cdot65 / pan-os-upgrade

An efficient tool to execute configuration backups, network state snapshots, system readiness checks, and operating system upgrades of Palo Alto Networks firewalls and Panorama appliances.
https://cdot65.github.io/pan-os-upgrade/
Apache License 2.0
42 stars 9 forks source link

Post-Upgrade Snapshot and Report Generation Skipped for Firewalls #96

Closed cdot65 closed 9 months ago

cdot65 commented 9 months ago

Describe the bug

After completing firewall upgrades, the post-upgrade process is expected to take snapshots and generate diff reports. However, these steps are being skipped, seemingly due to the code block that bypasses the report generation process if settings.yaml is not found. This results in missing post-upgrade snapshots and reports, which are crucial for verifying upgrade success and diagnosing issues.

To Reproduce

Steps to reproduce the behavior:

  1. Execute the firewall upgrade script without a settings.yaml file in the working directory.
  2. Complete the firewall upgrade process.
  3. Observe that the post-upgrade snapshots and diff report generation steps are skipped.

Expected behavior

Regardless of the presence of settings.yaml, post-upgrade snapshots and reports should be generated to ensure that the upgrade's effects can be reviewed and verified.

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

Additional context

The issue seems to stem from the conditional check for settings.yaml presence, which also considers the snapshot settings within the file. If settings.yaml is not found, the process to generate snapshots, diff, and PDF reports is entirely skipped. A proposed solution is to decouple the snapshot and report generation from the settings.yaml presence and its snapshot settings, ensuring these post-upgrade steps are always executed.