I think the modules here (for all providers) would drastically benefit from some tooling to help us create custom VM-Series AMI.
Full bootstrapping is really a hassle and usually is not necessary. User data is the preferred method for most deployments now.
However, the one main reason to use full bootstrap is when you need to get to a specific PAN-OS release that does not have an AMI published.
Custom build will ensure we always have the target image inside of our own account. It will help to have some code that can be adapted into a scheduled build pipeline. It drastically will reduce boot time compared to alternative of full initialization, panos patching, content installs during boot.
Describe the solution you'd like
Not sure exactly :)
Maybe a module that can utilize packer to help with this? Probably only need to supply an authcode during bootstrap, ssh in after boot, install content, upgrade panos inline to user-defined version, private-data-reset. Optionally copy AMI to other regions, share with other accounts/org/OU.
Not sure if another place would be more appropriate to host this but I think it would fit in well here to easily reference the AMI ID back in the deployment code.
Could either be a one-off as part of deployment or used to create a build process.
Describe alternatives you've considered.
We set this up ad-hoc a lot of times but the manual process is painful.
Is your feature request related to a problem?
I think the modules here (for all providers) would drastically benefit from some tooling to help us create custom VM-Series AMI.
Full bootstrapping is really a hassle and usually is not necessary. User data is the preferred method for most deployments now.
However, the one main reason to use full bootstrap is when you need to get to a specific PAN-OS release that does not have an AMI published.
Custom build will ensure we always have the target image inside of our own account. It will help to have some code that can be adapted into a scheduled build pipeline. It drastically will reduce boot time compared to alternative of full initialization, panos patching, content installs during boot.
Describe the solution you'd like
Not sure exactly :)
Maybe a module that can utilize packer to help with this? Probably only need to supply an authcode during bootstrap, ssh in after boot, install content, upgrade panos inline to user-defined version, private-data-reset. Optionally copy AMI to other regions, share with other accounts/org/OU.
Not sure if another place would be more appropriate to host this but I think it would fit in well here to easily reference the AMI ID back in the deployment code.
Could either be a one-off as part of deployment or used to create a build process.
Describe alternatives you've considered.
We set this up ad-hoc a lot of times but the manual process is painful.
Additional context
No response