#766 - fortigate hub-env automation adjust

GoogleCloudPlatform · Feb 20, 2024 · f604bec · f604bec
1 parent 84afc61
commit f604bec
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 10 deletions.
diff --git a/solutions/setup.sh b/solutions/setup.sh
@@ -721,8 +721,9 @@ EOF
   cd ../$REPO_ROOT/pubsec-declarative-toolkit/solutions
 fi
 
+# set license variables before running on the shell
 if [[ "$DEPLOY_HUB" != false ]]; then
-    echo "wait 60 sec to let the GKE cluster stabilize 15 workloads"
+    #echo "wait 60 sec to let the GKE cluster stabilize 15 workloads"
     #sleep 60
 
     # generate setters.yaml
@@ -756,7 +757,7 @@ metadata:
     config.kubernetes.io/local-config: "true"
 data:
   org-id: "${ORG_ID}"
-  project-billing-id: "${BILLING_ID}"
+  project-billing-id: "${HUB_PROJECT_BILLING_ID}"
   project-parent-folder: ${HUB_PROJECT_PARENT_FOLDER}
   hub-project-id: ${HUB_PROJECT_ID_PREFIX}-${PREFIX_HUB_ENV}
   management-project-id: "${KCC_PROJECT_ID}"
@@ -772,10 +773,12 @@ data:
     - "projects/${HUB_PROJECT_ID_PREFIX}-${PREFIX_HUB_ENV}/zones/${REGION}-b/instances/fgt-secondary-instance"
   fgt-primary-image: ${FORTIGATE_PRIMARY_IMAGE}
   fgt-primary-license: |
-    LICENSE
+     LICENSE
+#    ${FGT-PRIMARY-LICENSE}
   fgt-secondary-image: ${FORTIGATE_SECONDARY_IMAGE}
   fgt-secondary-license: |
-    LICENSE
+     LICENSE
+#    ${FGT-SECONDARY-LICENSE}
 EOF
 
     echo "generated derived setters-${REL_SUB_PACKAGE}.yaml"
@@ -799,12 +802,13 @@ EOF
 
   # URL from https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/main/docs/landing-zone-v2/README.md#fetch-the-packages
   REL_URL="https://raw.githubusercontent.com/GoogleCloudPlatform/pubsec-declarative-toolkit/main/.release-please-manifest.json"
-  # check for existing landing-zone
+  # check for existing hub-env
   echo "deploying ${REL_SUB_PACKAGE}"
   REL_VERSION=$(curl -s $REL_URL | jq -r ".\"$REL_PACKAGE\"")
   echo "get kpt release package $REL_PACKAGE version $REL_VERSION"
-  #rm -rf $REL_SUB_PACKAGE
-  #kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/${REL_PACKAGE}@${REL_VERSION}
+  rm -rf $REL_SUB_PACKAGE
+  kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/${REL_PACKAGE}@${REL_VERSION}
+  mkdir "${REL_SUB_PACKAGE}/${REL_VERSION}"
   # cp the setters.yaml
   echo "copy over generated setters.yaml"
   cp ../$REPO_ROOT/pubsec-declarative-toolkit/$REL_PACKAGE/setters-${REL_SUB_PACKAGE}.yaml $REL_SUB_PACKAGE/setters.yaml
@@ -817,15 +821,19 @@ EOF
   # https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/issues/596
 
   echo "kpt live init"
-  #kpt live init $REL_SUB_PACKAGE --namespace "${MANAGEMENT_NAMESPACE}" --force
+  kpt live init $REL_SUB_PACKAGE --namespace "${MANAGEMENT_NAMESPACE}" --force
   echo "kpt fn render"
   kpt fn render $REL_SUB_PACKAGE --truncate-output=false
   #kpt alpha live plan $REL_SUB_PACKAGE
-  echo "kpt live apply"
+  echo "kpt live apply after 60s wait"
+  sleep 60
   # without a timeout the command never terminates
   #kpt live apply $REL_SUB_PACKAGE --reconcile-timeout=10m
   kpt live apply $REL_SUB_PACKAGE --reconcile-timeout=15m --output=table
 
+  echo "check status"
+  kpt live status $REL_SUB_PACKAGE --inv-type remote --statuses InProgress,NotFound
+
   echo "Wait 2 min"
   count=$(kubectl get gcp | grep UpdateFailed | wc -l)
   echo "UpdateFailed: $count"

diff --git a/solutions/vars.sh b/solutions/vars.sh
@@ -40,6 +40,7 @@ export CLIENT_NAME_1=client1
 # if different than core billing id
 #export PROJECT_BILLING_ID=
 # for projects/hub-env
+# rotate during delete/create cycle
 export PREFIX_HUB_ENV=cso2
 
 # for core-landing-zone
@@ -63,10 +64,18 @@ export CONTACT_DOMAIN=cloud-setup.org
 export SUPER_ADMIN_EMAIL=michael@cloud-setup.org
 
 # for projects/hub-env package
+# M.o.s
+# change before deploying
+export HUB_PROJECT_BILLING_ID=01...54
+
 export HUB_PROJECT_PARENT_FOLDER=services-infrastructure
 export HUB_PROJECT_ID_PREFIX=xxdmu-admin1-hub
 export HUB_ADMIN_GROUP_EMAIL=user:michael@cloud-setup.org
 #export HUB_ADMIN_GROUP_EMAIL=group:sas@obrien.industries
 # see https://docs.fortinet.com/document/fortigate-public-cloud/7.4.0/gcp-administration-guide/471595/using-image-family
 export FORTIGATE_PRIMARY_IMAGE=projects/fortigcp-project-001/global/images/fortinet-fgtondemand-724-20230201-001-w-license
-export FORTIGATE_SECONDARY_IMAGE=projects/fortigcp-project-001/global/images/fortinet-fgtondemand-724-20230201-001-w-license
+export FORTIGATE_SECONDARY_IMAGE=projects/fortigcp-project-001/global/images/fortinet-fgtondemand-724-20230201-001-w-license
+#  not a valid identifier
+#export FGT-PRIMARY-LICENSE=QAAAAL9N4x..
+#export FGT-SECONDARY-LICENSE=QAAAAGSl..
+