Deployment Plan File
In the CDT Advanced Mode (see Advanced Mode), you can configure a sequence of actions for remote Security Gateways and Cluster Members in a user-define XML file called "Deployment Plan File". This is an XML file, which you create in a desired location with a desired name.
The XML structure of a Deployment Plan File:
<?xml version="1.0" encoding="UTF-8"?>
<CDT_Deployment_Plan>
<plan_settings>
<name value="YOUR NAME" />
<description value="YOUR DESCRIPTION" />
<update_cpuse value="true" />
<connectivityupgrade value="true" />
</plan_settings>
<!-- YOUR COMMENT FOR THIS ACTION -->
<ACTION ATTRIBUTE="VALUE" />
<!-- YOUR COMMENT FOR THIS ACTION -->
<ACTION ATTRIBUTE="VALUE" />
....
</CDT_Deployment_Plan>
Plan Settings
The "<plan_settings>
" section in a Deployment Plan File contains:
Attribute |
Default value |
Description |
---|---|---|
|
None |
Holds the name of the Deployment Plan File. |
|
None |
Holds the description of the Deployment Plan File. |
|
|
Specifies whether to update the CPUSE Agent on a remote Security Gateway before CDT does other actions. |
|
|
Specifies whether to keep the current connections when you upgrade a cluster. If the value of this attribute is "
|
Supported Actions
You can configure actions in a Deployment Plan File.
|
Important - By default, each action has a blocking behavior (has the implied attribute If an action fails, then the CDT stops the entire deployment. You can configure the applicable actions as non-blocking. If do so, and the action fails, the CDT continues to the next specified action. To configure an action as non-blocking, at the end of the action syntax add this attribute: Example:
|
Supported Action |
Description and Attributes |
|||
---|---|---|---|---|
|
Creates a Gaia snapshot. Attributes:
Example:
|
|||
|
Downloads a package from the Check Point Cloud with CPUSE. Attributes:
Example:
|
|||
|
Runs a command on the Security Gateway in Bash shell (Expert mode). Note - Do not use special characters in your command (" Attributes:
Example:
|
|||
|
Runs a user shell script on the Security Gateway. Notes:
Attributes:
Example:
|
|||
|
Sends a package to the remote Security Gateway (to the If you already sent the package with the " Required before you install the package. Attributes:
Example:
|
|||
|
Installs a package with CPUSE and validates that security policy is installed. When you upgrade one Security Gateway, runs the Prepare New Policy test before the package installation to make sure there is an updated policy for the Security Gateway to fetch. When you install a Hotfix on a cluster, runs the Cluster Validation test after policy validation. Attributes:
Example:
|
|||
|
Generates a log message. Attributes:
Example:
|
|||
|
Downloads a file from the remote Security Gateway to the Management Server. The file is saved with a prefix of the Security Gateway's object name (for example, Attributes:
Limitations:
Example:
|
|||
|
Uploads a file from the Management Server to the remote Security Gateway. Attributes:
Example:
|
|||
|
Reboots the remote Security Gateway. Attributes:
Example:
|
|||
|
Sends an email message. Attributes:
Example:
|
|||
|
Sends a package to the remote Security Gateway (to the Required before you install the package. Attributes:
Example:
|
|||
|
Uninstalls a package with CPUSE. Attributes:
Example:
|
|||
|
Uninstalls a legacy package (a package that was installed with the Legacy Installation procedure in Expert mode CLI). Attributes:
Example:
|
|||
|
Examines an imported package with CPUSE if it is possible to install it on the remote Security Gateway. You must import the package on the remote Security Gateway. Attributes:
Example:
|
This example Deployment Plan File does these actions on all applicable Security Gateways:
-
Backs up the file
/opt/productname/conf.txt
on the remote Security Gateway to the/opt/CPcdt/ConfigurationBackupFiles/
directory on the Management Server. -
Sends a file
/opt/CPcdt/conf.txt
from the Management Server to the remote Security Gateway as the/opt/productname/conf.txt
file.
Example Deployment Plan File:
<?xml version="1.0" encoding="UTF-8"?>
<CDT_Deployment_Plan>
<plan_settings>
<name value="Change configuration file" >
<description value="Example Deployment Plan file - replace a file" />
<update_cpuse value="true" />
</plan_settings>
<!-- Backup the configuration file -->
<pull_file remote_path="/opt/productname/conf.txt" local_dir="/opt/CPcdt/ConfigurationBackupFiles/" />
<!-- Push the new configuration file -->
<push_file local_path="/opt/CPcdt/conf.txt" remote_path="/opt/productname/conf.txt" />
<CDT_Deployment_Plan>
This example Deployment Plan File does these actions on all applicable Security Gateways:
-
Runs the script
getInformation.sh
, found on the Management Server in the/home/admin/
directory.This script:
-
Collects the desired information on the remote Security Gateway (such as the installed policy, the installed license, and so on)
-
Saves its log to the
/home/admin/log.txt
file on the remote Security Gateway
CopyExample script:#!/bin/bash
LOG_FILE="/home/admin/log.txt"
cpstat -f policy >> $LOG_FILE
cplic print -x >> $LOG_FILE
exit 0
-
-
Pulls the file
/home/admin/log.txt
from the remote Security Gateway and saves it in the/opt/CPcdt/information/
directory on the Management Server.
Example Deployment Plan File:
<?xml version="1.0" encoding="UTF-8"?>
<CDT_Deployment_Plan>
<plan_settings>
<name value="Get information from the " />
<description value="Example Deployment Plan file - run a script to get information" />
<update_cpuse value="true" />
</plan_settings>
<!-- The script 'getInformation.sh' redirects its output to the '/home/admin/log.txt' -->
<execute_script path="/home/admin/getInformation.sh" />
<pull_file remote_path="/home/admin/log.txt" local_dir="/opt/CPcdt/information/" />
</CDT_Deployment_Plan>
This example Deployment Plan File does these actions on all applicable Security Gateways:
-
Takes the Gaia snapshot on the remote Security Gateway.
-
Downloads the CPUSE package of the R80.10 Jumbo Hotfix Accumulator from the Check Point Cloud on the remote Security Gateway.
The package download action on the remote Security Gateway is not marked as critical.
-
If the package download on the remote Security Gateway fails, the CDT sends the package from the Management Server to the remote Security Gateway and imports it with CPUSE.
If the package download on the remote Security Gateway succeeds, the CDT does not send the package from the Management Server to the remote Security Gateway.
-
Installs the package on the remote Security Gateway.
Example Deployment Plan File:
<?xml version="1.0" encoding="UTF-8"?>
<CDT_Deployment_Plan>
<plan_settings>
<name value="Example Deployment Plan file - take snapshot and install a package" />
<description value="Create snapshot and then install HF on the remote machines" />
<update_cpuse value="true" />
</plan_settings>
<!-- Create a snapshot on remote machine -->
<create_snapshot name="backup" description=" backup snapshot before Jumbo installation" />
<!-- Install Jumbo for - XXX
If the download from the CP Cloud fails, use the CDT import and install actions -->
<!-- (1) Download this package (not critical) -->
<download_from_cloud path="/home/admin/Check_Point_R80_10_JUMBO_HF_Bundle_T97_FULL.tgz" iscritical="false" />
<!-- (2) If download from CP Cloud failed, use the CDT import and install actions -->
<import_package path="/home/admin/Check_Point_R80_10_JUMBO_HF_Bundle_T97_FULL.tgz" />
<install_package path="/home/admin/Check_Point_R80_10_JUMBO_HF_Bundle_T97_FULL.tgz" />
</CDT_Deployment_Plan>
This example Deployment Plan File does these actions on all applicable Security Gateways:
-
Sends the package from the Management Server (
/home/admin/Check_Point_R80_10_JUMBO_HF_Bundle_T97_FULL.tgz
) to the remote Security Gateway and imports it with CPUSE. -
Verifies the package with CPUSE on the remote Security Gateway to make sure it can be installed.
Example Deployment Plan File:
<?xml version="1.0" encoding="UTF-8"?>
<CDT_Deployment_Plan>
<plan_settings>
<name value="Example Deployment Plan file - update, send, import, and verify the package" />
<description value="Update , import and verify the package on the remote machines" />
<update_cpuse value="true" />
</plan_settings>
<!-- Use the CDT import and verify actions -->
<import_package path="/home/admin/Check_Point_R80_10_JUMBO_HF_Bundle_T97_FULL.tgz" />
<verify_package path="/home/admin/Check_Point_R80_10_JUMBO_HF_Bundle_T97_FULL.tgz" />
</CDT_Deployment_Plan>
This example Deployment Plan File does these actions on all applicable Security Gateways:
-
Runs the script
preScript.sh
, found on the Security Management Server or Multi-Domain Security Management Server in the/home/admin/cdt/
directory. This script is not marked as critical. -
Uninstalls the CPUSE package of the R80.40 Jumbo Hotfix Accumulator (
Check_Point_R80_40_JUMBO_HF_Bundle_T89_sk165456_FULL.tgz
). -
Imports and installs the CPUSE package for the R81 Major Upgrade (
/home/admin/Check_Point_R81_T392_Fresh_Install_and_Upgrade.tgz
). -
Adds a log entry and sends an email message noting that the installation completed.
-
Imports and installs the package for the R81 Jumbo Hotfix Accumulator (
/home/admin/Check_Point_R81_JUMBO_HF_Bundle_T10_sk170114_FULL.tar
). -
Pulls the file
/home/admin/file_to_pull.txt
from the Security Gateways and saves it in the/home/admin/
directory on the Security Management Server or Multi-Domain Security Management Server.
Example Deployment Plan File:
<?xml version="1.0" encoding="UTF-8"?>
<CDT_Deployment_Plan>
<!--
The plan_settings element contains the name and the description of the deployment plan
and additional configuration.
-->
<plan_settings>
<name value="Example deployment plan" />
<description value="Example deployment plan" />
<update_cpuse value="true" />
<connectivityupgrade value="true" />
</plan_settings>
<!-- Execute script -->
<execute_script path="/home/admin/cdt/preScript.sh" iscritical="false" />
<!-- Remove R80.40 Jumbo HF -->
<uninstall_cpuse_package filename="Check_Point_R80_40_JUMBO_HF_Bundle_T89_sk165456_FULL.tgz" />
<!-- Major upgrade to R81 -->
<import_package path="/home/admin/Check_Point_R81_T392_Fresh_Install_and_Upgrade.tgz" />
<install_package path="/home/admin/Check_Point_R81_T392_Fresh_Install_and_Upgrade.tgz" />
<!-- Notifications during execution -->
<log level="NORMAL" value="Finished installing major upgrade." />
<send_email to="admin@example.com" subject="Major upgrade completed" body="Finished installation of R81 major upgrade, preparing to install R81 JHF." />
<!-- Install R81 Jumbo HF on top of R81 -->
<import_package path="/home/admin/Check_Point_R81_JUMBO_HF_Bundle_T10_sk170114_FULL.tar" />
<install_package path="/home/admin/Check_Point_R81_JUMBO_HF_Bundle_T10_sk170114_FULL.tar" />
<!-- Get a file from the Security Gateway to /home/admin/ -->
<pull_file remote_path="/home/admin/file_to_pull.txt" local_dir="/home/admin/" />
</CDT_Deployment_Plan>