An efficient tool to execute configuration backups, network state snapshots, system readiness checks, and operating system upgrades of Palo Alto Networks firewalls and Panorama appliances.
This PR introduces improvements to the pan-os-upgrade CLI tool by distinguishing High Availability (HA) functionality between PAN-OS firewalls and Panorama appliances. The motivation stems from the unique HA response structure of Panorama, which lacks the "group" concept present in firewall responses, leading to incompatibilities with the existing handle_ha_logic function.
Key Changes:
Dedicated HA Handling for Panorama: We've introduced separate logic to handle HA functionality for Panorama instances, taking into account the distinct HA response structure. This ensures that the upgrade process for HA Panorama setups is accurately managed, aligning with Panorama's HA architecture.
Split HA Sync Checks: The HA synchronization checks have been bifurcated between PAN-OS and Panorama appliances to cater to their respective response structures and upgrade requirements. This allows for more precise control and validation during the upgrade process, particularly for HA setups.
Version Update: The pan-os-upgrade tool has been updated to version 1.1.2 to encapsulate these enhancements and ensure users benefit from the latest improvements.
Motivation:
The need for these changes was highlighted by the challenges encountered when upgrading HA Panorama instances using the existing tool. The absence of "group" structures in Panorama's HA state responses necessitated a tailored approach to efficiently manage the upgrade process in complex Panorama environments.
Impact:
By addressing this gap, the PR significantly enhances the pan-os-upgrade tool's utility and reliability, particularly for customers managing large numbers of HA Panorama instances. It facilitates a seamless and safe upgrade experience, reinforcing the tool's value in maintaining robust and up-to-date Panorama configurations.
Testing:
The modifications have been thoroughly tested in environments simulating HA Panorama setups, ensuring that the new logic effectively handles the unique HA state responses of Panorama and seamlessly integrates with the overall upgrade process.
This enhancement marks a critical step towards making the pan-os-upgrade tool more versatile and accommodating to a wider range of PAN-OS and Panorama configurations, particularly those involving complex HA setups.
This PR introduces improvements to the
pan-os-upgradeCLI tool by distinguishing High Availability (HA) functionality between PAN-OS firewalls and Panorama appliances. The motivation stems from the unique HA response structure of Panorama, which lacks the "group" concept present in firewall responses, leading to incompatibilities with the existinghandle_ha_logicfunction.Key Changes:
Dedicated HA Handling for Panorama: We've introduced separate logic to handle HA functionality for Panorama instances, taking into account the distinct HA response structure. This ensures that the upgrade process for HA Panorama setups is accurately managed, aligning with Panorama's HA architecture.
Split HA Sync Checks: The HA synchronization checks have been bifurcated between PAN-OS and Panorama appliances to cater to their respective response structures and upgrade requirements. This allows for more precise control and validation during the upgrade process, particularly for HA setups.
Version Update: The
pan-os-upgradetool has been updated to version 1.1.2 to encapsulate these enhancements and ensure users benefit from the latest improvements.Motivation:
The need for these changes was highlighted by the challenges encountered when upgrading HA Panorama instances using the existing tool. The absence of "group" structures in Panorama's HA state responses necessitated a tailored approach to efficiently manage the upgrade process in complex Panorama environments.
Impact:
By addressing this gap, the PR significantly enhances the
pan-os-upgradetool's utility and reliability, particularly for customers managing large numbers of HA Panorama instances. It facilitates a seamless and safe upgrade experience, reinforcing the tool's value in maintaining robust and up-to-date Panorama configurations.Testing:
The modifications have been thoroughly tested in environments simulating HA Panorama setups, ensuring that the new logic effectively handles the unique HA state responses of Panorama and seamlessly integrates with the overall upgrade process.
This enhancement marks a critical step towards making the
pan-os-upgradetool more versatile and accommodating to a wider range of PAN-OS and Panorama configurations, particularly those involving complex HA setups.Resolves: [Link to the GitHub issue]