Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

Support for cloud-init service for KVM, Azure, and AWS 6.4.1

You can use the cloud-init service for customizing a prepared image of a virtual installation. The cloud-init service is built into the virtual instances of FortiAnalyzer-VM found on the support site so that you can use them on a VM platform that supports the use of the service. To customize the installation of a new FortiAnalyzer-VM instance, you must combine the seed image from the support site with user data information customized for each new installation.

Hypervisor platforms such as QEMU/KVM support the use of this service on most major Linux distributions, as well as BSD and Hyper-V. A number of cloud-based environments, such as VMware and AWS also support it.

You can use the cloud-init service to help install different instances based on a common seed image by assigning hostnames, adding SSH keys, and settings particular to the specific installation. You can add other more general customizations, such as the running of post install scripts.

While cloud-init is the service used to accomplish the customized installations of VMs, various other programs, depending on the platform, are used to create the customized ISOs used to create the images that will build the FortiAnalyzer-VM.

Note

Although this feature supports FortiAnalyzer, this topic only includes examples for FortiManager.

This topic includes the following sections:

KVM

To configure on KVM:
  1. On the host server (Ubuntu), start service libvirtd.
  2. Prepare the FortiAnalyzer configuration and license file.

    This license is named 0000, without any extension.

    The folder structure should be as follows:

    <holding folder>
    /openstack
    /content
    0000
    /latest
    user_data

    For example:

    config system global     set hostname fmg-boot-strap end

  3. Convert the folder to an ISO image using the mkisofs utility.

    Following is the syntax of the command:

    mkisofs [options] [-o <filename of new ISO> pathspec [pathspec...]
  4. Create a FortiAnalyzer instance, attach a virtual CDROM, which is based on fmg-config-lic-bootstap.iso.

    The following command sets up a virtual CDROM drive as if it were on an IDE bus holding a virtual CD in it with no cache, and the data is in RAW format.

    disk /home/username/test/fmg-config-lic-bootstap.iso,device=cdrom,bus=ide,format=raw,cache=none -

  5. Boot up the FortiAnalyzer KVM virtual machine.

    In the following example for FortiManager, the configuration and license upload to the FortiManager KVM virtual machine.

    bash# cat vmd.log.1 [186] cdrom mounted [186] /cdrom/openstack/content/0000: size=9171: -----BEGIN FMG VM LICENSE----- QAAAAKgh6/7exA+Da/9ho2iypJYLjYKx+vFPBYd6cR6XlTq1WFz95Fz+b1n1sa2OPLldeC5h5sgh CZMEcGUczbnSZMcQGgAAMC/mTe8EPRK/ARkMpi8Av3IIIcm7Irgds8xk+cgeMpZTMBtq2FrXsAmr yErFgUgYmouRu9VMtJnJln4nnFRXZzsBez/Xa7XeBBUeHuLuxAiHyI2rIUfXQOPeIgV06eLrFLdu UpD1EqadFK3eDDoMX4wEFzLHJbbBrjErWKvu2Cf94sEDsaVQmI/Cv5nOZd9rQgR2TdxQ06YO25dr cRuhoxA/nY4fvqwOcHbhUYpafF2NDeKiXzDVS1iRun5ZYFcCuIOTkGr2AQb5zx6MdlQgc+k8boI0 ........................ JAyU8CgENbH++ClFTDAG6lznT68KcZDF7lcoAr56+p7OjXBEZrwUFVVIv4CWCtfntG1v7uE9Po0P 9PZyNgupzf7lstWtYDfrgSZO -----END FMG VM LICENSE----- [186] /cdrom/openstack/latest/user_data: size=438: config system global     set hostname fmg-boot-strap end

AWS

To configure on AWS:
  1. Go to the AWS marketplace, and follow the procedure to launch a FortiAnalyzer AZURE virtual machine.

  2. On the 3. Configure Instance page, select the VPC subnet and the IAM role.

    When selecting the VPC subnet, select the IAM role that was created, and specify information about the license file and configuration file from the AWS S3 bucket that was previously configured under Advanced Settings. In this example, the IAM role name is fmgrole.

  3. Expand Advanced Details, and set User data to As text, for example:

  4. Go to the FortiAnalyzer GUI, and log in.

  5. In FortiAnalyzer, go to System Settings > Dashboard.

    In the following example for FortiManager, the System Information widget displays the specified hostname, and the License Information widget displays the activated license.

Microsoft Azure

To configure on Microsoft Azure:
  1. Use PowerShell to deploy the FortiAnalyzer Azure VM with user data.
  2. Create a MIME text file named azureinit.conf in local PC C:\Azure\misc directory.

    You can change the directory path and file name using the $customdataFile = C:\Azure\misc\azureinit.conf parameter in the ps1 file. The azureinit.conf is the text file in MIME format that includes both FortiGate CLI commands and license file content.

    Content-Type: multipart/mixed; boundary="===============0740947994048919689==" MIME-Version: 1.0 --===============0740947994048919689== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="config" config system admin setting     set idle_timeout 480     set shell-access enable end --===============0740947994048919689== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="license" -----BEGIN FMG VM LICENSE----- QAAAAD1P27eiQC4JGGA1wDYnqMasNcDlXUtjg02/nt21seyucBTncObcRqPsXXFcRqkpoINA83PC ........ IOb6sMYu8MnmDPAJLgygex1BdImccRJ3pe+E9ZgT5tAu7gBVhDa5Bo/kf3IdJOoRdxvFXcUGC0+k 4TgteYmIRK7E5C0ZGV0AGqn2zTmwaFxF9J22R68tkI3fGbhGbAfjcPN5IAdC7TwHWyJWEoOqy8o/ TJ9wReuzEIWC3SrWtgpgfMNM527h4RQrLXBJP0VOm+C4ZHkedrbBy7qFQWhHC+Lps8rsPh/Qj1PN Ii6kVnHrAgf9dI7C4IAmEKlQ -----END FMG VM LICENSE----- --===============0740947994048919689==--

    After FortiAnalyzer Azure VM is created, the FortiAnalyzer license and configuration are uploaded.

  3. Go to FortiAnalyzer GUI, and log in.
  4. Go to System Settings > Dashboard. In the following example, the System Information widget displays the serial number.

  5. Go to System Settings > Admin > Admin Settings.

    The following example displays the Administration Settings:

Support for cloud-init service for KVM, Azure, and AWS 6.4.1

You can use the cloud-init service for customizing a prepared image of a virtual installation. The cloud-init service is built into the virtual instances of FortiAnalyzer-VM found on the support site so that you can use them on a VM platform that supports the use of the service. To customize the installation of a new FortiAnalyzer-VM instance, you must combine the seed image from the support site with user data information customized for each new installation.

Hypervisor platforms such as QEMU/KVM support the use of this service on most major Linux distributions, as well as BSD and Hyper-V. A number of cloud-based environments, such as VMware and AWS also support it.

You can use the cloud-init service to help install different instances based on a common seed image by assigning hostnames, adding SSH keys, and settings particular to the specific installation. You can add other more general customizations, such as the running of post install scripts.

While cloud-init is the service used to accomplish the customized installations of VMs, various other programs, depending on the platform, are used to create the customized ISOs used to create the images that will build the FortiAnalyzer-VM.

Note

Although this feature supports FortiAnalyzer, this topic only includes examples for FortiManager.

This topic includes the following sections:

KVM

To configure on KVM:
  1. On the host server (Ubuntu), start service libvirtd.
  2. Prepare the FortiAnalyzer configuration and license file.

    This license is named 0000, without any extension.

    The folder structure should be as follows:

    <holding folder>
    /openstack
    /content
    0000
    /latest
    user_data

    For example:

    config system global     set hostname fmg-boot-strap end

  3. Convert the folder to an ISO image using the mkisofs utility.

    Following is the syntax of the command:

    mkisofs [options] [-o <filename of new ISO> pathspec [pathspec...]
  4. Create a FortiAnalyzer instance, attach a virtual CDROM, which is based on fmg-config-lic-bootstap.iso.

    The following command sets up a virtual CDROM drive as if it were on an IDE bus holding a virtual CD in it with no cache, and the data is in RAW format.

    disk /home/username/test/fmg-config-lic-bootstap.iso,device=cdrom,bus=ide,format=raw,cache=none -

  5. Boot up the FortiAnalyzer KVM virtual machine.

    In the following example for FortiManager, the configuration and license upload to the FortiManager KVM virtual machine.

    bash# cat vmd.log.1 [186] cdrom mounted [186] /cdrom/openstack/content/0000: size=9171: -----BEGIN FMG VM LICENSE----- QAAAAKgh6/7exA+Da/9ho2iypJYLjYKx+vFPBYd6cR6XlTq1WFz95Fz+b1n1sa2OPLldeC5h5sgh CZMEcGUczbnSZMcQGgAAMC/mTe8EPRK/ARkMpi8Av3IIIcm7Irgds8xk+cgeMpZTMBtq2FrXsAmr yErFgUgYmouRu9VMtJnJln4nnFRXZzsBez/Xa7XeBBUeHuLuxAiHyI2rIUfXQOPeIgV06eLrFLdu UpD1EqadFK3eDDoMX4wEFzLHJbbBrjErWKvu2Cf94sEDsaVQmI/Cv5nOZd9rQgR2TdxQ06YO25dr cRuhoxA/nY4fvqwOcHbhUYpafF2NDeKiXzDVS1iRun5ZYFcCuIOTkGr2AQb5zx6MdlQgc+k8boI0 ........................ JAyU8CgENbH++ClFTDAG6lznT68KcZDF7lcoAr56+p7OjXBEZrwUFVVIv4CWCtfntG1v7uE9Po0P 9PZyNgupzf7lstWtYDfrgSZO -----END FMG VM LICENSE----- [186] /cdrom/openstack/latest/user_data: size=438: config system global     set hostname fmg-boot-strap end

AWS

To configure on AWS:
  1. Go to the AWS marketplace, and follow the procedure to launch a FortiAnalyzer AZURE virtual machine.

  2. On the 3. Configure Instance page, select the VPC subnet and the IAM role.

    When selecting the VPC subnet, select the IAM role that was created, and specify information about the license file and configuration file from the AWS S3 bucket that was previously configured under Advanced Settings. In this example, the IAM role name is fmgrole.

  3. Expand Advanced Details, and set User data to As text, for example:

  4. Go to the FortiAnalyzer GUI, and log in.

  5. In FortiAnalyzer, go to System Settings > Dashboard.

    In the following example for FortiManager, the System Information widget displays the specified hostname, and the License Information widget displays the activated license.

Microsoft Azure

To configure on Microsoft Azure:
  1. Use PowerShell to deploy the FortiAnalyzer Azure VM with user data.
  2. Create a MIME text file named azureinit.conf in local PC C:\Azure\misc directory.

    You can change the directory path and file name using the $customdataFile = C:\Azure\misc\azureinit.conf parameter in the ps1 file. The azureinit.conf is the text file in MIME format that includes both FortiGate CLI commands and license file content.

    Content-Type: multipart/mixed; boundary="===============0740947994048919689==" MIME-Version: 1.0 --===============0740947994048919689== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="config" config system admin setting     set idle_timeout 480     set shell-access enable end --===============0740947994048919689== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="license" -----BEGIN FMG VM LICENSE----- QAAAAD1P27eiQC4JGGA1wDYnqMasNcDlXUtjg02/nt21seyucBTncObcRqPsXXFcRqkpoINA83PC ........ IOb6sMYu8MnmDPAJLgygex1BdImccRJ3pe+E9ZgT5tAu7gBVhDa5Bo/kf3IdJOoRdxvFXcUGC0+k 4TgteYmIRK7E5C0ZGV0AGqn2zTmwaFxF9J22R68tkI3fGbhGbAfjcPN5IAdC7TwHWyJWEoOqy8o/ TJ9wReuzEIWC3SrWtgpgfMNM527h4RQrLXBJP0VOm+C4ZHkedrbBy7qFQWhHC+Lps8rsPh/Qj1PN Ii6kVnHrAgf9dI7C4IAmEKlQ -----END FMG VM LICENSE----- --===============0740947994048919689==--

    After FortiAnalyzer Azure VM is created, the FortiAnalyzer license and configuration are uploaded.

  3. Go to FortiAnalyzer GUI, and log in.
  4. Go to System Settings > Dashboard. In the following example, the System Information widget displays the serial number.

  5. Go to System Settings > Admin > Admin Settings.

    The following example displays the Administration Settings: