An efficient tool to execute configuration backups, network state snapshots, system readiness checks, and operating system upgrades of Palo Alto Networks firewalls and Panorama appliances.
Currently, our pan-os-upgrade script adopts a conservative approach by prioritizing upgrades for "passive" firewalls in an HA pair, moving "active" firewalls to a revisit list for post-upgrade actions. This workflow aligns with a common best practice of minimizing disruptions during upgrades. However, there are documented scenarios where upgrading the "active" firewall first is preferred. This enhancement aims to introduce flexibility into our upgrade process by allowing users to opt for a workflow that upgrades the "active" firewall first, thereby accommodating a broader range of upgrade strategies.
Enhancement Details
The proposed enhancement will introduce a new workflow option within the pan-os-upgrade script, enabling users to prioritize the upgrade of the "active" firewall in an HA pair. This workflow will involve:
Temporarily failing the HA state of the "active" firewall, prompting a failover to the "passive" firewall, which then becomes the new "active" member.
Initiating the upgrade process on the now "passive" firewall (formerly "active").
Upon successful upgrade and reboot of the first firewall, the script will proceed to upgrade the remaining firewalls, which are now in the "passive" state and were part of the initial "revisit" list.
Rationale
This enhancement is motivated by the need to provide a more versatile tool that accommodates various HA upgrade strategies documented across different best practices. It allows users to choose the upgrade sequence that best fits their operational requirements and risk management policies.
Use Cases
High Availability Environments: In environments where minimal downtime and immediate recovery are paramount, this option allows for a quicker return to full redundancy post-upgrade.
Compliance with Specific Upgrade Protocols: Certain network policies or compliance standards may dictate specific upgrade sequences for HA pairs, necessitating this flexible approach.
Implementation Considerations:
User Input: Introduce a command-line option or a configuration parameter allowing users to select the preferred upgrade workflow.
State Management: Ensure robust state management to handle failovers, upgrades, and potential rollback scenarios gracefully.
Documentation: Update the script documentation to clearly outline the new workflow, its use cases, and any additional steps required to initiate this upgrade path.
Potential Challenges
Risk of Downtime: Upgrading the "active" firewall first may entail a higher risk of temporary service disruption, which should be clearly communicated to the users.
Complexity in Rollback: In cases where the upgrade encounters issues, the rollback process may be more complex due to the involved failover and state changes.
Request for Comments
We invite feedback from the community on this proposed enhancement, particularly regarding its utility, potential impact on existing workflows, and any additional features that would make this option more effective for users' needs.
Summary
Currently, our pan-os-upgrade script adopts a conservative approach by prioritizing upgrades for "passive" firewalls in an HA pair, moving "active" firewalls to a revisit list for post-upgrade actions. This workflow aligns with a common best practice of minimizing disruptions during upgrades. However, there are documented scenarios where upgrading the "active" firewall first is preferred. This enhancement aims to introduce flexibility into our upgrade process by allowing users to opt for a workflow that upgrades the "active" firewall first, thereby accommodating a broader range of upgrade strategies.
Enhancement Details
The proposed enhancement will introduce a new workflow option within the pan-os-upgrade script, enabling users to prioritize the upgrade of the "active" firewall in an HA pair. This workflow will involve:
Rationale
This enhancement is motivated by the need to provide a more versatile tool that accommodates various HA upgrade strategies documented across different best practices. It allows users to choose the upgrade sequence that best fits their operational requirements and risk management policies.
Use Cases
Implementation Considerations:
User Input: Introduce a command-line option or a configuration parameter allowing users to select the preferred upgrade workflow. State Management: Ensure robust state management to handle failovers, upgrades, and potential rollback scenarios gracefully. Documentation: Update the script documentation to clearly outline the new workflow, its use cases, and any additional steps required to initiate this upgrade path.
Potential Challenges
Risk of Downtime: Upgrading the "active" firewall first may entail a higher risk of temporary service disruption, which should be clearly communicated to the users.
Complexity in Rollback: In cases where the upgrade encounters issues, the rollback process may be more complex due to the involved failover and state changes.
Request for Comments
We invite feedback from the community on this proposed enhancement, particularly regarding its utility, potential impact on existing workflows, and any additional features that would make this option more effective for users' needs.