Install On-Premises Controller using CLIs
Focus
Focus
Prisma SD-WAN

Install On-Premises Controller using CLIs

Table of Contents

Install On-Premises Controller using CLIs

Install the On-Premises Controller using the CLIs.
To install the On-Premises Controller for Prisma SD-WAN using a script:
  1. Download qcow file. Contact your Palo Alto Networks Partner for assistance.
  2. Bring up the VM using the downloaded qcow file. <using OpenStack>
  3. Login to the VM using ubuntu/ubuntu.
  4. Format the disk space by executing the command:
    printf 'd\n\nn\n\n\n\nN\nw' | sudo fdisk /dev/vda
  5. Provide the server details by executing the command: .
    controller_install install -SIP <provide_your_management-IP> -TN "provide_tenant_name" -TND "provide_tenant_north_bound_domain" -TSD "provide_south_bound_domain" -NSP "" -DSP "" --template "provide_the_template_details"
  6. After completion, you will see the following output:
    Install triggered succesfully
    Check the status of the controller by executing the command controller_install status. It takes about 60 minutes for the installation to complete.
    ubuntu@ubuntu:~$ controller_install status Installation Status: Complete Completion percentage: 100.0 Installation Details: Steps (5/5) Step: Preparation for Controller deployment Status: complete Completion percentage: 100.0 Step: Install Controller Status: complete Completion percentage: 100.0 Step: Setup Controller monitoring Status: complete Completion percentage: 100.0 Step: Controller configuration and finalization Status: complete Completion percentage: 100.0 Step: Verify installation Status: complete Completion percentage: 100.0

Configure Certificate on the Device Using CLI Commands

Update the CA chain on the ION device version older than 6.2.3-b2 release.
Update the CA chain on ION devices running on software version older than 6.2.3-b2 release.
  1. Set up the controller chain file in the devices.
  2. Copy the ca chain file from the controller:
    /home/ubuntu/certs/cachain.cgnx.net.pem
  3. Replace or create the following files in the device, contact your Palo Alto Networks representative to update the CA certificate on the ION device.
    /config/certs/controller_ca_chain.pem
    /etc/certs/controller_ca_chain.pem
  4. Add the static host details to the device:
    config static host add ip <Controller_IP> name controller.local.cgnx.net config static host add ip <Controller_IP> names locator.cgnx.net config static host add ip <Controller_IP> names mfg.local.cgnx.net config static host add ip <Controller_IP> names vmfg.local.cgnx.net config static host add ip <Controller_IP> names toolkitsessions.local.cgnx.net
  5. Verify that the controller details are reflected in the device by executing the command dump overview.
  6. After verification, create machine by accessing the controller using the device ID.