-
Notifications
You must be signed in to change notification settings - Fork 53
/
upgrade_content.yml
87 lines (79 loc) · 2.81 KB
/
upgrade_content.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
---
# upgrade_content.yml - Upgrade the content version on a PAN-OS device.
#
# Description
# ===========
#
# Upgrades the content version on a PAN-OS device or HA pair.
#
# This playbook requires connection details for the device to be specified in the variables 'ip_address', 'username',
# and 'password'. These may be defined as host variables (see `host_vars/firewall.yml` for an example) or
# extra vars.
#
# Usage
# =====
#
# Required Variables:
#
# target: Target PAN-OS device (or primary member of an HA pair).
#
# Optional Variables:
#
# sync_to_peer: When the 'target' the primary member of a HA pair, the installed content version will be synced to
# the secondary member when set to 'True'.
#
# Upgrade the content on a single PAN-OS device:
#
# $ ansible-playbook -i inventory upgrade_content.yml --extra-vars "target=firewall"
- hosts: '{{ target | default("firewall") }}'
connection: local
vars:
device:
ip_address: '{{ ip_address }}'
username: '{{ username | default(omit) }}'
password: '{{ password | default(omit) }}'
api_key: '{{ api_key | default(omit) }}'
sync_to_peer: false
tasks:
- name: Check latest content
paloaltonetworks.panos.panos_op:
provider: '{{ device }}'
cmd: 'request content upgrade check'
register: check
changed_when: false
- name: Download latest content
paloaltonetworks.panos.panos_op:
provider: '{{ device }}'
cmd: |
<request><content><upgrade><download>
<latest></latest>
{% if sync_to_peer %}<sync-to-peer>yes</sync-to-peer>{% endif %}
</download></upgrade></content></request>
cmd_is_xml: true
register: download
- name: Check content download result
paloaltonetworks.panos.panos_op:
provider: '{{ device }}'
cmd: 'show jobs id {{ (download.stdout | from_json).response.result.job }}'
register: download_job
until: download_job is not failed and (download_job.stdout | from_json).response.result.job.status == 'FIN'
retries: 10
delay: 60
- name: Install latest content
paloaltonetworks.panos.panos_op:
provider: '{{ device }}'
cmd: |
<request><content><upgrade><install>
<version>latest</version>
{% if sync_to_peer %}<sync-to-peer>yes</sync-to-peer>{% endif %}
</install></upgrade></content></request>
cmd_is_xml: true
register: install
- name: Check content install result
paloaltonetworks.panos.panos_op:
provider: '{{ device }}'
cmd: 'show jobs id {{ (install.stdout | from_json).response.result.job }}'
register: install_job
until: install_job is not failed and (install_job.stdout | from_json).response.result.job.status == 'FIN'
retries: 10
delay: 60