paloaltonetworks.panos.panos_software module – Manage PAN-OS software versions.

Note

This module is part of the paloaltonetworks.panos collection (version 2.21.2).

To install it, use: ansible-galaxy collection install paloaltonetworks.panos. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: paloaltonetworks.panos.panos_software.

New in paloaltonetworks.panos 1.0.0

Synopsis

• Install specific release of PAN-OS.

Requirements

The below requirements are needed on the host that executes this module.

• pan-python can be obtained from PyPI https://pypi.python.org/pypi/pan-python

• pandevice can be obtained from PyPI https://pypi.python.org/pypi/pandevice

Parameters

Parameter	Comments
api_key string	Deprecated Use provider to specify PAN-OS connectivity instead. The API key to use instead of generating it using username / password.
download boolean	Download PAN-OS version to the device. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry-default:`true` ← (default)
install boolean	Perform installation of the PAN-OS version on the device. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry-default:`true` ← (default)
ip_address string	Deprecated Use provider to specify PAN-OS connectivity instead. The IP address or hostname of the PAN-OS device being configured.
named_config string	A name of a existing named config to be loaded after restart. If a non-existing file name is given the module will fail.
password string	Deprecated Use provider to specify PAN-OS connectivity instead. The password to use for authentication. This is ignored if api_key is specified.
perform_software_check boolean	Do a software check before doing the upgrade. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry-default:`true` ← (default)
port integer	Deprecated Use provider to specify PAN-OS connectivity instead. The port number to connect to the PAN-OS device on. Default: :ansible-option-default:`443`
provider dictionary added in paloaltonetworks.panos 1.0.0	A dict object containing connection details.
api_key string	The API key to use instead of generating it using username / password.
ip_address string	The IP address or hostname of the PAN-OS device being configured.
password string	The password to use for authentication. This is ignored if api_key is specified.
port integer	The port number to connect to the PAN-OS device on. Default: :ansible-option-default:`443`
serial_number string	The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
username string	The username to use for authentication. This is ignored if api_key is specified. Default: :ansible-option-default:`"admin"`
restart boolean	Restart device after installing desired version. Use in conjunction with paloaltonetworks.panos.panos_check to determine when firewall is ready again. Choices: :ansible-option-choices-entry-default:`false` ← (default) :ansible-option-choices-entry:`true`
sync_to_peer boolean	If device is a member of a HA pair, perform actions on the peer device as well. Only used when downloading software - installation must be performed on both devices. Choices: :ansible-option-choices-entry-default:`false` ← (default) :ansible-option-choices-entry:`true`
timeout integer	Timeout value in seconds to wait for the device operation to complete Default: :ansible-option-default:`1200`
username string	Deprecated Use provider to specify PAN-OS connectivity instead. The username to use for authentication. This is ignored if api_key is specified. Default: :ansible-option-default:`"admin"`
version string / required	Desired PAN-OS release for target device.

Notes

Note

• Panorama is supported.

• Check mode is supported.

• When installing PAN-OS software, checking is performed by this module to ensure the upgrade/downgrade path is valid. When using this module to only download and not install PAN-OS software, the valid upgrade/downgrade path checking is bypassed (in order to allow pre-downloading of PAN-OS software images ahead of the installation time for multiple stage upgrades/downgrades).

• PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.

Examples

- name: Install PAN-OS 8.1.6 and restart
  paloaltonetworks.panos.panos_software:
    provider: '{{ provider }}'
    version: '8.1.6'
    restart: true

- name: Download PAN-OS 9.0.0 base image only
  paloaltonetworks.panos.panos_software:
    provider: '{{ provider }}'
    version: '9.0.0'
    install: false
    restart: false

- name: Download PAN-OS 9.0.1 and sync to HA peer
  paloaltonetworks.panos.panos_software:
    provider: '{{ provider }}'
    version: '9.0.1'
    sync_to_peer: true
    install: false
    restart: false

- name: Downgrade to 9.1.10 with named config load
  paloaltonetworks.panos.panos_software:
    provider: '{{ device }}'
    version: 9.1.10
    named_config: '9.1.10_backup_named_config.xml'
    install: true
    restart: true

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
version string	After performing the software install, returns the version installed on the device. Returned: on success

Authors

• Michael Richardson (@mrichardson03)

Collection links

Issue Tracker Homepage Repository (Sources)