paloaltonetworks.panos.panos_commit_firewall module – Commit the firewall’s candidate configuration.

Note

This module is part of the paloaltonetworks.panos collection (version 2.21.2).

To install it, use: ansible-galaxy collection install paloaltonetworks.panos. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: paloaltonetworks.panos.panos_commit_firewall.

New in paloaltonetworks.panos 2.0.0

Synopsis

• Module that will commit the candidate configuration of a PAN-OS firewall.

• The new configuration will become active immediately.

Requirements

The below requirements are needed on the host that executes this module.

• pan-os-python

Parameters

Parameter	Comments
admins list / elements=string	Commit only the changes made by specified list of administrators.
description string	A description of the commit.
exclude_device_and_network boolean	Exclude network and device configuration changes. Choices: :ansible-option-choices-entry-default:`false` ← (default) :ansible-option-choices-entry:`true`
exclude_policy_and_objects boolean	Exclude policy and object configuration changes. Choices: :ansible-option-choices-entry-default:`false` ← (default) :ansible-option-choices-entry:`true`
exclude_shared_objects boolean	Exclude shared object configuration changes. Choices: :ansible-option-choices-entry-default:`false` ← (default) :ansible-option-choices-entry:`true`
force boolean	Force the commit. Choices: :ansible-option-choices-entry-default:`false` ← (default) :ansible-option-choices-entry:`true`
provider dictionary / required added in paloaltonetworks.panos 1.0.0	A dict object containing connection details.
api_key string	The API key to use instead of generating it using username / password.
ip_address string / required	The IP address or hostname of the PAN-OS device being configured.
password string	The password to use for authentication. This is ignored if api_key is specified.
port integer	The port number to connect to the PAN-OS device on. Default: :ansible-option-default:`443`
serial_number string	The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
username string	The username to use for authentication. This is ignored if api_key is specified. Default: :ansible-option-default:`"admin"`
sync boolean	Wait for the commit to complete. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry-default:`true` ← (default)

Examples

- name: commit candidate configs on firewall
  paloaltonetworks.panos.panos_commit_firewall:
    provider: '{{ credentials }}'

- name: commit changes by specified admins on firewall
  paloaltonetworks.panos.panos_commit_firewall:
    provider: '{{ credentials }}'
    admins: ['netops', 'secops', 'cloudops']
    description: 'Saturday change window'

- name: commit only policy and object changes on firewall
  paloaltonetworks.panos.panos_commit_firewall:
    provider: '{{ credentials }}'
    exclude_device_and_network: true

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
details string	Commit job completion messages. Returned: on success Sample: :ansible-rv-sample-value:`"Configuration committed successfully"`
jobid integer	The ID of the PAN-OS commit job. Returned: always Sample: :ansible-rv-sample-value:`49152`

Authors

• Robert Hagen (@stealthllama)

Collection links

Issue Tracker Homepage Repository (Sources)