def create_external_addresses(prop, resources, member_a_nics, member_b_nics):
member_a_address_name = common.set_name_and_truncate(
prop['deployment'], '-member-a-address')
member_b_address_name = common.set_name_and_truncate(
prop['deployment'], '-member-b-address')
prop['member_a_address_name'] = member_a_address_name
prop['member_b_address_name'] = member_b_address_name
member_a_address = make_static_address(prop, member_a_address_name)
member_b_address = make_static_address(prop, member_b_address_name)
resources += [member_a_address, member_b_address]
member_a_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
'$(ref.{}.address)'.format(member_a_address_name))]
member_b_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
'$(ref.{}.address)'.format(member_b_address_name))]
primary_cluster_address_name = common.set_name_and_truncate(
prop['deployment'], '-primary-cluster-address')
secondary_cluster_address_name = common.set_name_and_truncate(
prop['deployment'], '-secondary-cluster-address')
primary_cluster_address = make_static_address(
prop, primary_cluster_address_name)
secondary_cluster_address = make_static_address(
prop, secondary_cluster_address_name)
resources += [primary_cluster_address, secondary_cluster_address]
prop['primary_cluster_address_name'] = primary_cluster_address_name
prop['secondary_cluster_address_name'] = secondary_cluster_address_name
def add_readiness_waiter(prop, resources):
deployment_config = common.set_name_and_truncate(
prop['deployment'], '-config')
prop['config_path'] = 'projects/{}/configs/{}'.format(
prop['project'], deployment_config)
prop['config_url'] = (
'https://runtimeconfig.googleapis.com/v1beta1/{}'.format(
prop['config_path']))
resources.append(
{
'name': deployment_config,
'type': 'runtimeconfig.v1beta1.config',
'properties': {
'config': deployment_config,
'description': (
'Holds software readiness status '
'for deployment {}').format(prop['deployment'])
}
}
)
resources.append(
{
'name': common.set_name_and_truncate(
prop['deployment'], '-software'),
'type': 'runtimeconfig.v1beta1.waiter',
'metadata': {
'dependsOn': [],
},
'properties': {
'parent': '$(ref.{}.name)'.format(deployment_config),
'waiter': 'software',
'timeout': '1800s',
'success': {
'cardinality': {
'number': 2,
'path': 'status/success',
},
},
'failure': {
'cardinality': {
'number': 1,
'path': 'status/failure',
},
},
},
}
)
def create_instance_template(context,
name,
nics,
depends_on=None,
gw_version=VERSIONS['R80.20-GW']):
family = '-'.join(['check-point', gw_version, LICENSE])
formatter = common.DefaultFormatter()
instance_template_name = common.AutoName(name, default.TEMPLATE)
instance_template = {
"type": default.TEMPLATE,
"name": instance_template_name,
'metadata': {
'dependsOn': depends_on
},
"properties": {
"project": context.properties['project'],
"properties": {
"canIpForward":
True,
"disks": [{
"autoDelete":
True,
"boot":
True,
"deviceName":
common.set_name_and_truncate(
context.properties['deployment'],
'-{}-boot'.format(name)),
"index":
0,
"initializeParams": {
"diskType":
context.properties['diskType'],
"diskSizeGb":
context.properties['bootDiskSizeGb'],
"sourceImage":
'projects/%s/global/images/%s' %
(PROJECT, images.IMAGES[family])
},
"kind":
'compute#attachedDisk',
"mode":
"READ_WRITE",
"type":
"PERSISTENT"
}],
"machineType":
context.properties['machineType'],
"networkInterfaces":
nics,
'metadata': {
"kind":
'compute#metadata',
'items': [{
'key':
'startup-script',
'value':
formatter.format(startup_script, **context.properties)
}, {
'key': 'serial-port-enable',
'value': 'true'
}]
},
"scheduling": {
"automaticRestart": True,
"onHostMaintenance": "MIGRATE",
"preemptible": False
},
"serviceAccounts": [{
"email":
"default",
"scopes": [
"https://www.googleapis.com/" +
"auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring.write",
"https://www.googleapis.com/auth/pubsub",
"https://www.googleapis.com/" +
"auth/service.management.readonly",
"https://www.googleapis.com/auth/servicecontrol",
"https://www.googleapis.com/auth/trace.append"
]
}],
"tags": {
"items": [
'x-chkp-management--{}'.format(
context.properties['managementName']),
'x-chkp-template--{}'.format(
context.properties['AutoProvTemplate']),
'checkpoint-gateway'
]
}
}
}
}
tagItems = instance_template['properties']['properties']['tags']['items']
if context.properties['mgmtNIC'] == 'Ephemeral Public IP (eth0)':
tagItems.append("x-chkp-ip-address--public")
tagItems.append("x-chkp-management-interface--eth0")
elif context.properties['mgmtNIC'] == 'Private IP (eth1)':
tagItems.append("x-chkp-ip-address--private")
tagItems.append("x-chkp-management-interface--eth1")
if context.properties['networkDefinedByRoutes']:
tagItems.append("x-chkp-topology-eth1--internal")
tagItems.append("x-chkp-topology-settings-eth1"
"--network-defined-by-routes")
metadata = instance_template['properties']['properties']['metadata']
if context.properties['instanceSSHKey']:
metadata['items'].append({
'key': 'instanceSSHKey',
'value': context.properties['instanceSSHKey']
})
return instance_template
def generate_config(context):
prop = context.properties
validate_same_region(prop['zoneA'], prop['zoneB'])
prop['deployment'] = context.env['deployment']
prop['project'] = context.env['project']
prop['region'] = common.ZoneToRegion(prop['zoneA'])
prop['templateName'] = TEMPLATE_NAME
prop['templateVersion'] = TEMPLATE_VERSION
prop['allowUploadDownload'] = str(prop['allowUploadDownload']).lower()
prop['hasInternet'] = 'true' # via Google Private Access
prop['installationType'] = 'Cluster'
resources = []
outputs = []
gw_dependencies = []
member_a_nics = []
add_readiness_waiter(prop, resources)
cluster_net_name, cluster_subnet_name = get_or_create_net(
prop, CLUSTER_NET_FIELD, resources, gw_dependencies, True, True)
member_a_nics.append(make_nic(prop, cluster_net_name, cluster_subnet_name))
mgmt_net_name, mgmt_subnet_name = get_or_create_net(
prop, MGMT_NET_FIELD, resources, gw_dependencies, False, True)
member_a_nics.append(make_nic(prop, mgmt_net_name, mgmt_subnet_name))
for ifnum in range(1, prop['numInternalNetworks'] + 1):
int_net_name, int_subnet_name = get_or_create_net(
prop, INTERNAL_NET_FIELD.format(ifnum), resources,
gw_dependencies)
member_a_nics.append(make_nic(prop, int_net_name, int_subnet_name))
member_b_nics = copy.deepcopy(member_a_nics)
create_external_addresses(prop, resources, member_a_nics, member_b_nics)
member_a_name = common.set_name_and_truncate(
prop['deployment'], '-member-a')
member_b_name = common.set_name_and_truncate(
prop['deployment'], '-member-b')
if prop['generatePassword']:
passwd = password.GeneratePassword(12, False)
else:
passwd = ''
member_a = make_gw(context, member_a_name, prop['zoneA'],
member_a_nics, passwd, gw_dependencies)
member_b = make_gw(context, member_b_name, prop['zoneB'],
member_b_nics, passwd, gw_dependencies)
resources += [member_a, member_b]
outputs += [
{
'name': 'deployment',
'value': prop['deployment']
},
{
'name': 'project',
'value': prop['project']
},
{
'name': 'clusterIP',
'value': '$(ref.{}.address)'.format(
prop['primary_cluster_address_name'])
},
{
'name': 'vmAName',
'value': member_a_name,
},
{
'name': 'vmAExternalIP',
'value': '$(ref.{}.address)'.format(prop['member_a_address_name'])
},
{
'name': 'vmASelfLink',
'value': '$(ref.{}.selfLink)'.format(member_a_name),
},
{
'name': 'vmBName',
'value': member_b_name,
},
{
'name': 'vmBExternalIP',
'value': '$(ref.{}.address)'.format(prop['member_b_address_name'])
},
{
'name': 'vmBSelfLink',
'value': '$(ref.{}.selfLink)'.format(member_b_name),
},
{
'name': 'password',
'value': passwd
}
]
return common.MakeResource(resources, outputs)
def make_gw(context, name, zone, nics, passwd=None, depends_on=None):
cg_version = context.properties['ha_version'].split(' ')[0]
family = '-'.join(['check-point', VERSIONS[cg_version], LICENSE])
formatter = common.DefaultFormatter()
gw = {
'type': default.INSTANCE,
'name': name,
'metadata': {
'dependsOn': depends_on
},
'properties': {
'description': 'CloudGuard Highly Available Security Cluster',
'zone': zone,
'tags': {
'items': [GATEWAY],
},
'machineType': common.MakeLocalComputeLink(
context, default.MACHINETYPE, zone),
'canIpForward': True,
'networkInterfaces': nics,
'disks': [{
'autoDelete': True,
'boot': True,
'deviceName': common.set_name_and_truncate(
context.properties['deployment'],
'-{}-boot'.format(name)),
'initializeParams': {
'diskType': common.MakeLocalComputeLink(
context, default.DISKTYPE, zone),
'diskSizeGb': context.properties['bootDiskSizeGb'],
'sourceImage':
'projects/%s/global/images/%s' % (
PROJECT, images.IMAGES[family]),
},
'type': 'PERSISTENT',
}],
'metadata': {
'items': [
{
'key': 'startup-script',
'value': formatter.format(
startup_script, **context.properties)
}
]
},
'serviceAccounts': [{
'email': 'default',
'scopes': [
'https://www.googleapis.com/auth/monitoring.write',
'https://www.googleapis.com/auth/compute',
'https://www.googleapis.com/auth/cloudruntimeconfig'
],
}]
}
}
if context.properties['instanceSSHKey']:
gw['properties']['metadata']['items'].append(
{
'key': 'instanceSSHKey',
'value': context.properties['instanceSSHKey']
}
)
if passwd:
gw['properties']['metadata']['items'].append(
{
'key': 'adminPasswordSourceMetadata',
'value': passwd
}
)
return gw
