def create_external_addresses(prop, resources, member_a_nics, member_b_nics): member_a_address_name = common.set_name_and_truncate( prop['deployment'], '-member-a-address') member_b_address_name = common.set_name_and_truncate( prop['deployment'], '-member-b-address') prop['member_a_address_name'] = member_a_address_name prop['member_b_address_name'] = member_b_address_name member_a_address = make_static_address(prop, member_a_address_name) member_b_address = make_static_address(prop, member_b_address_name) resources += [member_a_address, member_b_address] member_a_nics[MGMT_NIC]['accessConfigs'] = [make_access_config( '$(ref.{}.address)'.format(member_a_address_name))] member_b_nics[MGMT_NIC]['accessConfigs'] = [make_access_config( '$(ref.{}.address)'.format(member_b_address_name))] primary_cluster_address_name = common.set_name_and_truncate( prop['deployment'], '-primary-cluster-address') secondary_cluster_address_name = common.set_name_and_truncate( prop['deployment'], '-secondary-cluster-address') primary_cluster_address = make_static_address( prop, primary_cluster_address_name) secondary_cluster_address = make_static_address( prop, secondary_cluster_address_name) resources += [primary_cluster_address, secondary_cluster_address] prop['primary_cluster_address_name'] = primary_cluster_address_name prop['secondary_cluster_address_name'] = secondary_cluster_address_name
def add_readiness_waiter(prop, resources): deployment_config = common.set_name_and_truncate( prop['deployment'], '-config') prop['config_path'] = 'projects/{}/configs/{}'.format( prop['project'], deployment_config) prop['config_url'] = ( 'https://runtimeconfig.googleapis.com/v1beta1/{}'.format( prop['config_path'])) resources.append( { 'name': deployment_config, 'type': 'runtimeconfig.v1beta1.config', 'properties': { 'config': deployment_config, 'description': ( 'Holds software readiness status ' 'for deployment {}').format(prop['deployment']) } } ) resources.append( { 'name': common.set_name_and_truncate( prop['deployment'], '-software'), 'type': 'runtimeconfig.v1beta1.waiter', 'metadata': { 'dependsOn': [], }, 'properties': { 'parent': '$(ref.{}.name)'.format(deployment_config), 'waiter': 'software', 'timeout': '1800s', 'success': { 'cardinality': { 'number': 2, 'path': 'status/success', }, }, 'failure': { 'cardinality': { 'number': 1, 'path': 'status/failure', }, }, }, } )
def create_instance_template(context, name, nics, depends_on=None, gw_version=VERSIONS['R80.20-GW']): family = '-'.join(['check-point', gw_version, LICENSE]) formatter = common.DefaultFormatter() instance_template_name = common.AutoName(name, default.TEMPLATE) instance_template = { "type": default.TEMPLATE, "name": instance_template_name, 'metadata': { 'dependsOn': depends_on }, "properties": { "project": context.properties['project'], "properties": { "canIpForward": True, "disks": [{ "autoDelete": True, "boot": True, "deviceName": common.set_name_and_truncate( context.properties['deployment'], '-{}-boot'.format(name)), "index": 0, "initializeParams": { "diskType": context.properties['diskType'], "diskSizeGb": context.properties['bootDiskSizeGb'], "sourceImage": 'projects/%s/global/images/%s' % (PROJECT, images.IMAGES[family]) }, "kind": 'compute#attachedDisk', "mode": "READ_WRITE", "type": "PERSISTENT" }], "machineType": context.properties['machineType'], "networkInterfaces": nics, 'metadata': { "kind": 'compute#metadata', 'items': [{ 'key': 'startup-script', 'value': formatter.format(startup_script, **context.properties) }, { 'key': 'serial-port-enable', 'value': 'true' }] }, "scheduling": { "automaticRestart": True, "onHostMaintenance": "MIGRATE", "preemptible": False }, "serviceAccounts": [{ "email": "default", "scopes": [ "https://www.googleapis.com/" + "auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring.write", "https://www.googleapis.com/auth/pubsub", "https://www.googleapis.com/" + "auth/service.management.readonly", "https://www.googleapis.com/auth/servicecontrol", "https://www.googleapis.com/auth/trace.append" ] }], "tags": { "items": [ 'x-chkp-management--{}'.format( context.properties['managementName']), 'x-chkp-template--{}'.format( context.properties['AutoProvTemplate']), 'checkpoint-gateway' ] } } } } tagItems = instance_template['properties']['properties']['tags']['items'] if context.properties['mgmtNIC'] == 'Ephemeral Public IP (eth0)': tagItems.append("x-chkp-ip-address--public") tagItems.append("x-chkp-management-interface--eth0") elif context.properties['mgmtNIC'] == 'Private IP (eth1)': tagItems.append("x-chkp-ip-address--private") tagItems.append("x-chkp-management-interface--eth1") if context.properties['networkDefinedByRoutes']: tagItems.append("x-chkp-topology-eth1--internal") tagItems.append("x-chkp-topology-settings-eth1" "--network-defined-by-routes") metadata = instance_template['properties']['properties']['metadata'] if context.properties['instanceSSHKey']: metadata['items'].append({ 'key': 'instanceSSHKey', 'value': context.properties['instanceSSHKey'] }) return instance_template
def generate_config(context): prop = context.properties validate_same_region(prop['zoneA'], prop['zoneB']) prop['deployment'] = context.env['deployment'] prop['project'] = context.env['project'] prop['region'] = common.ZoneToRegion(prop['zoneA']) prop['templateName'] = TEMPLATE_NAME prop['templateVersion'] = TEMPLATE_VERSION prop['allowUploadDownload'] = str(prop['allowUploadDownload']).lower() prop['hasInternet'] = 'true' # via Google Private Access prop['installationType'] = 'Cluster' resources = [] outputs = [] gw_dependencies = [] member_a_nics = [] add_readiness_waiter(prop, resources) cluster_net_name, cluster_subnet_name = get_or_create_net( prop, CLUSTER_NET_FIELD, resources, gw_dependencies, True, True) member_a_nics.append(make_nic(prop, cluster_net_name, cluster_subnet_name)) mgmt_net_name, mgmt_subnet_name = get_or_create_net( prop, MGMT_NET_FIELD, resources, gw_dependencies, False, True) member_a_nics.append(make_nic(prop, mgmt_net_name, mgmt_subnet_name)) for ifnum in range(1, prop['numInternalNetworks'] + 1): int_net_name, int_subnet_name = get_or_create_net( prop, INTERNAL_NET_FIELD.format(ifnum), resources, gw_dependencies) member_a_nics.append(make_nic(prop, int_net_name, int_subnet_name)) member_b_nics = copy.deepcopy(member_a_nics) create_external_addresses(prop, resources, member_a_nics, member_b_nics) member_a_name = common.set_name_and_truncate( prop['deployment'], '-member-a') member_b_name = common.set_name_and_truncate( prop['deployment'], '-member-b') if prop['generatePassword']: passwd = password.GeneratePassword(12, False) else: passwd = '' member_a = make_gw(context, member_a_name, prop['zoneA'], member_a_nics, passwd, gw_dependencies) member_b = make_gw(context, member_b_name, prop['zoneB'], member_b_nics, passwd, gw_dependencies) resources += [member_a, member_b] outputs += [ { 'name': 'deployment', 'value': prop['deployment'] }, { 'name': 'project', 'value': prop['project'] }, { 'name': 'clusterIP', 'value': '$(ref.{}.address)'.format( prop['primary_cluster_address_name']) }, { 'name': 'vmAName', 'value': member_a_name, }, { 'name': 'vmAExternalIP', 'value': '$(ref.{}.address)'.format(prop['member_a_address_name']) }, { 'name': 'vmASelfLink', 'value': '$(ref.{}.selfLink)'.format(member_a_name), }, { 'name': 'vmBName', 'value': member_b_name, }, { 'name': 'vmBExternalIP', 'value': '$(ref.{}.address)'.format(prop['member_b_address_name']) }, { 'name': 'vmBSelfLink', 'value': '$(ref.{}.selfLink)'.format(member_b_name), }, { 'name': 'password', 'value': passwd } ] return common.MakeResource(resources, outputs)
def make_gw(context, name, zone, nics, passwd=None, depends_on=None): cg_version = context.properties['ha_version'].split(' ')[0] family = '-'.join(['check-point', VERSIONS[cg_version], LICENSE]) formatter = common.DefaultFormatter() gw = { 'type': default.INSTANCE, 'name': name, 'metadata': { 'dependsOn': depends_on }, 'properties': { 'description': 'CloudGuard Highly Available Security Cluster', 'zone': zone, 'tags': { 'items': [GATEWAY], }, 'machineType': common.MakeLocalComputeLink( context, default.MACHINETYPE, zone), 'canIpForward': True, 'networkInterfaces': nics, 'disks': [{ 'autoDelete': True, 'boot': True, 'deviceName': common.set_name_and_truncate( context.properties['deployment'], '-{}-boot'.format(name)), 'initializeParams': { 'diskType': common.MakeLocalComputeLink( context, default.DISKTYPE, zone), 'diskSizeGb': context.properties['bootDiskSizeGb'], 'sourceImage': 'projects/%s/global/images/%s' % ( PROJECT, images.IMAGES[family]), }, 'type': 'PERSISTENT', }], 'metadata': { 'items': [ { 'key': 'startup-script', 'value': formatter.format( startup_script, **context.properties) } ] }, 'serviceAccounts': [{ 'email': 'default', 'scopes': [ 'https://www.googleapis.com/auth/monitoring.write', 'https://www.googleapis.com/auth/compute', 'https://www.googleapis.com/auth/cloudruntimeconfig' ], }] } } if context.properties['instanceSSHKey']: gw['properties']['metadata']['items'].append( { 'key': 'instanceSSHKey', 'value': context.properties['instanceSSHKey'] } ) if passwd: gw['properties']['metadata']['items'].append( { 'key': 'adminPasswordSourceMetadata', 'value': passwd } ) return gw