cdot65/pan-os-upgrade

HA Configuration Sync Failures Block Panorama Primary-Suspended Upgrades

cdot65 opened this issue · 0 comments

cdot65 commented

Description

When attempting to upgrade Panorama instances in an HA configuration, the upgrade process for the primary-suspended unit is blocked due to strict configuration sync checks. This behavior is observed even in scenarios where a configuration sync failure should not prevent the upgrade from proceeding. The root cause has been identified as the strict_sync_check parameter being set to True, which enforces strict synchronization status checks before allowing the upgrade to continue.

Expected Behavior

The upgrade process should be more resilient to HA configuration sync discrepancies, especially when they are not critical to the upgrade process. Users should have the flexibility to bypass non-critical sync failures to ensure that upgrades can proceed without unnecessary interruptions.

Current Behavior

Upgrades are halted for the primary-suspended unit in an HA configuration if there are any configuration sync failures, regardless of their impact on the upgrade process. This strict behavior is due to the strict_sync_check parameter being set to True by default.

Steps to Reproduce

  • Setup Panorama in an HA configuration with a primary-active and primary-suspended setup.
  • Introduce a non-critical configuration sync discrepancy between the units.
  • Attempt to upgrade the primary-suspended unit.
  • Observe that the upgrade is blocked due to the configuration sync failure.

Proposed Solution

Change the default value of the strict_sync_check parameter from True to False. This change will allow the upgrade process to be more lenient towards non-critical sync failures, improving the robustness and user experience of the upgrade process.

  • Impact

Positive: Increases the resilience of the upgrade process by avoiding unnecessary blocks due to non-critical HA sync issues.
Negative: There may be scenarios where a strict sync check is desirable for ensuring consistency before an upgrade. This change could potentially bypass such checks, so careful consideration and user control over this behavior are recommended.

Additional Context

The issue has been reported by multiple users facing challenges in upgrading their Panorama setups in HA configurations.

A configuration option to toggle the strictness of the sync check (allowing users to opt-in for strict checks when needed) might be a balanced approach to address this issue.

This issue aims to enhance the upgrade process's flexibility and user experience by providing better control over HA sync checks during upgrades.