Solved: custom-script example for autoprovision of autosca...

Javier_Hijas · ‎2018-08-31

This file is to be used as an example for autoscale and VMSS groups that require custom settings on the gateway at provisioning time. These script rely on Check Point API and professional services are usually recommended for complex customizations.

Martin_Valenta · ‎2020-11-17

no, you should run directly clish -s -c 'set static-route' inside of provisioning script.

View solution in original post

Carsten_R · ‎2019-03-01

Hi Javier,

thanks a lot!

So this script is for changing parts of the gateway objects.

Am I'm correct, that if I need to change parts in GAIA, I have to configure a bootstrap file? - like for adding different routes, adding users....?

How can I change or add this bootstrap file to an already existing VMSS? I mean, that future deployed (dynamic) gateways would have this settings?

Javier_Hijas · ‎2019-03-04

Hi Carsten! Instead of using the azure bootstrap options, the way for VMSS is to use the same autoprovision configuration file at the Check Point management server. These custom settings are described in the following doc:

https://github.com/CheckPointSW/sddc

HTHs,

Abhishek_Singh1 · ‎2019-09-24

Hi @Javier_Hijas , I am working on deploying a VMSS with MTA enabled on the Gateway firewall. Do you have any recommendation or experience with the same?? Any specific flag or setting on the custom script that I can use for the gateways being spinup by the VMSS.

Carsten_R · ‎2019-03-05

Thank you, but how do I use the script?

How looks the CLI syntax?

#> python monitor.pv file.json

...does not work

Carsten_R · ‎2019-03-14

Hi,
is there no solution or aren't there any examples how to execute the script?

Martin_Valenta · ‎2019-10-07

Hi Carsten
for each template you can specify custom gateway script, like this:

autoprov-cfg set template -tn <templateName -cg "/home/admin/myscript.sh"
"Intranet": {
"application-control": true,
"custom-gateway-script": "/home/admin/myscript.sh",

and script can look like this:
#!/bin/bash
. /tmp/.CPprofile.sh
cd /home/admin/
echo "Downloanding config file..."
curl_cli -k -O https://10.223.227.31/azure.txt
clish -i -f /home/admin/config-azure.txt

In our case i've use it for rolling out system level settings per our standards and static routes..

Carsten_R · ‎2019-12-03

Hi Martin,
thanks, but where do I find the "-cg" option?

[...]
[Expert@cpmgmt:0]# autoprov-cfg init Azure -tn "autoprovisioning_template" -h
usage: autoprov-cfg init Azure [-h] -mn MANAGEMENT NAME -tn TEMPLATE NAME -otp
ONE TIME PASSWORD -ver
{R77.30,R80.10,R80.20,R80.30,R80.40} -po POLICY
-cn CONTROLLER NAME -sb SUBSCRIPTION
[-at SERVICE PRINCIPAL CREDENTIALS TENANT]
[-aci SERVICE PRINCIPAL CREDENTIALS CLIENT ID]
[-acs SERVICE PRINCIPAL CREDENTIALS CLIENT SECRET]
[-au AZURE USERNAME] [-ap AZURE PASSWORD]
[...]

Martin_Valenta · ‎2019-12-03

Hi, once you do init, you can then do "set template -tn abc -cg /home/script.sh"

CPk3ra · ‎2020-11-16

Hi Martin,

can you share the script which you are using for adding routes ?

thanks.

Martin_Valenta · ‎2020-11-16

normally via "set static-route" command, those lines are part of script, which is run on gateway during provisioning.

CPk3ra · ‎2020-11-17

Hi Martin,

thank you for reply. So the steps should looks like this:

1) In /home/admin directory I add a txt file "add_route.txt" with command inside:

set static-route 192.168.0.0/24 nexthop gateway address 10.0.0.1

2) Create a script run.sh

!/bin/bash
. /tmp/.CPprofile.sh
clish -i -f /home/admin/add_route.txt

3) autoprov-cfg set template -tn <templateName> -cg "/home/admin/run.sh

This will add a route to the gateway each time scaling occur ? right ?

Martin_Valenta · ‎2020-11-17

no, you should run directly clish -s -c 'set static-route' inside of provisioning script.

View solution in original post

CPk3ra · ‎2020-11-19

it works. thank you Martin 🙂

custom-script example for autoprovision of autoscale gateways