Update version to 0.4.0 and add support for multiple workflows

cdot65 · Jan 26, 2024 · 87fa3f0 · 87fa3f0
1 parent ac4e158
commit 87fa3f0
Show file tree

Hide file tree

Showing 6 changed files with 682 additions and 429 deletions.
diff --git a/README.md b/README.md
diff --git a/docs/about/release-notes.md b/docs/about/release-notes.md
@@ -2,10 +2,24 @@
 
 Welcome to the release notes for the `pan-os-upgrade` tool. This document provides a detailed record of changes, enhancements, and fixes in each version of the tool.
 
+## Version 0.4.0
+
+**Release Date:** *<20240126>*
+
+### What's New
+
+- Support for three unique workflows:
+  - `firewall`: targets and upgrades an individual firewall
+  - `panorama`: targets and upgrades an individual Panorama appliance
+  - `batch`: targets a Panorama appliance and upgrades firewalls in batch
+    - The script will support up to ten simultaneous upgrades
+    - Requires a filter string to be passed to identify target firewalls
+
 ## Version 0.3.0
 
 **Release Date:** *<20240125>*
 
+<!-- trunk-ignore(markdownlint/MD024) -->
 ### What's New
 
 - Multi-threading added for concurrent upgrades (max limit of threads is 10).

diff --git a/docs/index.md b/docs/index.md
@@ -77,56 +77,102 @@ Visit the [User Guide](user-guide/introduction.md) for detailed insights into se
 <div class="termy">
 
 ```console
-$ pan-os-upgrade --filter 'hostname=houston'
-Hostname or IP: panorama.cdot.io
-Username: cdot
-Password:
-Target PAN-OS version: 10.2.3-h2
-✅ Connection to Panorama established. Firewall connections will be proxied!
-📝 007054000123456 houston 192.168.255.211
-📝 Firewall HA mode: disabled
-📝 Current PAN-OS version: 10.2.3
-📝 Target PAN-OS version: 10.2.3-h2
-✅ Confirmed that moving from 10.2.3 to 10.2.3-h2 is an upgrade
-✅ PAN-OS version 10.2.3-h2 is available for download
-✅ Base image for 10.2.3-h2 is already downloaded
-🚀 Performing test to see if 10.2.3-h2 is already downloaded...
-🔍 PAN-OS version 10.2.3-h2 is not on the firewall
-🚀 PAN-OS version 10.2.3-h2 is beginning download
-Device 007054000123456 downloading version: 10.2.3-h2
-Downloading PAN-OS version 10.2.3-h2 - Elapsed time: 8 seconds
-Downloading PAN-OS version 10.2.3-h2 - Elapsed time: 42 seconds
-Downloading PAN-OS version 10.2.3-h2 - Elapsed time: 75 seconds
-Downloading PAN-OS version 10.2.3-h2 - Elapsed time: 110 seconds
-Downloading PAN-OS version 10.2.3-h2 - Elapsed time: 151 seconds
-✅ 10.2.3-h2 downloaded in 182 seconds
-✅ PAN-OS version 10.2.3-h2 has been downloaded.
-🚀 Performing snapshot of network state information...
-✅ Network snapshot created successfully
-🚀 Performing readiness checks to determine if firewall is ready for upgrade...
-✅ Passed Readiness Check: Check if there are pending changes on device
-✅ Passed Readiness Check: No Expired Licenses
-✅ Passed Readiness Check: Check if NTP is synchronized
-✅ Passed Readiness Check: Check if the clock is synchronized between dataplane and management plane
-✅ Passed Readiness Check: Check connectivity with the Panorama appliance
-✅ Readiness Checks completed
-🚀 Performing backup of houston's configuration to local filesystem...
-🚀 Not a dry run, continue with upgrade...
-🚀 Performing upgrade on houston to version 10.2.3-h2...
-🚀 Attempting upgrade houston to version 10.2.3-h2 (Attempt 1 of 3)...
-Device 007054000123456 installing version: 10.2.3-h2
-✅ houston upgrade completed successfully
-🚀 Rebooting the standalone firewall...
-📝 Command succeeded with no output
-⚙️ Firewall is rebooting...
-⚙️ Firewall is rebooting...
-⚙️ Firewall is rebooting...
-⚙️ Firewall is rebooting...
-⚙️ Firewall is rebooting...
-⚙️ Firewall is rebooting...
-⚙️ Firewall is rebooting...
-📝 Firewall version: 10.2.3-h2
-✅ Firewall rebooted in 484 seconds
+$ pan-os-upgrade batch
+Panorama hostname or IP: panorama.cdot.io
+Panorama username: cdot
+Panorama password:
+Firewall target version (ex: 10.1.2): 10.2.3
+Filter string (ex: hostname=Woodlands*) []: hostname=Woodlands*
+Dry Run? [y/N]:
+✅ panorama.cdot.io: Connection to Panorama established. Firewall connections will be proxied!
+📝 Woodlands-fw2: 007954000123452 192.168.255.44
+📝 Woodlands-fw1: 007954000123451 192.168.255.43
+📝 Woodlands-fw2: HA mode: passive
+📝 Woodlands-fw1: HA mode: active
+🔍 Woodlands-fw1: Detected active target device in HA pair running the same version as its peer. Added target device to revisit list.
+📝 Woodlands-fw2: Current version: 10.2.2-h2
+📝 Woodlands-fw2: Target version: 10.2.3
+✅ Woodlands-fw2: Upgrade required from 10.2.2-h2 to 10.2.3
+✅ Woodlands-fw2: version 10.2.3 is available for download
+✅ Woodlands-fw2: Base image for 10.2.3 is already downloaded
+🚀 Woodlands-fw2: Performing test to see if 10.2.3 is already downloaded...
+✅ Woodlands-fw2: version 10.2.3 already on target device.
+✅ Woodlands-fw2: 10.2.3 has been downloaded and sync'd to HA peer.
+🚀 Woodlands-fw2: Performing snapshot of network state information...
+✅ Woodlands-fw2: Network snapshot created successfully
+🚀 Woodlands-fw2: Performing readiness checks to determine if firewall is ready for upgrade...
+✅ Woodlands-fw2: Passed Readiness Check: Check if there are pending changes on device
+✅ Woodlands-fw2: Passed Readiness Check: No Expired Licenses
+✅ Woodlands-fw2: Passed Readiness Check: Checks HA pair status from the perspective of the current device
+✅ Woodlands-fw2: Passed Readiness Check: Check if NTP is synchronized
+✅ Woodlands-fw2: Passed Readiness Check: Check if the clock is synchronized between dataplane and management plane
+✅ Woodlands-fw2: Passed Readiness Check: Check connectivity with the Panorama appliance
+✅ Woodlands-fw2: Readiness Checks completed
+🚀 Woodlands-fw2: Checking if HA peer is in sync...
+✅ Woodlands-fw2: HA peer sync test has been completed.
+🚀 Woodlands-fw2: Performing backup of configuration to local filesystem...
+🚀 Woodlands-fw2: Not a dry run, continue with upgrade...
+🚀 Woodlands-fw2: Performing upgrade to version 10.2.3...
+🚀 Woodlands-fw2: Attempting upgrade to version 10.2.3 (Attempt 1 of 3)...
+Device 007954000123452 installing version: 10.2.3
+✅ Woodlands-fw2: Upgrade completed successfully
+🚀 Woodlands-fw2: Rebooting the passive HA target device...
+📝 Woodlands-fw2: Command succeeded with no output
+🔧 Woodlands-fw2: Target device is rebooting...
+🔧 Woodlands-fw2: Target device is rebooting...
+🔧 Woodlands-fw2: Target device is rebooting...
+🔧 Woodlands-fw2: Target device is rebooting...
+🔧 Woodlands-fw2: Target device is rebooting...
+🔧 Woodlands-fw2: Target device is rebooting...
+🔧 Woodlands-fw2: Target device is rebooting...
+🔧 Woodlands-fw2: Target device is rebooting...
+🔧 Woodlands-fw2: Target device is rebooting...
+🔧 Woodlands-fw2: HA passive target device rebooted but not yet synchronized with its peer. Will try again in 60 seconds.
+🔧 Woodlands-fw2: HA passive target device rebooted but not yet synchronized with its peer. Will try again in 60 seconds.
+🔧 Woodlands-fw2: HA passive target device rebooted but not yet synchronized with its peer. Will try again in 60 seconds.
+🔧 Woodlands-fw2: HA passive target device rebooted but not yet synchronized with its peer. Will try again in 60 seconds.
+🟧 Woodlands-fw2: HA passive target device rebooted but did not complete a configuration sync with the active after 5 attempts.
+🚀 panorama.cdot.io: Revisiting firewalls that were active in an HA pair and had the same version as their peers.
+📝 Woodlands-fw1: 007954000123451 192.168.255.43
+📝 Woodlands-fw1: HA mode: active
+❌ Woodlands-fw1: Error suspending active target device HA state: argument of type 'NoneType' is not iterable
+📝 Woodlands-fw1: Current version: 10.2.2-h2
+📝 Woodlands-fw1: Target version: 10.2.3
+✅ Woodlands-fw1: Upgrade required from 10.2.2-h2 to 10.2.3
+✅ Woodlands-fw1: version 10.2.3 is available for download
+✅ Woodlands-fw1: Base image for 10.2.3 is already downloaded
+🚀 Woodlands-fw1: Performing test to see if 10.2.3 is already downloaded...
+✅ Woodlands-fw1: version 10.2.3 already on target device.
+✅ Woodlands-fw1: 10.2.3 has been downloaded and sync'd to HA peer.
+🚀 Woodlands-fw1: Performing snapshot of network state information...
+✅ Woodlands-fw1: Network snapshot created successfully
+🚀 Woodlands-fw1: Performing readiness checks to determine if firewall is ready for upgrade...
+✅ Woodlands-fw1: Passed Readiness Check: Check if there are pending changes on device
+✅ Woodlands-fw1: Passed Readiness Check: No Expired Licenses
+✅ Woodlands-fw1: Passed Readiness Check: Check if NTP is synchronized
+✅ Woodlands-fw1: Passed Readiness Check: Check connectivity with the Panorama appliance
+✅ Woodlands-fw1: Readiness Checks completed
+🚀 Woodlands-fw1: Checking if HA peer is in sync...
+🟧 Woodlands-fw1: HA peer state is not in sync. This will be noted, but the script will continue.
+🚀 Woodlands-fw1: Performing backup of configuration to local filesystem...
+🚀 Woodlands-fw1: Not a dry run, continue with upgrade...
+🚀 Woodlands-fw1: Performing upgrade to version 10.2.3...
+🚀 Woodlands-fw1: Attempting upgrade to version 10.2.3 (Attempt 1 of 3)...
+Device 007954000123451 installing version: 10.2.3
+✅ Woodlands-fw1: Upgrade completed successfully
+🚀 Woodlands-fw1: Rebooting the passive HA target device...
+📝 Woodlands-fw1: Command succeeded with no output
+🔧 Woodlands-fw1: Target device is rebooting...
+🔧 Woodlands-fw1: Target device is rebooting...
+🔧 Woodlands-fw1: Target device is rebooting...
+🔧 Woodlands-fw1: Target device is rebooting...
+🔧 Woodlands-fw1: Target device is rebooting...
+🔧 Woodlands-fw1: Target device is rebooting...
+🔧 Woodlands-fw1: Target device is rebooting...
+🔧 Woodlands-fw1: Target device is rebooting...
+🔧 Woodlands-fw1: Target device is rebooting...
+✅ Woodlands-fw1: HA passive target device rebooted and synchronized with its peer in 631 seconds
+✅ panorama.cdot.io: Completed revisiting firewalls
 ```
 
 </div>