Bootstrapping the FortiGate-VM at initial bootup
This section explains how to add bootstrapping of FortiGate CLI commands and a BYOL license at the time of initial bootup as part of a Terraform deployment.
- Create a text file that contains FortiGate CLI commands. This example saves the file as config.txt. This example uses the following CLI commands:
config system global
set timezone 03
end
The config text file is in MIME format and looks like the following:
Content-Type: multipart/mixed; boundary="==OCI=="
MIME-Version: 1.0
--==OCI==
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
config system global
set timezone 03
end
--==OCI==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="license"
${license_file}
--==OCI==--
You can find the example file on GitHub.
This example CLI sets the timezone as GMT-9 Alaska. You can replace these lines with your own set of CLI commands.
- Download a FortiGate-VM license file from Customer Service & Support after registering your product code. Save the license file as a .txt file. FortiGate-VM license content resembles the following:
- Upload the config.txt and license.txt files under the directory on your local PC where you also run Terraform. Point to the correct paths in variables.tf, the Terraform variables file. On Windows, you do not need to specify the C: drive in paths.
- Uncomment the following lines in the compute.tf file:
32 // Required for bootstrapping / cloud-init
33 // Comment out the following if you use the feature.
34 metadata {
35 user_data = "${base64encode(data.template_file.userdata_lic.rendered)}"
36 }
and
99 // Commnet out the following if you use bootstrapping / cloud-init
100 data "template_file" "userdata_lic" {
101 template = "${file(var.bootstrap)}"
102 vars {
103 license_file = "${file("${var.license}")}"
104 }
105 }
- Run Terraform as described in Using Terraform to deploy a single FortiGate-VM.
- After deployment, log into the FortiGate by accessing https://<IP_address> in your browser. The system displays the dashboard instead of a license upload window, since the license is already activated.
To see how bootstrapping went, check if the command was successfully run. Open the CLI console and enter
diag debug cloudinit show
.If the cloud-init was run successfully, the CLI shows
Finish running script
with no errors. - Check the timezone by running
config system global
andget
commands.The timezone was changed to Alaska as expected, meaning that the bootstrapping CLI command was successful.