Support for cloud-init service for KVM, Azure, and AWS 6.4.1
You can use the cloud-init service for customizing a prepared image of a virtual installation. The cloud-init service is built into the virtual instances of FortiManager-VM found on the support site so that you can use them on a VM platform that supports the use of the service. To customize the installation of a new FortiManager-VM instance, you must combine the seed image from the support site with user data information customized for each new installation.
Hypervisor platforms such as QEMU/KVM support the use of this service on most major Linux distributions, as well as BSD and Hyper-V. A number of cloud-based environments, such as VMware and AWS also support it.
You can use the cloud-init service to help install different instances based on a common seed image by assigning hostnames, adding SSH keys, and settings particular to the specific installation. You can add other more general customizations, such as the running of post install scripts.
While cloud-init is the service used to accomplish the customized installations of VMs, various other programs, depending on the platform, are used to create the customized ISOs used to create the images that will build the FortiManager-VM.
This topic includes the following sections:
KVM
To configure on KVM:
- On the host server (Ubuntu), start service
libvirtd
. - Prepare the FortiManager configuration and license file.
This license is named
0000
, without any extension.The folder structure should be as follows:
<holding folder> /openstack /content 0000 /latest user_data
For example:
config system global set hostname fmg-boot-strap end
- Convert the folder to an ISO image using the mkisofs utility.
Following is the syntax of the command:
mkisofs [options] [-o <filename of new ISO> pathspec [pathspec...]
- Create a FortiManager instance, attach a virtual CDROM, which is based on
fmg-config-lic-bootstap.iso
.The following command sets up a virtual CDROM drive as if it were on an IDE bus holding a virtual CD in it with no cache, and the data is in RAW format.
disk /home/username/test/fmg-config-lic-bootstap.iso,device=cdrom,bus=ide,format=raw,cache=none -
- Boot up the FortiManager KVM virtual machine.
In the following example for FortiManager, the configuration and license upload to the FortiManager KVM virtual machine.
bash# cat vmd.log.1 [186] cdrom mounted [186] /cdrom/openstack/content/0000: size=9171: -----BEGIN FMG VM LICENSE----- QAAAAKgh6/7exA+Da/9ho2iypJYLjYKx+vFPBYd6cR6XlTq1WFz95Fz+b1n1sa2OPLldeC5h5sgh CZMEcGUczbnSZMcQGgAAMC/mTe8EPRK/ARkMpi8Av3IIIcm7Irgds8xk+cgeMpZTMBtq2FrXsAmr yErFgUgYmouRu9VMtJnJln4nnFRXZzsBez/Xa7XeBBUeHuLuxAiHyI2rIUfXQOPeIgV06eLrFLdu UpD1EqadFK3eDDoMX4wEFzLHJbbBrjErWKvu2Cf94sEDsaVQmI/Cv5nOZd9rQgR2TdxQ06YO25dr cRuhoxA/nY4fvqwOcHbhUYpafF2NDeKiXzDVS1iRun5ZYFcCuIOTkGr2AQb5zx6MdlQgc+k8boI0 ........................ JAyU8CgENbH++ClFTDAG6lznT68KcZDF7lcoAr56+p7OjXBEZrwUFVVIv4CWCtfntG1v7uE9Po0P 9PZyNgupzf7lstWtYDfrgSZO -----END FMG VM LICENSE----- [186] /cdrom/openstack/latest/user_data: size=438: config system global set hostname fmg-boot-strap end
AWS
To configure on AWS:
-
Go to the AWS marketplace, and follow the procedure to launch a FortiManager AZURE virtual machine.
-
On the 3. Configure Instance page, select the VPC subnet and the IAM role.
When selecting the VPC subnet, select the IAM role that was created, and specify information about the license file and configuration file from the AWS S3 bucket that was previously configured under Advanced Settings. In this example, the IAM role name is fmgrole.
- Expand Advanced Details, and set User data to As text, for example:
-
Go to the FortiManager GUI, and log in.
- In FortiManager, go to System Settings > Dashboard.
In the following example for FortiManager, the System Information widget displays the specified hostname, and the License Information widget displays the activated license.
Microsoft Azure
To configure on Microsoft Azure:
- Use PowerShell to deploy the FortiManager Azure VM with user data.
- Create a MIME text file named
azureinit.conf
in local PCC:\Azure\misc
directory.You can change the directory path and file name using the
$customdataFile = C:\Azure\misc\azureinit.conf
parameter in theps1
file. Theazureinit.conf
is the text file in MIME format that includes both FortiGate CLI commands and license file content.Content-Type: multipart/mixed; boundary="===============0740947994048919689==" MIME-Version: 1.0 --===============0740947994048919689== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="config" config system admin setting set idle_timeout 480 set shell-access enable end --===============0740947994048919689== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="license" -----BEGIN FMG VM LICENSE----- QAAAAD1P27eiQC4JGGA1wDYnqMasNcDlXUtjg02/nt21seyucBTncObcRqPsXXFcRqkpoINA83PC ........ IOb6sMYu8MnmDPAJLgygex1BdImccRJ3pe+E9ZgT5tAu7gBVhDa5Bo/kf3IdJOoRdxvFXcUGC0+k 4TgteYmIRK7E5C0ZGV0AGqn2zTmwaFxF9J22R68tkI3fGbhGbAfjcPN5IAdC7TwHWyJWEoOqy8o/ TJ9wReuzEIWC3SrWtgpgfMNM527h4RQrLXBJP0VOm+C4ZHkedrbBy7qFQWhHC+Lps8rsPh/Qj1PN Ii6kVnHrAgf9dI7C4IAmEKlQ -----END FMG VM LICENSE----- --===============0740947994048919689==--
After FortiManager Azure VM is created, the FortiManager license and configuration are uploaded.
- Go to FortiManager GUI, and log in.
- Go to System Settings > Dashboard. In the following example, the System Information widget displays the serial number.
- Go to System Settings > Admin > Admin Settings.
The following example displays the Administration Settings: