FortiGate now supports Cloud-Init.

node-definitions/fortinet/README.md

@@ -1,4 +1,3 @@
 # Fortinet Node Definitions
 
 Here you will find collections of Fortinet node definitions.
-

node-definitions/fortinet/fortigate/README.md

@@ -6,8 +6,66 @@ This directory contains a node definition for the Fortinet FortiGate appliance.
 
 Images can be downloaded from https://support.fortinet.com/ with a proper account and entitlement.
 
-### Description
+### Default definition
 
-This node definition provides for a Fortinet FortiGate node with four default ethernet interfaces and the ability to add up to 16. The node requires 1 vCPUs and 1,024 MB of RAM.
+By default, a user named “admin” exists.
 
-This node provides a serial console.
+|Name|Value|
+|-----|-----|
+|Username|`admin`|
+|Password|(None)|
+|CPU|1|
+|Memory|2GB|
+|Data Disk Size|32GB|
+|Interface|4|
+|Serial Port|1|
+
+The following is an example of the first login for version 7.6.6.
+
+```sh
+FortiGate-VM64-KVM login: admin
+Password: (ENTER)
+Verifying password...
+
+You are forced to change your password. Please input a new password.
+According to the password policy enforced on this device, please change your password!
+New password must conform to the following policy:
+minimum-length=12 upper-case-letter=1 lower-case-letter=1 number=1 non-alphanumeric=1
+
+New Password: 
+Confirm Password: 
+Verifying password...
+Welcome!
+
+FortiGate-VM64-KVM # 
+```
+
+### Configuration Example
+
+This node definition supports initial configuration via Cloud-Init. Set the initial configuration to “`openstack/latest/user_data`”.
+
+![fortigate_config](fortigate_config.png)
+
+To add an additional “cisco” user, configure it as follows. This has been verified to work on FortiGate 7.0 to 7.6.
+
+```
+config system global
+    set alias "FortiGate-VM64-KVM"
+    set hostname "FortiGate-VM64-KVM"
+end
+config system interface
+    edit "port1"
+        set mode dhcp
+        set allowaccess ping https ssh http
+    next
+end
+config system password-policy
+    set status disable
+end
+config system admin
+    edit "cisco"
+        set accprofile "super_admin"
+        set password "cisco"
+    next
+end
+```

node-definitions/fortinet/fortigate/fortigate.yaml

@@ -1,74 +1,91 @@
 id: fortigate
 boot:
-  timeout: 60
+  timeout: 300
   completed:
-    - FortiGate-VM64-KVM login
+    - Restarting system
+  uses_regex: false
+sim:
+  linux_native:
+    libvirt_domain_driver: kvm
+    driver: server
+    disk_driver: virtio
+    ram: 2048
+    cpus: 1
+    cpu_limit: 100
+    nic_driver: virtio
+    data_volume: 32
+    enable_rng: true
+    enable_tpm: false
+general:
+  nature: firewall
+  description: FortiGate Next Generation Firewall
+  read_only: false
 configuration:
   generator:
     driver: null
   provisioning:
     files:
-      - name: meta-data
-        content: ''
-        editable: true
+      - editable: true
+        name: openstack/latest/user_data
+        content: |-
+          config system global
+              set alias "FortiGate-VM64-KVM"
+              set hostname "FortiGate-VM64-KVM"
+          end
+      - editable: true
+        name: openstack/content/0000
     media_type: iso
-    volume_name: disk
+    volume_name: CDROM
 device:
   interfaces:
-    default_count: 4
-    has_loopback_zero: false
-    physical:
-      - port1
-      - port2
-      - port3
-      - port4
-      - port5
-      - port6
-      - port7
-      - port8
-      - port9
-      - port10
-      - port11
-      - port12
-      - port13
-      - port14
-      - port15
-      - port16
     serial_ports: 1
-general:
-  description: FortiGate Next Generation Firewall
-  nature: firewall
-  read_only: true
+    physical:
+      - p1
+      - p2
+      - p3
+      - p4
+      - p5
+      - p6
+      - p7
+      - p8
+      - p9
+      - p10
+      - p11
+      - p12
+      - p13
+      - p14
+      - p15
+      - p16
+    has_loopback_zero: false
+    default_count: 4
+ui:
+  label_prefix: fortigate-
+  icon: firewall
+  label: FortiGate
+  visible: true
+  group: Others
+  description: |-
+    FortiGate Next Generation Firewall
+
+    2,048 MB DRAM, 1 vCPU
+
+    Username/Password:
+    admin/(None)
 inherited:
   image:
-    boot_disk_size: false
+    ram: true
     cpus: true
     data_volume: true
-    ram: true
-  node:
     boot_disk_size: false
+    cpu_limit: true
+  node:
+    ram: true
     cpus: true
     data_volume: true
-    ram: true
+    boot_disk_size: false
+    cpu_limit: true
 pyats:
-  os: linux
+  os: fortinet
+  use_in_testbed: true
+  config_extract_command: show full-configuration
 schema_version: 0.0.1
-sim:
-  linux_native:
-    cpus: 1
-    data_volume: 32
-    disk_driver: virtio
-    driver: server
-    libvirt_domain_driver: kvm
-    nic_driver: virtio
-    ram: 1024
-ui:
-  description: |-
-    FortiGate Next Generation Firewall
-
-    1,024 MB DRAM, 1 vCPU
-  group: Others
-  icon: firewall
-  label: FortiGate
-  label_prefix: fortigate-
-  visible: true

virl-base-images/fortinet/fortigate/fortigate-7.6.6.yaml

@@ -0,0 +1,7 @@
+id: fortigate-7-6-6
+node_definition_id: fortigate
+description: FortiGate 7.6.6
+label: FortiGate 7.6.6
+disk_image: fortios-7.6.6.qcow2
+read_only: false
+schema_version: 0.0.1