RAID Status check

[genesyswave]

Feature Request
Adding a status check for RAID status on a device. Panorama and certain physical firewalls will do RAID rebuilds after an upgrade and this can cause delays in the autocommit after the upgrade
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkxPCAQ
Warnings:
Details: configured traffic quota of 0 MB is less than the minimum 32 MB.
Invalid configuration. Please fix errors and try again.
Failed to commit policy to device

Checking and reporting on the status of the system RAID before and after an upgrade provides both visibility when the RAID rebuild is in progress and the option for a delay in checking the readiness of a firewall.

CLI check is 'show system raid detail'

[welcome-to-palo-alto-networks]

🎉 Thanks for opening your first issue here! Welcome to the community!

[FoSix]

Thanks @genesyswave, we'll look into that.

[FoSix]

I'm thinking should we implement this at all. Couple of reasons:

• this wouldn't be a generic test
  • applicable only to two types of physical devices (5200 and 7000)
  • applicable only for PanOS 10.1.4 and higher
  • implementation would require some hardcoding, which we try to avoid as much as possible
• implementation would be problematic, according to this note we don't have to wait until the rebuild is done, we could return True earlier, but that could give false positives.

But the main argument would be, that the package should be generic. All corner cases (like this one) can be handled through pan-os-python (in case of python scripts) or PanOS Ansible collection (for Ansible playbooks).

@horiagunica , @alperenkose , @adambaumeister - your thoughts?

[adambaumeister]

I think it's worth writing a readiness test to ensure that the system isn't currently in the process of rebuilding the spare - or the RAID at all. There might be edge cases where you do an upgrade to 10.1.4 then immediately want to upgrade to 10.2 (for example) and having a readiness check in place would raise the issue and stop the process. It might be ok to upgrade while the spare is rebuilding but you wouldn't want to attempt an upgrade when the RAID is in another degraded state, so a check that just makes sure the state is not abornmal would be good enough.

[FoSix]

fair enough, but should this be a test included in the test suit? meaning when you run all tests, should we run it as well? Or should we implement this as a helper test? Reason I'm asking is that it would be limited just to some devices and versions.

If we include it as a regular test, how to report a result if the device/versions is not applicable to run it?

• As SUCCESS? We didn't run anything, so no success here ;)
• As SKIPPED? but this translates to false
• hardcode the PanOS version and device type and skip the test if no match? I do not like the idea of hardcoding anything TBH

[adambaumeister]

No hardcoding. I think "is the RAID rebuilding?" returning passing if there's no RAID because of the version/model is fine, which would make it suitable to run in the test suite (suite-able?). You shouldn't need to code the check based on the model and version, just run the show system raid detail command and if there's no RAID, the test passes.