Environment setup

First off you need an ansible control machine with access to the management interfaces of the firewalls you are intending to configure.This will vary depending on your environment, as an example I will detail how to setup an isolated environment on a fedora(release 31) host. This environment will leverage the paloaltonetworks.panos collection from https://ansible.galaxy.com . Fedora 31 comes with many components preconfigured that will have to be accounted for if you are deploying to prod, for a lab its a quick way to get the environment you need. Fedora 31 ftp mirror: http://mirror.datto.com/fedora/primary/releases/31/Server/x86_64/iso/ Fedora current: https://getfedora.org/en/server/

## first create a virtual environment to be leveraged by a user in the wheel group
[user@fed31 ~]$ sudo python3 -m venv panos-auto

## activate the venv
[user@fed31 ~]$ source panos-auto/bin/activate

## get the python dependencies needed for the collection
(panos-auto) [user@fed31 ~]$ pip install ansible pandevice pan-python xmltodict

## install the collection from ansible galaxy
## this bit is modified to make redployment in prod easier for you
## see the docs on ansible collections for more info
(panos-auto) [user@fed31 ~]$ mkdir -p ~/ansible-lab/collections
(panos-auto) [user@fed31 ~]$ ansible-galaxy collection install -p ~/ansible-lab/collections

You will need to define your inventory and set some flags in your ansible.cfg file, the contents of the files for the lab are listed below. Substitute 172.16.100.1 with the ip of your test device. We will be using ~/ansible-lab/ as the folder for our playbooks.

#hosts.ini
[all:children]
panos

[panos]
firewall.domain.xyz ip_address=172.16.100.1

#ansible.cfg
[defaults]
interpreter_python = ~/panos-auto/bin/python
collections_path = ~/ansible-lab/collections
inventory = ~/ansible-lab/hosts.ini

To validate that ansible is installed correctly and can see the collection modules send the following command. The command should pull up the information for the module you are trying to leverage.

(panos-auto) [user@fed31 ~]$ ansible-doc paloaltonetworks.panos.panos_type_cmd