diff --git a/README.md b/README.md index 8351d4d..36721b5 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,9 @@ This guide will help you set up the `pan-os-upgrade` library in your environment The `pan-os-upgrade` library is available on PyPI and can be installed within a Python virtual environment. A virtual environment is a self-contained directory that contains a Python installation for a particular version of Python, plus a number of additional packages. -#### Using `python3 -m venv` (Recommended for Beginners) +#### Creating a Python Virtual Environment + +The steps below highlight the process for creating, activating, and installing `pan-os-upgrade` into a Python virtual environment. If you're new to Python, it may be beneficial to understand why this is such an important step, [here is a good writeup](https://realpython.com/python-virtual-environments-a-primer/) to prime yourself. 1. Create a Virtual Environment: @@ -107,76 +109,41 @@ The `pan-os-upgrade` library is available on PyPI and can be installed within a pip install pan-os-upgrade ``` -### Using Poetry (Advanced Users) - -Poetry is a tool for dependency management and packaging in Python. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you. - -1. Install Poetry: - - Follow [the official instructions](https://python-poetry.org/docs/) to install Poetry on your system. - -2. Create a New Project using Poetry: - - ```bash - poetry new panos_project - cd panos_project - ``` - -3. Add `pan-os-upgrade` as a Dependency: - - ```bash - poetry add pan-os-upgrade - ``` - - This command will create a virtual environment and install the `pan-os-upgrade` package along with its dependencies. - -4. Activate the Poetry Shell: - - To activate the virtual environment created by Poetry, use: - - ```bash - poetry shell - ``` - ### Setting Up Your Environment After setting up the virtual environment and installing the package, you can configure your environment to use the library. This can be done using command-line arguments or an .env file. -#### Option 1: Using an .env File - -Create a `.env` file in your local directory and fill it with your firewall's details: - -```env -# PAN-OS credentials - use either API key or username/password combination -PAN_USERNAME=admin -PAN_PASSWORD=paloalto123 -API_KEY= +#### Option 1: Execute `pan-os-upgrade` without Command-Line Arguments -# Hostname or IP address of the firewall -HOSTNAME=firewall1.example.com +You can simply get started by issuing `pan-os-upgrade` from your current working directory, you will be guided to input the missing requirement arguments through an interactive shell. -# Target PAN-OS version for the upgrade -TARGET_VERSION=11.0.2-h3 - -# Logging level (e.g., debug, info, warning, error, critical) -LOG_LEVEL=debug - -# Set to true for a dry run -DRY_RUN=false +```bash +$ pan-os-upgrade +IP address: 192.168.255.1 +Username: admin +Password: +Target PAN-OS version: 11.1.1 +INFO - ✅ Connection to firewall established +INFO - 📝 **021201123456** DataCenter 10.0.0.3 +INFO - 📝 Firewall HA mode: disabled +INFO - 📝 Current PAN-OS version: 11.0.2 +INFO - 📝 Target PAN-OS version: 11.1.1 +INFO - ✅ Confirmed that moving from 11.0.2 to 11.1.1 is an upgrade +...continue until completed... ``` -#### Option 2: Using Command-Line Arguments +#### Option 2: Execute `pan-os-upgrade` Using Command-Line Arguments Alternatively, you can pass these details as command-line arguments when running the script: ```bash -pan-os-upgrade --hostname 192.168.1.1 --username admin --password secret --version 10.1.0 +pan-os-upgrade --ip-address 192.168.1.1 --username admin --password secret --version 10.1.0 ``` For a dry run: ```bash -pan-os-upgrade --hostname 192.168.1.1 --username admin --password secret --version 10.1.0 --dry-run +pan-os-upgrade --ip-address 192.168.1.1 --username admin --password secret --version 10.1.0 --dry-run ```

(back to top)

@@ -184,21 +151,28 @@ pan-os-upgrade --hostname 192.168.1.1 --username admin --password secret --versi ## Usage -The script can be run from the command line with various options. It requires at least the hostname (or IP address) and the target PAN-OS version for the firewall. Authentication can be done via API key or username and password. +The script can be run from the command line with various options. + +You can view all arguments by passing the `--help` flag: + +```bash +pan-os-upgrade --help +``` ### CLI Arguments Description -* `--api-key`: API Key for authentication -* `--dry-run`: Perform a dry run of all tests and downloads without performing the actual upgrade. -* `--hostname`: Hostname or IP address of the PAN-OS firewall. -* `--log-level`: Set the logging output level (e.g., debug, info, warning). -* `--password`: Password for authentication. -* `--username`: Username for authentication. -* `--version`: Target PAN-OS version to upgrade to. +| cli argument | shorthand | type | description | +| -------------- | --------- | ---- | ----------------------------------------------------------------------------------- | +| `--dry-run` | `-d` | n/a | Perform a dry run of all tests and downloads without performing the actual upgrade. | +| `--ip-address` | `-i` | text | IP address of target firewall. | +| `--log-level` | `-l` | text | Set the logging output level (e.g., debug, info, warning). | +| `--password` | `-p` | text | Password for authentication. | +| `--username` | `-u` | text | Username for authentication. | +| `--version` | `-v` | text | Target PAN-OS version to upgrade to. |

(back to top)

-Refer to the [documentation](https://github.com/cdot65/pan-os-upgrade) for more details on usage. +Refer to the [documentation](https://cdot65.github.io/pan-os-upgrade/) for more details on usage.

(back to top)

@@ -227,7 +201,7 @@ Encountered an issue? Here are some common problems and solutions: * **Problem**: Script hangs during execution. * **Solution**: Check the firewall and network settings. Ensure the PAN-OS device is responding correctly. -For more troubleshooting tips, visit our [FAQ section](#). +For more troubleshooting tips, visit our [FAQ section](https://cdot65.github.io/pan-os-upgrade/). ## Contributing @@ -242,14 +216,14 @@ If you have a suggestion that would make this better, please fork the repo and c 4. Push to the Branch (`git push origin feature/AmazingFeature`) 5. Open a Pull Request -See [Contributing Guidelines](#) for detailed instructions. +See [Contributing Guidelines](https://cdot65.github.io/pan-os-upgrade/about/contributing/) for detailed instructions.

(back to top)

## License -This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. +This project is licensed under the Apache 2.0 License - see the [LICENSE](https://cdot65.github.io/pan-os-upgrade/about/license/) file for details.

(back to top)

diff --git a/docs/index.md b/docs/index.md index 0cf929c..ba3c342 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ hide: PaloAltoNetworks

- pan-os-upgrade, a Python CLI tool to help automate the upgrade process for PAN-OS firewalls + pan-os-upgrade, a Python CLI tool to help automate the upgrade process for PAN-OS firewalls using Typer

@@ -58,7 +58,8 @@ Python 3.8+ * pan-os-python for handling all interactions with PAN-OS firewalls. * panos-upgrade-assurance for performing Readiness Checks, Snapshots, Health Checks, and Reporting. -* Pydantic for handling the data modeling and validation. +* Pydantic for handling the data modeling and validation. +* Typer for handling the data modeling and validation. ## Installation @@ -77,9 +78,9 @@ $ pip install pan-os-upgrade

```console -$ pan-os-upgrade --hostname houston.cdot.io --version 10.2.0-h2 --username admin --password paloalto#1 +$ pan-os-upgrade --ip-address 192.168.255.211 --version 10.2.0-h2 --username admin --password paloalto#1 INFO - ✅ Connection to firewall established -INFO - 📝 007054000242050 houston 192.168.255.211 +INFO - 📝 007054000123456 houston 192.168.255.211 INFO - 📝 Firewall HA mode: disabled INFO - 📝 Current PAN-OS version: 10.2.0 INFO - 📝 Target PAN-OS version: 10.2.0-h2 @@ -89,7 +90,7 @@ INFO - ✅ Base image for 10.2.0-h2 is already downloaded INFO - 🚀 Performing test to see if 10.2.0-h2 is already downloaded... INFO - 🔍 PAN-OS version 10.2.0-h2 is not on the firewall INFO - 🚀 PAN-OS version 10.2.0-h2 is beginning download -INFO - Device 007054000242050 downloading version: 10.2.0-h2 +INFO - Device 007054000123456 downloading version: 10.2.0-h2 INFO - ⚙️ Downloading PAN-OS version 10.2.0-h2 - Elapsed time: 4 seconds INFO - ⚙️ Downloading PAN-OS version 10.2.0-h2 - Elapsed time: 36 seconds INFO - ⚙️ Downloading PAN-OS version 10.2.0-h2 - Elapsed time: 71 seconds @@ -108,7 +109,7 @@ INFO - 🚀 Performing backup of houston's configuration to local filesystem... INFO - 🚀 Not a dry run, continue with upgrade... INFO - 🚀 Performing upgrade on houston to version 10.2.0-h2... INFO - 🚀 Attempting upgrade houston to version 10.2.0-h2 (Attempt 1 of 3)... -INFO - Device 007054000242050 installing version: 10.2.0-h2 +INFO - Device 007054000123456 installing version: 10.2.0-h2 INFO - ✅ houston upgrade completed successfully INFO - 🚀 Rebooting the firewall... INFO - 📝 Command succeeded with no output @@ -122,7 +123,7 @@ INFO - ⚙️ Firewall is rebooting... INFO - ⚙️ Firewall is rebooting... INFO - ⚙️ Firewall is responding to requests but hasn't finished its reboot process... INFO - ⚙️ Firewall is responding to requests but hasn't finished its reboot process... -INFO - ✅ Firewall upgraded and rebooted in 343 seconds" +INFO - ✅ Firewall upgraded and rebooted in 343 seconds ``` diff --git a/docs/user-guide/configuration.md b/docs/user-guide/configuration.md index be3d340..64b9992 100644 --- a/docs/user-guide/configuration.md +++ b/docs/user-guide/configuration.md @@ -1,89 +1,51 @@ # Configuration Guide for pan-os-upgrade -Proper configuration is crucial for the effective use of the `pan-os-upgrade` package. There are two main methods to configure the tool: using a `.env` file or passing command-line arguments. Each method has its strengths and weaknesses, which we'll explore below. +Proper configuration is vital for the effective use of the `pan-os-upgrade` package. As of the latest update, configuration can be done primarily through command-line arguments. -## Option 1: Using a `.env` File +## Executing `pan-os-upgrade` -A `.env` file is a simple way to store configuration settings in key-value pairs. This method is advantageous for keeping your configuration organized and easily editable in one place. +### Option 1: Execute Without Command-Line Arguments -**Creating a `.env` File:** +You can start the script by simply issuing `pan-os-upgrade` from your current working directory. The interactive shell will prompt you to input the required arguments. -1. Create a `.env` file in your project's root directory. -2. Add your firewall's details to the file, as shown below: - -```env -# PAN-OS credentials - use either API key or username/password combination -PAN_USERNAME=admin -PAN_PASSWORD=paloalto123 -API_KEY= - -# Hostname or IP address of the firewall -HOSTNAME=firewall1.example.com - -# Target PAN-OS version for the upgrade -TARGET_VERSION=11.0.2-h3 - -# Logging level (e.g., debug, info, warning, error, critical) -LOG_LEVEL=debug - -# Set to true for a dry run -DRY_RUN=false +```bash +$ pan-os-upgrade +IP address: 192.168.255.1 +Username: admin +Password: +Target PAN-OS version: 11.1.1 +...output... ``` -**Pros:** - -- Centralized configuration management. -- Easy to update or modify settings. - -**Cons:** +### Option 2: Execute Using Command-Line Arguments -- Risk of committing sensitive information to a version control system if not properly ignored. -- Less flexibility for dynamic or per-run configurations. - -## Option 2: Using Command-Line Arguments - -Command-line arguments offer a direct way to pass configuration settings each time you run the script. - -**Passing Details via Command-Line:** - -- Standard Usage: +Alternatively, you can pass these details as command-line arguments: ```bash -pan-os-upgrade --hostname 192.168.1.1 --username admin --password secret --version 10.1.0 +$ pan-os-upgrade --ip-address 192.168.1.1 --username admin --password secret --version 10.1.0 ``` -- For a Dry Run: +For a dry run: ```bash -pan-os-upgrade --hostname 192.168.1.1 --username admin --password secret --version 10.1.0 --dry-run +$ pan-os-upgrade --ip-address 192.168.1.1 --username admin --password secret --version 10.1.0 --dry-run ``` -**Pros:** - -- Greater control and flexibility for each run. -- Avoids storing sensitive details in a file. - -**Cons:** - -- Risk of exposing sensitive information in console history. -- Less convenient for repeated use with the same settings. - ## CLI Arguments Description When using command-line arguments, the following options are available: -| argument | description | required | -| ------------- | ------------------------------------------------------------------------- | --------- | -| `--api-key` | API Key for authentication | required* | -| `--dry-run` | Dry run of all tests and downloads without performing the actual upgrade. | optional | -| `--hostname` | Hostname or IP address of the PAN-OS firewall. | optional | -| `--log-level` | Set the logging output level (e.g., debug, info, warning). | optional | -| `--password` | Password for authentication. | required* | -| `--username` | Username for authentication. | required* | -| `--version` | Target PAN-OS version to upgrade to. | required | +| Argument | Description | Required | +| -------------- | -------------------------------------------------------------------- | -------- | +| `--ip-address` | IP address of the target PAN-OS firewall. | Yes | +| `--username` | Username for authentication with the firewall. | Yes | +| `--password` | Password for authentication with the firewall. | Yes | +| `--version` | Target PAN-OS version to upgrade to. | Yes | +| `--dry-run` | Perform a dry run of all tests and downloads without actual upgrade. | No | +| `--log-level` | Set the logging output level (e.g., debug, info, warning). | No | -* if using a --api-key for authentication, omit the --username and --password arguments; opposite is also true. +Note: The use of an API key and `.env` file for configuration is no longer supported. ## Next Steps -After configuring `pan-os-upgrade`, you're ready to execute the upgrade process. To learn more about the execution steps and options, proceed to the [Execution Guide](execution.md). +After configuring `pan-os-upgrade`, you're ready to execute the upgrade process. For more details on execution steps and options, proceed to the [Execution Guide](execution.md). diff --git a/docs/user-guide/execution.md b/docs/user-guide/execution.md index bbf33c7..13e1a96 100644 --- a/docs/user-guide/execution.md +++ b/docs/user-guide/execution.md @@ -1,45 +1,37 @@ # Execution Guide for pan-os-upgrade -The `pan-os-upgrade` tool automates the entire process of upgrading PAN-OS firewalls. This guide will walk you through the execution steps, detailing how to use the script with different configuration options, and what to expect in terms of output and logging. +The `pan-os-upgrade` tool automates the entire process of upgrading PAN-OS firewalls. This guide will walk you through the execution steps, detailing how to use the script with the latest configuration options, and what to expect in terms of output and logging. ## Execution Options -You can execute `pan-os-upgrade` using two primary methods: either by using a `.env` file or command-line arguments. Each method provides flexibility depending on your preference or automation setup. +You can execute `pan-os-upgrade` using command-line arguments to provide configuration details directly. -### Using a `.env` File +### Using Command-Line Arguments -If you have set up a `.env` file as per the configuration guide, simply execute the script without any additional arguments: +Execute the script by passing the configuration details as command-line arguments:
```console -pan-os-upgrade +$ pan-os-upgrade --ip-address 192.168.1.1 --username admin --password secret --version 10.1.0 ```
-This command will automatically pick up the configuration details from your `.env` file. - -### Using Command-Line Arguments +Replace `192.168.1.1`, `admin`, `secret`, and `10.1.0` with your firewall's details and the desired PAN-OS version. -Alternatively, pass the configuration details directly as command-line arguments: - -
+For a dry run: ```console -pan-os-upgrade --hostname 192.168.1.1 --username admin --password secret --version 10.1.0 +$ pan-os-upgrade --ip-address 192.168.1.1 --username admin --password secret --version 10.1.0 --dry-run ``` -
- -Here, replace `192.168.1.1`, `admin`, `secret`, and `10.1.0` with your firewall's details and the desired PAN-OS version. - ## Output
```console -pan-os-upgrade --hostname 192.168.255.211 --username admin --password secret --version 10.2.0-h2 +pan-os-upgrade --ip-address 192.168.255.211 --username admin --password secret --version 10.2.0-h2 INFO - ✅ Connection to firewall established INFO - 📝 007054000123456 houston 192.168.255.211 INFO - 📝 Firewall HA mode: disabled @@ -51,7 +43,7 @@ INFO - ✅ Base image for 10.2.0-h2 is already downloaded INFO - 🚀 Performing test to see if 10.2.0-h2 is already downloaded... INFO - 🔍 PAN-OS version 10.2.0-h2 is not on the firewall INFO - 🚀 PAN-OS version 10.2.0-h2 is beginning download -INFO - Device 007054000242050 downloading version: 10.2.0-h2 +INFO - Device 007054000123456 downloading version: 10.2.0-h2 INFO - ⚙️ Downloading PAN-OS version 10.2.0-h2 - Elapsed time: 4 seconds INFO - ⚙️ Downloading PAN-OS version 10.2.0-h2 - Elapsed time: 36 seconds INFO - ⚙️ Downloading PAN-OS version 10.2.0-h2 - Elapsed time: 71 seconds @@ -90,6 +82,8 @@ INFO - ✅ Firewall upgraded and rebooted in 542 seconds
+This output will include detailed logs of the process, such as establishing a connection, checking versions, performing upgrades, and rebooting the firewall. + ## Assurance Functions The script performs various assurance functions like readiness checks, snapshots, and configuration backups. These are stored in the `assurance/` directory, structured as follows: