Support MIME multipart bootstrapping on KVM with config drive 7.0.1
On KVMs, FortiOS supports bootstrapping using a MIME file with config drive.
Sample MIME file
Content-Type: multipart/mixed; boundary="===============0740947994048919689==" MIME-Version: 1.0 --===============0740947994048919689== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="config" config sys glo set hostname mimecheck set admintimeout 480 end config sys admin edit admin set password 12345678 end --===============0740947994048919689== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="license" -----BEGIN FGT VM LICENSE----- ************/*************************************************** ... -----END FGT VM LICENSE----- --===============0740947994048919689==--
To bootstrap a KVM using a MIME file with config drive:
- Create a config drive ISO with a MIME file. See for Cloud-init using config drive for more information.
cd /home/kvm/bootstrap cp mimefile.txt /home/kvm/bootstrap/kvm-cloudinit/openstack/latest/user_data #optional, since license file is also in the mime file cp /home/kvm/bootstrap/licenses/UL_license.txt home/kvm/bootstrap/kvm-cloudinit/openstack/content/0000 mkisofs -R -r -o fgt-bootstrap.iso kvm-cloudinit
- Attach the ISO config drive at boot time. See Cloud-init for more information.
virt-install --connect qemu:///system \ --name ${DOMAIN} \ --virt-type kvm \ --arch=${ARCH} \ --hvm \ --os-type=linux \ --os-variant=generic \ --graphics vnc,listen=0.0.0.0 --noautoconsole \ --vcpus=${CPU} \ --ram ${RAM} \ --cpu host-passthrough \ --sysinfo host \ --disk ${DOMAIN}.qcow2,device=disk,bus=${DISKMODE},format=qcow2,cache=none \ --disk ${DOMAIN}-log.qcow2,device=disk,bus=${DISKMODE},format=qcow2,cache=none \ --disk ${DOMAIN}-wanopt.qcow2,device=disk,bus=${DISKMODE},format=qcow2,cache=none \ --disk ${DOMAIN}-bootstrap.iso,device=cdrom,bus=${DISKMODE},format=raw,cache=none \ --network bridge=br0,model=${NICMODE},mac=**:**:**:**:**:11 \ --network bridge=br1,model=${NICMODE},mac=**:**:**:**:**:22 \ --network bridge=br2,model=${NICMODE},mac=**:**:**:**:**:33 \ --import - Boot up the VM and verify the FortiGate bootstrap:
# diagnose debug cloudinit show >> Checking metadata source config drive >> Found config drive /dev/vdd >> Successfully mount config drive >> MIME parsed config script >> MIME parsed VM license >> Found metadata source: config drive >> Trying to install vmlicense ... >> Checking metadata source config drive >> Found config drive /dev/vdd >> Successfully mount config drive >> MIME parsed config script >> MIME parsed VM license >> Found metadata source: config drive >> Config drive parse metadata json failed >> Run config script >> Finish running script >> FGVM01TM21000000 $ config sys glo >> FGVM01TM21000000 (global) $ set hostname mimecheck >> FGVM01TM21000000 (global) $ set admintimeout 480 >> FGVM01TM21000000 (global) $ end >> mimecheck $ config sys admin >> mimecheck (admin) $ edit admin >> mimecheck (admin) $ set password ******** >> mimecheck (admin) $ end >> mimecheck $ config sys glo >> mimecheck (global) $ set hostname mimecheck >> mimecheck (global) $ set admintimeout 480 >> mimecheck (global) $ end >> mimecheck $ config sys admin >> mimecheck (admin) $ edit admin >> mimecheck (admin) $ set password ******** >> mimecheck (admin) $ end
- Verify that the VM license is valid:
# get system status Version: FortiGate-VM64-KVM v7.0.1,build0125,210517 (interim) Virus-DB: 1.00000(2018-04-09 18:07) Extended DB: 1.00000(2018-04-09 18:07) Extreme DB: 1.00000(2018-04-09 18:07) AV AI/ML Model: 0.00000(2001-01-01 00:00) IPS-DB: 6.00741(2015-12-01 02:30) IPS-ETDB: 6.00741(2015-12-01 02:30) APP-DB: 6.00741(2015-12-01 02:30) INDUSTRIAL-DB: 6.00741(2015-12-01 02:30) IPS Malicious URL Database: 1.00001(2015-01-01 01:01) Serial-Number: FGVM01TM21000000 License Status: Valid License Expiration Date: 2022-05-06 VM Resources: 1 CPU/1 allowed, 3962 MB RAM Log hard disk: Available Hostname: mimecheck Private Encryption: Disable Operation Mode: NAT Current virtual domain: root Max number of virtual domains: 10 Virtual domains status: 1 in NAT mode, 0 in TP mode Virtual domain configuration: disable FIPS-CC mode: disable Current HA mode: standalone Branch point: 0125 Release Version Information: interim FortiOS x86-64: Yes System time: Wed May 19 21:48:12 2021 Last reboot reason: warm reboot