An efficient tool to execute configuration backups, network state snapshots, system readiness checks, and operating system upgrades of Palo Alto Networks firewalls and Panorama appliances.
[ ] Ensure you are submitting your pull request to a branch dedicated to a specific topic/feature/bugfix. Avoid using the master branch for pull requests.
[x] Target your pull request to the main development branch in this repository.
[x] Ensure your commit messages follow the project's preferred format.
[x] Check that your code additions do not fail any linting checks or unit tests.
Pull Request Description
This PR introduces --non-interactive option to firewall and batch commands as well as CLI options to set firewalls to be upgraded.
Non interactive option
With the --non-interactive flag it is possible to upgrade firewalls non-interactively without being prompted for confirmations.
Non-interactive mode requires parameters like hostname, username, password to be passed in order to avoid prompts.
Dry run behaviour adjusted to be the default selection in interactive mode, additionally when --dry-run option is set "dry run" prompts are avoided.
You can only disable dry run by answering the dry run prompts as "no" or running the tool in non-interactive mode.
Firewall --peer and Batch --inventory options to set firewalls to be upgraded
--peer CLI option introduced in firewall command in order to allow specifying peer hostname/IP if auto-detected management IP is not accessible.
--inventory CLI option introduced in batch command to allow specifying the list of firewalls to upgrade in CLI.
Usage
Non-interactive HA upgrade with firewall command and peer IP:
Needed to change common_setup method to set dirs and logging only, and call connect_to_host separately because --dry-run option should be overridden if --non-interactive flag is set, and it should be prompted if --non-interactive flag is NOT set at the very beginning of the method. This required logging which wasn't possible before calling common_setup but setting up the connection was not necessary at this time.
Checklist for This Pull Request
🚨Please adhere to the guidelines for contributing to this repository.
Pull Request Description
This PR introduces
--non-interactive
option to firewall and batch commands as well as CLI options to set firewalls to be upgraded.Non interactive option
With the
--non-interactive
flag it is possible to upgrade firewalls non-interactively without being prompted for confirmations.Non-interactive mode requires parameters like hostname, username, password to be passed in order to avoid prompts.
Dry run behaviour adjusted to be the default selection in interactive mode, additionally when
--dry-run
option is set "dry run" prompts are avoided. You can only disable dry run by answering the dry run prompts as "no" or running the tool in non-interactive mode.Firewall
--peer
and Batch--inventory
options to set firewalls to be upgraded--peer
CLI option introduced infirewall
command in order to allow specifying peer hostname/IP if auto-detected management IP is not accessible.--inventory
CLI option introduced inbatch
command to allow specifying the list of firewalls to upgrade in CLI.Usage
Non-interactive HA upgrade with firewall command and peer IP:
Non-interactive HA upgrade with batch command and inventory option:
Non-interactive standalone upgrade with firewall command:
What does this pull request accomplish?
Are there any breaking changes included?
Is there anything the reviewers should know?
Needed to change
common_setup
method to set dirs and logging only, and callconnect_to_host
separately because--dry-run
option should be overridden if--non-interactive
flag is set, and it should be prompted if--non-interactive
flag is NOT set at the very beginning of the method. This requiredlogging
which wasn't possible before callingcommon_setup
but setting up the connection was not necessary at this time.