Skip to content

Commit

Permalink
Add bootstrap and update provider version
Browse files Browse the repository at this point in the history
  • Loading branch information
@chkp-yizhako
chkp-yizhako committed Oct 23, 2023
1 parent d270069 commit ce7d457
Show file tree
Hide file tree
Showing 91 changed files with 427 additions and 318 deletions.
7 changes: 4 additions & 3 deletions terraform/aws/autoscale-gwlb/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ secret_key = "my-secret-key"
enable_instance_connect = false
allow_upload_download = true
enable_cloudwatch = false
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"



Expand Down Expand Up @@ -171,8 +171,9 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh<br/>- Add description for reserved words in hostname |
| 20230806 | Add support for c6in instance type |
| 20230830 | Change default Check Point version to R81.20 |
| 20230923 | Add support for C5d instance type |
| 20230829 | Change default Check Point version to R81.20 |
| 20230923 | Add support for C5d instance type |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
## License
Expand Down
2 changes: 1 addition & 1 deletion terraform/aws/autoscale-gwlb/asg_userdata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,4 @@ bootcmd:
- echo "cpprod_util CPPROD_SetValue \"fw1\" \"AwsGwlb\" 4 1 1" >> /etc/rc.local
runcmd:
- |
python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230923\" templateName=\"autoscale_gwlb\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${BootstrapScript}\"
python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20231012\" templateName=\"autoscale_gwlb\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${BootstrapScript}\"
31 changes: 19 additions & 12 deletions terraform/aws/autoscale-gwlb/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,31 +85,38 @@ resource "aws_autoscaling_group" "asg" {
vpc_zone_identifier = var.subnet_ids
health_check_grace_period = 0

tags = concat(
[
{
tag {
key = "Name"
value = format("%s%s", var.prefix != "" ? format("%s-", var.prefix) : "", var.gateway_name)
propagate_at_launch = true
},
{
}

tag {
key = "x-chkp-tags"
value = format("management=%s:template=%s:ip-address=%s", var.management_server, var.configuration_template, var.gateways_provision_address_type)
propagate_at_launch = true
},
{
}

tag {
key = "x-chkp-topology"
value = "internal"
propagate_at_launch = true
},
{
}

tag {
key = "x-chkp-solution"
value = "autoscale_gwlb"
propagate_at_launch = true
}
],
local.tags_asg_format
)

dynamic "tag" {
for_each = var.instances_tags
content {
key = tag.key
value = tag.value
propagate_at_launch = true
}
}
}

data "aws_iam_policy_document" "assume_role_policy_document" {
Expand Down
2 changes: 1 addition & 1 deletion terraform/aws/autoscale-gwlb/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,5 +36,5 @@ gateway_SICKey = "12345678"
enable_instance_connect = false
allow_upload_download = true
enable_cloudwatch = false
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"

6 changes: 3 additions & 3 deletions terraform/aws/autoscale-gwlb/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.24.1"
version = "~> 5.20.0"
}
http = {
version = "~> 2.0.0"
version = "~> 3.4.0"
}
random = {
version = "~> 3.0.1"
version = "~> 3.5.1"
}
}
}
8 changes: 4 additions & 4 deletions terraform/aws/cluster-master/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ secret_key = "my-secret-key"
gateway_hostname = "gw-hostname"
allow_upload_download = true
enable_cloudwatch = false
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
primary_ntp = ""
secondary_ntp = ""
```
Expand Down Expand Up @@ -208,9 +208,9 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20230503 | Smart-1 Cloud token validation |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh<br/>- Add description for reserved words in hostname |
| 20230806 | Add support for c6in instance type |
| 20230830 | Change default Check Point version to R81.20 |
| 20230923 | Add support for C5d instance type |
| 20230829 | Change default Check Point version to R81.20 |
| 20230923 | Add support for C5d instance type |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
## License
Expand Down
2 changes: 1 addition & 1 deletion terraform/aws/cluster-master/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,6 @@ resources_tag_name = "tag-name"
gateway_hostname = "gw-hostname"
allow_upload_download = true
enable_cloudwatch = false
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
primary_ntp = ""
secondary_ntp = ""
4 changes: 2 additions & 2 deletions terraform/aws/cluster-master/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.24.1"
version = "~> 5.20.0"
}
http = {
version = "~> 2.0.0"
version = "~> 3.4.0"
}
}
}
7 changes: 4 additions & 3 deletions terraform/aws/cluster/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ secret_key = "my-secret-key"
gateway_hostname = "gw-hostname"
allow_upload_download = true
enable_cloudwatch = false
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
primary_ntp = ""
secondary_ntp = ""
```
Expand Down Expand Up @@ -186,8 +186,9 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20230503 | Smart-1 Cloud token validation |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh<br/>- Add description for reserved words in hostname |
| 20230806 | Add support for c6in instance type |
| 20230830 | Change default Check Point version to R81.20 |
| 20230923 | Add support for C5d instance type |
| 20230829 | Change default Check Point version to R81.20 |
| 20230923 | Add support for C5d instance type |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
## License
Expand Down
2 changes: 1 addition & 1 deletion terraform/aws/cluster/cluster_member_a_userdata.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenA}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberAPublicAddress}\" templateVersion=\"20230923\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenA}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberAPublicAddress}\" templateVersion=\"20231012\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
2 changes: 1 addition & 1 deletion terraform/aws/cluster/cluster_member_b_userdata.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenB}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberBPublicAddress}\" templateVersion=\"20230923\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenB}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberBPublicAddress}\" templateVersion=\"20231012\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
5 changes: 2 additions & 3 deletions terraform/aws/cluster/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,15 +207,14 @@ resource "aws_instance" "member-b-instance" {
}

resource "aws_eip" "cluster_eip" {
vpc = true
}

resource "aws_eip" "member_a_eip" {
count = var.allocate_and_associate_eip ? 1 : 0
vpc = true
}

resource "aws_eip" "member_b_eip" {
count = var.allocate_and_associate_eip ? 1 : 0
vpc = true
}

resource "aws_eip_association" "cluster_address_assoc" {
Expand Down
2 changes: 1 addition & 1 deletion terraform/aws/cluster/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,6 @@ resources_tag_name = "tag-name"
gateway_hostname = "gw-hostname"
allow_upload_download = true
enable_cloudwatch = false
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
primary_ntp = ""
secondary_ntp = ""
4 changes: 2 additions & 2 deletions terraform/aws/cluster/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.24.1"
version = "~> 5.20.0"
}
http = {
version = "~> 2.0.0"
version = "~> 3.4.0"
}
}
}
2 changes: 1 addition & 1 deletion terraform/aws/cme-iam-role-gwlb/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|--------------------------------------------------------------------|
| 20230926 | CME instance profile for IAM Role |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
## License
Expand Down
2 changes: 1 addition & 1 deletion terraform/aws/cme-iam-role-gwlb/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.24.1"
version = "~> 5.20.0"
}
}
}
3 changes: 2 additions & 1 deletion terraform/aws/cme-iam-role/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,8 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|--------------------------------------------------------------------|
| 20210309 | First release of Check Point CME IAM Role Terraform module for AWS |
| 20230529 | CME instance profile for IAM Role |
| 20230514 | CME instance profile for IAM Role |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
Expand Down
2 changes: 1 addition & 1 deletion terraform/aws/cme-iam-role/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.24.1"
version = "~> 5.20.0"
}
}
}
23 changes: 12 additions & 11 deletions terraform/aws/cross-az-cluster-master/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ secret_key = "my-secret-key"
gateway_hostname = "gw-hostname"
allow_upload_download = true
enable_cloudwatch = false
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
primary_ntp = ""
secondary_ntp = ""
```
Expand Down Expand Up @@ -198,16 +198,17 @@ secret_key = "my-secret-key"
## Revision History
In order to check the template version, please refer to [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 20221123 | First release of Check Point Security Cross AZ Cluster Master Terraform module for AWS |
| 20221123 | Changed default version and added instances types |
| 20221123 | R81.20 version support |
| 20230411 | - Improved deployment experience for gateways and clusters managed by Smart-1 Cloud<br/>- Multiple VIPs support for Cross Availability Zone Cluster. For more details refer to the [Cross Availability Zone Cluster for AWS R81.20 Administration Guide](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_for_AWS_Cross_AZ_Cluster/Content/Topics-AWS-CrossAZ-Cluster-AG/Check-Point-CloudGuard-for-AWS.htm) -> "Deploying Cross AZ Cluster with multiple VIPs" section. |
| 20230503 | Smart-1 Cloud token validation |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh<br/>- Add description for reserved words in hostname |
| 20230806 | Add support for c6in instance type |
| 20230923 | Add support for C5d instance type |
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------------------|
| 20221123 | First release of Check Point Security Cross AZ Cluster Master Terraform module for AWS |
| 20221123 | Changed default version and added instances types |
| 20221123 | R81.20 version support |
| 20230411 | - Improved deployment experience for gateways and clusters managed by Smart-1 Cloud<br/>- Multiple VIPs support for Cross Availability Zone Cluster. For more details refer to the [Cross Availability Zone Cluster for AWS R81.20 Administration Guide](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_for_AWS_Cross_AZ_Cluster/Content/Topics-AWS-CrossAZ-Cluster-AG/Check-Point-CloudGuard-for-AWS.htm) -> "Deploying Cross AZ Cluster with multiple VIPs" section. |
| 20230503 | Smart-1 Cloud token validation |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh<br/>- Add description for reserved words in hostname |
| 20230806 | Add support for c6in instance type |
| 20230923 | Add support for C5d instance type |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
## License
Expand Down
Loading

0 comments on commit ce7d457

Please sign in to comment.