This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Harald_Hansen
Advisor
Advisor
‎2021-10-17 02:44 PM

Terraform simple_cluster member state import

In Terraform the provider should support importing all properties. At the moment it seems like the 1.4 provider does not import cluster members, and any attempt to plan an existing cluster fails due to trying to add new members. 

resource "checkpoint_management_simple_cluster" "core-1" {
  name                = "core-1"
  ipv4_address        = "1.2.3.4"
  version             = "R80.40"
  hardware            = "Open server"
  send_logs_to_server = ["gaia-r81-mgmt"]
  firewall            = true
  members {
    name       = "member-1"
    ip_address = "1.2.3.3"
  }
  members {
    name       = "member-2"
    ip_address = "1.2.3.2"
  }
}

This code should be enough to get the state imported, though there is no sign of the members in the state.

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2021-10-19 03:48 PM

@chkp-royl any idea?

0 Kudos
Harald_Hansen
Advisor
Advisor
‎2021-10-28 01:02 AM

I'll have to expand on this;

Due to the lack of import support, the CP-provider is not able to monitor changes in simple cluster objects, for instance when something changes on the smart center, this is not reflected in the state. So there is no guarantee the code will match reality after getting deployed.

0 Kudos
chkp-royl
Employee
Employee
‎2021-10-28 01:39 AM
In response to Harald_Hansen

It should save in state all the fields covered by 'show-simple-cluster' API command. There might be changes on smart center that are not reflect in state since the API command doesn't support all object attributes so these will not be seen by terraform. If you are talking about data we receive by 'show-simple-cluster' then we will make sure it's being save to state file correctly.

0 Kudos
Harald_Hansen
Advisor
Advisor
‎2021-10-28 03:48 AM
In response to chkp-royl

The show command displays every cluster interface with interface-type, for instance.

Changing that in SmartCenter is not reflected in terraform plan.

I'm running latest version on SmartCenter and TF/provider, freshly installed in my lab (no interference with production or large rulebases).

There are other issues with the simple-cluster resource, for instance is the member ip not set correctly in many instances.

0 Kudos
chkp-royl
Employee
Employee
‎2021-10-28 01:34 AM

Hi @Harald_Hansen,

Thanks for your report.

We are investigating this issue and hope to fix it ASAP.

Regards,

Roy

0 Kudos
Pavel_Krejci
Employee
Employee
‎2023-05-09 01:02 AM
In response to chkp-royl

Hi Roy,

any update regarding this issue?
We are trying to use terraform import to get TF syntax for creating simple cluster. The issue is that members are missing in the output even though they are defined under cluster object in SmartConsole:

 

# # checkpoint_management_simple_cluster.bc-demo-ext:

# resource "checkpoint_management_simple_cluster" "bc-demo-ext" {

#   anti_bot                   = false
#   anti_virus                 = false
#   application_control        = true
#   cluster_mode               = "cluster-xl-ha"
#   color                      = "pink"
#   content_awareness          = false
#   #dynamic_ip                 = false
#   fetch_policy               = []
#   firewall                   = true
#   hardware                   = "Open server"
#   #id                         = "bc-demo-ext"
#   identity_awareness         = false
#   ips                        = true
#   ipv4_address               = "20.1.2.3"
#   name                       = "bc-demo-ext"
#   nat_settings               = {}
#   os_name                    = "Gaia"
#   proxy_settings             = {}
#   save_logs_locally          = false
#   send_alerts_to_server      = []
#   send_logs_to_backup_server = []
#   send_logs_to_server = [
#     "bc-demo-mgmt",
#   ]
#   tags             = []
#   threat_emulation = false
#   url_filtering    = false
#   version          = "R81.10"
#   vpn              = false
#   platform_portal_settings {
#     accessibility {
#       allow_access_from = "RULE_BASE"
#     }
#     portal_web_settings {
#       aliases  = []
#       main_url = "https://20.1.2.3/"
#     }
#   }
# }

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top