Merge pull request #345 from chkp-nimrodgab/ng-dev

AWS CFT & Terraform | add IPs tag to single az cluster +cross az cluster members
CheckPointSW · Mar 7, 2024 · d92907e · d92907e
2 parents 7c4b304 + 994d69f
commit d92907e
Show file tree

Hide file tree

Showing 7 changed files with 76 additions and 10 deletions.
diff --git a/aws/templates/cluster/cluster.yaml b/aws/templates/cluster/cluster.yaml
@@ -525,6 +525,18 @@ Resources:
       Tags:
         - Key: Name
           Value: !Join ['-', [!Ref GatewayName, Member-A]]
+        - Key: x-chkp-member-ips
+          Value: !Join
+            - ':'
+            - - !Join [ '=', [ public-ip, !If [ AllocateAddress, !Ref MemberAPublicAddress, '' ] ] ]
+              - !Join [ '=', [ external-private-ip, !GetAtt MemberAExternalInterface.PrimaryPrivateIpAddress ] ]
+              - !Join [ '=', [ internal-private-ip, !GetAtt MemberAInternalInterface.PrimaryPrivateIpAddress ] ]
+        - Key: x-chkp-cluster-ips
+          Value: !Join
+            - ':'
+            - - !Join [ '=', [ cluster-ip, !Ref ClusterPublicAddress ] ]
+              - !Join [ '=', [ cluster-eth0-private-ip, !Select [ 0, !GetAtt MemberAExternalInterface.SecondaryPrivateIpAddresses ] ] ]
+              - !Join [ '=', [ cluster-eth1-private-ip, !Select [ 0, !GetAtt MemberAInternalInterface.SecondaryPrivateIpAddresses ] ] ]
       ImageId: !GetAtt AMI.Outputs.ImageId
       InstanceType: !Ref GatewayInstanceType
       BlockDeviceMappings:
@@ -568,6 +580,18 @@ Resources:
       Tags:
         - Key: Name
           Value: !Join ['-', [!Ref GatewayName, Member-B]]
+        - Key: x-chkp-member-ips
+          Value: !Join
+            - ':'
+            - - !Join [ '=', [ public-ip, !If [ AllocateAddress, !Ref MemberBPublicAddress, '' ] ] ]
+              - !Join [ '=', [ external-private-ip, !GetAtt MemberBExternalInterface.PrimaryPrivateIpAddress ] ]
+              - !Join [ '=', [ internal-private-ip, !GetAtt MemberBInternalInterface.PrimaryPrivateIpAddress ] ]
+        - Key: x-chkp-cluster-ips
+          Value: !Join
+            - ':'
+            - - !Join [ '=', [ cluster-ip, !Ref ClusterPublicAddress ] ]
+              - !Join [ '=', [ cluster-eth0-private-ip, !Select [ 0, !GetAtt MemberAExternalInterface.SecondaryPrivateIpAddresses ] ] ]
+              - !Join [ '=', [ cluster-eth1-private-ip, !Select [ 0, !GetAtt MemberAInternalInterface.SecondaryPrivateIpAddresses ] ] ]
       ImageId: !GetAtt AMI.Outputs.ImageId
       InstanceType: !Ref GatewayInstanceType
       BlockDeviceMappings:

diff --git a/aws/templates/cross-az-cluster/cross-az-cluster.yaml b/aws/templates/cross-az-cluster/cross-az-cluster.yaml
@@ -576,6 +576,17 @@ Resources:
       Tags:
         - Key: Name
           Value: !Join ['-', [!Ref GatewayName, Member-A]]
+        - Key: x-chkp-member-ips
+          Value: !Join
+            - ':'
+            - - !Join [ '=', [ public-ip, !Ref MemberAPublicAddress ] ]
+              - !Join [ '=', [ external-private-ip, !GetAtt MemberAExternalInterface.PrimaryPrivateIpAddress ] ]
+              - !Join [ '=', [ internal-private-ip, !GetAtt MemberAInternalInterface.PrimaryPrivateIpAddress ] ]
+        - Key: x-chkp-cluster-ips
+          Value: !Join
+            - ':'
+            - - !Join [ '=', [ cluster-ip, !Ref ClusterPublicAddress ] ]
+              - !Join [ '=', [ secondary-external-private-ip, !Select [ 0, !GetAtt MemberAExternalInterface.SecondaryPrivateIpAddresses ] ] ]
       ImageId: !GetAtt AMI.Outputs.ImageId
       InstanceType: !Ref GatewayInstanceType
       BlockDeviceMappings:
@@ -623,6 +634,17 @@ Resources:
       Tags:
         - Key: Name
           Value: !Join ['-', [!Ref GatewayName, Member-B]]
+        - Key: x-chkp-member-ips
+          Value: !Join
+            - ':'
+            - - !Join [ '=', [ public-ip, !Ref MemberBPublicAddress ] ]
+              - !Join [ '=', [ external-private-ip, !GetAtt MemberBExternalInterface.PrimaryPrivateIpAddress ] ]
+              - !Join [ '=', [ internal-private-ip, !GetAtt MemberBInternalInterface.PrimaryPrivateIpAddress ] ]
+        - Key: x-chkp-cluster-ips
+          Value: !Join
+            - ':'
+            - - !Join [ '=', [ cluster-ip, !Ref ClusterPublicAddress ] ]
+              - !Join [ '=', [ secondary-external-private-ip, !Select [ 0, !GetAtt MemberBExternalInterface.SecondaryPrivateIpAddresses ] ] ]
       ImageId: !GetAtt AMI.Outputs.ImageId
       InstanceType: !Ref GatewayInstanceType
       BlockDeviceMappings:

diff --git a/terraform/aws/cluster/README.md b/terraform/aws/cluster/README.md
@@ -191,6 +191,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
 | 20230914         | Add support for maintenance mode password                                                                     |
 | 20230923         | Add support for C5d instance type                                                                             |
 | 20231012         | Update AWS Terraform provider version to 5.20.1                                                               |
+| 20240304         | Add x-chkp-cluster-ips, x-chkp-member-ips tags to cluster members                                             |
 
 
 ## License

diff --git a/terraform/aws/cluster/main.tf b/terraform/aws/cluster/main.tf
@@ -112,7 +112,12 @@ resource "aws_instance" "member-a-instance" {
   }
 
   tags = merge({
-    Name = format("%s-Member-A",var.gateway_name)
+    Name = format("%s-Member-A",var.gateway_name),
+    x-chkp-member-ips = format("public-ip=%s:external-private-ip=%s:internal-private-ip=%s",
+      var.allocate_and_associate_eip ? aws_eip.member_a_eip[0].public_ip : "", aws_network_interface.member_a_external_eni.private_ip,aws_network_interface.member_a_internal_eni.private_ip),
+    x-chkp-cluster-ips = format("cluster-ip=%s:cluster-eth0-private-ip=%s:cluster-eth1-private-ip=%s",
+      aws_eip.cluster_eip.public_ip, element(tolist(setsubtract(tolist(aws_network_interface.member_a_external_eni.private_ips), [aws_network_interface.member_a_external_eni.private_ip])), 0),
+      element(tolist(setsubtract(tolist(aws_network_interface.member_a_internal_eni.private_ips), [aws_network_interface.member_a_internal_eni.private_ip])), 0))
   }, var.instance_tags)
 
   ebs_block_device {
@@ -146,7 +151,7 @@ resource "aws_instance" "member-a-instance" {
     GatewayBootstrapScript = local.gateway_bootstrap_script64,
     SICKey = local.gateway_SICkey_base64,
     TokenA = var.memberAToken,
-    MemberAPublicAddress =  aws_eip.member_a_eip[0].public_ip,
+    MemberAPublicAddress =  var.allocate_and_associate_eip ? aws_eip.member_a_eip[0].public_ip : "",
     AllocateAddress = var.allocate_and_associate_eip,
     OsVersion = local.version_split
   })
@@ -168,7 +173,12 @@ resource "aws_instance" "member-b-instance" {
   }
 
   tags = merge({
-    Name = format("%s-Member-B",var.gateway_name)
+    Name = format("%s-Member-B",var.gateway_name),
+    x-chkp-member-ips = format("public-ip=%s:external-private-ip=%s:internal-private-ip=%s",
+      var.allocate_and_associate_eip ? aws_eip.member_b_eip[0].public_ip : "", aws_network_interface.member_b_external_eni.private_ip,aws_network_interface.member_b_internal_eni.private_ip),
+    x-chkp-cluster-ips = format("cluster-ip=%s:cluster-eth0-private-ip=%s:cluster-eth1-private-ip=%s",
+      aws_eip.cluster_eip.public_ip, element(tolist(setsubtract(tolist(aws_network_interface.member_a_external_eni.private_ips), [aws_network_interface.member_a_external_eni.private_ip])), 0),
+      element(tolist(setsubtract(tolist(aws_network_interface.member_a_internal_eni.private_ips), [aws_network_interface.member_a_internal_eni.private_ip])), 0))
   }, var.instance_tags)
 
   ebs_block_device {
@@ -202,7 +212,7 @@ resource "aws_instance" "member-b-instance" {
     GatewayBootstrapScript = local.gateway_bootstrap_script64,
     SICKey = local.gateway_SICkey_base64,
     TokenB = var.memberBToken,
-    MemberBPublicAddress =  aws_eip.member_b_eip[0].public_ip,
+    MemberBPublicAddress =  var.allocate_and_associate_eip ? aws_eip.member_b_eip[0].public_ip : "",
     AllocateAddress = var.allocate_and_associate_eip,
     OsVersion = local.version_split
   })

diff --git a/terraform/aws/cluster/output.tf b/terraform/aws/cluster/output.tf
@@ -11,14 +11,14 @@ output "member_b_public_ip" {
   value = aws_eip.member_b_eip.*.public_ip
 }
 output "member_a_ssh" {
-  value = format("ssh -i %s admin@%s", var.key_name, aws_eip.member_a_eip[0].public_ip)
+  value = var.allocate_and_associate_eip ? format("ssh -i %s admin@%s", var.key_name, aws_eip.member_a_eip[0].public_ip) : ""
 }
 output "member_b_ssh" {
-  value = format("ssh -i %s admin@%s", var.key_name, aws_eip.member_b_eip[0].public_ip)
+  value = var.allocate_and_associate_eip ? format("ssh -i %s admin@%s", var.key_name, aws_eip.member_b_eip[0].public_ip) : ""
 }
 output "member_a_url" {
-  value = format("https://%s", aws_eip.member_a_eip[0].public_ip)
+  value = var.allocate_and_associate_eip ? format("https://%s", aws_eip.member_a_eip[0].public_ip) : ""
 }
 output "member_b_url" {
-  value = format("https://%s", aws_eip.member_b_eip[0].public_ip)
+  value = var.allocate_and_associate_eip ? format("https://%s", aws_eip.member_b_eip[0].public_ip) : ""
 }
diff --git a/terraform/aws/cross-az-cluster/README.md b/terraform/aws/cross-az-cluster/README.md
@@ -187,6 +187,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
 | 20230914         | Add support for maintenance mode password                                                                     |
 | 20230923         | Add support for C5d instance type                                                                             |
 | 20231012         | Update AWS Terraform provider version to 5.20.1                                                               |
+| 20240304         | Add x-chkp-cluster-ips, x-chkp-member-ips tags to cluster members                                             |
 ## License
 
 This project is licensed under the MIT License - see the [LICENSE](../../../cross-az/LICENSE) file for details
diff --git a/terraform/aws/cross-az-cluster/main.tf b/terraform/aws/cross-az-cluster/main.tf
@@ -111,7 +111,11 @@ resource "aws_instance" "member-a-instance" {
   }
 
   tags = merge({
-    Name = format("%s-Member-A",var.gateway_name)
+    Name = format("%s-Member-A",var.gateway_name),
+    x-chkp-member-ips = format("public-ip=%s:external-private-ip=%s:internal-private-ip=%s",
+      aws_eip.member_a_eip.public_ip, aws_network_interface.member_a_external_eni.private_ip,aws_network_interface.member_a_internal_eni.private_ip),
+    x-chkp-cluster-ips = format("cluster-ip=%s:secondary-external-private-ip=%s",
+      aws_eip.cluster_eip.public_ip, element(tolist(setsubtract(tolist(aws_network_interface.member_a_external_eni.private_ips), [aws_network_interface.member_a_external_eni.private_ip])), 0))
   }, var.instance_tags)
 
   ebs_block_device {
@@ -171,7 +175,11 @@ resource "aws_instance" "member-b-instance" {
   }
 
   tags = merge({
-    Name = format("%s-Member-B",var.gateway_name)
+    Name = format("%s-Member-B",var.gateway_name),
+    x-chkp-member-ips = format("public-ip=%s:external-private-ip=%s:internal-private-ip=%s",
+      aws_eip.member_b_eip.public_ip, aws_network_interface.member_b_external_eni.private_ip,aws_network_interface.member_b_internal_eni.private_ip),
+    x-chkp-cluster-ips = format("cluster-ip=%s:secondary-external-private-ip=%s",
+      aws_eip.cluster_eip.public_ip, element(tolist(setsubtract(tolist(aws_network_interface.member_b_external_eni.private_ips), [aws_network_interface.member_b_external_eni.private_ip])), 0))
   }, var.instance_tags)
 
   ebs_block_device {