-
Notifications
You must be signed in to change notification settings - Fork 0
/
palo_backups.yml
135 lines (121 loc) · 3.73 KB
/
palo_backups.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
---
- name: Check for online hosts
hosts: all
gather_facts: false
vars_files:
- palo_vars.yml
tasks:
- name: Ping for reachability
command: ping -c1 {{ ansible_host }}
delegate_to: localhost
register: ping_result
ignore_errors: true
- group_by:
key: reachable
when: ping_result.rc == 0
- name: Pull Configuration from Palo Alto Firewalls
hosts: reachable
gather_facts: false
vars_files:
- palo_vars.yml
tasks:
- name: Ensure dependency packages are available.
package:
name:
- vim
- diffutils
- python3-lxml
state: present
delegate_to: localhost
become: true
run_once: true
- name: Generate API Key
connection: local
check_mode: false
uri:
validate_certs: false
url: "https://{{ ansible_host }}/api/?type=keygen&user={{ palo_username }}&password={{ palo_password }}"
return_content: true
method: GET
register: key_string
no_log: "{{ task_logging }}"
- name: Extract API Key from XML Output
connection: local
xml:
xmlstring: "{{ key_string.content }}"
content: "text"
xpath: "/response/result/key"
register: key_list
- name: Backup configuration from PAN Equipement
connection: local
check_mode: false
uri:
validate_certs: false
url: "https://{{ ansible_host }}/api/?type=config&action=show&key={{ key_list.matches[0].key }}"
return_content: true
method: GET
register: configuration_string
- name: Create {{ current_date }} folder when it does not exist
file:
path: "{{ item }}"
state: directory
mode: 0755
run_once: true
with_items:
- "{{ configs_dir }}"
- "{{ diff_directory }}"
delegate_to: localhost
- name: Remove XML Header and Save file in {{ configs_dir }}
connection: local
check_mode: false
copy:
content: "{{ configuration_string['content'] | regex_replace('<response.*<result>') | regex_replace('</result></response>') }}"
dest: "{{ current_config }}"
- name: Cleanup configs
shell: "sed -i -r {{ item }} {{ current_config }}"
with_items: "{{ sed_commands }}"
delegate_to: localhost
when: (sed_commands is defined) and (sed_commands | length > 0)
tags:
- cleanup
- name: Check if yesterday's configuration exists
stat:
path: "{{ yesterday_config }}"
register: check_result
delegate_to: localhost
- name: Check for Diffs
shell: diff -B {{ current_config }} {{ yesterday_config }}
failed_when: diff_result.rc > 1
register: diff_result
delegate_to: localhost
ignore_errors: true
changed_when: diff_result.rc == 1
when: check_result.stat.exists
tags:
- diffs
- name: Make diff report files
shell: vimdiff -n {{ yesterday_config }} {{ current_config }} -c TOhtml -c 'w! {{ diff_directory }}/{{ inventory_hostname }}_{{ current_date }}.html' -c 'qa!'
failed_when: "diff_output.rc > 1"
delegate_to: localhost
register: diff_output
when:
- check_result.stat.exists
- diff_result.rc == 1
notify: email diffs
async: 120
poll: 30
tags:
- reports
handlers:
- name: email diffs
mail:
from: "{{ from_email }}"
to: "{{ email_addresses }}"
subject: Diff report for {{ inventory_hostname }}
subtype: html
host: "{{ smtp_server }}"
attach: /{{ diff_directory }}/{{ inventory_hostname }}_{{ current_date }}.html
delegate_to: localhost
when:
- diff_result.rc != 0
- smtp_server is defined