If you want to pass a script to the VM-Series firewall at boot time, you can mount a CD-ROM with an ISO file. The ISO file allows you to define a bootstrap XML file that includes the initial configuration parameters for the management port of the firewall. The VM-Series firewall on first boot checks for the bootstrap-networkconfig.xml file, and uses the values defined in it.
If a single error is encountered in parsing the bootstrap file, the VM-Series firewall will reject all the configuration in this file and boot with default values.
Create a Bootable ISO File
Create the XML file and define it as a virtual machine instance. For a sample file, see Sample XML file for the VM-Series Firewall. In this example, the VM-Series firewall is called PAN_Firewall_DC1. For example: user-PowerEdge-R510:~/ kvm_script$ sudo vi /etc/libvirt/qemu/PAN_Firewall_DC1.xml user-PowerEdge-R510:~/ kvm_script$ sudo virsh define/etc/libvirt/qemu/PAN_Firewall_DC1.xml Domain PAN_Firewall_DC1_bootstp defined from /etc/libvirt/qemu/PAN_Firewall_DC1.xml user-PowerEdge-R510:~/ kvm_script$ sudo virsh -q attach-interface PAN_Firewall_DC1_bootstp bridge br1 --model=virtio --persistent user-PowerEdge-R510:~/ kvm_script$ virsh list --all Id Name State --------------------------------------------- - PAN_Firewall_DC1_bootstp shut off
Create the bootstrap XML file. You can define the initial configuration parameters in this file and name it bootstrap-networkconfig. If you do not want to include a parameter, for example panorama-server-secondary. Delete the entire line from the file. If you leave the IP address field empty, the file will not be parsed successfully. Use the following example as a template for the bootstrap-networkconfig file. The bootstrap-networkconfig file can include the following parameters only: <vm-initcfg> <hostname>VM_ABC_Company</hostname> <ip-address></ip-address> <netmask></netmask> <default-gateway></default-gateway> <dns-primary></dns-primary> <dns-secondary></dns-secondary> <panorama-server-primary></panorama-server-primary> <panorama-server-secondary></panorama-server-secondary> </vm-initcfg>
Create the ISO file. In this example, we use mkisofs. Save the ISO file in the images directory (/var/lib/libvirt/image) or the qemu directory (/etc/libvirt/qemu) to ensure that the firewall has read access to the ISO file. For example: # mkisofs -J -R -v -V "Bootstrap" -A "Bootstrap" -ldots -l -allow-lowercase -allow-multidot -o <iso-filename> bootstrap-networkconfig.xml
Attach the ISO file to the CD-ROM. For example: # virsh -q attach-disk <vm-name> <iso-filename> sdc --type cdrom --mode readonly –persistent\
Sample XML file for the VM-Series Firewall
<?xml version="1.0"?>
<domain type="kvm">
<vcpu placement="static">2</vcpu>
<type arch="x86_64">hvm</type>
<boot dev="hd"/>
<clock offset="utc"/>
<disk type="file" device="disk">
<driver type="qcow2" name="qemu"/>
<source file="/var/lib/libvirt/images/panos-kvm.qcow2"/>
<target dev="vda" bus="virtio"/>
<controller type="usb" index="0"/>
<controller type="ide" index="0"/>
<controller type="scsi" index="0"/>
<serial type="pty">
<source path="/dev/pts/1"/>
<target port="0"/>
<alias name="serial0"/>
<console type="pty" tty="/dev/pts/1">
<source path="/dev/pts/1"/>
<target type="serial" port="0"/>
<alias name="serial0"/>
<input type="mouse" bus="ps2"/>
<graphics type="vnc" port="5900" autoport="yes"/>
To modify the number of vCPUs assigned on the VM-Series firewall, change the value 2 to 4 or 8 vCPUs in this line of the sample XML file: <vcpu placement="static"> 2 </vcpu>

Related Documentation