x86_64  
128  deinstallation of ruby2.5-rubygem-unf-0.1.4-1.9.x86_64  
129  deinstallation of ruby2.5-rubygem-unf_ext-0.0.7.5-1.2.x86_64  
130  deinstallation of ruby2.5-stdlib-2.5.3-2.1.x86_64  
131 Solution 3: do not install gcc-8-2.4.x86_64  
132 Solution 4: break gcc-8-2.4.x86_64 by ignoring some of its dependencies  
133  
134Choose from above solutions by number or skip, retry or cancel [1/2/3/4/s/r/c] (c): 2  
135  
136Problem: ruby2.5-rubygem-cfa-0.7.0-1.1.x86_64 requires ruby(abi) = 2.5.0, but this requirement cannot be provided  
137  deleted providers: ruby2.5-2.5.3-2.1.x86_64  
138 Solution 1: Following actions will be done:  
139  deinstallation of yast2-country-4.1.7-1.1.x86_64  
140  deinstallation of yast2-packager-4.1.24-1.1.x86_64  
141  deinstallation of yast2-ntp-client-4.1.7-1.1.noarch  
142  deinstallation of yast2-network-4.1.34-1.1.noarch  
143  deinstallation of yast2-snapper-4.1.0-1.1.x86_64  
144  deinstallation of yast2-installation-4.1.34-1.1.noarch  
145  deinstallation of autoyast2-installation-4.1.1-1.1.noarch  
146  deinstallation of yast2-storage-ng-4.1.48-1.1.x86_64  
147  deinstallation of yast2-add-on-4.1.10-1.1.noarch  
148  deinstallation of yast2-apparmor-4.1.7-1.1.noarch  
149  deinstallation of yast2-auth-client-4.1.0-1.2.noarch  
150  deinstallation of yast2-auth-server-4.1.0-1.2.noarch  
151  deinstallation of yast2-country-data-4.1.7-1.2.x86_64  
152  deinstallation of yast2-firewall-4.1.10-1.1.noarch  
153  deinstallation of yast2-hardware-detection-4.0.0-1.6.x86_64  
154  deinstallation of yast2-iscsi-client-4.1.4-1.1.noarch  
155  deinstallation of yast2-journal-4.1.5-1.1.noarch  
156  deinstallation of yast2-mail-4.1.0-1.2.noarch  
157  deinstallation of yast2-metapackage-handler-4.0.0-1.2.noarch  
158  deinstallation of yast2-nfs-client-4.1.4-1.1.noarch  
159  deinstallation of yast2-nis-client-4.1.0-1.1.x86_64  
160  deinstallation of yast2-online-update-4.0.2-1.2.noarch  
161  deinstallation of yast2-pam-4.0.0-1.2.noarch  
162  deinstallation of yast2-printer-4.0.3-1.2.x86_64  
163  deinstallation of yast2-proxy-4.1.0-1.1.noarch  
164  deinstallation of yast2-samba-server-4.1.3-1.2.noarch  
165  deinstallation of yast2-security-4.1.2-1.2.noarch  
166  deinstallation of yast2-services-manager-4.1.14-1.1.noarch  
167  deinstallation of yast2-slp-4.0.0-1.3.x86_64  
168  deinstallation of yast2-sudo-4.0.1-1.2.noarch  
169  deinstallation of yast2-support-4.1.0-1.1.noarch  
170  deinstallation of yast2-sysconfig-4.1.2-1.2.noarch  
171  deinstallation of yast2-transfer-4.0.0-1.3.x86_64  
172  deinstallation of yast2-tune-4.0.2-1.2.x86_64  
173  deinstallation of yast2-update-4.1.8-1.1.x86_64  
174  deinstallation of yast2-users-4.1.7-1.1.x86_64  
175  deinstallation of yast2-vpn-4.0.1-1.2.noarch  
176  deinstallation of patterns-yast-yast2_basis-20181130-1.1.x86_64  
177  deinstallation of yast2-online-update-frontend-4.0.2-1.2.noarch  
178 Solution 2: Following actions will be done:  
179  deinstallation of ruby2.5-rubygem-cfa-0.7.0-1.1.x86_64  
180  deinstallation of ruby2.5-rubygem-cheetah-0.5.0-1.10.x86_64  
181  deinstallation of ruby2.5-rubygem-fast_gettext-2.0.0-1.1.x86_64  
182  deinstallation of ruby2.5-rubygem-gem2rpm-0.10.1-13.6.x86_64  
183  deinstallation of ruby2.5-rubygem-ruby-augeas-0.5.0-3.9.x86_64  
184  deinstallation of ruby2.5-rubygem-ruby-dbus-0.15.0-1.1.x86_64  
185  deinstallation of ruby2.5-rubygem-simpleidn-0.1.1-1.1.x86_64  
186  deinstallation of ruby2.5-rubygem-unf-0.1.4-1.9.x86_64  
187  deinstallation of ruby2.5-rubygem-unf_ext-0.0.7.5-1.2.x86_64  
188  deinstallation of ruby2.5-stdlib-2.5.3-2.1.x86_64  
189 Solution 3: do not ask to install a solvable providing openssl-devel  
190 Solution 4: break ruby2.5-rubygem-cfa-0.7.0-1.1.x86_64 by ignoring some of its dependencies  
191  
192Choose from above solutions by number or skip, retry or cancel [1/2/3/4/s/r/c] (c): 2  
193Resolving dependencies...  
194Resolving package dependencies...  
195  
196The following 68 NEW packages are going to be installed:  
197  cpp cpp8 cvs cvsps gcc gcc8 git git-core git-cvs git-email git-gui gitk git-svn glibc-devel glibc-locale-base  
198  libapr1 libapr-util1 libasan5 libatomic1 libcrypt1 libffi-devel libgomp1 libisl19 libitm1 liblsan0 libmpc3 libmpfr6  
199  libmpx2 libmpxwrappers2 libopenssl-1_1-devel libopenssl-devel libruby2_6-2_6 libserf-1-1 libsha1detectcoll1  
200  libtsan0 libubsan1 libutf8proc2 libxcrypt-devel libXss1 linux-glibc-devel perl-Authen-SASL perl-DBD-SQLite perl-DBI  
201  perl-Digest-HMAC perl-Error perl-MailTools perl-Net-SMTP-SSL python python-devel ruby2.6  
202  ruby2.6-rubygem-abstract_method ruby2.6-rubygem-cfa ruby2.6-rubygem-cfa_grub2 ruby2.6-rubygem-cheetah  
203  ruby2.6-rubygem-fast_gettext ruby2.6-rubygem-gem2rpm ruby2.6-rubygem-ruby-augeas ruby2.6-rubygem-ruby-dbus  
204  ruby2.6-rubygem-simpleidn ruby2.6-rubygem-unf ruby2.6-rubygem-unf_ext subversion subversion-bash-completion  
205  subversion-perl tcl tk xhost zlib-devel  
206  
207The following 13 packages are going to be REMOVED:  
208  ruby2.5 ruby2.5-rubygem-abstract_method ruby2.5-rubygem-cfa ruby2.5-rubygem-cfa_grub2 ruby2.5-rubygem-cheetah  
209  ruby2.5-rubygem-fast_gettext ruby2.5-rubygem-gem2rpm ruby2.5-rubygem-ruby-augeas ruby2.5-rubygem-ruby-dbus  
210  ruby2.5-rubygem-simpleidn ruby2.5-rubygem-unf ruby2.5-rubygem-unf_ext ruby2.5-stdlib  
211  
212The following 15 packages are going to be upgraded:  
213  glibc glibc-extra glibc-locale nscd ruby yast2 yast2-bootloader yast2-core yast2-country yast2-network  
214  yast2-ntp-client yast2-packager yast2-ruby-bindings yast2-snapper yast2-tftp-server  
215  
216The following 6 recommended packages were automatically selected:  
217  git-cvs git-email git-gui gitk git-svn subversion-bash-completion  
218  
219The following 2 packages are suggested, but will not be installed:  
220  git-daemon git-web  
221  
22215 packages to upgrade, 68 new, 13 to remove.  
223Overall download size: 81.4 MiB. Already cached: 0 B. After the operation, additional 319.4 MiB will be used.  
224Continue? [y/n/...? shows all options] (y): y

Looks like this conflicts with Ruby somewhat - a non-issue for me. Time to run pip and install ansible:

 1admin@ansible:~> sudo -H python get-pip.py  
 2[sudo] password for root:  
 3Traceback (most recent call last):  
 4  File "get-pip.py", line 21361, in <module>  
 5    main()  
 6  File "get-pip.py", line 197, in main  
 7    bootstrap(tmpdir=tmpdir)  
 8  File "get-pip.py", line 82, in bootstrap  
 9    import pip._internal  
10  File "/tmp/tmpqrZ_FD/pip.zip/pip/_internal/__init__.py", line 40, in <module>  
11  File "/tmp/tmpqrZ_FD/pip.zip/pip/_internal/cli/autocompletion.py", line 8, in <module>  
12  File "/tmp/tmpqrZ_FD/pip.zip/pip/_internal/cli/main_parser.py", line 12, in <module>  
13  File "/tmp/tmpqrZ_FD/pip.zip/pip/_internal/commands/__init__.py", line 6, in <module>  
14  File "/tmp/tmpqrZ_FD/pip.zip/pip/_internal/commands/completion.py", line 6, in <module>  
15  File "/tmp/tmpqrZ_FD/pip.zip/pip/_internal/cli/base_command.py", line 25, in <module>  
16  File "/tmp/tmpqrZ_FD/pip.zip/pip/_internal/index.py", line 14, in <module>  
17  File "/tmp/tmpqrZ_FD/pip.zip/pip/_vendor/html5lib/__init__.py", line 25, in <module>  
18  File "/tmp/tmpqrZ_FD/pip.zip/pip/_vendor/html5lib/html5parser.py", line 7, in <module>  
19  File "/tmp/tmpqrZ_FD/pip.zip/pip/_vendor/html5lib/_inputstream.py", line 13, in <module>  
20  File "/tmp/tmpqrZ_FD/pip.zip/pip/_vendor/html5lib/_utils.py", line 10, in <module>  
21ImportError: No module named xml.etree.ElementTree

And it seems the pip install step is not necessary, as openSUSE handles this through the package manager. We're going to need to go a bit off-script here:

 1  
 2admin@ansible:~> zypper se pip  
 3Loading repository data...  
 4Reading installed packages...  
 5  
 6S | Name                                     | Summary                                                                  | Type  
 7--+------------------------------------------+--------------------------------------------------------------------------+--------  
 8i | python3-pip                              | Pip installs packages. Python packages. An easy_install replacement      | package  
 9ansible:/home/admin # pip install ansible  
10Collecting ansible  
11  Downloading https://files.pythonhosted.org/packages/e4/22/4325212e609071cd93b8142722d770f5defab34a95511f183e262f8de983/ansible-2.7.8.tar.gz (11.8MB)  
12    100% |████████████████████████████████| 11.8MB 3.4MB/s  
13Collecting jinja2 (from ansible)  
14  Downloading https://files.pythonhosted.org/packages/7f/ff/ae64bacdfc95f27a016a7bed8e8686763ba4d277a78ca76f32659220a731/Jinja2-2.10-py2.py3-none-any.whl (126kB)  
15    100% |████████████████████████████████| 133kB 20.5MB/s  
16Collecting PyYAML (from ansible)  
17  Downloading https://files.pythonhosted.org/packages/9e/a3/1d13970c3f36777c583f136c136f804d70f500168edc1edea6daa7200769/PyYAML-3.13.tar.gz (270kB)  
18    100% |████████████████████████████████| 276kB 2.3MB/s  
19Collecting paramiko (from ansible)  
20  Downloading https://files.pythonhosted.org/packages/cf/ae/94e70d49044ccc234bfdba20114fa947d7ba6eb68a2e452d89b920e62227/paramiko-2.4.2-py2.py3-none-any.whl (193kB)  
21    100% |████████████████████████████████| 194kB 19.3MB/s  
22Collecting cryptography (from ansible)  
23  Downloading https://files.pythonhosted.org/packages/98/71/e632e222f34632e0527dd41799f7847305e701f38f512d81bdf96009bca4/cryptography-2.5-cp34-abi3-manylinux1_x86_64.whl (2.4MB)  
24    100% |████████████████████████████████| 2.4MB 6.4MB/s  
25Requirement already satisfied: setuptools in /usr/lib/python3.6/site-packages (from ansible) (40.6.3)  
26Collecting MarkupSafe>=0.23 (from jinja2->ansible)  
27  Downloading https://files.pythonhosted.org/packages/b2/5f/23e0023be6bb885d00ffbefad2942bc51a620328ee910f64abe5a8d18dd1/MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl  
28Collecting bcrypt>=3.1.3 (from paramiko->ansible)  
29  Downloading https://files.pythonhosted.org/packages/d0/79/79a4d167a31cc206117d9b396926615fa9c1fdbd52017bcced80937ac501/bcrypt-3.1.6-cp34-abi3-manylinux1_x86_64.whl (55kB)  
30    100% |████████████████████████████████| 61kB 17.2MB/s  
31Collecting pyasn1>=0.1.7 (from paramiko->ansible)  
32  Downloading https://files.pythonhosted.org/packages/7b/7c/c9386b82a25115cccf1903441bba3cbadcfae7b678a20167347fa8ded34c/pyasn1-0.4.5-py2.py3-none-any.whl (73kB)  
33    100% |████████████████████████████████| 81kB 20.0MB/s  
34Collecting pynacl>=1.0.1 (from paramiko->ansible)  
35  Downloading https://files.pythonhosted.org/packages/27/15/2cd0a203f318c2240b42cd9dd13c931ddd61067809fee3479f44f086103e/PyNaCl-1.3.0-cp34-abi3-manylinux1_x86_64.whl (759kB)  
36    100% |████████████████████████████████| 768kB 20.3MB/s  
37Collecting cffi!=1.11.3,>=1.8 (from cryptography->ansible)  
38  Downloading https://files.pythonhosted.org/packages/be/99/3a088b41d93aa46f07cf7fd4da1b3287e6899ad7b2b75f1a177edf025e1a/cffi-1.12.1-cp36-cp36m-manylinux1_x86_64.whl (428kB)  
39    100% |████████████████████████████████| 430kB 20.8MB/s  
40Requirement already satisfied: six>=1.4.1 in /usr/lib/python3.6/site-packages (from cryptography->ansible) (1.12.0)  
41Collecting asn1crypto>=0.21.0 (from cryptography->ansible)  
42  Downloading https://files.pythonhosted.org/packages/ea/cd/35485615f45f30a510576f1a56d1e0a7ad7bd8ab5ed7cdc600ef7cd06222/asn1crypto-0.24.0-py2.py3-none-any.whl (101kB)  
43    100% |████████████████████████████████| 102kB 14.4MB/s  
44Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->ansible)  
45  Downloading https://files.pythonhosted.org/packages/68/9e/49196946aee219aead1290e00d1e7fdeab8567783e83e1b9ab5585e6206a/pycparser-2.19.tar.gz (158kB)  
46    100% |████████████████████████████████| 163kB 18.0MB/s  
47Installing collected packages: MarkupSafe, jinja2, PyYAML, pycparser, cffi, bcrypt, asn1crypto, cryptography, pyasn1, pynacl, paramiko, ansible  
48  Running setup.py install for PyYAML ... done  
49  Running setup.py install for pycparser ... done  
50  Running setup.py install for ansible ... done  
51Successfully installed MarkupSafe-1.1.1 PyYAML-3.13 ansible-2.7.8 asn1crypto-0.24.0 bcrypt-3.1.6 cffi-1.12.1 cryptography-2.5 jinja2-2.10 paramiko-2.4.2 pyasn1-0.4.5 pycparser-2.19 pynacl-1.3.0  
52  
53ansible:/home/admin # git clone https://github.com/PaloAltoNetworks/minemeld-ansible.git  
54Cloning into 'minemeld-ansible'...  
55remote: Enumerating objects: 170, done.  
56remote: Counting objects: 100% (170/170), done.  
57remote: Compressing objects: 100% (121/121), done.  
58remote: Total 1042 (delta 89), reused 110 (delta 46), pack-reused 872  
59Receiving objects: 100% (1042/1042), 140.92 KiB | 1.35 MiB/s, done.  
60Resolving deltas: 100% (450/450), done.  
61ansible:/home/admin # cd minemeld-ansible/  
62admin@ansible:~/minemeld-ansible> ansible-playbook -K -i 127.0.0.1, local.yml  
63SUDO password:  
64  
65PLAY [minemeld playbook] *******************************************************************************************************************************************************************************************************************************************************  
66  
67TASK [Gathering Facts] *********************************************************************************************************************************************************************************************************************************************************  
68ok: [127.0.0.1]  
69  
70TASK [infrastructure : debug] **************************************************************************************************************************************************************************************************************************************************  
71ok: [127.0.0.1] => {  
72    "msg": "Loading vars for openSUSE Tumbleweed 20190219"  
73}  
74  
75TASK [infrastructure : include_vars] *******************************************************************************************************************************************************************************************************************************************  
76fatal: [127.0.0.1]: FAILED! => {"msg": "No file was found when using with_first_found. Use the 'skip: true' option to allow this task to be skipped if no files are found"}  
77        to retry, use: --limit @/home/admin/minemeld-ansible/local.retry  
78  
79PLAY RECAP *********************************************************************************************************************************************************************************************************************************************************************  
80127.0.0.1                  : ok=2    changed=0    unreachable=0    failed=1

Looks like we need to find out where in the playbook with_first_found is defined.

1admin@ansible:~/minemeld-ansible> grep first_found */*/*/*  
2roles/infrastructure/tasks/main.yml:  with_first_found:  
3roles/minemeld/tasks/main.yml:  with_first_found:

With either location, the following YAML reference is made. I'll do some more research on what that does in another blog entry:

1# from http://serverfault.com/questions/587727/how-to-unify-package-installation-tasks-in-ansible  
2- include_vars: "{{ item }}"  
3  with_first_found:  
4    - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"  
5    - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"  
6    - "{{ ansible_distribution }}.yml"