This message was deleted.
# generals
sparse-intern-71089
04/28/2023, 3:35 PMThis message was deleted.
s
salmon-account-74572
04/28/2023, 4:10 PMThe Command provider would be one way. If the firewall vendor has a provider, then that would be another way (of course).
e
echoing-oil-42947
04/28/2023, 4:11 PMYeah I've been working with the command provider
echoing-oil-42947
04/28/2023, 4:11 PMI ended up just going with 2 command resources and manual dependency declarations
s
salmon-account-74572
04/28/2023, 4:13 PMIf the firewall has an API, you could choose to potentially interact with their API directly from whatever language you’re using.
salmon-account-74572
04/28/2023, 4:13 PMIf not…well, the Command provider is probably the only option.
e
echoing-oil-42947
04/28/2023, 4:15 PMIt's a RouterOS Firewall, so SSH is pretty ergonomic
s
salmon-account-74572
04/28/2023, 4:28 PMFair enough!
e
echoing-oil-42947
04/28/2023, 4:47 PMAs a slightly related question; is there a way to get something more helpful than "Process failed with exit code 1" when an ssh remote command fails?
s
salmon-account-74572
04/28/2023, 4:51 PMUnfortunately, no (not AFAIK).
b
brave-motorcycle-67487
04/28/2023, 9:30 PMDepending on what exactly needs to happen, it may be easier to do that externally to pulumi. We generally run pulumi from Github Actions and there's a step that comes before the pulumi run that sets up a vpn connection; if I needed to open and close a firewall hole I would probably write a little shell or python script that does that and wraps pulumi in the middle
e
echoing-oil-42947
04/28/2023, 9:32 PMThat's probably a better idea than what I have running
echoing-oil-42947
04/28/2023, 9:32 PMI've also considered some sort of stack automation, the issue is that all of the credentials are in pulumi configuration and I don't really want to move them if I can avoid it
3 Views