Support Ampere A1 Compute instances on OCI 7.0.8
This enhancement allows FortiGate-VM for OCI to work on ARM-based Oracle Cloud Ampere A1 Compute instances. This instance type supports pay-as-you-go and bring-your-own-license licensing variants. The following shows the CPU information for this instance type, as obtained from the get hardware cpu command:
processor : 0
BogoMIPS : 50.00
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp
CPU implementer : 0x41
CPU architecture: 8
CPU variant : 0x3
CPU part : 0xd0c
CPU revision : 1
You can deploy this instance type from the OCI console or using the CLI.
To deploy an OCI Ampere A1 Compute instance from the OCI console:
- In the OCI console, create an instance using the FortiGate-VM image for the Ampere A1 Compute instance type:
- Under Image and shape, select the VM.Standard.A1.Flex image shape.
- Under Instance type, select Virtual machine.
- Under Shape series, select Ampere.
- Under Image, select VM.Standard.A1.Flex.
- Configure other fields as desired, and create the VM.
- After OCI creates the instance, confirm that the settings match the image.
- Access the FortiGate-VM to ensure that you can reach the GUI.
To deploy an OCI Ampere A1 Compute instance from the CLI:
- Obtain the out.kvm.zip file and extract the qcow2 image. This example uses the FGT_ARM64_OCI-v7-build0411-FORTINET.out.kvm.zip file:
root@mail:/tmp# unzip FGT_ARM64_OCI-v7-build0411-FORTINET.out.kvm.zip Archive: FGT_ARM64_OCI-v7-build0411-FORTINET.out.kvm.zip inflating: fortios.qcow2
- Upload the file to the OCI bucket:
root@mail:/tmp# oci os object put -ns fortinetoraclecloud1 -bn thomas-bucket --name fos-demo-0411.qcow2 --file fortios.qcow2 --force Uploading object [####################################] 100% { "etag": "3d22c817-c19c-4872-8935-0b3181edb98a", "last-modified": "Thu, 22 Sep 2022 23:22:31 GMT", "opc-content-md5": "j3KLUi8km2AwoqA3BAsqvw==" } - Import the image from the file in the bucket:
oci compute image import from-object -bn thomas-bucket -c ocid1.compartment.oc1..aaaaaaaa6jlfnxjcaqlykch4vqa6imw3gz5hlrm3iyojuxah2v4fh7caa4wq --name fos-demo-0411.qcow2 -ns fortinetoraclecloud1 --launch-mode paravirtualized --display-name demoimage0411 --source-image-type QCOW2 { "data": { "agent-features": null, "base-image-id": null, "billable-size-in-gbs": null, "compartment-id": "ocid1.compartment.oc1..aaaaaaaa6jlfnxjcaqlykch4vqa6imw3gz5hlrm3iyojuxah2v4fh7caa4wq", "create-image-allowed": true, "defined-tags": { "namesp": { "CreatedBy": "ssmith@fortinet.com", "CreatedOn": "2022-09-22T23:25:12.801Z" } }, "display-name": "demoimage0411", "freeform-tags": {}, "id": "ocid1.image.oc1.iad.aaaaaaaai2b4grjuooj5rpetu2edxwsvghuuk5ieglkllesoisukjsczs2aa", "launch-mode": "PARAVIRTUALIZED", "launch-options": { "boot-volume-type": "PARAVIRTUALIZED", "firmware": "BIOS", "is-consistent-volume-naming-enabled": false, "is-pv-encryption-in-transit-enabled": false, "network-type": "PARAVIRTUALIZED", "remote-data-volume-type": "PARAVIRTUALIZED" }, "lifecycle-state": "IMPORTING", "listing-type": null, "operating-system": "Custom", "operating-system-version": "Custom", "size-in-mbs": null, "time-created": "2022-09-22T23:25:13.272000+00:00" }, "etag": "6fc8fd47711de318f30bd96daaf38320d720cec934f69dd119be8b4cd78ca2e6", "opc-work-request-id": "ocid1.coreservicesworkrequest.oc1.iad.abuwcljrlc4bzn2skur3sekotm43bsezfjpby4tqvwv5m6ysrndj7e3uyjja" } - Add image shape compatibility for VM.Standard.A1.Flex:
{ "data": { "image-id": "ocid1.image.oc1.iad.aaaaaaaai2b4grjuooj5rpetu2edxwsvghuuk5ieglkllesoisukjsczs2aa", "memory-constraints": null, "ocpu-constraints": null, "shape": "VM.Standard.A1.Flex" } } - Add image compatibility schema to remove BIOS as an option. For details, see Configuring Image Capabilities for Custom Images:
oci compute image-capability-schema create --schema-data file:///home/armoci/scripts/schemafile.json -c ocid1.compartment.oc1..aaaaaaaa6jlfnxjcaqlykch4vqa6imw3gz5hlrm3iyojuxah2v4fh7caa4wq --image-id ocid1.image.oc1.iad.aaaaaaaai2b4grjuooj5rpetu2edxwsvghuuk5ieglkllesoisukjsczs2aa --global-image-capability-schema-version-name d13aa499-898b-45c9-9cfb-f288fb8289ba { "data": { "compartment-id": "ocid1.compartment.oc1..aaaaaaaa6jlfnxjcaqlykch4vqa6imw3gz5hlrm3iyojuxah2v4fh7caa4wq", "compute-global-image-capability-schema-id": "ocid1.computeglobalimgcapschema.oc1.iad.aaaaaaaa743mjhi74uhrg46h4gcn4xs62qdlftmvlhezl54wgkhzq5j6d42a", "compute-global-image-capability-schema-version-name": "d13aa499-898b-45c9-9cfb-f288fb8289ba", "defined-tags": { "namesp": { "CreatedBy": "ssmith@fortinet.com", "CreatedOn": "2022-09-22T23:44:01.836Z" } }, "display-name": "computeimgcapschema20220922234401", "freeform-tags": {}, "id": "ocid1.computeimgcapschema.oc1.iad.aaaaaaaamym4p5b3cttupdbp5niwjmt6cosclsmsdwiusuk6uy6ez45uenrq", "image-id": "ocid1.image.oc1.iad.aaaaaaaai2b4grjuooj5rpetu2edxwsvghuuk5ieglkllesoisukjsczs2aa", "schema-data": { "Compute.Firmware": { "default-value": "UEFI_64", "descriptor-type": "enumstring", "source": "IMAGE", "values": [ "UEFI_64" ] }, "Compute.LaunchMode": { "default-value": "EMULATED", "descriptor-type": "enumstring", "source": "IMAGE", "values": [ "NATIVE", "EMULATED", "PARAVIRTUALIZED", "CUSTOM" ] }, "Compute.SecureBoot": { "default-value": false, "descriptor-type": "boolean", "source": "IMAGE" }, "Network.AttachmentType": { "default-value": "PARAVIRTUALIZED", "descriptor-type": "enumstring", "source": "IMAGE", "values": [ "E1000", "VFIO", "PARAVIRTUALIZED" ] }, "Storage.BootVolumeType": { "default-value": "PARAVIRTUALIZED", "descriptor-type": "enumstring", "source": "IMAGE", "values": [ "ISCSI", "SCSI", "IDE", "PARAVIRTUALIZED" ] }, "Storage.ConsistentVolumeNaming": { "default-value": true, "descriptor-type": "boolean", "source": "IMAGE" }, "Storage.Iscsi.MultipathDeviceSupported": { "default-value": false, "descriptor-type": "boolean", "source": "IMAGE" }, "Storage.LocalDataVolumeType": { "default-value": "PARAVIRTUALIZED", "descriptor-type": "enumstring", "source": "IMAGE", "values": [ "ISCSI", "SCSI", "IDE", "PARAVIRTUALIZED" ] }, "Storage.ParaVirtualization.AttachmentVersion": { "default-value": 2, "descriptor-type": "enuminteger", "source": "IMAGE", "values": [ 1, 2 ] }, "Storage.ParaVirtualization.EncryptionInTransit": { "default-value": true, "descriptor-type": "boolean", "source": "IMAGE" }, "Storage.RemoteDataVolumeType": { "default-value": "PARAVIRTUALIZED", "descriptor-type": "enumstring", "source": "IMAGE", "values": [ "ISCSI", "SCSI", "IDE", "PARAVIRTUALIZED" ] } }, "time-created": "2022-09-22T23:44:01.871000+00:00" }, "etag": "f911969448888e6fff9e1715ed92c77c9fc78ac65f4ce659f5e53b8f7bfcec02" } Contents of schema file root@mail:/home/armoci/scripts# cat /home/armoci/scripts/schemafile.json { "Compute.Firmware": { "descriptorType": "enumstring", "source": "IMAGE", "values": [ "UEFI_64" ], "defaultValue": "UEFI_64" }, "Compute.SecureBoot": { "descriptorType": "boolean", "source": "IMAGE", "defaultValue": false }, "Compute.LaunchMode": { "descriptorType": "enumstring", "source": "IMAGE", "values": [ "NATIVE", "EMULATED", "PARAVIRTUALIZED", "CUSTOM" ], "defaultValue": "EMULATED" }, "Network.AttachmentType": { "descriptorType": "enumstring", "source": "IMAGE", "values": [ "E1000", "VFIO", "PARAVIRTUALIZED" ], "defaultValue": "PARAVIRTUALIZED" }, "Storage.BootVolumeType": { "descriptorType": "enumstring", "source": "IMAGE", "values": [ "ISCSI", "SCSI", "IDE", "PARAVIRTUALIZED" ], "defaultValue": "PARAVIRTUALIZED" }, "Storage.LocalDataVolumeType": { "descriptorType": "enumstring", "source": "IMAGE", "values": [ "ISCSI", "SCSI", "IDE", "PARAVIRTUALIZED" ], "defaultValue": "PARAVIRTUALIZED" }, "Storage.RemoteDataVolumeType": { "descriptorType": "enumstring", "source": "IMAGE", "values": [ "ISCSI", "SCSI", "IDE", "PARAVIRTUALIZED" ], "defaultValue": "PARAVIRTUALIZED" }, "Storage.ConsistentVolumeNaming": { "descriptorType": "boolean", "defaultValue": "true", "source": "IMAGE" }, "Storage.ParaVirtualization.EncryptionInTransit": { "descriptorType": "boolean", "defaultValue": "true", "source": "IMAGE" }, "Storage.ParaVirtualization.AttachmentVersion": { "descriptorType": "enuminteger", "source": "IMAGE", "values": [ 1, 2 ], "defaultValue": 2 }, "Storage.Iscsi.MultipathDeviceSupported": { "descriptorType": "boolean", "source": "IMAGE", "defaultValue": false } - Create a VM using the image:
oci compute instance launch \ --display-name demoinstance0411 \ --image-id ocid1.image.oc1.iad.aaaaaaaai2b4grjuooj5rpetu2edxwsvghuuk5ieglkllesoisukjsczs2aa \ --subnet-id ocid1.subnet.oc1.iad.aaaaaaaakbi5r7ouue46ixjzksq7qe63k2hgfbcyasqzmr7absx6vznikhaq \ --shape VM.Standard.A1.Flex \ --assign-public-ip true \ --shape-config file:///home/armoci/scripts/working/tmpshape { "data": { "agent-config": { "are-all-plugins-disabled": false, "is-management-disabled": false, "is-monitoring-disabled": false, "plugins-config": null }, "availability-config": { "is-live-migration-preferred": null, "recovery-action": "RESTORE_INSTANCE" }, "availability-domain": "wwwl:US-ASHBURN-AD-1", "capacity-reservation-id": null, "compartment-id": "ocid1.tenancy.oc1..aaaaaaaambr3uzztoyhweohbzqqdo775h7d3t54zpmzkp4b2cf35vs55ck3a", "dedicated-vm-host-id": null, "defined-tags": { "namesp": { "CreatedBy": "ssmith@fortinet.com", "CreatedOn": "2022-09-22T23:49:42.339Z" } }, "display-name": "demoinstance0411", "extended-metadata": {}, "fault-domain": "FAULT-DOMAIN-1", "freeform-tags": {}, "id": "ocid1.instance.oc1.iad.anuwcljtctshpiyc5orba75rdar3w4yocjxbvmbxrido2ng56bjqv24wdthq", "image-id": "ocid1.image.oc1.iad.aaaaaaaai2b4grjuooj5rpetu2edxwsvghuuk5ieglkllesoisukjsczs2aa", "instance-options": { "are-legacy-imds-endpoints-disabled": false }, "ipxe-script": null, "launch-mode": "EMULATED", "launch-options": { "boot-volume-type": "PARAVIRTUALIZED", "firmware": "UEFI_64", "is-consistent-volume-naming-enabled": true, "is-pv-encryption-in-transit-enabled": false, "network-type": "PARAVIRTUALIZED", "remote-data-volume-type": "PARAVIRTUALIZED" }, "lifecycle-state": "PROVISIONING", "metadata": {}, "platform-config": null, "preemptible-instance-config": null, "region": "iad", "shape": "VM.Standard.A1.Flex", "shape-config": { "baseline-ocpu-utilization": null, "gpu-description": null, "gpus": 0, "local-disk-description": null, "local-disks": 0, "local-disks-total-size-in-gbs": null, "max-vnic-attachments": 4, "memory-in-gbs": 8.0, "networking-bandwidth-in-gbps": 4.0, "ocpus": 4.0, "processor-description": "3.0 GHz Ampere\u00ae Altra\u2122" }, "source-details": { "boot-volume-size-in-gbs": null, "image-id": "ocid1.image.oc1.iad.aaaaaaaai2b4grjuooj5rpetu2edxwsvghuuk5ieglkllesoisukjsczs2aa", "kms-key-id": null, "source-type": "image" }, "system-tags": {}, "time-created": "2022-09-22T23:49:43.165000+00:00", "time-maintenance-reboot-due": null }, "etag": "bbca609ab2ed25c5117fc80935ee6a5c10d88a218944240a8ec009ffcc72b74c", "opc-work-request-id": "ocid1.coreservicesworkrequest.oc1.iad.abuwcljtovqivrwiodft6c7miwj53whs2k3bbiituint62w2zavtqpwmjiga" } Contents of tmpshape root@mail:/tmp# cat /home/armoci/scripts/working/tmpshape {"memoryInGBs":8,"ocpus":4} - Remotely access the VM using SSH to confirm you created it successfully:
root@mail:/home/armoci/scripts# ssh admin@129.213.122.30 The authenticity of host '129.213.122.30 (129.213.122.30)' can't be established. ED25519 key fingerprint is SHA256:I6zodkJW57JxcYeiASMzxyLzjG5xui++UFe9HJvb+vU. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '129.213.122.30' (ED25519) to the list of known hosts. Please login with username=admin and password=<instance-id> admin@129.213.122.30's password: You are forced to change your password. Please input a new password. According to the password policy enforced on this device, please change your password! New password must conform to the following policy: minimum-length=8; must not be same as last two passwords New Password: Confirm Password: FortiGate-ARM64-OCI # FortiGate-ARM64-OCI # FortiGate-ARM64-OCI # get system status Version: FortiGate-ARM64-OCI v7.0.7,build0411,220921 (interim) Virus-DB: 1.00000(2018-04-09 18:07) Extended DB: 1.00000(2018-04-09 18:07) Extreme DB: 1.00000(2018-04-09 18:07) AV AI/ML Model: 0.00000(2001-01-01 00:00) IPS-DB: 6.00741(2015-12-01 02:30) IPS-ETDB: 6.00741(2015-12-01 02:30) APP-DB: 6.00741(2015-12-01 02:30) INDUSTRIAL-DB: 6.00741(2015-12-01 02:30) IPS Malicious URL Database: 1.00001(2015-01-01 01:01) Serial-Number: FGVMEV_AAAAAAAA License Status: Invalid Evaluation License Expires: Fri Oct 7 16:50:49 2022 VM Resources: 4 CPU/1 allowed, 7978 MB RAM/2048 MB allowed Log hard disk: Not available Hostname: FortiGate-ARM64-OCI Operation Mode: NAT Current virtual domain: root Max number of virtual domains: 1 Virtual domains status: 1 in NAT mode, 0 in TP mode Virtual domain configuration: disable FIPS-CC mode: disable Current HA mode: standalone Branch point: 0411 Release Version Information: interim System time: Thu Sep 22 16:52:07 2022 Last reboot reason: power cycle