Fortinet white logo
Fortinet white logo

AliCloud Administration Guide

Deployment

Deployment

  1. Log into your AliCloud account. If you do not already have one, create one by following the instructions in the AliCloud article Create a RAM user. The RAM account must have the minimum required permissions as listed in the section RAM account permissions.
  2. Create an AliCloud AccessKey. For details on creating one, refer to the AliCloud article Create an AccessKey. This will create an AccessKeyID and an AccessKeySecret.
  3. Install Terraform. For installation details, refer to the HashiCorp article Install Terraform.
  4. Obtain the FortiGate Autoscale for AliCloud deployment package. Visit the GitHub project release page and download the fortigate-autoscale-alicloud.zip release for the version you want to use.
  5. Unzip the file on your local PC. The following files and folders will be extracted:
    ├── alicloud_function_compute
    ├── alicloud_terraform
    ├── core
    ├── dist
    ├── LICENSE
    ├── node_modules
    ├── package.json
    ├── scripts
    └── test
  6. In your terminal, change to the alicloud_terraform folder:
    cd alicloud_terraform

    The alicloud_terraform folder contains the following files:

    ├── assets
    │   └── configset
    │       ├── baseconfig
    │       ├── httproutingpolicy
    │       ├── httpsroutingpolicy
    │       ├── internalelbweb
    │       └── storelogtofaz
    ├── main.tf
    └── vars.tf
    
    • baseconfig contains the cloud-init configuration for the FortiGate-VM and can be adjusted to support more advanced setups.
    • main.tf contains the majority of the deployment code. As part of the deployment it will upload the baseconfig to an OSS bucket to be used by the FortiGate-VM instances.
    • vars.tf contains the variables required for the deployment. For example: image ID (instance_ami), cluster name, instance, region, etc. For descriptions of the included variables, refer to the section Terraform variables.
  7. Edit the vars.tf file and customize variables for the deployment.
    Note

    The OSS bucket name must be lowercase.

    The Function Compute URL may not be more than 127 characters. The variable cluster_name is used to create this URL.

  8. Initialize the providers and modules with the command terraform init:
    terraform init
  9. Submit the Terraform plan using the command below.
    terraform plan -var "access_key=<access_key>" -var "secret_key=<secret_key>" -var "region=<region>"
  10. Confirm and apply the plan:
    terraform apply -var "access_key=<access_key>" -var "secret_key=<secret_key>" -var "region=<region>"

    Output will be similar to below. A randomly generated three letter suffix is added to all resources and can be used to help identify your cluster resources.

    Apply complete! Resources: 48 added, 0 changed, 0 destroyed.
    
    Outputs:
    
    Auto Scaling Group ID = asg-0xi1g2hk9z048yn6cuu1
    AutoScale External Load Balancer IP = 47.89.136.18
    PSK Secret = !_YfA7FQ@b_aYuei
    Scale In Threshold = 35
    Scale Out Threshold = 70
    VPC name = FortigateAutoScale-rrr

Deployment

Deployment

  1. Log into your AliCloud account. If you do not already have one, create one by following the instructions in the AliCloud article Create a RAM user. The RAM account must have the minimum required permissions as listed in the section RAM account permissions.
  2. Create an AliCloud AccessKey. For details on creating one, refer to the AliCloud article Create an AccessKey. This will create an AccessKeyID and an AccessKeySecret.
  3. Install Terraform. For installation details, refer to the HashiCorp article Install Terraform.
  4. Obtain the FortiGate Autoscale for AliCloud deployment package. Visit the GitHub project release page and download the fortigate-autoscale-alicloud.zip release for the version you want to use.
  5. Unzip the file on your local PC. The following files and folders will be extracted:
    ├── alicloud_function_compute
    ├── alicloud_terraform
    ├── core
    ├── dist
    ├── LICENSE
    ├── node_modules
    ├── package.json
    ├── scripts
    └── test
  6. In your terminal, change to the alicloud_terraform folder:
    cd alicloud_terraform

    The alicloud_terraform folder contains the following files:

    ├── assets
    │   └── configset
    │       ├── baseconfig
    │       ├── httproutingpolicy
    │       ├── httpsroutingpolicy
    │       ├── internalelbweb
    │       └── storelogtofaz
    ├── main.tf
    └── vars.tf
    
    • baseconfig contains the cloud-init configuration for the FortiGate-VM and can be adjusted to support more advanced setups.
    • main.tf contains the majority of the deployment code. As part of the deployment it will upload the baseconfig to an OSS bucket to be used by the FortiGate-VM instances.
    • vars.tf contains the variables required for the deployment. For example: image ID (instance_ami), cluster name, instance, region, etc. For descriptions of the included variables, refer to the section Terraform variables.
  7. Edit the vars.tf file and customize variables for the deployment.
    Note

    The OSS bucket name must be lowercase.

    The Function Compute URL may not be more than 127 characters. The variable cluster_name is used to create this URL.

  8. Initialize the providers and modules with the command terraform init:
    terraform init
  9. Submit the Terraform plan using the command below.
    terraform plan -var "access_key=<access_key>" -var "secret_key=<secret_key>" -var "region=<region>"
  10. Confirm and apply the plan:
    terraform apply -var "access_key=<access_key>" -var "secret_key=<secret_key>" -var "region=<region>"

    Output will be similar to below. A randomly generated three letter suffix is added to all resources and can be used to help identify your cluster resources.

    Apply complete! Resources: 48 added, 0 changed, 0 destroyed.
    
    Outputs:
    
    Auto Scaling Group ID = asg-0xi1g2hk9z048yn6cuu1
    AutoScale External Load Balancer IP = 47.89.136.18
    PSK Secret = !_YfA7FQ@b_aYuei
    Scale In Threshold = 35
    Scale Out Threshold = 70
    VPC name = FortigateAutoScale-rrr