Prisma AIRS
Generate Terraform Configuration from Strata Cloud Manager (SCM)
Table of Contents
Generate Terraform Configuration from Strata Cloud Manager (SCM)
Steps to generate a terraform template from the Strata Cloud Manager
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The following are the steps to generate a terraform template from the Strata Cloud
Manager.
- Log in to SCM and navigate to Insights > Deployment.Select KVM under the Private Cloud section and choose Deploy a New Firewall and select Start from scratch.
![]()
Fill out the HSF Cluster Configuration details including:- Cluster Name
- Template Stack Name
- Device Group Name
- Panorama IP
- Secondary Panorama IP
- VM Auth Key
- Auth Code
- Image PathThe Absolute image path should be the same as the path provisioned on the host for local deployment and path provisioned on the remote controller for remote deployment.
- DNS Primary (Optional)
- DNS Secondary (Optional)
- (Optional) Select Jumbo Frame if you wish to enable Jumboframe on your
cluster.
![]()
- Click Add More Bootstrap Parameters and add the Key Value pair, if you
wish to add optional bootstrap parameters.
![]()
Configure Common Networking settings for Management Link, Control Interconnect Link and Traffic Interconnect Link.Select DHCP or Static as the Management Interface IP.Select Local Server or Remote Server under Server Deployment information including remote KVM host IP, User Name and Private SSH Key Path.![]()
Define Node Specifications for P-Nodes and S-Nodes.Add the individual Node Specifications details such as:- Choose a Server
- Management Interface IP - DHCP or Static
- Management IP Address
- Gateway IP
- Subnet Mask
- Network Devices
- Management
- Cluster Interconnect
- Traffic Interconnect Interface
You may add up to 4 P-Nodes and 6 S-Nodes. However, a minimum of 2 P-Nodes are necessary to maintain resiliency.![]()
Review the deployment summary and give a name to the template.Click Create Terraform Template and then Download Terraform template.![]()
Execute Terraform Deployment
For Terraform prerequisites, see KVM Host Permissions for Local or Remote Deployments.- Extract the downloaded Terraform ZIP file to your central controller or KVM host.
- Navigate to the extracted directory containing the node-specific Terraform folders.
- Perform one of the following deployment methods:
- Local Deployment: - Inside each node's folder,
execute the following
commands:terraform initterraform planterraform applyEnsure that you are logged in as the sudo user before issuing terraform command.
- Remote Deployment (Recommended):
- Ensure SSH keys are correctly set up and added to the SSH agent.
- Use the provided deploy-cluster.sh script (for example, ./deploy-cluster.sh setup) to automate terraform init, plan, and apply across all node directories.
- Monitor the terminal output for Terraform provisioning status.
- Remote Deployment (Recommended):
Verify Cluster Deployment and Initial Configuration
- Access the Panorama UI and navigate to Managed Devices and Firewall Clusters to confirm nodes are registered and the cluster is forming.
- Monitor content and configuration pushes from Panorama through the node's CLI (show jobs all) and Panorama's task manager.
- Confirm the cluster is online and functional after auto-commit and content installation jobs complete.
![]()
- Local Deployment: - Inside each node's folder,
execute the following
commands:
