panos_type_cmd – Execute arbitrary TYPE commands on PAN-OS¶
New in version 2.8.
Synopsis¶
NOTE: The modules in this role are deprecated in favour of the modules in the collection https://paloaltonetworks.github.io/pan-os-ansible
This module allows you to execute arbitrary TYPE commands on PAN-OS.
This module does not provide guards of any sort, so USE AT YOUR OWN RISK.
Refer to the PAN-OS and Panorama API guide for more info.
Requirements¶
The below requirements are needed on the host that executes this module.
pan-python
pandevice
Parameters¶
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
api_key
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The API key to use instead of generating it using username / password.
|
||
cmd
-
|
|
The command to run.
|
|
dst
-
|
Used in cmd=move.
The reference object.
|
||
element
-
|
Used in cmd=set, cmd=edit, and cmd=override.
The element payload.
|
||
extra_qs
complex
|
A dict of extra params to pass in.
|
||
ip_address
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The IP address or hostname of the PAN-OS device being configured.
|
||
new_name
-
|
Used in cmd=rename and cmd=clone.
The new name.
|
||
password
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The password to use for authentication. This is ignored if api_key is specified.
|
||
port
integer
|
Default: 443
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The port number to connect to the PAN-OS device on.
|
|
provider
-
added in 2.8 |
A dict object containing connection details.
|
||
api_key
string
|
The API key to use instead of generating it using username / password.
|
||
ip_address
string
|
The IP address or hostname of the PAN-OS device being configured.
|
||
password
string
|
The password to use for authentication. This is ignored if api_key is specified.
|
||
port
integer
|
Default: 443
|
The port number to connect to the PAN-OS device on.
|
|
serial_number
string
|
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
|
||
username
string
|
Default: "admin"
|
The username to use for authentication. This is ignored if api_key is specified.
|
|
username
string
|
Default: "admin"
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The username to use for authentication. This is ignored if api_key is specified.
|
|
where
-
|
Used in cmd=move.
The movement keyword.
|
||
xpath
-
/ required
|
The XPATH.
All newlines are removed from the XPATH to allow for shorter lines.
|
||
xpath_from
-
|
Used in cmd=clone.
The from xpath.
|
Notes¶
Note
Panorama is supported.
Check mode is not supported.
PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.
Examples¶
- name: Create an address object using set.
panos_type_cmd:
provider: '{{ provider }}'
xpath: |
/config/devices/entry[@name='localhost.localdomain']
/vsys/entry[@name='vsys1']
/address
element: |
<entry name="sales-block">
<ip-netmask>192.168.55.0/24</ip-netmask>
<description>Address CIDR for sales org</description>
</entry>
- name: Then rename it.
panos_type_cmd:
provider: '{{ provider }}'
cmd: 'rename'
xpath: |
/config/devices/entry[@name='localhost.localdomain']
/vsys/entry[@name='vsys1']
/address/entry[@name='sales-block']
new_name: 'dmz-block'
- name: Show the address object.
panos_type_cmd:
provider: '{{ provider }}'
cmd: 'show'
xpath: |
/config/devices/entry[@name='localhost.localdomain']
/vsys/entry[@name='vsys1']
/address/entry[@name='dmz-block']
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
stdout
string
|
success |
output (if any) of the given API command as JSON formatted string
Sample:
{entry: {@name: dmz-block, ip-netmask: 192.168.55.0/24, description: Address CIDR for sales org}}
|
stdout_xml
string
|
success |
output of the given API command as an XML formatted string
Sample:
<entry name=dmz-block><ip-netmask>192.168.55.0/24</ip-netmask>...</entry>
|
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community.