Palo password hash in bootrap.xml

[peterb154]

The deployment guide documentation indicates that to change the palo alto password in the bootrap.xml, the users have to apply the
palo bootstrap.xml config and change then password and export the config again.
There is an easier way using mkpasswd echo newpassword | mkpasswd -m MD5 -S acfwlwlo -s

And the bootsrap.xml file can be updated programmatically with xq (installed with
the 'yq' program and works just like 'jq').

Put it all together now...

# Define the new password
NEW_PASSWORD="CssCloud123!"

# Define the Boostrap.xml location
BOOSTRAP=./prerequisites/bootstrap/config/bootrap.xml

# This is the salt used by the palo password in the example doc
SALT=acfwlwlo

# Create the new md5 password hash
NEW_HASH=`echo $NEW_PASSWORD | mkpasswd -m MD5 -S $SALT -s`

# Create a backup of the file
cp $BOOSTRAP $BOOSTRAP.bak

# Update the boostrap.xml
xq -x --arg PHASH $NEW_HASH '.config["mgt-config"].users.entry.phash = $NEW_HASH' $BOOSTRAP.bak > $BOOSTRAP

Might be a good tip to add to the documentation.