Auto-Provision a Migration Bundle
Auto-provisioning a migration bundle lets you bootstrap configurations onto a gateway in a consistent manner. The migration bundles are imported on startup, after the Gateway license has auto-provisioned successfully (see ). For information on creating migration bundles, see the section.
Auto-provisioning a migration bundle lets you bootstrap configurations onto a
Layer7 API Gatewayin a consistent manner. The migration bundles are imported on startup, after the Gateway license has auto-provisioned successfully (see Gateway Migration section).
This topic applies to these Gateway form factors: Appliance, and Virtual Appliance.
Note the following about migration bundles:
- If you create a bootstrap bundle that contains HTTP listen ports, the default HTTP listen ports (2124, 8080, 8443 and 9443) willnotbe created. It is assumed that you will be using the specified HTTP ports and not the default ones.
- (Advanced tip) For migration bundles that includes encrypted secrets, the cluster passphrase must match the passphrase used to generate the migration bundle. The passphrase can be specified during export time with the header parameter "L7-key-passphrase" or the "encryptUsingClusterPassphrase" query parameter to use the cluster passphrase. For more information, see "Step 2: Safely Migrate Policy Passwords and Other Secrets" in Determine Security for Migrations.
To auto-provision a migration bundle:
- Add the bundle files to the following directory./opt/SecureSpan/Gateway/node/default/etc/bootstrap/bundle
- Make sure these files are accessible by the Gateway process (see the appropriate section beneath "How to Auto-Provision" below).If more than one file is present, they are imported in ascending alphabetical order. If you need them imported in a specific order, add a prefix to the file names:001_first.req.bundle999_last.req.bundle050_middle.req.bundle
How to Auto-Provision
Auto-provisioning works slightly different for each form factor.
Auto-Provision Appliance and Virtual Appliance Gateways
To auto-provision a migration bundle for an Appliance or Virtual Appliance Gateway:
- Open a privileged shell.
- Create the target directory:# mkdir -p /opt/SecureSpan/Gateway/node/default/etc/bootstrap/bundle
- Set the appropriate permissions:# chmod -R 775 /opt/SecureSpan/Gateway/node/default/etc/bootstrap
- Copy the migration bundle(s) into the/opt/SecureSpan/Gateway/node/default/etc/bootstrap/bundledirectory.(1) Bundles must end with.bundleas a file extension. (2) For the Gateway to fail at startup when a bundle import fails, the bundles must have the.req.bundlefile extension.
- Restart the Gateway service:# service ssg restart
- (Optional)Once the migration bundle is auto-provisioned, you may remove the bundle directory created in step 2:# rm -rf /opt/SecureSpan/Gateway/node/default/etc/bootstrap/bundle
The migration bundle is now imported.