Skip to content

Commit

Permalink
changed description and add log server support
Browse files Browse the repository at this point in the history
  • Loading branch information
@chkp-yizhako
chkp-yizhako committed Feb 7, 2024
1 parent 7f3b859 commit 38b9f41
Show file tree
Hide file tree
Showing 18 changed files with 41 additions and 29 deletions.
4 changes: 2 additions & 2 deletions terraform/aws/gwlb-master/README.md
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions terraform/aws/gwlb/README.md
View file

Large diffs are not rendered by default.

7 changes: 4 additions & 3 deletions terraform/aws/management/README.md
View file

Large diffs are not rendered by default.

6 changes: 6 additions & 0 deletions terraform/aws/management/locals.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,4 +67,10 @@ locals {
manage_over_the_internet = var.gateway_management == "Over the internet" ? true : false
manage_over_internet_and_EIP = var.allocate_and_associate_eip && local.manage_over_the_internet ? true : false
pub_mgmt = local.manage_over_internet_and_EIP ? true : false

management_installation_type_allowed_values = [
"Primary management",
"Secondary management",
"Log Server"]
validate_management_installation_type = index(local.management_installation_type_allowed_values, var.management_installation_type)
}
2 changes: 1 addition & 1 deletion terraform/aws/management/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ resource "aws_instance" "management-instance" {
NTPSecondary = var.secondary_ntp
Shell = var.admin_shell,
AdminSubnet = var.admin_cidr
IsPrimary = var.is_primary_management
ManagementInstallationType = var.management_installation_type
SICKey = local.management_SICkey_base64,
OsVersion = local.version_split
EnableInstanceConnect = var.enable_instance_connect
Expand Down
2 changes: 1 addition & 1 deletion terraform/aws/management/management_userdata.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"management\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20231012\" templateName=\"management\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" primary=\"${IsPrimary}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" overTheInternet=\"${PubMgmt}\" bootstrapScript64=\"${BootstrapScript}\"
python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"management\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20231012\" templateName=\"management\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" "management_installation_type=\"${ManagementInstallationType}\"" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" overTheInternet=\"${PubMgmt}\" bootstrapScript64=\"${BootstrapScript}\"
2 changes: 1 addition & 1 deletion terraform/aws/management/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ management_password_hash = ""
management_maintenance_mode_password_hash = "" # For R81.10 and below the management_password_hash is used also as maintenance-mode password.
// --- Security Management Server Settings ---
management_hostname = "mgmt-tf"
is_primary_management = "true"
management_installation_type = "Primary management"
SICKey = ""
allow_upload_download = "true"
gateway_management = "Locally managed"
Expand Down
8 changes: 4 additions & 4 deletions terraform/aws/management/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,10 +133,10 @@ variable "management_hostname" {
description = "(Optional) Security Management Server prompt hostname"
default = ""
}
variable "is_primary_management" {
type = bool
description = "Determines if this is the primary management server or not"
default = true
variable "management_installation_type" {
type = string
description = "Determines the Management Server installation type: Primary management, Secondary management, Log Server"
default = "Primary management"
}
variable "SICKey" {
type = string
Expand Down
4 changes: 2 additions & 2 deletions terraform/aws/qs-autoscale-master/README.md
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions terraform/aws/qs-autoscale/README.md
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion terraform/aws/standalone-master/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ secret_key = "my-secret-key"
| secondary_ntp | (Optional) The IPv4 addresses of Network Time Protocol secondary server | string | n/a | 0.pool.ntp.org | no |
| admin_cidr | (CIDR) Allow web, ssh, and graphical clients only from this network to communicate with the Management Server | string | n/a | 0.0.0.0/0 | no |
| gateway_addresses | (CIDR) Allow gateways only from this network to communicate with the Management Server | string | n/a | 0.0.0.0/0 | no |
| standalone_maintenance_mode_password_hash | (Optional) Gateway admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
| standalone_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
## Outputs
Expand Down
Loading

0 comments on commit 38b9f41

Please sign in to comment.