Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-13-2017 12:12 PM
The documentation seems (to me) to be unclear on how to set a password when bootstrap'ing the configuration. It seems to be that you simply need to set a valid bootstrap config and it should take, however that is not working. It seems to be that the config took (we are setting IP statically on mgmt port) but the password configuration is not working.
Anyone have any insight/suggestions?
03-13-2017 12:43 PM
Hi,
The bootstrap config will have a user and a password associated with that user. When bootstrapping and if bootstrap is successful, then that username password should take into effect. If it doesn't then chances are bootstrapping has failed. One way to verify if bootatrapping has failed is to try to login to the firewall using the ssh key used to launch the firewall and see if any of the bootstrap config has madeit ot the firewall.
Qs:
1. Which reason are you deploying the instance in?
2. Can you log into the firewall using your ssh key?
3. If so, does it look like any of your config is in there?
Few reasons bootstrapping could fail (and it should be covered in the guide, if not please let me know and we will add it):
1. bootstrap bucket name is incorrect
2. bootstrap iam policy is incorrect or not associated with ec2 instance.
3. bootstrap bucket not in the same region as instance deployed.
4. user-data field not sepcified when launching ec2 instance
5. Bootstrap bucket configuration is incorrect.
03-13-2017 01:15 PM - edited 03-13-2017 01:25 PM
So you are correct, the bootstrap is not taking. I am ssh'd via pem key, and I can see this error message:
( description contains 'Mandatory bootstrap bundle component missing.' )
I am stuck in a support loop, where I need to register the device I am having a problem with, but it's on a new build, not an existing.
From someone helping me on AWS side:
yeah as far as I can tell, 1-4 are fine:
bucket name matches up, IAM policy is associated with the EC2 instance
is set to allow "ListBucket" and "GetObject" on the bucket
recursively for all items in the bucket
and the bucket is in "US Standard" region
user-data field is set to: `vmseries-bootstrap-aws-s3bucket=customer-palo-alto-bootstrap`
03-13-2017 01:19 PM
03-13-2017 01:27 PM
It does, now possible one of them is misconfigured.
But the error makes me beleive that my bootstrap.xml is off, but no way of knowing where/why?
03-13-2017 01:35 PM
I think I missed the init-cfg. Trying now.
04-25-2023 01:51 AM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
