Created
July 15, 2016 13:02
-
-
Save Jcpetrucci/4905533d47eacb86db1104ab8c293732 to your computer and use it in GitHub Desktop.
Run tmux on a server in the same subnet as Palo Alto Panorama. After a delay, tmux emulates your keystrokes to rollback the config.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
which tmux >/dev/null || { printf '%s\n' 'Error: could not locate tmux.' >&2; exit 1; } | |
# Create session, window, pane | |
readonly SESSION_NAME="$(head -c 30 <(tr -d -c [:alnum:] </dev/urandom))" | |
tmux start-server | |
tmux new-session -d -s $SESSION_NAME | |
tmux split-window -d -v -p 10 | |
# Configure timer: | |
SECONDS_TIL_ROLLBACK=300 | |
readonly EPOCH_NOW="$(date '+%s')" | |
readonly EPOCH_ROLLBACK=$((EPOCH_NOW + SECONDS_TIL_ROLLBACK )) | |
tmux set-option -t $SESSION_NAME status on | |
tmux set-option -t $SESSION_NAME status-interval 1 | |
tmux set-option -t $SESSION_NAME status-left-length 70 | |
# Start rollback 'deadman switch': | |
{ | |
sleep ${SECONDS_TIL_ROLLBACK}s; | |
tmux send-keys -t ${SESSION_NAME}:0.0 C-w; | |
sleep 2s | |
tmux send-keys -t ${SESSION_NAME}:0.0 'configure' C-m; | |
sleep 2s | |
tmux send-keys -t ${SESSION_NAME}:0.0 'load config from rollback.xml' C-m; | |
sleep 2s | |
tmux send-keys -t ${SESSION_NAME}:0.0 'commit description "automatic rollback"' C-m; | |
sleep 2s | |
tmux send-keys -t ${SESSION_NAME}:0.0 'run commit-all shared-policy include-template yes description "automatic rollback" device-group YOURDEVICEGROUPNAME' C-m; | |
} & | |
{ | |
while :; | |
do sleep 1s; | |
SECONDS_TIL_ROLLBACK=$((EPOCH_ROLLBACK - $(date '+%s') )); | |
if (( SECONDS_TIL_ROLLBACK < 30 )); then | |
if (( SECONDS_TIL_ROLLBACK % 2 )); then | |
tmux set-option -q -t $SESSION_NAME status-bg red | |
else | |
tmux set-option -q -t $SESSION_NAME status-bg blue | |
fi | |
fi | |
tmux set-option -q -t $SESSION_NAME status-left "Automatic rollback in: #(echo $SECONDS_TIL_ROLLBACK ) seconds."; | |
done; | |
} & | |
tmux send-keys -t ${SESSION_NAME}:0.1 'clear; read -p "In the top pane, SSH to Panorama as a user with \"superuser\" CLI access. Save the known-good configuration as \"rollback.xml\". From either the webUI or CLI, make the configuration changes and commit to both Panorama and the managed firewalls."; logout' C-m | |
# Attach to session: | |
tmux attach-session -d -t $SESSION_NAME | |
# Stop backgrounded jobs: | |
kill $(jobs -p) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Demo: https://asciinema.org/a/8cd6m60qkxbw88ls2q8q0zwcy