diff --git a/gcp/deployment-packages/ha-byol/README.md b/gcp/deployment-packages/ha-byol/README.md
index f37d3b7d..f915c4b4 100644
--- a/gcp/deployment-packages/ha-byol/README.md
+++ b/gcp/deployment-packages/ha-byol/README.md
@@ -117,6 +117,8 @@ To deploy the Deployment Manager's package manually, without using the GCP Marke
| | | | | |
| **shell** | Admin shell | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh;
|
| | | | | |
+| **deployWithPublicIPs** | Deploy HA with public IPs | boolean | true;
false; |
+| | | | | |
| **instanceSSHKey** | Public SSH key for the user 'admin' | string | A valid public ssh key |
| | | | | |
| **smart1CloudTokenA** | Smart-1 Cloud token to connect ***member A*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal.|
@@ -149,6 +151,7 @@ To deploy the Deployment Manager's package manually, without using the GCP Marke
generatePassword: false
allowUploadDownload: false
shell: "/bin/bash"
+ deployWithPublicIPs: true
cluster-network-cidr: "10.0.1.0/24"
cluster-network-name: "external-vpc"
cluster-network-subnetwork-name: "frontend"
diff --git a/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py b/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py
index 1fc434fd..61a2e521 100755
--- a/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py
+++ b/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py
@@ -31,6 +31,8 @@
MGMT_NIC = 1
+NO_PUBLIC_IP = 'no-public-ip'
+
startup_script = '''
#cloud-config
runcmd:
@@ -149,39 +151,44 @@ def make_static_address(prop, name):
return address
-def create_external_addresses(prop, resources, member_a_nics, member_b_nics):
- member_a_address_name = common.set_name_and_truncate(
- prop['deployment'], '-member-a-address')
- member_b_address_name = common.set_name_and_truncate(
- prop['deployment'], '-member-b-address')
+def create_external_addresses_if_needed(
+ prop, resources, member_a_nics, member_b_nics):
+ if not prop['deployWithPublicIPs']:
+ prop['primary_cluster_address_name'] = NO_PUBLIC_IP
+ prop['secondary_cluster_address_name'] = NO_PUBLIC_IP
+ else:
+ member_a_address_name = common.set_name_and_truncate(
+ prop['deployment'], '-member-a-address')
+ member_b_address_name = common.set_name_and_truncate(
+ prop['deployment'], '-member-b-address')
- prop['member_a_address_name'] = member_a_address_name
- prop['member_b_address_name'] = member_b_address_name
+ prop['member_a_address_name'] = member_a_address_name
+ prop['member_b_address_name'] = member_b_address_name
- member_a_address = make_static_address(prop, member_a_address_name)
- member_b_address = make_static_address(prop, member_b_address_name)
+ member_a_address = make_static_address(prop, member_a_address_name)
+ member_b_address = make_static_address(prop, member_b_address_name)
- resources += [member_a_address, member_b_address]
+ resources += [member_a_address, member_b_address]
- member_a_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
- '$(ref.{}.address)'.format(member_a_address_name))]
- member_b_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
- '$(ref.{}.address)'.format(member_b_address_name))]
+ member_a_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
+ '$(ref.{}.address)'.format(member_a_address_name))]
+ member_b_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
+ '$(ref.{}.address)'.format(member_b_address_name))]
- primary_cluster_address_name = common.set_name_and_truncate(
- prop['deployment'], '-primary-cluster-address')
- secondary_cluster_address_name = common.set_name_and_truncate(
- prop['deployment'], '-secondary-cluster-address')
+ primary_cluster_address_name = common.set_name_and_truncate(
+ prop['deployment'], '-primary-cluster-address')
+ secondary_cluster_address_name = common.set_name_and_truncate(
+ prop['deployment'], '-secondary-cluster-address')
- primary_cluster_address = make_static_address(
- prop, primary_cluster_address_name)
- secondary_cluster_address = make_static_address(
- prop, secondary_cluster_address_name)
+ primary_cluster_address = make_static_address(
+ prop, primary_cluster_address_name)
+ secondary_cluster_address = make_static_address(
+ prop, secondary_cluster_address_name)
- resources += [primary_cluster_address, secondary_cluster_address]
+ resources += [primary_cluster_address, secondary_cluster_address]
- prop['primary_cluster_address_name'] = primary_cluster_address_name
- prop['secondary_cluster_address_name'] = secondary_cluster_address_name
+ prop['primary_cluster_address_name'] = primary_cluster_address_name
+ prop['secondary_cluster_address_name'] = secondary_cluster_address_name
def make_nic(prop, net_name, subnet_name):
@@ -412,7 +419,8 @@ def generate_config(context):
member_b_nics = copy.deepcopy(member_a_nics)
- create_external_addresses(prop, resources, member_a_nics, member_b_nics)
+ create_external_addresses_if_needed(
+ prop, resources, member_a_nics, member_b_nics)
member_a_name = common.set_name_and_truncate(
prop['deployment'], '-member-a')
@@ -442,19 +450,10 @@ def generate_config(context):
'name': 'project',
'value': prop['project']
},
- {
- 'name': 'clusterIP',
- 'value': '$(ref.{}.address)'.format(
- prop['primary_cluster_address_name'])
- },
{
'name': 'vmAName',
'value': member_a_name,
},
- {
- 'name': 'vmAExternalIP',
- 'value': '$(ref.{}.address)'.format(prop['member_a_address_name'])
- },
{
'name': 'vmASelfLink',
'value': '$(ref.{}.selfLink)'.format(member_a_name),
@@ -463,10 +462,6 @@ def generate_config(context):
'name': 'vmBName',
'value': member_b_name,
},
- {
- 'name': 'vmBExternalIP',
- 'value': '$(ref.{}.address)'.format(prop['member_b_address_name'])
- },
{
'name': 'vmBSelfLink',
'value': '$(ref.{}.selfLink)'.format(member_b_name),
@@ -477,4 +472,23 @@ def generate_config(context):
}
]
+ if prop['deployWithPublicIPs']:
+ outputs += [
+ {
+ 'name': 'clusterIP',
+ 'value': '$(ref.{}.address)'.format(
+ prop['primary_cluster_address_name'])
+ },
+ {
+ 'name': 'vmAExternalIP',
+ 'value': '$(ref.{}.address)'.format(
+ prop['member_a_address_name'])
+ },
+ {
+ 'name': 'vmBExternalIP',
+ 'value': '$(ref.{}.address)'.format(
+ prop['member_b_address_name'])
+ }
+ ]
+
return common.MakeResource(resources, outputs)
diff --git a/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py.schema b/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py.schema
index 477ca252..fcc01058 100755
--- a/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py.schema
+++ b/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py.schema
@@ -39,6 +39,9 @@ properties:
gceMachineType:
minCpu: 2
minRamGb: 1.843000054359436
+ deployWithPublicIPs:
+ type: boolean
+ default: True
instanceSSHKey:
type: string
pattern: ^([0-9a-z\-]+ +[0-9A-Za-z/\+=]+( .*)?|)$
diff --git a/gcp/deployment-packages/ha-byol/config.yaml b/gcp/deployment-packages/ha-byol/config.yaml
index 16c4a3b9..e8012a71 100644
--- a/gcp/deployment-packages/ha-byol/config.yaml
+++ b/gcp/deployment-packages/ha-byol/config.yaml
@@ -25,6 +25,7 @@ resources:
generatePassword: "PLEASE ENTER true or false"
allowUploadDownload: "PLEASE ENTER true or false"
shell: "PLEASE ENTER A SHELL"
+ deployWithPublicIPs: "PLEASE ENTER true or false"
cluster-network-cidr: "PLEASE ENTER CLUSTER NETWORK CIDR"
cluster-network-name: "PLEASE ENTER CLUSTER NETWORK ID"
cluster-network-subnetwork-name: "PLEASE ENTER CLUSTER SUBNETWORK ID"
diff --git a/gcp/deployment-packages/ha-payg/README.md b/gcp/deployment-packages/ha-payg/README.md
index 686c236c..4f8405cd 100644
--- a/gcp/deployment-packages/ha-payg/README.md
+++ b/gcp/deployment-packages/ha-payg/README.md
@@ -117,6 +117,8 @@ To deploy the Deployment Manager's package manually, without using the GCP Marke
| | | | | |
| **shell** | Admin shell | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh;
|
| | | | | |
+| **deployWithPublicIPs** | Deploy HA with public IPs | boolean | true;
false; |
+| | | | | |
| **instanceSSHKey** | Public SSH key for the user 'admin' | string | A valid public ssh key |
| | | | | |
| **smart1CloudTokenA** | Smart-1 Cloud token to connect ***member A*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal.|
@@ -149,6 +151,7 @@ To deploy the Deployment Manager's package manually, without using the GCP Marke
generatePassword: false
allowUploadDownload: false
shell: "/bin/bash"
+ deployWithPublicIPs: true
cluster-network-cidr: "10.0.1.0/24"
cluster-network-name: "external-vpc"
cluster-network-subnetwork-name: "frontend"
diff --git a/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py b/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py
index 20afe462..6c554aac 100755
--- a/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py
+++ b/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py
@@ -31,6 +31,8 @@
MGMT_NIC = 1
+NO_PUBLIC_IP = 'no-public-ip'
+
startup_script = '''
#cloud-config
runcmd:
@@ -149,39 +151,44 @@ def make_static_address(prop, name):
return address
-def create_external_addresses(prop, resources, member_a_nics, member_b_nics):
- member_a_address_name = common.set_name_and_truncate(
- prop['deployment'], '-member-a-address')
- member_b_address_name = common.set_name_and_truncate(
- prop['deployment'], '-member-b-address')
+def create_external_addresses_if_needed(
+ prop, resources, member_a_nics, member_b_nics):
+ if not prop['deployWithPublicIPs']:
+ prop['primary_cluster_address_name'] = NO_PUBLIC_IP
+ prop['secondary_cluster_address_name'] = NO_PUBLIC_IP
+ else:
+ member_a_address_name = common.set_name_and_truncate(
+ prop['deployment'], '-member-a-address')
+ member_b_address_name = common.set_name_and_truncate(
+ prop['deployment'], '-member-b-address')
- prop['member_a_address_name'] = member_a_address_name
- prop['member_b_address_name'] = member_b_address_name
+ prop['member_a_address_name'] = member_a_address_name
+ prop['member_b_address_name'] = member_b_address_name
- member_a_address = make_static_address(prop, member_a_address_name)
- member_b_address = make_static_address(prop, member_b_address_name)
+ member_a_address = make_static_address(prop, member_a_address_name)
+ member_b_address = make_static_address(prop, member_b_address_name)
- resources += [member_a_address, member_b_address]
+ resources += [member_a_address, member_b_address]
- member_a_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
- '$(ref.{}.address)'.format(member_a_address_name))]
- member_b_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
- '$(ref.{}.address)'.format(member_b_address_name))]
+ member_a_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
+ '$(ref.{}.address)'.format(member_a_address_name))]
+ member_b_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
+ '$(ref.{}.address)'.format(member_b_address_name))]
- primary_cluster_address_name = common.set_name_and_truncate(
- prop['deployment'], '-primary-cluster-address')
- secondary_cluster_address_name = common.set_name_and_truncate(
- prop['deployment'], '-secondary-cluster-address')
+ primary_cluster_address_name = common.set_name_and_truncate(
+ prop['deployment'], '-primary-cluster-address')
+ secondary_cluster_address_name = common.set_name_and_truncate(
+ prop['deployment'], '-secondary-cluster-address')
- primary_cluster_address = make_static_address(
- prop, primary_cluster_address_name)
- secondary_cluster_address = make_static_address(
- prop, secondary_cluster_address_name)
+ primary_cluster_address = make_static_address(
+ prop, primary_cluster_address_name)
+ secondary_cluster_address = make_static_address(
+ prop, secondary_cluster_address_name)
- resources += [primary_cluster_address, secondary_cluster_address]
+ resources += [primary_cluster_address, secondary_cluster_address]
- prop['primary_cluster_address_name'] = primary_cluster_address_name
- prop['secondary_cluster_address_name'] = secondary_cluster_address_name
+ prop['primary_cluster_address_name'] = primary_cluster_address_name
+ prop['secondary_cluster_address_name'] = secondary_cluster_address_name
def make_nic(prop, net_name, subnet_name):
@@ -412,7 +419,8 @@ def generate_config(context):
member_b_nics = copy.deepcopy(member_a_nics)
- create_external_addresses(prop, resources, member_a_nics, member_b_nics)
+ create_external_addresses_if_needed(
+ prop, resources, member_a_nics, member_b_nics)
member_a_name = common.set_name_and_truncate(
prop['deployment'], '-member-a')
@@ -442,19 +450,10 @@ def generate_config(context):
'name': 'project',
'value': prop['project']
},
- {
- 'name': 'clusterIP',
- 'value': '$(ref.{}.address)'.format(
- prop['primary_cluster_address_name'])
- },
{
'name': 'vmAName',
'value': member_a_name,
},
- {
- 'name': 'vmAExternalIP',
- 'value': '$(ref.{}.address)'.format(prop['member_a_address_name'])
- },
{
'name': 'vmASelfLink',
'value': '$(ref.{}.selfLink)'.format(member_a_name),
@@ -463,10 +462,6 @@ def generate_config(context):
'name': 'vmBName',
'value': member_b_name,
},
- {
- 'name': 'vmBExternalIP',
- 'value': '$(ref.{}.address)'.format(prop['member_b_address_name'])
- },
{
'name': 'vmBSelfLink',
'value': '$(ref.{}.selfLink)'.format(member_b_name),
@@ -477,4 +472,23 @@ def generate_config(context):
}
]
+ if prop['deployWithPublicIPs']:
+ outputs += [
+ {
+ 'name': 'clusterIP',
+ 'value': '$(ref.{}.address)'.format(
+ prop['primary_cluster_address_name'])
+ },
+ {
+ 'name': 'vmAExternalIP',
+ 'value': '$(ref.{}.address)'.format(
+ prop['member_a_address_name'])
+ },
+ {
+ 'name': 'vmBExternalIP',
+ 'value': '$(ref.{}.address)'.format(
+ prop['member_b_address_name'])
+ }
+ ]
+
return common.MakeResource(resources, outputs)
diff --git a/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py.schema b/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py.schema
index ce314af2..9c674034 100755
--- a/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py.schema
+++ b/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py.schema
@@ -39,6 +39,9 @@ properties:
gceMachineType:
minCpu: 2
minRamGb: 1.843000054359436
+ deployWithPublicIPs:
+ type: boolean
+ default: True
instanceSSHKey:
type: string
pattern: ^([0-9a-z\-]+ +[0-9A-Za-z/\+=]+( .*)?|)$
diff --git a/gcp/deployment-packages/ha-payg/config.yaml b/gcp/deployment-packages/ha-payg/config.yaml
index 1aa1aab3..de203447 100644
--- a/gcp/deployment-packages/ha-payg/config.yaml
+++ b/gcp/deployment-packages/ha-payg/config.yaml
@@ -25,6 +25,7 @@ resources:
generatePassword: "PLEASE ENTER true or false"
allowUploadDownload: "PLEASE ENTER true or false"
shell: "PLEASE ENTER A SHELL"
+ deployWithPublicIPs: "PLEASE ENTER true or false"
cluster-network-cidr: "PLEASE ENTER CLUSTER NETWORK CIDR"
cluster-network-name: "PLEASE ENTER CLUSTER NETWORK ID"
cluster-network-subnetwork-name: "PLEASE ENTER CLUSTER SUBNETWORK ID"