feat: ADd single device upgrade playbook

Author: adambaumeister

README.md

@@ -10,7 +10,8 @@ For more information, contact Palo Alto Networks Professional Services.
 
 ## Configure the PAN-OS Ansible EE image as an execution environment
 
-![img.png](docs/create_execution_env.png)
+**Image**: ghcr.io/paloaltonetworks/ansible-panos-upgrade-example:latest
+![img.png](docs/ee.png)
 
 ### Setup a Project
 ![img.png](docs/create_project.png)

docs/create_execution_env.png

@@ -22,4 +22,9 @@ argument_specs:
       password:
         type: "str"
         required: true
-        description: "Firewall login password"
+        description: "Firewall login password"
+      exit_on_fail:
+        type: "bool"
+        required: false
+        default: false
+        description: "Playbook fails if any readiness check fails."

docs/ee.png

@@ -34,3 +34,8 @@
         {{ panos_upgrade_assurance_passed_readiness_checks | length }}
       total_failed_readiness_checks: |
         {{ panos_upgrade_assurance_failed_readiness_checks | length }}
+
+- name: FAIL - Readiness checks failed
+  ansible.builtin.fail:
+    msg: "Readiness checks failed and exit_on_fail is set to true. Aborting."
+  when: panos_upgrade_assurance_failed_readiness_checks | length > 0

roles/run_readiness_checks/meta/argument_specs.yml

@@ -10,6 +10,7 @@
       username: "{{ username | default(lookup('env', 'ANSIBLE_NET_USERNAME')) }}"
       password: "{{ password | default(lookup('env', 'ANSIBLE_NET_PASSWORD')) }}"
       serial_number: "{{ serialno }}"
+    exit_on_fail: true
 
   roles:
     - run_readiness_checks

roles/run_readiness_checks/tasks/main.yml

@@ -0,0 +1,53 @@
+---
+- hosts: all
+  connection: local
+  gather_facts: true
+  name: Example snapshot comparison playbook
+
+  vars:
+    provider:
+      ip_address: "{{ panorama_ip_address }}"
+      username: "{{ username | default(lookup('env', 'ANSIBLE_NET_USERNAME')) }}"
+      password: "{{ password | default(lookup('env', 'ANSIBLE_NET_PASSWORD')) }}"
+      serial_number: "{{ serialno }}"
+    snapshot_directory: "./snapshots"
+
+  roles:
+
+    ##################
+    # Check Device   #
+    ##################
+
+    - role: run_readiness_checks
+      name: READINESS - Check the device can be upgraded
+
+    ##################
+    # TAKE SNAPSHOTS #
+    ##################
+
+    - role: take_snapshot
+      name: SNAPSHOTS - Take the pre-upgrade snapshot
+      vars:
+        snapshot_filename: "pre_upgrade_snapshot_{{ serialno }}"
+
+    ############
+    # UPGRADE  #
+    ############
+
+    - role: upgrade
+      name: UPGRADES - Upgrade the Device
+
+    ############################
+    # Check State post-upgrade #
+    ############################
+
+    - role: take_snapshot
+      name: SNAPSHOTS - Take the post-upgrade snapshot
+      vars:
+        snapshot_filename: "post_upgrade_snapshot_{{ serialno }}"
+
+    - role: snapshot_report_from_files
+      name: REPORTS - Compare the two snapshot reports from the main
+      vars:
+        left_snapshot: "pre_upgrade_snapshot_{{ serialno }}"
+        right_snapshot: "post_upgrade_snapshot_{{ serialno }}"