def download_install(self, version, load_config=None, sync=False):
if isstring(version):
version = PanOSVersion(version)
# Get list of software if needed
if not self.versions:
self.check()
# Get versions as StrictVersion objects
available_versions = map(PanOSVersion, self.versions.keys())
target_version = PanOSVersion(str(version))
current_version = PanOSVersion(self.pandevice.version)
if str(target_version) not in available_versions:
raise err.PanDeviceError("Error upgrading to unknown version: %s" %
target_version)
# Check if already on the target version
if current_version == target_version:
raise err.PanDeviceError(
"Requested upgrade to version %s which is already running on device %s"
% (target_version, self.pandevice.id))
# Download the software upgrade
if not self.versions[str(target_version)]["downloaded"]:
self.download(target_version, sync=True)
# Install the software upgrade
result = self.install(target_version,
load_config=load_config,
sync=sync)
return result
def delete_interface(self, interface=None, pan_device=None):
"""Delete the data interface used by this HA interface
Args:
interface (HighAvailabilityInterface): The HA interface (HA1, HA2, etc)
pan_device (PanDevice): The PanDevice object to apply the change
"""
if pan_device is None:
pan_device = self.nearest_pandevice()
if pan_device is None:
return None
port = interface if interface is not None else self.port
if isstring(port):
intname = port
else:
intname = str(port)
if intname.startswith("ethernet"):
interface = pan_device.find(intname, network.EthernetInterface)
if interface is None:
# Already deleted
return
elif interface.mode == "ha":
interface.delete()
elif intname.startswith("ae"):
interface = pan_device.find(intname, network.AggregateInterface)
if interface is None:
# Already deleted
return
elif interface.mode == "ha":
interface.mode = "tap"
interface.apply()
def _next_major_version(self, version):
if isstring(version):
version = PanOSVersion(version)
next_version = PanOSVersion(str(version.major + 1) + ".0.0")
# Account for lack of PAN-OS 7.0.0
if next_version == "7.0.0":
next_version = PanOSVersion("7.0.1")
return next_version
def setup_interface(self):
"""Setup the data interface as an HA interface
Use this method to automatically convert the data interface
to 'ha' mode. This must be done *before* this HA interface
is created on the firewall.
"""
pandevice = self.nearest_pandevice()
if pandevice is None:
return None
if isstring(self.port):
intname = self.port
else:
intname = str(self.port)
intconfig_needed = False
inttype = None
if intname.startswith("ethernet"):
intprefix = "ethernet"
inttype = network.EthernetInterface
intconfig_needed = True
elif intname.startswith("ae"):
intprefix = "ae"
inttype = network.AggregateInterface
intconfig_needed = True
elif intname.startswith("management"):
self.link_speed = None
self.link_duplex = None
if intconfig_needed:
apply_needed = False
interface = panos.find(
intname,
(network.EthernetInterface, network.AggregateInterface))
if interface is None:
interface = panos.add(inttype(name=intname, mode="ha"))
apply_needed = True
elif interface.mode != "ha":
interface.mode = "ha"
apply_needed = True
if inttype == network.EthernetInterface:
if self.link_speed is not None:
# Transfer the link_speed to the eth interface
if interface.link_speed != self.link_speed:
interface.link_speed = self.link_speed
apply_needed = True
if self.link_duplex is not None:
# Transfer the link_duplex to the eth interface
if interface.link_duplex != self.link_duplex:
interface.link_duplex = self.link_duplex
apply_needed = True
self.link_speed = None
self.link_duplex = None
if apply_needed:
interface.apply()
return interface
def _direct_upgrade_possible(self, current_version, target_version):
"""Check if current version can directly upgrade to target version
:returns True if a direct upgrade is possible, False if not
"""
if isstring(current_version):
current_version = PanOSVersion(current_version)
if isstring(target_version):
target_version = PanOSVersion(target_version)
# Upgrade the patch version
# eg. 6.0.2 -> 6.0.3
if (current_version.major == target_version.major
and current_version.minor == target_version.minor):
return True
# Upgrade the minor version
# eg. 6.0.2 -> 6.1.0
if (current_version.major == target_version.major
and current_version.minor == 0 and target_version.minor == 1
and target_version.patch == 0):
return True
# Upgrade the major version
# eg. 6.1.2 -> 7.0.0
if (current_version.major + 1 == target_version.major
and current_version.minor == 1 and target_version.minor == 0
and target_version.patch == 0):
return True
# Upgrading a firewall from PAN-OS 5.0.x to 6.0.x
# This is a special case because there is no PAN-OS 5.1.x
from panos.firewall import Firewall
if (current_version.major == 5 and current_version.minor == 0
and target_version == "6.0.0"
and issubclass(type(self.pandevice), Firewall)):
return True
return False
def _next_minor_version(self, version):
from panos.firewall import Firewall
if isstring(version):
next_version = PanOSVersion(version)
if version.minor == 1:
next_version = PanOSVersion(str(version.major + 1) + ".0.0")
# There is no PAN-OS 5.1 for firewalls, so next minor release from 5.0.x is 6.0.0.
elif (version.major == 5 and version.minor == 0
and issubclass(type(self.pandevice), Firewall)):
next_version = PanOSVersion("6.0.0")
else:
next_version = PanOSVersion(str(version.major) + ".1.0")
# Account for lack of PAN-OS 7.0.0
if next_version == "7.0.0":
next_version = PanOSVersion("7.0.1")
return next_version
def download_install_reboot(self, version, load_config=None, sync=False):
if isstring(version):
version = PanOSVersion(version)
self.download_install(version, load_config, sync=True)
# Reboot the device
self._logger.info(
"Device %s is rebooting after upgrading to version %s. This will take a while."
% (self.pandevice.id, version))
self.pandevice.restart()
if sync:
new_version = self.pandevice.syncreboot()
if version != new_version:
raise err.PanDeviceError(
"Attempt to upgrade to version %s failed."
"Device %s is on version %s after reboot." %
(version, self.pandevice.id, new_version))
self.pandevice.version = new_version
return new_version
else:
return None
def _next_patch_version(self, version):
if isstring(version):
version = PanOSVersion(version)
next_version = PanOSVersion(
str(version.major) + str(version.minor) + str(version.patch + 1))
return next_version