-
Notifications
You must be signed in to change notification settings - Fork 190
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add terraform script for openstack for flex vm license
Change-Id: Id4a7c331924e265de4425d79248df8fc1739a620
- Loading branch information
1 parent
12b0bd5
commit 4c74a04
Showing
7 changed files
with
181 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# Deployment of a FortiGate-VM on the Openstack | ||
## Introduction | ||
A Terraform script to deploy FortiGate-VM on Openstack | ||
|
||
## Requirements | ||
* [Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html) >= 0.13.0 | ||
* Terraform Provider Openstack >= 1.31.0 | ||
* FortiGate-VM Flex VM token license | ||
|
||
## Deployment overview | ||
Terraform deploys the following components: | ||
- FortiGate-VM instance(s) with two NICS | ||
|
||
## Deployment | ||
To deploy the FortiGate-VM to OCI: | ||
1. Clone the repository. | ||
2. Customize variables in the `terraform.tfvars` and `variables.tf` file as needed. | ||
3. Initialize the providers and modules: | ||
```sh | ||
$ cd XXXXX | ||
$ terraform init | ||
``` | ||
4. Submit the Terraform plan: | ||
```sh | ||
$ terraform plan | ||
``` | ||
5. Verify output. | ||
6. Confirm and apply the plan: | ||
```sh | ||
$ terraform apply | ||
``` | ||
7. If output is satisfactory, type `yes`. | ||
|
||
Output will include the information necessary to log in to the FortiGate-VM instances: | ||
```sh | ||
Outputs: | ||
|
||
Default_Password = <default password> | ||
Default_Username = admin | ||
IP_Address = { | ||
"<instance name>" = "<instance ipv4 address>" | ||
: | ||
} | ||
|
||
## Destroy the instance | ||
To destroy the instance, use the command: | ||
```sh | ||
$ terraform destroy | ||
``` | ||
|
||
# Support | ||
Fortinet-provided scripts in this and other GitHub projects do not fall under the regular Fortinet technical support scope and are not supported by FortiCare Support Services. | ||
For direct issues, please refer to the [Issues](https://github.com/fortinet/fortigate-terraform-deploy/issues) tab of this GitHub project. | ||
For other questions related to this project, contact [[email protected]](mailto:[email protected]). | ||
|
||
## License | ||
[License](https://github.com/fortinet/fortigate-terraform-deploy/blob/master/LICENSE) © Fortinet Technologies. All rights reserved. | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
resource "openstack_compute_instance_v2" "fgt" { | ||
for_each = var.flextoken | ||
name = each.value.name | ||
image_id = var.image_id | ||
flavor_id = var.flavor_id | ||
security_groups = ["${var.security_group}"] | ||
availability_zone = "nova" | ||
user_data = file("${var.boostrap_file}") | ||
config_drive = "true" | ||
|
||
// For FGTVM license file | ||
// For Flex VM, uses License-Token | ||
personality { | ||
file = "/content/0000" | ||
content = each.value.token | ||
|
||
} | ||
network { | ||
name = var.unprotect_network | ||
} | ||
|
||
network { | ||
name = var.protect_network | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
// Default Username and Password | ||
output "Default_Username" { | ||
value = "admin" | ||
} | ||
|
||
output "Default_Password" { | ||
value = "" | ||
} | ||
|
||
// Instance access IPv4 address | ||
output "IP_Address" { | ||
value = { | ||
for instance in openstack_compute_instance_v2.fgt : | ||
instance.name => instance.access_ip_v4 | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
provider "openstack" { | ||
user_name = var.user_name | ||
password = var.password | ||
auth_url = var.auth_url | ||
user_domain_name = var.user_domain_name | ||
region = var.region | ||
tenant_name = var.tenant_name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
// Change to your own variables | ||
user_name = "<user name>" | ||
password = "<user password>" | ||
auth_url = "<auth url>" | ||
user_domain_name = "<domain name>" | ||
region = "<region>" | ||
tenant_name = "<tenant>" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
variable "user_name" {} | ||
variable "password" {} | ||
variable "auth_url" {} | ||
variable "user_domain_name" {} | ||
variable "region" {} | ||
variable "tenant_name" {} | ||
|
||
// FGTVM image id | ||
variable "image_id" { | ||
default = "<FGT Image ID>" | ||
} | ||
|
||
// Flavor ID | ||
variable "flavor_id" { | ||
default = "<flavor id>" | ||
} | ||
|
||
// Bootstrap FGT configuration file | ||
variable "boostrap_file" { | ||
default = "userdata.txt" | ||
} | ||
|
||
// network for port1 | ||
variable "unprotect_network" { | ||
default = "<openstack network name>" | ||
} | ||
|
||
// network for port2 | ||
variable "protect_network" { | ||
default = "<openstack network name>" | ||
} | ||
|
||
// security group | ||
variable "security_group" { | ||
default = "<openstack security group>" | ||
} | ||
|
||
// Flex VM token | ||
// token variable needs to follow this format | ||
// LICENSE-TOKEN:<TOKEN> | ||
// One token per instance | ||
// To add more instances with new token | ||
// "second" = { | ||
// "name" = "<fgt name>", | ||
// "token" = "LICENSE-TOKEN: <Flex VM token>" | ||
// } | ||
variable "flextoken" { | ||
default = { | ||
"first" = { | ||
"name" = "fgt-first", | ||
"token" = "LICENSE-TOKEN:XXXXXXXXXXX" | ||
}, | ||
"second" = { | ||
"name" = "fgt-second", | ||
"token" = "LICENSE-TOKEN:XXXXXXXXXXX" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
terraform { | ||
required_providers { | ||
openstack = { | ||
source = "terraform-providers/openstack" | ||
} | ||
} | ||
required_version = ">= 0.13" | ||
} |