One version of this container are included in this repository:
- Dockerfile-FCA container: Based on Alpine Linux
Dockerv 18.0.9 or higherDocker InstallationTo install Docker on your local operating system visit:- Windows - https://docs.docker.com/docker-for-windows/install/
- Mac - https://docs.docker.com/docker-for-mac/
Both images have the following packages installed:
- Terraform v0.11.10
- Ansible v2.6.4
- pan-python
- paramiko (Galaxy Support)
- ipaddress (Galaxy Support)
- pandevice
- xmltodict
- jsonschema
- requests
- requests-toolbelt
- python2.7
- pip
- Ansible Role: PaloAltoNetworks.paloaltonetworks (FCA)
- Azure CLI (FCA)
- AWS CLI awscli
- Git-Core For need to use Github for FCA demo
Option #1
(Use this for Pre-built Container image)
Pull container from Docker registry:
docker pull panfca/tool:fca full image (744MB)
Option #2
download the file Dockerfile-FCA full image (744MB)
Build from Dockerfile
Now you will build from the Dockerfile located in repository.
Full image build
docker build -t <tag name> -f Dockerfile-FCA .
Example: docker build -t fca -f Dockerfile-FCA .
Note: If you want to create your own image name you can tag it with a custom tag.
Example:
docker tag panfca/tool:fca myfca
Then docker images to list your images.
Make sure you are in the root fca folder of the cloned repository or specify full path before mounting.
- Start docker container and mount the root folder
docker run -v ${PWD}:/fca -it panfca/tool:fca for full image
docker run -v ${PWD}:/fca -it <tag used in build step> for built image
This mounts the local ./fca directory in the fca directory of the container, and launches container
Verify once container launches with ls then cd to ./fca mounted directory
once inside the container to run playbook commands.
Note: The topology will require manual intervention under the .fca/virtual_networks and all.yml in fca/group_vars folder
you then will see the example files for both and will need to be adjusted and renamed to .yml by removing
.example from the file extensions.
As further Mark phases of FCA project develop this manual intervention will not be needed and would be replaced by a Top level GUI interface that drives data input into a api layer.
All data is contained within the fca directory
- Add Hub/Spokes data to the
./fca/virtual_networks/<name>.yml, with one.ymlfile per virtual network see example files for details - Add the name of the Hub/Spoke to the
./fca/group_vars/all.ymlfile undervirtual_networks - Create a file called
provider.yml(see provider.example) for details that contains thecloud_provider name,cloud_provider_location, and appropriate credentials for the cloud provider
- Launch topology from within container image.
ansible-playbook configuration_push.yml This will launch the whole data driven playbook which combines all the group_vars variables for Firewall configurations as well as implement the custom virtual_networks/ topology.yml files you create specific to the cloud provider needs.
ansible-playbook destroy.yml This command will destroy what was previously created from the ansible-playbook configuration_push.yml command.
This will retrieve cloud provider information and credentials, create & run terraform plan, configure firewalls via Ansible, and save state file to the ./fca directory
After master playbook configuration_push.yml runs it will also generate a dynamic main.tf for cloud orchestration using the combination of ./virtual_networks/<insert custom name topology.yml>
and ./group_vars/all.yml files with provider.yml cloud authentication credential variables to pull from the appropriate cloud orchestration terraform module resources.
Removal of Docker images installed.
docker container stop $(docker container ls -a -q) && docker system prune -a -f --volumes
Above command will destroy all docker containers and volumes if limited on space or running on a temporary bastion box scenario.
Docker images are used to maintain code support version levels without the need to install on local machines.