Last active
July 10, 2019 14:46
-
-
Save erdnuesse/31fe874b32e3aa26888fe3f69f3e54ba to your computer and use it in GitHub Desktop.
creation of velostrata fw rules
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ### please edit these three lines to mirror your network | |
| PROJECT="procect-id" | |
| ONPREM="10.0.0.0/24" | |
| VPC="default" | |
| ### abbreviations, no changes from here pls. | |
| TTAGMAN="--target-tags=fw-velosmanager" | |
| TTAGVELO="--target-tags=fw-velostrata" | |
| TTAGWL="--target-tags=fw-workload" | |
| STAGWL="--source-tags=fw-workload" | |
| STAGMAN="--source-tags=fw-velosmanager" | |
| STAGVELO="--source-tags=fw-velostrata" | |
| SRANG="--source-ranges" | |
| createfwrule="gcloud compute --project=$PROJECT firewall-rules create" | |
| NETRULES="--direction=INGRESS --priority=1000 --network=$VPC --action=ALLOW" | |
| gcloud services enable iam.googleapis.com --project $PROJECT | |
| gcloud services enable cloudresourcemanager.googleapis.com --project $PROJECT | |
| gcloud services enable compute.googleapis.com --project $PROJECT | |
| gcloud services enable storage-component.googleapis.com --project $PROJECT | |
| gcloud services enable logging.googleapis.com --project $PROJECT | |
| gcloud services enable monitoring.googleapis.com --project $PROJECT | |
| $createfwrule velos-backend-control --description="Control plane between Velostrata Backend and Velostrata Manager." $NETRULES --rules=tcp:9119 $SRANG=$ONPREM $TTAGMAN | |
| $createfwrule velos-ce-backend --description="Encrypted migration data sent from Velostrata Backend to Cloud Extensions." $NETRULES --rules=tcp:9111 $SRANG=$ONPREM $TTAGVELO | |
| $createfwrule velos-ce-control --description="Control plane between Cloud Extensions and Velostrata Manager." $NETRULES --rules=tcp:443,tcp:9111 $STAGMAN $TTAGVELO | |
| $createfwrule velos-ce-cross --description=" Synchronization between Cloud Extension nodes." $NETRULES --rules=all $STAGVELO $TTAGVELO | |
| $createfwrule velos-console-probe --description="Allows the Velostrata Manager to check if the SSH or RDP console on the migrated VM is available." $NETRULES --rules=tcp:22,tcp:3389 $STAGMAN $TTAGWL | |
| $createfwrule velos-vcplugin --description="Control plane between vCenter plugin and Velostrata Manager." $NETRULES --rules=tcp:443 $SRANG=$ONPREM $TTAGMAN | |
| $createfwrule velos-webui --description="HTTPS access to Velostrata Manager for web UI." $NETRULES --rules=tcp:443 $SRANG=$ONPREM,$VPC $TTAGMAN | |
| $createfwrule velos-workload --description="iSCSI for data migration and syslog" $NETRULES --rules=tcp:3260,udp:514 $STAGWL $TTAGVELO |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment