paloaltonetworks.panos.panos_software module – Manage PAN-OS software versions.

Note

This module is part of the paloaltonetworks.panos collection (version 2.19.1).

To install it, use: ansible-galaxy collection install paloaltonetworks.panos. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: paloaltonetworks.panos.panos_software.

New in paloaltonetworks.panos 1.0.0

Synopsis

  • Install specific release of PAN-OS.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

api_key

string

Deprecated

Use provider to specify PAN-OS connectivity instead.


The API key to use instead of generating it using username / password.

download

boolean

Download PAN-OS version to the device.

Choices:

install

boolean

Perform installation of the PAN-OS version on the device.

Choices:

ip_address

string

Deprecated

Use provider to specify PAN-OS connectivity instead.


The IP address or hostname of the PAN-OS device being configured.

named_config

string

A name of a existing named config to be loaded after restart. If a non-existing file name is given the module will fail.

password

string

Deprecated

Use provider to specify PAN-OS connectivity instead.


The password to use for authentication. This is ignored if api_key is specified.

perform_software_check

boolean

Do a software check before doing the upgrade.

Choices:

port

integer

Deprecated

Use provider to specify PAN-OS connectivity instead.


The port number to connect to the PAN-OS device on.

Default: :ansible-option-default:`443`

provider

dictionary

added in paloaltonetworks.panos 1.0.0

A dict object containing connection details.

api_key

string

The API key to use instead of generating it using username / password.

ip_address

string

The IP address or hostname of the PAN-OS device being configured.

password

string

The password to use for authentication. This is ignored if api_key is specified.

port

integer

The port number to connect to the PAN-OS device on.

Default: :ansible-option-default:`443`

serial_number

string

The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.

username

string

The username to use for authentication. This is ignored if api_key is specified.

Default: :ansible-option-default:`"admin"`

restart

boolean

Restart device after installing desired version. Use in conjunction with paloaltonetworks.panos.panos_check to determine when firewall is ready again.

Choices:

sync_to_peer

boolean

If device is a member of a HA pair, perform actions on the peer device as well. Only used when downloading software - installation must be performed on both devices.

Choices:

timeout

integer

Timeout value in seconds to wait for the device operation to complete

Default: :ansible-option-default:`1200`

username

string

Deprecated

Use provider to specify PAN-OS connectivity instead.


The username to use for authentication. This is ignored if api_key is specified.

Default: :ansible-option-default:`"admin"`

version

string / required

Desired PAN-OS release for target device.

Notes

Note

  • Panorama is supported.

  • Check mode is supported.

  • When installing PAN-OS software, checking is performed by this module to ensure the upgrade/downgrade path is valid. When using this module to only download and not install PAN-OS software, the valid upgrade/downgrade path checking is bypassed (in order to allow pre-downloading of PAN-OS software images ahead of the installation time for multiple stage upgrades/downgrades).

  • PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.

Examples

- name: Install PAN-OS 8.1.6 and restart
  paloaltonetworks.panos.panos_software:
    provider: '{{ provider }}'
    version: '8.1.6'
    restart: true

- name: Download PAN-OS 9.0.0 base image only
  paloaltonetworks.panos.panos_software:
    provider: '{{ provider }}'
    version: '9.0.0'
    install: false
    restart: false

- name: Download PAN-OS 9.0.1 and sync to HA peer
  paloaltonetworks.panos.panos_software:
    provider: '{{ provider }}'
    version: '9.0.1'
    sync_to_peer: true
    install: false
    restart: false

- name: Downgrade to 9.1.10 with named config load
  paloaltonetworks.panos.panos_software:
    provider: '{{ device }}'
    version: 9.1.10
    named_config: '9.1.10_backup_named_config.xml'
    install: true
    restart: true

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

version

string

After performing the software install, returns the version installed on the device.

Returned: on success

Authors

  • Michael Richardson (@mrichardson03)