Fortinet black logo

New Features

Support MIME multipart bootstrapping on KVM with config drive 7.0.1

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:925238
Download PDF

Support MIME multipart bootstrapping on KVM with config drive 7.0.1

On KVMs, FortiOS supports bootstrapping using a MIME file with config drive.

Sample MIME file
Content-Type: multipart/mixed; boundary="===============0740947994048919689=="
MIME-Version: 1.0

--===============0740947994048919689==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="config"

config sys glo
set hostname mimecheck
set admintimeout 480
end
config sys admin
edit admin
set password 12345678
end

--===============0740947994048919689==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="license"

-----BEGIN FGT VM LICENSE-----
************/***************************************************
...
-----END FGT VM LICENSE-----

--===============0740947994048919689==--
To bootstrap a KVM using a MIME file with config drive:
  1. Create a config drive ISO with a MIME file. See for Cloud-init using config drive for more information.
    cd /home/kvm/bootstrap
    cp mimefile.txt /home/kvm/bootstrap/kvm-cloudinit/openstack/latest/user_data
    #optional, since license file is also in the mime file
    cp /home/kvm/bootstrap/licenses/UL_license.txt
    home/kvm/bootstrap/kvm-cloudinit/openstack/content/0000
    mkisofs -R -r -o fgt-bootstrap.iso kvm-cloudinit
  2. Attach the ISO config drive at boot time. See Cloud-init for more information.
    virt-install --connect qemu:///system \
            --name ${DOMAIN} \
            --virt-type kvm \
            --arch=${ARCH} \
            --hvm \
            --os-type=linux \
            --os-variant=generic \
            --graphics vnc,listen=0.0.0.0 --noautoconsole \
            --vcpus=${CPU} \
            --ram ${RAM} \
            --cpu host-passthrough \
            --sysinfo host \
            --disk ${DOMAIN}.qcow2,device=disk,bus=${DISKMODE},format=qcow2,cache=none \
            --disk ${DOMAIN}-log.qcow2,device=disk,bus=${DISKMODE},format=qcow2,cache=none \
            --disk ${DOMAIN}-wanopt.qcow2,device=disk,bus=${DISKMODE},format=qcow2,cache=none \
            --disk ${DOMAIN}-bootstrap.iso,device=cdrom,bus=${DISKMODE},format=raw,cache=none \
            --network bridge=br0,model=${NICMODE},mac=**:**:**:**:**:11 \
            --network bridge=br1,model=${NICMODE},mac=**:**:**:**:**:22 \
            --network bridge=br2,model=${NICMODE},mac=**:**:**:**:**:33 \
            --import
  3. Boot up the VM and verify the FortiGate bootstrap:
    # diagnose debug cloudinit show
     >> Checking metadata source config drive
     >> Found config drive /dev/vdd
     >> Successfully mount config drive
     >> MIME parsed config script
     >> MIME parsed VM license
     >> Found metadata source: config drive
     >> Trying to install vmlicense ...
     >> Checking metadata source config drive
     >> Found config drive /dev/vdd
     >> Successfully mount config drive
     >> MIME parsed config script
     >> MIME parsed VM license
     >> Found metadata source: config drive
     >> Config drive parse metadata json failed
     >> Run config script
     >> Finish running script
     >> FGVM01TM21000000 $  config sys glo
     >> FGVM01TM21000000 (global) $  set hostname mimecheck
     >> FGVM01TM21000000 (global) $  set admintimeout 480
     >> FGVM01TM21000000 (global) $  end
     >> mimecheck $  config sys admin
     >> mimecheck (admin) $  edit admin
     >> mimecheck (admin) $  set password ********
     >> mimecheck (admin) $  end
     >> mimecheck $  config sys glo
     >> mimecheck (global) $  set hostname mimecheck
     >> mimecheck (global) $  set admintimeout 480
     >> mimecheck (global) $  end
     >> mimecheck $  config sys admin
     >> mimecheck (admin) $  edit admin
     >> mimecheck (admin) $  set password ********
     >> mimecheck (admin) $  end
  4. Verify that the VM license is valid:
    # get system status
    Version: FortiGate-VM64-KVM v7.0.1,build0125,210517 (interim)
    Virus-DB: 1.00000(2018-04-09 18:07)
    Extended DB: 1.00000(2018-04-09 18:07)
    Extreme DB: 1.00000(2018-04-09 18:07)
    AV AI/ML Model: 0.00000(2001-01-01 00:00)
    IPS-DB: 6.00741(2015-12-01 02:30)
    IPS-ETDB: 6.00741(2015-12-01 02:30)
    APP-DB: 6.00741(2015-12-01 02:30)
    INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
    IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
    Serial-Number: FGVM01TM21000000
    License Status: Valid
    License Expiration Date: 2022-05-06
    VM Resources: 1 CPU/1 allowed, 3962 MB RAM
    Log hard disk: Available
    Hostname: mimecheck
    Private Encryption: Disable
    Operation Mode: NAT
    Current virtual domain: root
    Max number of virtual domains: 10
    Virtual domains status: 1 in NAT mode, 0 in TP mode
    Virtual domain configuration: disable
    FIPS-CC mode: disable
    Current HA mode: standalone
    Branch point: 0125
    Release Version Information: interim
    FortiOS x86-64: Yes
    System time: Wed May 19 21:48:12 2021
    Last reboot reason: warm reboot

Support MIME multipart bootstrapping on KVM with config drive 7.0.1

On KVMs, FortiOS supports bootstrapping using a MIME file with config drive.

Sample MIME file
Content-Type: multipart/mixed; boundary="===============0740947994048919689=="
MIME-Version: 1.0

--===============0740947994048919689==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="config"

config sys glo
set hostname mimecheck
set admintimeout 480
end
config sys admin
edit admin
set password 12345678
end

--===============0740947994048919689==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="license"

-----BEGIN FGT VM LICENSE-----
************/***************************************************
...
-----END FGT VM LICENSE-----

--===============0740947994048919689==--
To bootstrap a KVM using a MIME file with config drive:
  1. Create a config drive ISO with a MIME file. See for Cloud-init using config drive for more information.
    cd /home/kvm/bootstrap
    cp mimefile.txt /home/kvm/bootstrap/kvm-cloudinit/openstack/latest/user_data
    #optional, since license file is also in the mime file
    cp /home/kvm/bootstrap/licenses/UL_license.txt
    home/kvm/bootstrap/kvm-cloudinit/openstack/content/0000
    mkisofs -R -r -o fgt-bootstrap.iso kvm-cloudinit
  2. Attach the ISO config drive at boot time. See Cloud-init for more information.
    virt-install --connect qemu:///system \
            --name ${DOMAIN} \
            --virt-type kvm \
            --arch=${ARCH} \
            --hvm \
            --os-type=linux \
            --os-variant=generic \
            --graphics vnc,listen=0.0.0.0 --noautoconsole \
            --vcpus=${CPU} \
            --ram ${RAM} \
            --cpu host-passthrough \
            --sysinfo host \
            --disk ${DOMAIN}.qcow2,device=disk,bus=${DISKMODE},format=qcow2,cache=none \
            --disk ${DOMAIN}-log.qcow2,device=disk,bus=${DISKMODE},format=qcow2,cache=none \
            --disk ${DOMAIN}-wanopt.qcow2,device=disk,bus=${DISKMODE},format=qcow2,cache=none \
            --disk ${DOMAIN}-bootstrap.iso,device=cdrom,bus=${DISKMODE},format=raw,cache=none \
            --network bridge=br0,model=${NICMODE},mac=**:**:**:**:**:11 \
            --network bridge=br1,model=${NICMODE},mac=**:**:**:**:**:22 \
            --network bridge=br2,model=${NICMODE},mac=**:**:**:**:**:33 \
            --import
  3. Boot up the VM and verify the FortiGate bootstrap:
    # diagnose debug cloudinit show
     >> Checking metadata source config drive
     >> Found config drive /dev/vdd
     >> Successfully mount config drive
     >> MIME parsed config script
     >> MIME parsed VM license
     >> Found metadata source: config drive
     >> Trying to install vmlicense ...
     >> Checking metadata source config drive
     >> Found config drive /dev/vdd
     >> Successfully mount config drive
     >> MIME parsed config script
     >> MIME parsed VM license
     >> Found metadata source: config drive
     >> Config drive parse metadata json failed
     >> Run config script
     >> Finish running script
     >> FGVM01TM21000000 $  config sys glo
     >> FGVM01TM21000000 (global) $  set hostname mimecheck
     >> FGVM01TM21000000 (global) $  set admintimeout 480
     >> FGVM01TM21000000 (global) $  end
     >> mimecheck $  config sys admin
     >> mimecheck (admin) $  edit admin
     >> mimecheck (admin) $  set password ********
     >> mimecheck (admin) $  end
     >> mimecheck $  config sys glo
     >> mimecheck (global) $  set hostname mimecheck
     >> mimecheck (global) $  set admintimeout 480
     >> mimecheck (global) $  end
     >> mimecheck $  config sys admin
     >> mimecheck (admin) $  edit admin
     >> mimecheck (admin) $  set password ********
     >> mimecheck (admin) $  end
  4. Verify that the VM license is valid:
    # get system status
    Version: FortiGate-VM64-KVM v7.0.1,build0125,210517 (interim)
    Virus-DB: 1.00000(2018-04-09 18:07)
    Extended DB: 1.00000(2018-04-09 18:07)
    Extreme DB: 1.00000(2018-04-09 18:07)
    AV AI/ML Model: 0.00000(2001-01-01 00:00)
    IPS-DB: 6.00741(2015-12-01 02:30)
    IPS-ETDB: 6.00741(2015-12-01 02:30)
    APP-DB: 6.00741(2015-12-01 02:30)
    INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
    IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
    Serial-Number: FGVM01TM21000000
    License Status: Valid
    License Expiration Date: 2022-05-06
    VM Resources: 1 CPU/1 allowed, 3962 MB RAM
    Log hard disk: Available
    Hostname: mimecheck
    Private Encryption: Disable
    Operation Mode: NAT
    Current virtual domain: root
    Max number of virtual domains: 10
    Virtual domains status: 1 in NAT mode, 0 in TP mode
    Virtual domain configuration: disable
    FIPS-CC mode: disable
    Current HA mode: standalone
    Branch point: 0125
    Release Version Information: interim
    FortiOS x86-64: Yes
    System time: Wed May 19 21:48:12 2021
    Last reboot reason: warm reboot