Try SpotterGenerates a report by comparing two snapshot made with the M(paloaltonetworks.panos.panos_state_snapshot) module.
| "added in version" 2.18.0 of paloaltonetworks.panos"
Authors: Łukasz Pawlęga (@fosix)
Install with ansible-galaxy collection install paloaltonetworks.panos:==2.19.1
collections:
- name: paloaltonetworks.panos
version: 2.19.1A wrapper around the PAN-OS Upgrade Assurance package.
This is an 'offline' module, meaning it operates only on available facts. It does not need to connect to a device. It's a wrapper around the L(SnapshotCompare class, https://pan.dev/panos/docs/panos-upgrade-assurance/api/snapshot_compare/#class-snapshotcompare).
The module takes two snapshots made with M(paloaltonetworks.panos.panos_state_snapshot) module, compares them and produces a report in a form of a B(dict). Keys in this report match the state areas, values contain comparison details.
You can limit the report to the state area's you're only interested in. You can also adjust the comparison by excluding some or limiting to particular properties.
Please refer to package's documentation for L(syntax,https://pan.dev/panos/docs/panos-upgrade-assurance/configuration-details/#readiness-checks) and L(configuration dialect,https://pan.dev/panos/docs/panos-upgrade-assurance/dialect/).
- name: Compare licenses in two snapshots, skip device's serial number to avoid false-positives
panos_snapshot_report:
left_snapshot: '{{ snap_1.response }}'
right_snapshot: '{{ snap_2.response }}'
reports:
- license:
properties:
- '!serial'
register: report
- name: Print the report to stdout
ansible.builtin.debug:
var: report.response
reports:
default:
- all
description:
- 'A list of Firewall state areas available in both snapshots: I(left_snapshot) and
I(right_snapshot).'
- To use the default comparison method, this is a list of strings. If you would like
to modify the default behavior additional configuration can be specified per state
area.
- For a list of currently available state areas as well as possible ways of modifying
the reports please refer to L(package documentation,https://pan.dev/panos/docs/panos-upgrade-assurance/configuration-details/#reports).
- To capture the actual report use a register.
elements: raw
type: list
left_snapshot:
description: One of the snapshots to compare. It can be any snapshot taken in any
time, but normally, in an upgrade scenario, you would think about it as the pre-upgrade
snapshot.
required: true
type: dict
right_snapshot:
description: One of the snapshots to compare. It can be any snapshot taken in any
time, but normally, in an upgrade scenario, you would think about it as the post-upgrade
snapshot.
required: true
type: dict
response:
description:
- This is a B(dict) where keys are state areas names just as you specify them in
the I(reports) property.
- Values contain a report generated for particular state area. The structure is
the same for each report except for 'session_stats'. For details refer to L(package
documentation, For a list of currently available state areas please refer to L(package
documentation,https://pan.dev/panos/docs/panos-upgrade-assurance/configuration-details/#reports).
returned: always
sample:
content_version:
added:
added_keys: []
passed: true
changed:
changed_raw:
version:
left_snap: 8647-7730
right_snap: 8647-7729
passed: false
missing:
missing_keys: []
passed: true
passed: false
ip_sec_tunnels:
added:
added_keys: []
passed: true
changed:
changed_raw:
ipsec_tun:
added:
added_keys: []
passed: true
changed:
changed_raw:
state:
left_snap: init
right_snap: running
passed: false
missing:
missing_keys: []
passed: true
passed: false
passed: false
missing:
missing_keys: []
passed: true
passed: false
license:
added:
added_keys: []
passed: true
changed:
changed_raw: {}
passed: true
missing:
missing_keys:
- AutoFocus Device License
passed: false
passed: false
nics:
added:
added_keys: []
passed: true
changed:
changed_raw:
ethernet1/1:
left_snap: up
right_snap: down
passed: false
missing:
missing_keys:
- tunnel
passed: false
passed: false
type: dict