Try SpotterManage High Availability on PAN-OS
| "added in version" 1.0.0 of paloaltonetworks.panos"
Authors: Patrick Avery (@unknown)
Install with ansible-galaxy collection install paloaltonetworks.panos:==2.19.1
collections:
- name: paloaltonetworks.panos
version: 2.19.1Manage High Availability on PAN-OS in A/S and A/A modes including all HA interface configuration. Assumes physical interfaces are of type HA already using panos_interface. This module has the following limitations due to no support in pandevice - * No peer_backup_ip, this prevents full configuration of ha1_backup links * Speed and Duplex of ports was intentially skipped
- name: set ports to HA mode
paloaltonetworks.panos.panos_interface:
provider: '{{ provider }}'
if_name: "{{ item }}"
mode: "ha"
enable_dhcp: false
with_items:
- ethernet1/1
- ethernet1/2
- ethernet1/3
- ethernet1/4
- ethernet1/5
- name: Configure Active/Standby HA
paloaltonetworks.panos.panos_ha:
provider: '{{ provider }}'
state: present
ha_peer_ip: "192.168.50.1"
ha1_ip_address: "192.168.50.2"
ha1_netmask: "255.255.255.252"
ha1_port: "ethernet1/1"
ha2_port: "ethernet1/3"
- name: Configure Active/Active HA
paloaltonetworks.panos.panos_ha:
provider: "{{ provider }}"
state: present
ha_mode: "active-active"
ha_device_id: 0
ha_session_owner_selection: "first-packet"
ha_session_setup: "first-packet"
ha_peer_ip: "192.168.50.1"
ha_peer_ip_backup: "192.168.50.5"
ha1_port: "ethernet1/1"
ha1_ip_address: "192.168.50.2"
ha1_netmask: "255.255.255.252"
ha1b_port: "ethernet1/2"
ha1b_ip_address: "192.168.50.6"
ha1b_netmask: "255.255.255.252"
ha2_port: "ethernet1/3"
ha2b_port: "ethernet1/4"
ha3_port: "ethernet1/5"
port:
default: 443
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The port number to connect to the PAN-OS device on.
type: int
vsys:
description:
- The vsys this object should be imported into. Objects that are imported include
interfaces, virtual routers, virtual wires, and VLANs. Interfaces are typically
imported into vsys1 if no vsys is specified.
type: str
state:
choices:
- present
- absent
default: present
description:
- The state.
type: str
commit:
description:
- B(Deprecated)
- Please use M(paloaltonetworks.panos.panos_commit_firewall), M(paloaltonetworks.panos.panos_commit_panorama),
M(paloaltonetworks.panos.panos_commit_push) instead.
- HORIZONTALLINE
- Commit changes after creating object. If I(ip_address) is a Panorama device, and
I(device_group) or I(template) are also set, perform a commit to Panorama and a
commit-all to the device group/template.
type: bool
api_key:
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The API key to use instead of generating it using I(username) / I(password).
type: str
ha_mode:
choices:
- active-passive
- active-active
default: active-passive
description: Mode of HA
type: str
ha1_port:
description: Interface to use for this HA1 interface (eg. ethernet1/5)
type: str
ha2_port:
default: ha2-a
description: Interface to use for this HA2 interface (eg. ethernet1/5)
type: str
ha3_port:
description: Interface to use for this HA3 interface (eg. ethernet1/5, ae1)
type: str
password:
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The password to use for authentication. This is ignored if I(api_key) is specified.
type: str
provider:
description:
- A dict object containing connection details.
suboptions:
api_key:
description:
- The API key to use instead of generating it using I(username) / I(password).
type: str
ip_address:
description:
- The IP address or hostname of the PAN-OS device being configured.
type: str
password:
description:
- The password to use for authentication. This is ignored if I(api_key) is specified.
type: str
port:
default: 443
description:
- The port number to connect to the PAN-OS device on.
type: int
serial_number:
description:
- The serial number of a firewall to use for targeted commands. If I(ip_address)
is not a Panorama PAN-OS device, then this param is ignored.
type: str
username:
default: admin
description:
- The username to use for authentication. This is ignored if I(api_key) is specified.
type: str
type: dict
version_added: 1.0.0
version_added_collection: paloaltonetworks.panos
template:
description:
- (Panorama only) The template this operation should target. Mutually exclusive with
I(template_stack).
type: str
username:
default: admin
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The username to use for authentication. This is ignored if I(api_key) is specified.
type: str
ha1b_port:
description: Interface to use for this HA1Backup interface (eg. ethernet1/5)
type: str
ha2b_port:
description: Interface to use for this HA2Backup interface (eg. ethernet1/5)
type: str
ha_enabled:
default: true
description:
- Enable HA
type: bool
ha_peer_ip:
description: HA Peer HA1 IP address
type: str
ip_address:
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The IP address or hostname of the PAN-OS device being configured.
type: str
ha1_gateway:
description: Default gateway of the HA1 interface
type: str
ha1_netmask:
description: Netmask of the HA1 interface
type: str
ha2_gateway:
description: Default gateway of the HA2 interface
type: str
ha2_netmask:
description: Netmask of the HA2 interface
type: str
ha_group_id:
default: 1
description:
- The group identifier
type: int
ha_sync_qos:
description: active-active network sync qos
type: bool
ha1b_gateway:
description: Default gateway of the HA1Backup interface
type: str
ha1b_netmask:
description: Netmask of the HA1Backup interface
type: str
ha2b_gateway:
description: Default gateway of the HA2Backup interface
type: str
ha2b_netmask:
description: Netmask of the HA2Backup interface
type: str
ha_device_id:
choices:
- 0
- 1
description: HA3 device id (0 or 1)
type: int
ha_state_sync:
default: false
description: Enabled state synchronization
type: bool
ha1_ip_address:
description: IP of the HA1 interface
type: str
ha2_ip_address:
description: IP of the HA2 interface
type: str
ha_config_sync:
default: true
description: Enabled configuration synchronization
type: bool
ha_ip_hash_key:
choices:
- source
- source-and-destination
description: active-active hash key used by ip-hash algorithm
type: str
template_stack:
description:
- (Panorama only) The template stack this operation should target. Mutually exclusive
with I(template).
type: str
ha1b_ip_address:
description: IP of the HA1Backup interface
type: str
ha2b_ip_address:
description: IP of the HA2Backup interface
type: str
ha_ha2_keepalive:
default: true
description: Enable HA2 keepalives
type: bool
ha_session_setup:
choices:
- primary-device
- first-packet
- ip-modulo
- ip-hash
description: active-active session setup mode
type: str
ha_peer_ip_backup:
description: HA Peer HA1 Backup IP address
type: str
ha_passive_link_state:
choices:
- shutdown
- auto
default: auto
description: Passive link state
type: str
ha_sync_virtual_router:
description: active-active network sync virtual router
type: bool
ha_tentative_hold_time:
description: active-active tentative hold timer
type: int
ha_ha2_keepalive_action:
description: HA2 keepalive action
type: str
ha_ha2_keepalive_threshold:
description: HA2 keepalive threshold
type: int
ha_session_owner_selection:
choices:
- primary-device
- first-packet
description: active-active session owner mode
type: str