Alternative of using cloud function
reddyskp opened this issue · 2 comments
Hi All,
Is it necessary to use cloud function to invoke Fortinet startup scripts, instead can we do it directly with terraform data template file without storing them in storage bucket and invoking with cloud function?
Not really. This setup involves having one of the FortiGates in the autoscale group as primary. So their are a couple of issues with removing the autoscale function code.
- The FortiGates need to communicate to the function to figure out what the current primary VM is, after they establish a link, they will then sync their configs.
- When the primary is removed(scale-in for instance) the function code will elect a new primary and respond to FortiGates so that they can update their configs and establish a new link.
If you just want a static cluster that you control with terraform code you could do that, and repurpose some of this terraform code, But each would need to come up with the config you wanted
For instance, the following lines in the current baseconfig are dynamically generated by the function:
config system auto-scale
set status enable
set sync-interface "{SYNC_INTERFACE}"
set hb-interval {HEART_BEAT_INTERVAL}
set role master
set callback-url {CALLBACK_URL}
set psksecret {PSK_SECRET}
end
I'm going to close this issue, feel free to open a new issue and reference this if you have questions.