Fortinet black logo

Administration Guide

Appendix: Installation using OpenStack

Appendix: Installation using OpenStack

The FortiPortal software runs on virtual machines. Each VM runs either the portal or the collector software.

You can use OpenStack to create and manage the VM instances.

Prerequisites

Note the following prerequisite items:

  1. You must provide a MySQL server for the portal database, and one or more MySQL servers for the collector database instances.
  2. Download the portal and collector images from Fortinet Support site.
  3. Access the OpenStack Horizon Dashboard for your OpenStack environment.

Downloading FortiPortal image files

To download the required image files.

  1. Navigate to the Fortinet customer service page (https://support.fortinet.com).
  2. Go to Download > Firmware Images.
  3. In Firmware Images page, select FortiPortal.
  4. Download the latest image files (one portal file and one collector file) in QCOW2 format:
    • fpcvm64imageCollector.out.qcow2
    • ffpcvm64imagePortal.out.qcow2

OpenStack Horizon Dashboard

Log in to the OpenStack Horizon Dashboard, which provides a web-based user interface to OpenStack services.

Create images for the portal and collectors

Create a portal image and a collector image.

Use the following steps to create an image:

  1. From the left menu, select Compute > Images.
  2. Select Create Image.
  3. System opens a form. Enter the following fields in the form:
    1. Enter a unique name for the image.
    2. Image Source: select Image File.
    3. Select Choose File to open the file chooser.
    4. Select the portal or collector file that you saved on the hard drive.
    5. Format: QCOW2.
    6. Architecture: leave blank.
    7. Minimum Disk: 80.
    8. Minimum Ram: 16.
    9. Select Create Image.

Create volumes for the portal and collector

Create a storage volume for the portal and the collector.

Use the following steps to create a volume:

  1. Select Volumes in the main menu.
  2. Select Create Volume.
  3. System opens a form. Enter the following fields in the form:
    1. Enter a unique name for the volume.
    2. Volume Source: No source, empty volume.
    3. Type: No volume type.
    4. Size: 80.
    5. Availability Zone: select a zone.
    6. Select Create Volume.

Launch the instances

Launch one instance for the portal and one for the collector.

To launch a VM instance:

  1. Select Instances in the main menu.
  2. Select Launch Instance.
  3. System opens a form. Enter the following fields in the Details tab of the form:
    1. Availability Zone: select a zone.
    2. Instance Name Enter a unique name for the instance.
    3. Flavor: Select the appropriate size of VM.
    4. Instance Count: You can create one or more instances.
    5. Instance Boot Source: Select Boot from image.
    6. Image Name: Select the image name.
  4. In the Access & Security tab:
    1. Key Pair: Select a key pair.
    2. Security Groups: Select the default.
  5. In the Networking tab:
    1. Available networks: Select a network.
  6. Select Launch.

Launch one instance for the portal and one for the collector.

Assign a floating IP address

To associate an IP address to the instance:

  1. Select Instances in the main menu.
  2. In the Actions column, select Associate Floating IP in the pull-down list.
  3. Select the + key to obtain an available IP address.
  4. Select Associate.
    Note the Floating IP address value. You will need this to configure the IP interface.

Associate the volume to the instances

To associate the storage volume to the instance:

  1. Select Volumes in the main menu.
  2. In the Actions column of the new volume, select Manage Attachments in the pull-down list.
  3. Select the instance to associate.
  4. Select Attach Volume.

Reboot the instances

To reboot the instance:

  1. In the Action column, select Hard Reboot in the pull-down list.

Determine the IP address and port number

After the reboot, use the FortiPortal CLI to determine the IP address and external port number for each instance:

  1. Select Instances in the main menu.
  2. Note the instance internal IP address.
  3. Select the instance name. The system displays the instance overview.
  4. Select the Console tab.
  5. Log in using default credentials.
  6. Run the interface configuration command, and note the Ethernet port number:
     exe shell
       ifconfig 
     exit			 

Configure the portal parameters

After the reboot, use the FortiPortal CLI to configure the portal parameters. Configure the parameters using the following steps:

  1. Open the OpenStack console tab to view the console for the portal.
  2. Log in using the default user ID (admin, with no password required).
  3. Use the CLI instructions (see the steps below) to set the following parameters:

Setting

Description

Hostname

Host name for the portal VM

IP address and
Default Gateway

Floating IP address for the portal VM and the route to the default gateway

SQL settings

Floating IP Address of the portal SQL server, database name, user credentials.

NTP settings

IP Address of the NTP server

For the portal VM and SQL server, use the Floating IP addresses created in Assign a floating IP address .

CLI steps

  1. Configure the host name for the portal VM:

    config system global
       set hostname <host name>
    end
  2. Configure the system IP address and default gateway for the portal VM:

     config system interface
       edit <port number>
           set ip <IP address> <mask>
    	set allowaccess ping https http ssh snmp telnet
     end
     config system route
       edit 1
          set device <port number>
          set gateway <default gateway>
       next
     end
  3. Configure the SQL settings:

    config system sql
       set status remote
       set database-port <mySQL port>
       set database-type mysql
       set database-name fp_fazlite
       set username <portal ddatabase mySQL username>   
       set password <portal database mySQL password>
       set server <IP address or FQDN for the portal database>
    end
  4. Configure the NTP settings for the portal VM:

     config system ntp
        config ntpserver
            edit 1
               set server <NTP server>		
            end
        set status enable  
      end
  5. Reboot the VM.

Configure the collector parameters

After the reboot, use the FortiPortal CLI to configure the collector parameters. Configure the parameters using the following steps:

  1. Open the OpenStack console tab to view the console for the collector.
  2. Log in using the default user ID (admin, with no password required).
  3. Use the CLI instructions (see the steps below) to set the following parameters:

Setting

Description

Hostname

Host name for the collector VM

IP address and
Default Gateway

Floating IP address for the collector VM and the route to the default gateway

SQL settings

IP address of the portal SQL server, database name, user credentials.

NTP settings

IP address of the NTP server

Always enter the database information for the portal database even when you are configuring a collector VM.

CLI steps

  1. Configure the host name for the collector VM:

    config system global
       set hostname <host name>
    end
  2. Configure the system IP address and default gateway for the collector VM:

     config system interface
       edit <port number>
           set ip <IP address> <mask>
    	set allowaccess ping https http ssh snmp telnet
     end
     config system route
       edit 1
          set device <port number>
          set gateway <default gateway>
       next
     end
  3. Configure the SQL settings:

    config system sql
       set status remote
       set database-type mysql
       set database-port <mySQL port>
       set database-name <database name>
       set username <portal database mySQL username>   
       set password <portal database mySQL password>
       set server <IP address or FQDN for the portal database>
    end 
  4. Configure the NTP settings for the collector VM:

     config system ntp
        config ntpserver
            edit 1
               set server <ntp server>		
            end
        set status enable  
      end
  5. Reboot the VM.

Updating the SSL certificate file

Use the following steps to import an SSL certificate for the FortiPortal VM.

From the Admin portal, select Admin > System Info to display information about the SSL certificate.

System Info page

The Certificate Information panel displays the certificate file name and private key file name.

From this panel, you can select and upload a new certificate and private key for the FortiPortal (using the PKCS#8 format).

Installing MySQL for FortiPortal databases

The MySQL database server for the portal or collector is a standard physical or virtual server.

Edit the my.cnf file to adapt the mySQL configuration for FortiPortal:

  1. Edit the bind address to make the database reachable from the FortiPortal:
    bind-address = <IP address of the database server>
  2. Fortinet recommends that you create a dedicated MySQL user for FortiPortal. You will need to know the credentials for this user when you create the portal.

Notes:

  • The portal database bind-address should match the SQL server address that you configure in the SQL settings of the portal (see Configure Portal Parameters).
  • The collector database bind-address should match the SQL server address that you configure when you add a collector. See FortiPortal Collectors.
  • If you are using MYSQL 5.7.x, please add the following lines in the my.cnf file:
    • [mysqld] sql_mode = STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

Reconfiguring MySQL password on FortiPortal

If you change the password for the FortiPortal user in the portal MySQL database, you need to update the configuration in the portal and collector:

config system sql
   set status remote
   set database-type mysql 
   set password <portal db mySQL password>
end

Appendix: Installation using OpenStack

The FortiPortal software runs on virtual machines. Each VM runs either the portal or the collector software.

You can use OpenStack to create and manage the VM instances.

Prerequisites

Note the following prerequisite items:

  1. You must provide a MySQL server for the portal database, and one or more MySQL servers for the collector database instances.
  2. Download the portal and collector images from Fortinet Support site.
  3. Access the OpenStack Horizon Dashboard for your OpenStack environment.

Downloading FortiPortal image files

To download the required image files.

  1. Navigate to the Fortinet customer service page (https://support.fortinet.com).
  2. Go to Download > Firmware Images.
  3. In Firmware Images page, select FortiPortal.
  4. Download the latest image files (one portal file and one collector file) in QCOW2 format:
    • fpcvm64imageCollector.out.qcow2
    • ffpcvm64imagePortal.out.qcow2

OpenStack Horizon Dashboard

Log in to the OpenStack Horizon Dashboard, which provides a web-based user interface to OpenStack services.

Create images for the portal and collectors

Create a portal image and a collector image.

Use the following steps to create an image:

  1. From the left menu, select Compute > Images.
  2. Select Create Image.
  3. System opens a form. Enter the following fields in the form:
    1. Enter a unique name for the image.
    2. Image Source: select Image File.
    3. Select Choose File to open the file chooser.
    4. Select the portal or collector file that you saved on the hard drive.
    5. Format: QCOW2.
    6. Architecture: leave blank.
    7. Minimum Disk: 80.
    8. Minimum Ram: 16.
    9. Select Create Image.

Create volumes for the portal and collector

Create a storage volume for the portal and the collector.

Use the following steps to create a volume:

  1. Select Volumes in the main menu.
  2. Select Create Volume.
  3. System opens a form. Enter the following fields in the form:
    1. Enter a unique name for the volume.
    2. Volume Source: No source, empty volume.
    3. Type: No volume type.
    4. Size: 80.
    5. Availability Zone: select a zone.
    6. Select Create Volume.

Launch the instances

Launch one instance for the portal and one for the collector.

To launch a VM instance:

  1. Select Instances in the main menu.
  2. Select Launch Instance.
  3. System opens a form. Enter the following fields in the Details tab of the form:
    1. Availability Zone: select a zone.
    2. Instance Name Enter a unique name for the instance.
    3. Flavor: Select the appropriate size of VM.
    4. Instance Count: You can create one or more instances.
    5. Instance Boot Source: Select Boot from image.
    6. Image Name: Select the image name.
  4. In the Access & Security tab:
    1. Key Pair: Select a key pair.
    2. Security Groups: Select the default.
  5. In the Networking tab:
    1. Available networks: Select a network.
  6. Select Launch.

Launch one instance for the portal and one for the collector.

Assign a floating IP address

To associate an IP address to the instance:

  1. Select Instances in the main menu.
  2. In the Actions column, select Associate Floating IP in the pull-down list.
  3. Select the + key to obtain an available IP address.
  4. Select Associate.
    Note the Floating IP address value. You will need this to configure the IP interface.

Associate the volume to the instances

To associate the storage volume to the instance:

  1. Select Volumes in the main menu.
  2. In the Actions column of the new volume, select Manage Attachments in the pull-down list.
  3. Select the instance to associate.
  4. Select Attach Volume.

Reboot the instances

To reboot the instance:

  1. In the Action column, select Hard Reboot in the pull-down list.

Determine the IP address and port number

After the reboot, use the FortiPortal CLI to determine the IP address and external port number for each instance:

  1. Select Instances in the main menu.
  2. Note the instance internal IP address.
  3. Select the instance name. The system displays the instance overview.
  4. Select the Console tab.
  5. Log in using default credentials.
  6. Run the interface configuration command, and note the Ethernet port number:
     exe shell
       ifconfig 
     exit			 

Configure the portal parameters

After the reboot, use the FortiPortal CLI to configure the portal parameters. Configure the parameters using the following steps:

  1. Open the OpenStack console tab to view the console for the portal.
  2. Log in using the default user ID (admin, with no password required).
  3. Use the CLI instructions (see the steps below) to set the following parameters:

Setting

Description

Hostname

Host name for the portal VM

IP address and
Default Gateway

Floating IP address for the portal VM and the route to the default gateway

SQL settings

Floating IP Address of the portal SQL server, database name, user credentials.

NTP settings

IP Address of the NTP server

For the portal VM and SQL server, use the Floating IP addresses created in Assign a floating IP address .

CLI steps

  1. Configure the host name for the portal VM:

    config system global
       set hostname <host name>
    end
  2. Configure the system IP address and default gateway for the portal VM:

     config system interface
       edit <port number>
           set ip <IP address> <mask>
    	set allowaccess ping https http ssh snmp telnet
     end
     config system route
       edit 1
          set device <port number>
          set gateway <default gateway>
       next
     end
  3. Configure the SQL settings:

    config system sql
       set status remote
       set database-port <mySQL port>
       set database-type mysql
       set database-name fp_fazlite
       set username <portal ddatabase mySQL username>   
       set password <portal database mySQL password>
       set server <IP address or FQDN for the portal database>
    end
  4. Configure the NTP settings for the portal VM:

     config system ntp
        config ntpserver
            edit 1
               set server <NTP server>		
            end
        set status enable  
      end
  5. Reboot the VM.

Configure the collector parameters

After the reboot, use the FortiPortal CLI to configure the collector parameters. Configure the parameters using the following steps:

  1. Open the OpenStack console tab to view the console for the collector.
  2. Log in using the default user ID (admin, with no password required).
  3. Use the CLI instructions (see the steps below) to set the following parameters:

Setting

Description

Hostname

Host name for the collector VM

IP address and
Default Gateway

Floating IP address for the collector VM and the route to the default gateway

SQL settings

IP address of the portal SQL server, database name, user credentials.

NTP settings

IP address of the NTP server

Always enter the database information for the portal database even when you are configuring a collector VM.

CLI steps

  1. Configure the host name for the collector VM:

    config system global
       set hostname <host name>
    end
  2. Configure the system IP address and default gateway for the collector VM:

     config system interface
       edit <port number>
           set ip <IP address> <mask>
    	set allowaccess ping https http ssh snmp telnet
     end
     config system route
       edit 1
          set device <port number>
          set gateway <default gateway>
       next
     end
  3. Configure the SQL settings:

    config system sql
       set status remote
       set database-type mysql
       set database-port <mySQL port>
       set database-name <database name>
       set username <portal database mySQL username>   
       set password <portal database mySQL password>
       set server <IP address or FQDN for the portal database>
    end 
  4. Configure the NTP settings for the collector VM:

     config system ntp
        config ntpserver
            edit 1
               set server <ntp server>		
            end
        set status enable  
      end
  5. Reboot the VM.

Updating the SSL certificate file

Use the following steps to import an SSL certificate for the FortiPortal VM.

From the Admin portal, select Admin > System Info to display information about the SSL certificate.

System Info page

The Certificate Information panel displays the certificate file name and private key file name.

From this panel, you can select and upload a new certificate and private key for the FortiPortal (using the PKCS#8 format).

Installing MySQL for FortiPortal databases

The MySQL database server for the portal or collector is a standard physical or virtual server.

Edit the my.cnf file to adapt the mySQL configuration for FortiPortal:

  1. Edit the bind address to make the database reachable from the FortiPortal:
    bind-address = <IP address of the database server>
  2. Fortinet recommends that you create a dedicated MySQL user for FortiPortal. You will need to know the credentials for this user when you create the portal.

Notes:

  • The portal database bind-address should match the SQL server address that you configure in the SQL settings of the portal (see Configure Portal Parameters).
  • The collector database bind-address should match the SQL server address that you configure when you add a collector. See FortiPortal Collectors.
  • If you are using MYSQL 5.7.x, please add the following lines in the my.cnf file:
    • [mysqld] sql_mode = STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

Reconfiguring MySQL password on FortiPortal

If you change the password for the FortiPortal user in the portal MySQL database, you need to update the configuration in the portal and collector:

config system sql
   set status remote
   set database-type mysql 
   set password <portal db mySQL password>
end