Skip to content

Commit

Permalink
Update pan-os-upgrade documentation with latest configuration options
Browse files Browse the repository at this point in the history
  • Loading branch information
@cdot65
cdot65 committed Jan 21, 2024
1 parent 61bbaf0 commit 4623dc1
Show file tree
Hide file tree
Showing 4 changed files with 86 additions and 155 deletions.
106 changes: 40 additions & 66 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,9 @@ This guide will help you set up the `pan-os-upgrade` library in your environment

The `pan-os-upgrade` library is available on PyPI and can be installed within a Python virtual environment. A virtual environment is a self-contained directory that contains a Python installation for a particular version of Python, plus a number of additional packages.

#### Using `python3 -m venv` (Recommended for Beginners)
#### Creating a Python Virtual Environment

The steps below highlight the process for creating, activating, and installing `pan-os-upgrade` into a Python virtual environment. If you're new to Python, it may be beneficial to understand why this is such an important step, [here is a good writeup](https://realpython.com/python-virtual-environments-a-primer/) to prime yourself.

1. Create a Virtual Environment:

Expand Down Expand Up @@ -107,98 +109,70 @@ The `pan-os-upgrade` library is available on PyPI and can be installed within a
pip install pan-os-upgrade
```

### Using Poetry (Advanced Users)

Poetry is a tool for dependency management and packaging in Python. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you.

1. Install Poetry:

Follow [the official instructions](https://python-poetry.org/docs/) to install Poetry on your system.

2. Create a New Project using Poetry:

```bash
poetry new panos_project
cd panos_project
```

3. Add `pan-os-upgrade` as a Dependency:

```bash
poetry add pan-os-upgrade
```

This command will create a virtual environment and install the `pan-os-upgrade` package along with its dependencies.

4. Activate the Poetry Shell:

To activate the virtual environment created by Poetry, use:

```bash
poetry shell
```

### Setting Up Your Environment

After setting up the virtual environment and installing the package, you can configure your environment to use the library. This can be done using command-line arguments or an .env file.

#### Option 1: Using an .env File

Create a `.env` file in your local directory and fill it with your firewall's details:
```env
# PAN-OS credentials - use either API key or username/password combination
PAN_USERNAME=admin
PAN_PASSWORD=paloalto123
API_KEY=
#### Option 1: Execute `pan-os-upgrade` without Command-Line Arguments

# Hostname or IP address of the firewall
HOSTNAME=firewall1.example.com
You can simply get started by issuing `pan-os-upgrade` from your current working directory, you will be guided to input the missing requirement arguments through an interactive shell.

# Target PAN-OS version for the upgrade
TARGET_VERSION=11.0.2-h3
# Logging level (e.g., debug, info, warning, error, critical)
LOG_LEVEL=debug
# Set to true for a dry run
DRY_RUN=false
```bash
$ pan-os-upgrade
IP address: 192.168.255.1
Username: admin
Password:
Target PAN-OS version: 11.1.1
INFO - ✅ Connection to firewall established
INFO - 📝 **021201123456** DataCenter 10.0.0.3
INFO - 📝 Firewall HA mode: disabled
INFO - 📝 Current PAN-OS version: 11.0.2
INFO - 📝 Target PAN-OS version: 11.1.1
INFO - ✅ Confirmed that moving from 11.0.2 to 11.1.1 is an upgrade
...continue until completed...
```
#### Option 2: Using Command-Line Arguments
#### Option 2: Execute `pan-os-upgrade` Using Command-Line Arguments
Alternatively, you can pass these details as command-line arguments when running the script:
```bash
pan-os-upgrade --hostname 192.168.1.1 --username admin --password secret --version 10.1.0
pan-os-upgrade --ip-address 192.168.1.1 --username admin --password secret --version 10.1.0
```
For a dry run:
```bash
pan-os-upgrade --hostname 192.168.1.1 --username admin --password secret --version 10.1.0 --dry-run
pan-os-upgrade --ip-address 192.168.1.1 --username admin --password secret --version 10.1.0 --dry-run
```
<p align="right">(<a href="#readme-top">back to top</a>)</p>
<!-- USAGE EXAMPLES -->
## Usage
The script can be run from the command line with various options. It requires at least the hostname (or IP address) and the target PAN-OS version for the firewall. Authentication can be done via API key or username and password.
The script can be run from the command line with various options.
You can view all arguments by passing the `--help` flag:
```bash
pan-os-upgrade --help
```
### CLI Arguments Description
* `--api-key`: API Key for authentication
* `--dry-run`: Perform a dry run of all tests and downloads without performing the actual upgrade.
* `--hostname`: Hostname or IP address of the PAN-OS firewall.
* `--log-level`: Set the logging output level (e.g., debug, info, warning).
* `--password`: Password for authentication.
* `--username`: Username for authentication.
* `--version`: Target PAN-OS version to upgrade to.
| cli argument | shorthand | type | description |
| -------------- | --------- | ---- | ----------------------------------------------------------------------------------- |
| `--dry-run` | `-d` | n/a | Perform a dry run of all tests and downloads without performing the actual upgrade. |
| `--ip-address` | `-i` | text | IP address of target firewall. |
| `--log-level` | `-l` | text | Set the logging output level (e.g., debug, info, warning). |
| `--password` | `-p` | text | Password for authentication. |
| `--username` | `-u` | text | Username for authentication. |
| `--version` | `-v` | text | Target PAN-OS version to upgrade to. |
<p align="right">(<a href="#readme-top">back to top</a>)</p>
Refer to the [documentation](https://github.com/cdot65/pan-os-upgrade) for more details on usage.
Refer to the [documentation](https://cdot65.github.io/pan-os-upgrade/) for more details on usage.
<p align="right">(<a href="#readme-top">back to top</a>)</p>
Expand Down Expand Up @@ -227,7 +201,7 @@ Encountered an issue? Here are some common problems and solutions:
* **Problem**: Script hangs during execution.
* **Solution**: Check the firewall and network settings. Ensure the PAN-OS device is responding correctly.
For more troubleshooting tips, visit our [FAQ section](#).
For more troubleshooting tips, visit our [FAQ section](https://cdot65.github.io/pan-os-upgrade/).
<!-- CONTRIBUTING -->
## Contributing
Expand All @@ -242,14 +216,14 @@ If you have a suggestion that would make this better, please fork the repo and c
4. Push to the Branch (`git push origin feature/AmazingFeature`)
5. Open a Pull Request
See [Contributing Guidelines](#) for detailed instructions.
See [Contributing Guidelines](https://cdot65.github.io/pan-os-upgrade/about/contributing/) for detailed instructions.
<p align="right">(<a href="#readme-top">back to top</a>)</p>
<!-- LICENSE -->
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
This project is licensed under the Apache 2.0 License - see the [LICENSE](https://cdot65.github.io/pan-os-upgrade/about/license/) file for details.
<p align="right">(<a href="#readme-top">back to top</a>)</p>
Expand Down
15 changes: 8 additions & 7 deletions docs/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ hide:
<a href="https://paloaltonetworks.com"><img src="https://github.com/cdot65/pan-os-upgrade/blob/main/images/logo.svg?raw=true" alt="PaloAltoNetworks"></a>
</p>
<p align="center">
<em><code>pan-os-upgrade</code>, a Python CLI tool to help automate the upgrade process for PAN-OS firewalls</em>
<em><code>pan-os-upgrade</code>, a Python CLI tool to help automate the upgrade process for PAN-OS firewalls using Typer</em>
</p>
<p align="center">
<a href="https://github.com/cdot65/pan-os-upgrade/graphs/contributors" target="_blank">
Expand Down Expand Up @@ -58,7 +58,8 @@ Python 3.8+

* <a href="https://github.com/PaloAltoNetworks/pan-os-python" target="_blank">pan-os-python</a> for handling all interactions with PAN-OS firewalls.
* <a href="https://github.com/PaloAltoNetworks/pan-os-upgrade-assurance" target="_blank">panos-upgrade-assurance</a> for performing Readiness Checks, Snapshots, Health Checks, and Reporting.
* <a href="">Pydantic</a> for handling the data modeling and validation.
* <a href="https://docs.pydantic.dev/latest/">Pydantic</a> for handling the data modeling and validation.
* <a href="https://typer.tiangolo.com/">Typer</a> for handling the data modeling and validation.

## Installation

Expand All @@ -77,9 +78,9 @@ $ pip install pan-os-upgrade
<div class="termy">

```console
$ pan-os-upgrade --hostname houston.cdot.io --version 10.2.0-h2 --username admin --password paloalto#1
$ pan-os-upgrade --ip-address 192.168.255.211 --version 10.2.0-h2 --username admin --password paloalto#1
INFO - ✅ Connection to firewall established
INFO - 📝 007054000242050 houston 192.168.255.211
INFO - 📝 007054000123456 houston 192.168.255.211
INFO - 📝 Firewall HA mode: disabled
INFO - 📝 Current PAN-OS version: 10.2.0
INFO - 📝 Target PAN-OS version: 10.2.0-h2
Expand All @@ -89,7 +90,7 @@ INFO - ✅ Base image for 10.2.0-h2 is already downloaded
INFO - 🚀 Performing test to see if 10.2.0-h2 is already downloaded...
INFO - 🔍 PAN-OS version 10.2.0-h2 is not on the firewall
INFO - 🚀 PAN-OS version 10.2.0-h2 is beginning download
INFO - Device 007054000242050 downloading version: 10.2.0-h2
INFO - Device 007054000123456 downloading version: 10.2.0-h2
INFO - ⚙️ Downloading PAN-OS version 10.2.0-h2 - Elapsed time: 4 seconds
INFO - ⚙️ Downloading PAN-OS version 10.2.0-h2 - Elapsed time: 36 seconds
INFO - ⚙️ Downloading PAN-OS version 10.2.0-h2 - Elapsed time: 71 seconds
Expand All @@ -108,7 +109,7 @@ INFO - 🚀 Performing backup of houston's configuration to local filesystem...
INFO - 🚀 Not a dry run, continue with upgrade...
INFO - 🚀 Performing upgrade on houston to version 10.2.0-h2...
INFO - 🚀 Attempting upgrade houston to version 10.2.0-h2 (Attempt 1 of 3)...
INFO - Device 007054000242050 installing version: 10.2.0-h2
INFO - Device 007054000123456 installing version: 10.2.0-h2
INFO - ✅ houston upgrade completed successfully
INFO - 🚀 Rebooting the firewall...
INFO - 📝 Command succeeded with no output
Expand All @@ -122,7 +123,7 @@ INFO - ⚙️ Firewall is rebooting...
INFO - ⚙️ Firewall is rebooting...
INFO - ⚙️ Firewall is responding to requests but hasn't finished its reboot process...
INFO - ⚙️ Firewall is responding to requests but hasn't finished its reboot process...
INFO - ✅ Firewall upgraded and rebooted in 343 seconds"
INFO - ✅ Firewall upgraded and rebooted in 343 seconds

```

Expand Down
90 changes: 26 additions & 64 deletions docs/user-guide/configuration.md
View file
Original file line number Diff line number Diff line change
@@ -1,89 +1,51 @@
# Configuration Guide for pan-os-upgrade

Proper configuration is crucial for the effective use of the `pan-os-upgrade` package. There are two main methods to configure the tool: using a `.env` file or passing command-line arguments. Each method has its strengths and weaknesses, which we'll explore below.
Proper configuration is vital for the effective use of the `pan-os-upgrade` package. As of the latest update, configuration can be done primarily through command-line arguments.

## Option 1: Using a `.env` File
## Executing `pan-os-upgrade`

A `.env` file is a simple way to store configuration settings in key-value pairs. This method is advantageous for keeping your configuration organized and easily editable in one place.
### Option 1: Execute Without Command-Line Arguments

**Creating a `.env` File:**
You can start the script by simply issuing `pan-os-upgrade` from your current working directory. The interactive shell will prompt you to input the required arguments.

1. Create a `.env` file in your project's root directory.
2. Add your firewall's details to the file, as shown below:

```env
# PAN-OS credentials - use either API key or username/password combination
PAN_USERNAME=admin
PAN_PASSWORD=paloalto123
API_KEY=
# Hostname or IP address of the firewall
HOSTNAME=firewall1.example.com
# Target PAN-OS version for the upgrade
TARGET_VERSION=11.0.2-h3
# Logging level (e.g., debug, info, warning, error, critical)
LOG_LEVEL=debug
# Set to true for a dry run
DRY_RUN=false
```bash
$ pan-os-upgrade
IP address: 192.168.255.1
Username: admin
Password:
Target PAN-OS version: 11.1.1
...output...
```

**Pros:**

- Centralized configuration management.
- Easy to update or modify settings.

**Cons:**
### Option 2: Execute Using Command-Line Arguments

- Risk of committing sensitive information to a version control system if not properly ignored.
- Less flexibility for dynamic or per-run configurations.

## Option 2: Using Command-Line Arguments

Command-line arguments offer a direct way to pass configuration settings each time you run the script.

**Passing Details via Command-Line:**

- Standard Usage:
Alternatively, you can pass these details as command-line arguments:

```bash
pan-os-upgrade --hostname 192.168.1.1 --username admin --password secret --version 10.1.0
$ pan-os-upgrade --ip-address 192.168.1.1 --username admin --password secret --version 10.1.0
```

- For a Dry Run:
For a dry run:

```bash
pan-os-upgrade --hostname 192.168.1.1 --username admin --password secret --version 10.1.0 --dry-run
$ pan-os-upgrade --ip-address 192.168.1.1 --username admin --password secret --version 10.1.0 --dry-run
```

**Pros:**

- Greater control and flexibility for each run.
- Avoids storing sensitive details in a file.

**Cons:**

- Risk of exposing sensitive information in console history.
- Less convenient for repeated use with the same settings.

## CLI Arguments Description

When using command-line arguments, the following options are available:

| argument | description | required |
| ------------- | ------------------------------------------------------------------------- | --------- |
| `--api-key` | API Key for authentication | required* |
| `--dry-run` | Dry run of all tests and downloads without performing the actual upgrade. | optional |
| `--hostname` | Hostname or IP address of the PAN-OS firewall. | optional |
| `--log-level` | Set the logging output level (e.g., debug, info, warning). | optional |
| `--password` | Password for authentication. | required* |
| `--username` | Username for authentication. | required* |
| `--version` | Target PAN-OS version to upgrade to. | required |
| Argument | Description | Required |
| -------------- | -------------------------------------------------------------------- | -------- |
| `--ip-address` | IP address of the target PAN-OS firewall. | Yes |
| `--username` | Username for authentication with the firewall. | Yes |
| `--password` | Password for authentication with the firewall. | Yes |
| `--version` | Target PAN-OS version to upgrade to. | Yes |
| `--dry-run` | Perform a dry run of all tests and downloads without actual upgrade. | No |
| `--log-level` | Set the logging output level (e.g., debug, info, warning). | No |

<small>* if using a <code>--api-key</code> for authentication, omit the <code>--username</code> and <code>--password</code> arguments; opposite is also true.</small>
Note: The use of an API key and `.env` file for configuration is no longer supported.

## Next Steps

After configuring `pan-os-upgrade`, you're ready to execute the upgrade process. To learn more about the execution steps and options, proceed to the [Execution Guide](execution.md).
After configuring `pan-os-upgrade`, you're ready to execute the upgrade process. For more details on execution steps and options, proceed to the [Execution Guide](execution.md).
Loading

0 comments on commit 4623dc1

Please sign in to comment.