Print Download PDF Send Feedback

Previous

Next

Example Deployment Plan Files

This section provides example Deployment Plan files.

Example 1 - Replace a File

This example Deployment Plan performs these actions on all applicable Security Gateways:

  1. Backs up the file /opt/productname/conf.txt on the remote Security Gateway to the /opt/CPcdt/ConfigurationBackupFiles/ directory on the Management Server.
  2. Sends a file /opt/CPcdt/conf.txt from the Management Server to the remote Security Gateway as the /opt/productname/conf.txt file.

Example XML file for this Deployment Plan:

<?xml version="1.0" encoding="UTF-8"?>

<CDT_Deployment_Plan>

<plan_settings>

<name value="Change configuration file" />

<description value="Example deployment plan - replace a file" />

<update_cpuse value="true" />

</plan_settings>

<!-- Backup the configuration file -->

<pull_file remote_path="/opt/productname/conf.txt" local_dir="/opt/CPcdt/ConfigurationBackupFiles/" />

<!-- Push the new configuraion file -->

<push_file local_path="/opt/CPcdt/conf.txt" remote_path="/opt/productname/conf.txt" />

</CDT_Deployment_Plan>

Example 2 - Run a Script to Get Information

This example Deployment Plan performs these actions on all applicable Security Gateways:

  1. Runs the script getInformation.sh, found on the Management Server in the /home/admin/ directory.

    This script:

    1. Collects the desired information on the remote Security Gateway (such as the installed policy, the installed license, and so on)
    2. Saves its log to the /home/admin/log.txt file on the remote Security Gateway

    Example script:

    #!/bin/bash

    LOG_FILE="/home/admin/log.txt"

    cpstat -f policy >> $LOG_FILE

    cplic print -x >> $LOG_FILE

    exit 0
  2. Pulls the file /home/admin/log.txt from the remote Security Gateway and saves it in the /opt/CPcdt/information/ directory on the Management Server.

Example XML file for this Deployment Plan:

<?xml version="1.0" encoding="UTF-8"?>

<CDT_Deployment_Plan>

<plan_settings>

<name value="Get information from the gateways" />

<description value="Example deployment plan - run a script to get information" />

<update_cpuse value="true" />

</plan_settings>

 

<!-- The script 'getInformation.sh' redirects its output to the '/home/admin/log.txt' -->

<execute_script path="/home/admin/getInformation.sh" />

<pull_file remote_path="/home/admin/log.txt" local_dir="/opt/CPcdt/information/" />

</CDT_Deployment_Plan>

Example 3 - Take Gaia Snapshot and Install a Package

This example Deployment Plan performs these actions on all applicable Security Gateways:

  1. Takes the Gaia snapshot on the remote Security Gateway.
  2. Downloads the CPUSE package of the R80.10 Jumbo Hotfix Accumulator from the Check Point Cloud on the remote Security Gateway.

    The package download action on the remote Security Gateway is not marked as critical.

  3. If the package download on the remote Security Gateway fails, the CDT sends the package from the Management Server to the remote Security Gateway and imports it with CPUSE.

    If the package download on the remote Security Gateway succeeds, the CDT does not send the package from the Management Server to the remote Security Gateway.

  4. Installs the package on the remote Security Gateway.

Example XML file for this Deployment Plan:

<?xml version="1.0" encoding="UTF-8"?>

<CDT_Deployment_Plan>

<plan_settings>

<name value="Example deployment plan - take Gaia snapshot and install a package" />

<description value="Create Gaia snapshot and then install HF on the remote machines" />

<update_cpuse value="true" />

</plan_settings>

<!-- Create a snaphot on remote machine -->

<create_snapshot name="backup" description="R80.10 backup snapshot before Jumbo Hotfix installation" />

<!-- Install Jumbo Hotfix for R80.10 -

If the download from the CP Cloud fails,

use the CDT import and install actions -->

 

<!-- (1) Download this package (not critical) -->

<download_from_cloud path="/home/admin/Check_Point_R80_10_JUMBO_HF_Bundle_T97_FULL.tgz" iscritical="false" />

 

<!-- (2) If download from CP Cloud failed, use the CDT import and install actions -->

<import_package path="/home/admin/Check_Point_R80_10_JUMBO_HF_Bundle_T97_FULL.tgz" />

<install_package path="/home/admin/Check_Point_R80_10_JUMBO_HF_Bundle_T97_FULL.tgz" />

</CDT_Deployment_Plan>

Example 4 - Update CPUSE, Send, Import, and Verify the Package

This example Deployment Plan performs these actions on all applicable Security Gateways:

  1. Sends the package from the Management Server (from /home/admin/Check_Point_R80_10_JUMBO_HF_Bundle_T97_FULL.tgz) to the remote Security Gateway and imports it with CPUSE.
  2. Verifies the package with CPUSE on the remote Security Gateway to make sure it can be installed.

Example XML file for this Deployment Plan:

<?xml version="1.0" encoding="UTF-8"?>

<CDT_Deployment_Plan>

<plan_settings>

<name value="Example deployment plan - update CPUSE, send, import, and verify the package" />

<description value="Update CPUSE, import and verify the package on the remote machines" />

<update_cpuse value="true" />

</plan_settings>

 

<!-- Use the CDT import and verify actions -->

<import_package path="/home/admin/Check_Point_R80_10_JUMBO_HF_Bundle_T97_FULL.tgz" />

<verify_package path="/home/admin/Check_Point_R80_10_JUMBO_HF_Bundle_T97_FULL.tgz" />

</CDT_Deployment_Plan>

Example 5 - Run a Script, Uninstall a Hotfix, Perform Upgrade, Install a Hotfix, Log and Send Email, Pull a File

This example Deployment Plan performs these actions on all applicable Security Gateways:

  1. Runs the script preScript.sh, found on the Security Management Server or Multi-Domain Security Management Server in the /home/admin/cdt/ directory. This script is not marked as critical.
  2. Uninstalls the CPUSE package of the R75.46 Jumbo Hotfix Accumulator.
  3. Imports and installs the CPUSE package for the R77.30 Major Upgrade (from /home/admin/R77.30_Install_and_Upgrade.tgz).

    On clusters, the Connectivity Upgrade is deactivated, because the value of the attribute "ConnectivityUpgrade" is "false".

  4. Adds a log entry and sends an email message noting that the installation has finished.
  5. Imports and installs the package for the R77.30 Hotfix2 (from /home/admin/R77.30_HF2.tgz).
  6. Pulls the file /home/admin/file_to_pull.txt from the Security Gateways and saves it in the /home/admin/ directory on the Security Management Server or Multi-Domain Security Management Server.

Example XML file for this Deployment Plan:

<?xml version="1.0" encoding="UTF-8"?>

<CDT_Deployment_Plan>

<plan_settings>

<name value="Example deployment plan" />

<description value="Example deployment plan - Run a script, uninstall a hotfix, perform upgrade, install a hotfix, log and send email, pull a file" />

<update_cpuse value="true" />

<connectivityupgrade value="false" />

</plan_settings>

 

<!-- Path to the script -->

<execute_script path="/home/admin/cdt/preScript.sh" iscritical="false" />

 

<!-- Use the CDT uninstall actions -->

<uninstall_cpuse_package filename="R75.46_JUMBO_HF.tgz" />

 

<!-- Use the CDT import and install actions to upgrade -->

<import_package path="/home/admin/R77.30_Install_and_Upgrade.tgz" />

<install_package path="/home/admin/R77.30_Install_and_Upgrade.tgz" />

 

<!-- Create a log -->

<log level="NORMAL" value="Finished installing major upgrade." />

 

<!-- Send an email -->

<send_email to="cdt.admin@checkpoint.com" subject="Major upgrade completed" body="Finished installation of R77.30 major upgrade, preparing to install R77.30 HF2." />

 

<!-- Use the CDT import and install actions -->

<import_package path="/home/admin/R77.30_HF2.tgz" />

<install_package path="/home/admin/R77.30_HF2.tgz" />

 

<!-- Path to file that needs to be pulled -->

<pull_file remote_path="/home/admin/file_to_pull.txt" local_dir="/home/admin/" />

</CDT_Deployment_Plan>

23 January 2019
Was this helpful?
Incorrect information Not what I'm looking for Too much information Confusing information
© 2019 Check Point Software Technologies Ltd. All rights reserved.