paloaltonetworks / paloaltonetworks.panos / 2.19.1 / module / panos_ha Manage High Availability on PAN-OS | "added in version" 1.0.0 of paloaltonetworks.panos" Authors: Patrick Avery (@unknown)paloaltonetworks.panos.panos_ha (2.19.1) — module
Install with ansible-galaxy collection install paloaltonetworks.panos:==2.19.1
collections: - name: paloaltonetworks.panos version: 2.19.1
Manage High Availability on PAN-OS in A/S and A/A modes including all HA interface configuration. Assumes physical interfaces are of type HA already using panos_interface. This module has the following limitations due to no support in pandevice - * No peer_backup_ip, this prevents full configuration of ha1_backup links * Speed and Duplex of ports was intentially skipped
- name: set ports to HA mode paloaltonetworks.panos.panos_interface: provider: '{{ provider }}' if_name: "{{ item }}" mode: "ha" enable_dhcp: false with_items: - ethernet1/1 - ethernet1/2 - ethernet1/3 - ethernet1/4 - ethernet1/5
- name: Configure Active/Standby HA paloaltonetworks.panos.panos_ha: provider: '{{ provider }}' state: present ha_peer_ip: "192.168.50.1" ha1_ip_address: "192.168.50.2" ha1_netmask: "255.255.255.252" ha1_port: "ethernet1/1" ha2_port: "ethernet1/3"
- name: Configure Active/Active HA paloaltonetworks.panos.panos_ha: provider: "{{ provider }}" state: present ha_mode: "active-active" ha_device_id: 0 ha_session_owner_selection: "first-packet" ha_session_setup: "first-packet" ha_peer_ip: "192.168.50.1" ha_peer_ip_backup: "192.168.50.5" ha1_port: "ethernet1/1" ha1_ip_address: "192.168.50.2" ha1_netmask: "255.255.255.252" ha1b_port: "ethernet1/2" ha1b_ip_address: "192.168.50.6" ha1b_netmask: "255.255.255.252" ha2_port: "ethernet1/3" ha2b_port: "ethernet1/4" ha3_port: "ethernet1/5"
port: default: 443 description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The port number to connect to the PAN-OS device on. type: int vsys: description: - The vsys this object should be imported into. Objects that are imported include interfaces, virtual routers, virtual wires, and VLANs. Interfaces are typically imported into vsys1 if no vsys is specified. type: str state: choices: - present - absent default: present description: - The state. type: str commit: description: - B(Deprecated) - Please use M(paloaltonetworks.panos.panos_commit_firewall), M(paloaltonetworks.panos.panos_commit_panorama), M(paloaltonetworks.panos.panos_commit_push) instead. - HORIZONTALLINE - Commit changes after creating object. If I(ip_address) is a Panorama device, and I(device_group) or I(template) are also set, perform a commit to Panorama and a commit-all to the device group/template. type: bool api_key: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The API key to use instead of generating it using I(username) / I(password). type: str ha_mode: choices: - active-passive - active-active default: active-passive description: Mode of HA type: str ha1_port: description: Interface to use for this HA1 interface (eg. ethernet1/5) type: str ha2_port: default: ha2-a description: Interface to use for this HA2 interface (eg. ethernet1/5) type: str ha3_port: description: Interface to use for this HA3 interface (eg. ethernet1/5, ae1) type: str password: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The password to use for authentication. This is ignored if I(api_key) is specified. type: str provider: description: - A dict object containing connection details. suboptions: api_key: description: - The API key to use instead of generating it using I(username) / I(password). type: str ip_address: description: - The IP address or hostname of the PAN-OS device being configured. type: str password: description: - The password to use for authentication. This is ignored if I(api_key) is specified. type: str port: default: 443 description: - The port number to connect to the PAN-OS device on. type: int serial_number: description: - The serial number of a firewall to use for targeted commands. If I(ip_address) is not a Panorama PAN-OS device, then this param is ignored. type: str username: default: admin description: - The username to use for authentication. This is ignored if I(api_key) is specified. type: str type: dict version_added: 1.0.0 version_added_collection: paloaltonetworks.panos template: description: - (Panorama only) The template this operation should target. Mutually exclusive with I(template_stack). type: str username: default: admin description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The username to use for authentication. This is ignored if I(api_key) is specified. type: str ha1b_port: description: Interface to use for this HA1Backup interface (eg. ethernet1/5) type: str ha2b_port: description: Interface to use for this HA2Backup interface (eg. ethernet1/5) type: str ha_enabled: default: true description: - Enable HA type: bool ha_peer_ip: description: HA Peer HA1 IP address type: str ip_address: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The IP address or hostname of the PAN-OS device being configured. type: str ha1_gateway: description: Default gateway of the HA1 interface type: str ha1_netmask: description: Netmask of the HA1 interface type: str ha2_gateway: description: Default gateway of the HA2 interface type: str ha2_netmask: description: Netmask of the HA2 interface type: str ha_group_id: default: 1 description: - The group identifier type: int ha_sync_qos: description: active-active network sync qos type: bool ha1b_gateway: description: Default gateway of the HA1Backup interface type: str ha1b_netmask: description: Netmask of the HA1Backup interface type: str ha2b_gateway: description: Default gateway of the HA2Backup interface type: str ha2b_netmask: description: Netmask of the HA2Backup interface type: str ha_device_id: choices: - 0 - 1 description: HA3 device id (0 or 1) type: int ha_state_sync: default: false description: Enabled state synchronization type: bool ha1_ip_address: description: IP of the HA1 interface type: str ha2_ip_address: description: IP of the HA2 interface type: str ha_config_sync: default: true description: Enabled configuration synchronization type: bool ha_ip_hash_key: choices: - source - source-and-destination description: active-active hash key used by ip-hash algorithm type: str template_stack: description: - (Panorama only) The template stack this operation should target. Mutually exclusive with I(template). type: str ha1b_ip_address: description: IP of the HA1Backup interface type: str ha2b_ip_address: description: IP of the HA2Backup interface type: str ha_ha2_keepalive: default: true description: Enable HA2 keepalives type: bool ha_session_setup: choices: - primary-device - first-packet - ip-modulo - ip-hash description: active-active session setup mode type: str ha_peer_ip_backup: description: HA Peer HA1 Backup IP address type: str ha_passive_link_state: choices: - shutdown - auto default: auto description: Passive link state type: str ha_sync_virtual_router: description: active-active network sync virtual router type: bool ha_tentative_hold_time: description: active-active tentative hold timer type: int ha_ha2_keepalive_action: description: HA2 keepalive action type: str ha_ha2_keepalive_threshold: description: HA2 keepalive threshold type: int ha_session_owner_selection: choices: - primary-device - first-packet description: active-active session owner mode type: str