GCP TF | Update HA template

azure/templates/README.MD

@@ -24,15 +24,8 @@ To deploy a specific Azure image, adjust the image version during the manual dep
 1. Determine the desired image version - 
    - Visit  [sk132192 - CloudGuard Network Security for Azure - Latest Updates](https://support.checkpoint.com/results/sk/sk132192#:~:text=CloudGuard%20for%20Azure%20Gateway%20Images%20history) >
    Images History sections.
-   - Find the version of the desired image and change it as follows:
-
-	  **Examples:**
-
-	  The version on the SK - **R81.10-335.1498**  
-	  Converted for the Azure template -  **8110.900335.1498**
-
-	  The version on the SK - **R81-335.883**  
-      Converted for the Azure template -  **8100.900335.0883**
+   - Find the version of the desired image Under "Marketplace Image version"
+
 
 2. In the "mainTemplate.json" file, change the value of the **“version”** parameter from “latest” to the version you want to deploy. This must be done under the version type of image you want to deploy (sg-byol, sg-ngtp, etc.)
 

deprecated/terraform/gcp/separate-single-and-autoscale/common/cluster-member/main.tf

@@ -0,0 +1,132 @@
+locals {
+  disk_type_condition = var.disk_type == "SSD Persistent Disk" ? "pd-ssd" : var.disk_type == "Standard Persistent Disk" ? "pd-standard" : ""
+  admin_SSH_key_condition = var.admin_SSH_key != "" ? true : false
+}
+
+resource "google_compute_address" "member_ip_address" {
+  name = "${var.member_name}-address"
+  region = var.region
+}
+
+resource "google_compute_instance" "cluster_member" {
+  name = var.member_name
+  description = "CloudGuard Highly Available Security Cluster"
+  zone = var.zone
+  tags = [
+    "checkpoint-gateway"]
+  machine_type = var.machine_type
+  can_ip_forward = true
+
+  boot_disk {
+    auto_delete = true
+    device_name = "${var.prefix}-boot"
+
+    initialize_params {
+      size = var.disk_size
+      type = local.disk_type_condition
+      image = var.image_name
+    }
+  }
+
+  network_interface {
+    network = var.cluster_network[0]
+    subnetwork = var.cluster_network_subnetwork[0]
+  }
+  network_interface {
+    network = var.mgmt_network[0]
+    subnetwork = var.mgmt_network_subnetwork[0]
+    access_config {
+      nat_ip = google_compute_address.member_ip_address.address
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.num_internal_networks >= 1 ? [
+      1] : []
+    content {
+      network = var.internal_network1_network[0]
+      subnetwork = var.internal_network1_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.num_internal_networks >= 2 ? [
+      1] : []
+    content {
+      network = var.internal_network2_network[0]
+      subnetwork = var.internal_network2_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.num_internal_networks >= 3 ? [
+      1] : []
+    content {
+      network = var.internal_network3_network[0]
+      subnetwork = var.internal_network3_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.num_internal_networks >= 4 ? [
+      1] : []
+    content {
+      network = var.internal_network4_network[0]
+      subnetwork = var.internal_network4_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.num_internal_networks >= 5 ? [
+      1] : []
+    content {
+      network = var.internal_network5_network[0]
+      subnetwork = var.internal_network5_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.num_internal_networks == 6 ? [
+      1] : []
+    content {
+      network = var.internal_network6_network[0]
+      subnetwork = var.internal_network6_subnetwork[0]
+    }
+  }
+
+  service_account {
+
+    scopes = [
+      "https://www.googleapis.com/auth/monitoring.write",
+      "https://www.googleapis.com/auth/compute",
+      "https://www.googleapis.com/auth/cloudruntimeconfig"]
+  }
+
+  metadata = local.admin_SSH_key_condition ? {
+    instanceSSHKey = var.admin_SSH_key
+    adminPasswordSourceMetadata = var.generate_password ? var.generated_admin_password : ""
+  } : { adminPasswordSourceMetadata = var.generate_password ? var.generated_admin_password : "" }
+
+  metadata_startup_script = templatefile("${path.module}/../startup-script.sh", {
+    // script's arguments
+    generatePassword = var.generate_password
+    config_url = "https://runtimeconfig.googleapis.com/v1beta1/projects/${var.project}/configs/${var.prefix}-config"
+    config_path = "projects/${var.project}/configs/${var.prefix}-config"
+    sicKey = var.sic_key
+    allowUploadDownload = var.allow_upload_download
+    templateName = "cluster_tf"
+    templateVersion = "20230910"
+    templateType = "terraform"
+    mgmtNIC = ""
+    hasInternet = "true"
+    enableMonitoring = var.enable_monitoring
+    shell = var.admin_shell
+    installation_type = "Cluster"
+    computed_sic_key = ""
+    managementGUIClientNetwork = ""
+    primary_cluster_address_name = var.primary_cluster_address_name
+    secondary_cluster_address_name = var.secondary_cluster_address_name
+    managementNetwork = var.management_network
+    numAdditionalNICs = var.num_internal_networks
+    smart_1_cloud_token = "${var.member_name}" == "${var.prefix}-member-a" ? var.smart_1_cloud_token_a : var.smart_1_cloud_token_b
+    name = var.member_name
+    zoneConfig = var.zone
+    region = var.region
+    os_version = var.os_version
+    maintenance_mode_password_hash = var.maintenance_mode_password_hash
+  })
+}

deprecated/terraform/gcp/separate-single-and-autoscale/common/cluster-member/output.tf

@@ -0,0 +1,6 @@
+output "cluster_member_name" {
+  value = google_compute_instance.cluster_member.name
+}
+output "cluster_member_ip_address" {
+  value = google_compute_address.member_ip_address.address
+}

deprecated/terraform/gcp/separate-single-and-autoscale/common/cluster-member/variables.tf

@@ -0,0 +1,184 @@
+variable "prefix" {
+  type = string
+  description = "(Optional) Resources name prefix"
+  default = "chkp-tf-ha"
+}
+variable "member_name" {
+  type = string
+}
+variable "region" {
+  type = string
+  default = "us-central1"
+}
+variable "zone" {
+  type = string
+  default = "us-central1-a"
+}
+variable "machine_type" {
+  type = string
+  description = "Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have."
+  default = "n1-standard-4"
+}
+variable "disk_size" {
+  type = number
+  description = "Disk size in GB - Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space."
+  default = 100
+}
+variable "disk_type" {
+  type = string
+  description = "Storage space is much less expensive for a standard Persistent Disk. An SSD Persistent Disk is better for random IOPS or streaming throughput with low latency."
+  default = "SSD Persistent Disk"
+}
+variable "image_name" {
+  type = string
+  description = "The High Availability (cluster) image name (e.g. check-point-r8120-gw-byol-cluster-123-456-v12345678). You can choose the desired cluster image value from: https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/ha-byol/images.py"
+}
+variable "os_version" {
+  type = string
+  description = "GAIA OS version"
+  default = "R8120"
+}
+variable "cluster_network" {
+  type = list(string)
+  description = "Cluster external network ID in the chosen zone."
+}
+variable "cluster_network_subnetwork" {
+  type = list(string)
+  description = "Cluster subnet ID in the chosen network."
+}
+variable "mgmt_network" {
+  type = list(string)
+  description = "Management network ID in the chosen zone."
+}
+variable "mgmt_network_subnetwork" {
+  type = list(string)
+  description = "Management subnet ID in the chosen network."
+}
+variable "num_internal_networks" {
+  type = number
+  description = "A number in the range 1 - 6 of internal network interfaces."
+  default = 1
+}
+variable "internal_network1_network" {
+  type = list(string)
+  description = "1st internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network1_subnetwork" {
+  type = list(string)
+  description = "1st internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network2_network" {
+  type = list(string)
+  description = "2nd internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network2_subnetwork" {
+  type = list(string)
+  description = "2nd internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network3_network" {
+  type = list(string)
+  description = "3rd internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network3_subnetwork" {
+  type = list(string)
+  description = "3rd internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network4_network" {
+  type = list(string)
+  description = "4th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network4_subnetwork" {
+  type = list(string)
+  description = "4th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network5_network" {
+  type = list(string)
+  description = "5th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network5_subnetwork" {
+  type = list(string)
+  description = "5th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network6_network" {
+  type = list(string)
+  description = "6th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network6_subnetwork" {
+  type = list(string)
+  description = "6th internal subnet ID in the chosen network."
+  default = []
+}
+variable "admin_SSH_key" {
+  type = string
+  description = "(Optional) The SSH public key for SSH authentication to the MIG instances. Leave this field blank to use all project-wide pre-configured SSH keys."
+  default = ""
+}
+variable "project" {
+  type = string
+  description = "Personal project id. The project indicates the default GCP project all of your resources will be created in."
+  default = ""
+}
+variable "generate_password" {
+  type = bool
+  description = "Automatically generate an administrator password."
+  default = false
+}
+variable "sic_key" {
+  type = string
+  description = "The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server. At least 8 alpha numeric characters. If SIC is not provided and needed, a key will be automatically generated"
+}
+variable "allow_upload_download" {
+  type = bool
+  description = "Allow download from/upload to Check Point."
+  default = false
+}
+variable "enable_monitoring" {
+  type = bool
+  description = "Enable Stackdriver monitoring"
+  default = false
+}
+variable "admin_shell" {
+  type = string
+  description = "Change the admin shell to enable advanced command line configuration."
+  default = "/etc/cli.sh"
+}
+variable "smart_1_cloud_token_a" {
+  type = string
+  description ="(Optional) Smart-1 cloud token for member A to connect this Gateway to Check Point's Security Management as a Service"
+  default = ""
+}
+variable "smart_1_cloud_token_b" {
+  type = string
+  description ="(Optional) Smart-1 cloud token for member B to connect this Gateway to Check Point's Security Management as a Service"
+  default = ""
+}
+variable "maintenance_mode_password_hash" {
+  description = "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+  type = string
+  default = ""
+}
+variable "management_network" {
+  type = string
+  description = "Security Management Server address - The public address of the Security Management Server, in CIDR notation. If using Smart-1 Cloud management, insert 'S1C'. VPN peers addresses cannot be in this CIDR block, so this value cannot be the zero-address."
+}
+variable "generated_admin_password" {
+  type = string
+  description = "administrator password"
+}
+variable "primary_cluster_address_name" {
+  type = string
+}
+variable "secondary_cluster_address_name" {
+  type = string
+}

deprecated/terraform/gcp/separate-single-and-autoscale/common/common/main.tf

@@ -0,0 +1,2 @@
+
+