Skip to content

Commit

Permalink
feat: Add SCM bootstrap options (#80)
Browse files Browse the repository at this point in the history 
Co-authored-by: Slawomir Kaczmarek <[email protected]>
  • Loading branch information
@slawomir-kaczmarek
slawomir-kaczmarek and Slawomir Kaczmarek authored Sep 19, 2024
1 parent 60593ca commit 3c1e010
Show file tree
Hide file tree
Showing 30 changed files with 270 additions and 98 deletions.
2 changes: 1 addition & 1 deletion examples/centralized_design/README.md
View file

Large diffs are not rendered by default.

25 changes: 21 additions & 4 deletions examples/centralized_design/example.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -488,20 +488,37 @@ vmseries = {
"02" = { az = "eu-west-1b" }
}

# Value of `panorama-server`, `auth-key`, `dgname`, `tplname` can be taken from plugin `sw_fw_license`
# Value of `panorama-server`, `auth-key`, `dgname`, `tplname` can be taken from plugin `sw_fw_license`. Delete map if SCM bootstrap required.
bootstrap_options = {
mgmt-interface-swap = "enable"
plugin-op-commands = "panorama-licensing-mode-on,aws-gwlb-inspect:enable,aws-gwlb-overlay-routing:enable" # TODO: update here
panorama-server = "10.255.0.10" # TODO: update here
panorama-server = "" # TODO: update here
auth-key = "" # TODO: update here
dgname = "centralized" # TODO: update here
tplname = "centralized-stack" # TODO: update here
dgname = "" # TODO: update here
tplname = "" # TODO: update here
dhcp-send-hostname = "yes" # TODO: update here
dhcp-send-client-id = "yes" # TODO: update here
dhcp-accept-server-hostname = "yes" # TODO: update here
dhcp-accept-server-domain = "yes" # TODO: update here
}

/* Uncomment this section if SCM bootstrap required (PAN-OS version 11.0 or higher)
bootstrap_options = {
mgmt-interface-swap = "enable"
panorama-server = "cloud" # TODO: update here
dgname = "scm_folder_name" # TODO: update here
dhcp-send-hostname = "yes" # TODO: update here
dhcp-send-client-id = "yes" # TODO: update here
dhcp-accept-server-hostname = "yes" # TODO: update here
dhcp-accept-server-domain = "yes" # TODO: update here
plugin-op-commands = "aws-gwlb-inspect:enable,aws-gwlb-overlay-routing:enable,advance-routing:enable" # TODO: update here
vm-series-auto-registration-pin-id = "1234ab56-1234-12a3-a1bc-a1bc23456de7" # TODO: update here
vm-series-auto-registration-pin-value = "12ab3c456d78901e2f3abc456d78ef9a" # TODO: update here
authcodes = "D1234567" # TODO: update here
}
*/

panos_version = "10.2.9-h1" # TODO: update here
ebs_kms_id = "alias/aws/ebs" # TODO: update here

Expand Down
2 changes: 1 addition & 1 deletion examples/centralized_design/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,7 +252,7 @@ locals {
plugin_op_commands_with_endpoints_mapping = { for i, j in var.vmseries : i => format("%s,%s,%s,%s", j.bootstrap_options["plugin-op-commands"],
local.subinterface_gwlb_endpoint_eastwest[i], local.subinterface_gwlb_endpoint_outbound[i], local.subinterface_gwlb_endpoint_inbound[i]) }
bootstrap_options_with_endpoints_mapping = { for i, j in var.vmseries : i => [
for k, v in j.bootstrap_options : k != "plugin-op-commands" ? "${k}=${v}" : "${k}=${local.plugin_op_commands_with_endpoints_mapping[i]}"
for k, v in j.bootstrap_options : k != "plugin-op-commands" ? "${k}=${v}" : "${k}=${local.plugin_op_commands_with_endpoints_mapping[i]}" if v != null
] }
}

Expand Down
23 changes: 13 additions & 10 deletions examples/centralized_design/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -387,16 +387,19 @@ variable "vmseries" {
}))

bootstrap_options = object({
mgmt-interface-swap = string
plugin-op-commands = string
panorama-server = string
auth-key = string
dgname = string
tplname = string
dhcp-send-hostname = string
dhcp-send-client-id = string
dhcp-accept-server-hostname = string
dhcp-accept-server-domain = string
mgmt-interface-swap = string
plugin-op-commands = string
panorama-server = string
auth-key = optional(string)
dgname = string
tplname = optional(string)
dhcp-send-hostname = string
dhcp-send-client-id = string
dhcp-accept-server-hostname = string
dhcp-accept-server-domain = string
authcodes = optional(string)
vm-series-auto-registration-pin-id = optional(string)
vm-series-auto-registration-pin-value = optional(string)
})

panos_version = string
Expand Down
2 changes: 1 addition & 1 deletion examples/centralized_design_autoscale/README.md
View file

Large diffs are not rendered by default.

20 changes: 19 additions & 1 deletion examples/centralized_design_autoscale/example.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -483,7 +483,8 @@ gwlb_endpoints = {
### VM-SERIES
vmseries_asgs = {
main_asg = {
# Value of `panorama-server`, `auth-key`, `dgname`, `tplname` can be taken from plugin `sw_fw_license`

# Value of `panorama-server`, `auth-key`, `dgname`, `tplname` can be taken from plugin `sw_fw_license`. Delete map if SCM bootstrap required.
bootstrap_options = {
mgmt-interface-swap = "enable"
plugin-op-commands = "panorama-licensing-mode-on,aws-gwlb-inspect:enable,aws-gwlb-overlay-routing:enable" # TODO: update here
Expand All @@ -497,6 +498,23 @@ vmseries_asgs = {
dhcp-accept-server-domain = "yes" # TODO: update here
}

/* Uncomment this section if SCM bootstrap required (PAN-OS version 11.0 or higher)
bootstrap_options = {
mgmt-interface-swap = "enable"
panorama-server = "cloud" # TODO: update here
dgname = "scm_folder_name" # TODO: update here
dhcp-send-hostname = "yes" # TODO: update here
dhcp-send-client-id = "yes" # TODO: update here
dhcp-accept-server-hostname = "yes" # TODO: update here
dhcp-accept-server-domain = "yes" # TODO: update here
plugin-op-commands = "aws-gwlb-inspect:enable,aws-gwlb-overlay-routing:enable,advance-routing:enable" # TODO: update here
vm-series-auto-registration-pin-id = "1234ab56-1234-12a3-a1bc-a1bc23456de7" # TODO: update here
vm-series-auto-registration-pin-value = "12ab3c456d78901e2f3abc456d78ef9a" # TODO: update here
authcodes = "D1234567" # TODO: update here
}
*/

panos_version = "10.2.9-h1" # TODO: update here
ebs_kms_id = "alias/aws/ebs" # TODO: update here

Expand Down
2 changes: 1 addition & 1 deletion examples/centralized_design_autoscale/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,7 @@ locals {
plugin_op_commands_with_endpoints_mapping = { for i, j in var.vmseries_asgs : i => format("%s,%s,%s,%s", j.bootstrap_options["plugin-op-commands"],
local.subinterface_gwlb_endpoint_eastwest[i], local.subinterface_gwlb_endpoint_outbound[i], local.subinterface_gwlb_endpoint_inbound[i]) }
bootstrap_options_with_endpoints_mapping = { for i, j in var.vmseries_asgs : i => [
for k, v in j.bootstrap_options : k != "plugin-op-commands" ? "${k}=${v}" : "${k}=${local.plugin_op_commands_with_endpoints_mapping[i]}"
for k, v in j.bootstrap_options : k != "plugin-op-commands" ? "${k}=${v}" : "${k}=${local.plugin_op_commands_with_endpoints_mapping[i]}" if v != null
] }
}

Expand Down
23 changes: 13 additions & 10 deletions examples/centralized_design_autoscale/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -417,16 +417,19 @@ variable "vmseries_asgs" {
default = {}
type = map(object({
bootstrap_options = object({
mgmt-interface-swap = string
plugin-op-commands = string
panorama-server = string
auth-key = string
dgname = string
tplname = string
dhcp-send-hostname = string
dhcp-send-client-id = string
dhcp-accept-server-hostname = string
dhcp-accept-server-domain = string
mgmt-interface-swap = string
plugin-op-commands = string
panorama-server = string
auth-key = optional(string)
dgname = string
tplname = optional(string)
dhcp-send-hostname = string
dhcp-send-client-id = string
dhcp-accept-server-hostname = string
dhcp-accept-server-domain = string
authcodes = optional(string)
vm-series-auto-registration-pin-id = optional(string)
vm-series-auto-registration-pin-value = optional(string)
})

panos_version = string
Expand Down
Loading

0 comments on commit 3c1e010

Please sign in to comment.