Set Password via AWS bootstrap

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Set Password via AWS bootstrap

L1 Bithead

The documentation seems (to me) to be unclear on how to set a password when bootstrap'ing the configuration. It seems to be that you simply need to set a valid bootstrap config and it should take, however that is not working. It seems to be that the config took (we are setting IP statically on mgmt port) but the password configuration is not working.

 

Anyone have any insight/suggestions?

6 REPLIES 6

L2 Linker

Hi,

   The bootstrap config will have a user and a password associated with that user. When bootstrapping and if bootstrap is successful, then that username password should take into effect. If it doesn't then chances are bootstrapping has failed. One way to verify if bootatrapping has failed is to try to login to the firewall using the ssh key used to launch the firewall and see if any of the bootstrap config has madeit ot the firewall. 

 

Qs:

1. Which reason are you deploying the instance in?

2. Can you log into the firewall using your ssh key?

3. If so, does it look like any of your config is in there?

 

 

Few reasons bootstrapping could fail (and it should be covered in the guide, if not please let me know and we will add it):

1. bootstrap bucket name is incorrect

2. bootstrap iam policy is incorrect or not associated with ec2 instance.

3. bootstrap bucket not in the same region as instance deployed.

4. user-data field not sepcified when launching ec2 instance

5. Bootstrap bucket configuration is incorrect.

 

 

So you are correct, the bootstrap is not taking. I am ssh'd via pem key, and I can see this error message: 

 

( description contains 'Mandatory bootstrap bundle component missing.' )

 

I am stuck in a support loop, where I need to register the device I am having a problem with, but it's on a new build, not an existing. 

 

From someone helping me on AWS side:

yeah as far as I can tell, 1-4 are fine:

bucket name matches up, IAM policy is associated with the EC2 instance

is set to allow "ListBucket" and "GetObject" on the bucket

recursively for all items in the bucket

and the bucket is in "US Standard" region

user-data field is set to: `vmseries-bootstrap-aws-s3bucket=customer-palo-alto-bootstrap`

What does you bootstrap bucket look like?

Does it have four folders in the root bucket?
Config, software, license and content?

It does, now possible one of them is misconfigured. 

 

But the error makes me beleive that my bootstrap.xml is off, but no way of knowing where/why? 

I think I missed the init-cfg. Trying now. 

L0 Member
  • First, I exported the running configuration from the existing firewall and created a user with a password.
  • Then, I renamed the configuration file as bootstrap.xml.
  • To deploy the firewall, I added the bootstrap.xml file to the config folder along with init-cfg.txt.
  • After a successful deployment, I confirmed that the configuration was imported by using the command "show config running" on the firewall.
  • I can access the firewall using the username and password specified in the bootstrap.xml file.

  • 4985 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!