add byol license support for azure on 6.4 and update version

Change-Id: I31e8e97653e2d0e6b020426eceb19eb9f0dd571c
fortinet · Dec 3, 2020 · 5b67003 · 5b67003
1 parent 34122bb
commit 5b67003
Show file tree

Hide file tree

Showing 16 changed files with 236 additions and 52 deletions.
diff --git a/azure/6.4/ha-port1-mgmt/README.md b/azure/6.4/ha-port1-mgmt/README.md
@@ -1,4 +1,4 @@
-# Deployment of a FortiGate-VM (PAYG) Cluster on the Azure
+# Deployment of a FortiGate-VM (BYOL/PAYG) Cluster on the Azure
 ## Introduction
 ## This topology is only recommended for using with FOS 6.4.2 and later.
 ## port1 - hamgmt
@@ -17,7 +17,7 @@ A Terraform script to deploy a FortiGate-VM Cluster on Azure
 ## Deployment overview
 Terraform deploys the following components:
  - Azure Virtual Network with 4 subnets
- - Two FortiGate-VM (PAYG) instances with four NICs.
+ - Two FortiGate-VM (BYOL/PAYG) instances with four NICs.
  - Two firewall rules.
  - A Ubuntu Client instance.
 

diff --git a/azure/6.4/ha-port1-mgmt/active.tf b/azure/6.4/ha-port1-mgmt/active.tf
@@ -75,13 +75,13 @@ resource "azurerm_virtual_machine" "activefgtvm" {
  storage_image_reference {
  publisher = var.custom ? null : var.publisher
  offer = var.custom ? null : var.fgtoffer
- sku = var.custom ? null : var.fgtsku
+ sku = var.license_type == "byol" ? var.fgtsku["byol"] : var.fgtsku["payg"]
  version = var.custom ? null : var.fgtversion
  id = var.custom ? element(azurerm_image.custom.*.id, 0) : null
  }
 
  plan {
- name = var.fgtsku
+ name = var.license_type == "byol" ? var.fgtsku["byol"] : var.fgtsku["payg"]
  publisher = var.publisher
  product = var.fgtoffer
  }
@@ -127,6 +127,8 @@ resource "azurerm_virtual_machine" "activefgtvm" {
 data "template_file" "activeFortiGate" {
  template = "${file("${var.bootstrap-active}")}"
  vars = {
+ type = "${var.license_type}"
+ license_file = "${var.license}"
  port1_ip = "${var.activeport1}"
  port1_mask = "${var.activeport1mask}"
  port2_ip = "${var.activeport2}"

diff --git a/azure/6.4/ha-port1-mgmt/config-active.conf b/azure/6.4/ha-port1-mgmt/config-active.conf
@@ -1,3 +1,10 @@
+Content-Type: multipart/mixed; boundary="==AZURE=="
+MIME-Version: 1.0
+
+--==AZURE==
+Content-Type: text/x-shellscript; charset="us-ascii"
+MIME-Version: 1.0
+
 config system global
 set hostname Azure-HA-Active
 set admin-sport ${adminsport}
@@ -34,6 +41,8 @@ set priority 255
 set mode a-p
 set hbdev port4 100
 set session-pickup enable
+set hb-interval 20
+set hb-lost-threshold 60
 set ha-mgmt-status enable
 config ha-mgmt-interfaces
 edit 1
@@ -81,3 +90,15 @@ end
 next
 end
 end
+
+%{ if type == "byol" }
+--==AZURE==
+Content-Type: text/plain; charset="us-ascii"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment; filename="license"
+
+${file(license_file)}
+
+%{ endif }
+--==AZURE==--
diff --git a/azure/6.4/ha-port1-mgmt/config-passive.conf b/azure/6.4/ha-port1-mgmt/config-passive.conf
@@ -1,3 +1,10 @@
+Content-Type: multipart/mixed; boundary="==AZURE=="
+MIME-Version: 1.0
+
+--==AZURE==
+Content-Type: text/x-shellscript; charset="us-ascii"
+MIME-Version: 1.0
+
 config system global
 set hostname Azure-HA-Passive
 set admin-sport ${adminsport}
@@ -33,6 +40,8 @@ set group-name Azure-HA
 set mode a-p
 set hbdev port4 100
 set session-pickup enable
+set hb-interval 20
+set hb-lost-threshold 60
 set ha-mgmt-status enable
 config ha-mgmt-interfaces
 edit 1
@@ -80,3 +89,15 @@ end
 next
 end
 end
+
+%{ if type == "byol" }
+--==AZURE==
+Content-Type: text/plain; charset="us-ascii"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment; filename="license"
+
+${file(license_file)}
+
+%{ endif }
+--==AZURE==--
diff --git a/azure/6.4/ha-port1-mgmt/passive.tf b/azure/6.4/ha-port1-mgmt/passive.tf
@@ -63,13 +63,13 @@ resource "azurerm_virtual_machine" "passivefgtvm" {
  storage_image_reference {
  publisher = var.custom ? null : var.publisher
  offer = var.custom ? null : var.fgtoffer
- sku = var.custom ? null : var.fgtsku
+ sku = var.license_type == "byol" ? var.fgtsku["byol"] : var.fgtsku["payg"]
  version = var.custom ? null : var.fgtversion
  id = var.custom ? element(azurerm_image.custom.*.id, 0) : null
  }
 
  plan {
- name = var.fgtsku
+ name = var.license_type == "byol" ? var.fgtsku["byol"] : var.fgtsku["payg"]
  publisher = var.publisher
  product = var.fgtoffer
  }
@@ -115,6 +115,8 @@ data "template_file" "passiveFortiGate" {
  template = "${file("${var.bootstrap-passive}")}"
 
  vars = {
+ type = "${var.license_type}"
+ license_file = "${var.license2}"
  port1_ip = "${var.passiveport1}"
  port1_mask = "${var.passiveport1mask}"
  port2_ip = "${var.passiveport2}"

diff --git a/azure/6.4/ha-port1-mgmt/variables.tf b/azure/6.4/ha-port1-mgmt/variables.tf
@@ -4,6 +4,7 @@ variable client_id {}
 variable client_secret {}
 variable tenant_id {}
 
+
 // For HA, choose instance size that support 4 nics at least
 // Check : https://docs.microsoft.com/en-us/azure/virtual-machines/linux/sizes
 variable "size" {
@@ -16,7 +17,7 @@ variable "location" {
  default = "westus2"
 }
 
-// To use custom image
+// To use custom image 
 // by default is false
 variable "custom" {
  default = false
@@ -25,7 +26,7 @@ variable "custom" {
 // Custom image blob uri
 variable "customuri" {
  type = string
- default = "https://<location of the custom image blob uri>"
+ default = "<custom image blob uri>"
 }
 
 variable "custom_image_name" {
@@ -38,6 +39,12 @@ variable "custom_image_resource_group_name" {
  default = "<custom image resource group>"
 }
 
+// License Type to create FortiGate-VM
+// Provide the license type for FortiGate-VM Instances, either byol or payg.
+variable "license_type" {
+ default = "payg"
+}
+
 variable "publisher" {
  type = string
  default = "fortinet"
@@ -48,14 +55,19 @@ variable "fgtoffer" {
  default = "fortinet_fortigate-vm_v5"
 }
 
+// BYOL sku: fortinet_fg-vm
+// PAYG sku: fortinet_fg-vm_payg_20190624
 variable "fgtsku" {
- type = string
- default = "fortinet_fg-vm_payg_20190624"
+ type = map
+ default = {
+ byol = "fortinet_fg-vm"
+ payg = "fortinet_fg-vm_payg_20190624"
+ }
 }
 
 variable "fgtversion" {
  type = string
- default = "6.4.2"
+ default = "6.4.3"
 }
 
 
@@ -179,3 +191,18 @@ variable "bootstrap-passive" {
  default = "config-passive.conf"
 }
 
+
+// license file for the active fgt
+variable "license" {
+ // Change to your own byol license file, license.lic
+ type = string
+ default = "license.txt"
+}
+
+// license file for the passive fgt
+variable "license2" {
+ // Change to your own byol license file, license2.lic
+ type = string
+ default = "license2.txt"
+}
+
diff --git a/azure/6.4/ha/README.md b/azure/6.4/ha/README.md
@@ -1,4 +1,4 @@
-# Deployment of a FortiGate-VM (PAYG) Cluster on the Azure
+# Deployment of a FortiGate-VM (BYOL/PAYG) Cluster on the Azure
 ## Introduction
 A Terraform script to deploy a FortiGate-VM Cluster on Azure
 
@@ -12,7 +12,7 @@ A Terraform script to deploy a FortiGate-VM Cluster on Azure
 ## Deployment overview
 Terraform deploys the following components:
  - Azure Virtual Network with 4 subnets
- - Two FortiGate-VM (PAYG) instances with four NICs.
+ - Two FortiGate-VM (BYOL/PAYG) instances with four NICs.
  - Two firewall rules.
  - A Ubuntu Client instance.
 

diff --git a/azure/6.4/ha/active.tf b/azure/6.4/ha/active.tf
@@ -75,13 +75,13 @@ resource "azurerm_virtual_machine" "activefgtvm" {
  storage_image_reference {
  publisher = var.custom ? null : var.publisher
  offer = var.custom ? null : var.fgtoffer
- sku = var.custom ? null : var.fgtsku
+ sku = var.license_type == "byol" ? var.fgtsku["byol"] : var.fgtsku["payg"]
  version = var.custom ? null : var.fgtversion
  id = var.custom ? element(azurerm_image.custom.*.id, 0) : null
  }
 
  plan {
- name = var.fgtsku
+ name = var.license_type == "byol" ? var.fgtsku["byol"] : var.fgtsku["payg"]
  publisher = var.publisher
  product = var.fgtoffer
  }
@@ -127,6 +127,8 @@ resource "azurerm_virtual_machine" "activefgtvm" {
 data "template_file" "activeFortiGate" {
  template = "${file("${var.bootstrap-active}")}"
  vars = {
+ type = "${var.license_type}"
+ license_file = "${var.license}"
  port1_ip = "${var.activeport1}"
  port1_mask = "${var.activeport1mask}"
  port2_ip = "${var.activeport2}"

diff --git a/azure/6.4/ha/config-active.conf b/azure/6.4/ha/config-active.conf
@@ -1,16 +1,23 @@
+Content-Type: multipart/mixed; boundary="==AZURE=="
+MIME-Version: 1.0
+
+--==AZURE==
+Content-Type: text/x-shellscript; charset="us-ascii"
+MIME-Version: 1.0
+
 config system global
 set hostname Azure-HA-Active
 set admin-sport ${adminsport}
 end
 config system interface
 edit port1
-set alias public
+set alias untrust
 set mode static
 set ip ${port1_ip} ${port1_mask}
 set allowaccess ping https ssh fgfm
 next
 edit port2
-set alias private
+set alias trust
 set mode static
 set ip ${port2_ip} ${port2_mask}
 set allowaccess ping https ssh fgfm
@@ -35,6 +42,8 @@ set mode a-p
 set hbdev port3 100
 set session-pickup enable
 set ha-mgmt-status enable
+set hb-interval 20
+set hb-lost-threshold 60
 config ha-mgmt-interfaces
 edit 1
 set interface port4
@@ -81,3 +90,15 @@ end
 next
 end
 end
+
+%{ if type == "byol" }
+--==AZURE==
+Content-Type: text/plain; charset="us-ascii"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment; filename="license"
+
+${file(license_file)}
+
+%{ endif }
+--==AZURE==--
diff --git a/azure/6.4/ha/config-passive.conf b/azure/6.4/ha/config-passive.conf
@@ -1,16 +1,23 @@
+Content-Type: multipart/mixed; boundary="==AZURE=="
+MIME-Version: 1.0
+
+--==AZURE==
+Content-Type: text/x-shellscript; charset="us-ascii"
+MIME-Version: 1.0
+
 config system global
 set hostname Azure-HA-Passive
 set admin-sport ${adminsport}
 end
 config system interface
 edit port1
-set alias public
+set alias untrust
 set mode static
 set ip ${port1_ip} ${port1_mask}
 set allowaccess ping https ssh fgfm
 next
 edit port2
-set alias private
+set alias trust
 set mode static
 set ip ${port2_ip} ${port2_mask}
 set allowaccess ping https ssh fgfm
@@ -33,6 +40,8 @@ set group-name Azure-HA
 set mode a-p
 set hbdev port3 100
 set session-pickup enable
+set hb-interval 20
+set hb-lost-threshold 60
 set ha-mgmt-status enable
 config ha-mgmt-interfaces
 edit 1
@@ -80,3 +89,15 @@ end
 next
 end
 end
+
+%{ if type == "byol" }
+--==AZURE==
+Content-Type: text/plain; charset="us-ascii"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment; filename="license"
+
+${file(license_file)}
+
+%{ endif }
+--==AZURE==--
diff --git a/azure/6.4/ha/passive.tf b/azure/6.4/ha/passive.tf
@@ -63,13 +63,13 @@ resource "azurerm_virtual_machine" "passivefgtvm" {
  storage_image_reference {
  publisher = var.custom ? null : var.publisher
  offer = var.custom ? null : var.fgtoffer
- sku = var.custom ? null : var.fgtsku
+ sku = var.license_type == "byol" ? var.fgtsku["byol"] : var.fgtsku["payg"]
  version = var.custom ? null : var.fgtversion
  id = var.custom ? element(azurerm_image.custom.*.id, 0) : null
  }
 
  plan {
- name = var.fgtsku
+ name = var.license_type == "byol" ? var.fgtsku["byol"] : var.fgtsku["payg"]
  publisher = var.publisher
  product = var.fgtoffer
  }
@@ -115,6 +115,8 @@ data "template_file" "passiveFortiGate" {
  template = "${file("${var.bootstrap-passive}")}"
 
  vars = {
+ type = "${var.license_type}"
+ license_file = "${var.license2}"
  port1_ip = "${var.passiveport1}"
  port1_mask = "${var.passiveport1mask}"
  port2_ip = "${var.passiveport2}"