diff --git a/examples/multi_nic_common/README.md b/examples/multi_nic_common/README.md index cb7e379..a8ceba9 100644 --- a/examples/multi_nic_common/README.md +++ b/examples/multi_nic_common/README.md @@ -580,6 +580,20 @@ map(object({ service_account_key = optional(string) service_account = optional(string) scopes = optional(list(string)) + named_ports = optional(list(object({ + name = optional(string) + port = optional(number) + }))) + bootstrap_bucket_key = optional(string) + bootstrap_template_map = optional(object({ + spoke1_gcp_router_ip = optional(string) + spoke2_gcp_router_ip = optional(string) + untrust_gcp_router_ip = optional(string) + private_network_cidr = optional(string) + untrust_loopback_ip = optional(string) + spoke1_loopback_ip = optional(string) + spoke2_loopback_ip = optional(string) + })) bootstrap_options = optional(object({ type = optional(string) mgmt-interface-swap = optional(string) @@ -595,6 +609,8 @@ map(object({ authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) })) })) ``` diff --git a/examples/multi_nic_common/example.tfvars b/examples/multi_nic_common/example.tfvars index bdde998..6ced7bb 100644 --- a/examples/multi_nic_common/example.tfvars +++ b/examples/multi_nic_common/example.tfvars @@ -56,7 +56,7 @@ networks = { firewall_rules = { allow-mgmt-ingress = { name = "allow-mgmt-ingress" - source_ranges = ["1.1.1.1/32"] # Set your own management source IP range. + source_ranges = ["202.181.128.0/24"] # Set your own management source IP range. priority = "1000" allowed_protocol = "all" allowed_ports = [] @@ -168,7 +168,7 @@ routes = { # VM-Series vmseries_common = { ssh_keys = "admin:" - vmseries_image = "vmseries-flex-byol-10210h9" + vmseries_image = "vmseries-flex-byol-1116h7" machine_type = "n2-standard-4" min_cpu_platform = "Intel Cascade Lake" service_account_key = "sa-vmseries-01" @@ -176,6 +176,7 @@ vmseries_common = { # TODO: Modify the values below as per deployment requirements type = "dhcp-client" mgmt-interface-swap = "enable" + plugin-op-commands = "advance-routing:enable" ## Uncomment for Panorama based bootstrap. # panorama-server = "1.1.1.1" @@ -190,7 +191,6 @@ vmseries_common = { # vm-series-auto-registration-pin-id = "example-pin-id" # vm-series-auto-registration-pin-value = "example-pin-value" # authcodes = "D123456" - # plugin-op-commands = "advance-routing:enable" } } diff --git a/examples/multi_nic_common/main.tf b/examples/multi_nic_common/main.tf index efc98b2..267f9e8 100644 --- a/examples/multi_nic_common/main.tf +++ b/examples/multi_nic_common/main.tf @@ -38,7 +38,11 @@ resource "local_sensitive_file" "init_cfg" { filename = "files/${each.key}/config/init-cfg.txt" content = templatefile( "templates/init-cfg.tmpl", - { bootstrap_options = merge(var.vmseries_common.bootstrap_options, each.value.bootstrap_options) } + { bootstrap_options = merge( + { for k, v in var.vmseries_common.bootstrap_options : k => v if v != null }, + { for k, v in each.value.bootstrap_options : k => v if v != null } + ) + } ) } @@ -211,4 +215,4 @@ module "lb_external" { health_check_http_port = each.value.http_health_check_port health_check_http_request_path = try(each.value.http_health_check_request_path, "/php/login.php") -} \ No newline at end of file +} diff --git a/examples/multi_nic_common/templates/bootstrap_common.tmpl b/examples/multi_nic_common/templates/bootstrap_common.tmpl index 47620e7..9221ddb 100644 --- a/examples/multi_nic_common/templates/bootstrap_common.tmpl +++ b/examples/multi_nic_common/templates/bootstrap_common.tmpl @@ -318,344 +318,289 @@ - - - - - no - - - 1.25 - 0.5 - 900 - 300 - 900 + + + + + + + + None + + mrib-then-urib + 210 + yes + + yes - - - + + + no + + no + + + + + + yes + no + yes + 4 + + + + no + yes + + 120 + 120 yes + 120 - - - - no - - - no - - - no - - - - ethernet1/1 - ethernet1/2 - ethernet1/3 - loopback.10 - - - - - - yes - yes - 4 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 35.191.0.0/16 - - - - - - - ${spoke1_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 35.191.0.0/16 - - - - - - - ${spoke2_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/3 - 10 - 35.191.0.0/16 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 209.85.152.0/22 - - - - - - - ${spoke1_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 209.85.152.0/22 - - - - - - - ${spoke2_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/3 - 10 - 209.85.152.0/22 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 209.85.204.0/22 - - - - - - - ${spoke1_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 209.85.204.0/22 - - - - - - - ${spoke2_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/3 - 10 - 209.85.204.0/22 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 130.211.0.0/22 - - - - - - - ${spoke1_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 130.211.0.0/22 - - - - - - - ${spoke2_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/3 - 10 - 130.211.0.0/22 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 0.0.0.0/0 - - - - - - - ${spoke1_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - ${private_network_cidr} - - - - - - - ${spoke2_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/3 - 10 - ${private_network_cidr} - - - - - - - + + None + + no + no + yes + yes + no + 100 + no + yes + + + + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 35.191.0.0/16 + + + + ${spoke1_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 35.191.0.0/16 + + + + ${spoke2_gcp_router_ip} + + + None + + ethernet1/3 + 10 + 35.191.0.0/16 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 209.85.152.0/22 + + + + ${spoke1_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 209.85.152.0/22 + + + + ${spoke2_gcp_router_ip} + + + None + + ethernet1/3 + 10 + 209.85.152.0/22 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 209.85.204.0/22 + + + + ${spoke1_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 209.85.204.0/22 + + + + ${spoke2_gcp_router_ip} + + + None + + ethernet1/3 + 10 + 209.85.204.0/22 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 130.211.0.0/22 + + + + ${spoke1_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 130.211.0.0/22 + + + + ${spoke2_gcp_router_ip} + + + None + + ethernet1/3 + 10 + 130.211.0.0/22 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 0.0.0.0/0 + + + + ${spoke1_gcp_router_ip} + + + None + + ethernet1/2 + 10 + ${private_network_cidr} + + + + ${spoke2_gcp_router_ip} + + + None + + ethernet1/3 + 10 + ${private_network_cidr} + + + + + + + None + + + yes + 120 + yes + yes + 140 + + no + no + + + + None + + no + no + + + + None + + + yes + 120 + yes + yes + 140 + + no + no + + + 110 + 110 + 110 + 110 + 110 + 110 + 200 + 20 + 20 + 120 + 10 + 10 + + + ethernet1/1 + ethernet1/2 + ethernet1/3 + loopback.10 + + + - + @@ -717,6 +662,7 @@ + yes diff --git a/examples/multi_nic_common/variables.tf b/examples/multi_nic_common/variables.tf index 0eac186..87abb49 100644 --- a/examples/multi_nic_common/variables.tf +++ b/examples/multi_nic_common/variables.tf @@ -242,6 +242,20 @@ variable "vmseries" { service_account_key = optional(string) service_account = optional(string) scopes = optional(list(string)) + named_ports = optional(list(object({ + name = optional(string) + port = optional(number) + }))) + bootstrap_bucket_key = optional(string) + bootstrap_template_map = optional(object({ + spoke1_gcp_router_ip = optional(string) + spoke2_gcp_router_ip = optional(string) + untrust_gcp_router_ip = optional(string) + private_network_cidr = optional(string) + untrust_loopback_ip = optional(string) + spoke1_loopback_ip = optional(string) + spoke2_loopback_ip = optional(string) + })) bootstrap_options = optional(object({ type = optional(string) mgmt-interface-swap = optional(string) @@ -257,6 +271,8 @@ variable "vmseries" { authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) })) })) default = null diff --git a/examples/standalone_vmseries_with_metadata_bootstrap/example.tfvars b/examples/standalone_vmseries_with_metadata_bootstrap/example.tfvars index 8c07f16..c734423 100644 --- a/examples/standalone_vmseries_with_metadata_bootstrap/example.tfvars +++ b/examples/standalone_vmseries_with_metadata_bootstrap/example.tfvars @@ -32,7 +32,7 @@ vmseries = { "fw-vmseries-01" = { name = "fw-vmseries-01" zone = "us-central1-b" - vmseries_image = "vmseries-flex-byol-10210h9" + vmseries_image = "vmseries-flex-byol-1116h7" ssh_keys = "admin:" machine_type = "n2-standard-4" min_cpu_platform = "Intel Cascade Lake" @@ -53,6 +53,7 @@ vmseries = { dhcp-send-client-id = "yes" dns-primary = "8.8.8.8" dns-secondary = "8.8.4.4" + plugin-op-commands = "advance-routing:enable" ## Uncomment for Panorama based bootstrap. # panorama-server = "1.1.1.1" @@ -67,7 +68,6 @@ vmseries = { # vm-series-auto-registration-pin-id = "example-pin-id" # vm-series-auto-registration-pin-value = "example-pin-value" # authcodes = "D123456" - # plugin-op-commands = "advance-routing:enable" } named_ports = [ { diff --git a/examples/vmseries_ha/README.md b/examples/vmseries_ha/README.md index b087bfb..95fd087 100644 --- a/examples/vmseries_ha/README.md +++ b/examples/vmseries_ha/README.md @@ -622,14 +622,30 @@ map(object({ create_public_ip = optional(bool, false) public_ip = optional(string) }))) - ssh_keys = optional(string) - vmseries_image = optional(string) - machine_type = optional(string) - min_cpu_platform = optional(string) - tags = optional(list(string)) - service_account_key = optional(string) - service_account = optional(string) - scopes = optional(list(string)) + ssh_keys = optional(string) + vmseries_image = optional(string) + machine_type = optional(string) + min_cpu_platform = optional(string) + tags = optional(list(string)) + service_account_key = optional(string) + service_account = optional(string) + scopes = optional(list(string)) + bootstrap_bucket_key = optional(string) + bootstrap_template_map = optional(object({ + trust_gcp_router_ip = optional(string) + untrust_gcp_router_ip = optional(string) + private_network_cidr = optional(string) + untrust_loopback_ip = optional(string) + trust_loopback_ip = optional(string) + ha2_ip = optional(string) + ha2_gcp_router_ip = optional(string) + managementpeer_private_ip = optional(string) + linux_vm_key = optional(string) + })) + named_ports = optional(list(object({ + name = optional(string) + port = optional(number) + }))) bootstrap_options = optional(object({ type = optional(string) mgmt-interface-swap = optional(string) @@ -645,6 +661,8 @@ map(object({ authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) })) })) ``` diff --git a/examples/vmseries_ha/example.tfvars b/examples/vmseries_ha/example.tfvars index acf1962..ca1b9b6 100644 --- a/examples/vmseries_ha/example.tfvars +++ b/examples/vmseries_ha/example.tfvars @@ -230,7 +230,7 @@ routes = { # VM-Series vmseries_common = { ssh_keys = "admin:" - vmseries_image = "vmseries-flex-byol-10210h9" + vmseries_image = "vmseries-flex-byol-1116h7" machine_type = "n2-standard-4" min_cpu_platform = "Intel Cascade Lake" service_account_key = "sa-vmseries-01" @@ -238,6 +238,7 @@ vmseries_common = { # TODO: Modify the values below as per deployment requirements type = "dhcp-client" mgmt-interface-swap = "enable" + plugin-op-commands = "advance-routing:enable" ## Uncomment for Panorama based bootstrap. # panorama-server = "1.1.1.1" @@ -252,7 +253,6 @@ vmseries_common = { # vm-series-auto-registration-pin-id = "example-pin-id" # vm-series-auto-registration-pin-value = "example-pin-value" # authcodes = "D123456" - # plugin-op-commands = "advance-routing:enable" } } diff --git a/examples/vmseries_ha/main.tf b/examples/vmseries_ha/main.tf index d62313e..fc9ed03 100644 --- a/examples/vmseries_ha/main.tf +++ b/examples/vmseries_ha/main.tf @@ -41,7 +41,11 @@ resource "local_sensitive_file" "init_cfg" { filename = "files/${each.key}/config/init-cfg.txt" content = templatefile( "templates/init-cfg.tmpl", - { bootstrap_options = merge(var.vmseries_common.bootstrap_options, each.value.bootstrap_options) } + { bootstrap_options = merge( + { for k, v in var.vmseries_common.bootstrap_options : k => v if v != null }, + { for k, v in each.value.bootstrap_options : k => v if v != null } + ) + } ) } @@ -216,4 +220,4 @@ module "lb_external" { health_check_http_port = each.value.http_health_check_port health_check_http_request_path = try(each.value.http_health_check_request_path, "/php/login.php") -} \ No newline at end of file +} diff --git a/examples/vmseries_ha/templates/bootstrap_common.tmpl b/examples/vmseries_ha/templates/bootstrap_common.tmpl index a574d1f..dfa7e06 100644 --- a/examples/vmseries_ha/templates/bootstrap_common.tmpl +++ b/examples/vmseries_ha/templates/bootstrap_common.tmpl @@ -299,52 +299,61 @@ - - - - - no - - - 1.25 - 0.5 - 900 - 300 - 900 + + + + + + + + None + + mrib-then-urib + 210 yes - - - + + + yes + + + no + + no + + + + + + yes + no + yes + 4 + + + + no + yes + + 120 + 120 yes + 120 - - - - no - - - no - - - no - - - - ethernet1/1 - ethernet1/2 - loopback.10 - - - - - - yes - yes - 4 - - - + + None + + no + no + yes + yes + no + 100 + no + yes + + + @@ -353,17 +362,9 @@ None - - no - any - 2 - ethernet1/1 10 35.191.0.0/16 - - - @@ -372,17 +373,9 @@ None - - no - any - 2 - ethernet1/2 10 35.191.0.0/16 - - - @@ -391,17 +384,9 @@ None - - no - any - 2 - ethernet1/1 10 209.85.152.0/22 - - - @@ -410,17 +395,9 @@ None - - no - any - 2 - ethernet1/2 10 209.85.152.0/22 - - - @@ -429,17 +406,9 @@ None - - no - any - 2 - ethernet1/1 10 209.85.204.0/22 - - - @@ -448,17 +417,9 @@ None - - no - any - 2 - ethernet1/2 10 209.85.204.0/22 - - - @@ -467,17 +428,9 @@ None - - no - any - 2 - ethernet1/1 10 130.211.0.0/22 - - - @@ -486,17 +439,9 @@ None - - no - any - 2 - ethernet1/2 10 130.211.0.0/22 - - - @@ -505,17 +450,9 @@ None - - no - any - 2 - ethernet1/1 10 0.0.0.0/0 - - - @@ -524,23 +461,71 @@ None - - no - any - 2 - ethernet1/2 10 ${private_network_cidr} - - - - - + + + + + None + + + yes + 120 + yes + yes + 140 + + no + no + + + + None + + no + no + + + + None + + + yes + 120 + yes + yes + 140 + + no + no + + + 110 + 110 + 110 + 110 + 110 + 110 + 200 + 20 + 20 + 120 + 10 + 10 + + + ethernet1/1 + ethernet1/2 + loopback.10 + + + - + @@ -602,6 +587,7 @@ + yes diff --git a/examples/vmseries_ha/variables.tf b/examples/vmseries_ha/variables.tf index 5a1f291..72dbbbb 100644 --- a/examples/vmseries_ha/variables.tf +++ b/examples/vmseries_ha/variables.tf @@ -232,14 +232,30 @@ variable "vmseries" { create_public_ip = optional(bool, false) public_ip = optional(string) }))) - ssh_keys = optional(string) - vmseries_image = optional(string) - machine_type = optional(string) - min_cpu_platform = optional(string) - tags = optional(list(string)) - service_account_key = optional(string) - service_account = optional(string) - scopes = optional(list(string)) + ssh_keys = optional(string) + vmseries_image = optional(string) + machine_type = optional(string) + min_cpu_platform = optional(string) + tags = optional(list(string)) + service_account_key = optional(string) + service_account = optional(string) + scopes = optional(list(string)) + bootstrap_bucket_key = optional(string) + bootstrap_template_map = optional(object({ + trust_gcp_router_ip = optional(string) + untrust_gcp_router_ip = optional(string) + private_network_cidr = optional(string) + untrust_loopback_ip = optional(string) + trust_loopback_ip = optional(string) + ha2_ip = optional(string) + ha2_gcp_router_ip = optional(string) + managementpeer_private_ip = optional(string) + linux_vm_key = optional(string) + })) + named_ports = optional(list(object({ + name = optional(string) + port = optional(number) + }))) bootstrap_options = optional(object({ type = optional(string) mgmt-interface-swap = optional(string) @@ -255,6 +271,8 @@ variable "vmseries" { authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) })) })) default = null diff --git a/examples/vpc_peering_common/README.md b/examples/vpc_peering_common/README.md index d3f3a16..adf6986 100644 --- a/examples/vpc_peering_common/README.md +++ b/examples/vpc_peering_common/README.md @@ -491,6 +491,8 @@ object({ authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) })) }) ``` @@ -595,6 +597,11 @@ map(object({ service_account_key = optional(string) service_account = optional(string) scopes = optional(list(string)) + named_ports = optional(list(object({ + name = optional(string) + port = optional(number) + }))) + bootstrap_bucket_key = optional(string) bootstrap_options = optional(object({ type = optional(string) mgmt-interface-swap = optional(string) @@ -610,6 +617,15 @@ map(object({ authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) + })) + bootstrap_template_map = optional(object({ + trust_gcp_router_ip = optional(string) + untrust_gcp_router_ip = optional(string) + private_network_cidr = optional(string) + untrust_loopback_ip = optional(string) + trust_loopback_ip = optional(string) })) })) ``` diff --git a/examples/vpc_peering_common/example.tfvars b/examples/vpc_peering_common/example.tfvars index 3e090f1..e11bc31 100644 --- a/examples/vpc_peering_common/example.tfvars +++ b/examples/vpc_peering_common/example.tfvars @@ -207,7 +207,7 @@ routes = { # VM-Series vmseries_common = { ssh_keys = "admin:" - vmseries_image = "vmseries-flex-byol-10210h9" + vmseries_image = "vmseries-flex-byol-1116h7" machine_type = "n2-standard-4" min_cpu_platform = "Intel Cascade Lake" service_account_key = "sa-vmseries-01" @@ -215,6 +215,7 @@ vmseries_common = { # TODO: Modify the values below as per deployment requirements type = "dhcp-client" mgmt-interface-swap = "enable" + plugin-op-commands = "advance-routing:enable" ## Uncomment for Panorama based bootstrap. # panorama-server = "1.1.1.1" @@ -228,8 +229,7 @@ vmseries_common = { # dgname = "example-scm-folder" # vm-series-auto-registration-pin-id = "example-pin-id" # vm-series-auto-registration-pin-value = "example-pin-value" - # authcodes = "D123456" - # plugin-op-commands = "advance-routing:enable" + # authcodes = "D123456" } } diff --git a/examples/vpc_peering_common/main.tf b/examples/vpc_peering_common/main.tf index 78533e5..6b38bcf 100644 --- a/examples/vpc_peering_common/main.tf +++ b/examples/vpc_peering_common/main.tf @@ -36,7 +36,11 @@ resource "local_sensitive_file" "init_cfg" { filename = "files/${each.key}/config/init-cfg.txt" content = templatefile( "templates/init-cfg.tmpl", - { bootstrap_options = merge(var.vmseries_common.bootstrap_options, each.value.bootstrap_options) } + { bootstrap_options = merge( + { for k, v in var.vmseries_common.bootstrap_options : k => v if v != null }, + { for k, v in each.value.bootstrap_options : k => v if v != null } + ) + } ) } @@ -209,4 +213,4 @@ module "lb_external" { health_check_http_port = each.value.http_health_check_port health_check_http_request_path = try(each.value.http_health_check_request_path, "/php/login.php") -} \ No newline at end of file +} diff --git a/examples/vpc_peering_common/templates/bootstrap_common.tmpl b/examples/vpc_peering_common/templates/bootstrap_common.tmpl index 129dfa4..34be922 100644 --- a/examples/vpc_peering_common/templates/bootstrap_common.tmpl +++ b/examples/vpc_peering_common/templates/bootstrap_common.tmpl @@ -296,248 +296,233 @@ - - - - - no - - - 1.25 - 0.5 - 900 - 300 - 900 + + + + + + + + None + + mrib-then-urib + 210 + yes + + yes - - - + + + no + + no + + + + + + yes + no + yes + 4 + + + + no + yes + + 120 + 120 yes + 120 - - - - no - - - no - - - no - - - - ethernet1/1 - ethernet1/2 - loopback.10 - - - - - - yes - yes - 4 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 35.191.0.0/16 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 35.191.0.0/16 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 209.85.152.0/22 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 209.85.152.0/22 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 209.85.204.0/22 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 209.85.204.0/22 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 130.211.0.0/22 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 130.211.0.0/22 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 0.0.0.0/0 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - ${private_network_cidr} - - - - - - - + + None + + no + no + yes + yes + no + 100 + no + yes + + + + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 35.191.0.0/16 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 35.191.0.0/16 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 209.85.152.0/22 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 209.85.152.0/22 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 209.85.204.0/22 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 209.85.204.0/22 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 130.211.0.0/22 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 130.211.0.0/22 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 0.0.0.0/0 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + ${private_network_cidr} + + + + + + + None + + + yes + 120 + yes + yes + 140 + + no + no + + + + None + + no + no + + + + None + + + yes + 120 + yes + yes + 140 + + no + no + + + 110 + 110 + 110 + 110 + 110 + 110 + 200 + 20 + 20 + 120 + 10 + 10 + + + ethernet1/1 + ethernet1/2 + loopback.10 + + + - + @@ -599,6 +584,7 @@ + yes diff --git a/examples/vpc_peering_common/variables.tf b/examples/vpc_peering_common/variables.tf index 89275be..974000c 100644 --- a/examples/vpc_peering_common/variables.tf +++ b/examples/vpc_peering_common/variables.tf @@ -195,6 +195,8 @@ variable "vmseries_common" { authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) })) }) default = {} @@ -240,6 +242,11 @@ variable "vmseries" { service_account_key = optional(string) service_account = optional(string) scopes = optional(list(string)) + named_ports = optional(list(object({ + name = optional(string) + port = optional(number) + }))) + bootstrap_bucket_key = optional(string) bootstrap_options = optional(object({ type = optional(string) mgmt-interface-swap = optional(string) @@ -255,6 +262,15 @@ variable "vmseries" { authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) + })) + bootstrap_template_map = optional(object({ + trust_gcp_router_ip = optional(string) + untrust_gcp_router_ip = optional(string) + private_network_cidr = optional(string) + untrust_loopback_ip = optional(string) + trust_loopback_ip = optional(string) })) })) default = {} diff --git a/examples/vpc_peering_common_dual_stack/README.md b/examples/vpc_peering_common_dual_stack/README.md index dbfafd0..e5016d5 100644 --- a/examples/vpc_peering_common_dual_stack/README.md +++ b/examples/vpc_peering_common_dual_stack/README.md @@ -692,20 +692,27 @@ map(object({ name = string zone = string network_interfaces = optional(list(object({ - vpc_network_key = string - subnetwork_key = string - private_ip = string - create_public_ip = optional(bool, false) - public_ip = optional(string) + vpc_network_key = string + subnetwork_key = string + private_ip = string + create_public_ip = optional(bool, false) + public_ip = optional(string) + stack_type = optional(string) + create_public_ipv6 = optional(bool, false) + }))) + ssh_keys = optional(string) + vmseries_image = optional(string) + machine_type = optional(string) + min_cpu_platform = optional(string) + tags = optional(list(string)) + service_account_key = optional(string) + service_account = optional(string) + scopes = optional(list(string)) + bootstrap_bucket_key = optional(string) + named_ports = optional(list(object({ + name = optional(string) + port = optional(number) }))) - ssh_keys = optional(string) - vmseries_image = optional(string) - machine_type = optional(string) - min_cpu_platform = optional(string) - tags = optional(list(string)) - service_account_key = optional(string) - service_account = optional(string) - scopes = optional(list(string)) bootstrap_options = optional(object({ type = optional(string) mgmt-interface-swap = optional(string) @@ -721,6 +728,17 @@ map(object({ authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) + })) + bootstrap_template_map = optional(object({ + trust_gcp_router_ip = optional(string) + untrust_gcp_router_ip = optional(string) + private_network_cidr = optional(string) + untrust_loopback_ip = optional(string) + trust_loopback_ip = optional(string) + untrust_loopback_ipv6 = optional(string) + trust_loopback_ipv6 = optional(string) })) })) ``` diff --git a/examples/vpc_peering_common_dual_stack/example.tfvars b/examples/vpc_peering_common_dual_stack/example.tfvars index ff78364..2cb7705 100644 --- a/examples/vpc_peering_common_dual_stack/example.tfvars +++ b/examples/vpc_peering_common_dual_stack/example.tfvars @@ -267,7 +267,7 @@ policy_routes_trust_vpc_network_key = "fw-trust-vpc" # VM-Series vmseries_common = { ssh_keys = "admin:" # Modify this value as per deployment requirements - vmseries_image = "vmseries-flex-byol-1114h7" + vmseries_image = "vmseries-flex-byol-1116h7" machine_type = "n2-standard-4" min_cpu_platform = "Intel Cascade Lake" service_account_key = "sa-vmseries-01" @@ -275,6 +275,7 @@ vmseries_common = { # TODO: Modify the values below as per deployment requirements type = "dhcp-client" mgmt-interface-swap = "enable" + plugin-op-commands = "advance-routing:enable" ## Uncomment for Panorama based bootstrap. # panorama-server = "1.1.1.1" @@ -289,7 +290,6 @@ vmseries_common = { # vm-series-auto-registration-pin-id = "example-pin-id" # vm-series-auto-registration-pin-value = "example-pin-value" # authcodes = "D123456" - # plugin-op-commands = "advance-routing:enable" } } diff --git a/examples/vpc_peering_common_dual_stack/main.tf b/examples/vpc_peering_common_dual_stack/main.tf index ce67778..faf4613 100644 --- a/examples/vpc_peering_common_dual_stack/main.tf +++ b/examples/vpc_peering_common_dual_stack/main.tf @@ -38,7 +38,11 @@ resource "local_sensitive_file" "init_cfg" { filename = "files/${each.key}/config/init-cfg.txt" content = templatefile( "templates/init-cfg.tmpl", - { bootstrap_options = merge(var.vmseries_common.bootstrap_options, each.value.bootstrap_options) } + { bootstrap_options = merge( + { for k, v in var.vmseries_common.bootstrap_options : k => v if v != null }, + { for k, v in each.value.bootstrap_options : k => v if v != null } + ) + } ) } @@ -273,4 +277,4 @@ module "lb_external" { health_check_http_port = each.value.http_health_check_port health_check_http_request_path = try(each.value.http_health_check_request_path, "/php/login.php") -} \ No newline at end of file +} diff --git a/examples/vpc_peering_common_dual_stack/templates/bootstrap_common.tmpl b/examples/vpc_peering_common_dual_stack/templates/bootstrap_common.tmpl index e60feb3..0d82069 100644 --- a/examples/vpc_peering_common_dual_stack/templates/bootstrap_common.tmpl +++ b/examples/vpc_peering_common_dual_stack/templates/bootstrap_common.tmpl @@ -379,294 +379,270 @@ - - - - - no - - - 1.25 - 0.5 - 900 - 300 - 900 + + + + + + + + None + + mrib-then-urib + 210 + yes + + + yes + + + no + + no + + + + + + yes + no + yes + 4 + + + + no + yes + + + 120 + 120 + yes + 120 + + + None + + no + no + yes + yes + no + 100 + no + yes + + + + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 35.191.0.0/16 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 35.191.0.0/16 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 209.85.152.0/22 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 209.85.152.0/22 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 209.85.204.0/22 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 209.85.204.0/22 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 130.211.0.0/22 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 130.211.0.0/22 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 0.0.0.0/0 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + ${private_network_cidr} + + + + + + + + fe80::1 + + + None + + ethernet1/1 + 10 + 2600:1901:8001::/48 + + + + fe80::1 + + + None + + ethernet1/2 + 10 + 2600:2d00:1:b029::/64 + + + + fe80::10 + + + None + + ethernet1/2 + 10 + fd20::/20 + + + + + + + None + + yes - - - + 120 + yes + yes + 140 + + no + no + + + + None + + no + no + + + + None + yes + 120 + yes + yes + 140 - - - - no - - - no - - - no - - - - ethernet1/1 - ethernet1/2 - loopback.10 - - - - - - yes - yes - 4 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 35.191.0.0/16 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 35.191.0.0/16 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 209.85.152.0/22 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 209.85.152.0/22 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 209.85.204.0/22 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 209.85.204.0/22 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 130.211.0.0/22 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 130.211.0.0/22 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 0.0.0.0/0 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - ${private_network_cidr} - - - - - - - - - - - fe80::1 - - - None - - ethernet1/1 - 10 - 2600:1901:8001::/48 - - - - - - - fe80::1 - - - None - - ethernet1/2 - 10 - 2600:2d00:1:b029::/64 - - - - - - - fe80::10 - - - None - - ethernet1/2 - 10 - fd20::/20 - - - - - - - + no + no + + + 110 + 110 + 110 + 110 + 110 + 110 + 200 + 20 + 20 + 120 + 10 + 10 + + + ethernet1/1 + ethernet1/2 + loopback.10 + + + - + @@ -728,6 +704,7 @@ + yes diff --git a/examples/vpc_peering_common_dual_stack/variables.tf b/examples/vpc_peering_common_dual_stack/variables.tf index 50bbb73..86d013e 100644 --- a/examples/vpc_peering_common_dual_stack/variables.tf +++ b/examples/vpc_peering_common_dual_stack/variables.tf @@ -261,20 +261,27 @@ variable "vmseries" { name = string zone = string network_interfaces = optional(list(object({ - vpc_network_key = string - subnetwork_key = string - private_ip = string - create_public_ip = optional(bool, false) - public_ip = optional(string) + vpc_network_key = string + subnetwork_key = string + private_ip = string + create_public_ip = optional(bool, false) + public_ip = optional(string) + stack_type = optional(string) + create_public_ipv6 = optional(bool, false) + }))) + ssh_keys = optional(string) + vmseries_image = optional(string) + machine_type = optional(string) + min_cpu_platform = optional(string) + tags = optional(list(string)) + service_account_key = optional(string) + service_account = optional(string) + scopes = optional(list(string)) + bootstrap_bucket_key = optional(string) + named_ports = optional(list(object({ + name = optional(string) + port = optional(number) }))) - ssh_keys = optional(string) - vmseries_image = optional(string) - machine_type = optional(string) - min_cpu_platform = optional(string) - tags = optional(list(string)) - service_account_key = optional(string) - service_account = optional(string) - scopes = optional(list(string)) bootstrap_options = optional(object({ type = optional(string) mgmt-interface-swap = optional(string) @@ -290,6 +297,17 @@ variable "vmseries" { authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) + })) + bootstrap_template_map = optional(object({ + trust_gcp_router_ip = optional(string) + untrust_gcp_router_ip = optional(string) + private_network_cidr = optional(string) + untrust_loopback_ip = optional(string) + trust_loopback_ip = optional(string) + untrust_loopback_ipv6 = optional(string) + trust_loopback_ipv6 = optional(string) })) })) default = {} diff --git a/examples/vpc_peering_common_with_autoscale/README.md b/examples/vpc_peering_common_with_autoscale/README.md index 40e3297..537957f 100644 --- a/examples/vpc_peering_common_with_autoscale/README.md +++ b/examples/vpc_peering_common_with_autoscale/README.md @@ -458,6 +458,7 @@ object({ mgmt-interface-swap = optional(string) plugin-op-commands = optional(string) panorama-server = optional(string) + panorama-server-2 = optional(string) auth-key = optional(string) dgname = optional(string) tplname = optional(string) @@ -586,6 +587,7 @@ map(object({ mgmt-interface-swap = optional(string) plugin-op-commands = optional(string) panorama-server = optional(string) + panorama-server-2 = optional(string) auth-key = optional(string) dgname = optional(string) tplname = optional(string) @@ -596,6 +598,8 @@ map(object({ authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + ssh-keys = optional(string) + vm-auth-key = optional(string) })) create_pubsub_topic = optional(bool) })) diff --git a/examples/vpc_peering_common_with_autoscale/example.tfvars b/examples/vpc_peering_common_with_autoscale/example.tfvars index 824e95f..fc0973c 100644 --- a/examples/vpc_peering_common_with_autoscale/example.tfvars +++ b/examples/vpc_peering_common_with_autoscale/example.tfvars @@ -199,7 +199,7 @@ routes = { autoscale_regional_mig = true autoscale_common = { - image = "vmseries-flex-byol-1114h7" + image = "vmseries-flex-byol-1116h7" machine_type = "n2-standard-4" min_cpu_platform = "Intel Cascade Lake" disk_type = "pd-ssd" @@ -259,11 +259,12 @@ autoscale = { ssh-keys = "admin:" # Replace this value with client data # Uncomment for Panorama based bootstrap. - panorama-server = "1.1.1.1" - panorama-server-2 = "2.2.2.2" - tplname = "example-template" - dgname = "example-device-group" - vm-auth-key = "example-123456789" + panorama-server = "1.1.1.1" + panorama-server-2 = "2.2.2.2" + tplname = "example-template" + dgname = "example-device-group" + vm-auth-key = "example-123456789" + plugin-op-commands = "advance-routing:enable" ## Uncomment for SCM based bootstrap. # panorama-server = "cloud" @@ -271,7 +272,6 @@ autoscale = { # vm-series-auto-registration-pin-id = "example-pin-id" # vm-series-auto-registration-pin-value = "example-pin-value" # authcodes = "D123456" - # plugin-op-commands = "advance-routing:enable" } network_interfaces = [ { diff --git a/examples/vpc_peering_common_with_autoscale/variables.tf b/examples/vpc_peering_common_with_autoscale/variables.tf index 3e9ec32..0e52d7e 100644 --- a/examples/vpc_peering_common_with_autoscale/variables.tf +++ b/examples/vpc_peering_common_with_autoscale/variables.tf @@ -186,6 +186,7 @@ variable "autoscale_common" { mgmt-interface-swap = optional(string) plugin-op-commands = optional(string) panorama-server = optional(string) + panorama-server-2 = optional(string) auth-key = optional(string) dgname = optional(string) tplname = optional(string) @@ -270,6 +271,7 @@ variable "autoscale" { mgmt-interface-swap = optional(string) plugin-op-commands = optional(string) panorama-server = optional(string) + panorama-server-2 = optional(string) auth-key = optional(string) dgname = optional(string) tplname = optional(string) @@ -280,6 +282,8 @@ variable "autoscale" { authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + ssh-keys = optional(string) + vm-auth-key = optional(string) })) create_pubsub_topic = optional(bool) })) diff --git a/examples/vpc_peering_common_with_network_tags/README.md b/examples/vpc_peering_common_with_network_tags/README.md index 2f0910e..47d770a 100644 --- a/examples/vpc_peering_common_with_network_tags/README.md +++ b/examples/vpc_peering_common_with_network_tags/README.md @@ -605,14 +605,15 @@ map(object({ create_public_ip = optional(bool, false) public_ip = optional(string) }))) - ssh_keys = optional(string) - vmseries_image = optional(string) - machine_type = optional(string) - min_cpu_platform = optional(string) - tags = optional(list(string)) - service_account_key = optional(string) - service_account = optional(string) - scopes = optional(list(string)) + bootstrap_bucket_key = optional(string) + ssh_keys = optional(string) + vmseries_image = optional(string) + machine_type = optional(string) + min_cpu_platform = optional(string) + tags = optional(list(string)) + service_account_key = optional(string) + service_account = optional(string) + scopes = optional(list(string)) bootstrap_options = optional(object({ type = optional(string) mgmt-interface-swap = optional(string) @@ -628,7 +629,20 @@ map(object({ authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) })) + bootstrap_template_map = optional(object({ + trust_gcp_router_ip = optional(string) + untrust_gcp_router_ip = optional(string) + private_network_cidr = optional(string) + untrust_loopback_ip = optional(string) + trust_loopback_ip = optional(string) + })) + named_ports = optional(list(object({ + name = optional(string) + port = optional(number) + }))) })) ``` diff --git a/examples/vpc_peering_common_with_network_tags/example.tfvars b/examples/vpc_peering_common_with_network_tags/example.tfvars index d8a0adc..eec6f94 100644 --- a/examples/vpc_peering_common_with_network_tags/example.tfvars +++ b/examples/vpc_peering_common_with_network_tags/example.tfvars @@ -201,7 +201,7 @@ routes = { # VM-Series vmseries_common = { ssh_keys = "admin:" - vmseries_image = "vmseries-flex-byol-10210h9" + vmseries_image = "vmseries-flex-byol-1116h7" machine_type = "n2-standard-4" min_cpu_platform = "Intel Cascade Lake" service_account_key = "sa-vmseries-01" @@ -209,6 +209,7 @@ vmseries_common = { # TODO: Modify the values below as per deployment requirements type = "dhcp-client" mgmt-interface-swap = "enable" + plugin-op-commands = "advance-routing:enable" ## Uncomment for Panorama based bootstrap. # panorama-server = "1.1.1.1" @@ -223,7 +224,6 @@ vmseries_common = { # vm-series-auto-registration-pin-id = "example-pin-id" # vm-series-auto-registration-pin-value = "example-pin-value" # authcodes = "D123456" - # plugin-op-commands = "advance-routing:enable" } } diff --git a/examples/vpc_peering_common_with_network_tags/main.tf b/examples/vpc_peering_common_with_network_tags/main.tf index fb4eb75..a788290 100644 --- a/examples/vpc_peering_common_with_network_tags/main.tf +++ b/examples/vpc_peering_common_with_network_tags/main.tf @@ -36,7 +36,11 @@ resource "local_sensitive_file" "init_cfg" { filename = "files/${each.key}/config/init-cfg.txt" content = templatefile( "templates/init-cfg.tmpl", - { bootstrap_options = merge(var.vmseries_common.bootstrap_options, each.value.bootstrap_options) } + { bootstrap_options = merge( + { for k, v in var.vmseries_common.bootstrap_options : k => v if v != null }, + { for k, v in each.value.bootstrap_options : k => v if v != null } + ) + } ) } @@ -215,4 +219,4 @@ module "lb_external" { health_check_http_port = each.value.http_health_check_port health_check_http_request_path = try(each.value.http_health_check_request_path, "/php/login.php") -} \ No newline at end of file +} diff --git a/examples/vpc_peering_common_with_network_tags/templates/bootstrap_common.tmpl b/examples/vpc_peering_common_with_network_tags/templates/bootstrap_common.tmpl index 7d94cab..0584068 100644 --- a/examples/vpc_peering_common_with_network_tags/templates/bootstrap_common.tmpl +++ b/examples/vpc_peering_common_with_network_tags/templates/bootstrap_common.tmpl @@ -296,248 +296,233 @@ - - - - - no - - - 1.25 - 0.5 - 900 - 300 - 900 + + + + + + + + None + + mrib-then-urib + 210 + yes + + + yes + + + no + + no + + + + + + yes + no + yes + 4 + + + + no + yes + + + 120 + 120 + yes + 120 + + + None + + no + no + yes + yes + no + 100 + no + yes + + + + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 35.191.0.0/16 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 35.191.0.0/16 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 209.85.152.0/22 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 209.85.152.0/22 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 209.85.204.0/22 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 209.85.204.0/22 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 130.211.0.0/22 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 130.211.0.0/22 + + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 0.0.0.0/0 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + ${private_network_cidr} + + + + + + + None + + yes - - - + 120 + yes + yes + 140 + + no + no + + + + None + + no + no + + + + None + yes + 120 + yes + yes + 140 - - - - no - - - no - - - no - - - - ethernet1/1 - ethernet1/2 - loopback.10 - - - - - - yes - yes - 4 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 35.191.0.0/16 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 35.191.0.0/16 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 209.85.152.0/22 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 209.85.152.0/22 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 209.85.204.0/22 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 209.85.204.0/22 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 130.211.0.0/22 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 130.211.0.0/22 - - - - - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 0.0.0.0/0 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - ${private_network_cidr} - - - - - - - + no + no + + + 110 + 110 + 110 + 110 + 110 + 110 + 200 + 20 + 20 + 120 + 10 + 10 + + + ethernet1/1 + ethernet1/2 + loopback.10 + + + - + @@ -599,6 +584,7 @@ + yes diff --git a/examples/vpc_peering_common_with_network_tags/variables.tf b/examples/vpc_peering_common_with_network_tags/variables.tf index 3b7a2fc..4063ae9 100644 --- a/examples/vpc_peering_common_with_network_tags/variables.tf +++ b/examples/vpc_peering_common_with_network_tags/variables.tf @@ -238,14 +238,15 @@ variable "vmseries" { create_public_ip = optional(bool, false) public_ip = optional(string) }))) - ssh_keys = optional(string) - vmseries_image = optional(string) - machine_type = optional(string) - min_cpu_platform = optional(string) - tags = optional(list(string)) - service_account_key = optional(string) - service_account = optional(string) - scopes = optional(list(string)) + bootstrap_bucket_key = optional(string) + ssh_keys = optional(string) + vmseries_image = optional(string) + machine_type = optional(string) + min_cpu_platform = optional(string) + tags = optional(list(string)) + service_account_key = optional(string) + service_account = optional(string) + scopes = optional(list(string)) bootstrap_options = optional(object({ type = optional(string) mgmt-interface-swap = optional(string) @@ -261,7 +262,20 @@ variable "vmseries" { authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) })) + bootstrap_template_map = optional(object({ + trust_gcp_router_ip = optional(string) + untrust_gcp_router_ip = optional(string) + private_network_cidr = optional(string) + untrust_loopback_ip = optional(string) + trust_loopback_ip = optional(string) + })) + named_ports = optional(list(object({ + name = optional(string) + port = optional(number) + }))) })) default = {} description = <<-EOF diff --git a/examples/vpc_peering_dedicated/README.md b/examples/vpc_peering_dedicated/README.md index dae6c71..307f24d 100644 --- a/examples/vpc_peering_dedicated/README.md +++ b/examples/vpc_peering_dedicated/README.md @@ -601,14 +601,25 @@ map(object({ create_public_ip = optional(bool, false) public_ip = optional(string) }))) - ssh_keys = optional(string) - vmseries_image = optional(string) - machine_type = optional(string) - min_cpu_platform = optional(string) - tags = optional(list(string)) - service_account_key = optional(string) - service_account = optional(string) - scopes = optional(list(string)) + ssh_keys = optional(string) + vmseries_image = optional(string) + machine_type = optional(string) + min_cpu_platform = optional(string) + tags = optional(list(string)) + service_account_key = optional(string) + service_account = optional(string) + scopes = optional(list(string)) + bootstrap_bucket_key = optional(string) + bootstrap_template_map = optional(object({ + trust_gcp_router_ip = optional(string, "") + untrust_gcp_router_ip = optional(string) + private_network_cidr = optional(string) + trust_loopback_ip = optional(string, "") + })) + named_ports = optional(list(object({ + name = optional(string) + port = optional(number) + }))) bootstrap_options = optional(object({ type = optional(string) mgmt-interface-swap = optional(string) @@ -624,6 +635,8 @@ map(object({ authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) })) })) ``` diff --git a/examples/vpc_peering_dedicated/example.tfvars b/examples/vpc_peering_dedicated/example.tfvars index 9149952..806b714 100644 --- a/examples/vpc_peering_dedicated/example.tfvars +++ b/examples/vpc_peering_dedicated/example.tfvars @@ -206,7 +206,7 @@ routes = { # VM-Series vmseries_common = { ssh_keys = "admin:" - vmseries_image = "vmseries-flex-byol-10210h9" + vmseries_image = "vmseries-flex-byol-1116h7" machine_type = "n2-standard-4" min_cpu_platform = "Intel Cascade Lake" service_account_key = "sa-vmseries-01" @@ -214,6 +214,7 @@ vmseries_common = { # TODO: Modify the values below as per deployment requirements type = "dhcp-client" mgmt-interface-swap = "enable" + plugin-op-commands = "advance-routing:enable" ## Uncomment for Panorama based bootstrap. # panorama-server = "1.1.1.1" @@ -228,7 +229,6 @@ vmseries_common = { # vm-series-auto-registration-pin-id = "example-pin-id" # vm-series-auto-registration-pin-value = "example-pin-value" # authcodes = "D123456" - # plugin-op-commands = "advance-routing:enable" } } diff --git a/examples/vpc_peering_dedicated/main.tf b/examples/vpc_peering_dedicated/main.tf index 66ea134..8258ae4 100644 --- a/examples/vpc_peering_dedicated/main.tf +++ b/examples/vpc_peering_dedicated/main.tf @@ -36,7 +36,11 @@ resource "local_sensitive_file" "init_cfg" { filename = "files/${each.key}/config/init-cfg.txt" content = templatefile( "templates/init-cfg.tmpl", - { bootstrap_options = merge(var.vmseries_common.bootstrap_options, each.value.bootstrap_options) } + { bootstrap_options = merge( + { for k, v in var.vmseries_common.bootstrap_options : k => v if v != null }, + { for k, v in each.value.bootstrap_options : k => v if v != null } + ) + } ) } @@ -207,4 +211,4 @@ module "glb" { backend_port_name = each.value.backend_port_name backend_protocol = each.value.backend_protocol health_check_port = each.value.health_check_port -} \ No newline at end of file +} diff --git a/examples/vpc_peering_dedicated/templates/bootstrap_common.tmpl b/examples/vpc_peering_dedicated/templates/bootstrap_common.tmpl index d22000f..07b4940 100644 --- a/examples/vpc_peering_dedicated/templates/bootstrap_common.tmpl +++ b/examples/vpc_peering_dedicated/templates/bootstrap_common.tmpl @@ -302,266 +302,251 @@ - - - - - no - - - 1.25 - 0.5 - 900 - 300 - 900 + + + + + + + + None + + mrib-then-urib + 210 + yes + + yes - - - + + + no + + no + + + + + + yes + no + yes + 4 + + + + no + yes + + 120 + 120 yes + 120 - - - - no - - - no - - - no - - - - ethernet1/1 - ethernet1/2 - %{ if untrust_loopback_ip != "" || trust_loopback_ip != "" ~} - loopback.10 - %{ endif ~} - - - - - - yes - yes - 4 - - - - - %{ if trust_loopback_ip == "" ~} - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 35.191.0.0/16 - - - - - %{ endif ~} - %{ if trust_loopback_ip != "" ~} - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 35.191.0.0/16 - - - - - %{ endif ~} - %{ if trust_loopback_ip == "" ~} - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 209.85.152.0/22 - - - - - %{ endif ~} - %{ if trust_loopback_ip != "" ~} - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 209.85.152.0/22 - - - - - %{ endif ~} - %{ if trust_loopback_ip == "" ~} - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 209.85.204.0/22 - - - - - %{ endif ~} - %{ if trust_loopback_ip != "" ~} - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 209.85.204.0/22 - - - - - %{ endif ~} - %{ if trust_loopback_ip == "" ~} - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 130.211.0.0/22 - - - - - %{ endif ~} - %{ if trust_loopback_ip != "" ~} - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - 130.211.0.0/22 - - - - + + None + + no + no + yes + yes + no + 100 + no + yes + + + + + %{ if trust_loopback_ip == "" ~} + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 35.191.0.0/16 + + %{ endif ~} + %{ if trust_loopback_ip != "" ~} + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 35.191.0.0/16 + + %{ endif ~} + %{ if trust_loopback_ip == "" ~} + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 209.85.152.0/22 + + %{ endif ~} + %{ if trust_loopback_ip != "" ~} + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 209.85.152.0/22 + + %{ endif ~} + %{ if trust_loopback_ip == "" ~} + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 209.85.204.0/22 + + %{ endif ~} + %{ if trust_loopback_ip != "" ~} + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 209.85.204.0/22 + + %{ endif ~} + %{ if trust_loopback_ip == "" ~} + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 130.211.0.0/22 + + %{ endif ~} + %{ if trust_loopback_ip != "" ~} + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + 130.211.0.0/22 + + %{ endif ~} + + + ${untrust_gcp_router_ip} + + + None + + ethernet1/1 + 10 + 0.0.0.0/0 + + + + ${trust_gcp_router_ip} + + + None + + ethernet1/2 + 10 + ${private_network_cidr} + + + + + + + None + + + yes + 120 + yes + yes + 140 + + no + no + + + + None + + no + no + + + + None + + + yes + 120 + yes + yes + 140 + + no + no + + + 110 + 110 + 110 + 110 + 110 + 110 + 200 + 20 + 20 + 120 + 10 + 10 + + + ethernet1/1 + ethernet1/2 + %{ if untrust_loopback_ip != "" || trust_loopback_ip != "" ~} + loopback.10 %{ endif ~} - - - ${untrust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/1 - 10 - 0.0.0.0/0 - - - - - - - ${trust_gcp_router_ip} - - - None - - - no - any - 2 - - ethernet1/2 - 10 - ${private_network_cidr} - - - - - - - + + + - + @@ -623,6 +608,7 @@ + yes diff --git a/examples/vpc_peering_dedicated/variables.tf b/examples/vpc_peering_dedicated/variables.tf index d9eb4bf..6dfaf9c 100644 --- a/examples/vpc_peering_dedicated/variables.tf +++ b/examples/vpc_peering_dedicated/variables.tf @@ -232,14 +232,25 @@ variable "vmseries" { create_public_ip = optional(bool, false) public_ip = optional(string) }))) - ssh_keys = optional(string) - vmseries_image = optional(string) - machine_type = optional(string) - min_cpu_platform = optional(string) - tags = optional(list(string)) - service_account_key = optional(string) - service_account = optional(string) - scopes = optional(list(string)) + ssh_keys = optional(string) + vmseries_image = optional(string) + machine_type = optional(string) + min_cpu_platform = optional(string) + tags = optional(list(string)) + service_account_key = optional(string) + service_account = optional(string) + scopes = optional(list(string)) + bootstrap_bucket_key = optional(string) + bootstrap_template_map = optional(object({ + trust_gcp_router_ip = optional(string, "") + untrust_gcp_router_ip = optional(string) + private_network_cidr = optional(string) + trust_loopback_ip = optional(string, "") + })) + named_ports = optional(list(object({ + name = optional(string) + port = optional(number) + }))) bootstrap_options = optional(object({ type = optional(string) mgmt-interface-swap = optional(string) @@ -255,6 +266,8 @@ variable "vmseries" { authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + dns-primary = optional(string) + dns-secondary = optional(string) })) })) default = {} diff --git a/examples/vpc_peering_dedicated_with_autoscale/README.md b/examples/vpc_peering_dedicated_with_autoscale/README.md index 1177f05..69b2e72 100644 --- a/examples/vpc_peering_dedicated_with_autoscale/README.md +++ b/examples/vpc_peering_dedicated_with_autoscale/README.md @@ -457,6 +457,7 @@ object({ mgmt-interface-swap = optional(string) plugin-op-commands = optional(string) panorama-server = optional(string) + panorama-server-2 = optional(string) auth-key = optional(string) dgname = optional(string) tplname = optional(string) @@ -467,6 +468,8 @@ object({ authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + vm-auth-key = optional(string) + ssh-keys = optional(string) })) create_pubsub_topic = optional(bool) }) @@ -585,6 +588,7 @@ map(object({ mgmt-interface-swap = optional(string) plugin-op-commands = optional(string) panorama-server = optional(string) + panorama-server-2 = optional(string) auth-key = optional(string) dgname = optional(string) tplname = optional(string) @@ -595,6 +599,8 @@ map(object({ authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + vm-auth-key = optional(string) + ssh-keys = optional(string) })) create_pubsub_topic = optional(bool) })) diff --git a/examples/vpc_peering_dedicated_with_autoscale/example.tfvars b/examples/vpc_peering_dedicated_with_autoscale/example.tfvars index 692f24a..18db1f3 100644 --- a/examples/vpc_peering_dedicated_with_autoscale/example.tfvars +++ b/examples/vpc_peering_dedicated_with_autoscale/example.tfvars @@ -199,7 +199,7 @@ routes = { autoscale_regional_mig = true autoscale_common = { - image = "vmseries-flex-byol-1114h7" + image = "vmseries-flex-byol-1116h7" machine_type = "n2-standard-4" min_cpu_platform = "Intel Cascade Lake" disk_type = "pd-ssd" @@ -257,6 +257,7 @@ autoscale = { dhcp-accept-server-domain = "yes" mgmt-interface-swap = "enable" ssh-keys = "admin:" # Replace this value with client data + plugin-op-commands = "advance-routing:enable" # Uncomment for Panorama based bootstrap. panorama-server = "1.1.1.1" @@ -271,7 +272,6 @@ autoscale = { # vm-series-auto-registration-pin-id = "example-pin-id" # vm-series-auto-registration-pin-value = "example-pin-value" # authcodes = "D123456" - # plugin-op-commands = "advance-routing:enable" } network_interfaces = [ { @@ -325,6 +325,7 @@ autoscale = { mgmt-interface-swap = "enable" panorama-server = "1.1.1.1" ssh-keys = "admin:" # Replace this value with client data + plugin-op-commands = "advance-routing:enable" } network_interfaces = [ { diff --git a/examples/vpc_peering_dedicated_with_autoscale/variables.tf b/examples/vpc_peering_dedicated_with_autoscale/variables.tf index 00b1cbe..012db6f 100644 --- a/examples/vpc_peering_dedicated_with_autoscale/variables.tf +++ b/examples/vpc_peering_dedicated_with_autoscale/variables.tf @@ -186,6 +186,7 @@ variable "autoscale_common" { mgmt-interface-swap = optional(string) plugin-op-commands = optional(string) panorama-server = optional(string) + panorama-server-2 = optional(string) auth-key = optional(string) dgname = optional(string) tplname = optional(string) @@ -196,6 +197,8 @@ variable "autoscale_common" { authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + vm-auth-key = optional(string) + ssh-keys = optional(string) })) create_pubsub_topic = optional(bool) }) @@ -267,6 +270,7 @@ variable "autoscale" { mgmt-interface-swap = optional(string) plugin-op-commands = optional(string) panorama-server = optional(string) + panorama-server-2 = optional(string) auth-key = optional(string) dgname = optional(string) tplname = optional(string) @@ -277,6 +281,8 @@ variable "autoscale" { authcodes = optional(string) vm-series-auto-registration-pin-id = optional(string) vm-series-auto-registration-pin-value = optional(string) + vm-auth-key = optional(string) + ssh-keys = optional(string) })) create_pubsub_topic = optional(bool) })) diff --git a/modules/lb_internal/README.md b/modules/lb_internal/README.md index ad8a1e3..ac70c74 100644 --- a/modules/lb_internal/README.md +++ b/modules/lb_internal/README.md @@ -17,8 +17,8 @@ This module creates an Internal Regional Passthrough Network Load Balancer that ### Providers -- `google-beta` - `google`, version: >= 4.54 +- `google-beta`