-
Notifications
You must be signed in to change notification settings - Fork 0
/
AWS-Provision-Stack-PaloAlto.yml
138 lines (119 loc) · 4.61 KB
/
AWS-Provision-Stack-PaloAlto.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
###################################################################################
# _ _ _ _ ____ _ _ _ #
# / \ _ __ ___(_) |__ | | ___ | _ \| | __ _ _ _| |__ ___ ___ | | __ #
# / _ \ | '_ \/ __| | '_ \| |/ _ \ | |_) | |/ _` | | | | '_ \ / _ \ / _ \| |/ / #
# / ___ \| | | \__ \ | |_) | | __/ | __/| | (_| | |_| | |_) | (_) | (_) | < #
# /_/ \_\_| |_|___/_|_.__/|_|\___| |_| |_|\__,_|\__, |_.__/ \___/ \___/|_|\_\ #
# |___/ #
###################################################################################
# FILENAME
# provision_pan_f5_aws.yml
#
# DESCRIPTION
# Example playbook that will instantiate Palo Alto VM-Series firewall and F5 Networks BigIP in AWS account and configure it basic
#
# REQUIREMENTS
# pip install boto3
# pip install botocore
# pip install ansible
# ansible-galaxy install PaloAltoNetworks.paloaltonetworks
#
# STEPS
# update vars.yml with your own credentials/settings
#
# Good practice: The var files are provided in cleartext. They should be edited and encrypred using:
# ansible-vault encrypt firewall-secrets.yml
#
# EXECUTE
# ansible-playbook provision_pan_f5_aws.yml
---
- hosts: localhost
connection: local
gather_facts: False
roles:
- role: PaloAltoNetworks.paloaltonetworks
###################################################################################
# _____ _ #
# |_ _|_ _ ___| | _____ #
# | |/ _` / __| |/ / __| #
# | | (_| \__ \ <\__ \ #
# |_|\__,_|___/_|\_\___/ #
# #
###################################################################################
tasks:
- name: include variables (free-form)
include_vars: vars.yml
no_log: 'yes'
# Get AWS variables information
- name: get vpc subnet id Untrust Subnet
ec2_vpc_subnet_facts:
region: "{{ region }}"
filters:
"tag:Name": Untrust Subnet 10.0.10.0/24
register: vpcsubnetdata1
- debug:
var=vpcsubnetdata1.subnets[0].id
- name: get vpc subnet id Trust Subnet
ec2_vpc_subnet_facts:
region: "{{ region }}"
filters:
"tag:Name": Trust Subnet 10.0.1.0/24
register: vpcsubnetdata2
- debug:
var=vpcsubnetdata2.subnets[0].id
- name: get vpc subnet id DMZ Subnet
ec2_vpc_subnet_facts:
region: "{{ region }}"
filters:
"tag:Name": DMZ Subnet 10.0.2.0/24
register: vpcsubnetdata3
- debug:
var=vpcsubnetdata3.subnets[0].id
- name: get vpc subnet id Management Subnet
ec2_vpc_subnet_facts:
region: "{{ region }}"
filters:
"tag:Name": Management Subnet 10.0.0.0/24
register: vpcsubnetdata4
- debug:
var=vpcsubnetdata4.subnets[0].id
- name: get vpc id
ec2_vpc_net_facts:
region: "{{ region }}"
filters:
"tag:Name": StackBaseVPC
register: vpcdata
- debug:
var=vpcdata.vpcs[0].id
- name: Provision AWS-Create-Stack-PaloAlto.json
cloudformation:
stack_name: "StackPaloAlto"
state: present
region: "{{ region }}"
disable_rollback: true
template: AWS-Create-Stack-PaloAlto.json
args:
template_parameters:
SSHKey: "{{ key_name }}"
VPCidDATA: "{{ vpcdata.vpcs[0].id }}"
SUBNETidDATA1: "{{ vpcsubnetdata1.subnets[0].id }}"
SUBNETidDATA2: "{{ vpcsubnetdata2.subnets[0].id }}"
SUBNETidDATA3: "{{ vpcsubnetdata3.subnets[0].id }}"
SUBNETidDATA4: "{{ vpcsubnetdata4.subnets[0].id }}"
tags:
Stack: StackPaloAlto
register: cloudformation
# Show management IP
- name: display FirewallManagementEIP
debug:
msg: "{{ cloudformation.stack_outputs.FirewallManagementEIP }}"
# Wait for SSH connection
- name: wait for SSH prompt (timeout 10min)
wait_for: port=22 host="{{ cloudformation.stack_outputs.FirewallManagementEIP }}" timeout=600
# Set Admin password
- name: set admin password
panos_admpwd: ip_address="{{ cloudformation.stack_outputs.FirewallManagementEIP }}" key_filename="{{key_filename}}" newpassword="{{admin_password}}"
register: result
until: not result | failed
retries: 10
delay: 30