paloaltonetworks / paloaltonetworks.panos / 2.19.1 / module / panos_readiness_checks Runs readiness checks (boolean in nature) against a Firewall device. | "added in version" 2.18.0 of paloaltonetworks.panos" Authors: Łukasz Pawlęga (@fosix)paloaltonetworks.panos.panos_readiness_checks (2.19.1) — module
Install with ansible-galaxy collection install paloaltonetworks.panos:==2.19.1
collections: - name: paloaltonetworks.panos version: 2.19.1
A wrapper around the PAN-OS Upgrade Assurance package.
The module is meant to run readiness checks available in the package's CheckFirewall.run_readiness_checks() L(method,https://pan.dev/panos/docs/panos-upgrade-assurance/api/check_firewall/#checkfirewallrun_readiness_checks). Since it's just a wrapper, the way you would configure a check is exactly the same as if you would run the class directly. Please refer to package's documentation for L(syntax,https://pan.dev/panos/docs/panos-upgrade-assurance/configuration-details/#readiness-checks) and L(configuration dialect,https://pan.dev/panos/docs/panos-upgrade-assurance/dialect/).
- name: Run all management plane checks using NOT notation panos_readiness_checks: provider: '{{ device }}' checks: - '!ha' - '!session_exist' - '!arp_entry_exist' - '!ip_sec_tunnel_status'
- name: Check if a specified session exists in vsys2, fail if it does not panos_readiness_checks: provider: '{{ device }}' vsys: vsys2 force_fail: true checks: - session_exist: source: '34.23.15.1' destination: '10.1.0.4' dest_port: '80'
port: default: 443 description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The port number to connect to the PAN-OS device on. type: int vsys: default: vsys1 description: - The vsys this object belongs to. type: str checks: default: - all description: - A list of checks that should be run against a device. For the details on currently supported checks please refer to L(package's documentation,https://pan.dev/panos/docs/panos-upgrade-assurance/configuration-details/#readiness-checks). - In most of the cases it is enough to specify a check name to run it with default settings. In this case the list element is of type B(str). If additional configuration is required the element is a one element B(dict), where key is the check name and value contains the check's configuration. For information which check requires additional configuration please refer to L(package documentation,https://pan.dev/panos/docs/panos-upgrade-assurance/configuration-details/#readiness-checks). elements: raw type: list api_key: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The API key to use instead of generating it using I(username) / I(password). type: str password: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The password to use for authentication. This is ignored if I(api_key) is specified. type: str provider: description: - A dict object containing connection details. suboptions: api_key: description: - The API key to use instead of generating it using I(username) / I(password). type: str ip_address: description: - The IP address or hostname of the PAN-OS device being configured. type: str password: description: - The password to use for authentication. This is ignored if I(api_key) is specified. type: str port: default: 443 description: - The port number to connect to the PAN-OS device on. type: int serial_number: description: - The serial number of a firewall to use for targeted commands. If I(ip_address) is not a Panorama PAN-OS device, then this param is ignored. type: str username: default: admin description: - The username to use for authentication. This is ignored if I(api_key) is specified. type: str type: dict version_added: 1.0.0 version_added_collection: paloaltonetworks.panos username: default: admin description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The username to use for authentication. This is ignored if I(api_key) is specified. type: str force_fail: default: false description: When set to B(true) will make the module fail when at least one of the checks did not pass. type: bool ip_address: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The IP address or hostname of the PAN-OS device being configured. type: str skip_force_locale: default: false description: - When set to B(true) will skip the B(en_US.UTF-8) locales on the checks. - Use with caution only when you actually use different, English based locales but you do not have B(en_US.UTF-8) installed. type: bool
response: contains: reason: description: - A free text describing the check result. - 'Prefixed with a keyword: SUCCESS, FAIL, ERROR, SKIPPED.' - Meaningful only for failed tests as the ones succeeded are self explanatory. returned: always type: str state: description: A result of a check. returned: always type: bool description: - This is a B(dict) where keys are checks names just as you specify them in the I(checks) property. - Each value is also a B(dict). - WHen I(force_fail) has the default value of B(false) this B(dict) contains results for all checks that were specified in I(checks) property. - When I(force_fail) is set to B(true) it contains only checks that failed. returned: always sample: arp_entry_exist: reason: '[SKIPPED] Missing ARP table entry description.' state: false candidate_config: reason: '[FAIL] Pending changes found on device.' state: false content_version: reason: '[FAIL] Installed content DB version (8640-7694) is not the latest one (8697-7981).' state: false free_disk_space: reason: '[SUCCESS] ' state: true ha: reason: '[ERROR] Device is not a member of an HA pair.' state: false ip_sec_tunnel_status: reason: '[SKIPPED] Missing tunnel specification.' state: false ntp_sync: reason: '[ERROR] No NTP server configured.' state: false panorama: reason: '[SUCCESS] ' state: true session_exist: reason: '[SKIPPED] Missing critical session description. Failing check.' state: false type: dict