cdot65/pan-os-upgrade

Implement tech-support file generation and download using PAN-OS SDK

Opened this issue · 0 comments

cdot65 commented

Is your feature request related to a problem? Please describe.
When troubleshooting or investigating issues related to PAN-OS upgrades using the pan-os-upgrade utility, having access to the tech-support file from the firewall can provide valuable information and assist in the debugging process. Currently, the utility does not have a built-in mechanism to generate and download the tech-support file using the PAN-OS SDK, which may require users to manually log in to the CLI and retrieve the file separately.

Describe the solution you'd like
Enhance the pan-os-upgrade utility to include the ability to generate and download a tech-support file from the firewall using the PAN-OS SDK. The utility should:

  1. Provide a command or option to initiate the tech-support file generation process.
  2. Use the PAN-OS SDK to execute the equivalent of the request tech-support dump command on the firewall.
  3. Track the progress of the tech-support file generation using the SDK's job monitoring capabilities, similar to the show jobs all or show jobs id <job id> command.
  4. Periodically poll the job status using the SDK to determine when the tech-support file generation is complete.
  5. Once the tech-support file is ready, retrieve the file from the firewall using the appropriate SDK methods for file retrieval.
  6. Download the tech-support file to a specified location on the local machine or a remote server.
  7. Provide feedback to the user about the success or failure of the tech-support file generation and download process.
  8. Optionally, include the ability to automatically generate and download tech-support files before and after the upgrade process for comprehensive troubleshooting.

Describe alternatives you've considered
An alternative approach could be to use the PAN-OS XML API directly instead of the SDK. However, using the SDK provides a more abstracted and convenient interface, reducing the complexity of handling XML requests and responses directly.

Additional context
Here are a few additional points to consider:

  • Ensure that the utility handles the SDK authentication and communication securely, using appropriate authentication mechanisms and encryption.
  • Implement error handling and retry mechanisms to handle scenarios where the tech-support file generation or download may fail due to network issues, API errors, or other exceptions.
  • Provide options to customize the tech-support file generation parameters, such as including additional logs or specifying a specific timeframe, by mapping them to the corresponding SDK parameters.
  • Consider implementing compression or segmentation of the tech-support file to facilitate faster downloads and optimize storage usage.
  • Provide clear documentation and examples on how to use the tech-support file generation and download feature, including any prerequisites or configuration steps specific to the SDK usage.
  • Update the project's documentation to include information about this new feature, explaining its benefits and how it can assist in troubleshooting and debugging upgrade-related issues.

By implementing this feature using the PAN-OS SDK, the pan-os-upgrade utility will provide a seamless and automated way to generate and download tech-support files from the firewall without requiring users to interact with the device CLI directly. This will ensure a more controlled and secure process, while still offering the benefits of quick access to relevant troubleshooting information.