paloaltonetworks.panos.panos_snapshot_report module – Generates a report by comparing two snapshot made with the paloaltonetworks.panos.panos_state_snapshot module.

Note

This module is part of the paloaltonetworks.panos collection (version 3.1.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install paloaltonetworks.panos. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: paloaltonetworks.panos.panos_snapshot_report.

New in paloaltonetworks.panos 2.18.0

Synopsis

  • A wrapper around the PAN-OS Upgrade Assurance package.

  • This is an ‘offline’ module, meaning it operates only on available facts. It does not need to connect to a device. It’s a wrapper around the SnapshotCompare class.

  • The module takes two snapshots made with paloaltonetworks.panos.panos_state_snapshot module, compares them and produces a report in a form of a dict. Keys in this report match the state areas, values contain comparison details.

  • You can limit the report to the state area’s you’re only interested in. You can also adjust the comparison by excluding some or limiting to particular properties.

  • Please refer to package’s documentation for syntax and configuration dialect.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

left_snapshot

dictionary / required

One of the snapshots to compare. It can be any snapshot taken in any time, but normally, in an upgrade scenario, you would think about it as the pre-upgrade snapshot.

reports

list / elements=any

A list of Firewall state areas available in both snapshots: left_snapshot and right_snapshot.

To use the default comparison method, this is a list of strings. If you would like to modify the default behavior additional configuration can be specified per state area.

For a list of currently available state areas as well as possible ways of modifying the reports please refer to package documentation.

To capture the actual report use a register.

Default: ["all"]

right_snapshot

dictionary / required

One of the snapshots to compare. It can be any snapshot taken in any time, but normally, in an upgrade scenario, you would think about it as the post-upgrade snapshot.

Notes

Note

  • This is an offline module, no device connection is made.

  • Check mode is not supported.

Examples

- name: Compare licenses in two snapshots, skip device's serial number to avoid false-positives
  panos_snapshot_report:
    left_snapshot: '{{ snap_1.response }}'
    right_snapshot: '{{ snap_2.response }}'
    reports:
      - license:
          properties:
            - '!serial'
    register: report
- name: Print the report to stdout
  ansible.builtin.debug:
    var: report.response

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

response

dictionary

This is a dict where keys are state areas names just as you specify them in the reports property.

Values contain a report generated for particular state area. The structure is the same for each report except for ‘session_stats’. For details refer to package documentation.

Returned: always

Sample: {"content_version": {"added": {"added_keys": [], "passed": true}, "changed": {"changed_raw": {"version": {"left_snap": "8647-7730", "right_snap": "8647-7729"}}, "passed": false}, "missing": {"missing_keys": [], "passed": true}, "passed": false}, "ip_sec_tunnels": {"added": {"added_keys": [], "passed": true}, "changed": {"changed_raw": {"ipsec_tun": {"added": {"added_keys": [], "passed": true}, "changed": {"changed_raw": {"state": {"left_snap": "init", "right_snap": "running"}}, "passed": false}, "missing": {"missing_keys": [], "passed": true}, "passed": false}}, "passed": false}, "missing": {"missing_keys": [], "passed": true}, "passed": false}, "license": {"added": {"added_keys": [], "passed": true}, "changed": {"changed_raw": {}, "passed": true}, "missing": {"missing_keys": ["AutoFocus Device License"], "passed": false}, "passed": false}, "nics": {"added": {"added_keys": [], "passed": true}, "changed": {"changed_raw": {"ethernet1/1": {"left_snap": "up", "right_snap": "down"}}, "passed": false}, "missing": {"missing_keys": ["tunnel"], "passed": false}, "passed": false}}

Authors

  • Łukasz Pawlęga (@fosix)