Dockerfile is experimental yet should be super good enough (please provide feedback or PR if it isn't)
git clone https://github.com/nabbi/pan-ts-agent-discovery
cd pan-ts-agent-discoveryOnce config.tcl is defined, build your custom image with:
docker build .This will build everything in your local repo (not cloning from github) so you can customize the crontab or code to test within your custom deployment.
Copy the image where ever you spin your containers.
docker run -d <hash>YMMV
These commands should be in the system default paths
- curl
- dig
- echo
- expect
- fping
- logger
- openssl
- ssh
- ssh-keygen
- tcl
- timeout
sudo apt install fping expectcd ~/bin
git clone https://github.com/nabbi/pan-ts-agent-discoveryDefine inc/config.tcl from inc/config.example.tcl
writable by the non-privileged account cron jobs are ran as
mkdir /var/log/paloalto
touch /var/log/paloalto/pan-tsagent-discover.log /var/log/paloalto/pan-tsagent-purge.log
chgrp -R $(USER) /var/log/paloalto
chmod -R g+w /var/log/paloalto/etc/logrotate.d/pan-tsa-discovery
/var/log/paloalto/pan-*.log {
rotate 90
daily
missingok
compress
sharedscripts
}
non-privileged account
# PAN TS Agent Discover
15 * * * * ~/pan-ts-agent-discovery/src/discover.tcl >> /var/log/paloalto/pan-tsagent-discover.log 2>&1
# PAN TS Agent Purge - do not run at same time as discovery add!
30 5 * * * ~/pan-ts-agent-discovery/src/purge.tcl >> /var/log/paloalto/pan-tsagent-purge.log 2>&1newer OpenSSH defaults are sticter than Panorama
~/.ssh/config
host *
HostKeyAlgorithms=+ssh-rsa