Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Harald_Hansen
Advisor
Advisor

Terraform simple_cluster member state import

In Terraform the provider should support importing all properties. At the moment it seems like the 1.4 provider does not import cluster members, and any attempt to plan an existing cluster fails due to trying to add new members. 

resource "checkpoint_management_simple_cluster" "core-1" {
  name                = "core-1"
  ipv4_address        = "1.2.3.4"
  version             = "R80.40"
  hardware            = "Open server"
  send_logs_to_server = ["gaia-r81-mgmt"]
  firewall            = true
  members {
    name       = "member-1"
    ip_address = "1.2.3.3"
  }
  members {
    name       = "member-2"
    ip_address = "1.2.3.2"
  }
}

This code should be enough to get the state imported, though there is no sign of the members in the state.

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

@chkp-royl any idea?

0 Kudos
Harald_Hansen
Advisor
Advisor

I'll have to expand on this;

Due to the lack of import support, the CP-provider is not able to monitor changes in simple cluster objects, for instance when something changes on the smart center, this is not reflected in the state. So there is no guarantee the code will match reality after getting deployed.

0 Kudos
chkp-royl
Employee
Employee

It should save in state all the fields covered by 'show-simple-cluster' API command. There might be changes on smart center that are not reflect in state since the API command doesn't support all object attributes so these will not be seen by terraform. If you are talking about data we receive by 'show-simple-cluster' then we will make sure it's being save to state file correctly.

0 Kudos
Harald_Hansen
Advisor
Advisor

The show command displays every cluster interface with interface-type, for instance.

Changing that in SmartCenter is not reflected in terraform plan.

I'm running latest version on SmartCenter and TF/provider, freshly installed in my lab (no interference with production or large rulebases).

There are other issues with the simple-cluster resource, for instance is the member ip not set correctly in many instances.

0 Kudos
chkp-royl
Employee
Employee

Hi @Harald_Hansen,

Thanks for your report.

We are investigating this issue and hope to fix it ASAP.

Regards,

Roy

0 Kudos
Pavel_Krejci
Employee
Employee

Hi Roy,

any update regarding this issue?
We are trying to use terraform import to get TF syntax for creating simple cluster. The issue is that members are missing in the output even though they are defined under cluster object in SmartConsole:

 

# # checkpoint_management_simple_cluster.bc-demo-ext:

# resource "checkpoint_management_simple_cluster" "bc-demo-ext" {

#   anti_bot                   = false
#   anti_virus                 = false
#   application_control        = true
#   cluster_mode               = "cluster-xl-ha"
#   color                      = "pink"
#   content_awareness          = false
#   #dynamic_ip                 = false
#   fetch_policy               = []
#   firewall                   = true
#   hardware                   = "Open server"
#   #id                         = "bc-demo-ext"
#   identity_awareness         = false
#   ips                        = true
#   ipv4_address               = "20.1.2.3"
#   name                       = "bc-demo-ext"
#   nat_settings               = {}
#   os_name                    = "Gaia"
#   proxy_settings             = {}
#   save_logs_locally          = false
#   send_alerts_to_server      = []
#   send_logs_to_backup_server = []
#   send_logs_to_server = [
#     "bc-demo-mgmt",
#   ]
#   tags             = []
#   threat_emulation = false
#   url_filtering    = false
#   version          = "R81.10"
#   vpn              = false
#   platform_portal_settings {
#     accessibility {
#       allow_access_from = "RULE_BASE"
#     }
#     portal_web_settings {
#       aliases  = []
#       main_url = "https://20.1.2.3/"
#     }
#   }
# }

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events