Deployment Plan
In the CDT Advanced Mode (see Advanced Mode), you can define a sequence of actions for remote Security Gateways.
Structure of the XML file for a Deployment Plan:
<?xml version="1.0" encoding="UTF-8"?> <CDT_Deployment_Plan> <plan_settings> <name value="YOUR NAME" /> <description value="YOUR DESCRIPTION" /> <update_cpuse value="true" /> <connectivityupgrade value="true" /> </plan_settings> <!-- YOUR COMMENT FOR THIS ACTION --> <ACTION ATTRIBUTE="VALUE" /> <!-- YOUR COMMENT FOR THIS ACTION --> <ACTION ATTRIBUTE="VALUE" /> .... </CDT_Deployment_Plan> |
Plan Settings
The <plan_settings>
section in a Deployment Plan file contains:
Attribute |
Default value |
Description |
---|---|---|
|
None |
Holds the name of the Deployment Plan. |
|
None |
Holds the description of the Deployment Plan. |
|
|
Defines whether to update the CPUSE Agent on a remote Security Gateway before CDT performs other actions. |
|
|
Defines whether to perform a Connectivity Upgrade when you upgrade a cluster. |
Supported Action |
Description and Attributes |
---|---|
|
Sends a package to the remote Security Gateway (to the Required before you install the package. Attributes:
|
|
Sends a package to the remote Security Gateway (to the Required before you install the package. Attributes:
|
|
Examines an imported package with CPUSE if it is possible to install it on the remote Security Gateway. You must import the package on the remote Security Gateway. Attribute:
|
|
Installs a package with CPUSE and validates that security policy is installed. When you upgrade one Security Gateway, runs the Prepare New Policy stage before the package installation to make sure there is an updated policy for the Security Gateway to fetch. When you install a Hotfix in a cluster, runs the Cluster Validation stage after policy validation. Attributes:
|
|
Uninstalls a package with CPUSE. Attributes:
|
|
Uninstalls a legacy package (a package that was installed with the Legacy Installation method in Expert mode CLI). Attributes:
|
|
Runs a command on the Security Gateway in Bash shell (Expert mode). Attributes:
|
|
Runs a user shell script on the Security Gateway. Notes:
Attributes:
|
|
Downloads a file from the remote Security Gateway to the Management Server. The file is saved with a prefix of the Security Gateway's object name (for example, Attributes:
Limitations:
|
|
Uploads a file from the Management Server to the remote Security Gateway. Attributes:
|
|
Sends an email message. Attributes:
|
|
Generates a log message. Attributes:
|
|
Reboots the remote Security Gateway. Attributes:
|
|
Downloads a package from the Check Point Cloud with CPUSE. Attributes:
|
|
Creates a Gaia snapshot. Attributes:
|
This example Deployment Plan performs these actions on all applicable Security Gateways:
-
Backs up the file
/opt/productname/conf.txt
on the remote Security Gateway to the/opt/CPcdt/ConfigurationBackupFiles/
directory on the Management Server. -
Sends a file
/opt/CPcdt/conf.txt
from the Management Server to the remote Security Gateway as the/opt/productname/conf.txt
file.
Example XML file for this Deployment Plan:
This example Deployment Plan performs these actions on all applicable Security Gateways:
-
Runs the script
getInformation.sh
, found on the Management Server in the/home/admin/
directory.This script:
-
Collects the desired information on the remote Security Gateway (such as the installed policy, the installed license, and so on)
-
Saves its log to the
/home/admin/log.txt
file on the remote Security Gateway
Example script:
-
-
Pulls the file
/home/admin/log.txt
from the remote Security Gateway and saves it in the/opt/CPcdt/information/
directory on the Management Server.
Example XML file for this Deployment Plan:
This example Deployment Plan performs these actions on all applicable Security Gateways:
-
Takes the Gaia snapshot on the remote Security Gateway.
-
Downloads the CPUSE package of the R80.10 Jumbo Hotfix Accumulator from the Check Point Cloud on the remote Security Gateway.
The package download action on the remote Security Gateway is not marked as critical.
-
If the package download on the remote Security Gateway fails, the CDT sends the package from the Management Server to the remote Security Gateway and imports it with CPUSE.
If the package download on the remote Security Gateway succeeds, the CDT does not send the package from the Management Server to the remote Security Gateway.
-
Installs the package on the remote Security Gateway.
Example XML file for this Deployment Plan:
This example Deployment Plan performs these actions on all applicable Security Gateways:
- Sends the package from the Management Server (from
/home/admin/Check_Point_R80_10_JUMBO_HF_Bundle_T97_FULL.tgz
) to the remote Security Gateway and imports it with CPUSE. - Verifies the package with CPUSE on the remote Security Gateway to make sure it can be installed.
Example XML file for this Deployment Plan:
This example Deployment Plan performs these actions on all applicable Security Gateways:
-
Runs the script
preScript.sh
, found on the Security Management Server or Multi-Domain Security Management Server in the/home/admin/cdt/
directory. This script is not marked as critical. -
Uninstalls the CPUSE package of the R75.46 Jumbo Hotfix Accumulator.
-
Imports and installs the CPUSE package for the R77.30 Major Upgrade (from
/home/admin/R77.30_Install_and_Upgrade.tgz
).On clusters, the Connectivity Upgrade is deactivated, because the value of the attribute "
ConnectivityUpgrade
" is "false
". -
Adds a log entry and sends an email message noting that the installation has finished.
-
Imports and installs the package for the R77.30 Hotfix2 (from
/home/admin/R77.30_HF2.tgz
). -
Pulls the file
/home/admin/file_to_pull.txt
from the Security Gateways and saves it in the/home/admin/
directory on the Security Management Server or Multi-Domain Security Management Server.
Example XML file for this Deployment Plan:
Central Deployment Tool (CDT) v1.7 Administration Guide