Skip to content

Commit

Permalink
fix(vmseries): Update default vmseries image and license type (#25)
Browse files Browse the repository at this point in the history
  • Loading branch information
@michalbil
michalbil authored Apr 18, 2024
1 parent a952af8 commit 36f386d
Show file tree
Hide file tree
Showing 21 changed files with 32 additions and 26 deletions.
2 changes: 1 addition & 1 deletion examples/multi_nic_common/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,7 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the
| <a name="input_routes"></a> [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.<br><br>Example of variable deployment :<pre>routes = {<br> "default-route-trust" = {<br> name = "fw-default-trust"<br> destination_range = "0.0.0.0/0"<br> vpc_network_key = "fw-trust-vpc"<br> lb_internal_name = "internal-lb"<br> }<br>}</pre>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting.<br><br>Example of variable deployment :<pre>vmseries = {<br> "fw-vmseries-01" = {<br> name = "fw-vmseries-01"<br> zone = "us-east1-b"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> tags = ["vmseries"]<br> service_account_key = "sa-vmseries-01"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"<br> bootstrap_options = {<br> panorama-server = "1.1.1.1"<br> dns-primary = "8.8.8.8"<br> dns-secondary = "8.8.4.4"<br> }<br> bootstrap_template_map = {<br> trust_gcp_router_ip = "10.10.12.1"<br> untrust_gcp_router_ip = "10.10.11.1"<br> private_network_cidr = "192.168.0.0/16"<br> untrust_loopback_ip = "1.1.1.1/32" #This is placeholder IP - you must replace it on the vmseries config with the LB public IP address after the infrastructure is deployed<br> trust_loopback_ip = "10.10.12.5/32"<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "fw-untrust-vpc"<br> subnetwork_key = "fw-untrust-sub"<br> private_ip = "10.10.11.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-mgmt-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-trust-vpc"<br> subnetwork_key = "fw-trust-sub"<br> private_ip = "10.10.12.2"<br> },<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no |
| <a name="input_vmseries_common"></a> [vmseries\_common](#input\_vmseries\_common) | A map containing common vmseries setting.<br><br>Example of variable deployment :<pre>vmseries_common = {<br> ssh_keys = "admin:AAAABBBB..."<br> vmseries_image = "vmseries-flex-byol-1022h2"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> service_account_key = "sa-vmseries-01"<br> bootstrap_options = {<br> type = "dhcp-client"<br> mgmt-interface-swap = "enable"<br> }<br>}</pre>Bootstrap options can be moved between vmseries individual instance variable (`vmseries`) and this common vmserie variable (`vmseries_common`). | `any` | `{}` | no |
| <a name="input_vmseries_common"></a> [vmseries\_common](#input\_vmseries\_common) | A map containing common vmseries setting.<br><br>Example of variable deployment :<pre>vmseries_common = {<br> ssh_keys = "admin:AAAABBBB..."<br> vmseries_image = "vmseries-flex-byol-1029h1"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> service_account_key = "sa-vmseries-01"<br> bootstrap_options = {<br> type = "dhcp-client"<br> mgmt-interface-swap = "enable"<br> }<br>}</pre>Bootstrap options can be moved between vmseries individual instance variable (`vmseries`) and this common vmserie variable (`vmseries_common`). | `any` | `{}` | no |
| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |

### Outputs
Expand Down
2 changes: 1 addition & 1 deletion examples/multi_nic_common/example.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ routes = {

vmseries_common = {
ssh_keys = "admin:<YOUR_SSH_KEY>"
vmseries_image = "vmseries-flex-byol-1022h2"
vmseries_image = "vmseries-flex-byol-1029h1"
machine_type = "n2-standard-4"
min_cpu_platform = "Intel Cascade Lake"
service_account_key = "sa-vmseries-01"
Expand Down
2 changes: 1 addition & 1 deletion examples/multi_nic_common/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ variable "vmseries_common" {
```
vmseries_common = {
ssh_keys = "admin:AAAABBBB..."
vmseries_image = "vmseries-flex-byol-1022h2"
vmseries_image = "vmseries-flex-byol-1029h1"
machine_type = "n2-standard-4"
min_cpu_platform = "Intel Cascade Lake"
service_account_key = "sa-vmseries-01"
Expand Down
2 changes: 2 additions & 0 deletions examples/panorama_standalone/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,13 @@ variable "project" {
type = string
default = null
}

variable "region" {
description = "The region into which to deploy the infrastructure in to"
type = string
default = "us-central1"
}

variable "name_prefix" {
description = "A string to prefix resource namings"
type = string
Expand Down
4 changes: 2 additions & 2 deletions examples/standalone_vmseries_with_metadata_bootstrap/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ No resources.
| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings | `string` | `""` | no |
| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> "vmseries-vpc" = {<br> vpc_name = "firewall-vpc"<br> create_network = true<br> delete_default_routes_on_create = "false"<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> "vmseries-sub" = {<br> name = "vmseries-subnet"<br> create_subnetwork = true<br> ip_cidr_range = "172.21.21.0/24"<br> region = "us-central1"<br> }<br> }<br> firewall_rules = {<br> "allow-vmseries-ingress" = {<br> name = "vmseries-mgmt"<br> source_ranges = ["1.1.1.1/32", "2.2.2.2/32"]<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code | `any` | n/a | yes |
| <a name="input_project"></a> [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no |
| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting.<br><br>Example of variable deployment :<pre>vmseries = {<br> "fw-vmseries-01" = {<br> name = "fw-vmseries-01"<br> zone = "us-central1-b"<br> vmseries_image = "vmseries-flex-byol-1022h2"<br> ssh_keys = "admin:<YOUR_SSH_KEY>"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> tags = ["vmseries"]<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_options = {<br> panorama-server = "1.1.1.1" # Modify this value as per deployment requirements<br> dns-primary = "8.8.8.8" # Modify this value as per deployment requirements<br> dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "vmseries-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> }<br> ]<br> }<br> }</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes |
| <a name="input_vmseries_common"></a> [vmseries\_common](#input\_vmseries\_common) | A map containing common vmseries setting.<br><br>Example of variable deployment :<pre>vmseries_common = {<br> ssh_keys = "admin:AAAABBBB..."<br> vmseries_image = "vmseries-flex-byol-1022h2"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> service_account_key = "sa-vmseries-01"<br> bootstrap_options = {<br> type = "dhcp-client"<br> mgmt-interface-swap = "enable"<br> }<br>}</pre>Bootstrap options can be moved between vmseries individual instance variable (`vmseries`) and this common vmserie variable (`vmseries_common`). | `map` | `{}` | no |
| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting.<br><br>Example of variable deployment :<pre>vmseries = {<br> "fw-vmseries-01" = {<br> name = "fw-vmseries-01"<br> zone = "us-central1-b"<br> vmseries_image = "vmseries-flex-byol-1029h1"<br> ssh_keys = "admin:<YOUR_SSH_KEY>"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> tags = ["vmseries"]<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_options = {<br> panorama-server = "1.1.1.1" # Modify this value as per deployment requirements<br> dns-primary = "8.8.8.8" # Modify this value as per deployment requirements<br> dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "vmseries-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> }<br> ]<br> }<br> }</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes |
| <a name="input_vmseries_common"></a> [vmseries\_common](#input\_vmseries\_common) | A map containing common vmseries setting.<br><br>Example of variable deployment :<pre>vmseries_common = {<br> ssh_keys = "admin:AAAABBBB..."<br> vmseries_image = "vmseries-flex-byol-1029h1"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> service_account_key = "sa-vmseries-01"<br> bootstrap_options = {<br> type = "dhcp-client"<br> mgmt-interface-swap = "enable"<br> }<br>}</pre>Bootstrap options can be moved between vmseries individual instance variable (`vmseries`) and this common vmserie variable (`vmseries_common`). | `map` | `{}` | no |

### Outputs

Expand Down
2 changes: 1 addition & 1 deletion examples/standalone_vmseries_with_metadata_bootstrap/example.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ vmseries = {
"fw-vmseries-01" = {
name = "fw-vmseries-01"
zone = "us-central1-b"
vmseries_image = "vmseries-flex-byol-1022h2"
vmseries_image = "vmseries-flex-byol-1029h1"
ssh_keys = "admin:<YOUR_SSH_KEY>"
machine_type = "n2-standard-4"
min_cpu_platform = "Intel Cascade Lake"
Expand Down
4 changes: 2 additions & 2 deletions examples/standalone_vmseries_with_metadata_bootstrap/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ variable "vmseries" {
"fw-vmseries-01" = {
name = "fw-vmseries-01"
zone = "us-central1-b"
vmseries_image = "vmseries-flex-byol-1022h2"
vmseries_image = "vmseries-flex-byol-1029h1"
ssh_keys = "admin:<YOUR_SSH_KEY>"
machine_type = "n2-standard-4"
min_cpu_platform = "Intel Cascade Lake"
Expand Down Expand Up @@ -117,7 +117,7 @@ variable "vmseries_common" {
```
vmseries_common = {
ssh_keys = "admin:AAAABBBB..."
vmseries_image = "vmseries-flex-byol-1022h2"
vmseries_image = "vmseries-flex-byol-1029h1"
machine_type = "n2-standard-4"
min_cpu_platform = "Intel Cascade Lake"
service_account_key = "sa-vmseries-01"
Expand Down
Loading

0 comments on commit 36f386d

Please sign in to comment.