Fortinet Document Library

Version:


Table of Contents

5.3.0
Download PDF
Copy Link

Installation procedures

Follow the steps below to install the FortiADC software package in your OpenStack environment.

Step 1: Verify your OpenStack environment

Make sure that it is running on OpenStack Pike (or a newer release) with Neutron LBaaS agent installed on it.

Step 2: Download and extract the Fortinet OpenStack LbaaSv2 plugin and agent

  1. Download the Fortinet OpenStack LBAASv2 Plugin and Agent tarball, fortiadc_lbaasv2.tar.gz.
  2. Extract it in your OpenStack OS:

$ mv fortiadc_lbaasv2.tar.gz /tmp

$ cd /tmp

$ tar -zxvf fortiadc_lbaasv2.tar.gz

Step 3: Install the Fortinet Plugin driver

  1. Install the driver:
  2. $ sudo cp -r /tmp/fortiadc_lbaasv2/fortinet /opt/stack/neutron-lbaas/neutron_lbaas/drivers/

    $ cd /tmp/fortiadc_lbaasv2/fortinet_neutron_lbaas; sudo pip install.

  3. Modify service_providers in /etc/neutron/neutron_lbaas.conf :
  4. $ vim /etc/neutron/neutron_lbaas.conf

    .....

    [service_providers]

    service_provider=LOADBALANCERV2:Fortinet:neutron_lbaas.drivers.fortinet.driver_v2.PearlMilkTeaDriver:default

    .....

  5. Restart the service to load the Fortinet plug-in driver:

$ sudo systemctl restart devstack@q-svc.service

Step 4: Install Agent and FortiADC device driver

  1. Install the FortiADC API and agent:
  2. $ cd /tmp/fortiadc_lbaasv2/fadc_api; sudo pip install.

    $ cd /tmp/fortiadc_lbaasv2/fortinet_openstack_agent; sudo pip install.

  3. Adapt fadc_lbaas.ini to your environment: (Note: The example below is for FortiADC deployed inside an OpenStack container.)
  4. $ cp /tmp/fortiadc_lbaasv2/fortinet_openstack_agent/fadc_lbaas.ini /etc/neutron/services/fadc_lbaas.ini

    $ vim /etc/neutron/services/fadc_lbaas.ini

    [DEFAULT]

    debug_mode = False

    fadc_FQDN = 172.24.4.3

    fadc_username = admin

    fadc_password =

    fadc_vdom_network_mapping = port2,port3

    fadc_vdom_network_allowAccess = port2:http ping telnet,port3:http ping https

    fadc_vdom_network_ip = port2:10.0.2.10/24,port3:10.0.3.10/24

    fadc_default_gw = 10.0.2.1

    fadc_vs_dev_intf = port2

    fadc_vs_persistency = LB_PERSIS_HASH_SRC_ADDR

    fadc_vs_packet_forward_method = FullNAT

    fadc_vs_nat_pool = 10.0.3.200,10.0.3.210

    fadc_vs_nat_intf = port3

    fadc_get_stats_interval = 2

    fadc_healthcheck_port = 80

    Configuration for FortiADC deployed inside an OpenStack container

    Parameter Description
    Debug  
    debug_mode

    Enable or disable debug messages for fadc_api.

    True = enable

    False = disable

    Device information  
    fadc_FQDN

    The FortiADC's IP address that OpenStack Neutron uses to communicate with it.

    fadc_username

    The FortiADC global user log-in name.

    Note: The default password is admin.

    fadc_password

    The FortiADC log-in password.

    Note: It's blank (no password) by default.

    Network  
    fadc_vdom_network_mapping

    The interfaces assigned to the virtual domain.

    fadc_vdom_network_allowAccess

    The applications that the interface allows to access. The value can be HTTPS, HTTP, SNMP, SSH, Ping, and Telnet.

    fadc_vdom_network_ip

    The IP addresses of the assigned interfaces.

    fadc_default_gw

    The static route with destination 0.0.0.0/0 in the VDOM.

    Virtual server  
    fadc_vs_dev_intf

    The virtual server interface.

    fadc_vs_persistency

    The name of the persistence profile in the virtual server.

    fadc_vs_packet_forward_method

    The packet-forwarding method in Layer-4 virtual servers. It can be NAT or FullNAT.

    Note: This applies to Layer-4 virtual servers only.

    fadc_vs_nat_pool

    The IP address range of the NAT source pool.

    Note: This applies to Layer-4 virtual servers with NAT only.

    fadc_vs_nat_intf

    The interface of the NAT source pool.

    Note: This applies to Layer-4 virtual servers with NAT only.

    fadc_get_stats_interval

    The amount of data shown on the FortiADC's FortiView page:

    • 0=One hour's worth of data
    • 1=Six hours' worth of data
    • 2=One day's worth of data
    • 3=One week's worth of data
    • 4=One month's worth of data
    • 5=One year's worth of data
    Healthcheck monitor port  
    fadc_healthcheck_port

    The port number for FortiADC to create healthcheck profiles. The default is 80. Valid values range from 0 to 65535.

    Note: This applies to HTTP, HTTPS, and TCP only.

  5. Reload the agent:

$ sudo systemctl daemon-reload

$ sudo systemctl restart fadc-lbaas-agent.service

Installation procedures

Follow the steps below to install the FortiADC software package in your OpenStack environment.

Step 1: Verify your OpenStack environment

Make sure that it is running on OpenStack Pike (or a newer release) with Neutron LBaaS agent installed on it.

Step 2: Download and extract the Fortinet OpenStack LbaaSv2 plugin and agent

  1. Download the Fortinet OpenStack LBAASv2 Plugin and Agent tarball, fortiadc_lbaasv2.tar.gz.
  2. Extract it in your OpenStack OS:

$ mv fortiadc_lbaasv2.tar.gz /tmp

$ cd /tmp

$ tar -zxvf fortiadc_lbaasv2.tar.gz

Step 3: Install the Fortinet Plugin driver

  1. Install the driver:
  2. $ sudo cp -r /tmp/fortiadc_lbaasv2/fortinet /opt/stack/neutron-lbaas/neutron_lbaas/drivers/

    $ cd /tmp/fortiadc_lbaasv2/fortinet_neutron_lbaas; sudo pip install.

  3. Modify service_providers in /etc/neutron/neutron_lbaas.conf :
  4. $ vim /etc/neutron/neutron_lbaas.conf

    .....

    [service_providers]

    service_provider=LOADBALANCERV2:Fortinet:neutron_lbaas.drivers.fortinet.driver_v2.PearlMilkTeaDriver:default

    .....

  5. Restart the service to load the Fortinet plug-in driver:

$ sudo systemctl restart devstack@q-svc.service

Step 4: Install Agent and FortiADC device driver

  1. Install the FortiADC API and agent:
  2. $ cd /tmp/fortiadc_lbaasv2/fadc_api; sudo pip install.

    $ cd /tmp/fortiadc_lbaasv2/fortinet_openstack_agent; sudo pip install.

  3. Adapt fadc_lbaas.ini to your environment: (Note: The example below is for FortiADC deployed inside an OpenStack container.)
  4. $ cp /tmp/fortiadc_lbaasv2/fortinet_openstack_agent/fadc_lbaas.ini /etc/neutron/services/fadc_lbaas.ini

    $ vim /etc/neutron/services/fadc_lbaas.ini

    [DEFAULT]

    debug_mode = False

    fadc_FQDN = 172.24.4.3

    fadc_username = admin

    fadc_password =

    fadc_vdom_network_mapping = port2,port3

    fadc_vdom_network_allowAccess = port2:http ping telnet,port3:http ping https

    fadc_vdom_network_ip = port2:10.0.2.10/24,port3:10.0.3.10/24

    fadc_default_gw = 10.0.2.1

    fadc_vs_dev_intf = port2

    fadc_vs_persistency = LB_PERSIS_HASH_SRC_ADDR

    fadc_vs_packet_forward_method = FullNAT

    fadc_vs_nat_pool = 10.0.3.200,10.0.3.210

    fadc_vs_nat_intf = port3

    fadc_get_stats_interval = 2

    fadc_healthcheck_port = 80

    Configuration for FortiADC deployed inside an OpenStack container

    Parameter Description
    Debug  
    debug_mode

    Enable or disable debug messages for fadc_api.

    True = enable

    False = disable

    Device information  
    fadc_FQDN

    The FortiADC's IP address that OpenStack Neutron uses to communicate with it.

    fadc_username

    The FortiADC global user log-in name.

    Note: The default password is admin.

    fadc_password

    The FortiADC log-in password.

    Note: It's blank (no password) by default.

    Network  
    fadc_vdom_network_mapping

    The interfaces assigned to the virtual domain.

    fadc_vdom_network_allowAccess

    The applications that the interface allows to access. The value can be HTTPS, HTTP, SNMP, SSH, Ping, and Telnet.

    fadc_vdom_network_ip

    The IP addresses of the assigned interfaces.

    fadc_default_gw

    The static route with destination 0.0.0.0/0 in the VDOM.

    Virtual server  
    fadc_vs_dev_intf

    The virtual server interface.

    fadc_vs_persistency

    The name of the persistence profile in the virtual server.

    fadc_vs_packet_forward_method

    The packet-forwarding method in Layer-4 virtual servers. It can be NAT or FullNAT.

    Note: This applies to Layer-4 virtual servers only.

    fadc_vs_nat_pool

    The IP address range of the NAT source pool.

    Note: This applies to Layer-4 virtual servers with NAT only.

    fadc_vs_nat_intf

    The interface of the NAT source pool.

    Note: This applies to Layer-4 virtual servers with NAT only.

    fadc_get_stats_interval

    The amount of data shown on the FortiADC's FortiView page:

    • 0=One hour's worth of data
    • 1=Six hours' worth of data
    • 2=One day's worth of data
    • 3=One week's worth of data
    • 4=One month's worth of data
    • 5=One year's worth of data
    Healthcheck monitor port  
    fadc_healthcheck_port

    The port number for FortiADC to create healthcheck profiles. The default is 80. Valid values range from 0 to 65535.

    Note: This applies to HTTP, HTTPS, and TCP only.

  5. Reload the agent:

$ sudo systemctl daemon-reload

$ sudo systemctl restart fadc-lbaas-agent.service