add ibm terraform script 6.4

Change-Id: I90b8f141a6a4cd9deb7a3195fbe4b19dfeb789b7

ibm/6.4/single/README.md

@@ -0,0 +1,60 @@
+# Deployment of a FortiGate-VM on the IBM Cloud
+## Introduction
+A Terraform script to deploy a FortiGate-VM on IBM Cloud
+
+## Requirements
+* [Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html) >= 0.12.0
+* Terraform Provider IBM >= 1.12.0
+ Needs to install the IBM Provider pluging following the link [IBM Setup](https://cloud.ibm.com/docs/terraform?topic=terraform-getting-started)
+* Terraform Provider Template >= 2.1.2
+
+
+## Deployment overview
+Terraform deploys the following components:
+ - IBM VPC with 2 subnets
+ - One FortiGate-VM instance with 2 NICs
+ - One security group with inbound and outbound rules
+
+## Deployment
+To deploy the FortiGate-VM to IBM cloud:
+1. Clone the repository.
+2. Customize variables in the `terraform.tfvars` and `variables.tf` file as needed.
+3. Initialize the providers and modules:
+ ```sh
+ $ cd XXXXX
+ $ terraform init
+ ```
+4. Submit the Terraform plan:
+ ```sh
+ $ terraform plan
+ ```
+5. Verify output.
+6. Confirm and apply the plan:
+ ```sh
+ $ terraform apply
+ ```
+7. If output is satisfactory, type `yes`.
+
+Output will include the information necessary to log in to the FortiGate-VM instances:
+```sh
+Outputs:
+
+FGTPublicIP = <FGT Public IP>
+Password = <FGT Password>
+Username = admin
+
+```
+
+## Destroy the instance
+To destroy the instance, use the command:
+```sh
+$ terraform destroy
+```
+
+# Support
+Fortinet-provided scripts in this and other GitHub projects do not fall under the regular Fortinet technical support scope and are not supported by FortiCare Support Services.
+For direct issues, please refer to the [Issues](https://github.com/fortinet/fortigate-terraform-deploy/issues) tab of this GitHub project.
+For other questions related to this project, contact [[email protected]](mailto:[email protected]).
+
+## License
+[License](https://github.com/fortinet/fortigate-terraform-deploy/blob/master/LICENSE) © Fortinet Technologies. All rights reserved.

ibm/6.4/single/config.conf

@@ -0,0 +1,31 @@
+Content-Type: multipart/mixed; boundary="==IBM=="
+MIME-Version: 1.0
+
+--==IBM==
+Content-Type: text/x-shellscript; charset="us-ascii"
+MIME-Version: 1.0
+
+config system global
+set hostname FGT-IBM
+end
+config system interface
+edit port1
+set alias untrust
+set allowaccess https ssh ping
+next
+edit port2
+set alias trust
+set allowaccess https ssh ping
+next
+end
+
+--==IBM==
+Content-Type: text/plain; charset="us-ascii"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment; filename="license"
+
+${license_file}
+
+--==IBM==--
+

ibm/6.4/single/fgt.tf

@@ -0,0 +1,52 @@
+resource "ibm_is_ssh_key" "sshkey" {
+ name = "ssh1"
+ public_key = file(var.ssh_public_key)
+}
+
+resource "ibm_is_volume" "testacc_volume" {
+ name = "logdisk"
+ profile = "10iops-tier"
+ zone = var.zone1
+}
+
+resource "ibm_is_floating_ip" "publicip" {
+ name = "publicip"
+ target = ibm_is_instance.fgt1.primary_network_interface[0].id
+}
+
+resource "ibm_is_instance" "fgt1" {
+ name = "fgt1"
+ image = var.image
+ profile = var.profile
+
+ primary_network_interface {
+ name = "port1"
+ subnet = ibm_is_subnet.subnet1.id
+ security_groups = [ibm_is_security_group.fgt_security_group.id]
+ }
+
+ network_interfaces {
+ name = "port2"
+ subnet = ibm_is_subnet.subnet2.id
+ security_groups = [ibm_is_security_group.fgt_security_group.id]
+ }
+
+ volumes = [ibm_is_volume.testacc_volume.id]
+
+ vpc = ibm_is_vpc.vpc1.id
+ zone = var.zone1
+ user_data = data.template_file.userdata.rendered
+ keys = [ibm_is_ssh_key.sshkey.id]
+}
+
+
+// Use for bootstrapping cloud-init
+data "template_file" "userdata" {
+ template = "${file("${var.bootstrap}")}"
+
+ vars = {
+ license_file = "${file("${var.license}")}"
+ }
+
+}
+

ibm/6.4/single/output.tf

@@ -0,0 +1,11 @@
+output "FGTPublicIP" {
+ value = ibm_is_floating_ip.publicip.address
+}
+
+output "Username" {
+ value = "admin"
+}
+
+output "Password" {
+ value = ibm_is_instance.fgt1.id
+}

ibm/6.4/single/provider.tf

@@ -0,0 +1,11 @@
+variable "ibmcloud_api_key" {}
+variable "iaas_classic_username" {}
+variable "iaas_classic_api_key" {}
+
+provider "ibm" {
+ ibmcloud_api_key = var.ibmcloud_api_key
+ generation = 2
+ region = var.region
+ iaas_classic_username = var.iaas_classic_username
+ iaas_classic_api_key = var.iaas_classic_api_key
+}

ibm/6.4/single/terraform.tfvars

@@ -0,0 +1,3 @@
+ibmcloud_api_key = "<IBM cloud API Key>"
+iaas_classic_username = "<IBM classic username>
+iaas_classic_api_key = "<IBM classic API Key>"

ibm/6.4/single/variables.tf

@@ -0,0 +1,44 @@
+variable "ssh_public_key" {
+ default = "~/.ssh/id_rsa.pub"
+}
+
+// IBM Regions
+variable "region" {
+ type = string
+ default = "us-south"
+}
+// IBM availability zones
+variable "zone1" {
+ type = string
+ default = "us-south-1"
+}
+
+// Total number of IPV4 addresses for each subnet
+variable "subnetipv4count" {
+ type = string
+ default = 256
+}
+
+// FortiOS Custom Image ID
+// https://docs.fortinet.com/vm/ibm/fortigate/6.4/ibm-cloud-cookbook/6.4.2/992669/deploying-fortigate-vm-on-ibm-cloud
+variable "image" {
+ default = "r006-4a3919d2-3cb8-4039-92fc-9660e838ba71"
+}
+
+// IBM Cloud instance profile
+// https://cloud.ibm.com/docs/vpc?topic=vpc-profiles
+variable "profile" {
+ default = "cx2-2x4"
+}
+
+// Bootstrap configuration file
+variable "bootstrap" {
+ type = string
+ default = "config.conf"
+}
+
+// License file for the FortiGate
+variable "license" {
+ type = string
+ default = "license.lic"
+}

ibm/6.4/single/vpc.tf

@@ -0,0 +1,34 @@
+resource "ibm_is_vpc" "vpc1" {
+ name = "terraform-vpc1"
+}
+
+resource "ibm_is_subnet" "subnet1" {
+ name = "terraform-vpc1-subnet1"
+ vpc = ibm_is_vpc.vpc1.id
+ zone = var.zone1
+ total_ipv4_address_count = var.subnetipv4count
+}
+
+resource "ibm_is_subnet" "subnet2" {
+ name = "terraform-vpc1-subnet2"
+ vpc = ibm_is_vpc.vpc1.id
+ zone = var.zone1
+ total_ipv4_address_count = var.subnetipv4count
+}
+
+resource "ibm_is_security_group" "fgt_security_group" {
+ name = "fgt-sg"
+ vpc = ibm_is_vpc.vpc1.id
+}
+
+resource "ibm_is_security_group_rule" "fgt_security_group_rule_inbound_all" {
+ group = ibm_is_security_group.fgt_security_group.id
+ direction = "inbound"
+ remote = "0.0.0.0/0"
+}
+
+resource "ibm_is_security_group_rule" "fgt_security_group_rule_outbound_all" {
+ group = ibm_is_security_group.fgt_security_group.id
+ direction = "outbound"
+ remote = "0.0.0.0/0"
+}