cdot65 / pan-os-upgrade

An efficient tool to execute configuration backups, network state snapshots, system readiness checks, and operating system upgrades of Palo Alto Networks firewalls and Panorama appliances.
https://cdot65.github.io/pan-os-upgrade/
Apache License 2.0
43 stars 9 forks source link

Inventory with IP address #112

Open patrisilva opened 8 months ago

patrisilva commented 8 months ago

Is your feature request related to a problem? Please describe. While it is possible to generate an inventory file, I would like to be able to manipulate the file to add an IP address. The reason, is that smaller firewall in the environment do not have a management ip-address, but one of the interfaces is used as management. For this reason, Panorama reports an ip-address that it is not correct and will not allow access to the firewall. If it was possible to add the ip-address on the inventory file, this would be solved.

Describe the solution you'd like Add the ability to add ip-address on the inventory or when choosing the option -firewall, add the possibility to add multiple firewalls, instead of just one.

cdot65 commented 8 months ago

Interesting, so in batch mode (the only mode that uses the inventory.yaml file) the script doesn't connect directly to the device but rather proxies all communication to remote devices through Panorama.

Panorama itself refers to devices by serial rather than hostname or IP address, since those two things are configurable to change at any point of time whereas the serial is both unique and permanent.

The inventory.yaml file is a human-friendly way of selecting serial numbers for Panorama to target, there is an operation that maps the listed devices to their serial number, and then Firewall objects can be made with the info that Panorama needs to target the devices.

Using a data plane interface (like ethernet1/1, for example) should have zero impact on the scripts ability to connect successfully to that device.

The only situation where this could be an issue is where a firewall doesn't have a configured hostname, thereby making it impossible to target the device with the inventory.yaml file.

If you're having issues in your environment, please provide the script's logs and we can investigate what's going on here