Dockerfile is experimental yet should be super good enough (please provide feedback or PR if it isn't)
git clone https://github.com/nabbi/pan-ts-agent-discovery
cd pan-ts-agent-discoveryOnce config.tcl is defined, build your custom image with:
cp src/inc/config.example.tcl src/inc/config.tcl
# edit src/inc/config.tcl with your values
docker build .This will build everything in your local repo (not cloning from github) so you can customize the crontab or code to test within your custom deployment.
Copy the image where ever you spin your containers.
docker run -d <hash>YMMV
These commands should be in the system default paths
- dig
- expect
- fping
- logger
- openssl
- ssh
- ssh-keygen
- tclsh
- timeout
sudo apt install fping expect dnsutilsapk add fping tcl expect openssl bind-tools opensshcd ~/bin
git clone https://github.com/nabbi/pan-ts-agent-discoverySee CONFIGURATION for parameter details.
cp src/inc/config.example.tcl src/inc/config.tclwritable by the non-privileged account cron jobs are ran as
mkdir /var/log/paloalto
touch /var/log/paloalto/pan-tsagent-discover.log /var/log/paloalto/pan-tsagent-purge.log
chgrp -R $(USER) /var/log/paloalto
chmod -R g+w /var/log/paloalto/etc/logrotate.d/pan-tsa-discovery
/var/log/paloalto/pan-*.log {
rotate 90
daily
missingok
compress
nocreate
}
non-privileged account
# PAN TS Agent Discover
15 * * * * /opt/pan-ts-agent-discovery/src/discover.tcl >> /var/log/paloalto/pan-tsagent-discover.log 2>&1
# PAN TS Agent Purge - do not run at same time as discovery add!
30 5 * * * /opt/pan-ts-agent-discovery/src/purge.tcl >> /var/log/paloalto/pan-tsagent-purge.log 2>&1newer OpenSSH defaults are stricter than Panorama
~/.ssh/config
host *
HostKeyAlgorithms=+ssh-rsa