paloaltonetworks.panos.panos_commit_push module – Push running configuration to managed devices.

Note

This module is part of the paloaltonetworks.panos collection (version 2.19.1).

To install it, use: ansible-galaxy collection install paloaltonetworks.panos. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: paloaltonetworks.panos.panos_commit_push.

New in paloaltonetworks.panos 2.0.0

Synopsis

  • Module that will push the running Panorama configuration to managed devices.

  • The new configuration will become active immediately.

Requirements

The below requirements are needed on the host that executes this module.

  • pan-os-python

Parameters

Parameter

Comments

admins

list / elements=string

Push the configuration made by a specific administrator. (PAN-OS 10.2+)

description

string

A description of the commit.

devices

list / elements=string

Push the configuration to specific device serial numbers.

force_template_values

boolean

Force template values to override local settings.

Choices:

include_template

boolean

Include device group reference templates.

Choices:

name

string

The name of the configuration element to push.

provider

dictionary / required

added in paloaltonetworks.panos 1.0.0

A dict object containing connection details.

api_key

string

The API key to use instead of generating it using username / password.

ip_address

string / required

The IP address or hostname of the PAN-OS device being configured.

password

string

The password to use for authentication. This is ignored if api_key is specified.

port

integer

The port number to connect to the PAN-OS device on.

Default: :ansible-option-default:`443`

serial_number

string

The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.

username

string

The username to use for authentication. This is ignored if api_key is specified.

Default: :ansible-option-default:`"admin"`

style

string / required

The type of configuration element to push.

Choices:

sync

boolean

Wait for the commit to complete.

Choices:

Examples

- name: push device group configs
  paloaltonetworks.panos.panos_commit_push:
    provider: '{{ credentials }}'
    style: 'device group'
    name: 'Internet Edge Firewalls'
    description: 'Update ECMP routing'

- name: push template configs and force values
  paloaltonetworks.panos.panos_commit_push:
    provider: '{{ credentials }}'
    style: 'template'
    name: 'APAC Regional Template'
    force_template_values: true

- name: push log collector group configs
  paloaltonetworks.panos.panos_commit_push:
    provider: '{{ credentials }}'
    style: 'log collector group'
    name: 'LatAm Collector Group'

- name: push to multiple devices
  paloaltonetworks.panos.panos_commit_push:
    provider: '{{ credentials }}'
    style: 'device group'
    name: 'Partner DMZ Firewalls'
    devices:
      - 0001234567890
      - 0987654321000
      - 1001001F0F000

- name: push to multiple device groups
  paloaltonetworks.panos.panos_commit_push:
    provider: '{{ credentials }}'
    style: 'device group'
    name: '{{ item }}'
    sync: false
  loop:
    - Production Firewalls
    - Staging Firewalls
    - Development Firewalls

- name: push admin-specific changes to a device group
  paloaltonetworks.panos.panos_commit_push:
    provider: "{{ credentials }}"
    style: 'device group'
    name: 'EMEA_Device_Group'
    admins:
      - 'ansible-admin'

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

jobid

integer

The ID of the PAN-OS commit job.

Returned: always

Sample: :ansible-rv-sample-value:`49152`

Authors

  • Robert Hagen (@stealthllama)