2.4.1. Automated pre-configuration using Cloud-init

If you installed Turbo IPsec as a new Linux system, it includes a Day-1 configuration mechanism that starts a DHCP client on the first interface and enables a SSH server on it, so that the user can remotely access the console. This mechanism relies on cloud-init and can be customized as described in the following sections.

Cloud-init

Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance. Using cloud-init, it is possible to preconfigure Turbo IPsec.

See also

For more information about Cloud-init, refer to https://cloudinit.readthedocs.io/en/latest/

Customizing the Turbo IPsec configuration files is possible only at first boot. The turbo service is started sooner in the next boots, before cloud-init.

Libvirt

The simpler way of using cloud-init with libvirt is to create an iso file labelled cidata.

  1. Write a user-data file and a meta-data file. In this example, we setup the root password and upload a license file.

    # cat << EOF > /tmp/user-data
    #cloud-config
    write_files:
     - path: /etc/turbo.lic
       content: |
         LICENSE 6wind turbo-ipsec 01.99.99 permanent uncounted
           hostid=isv=628CE7A75DA9EFB7B3A2D3CDEB566889 customer=yourcompany
           _ck=c082fce984 sig="60PG4527MCR2KEKTD2UP7TRN18G1R6GDJCUM2XH508A03PHQ
    chpasswd:
      list: |
        root:myrootpassword
    EOF
    
    # cat << EOF > meta-data
    instance-id: turbo-vm
    local-hostname: turbo-vm
    EOF
    
  2. Build an iso image with the cidata label containing the user-data and meta-data and put it in the libvirt images directory.

    # apt-get install -y genisoimage
    # genisoimage -output seed.iso -volid cidata \
                             -joliet -rock user-data meta-data
    # cp seed.iso /var/lib/libvirt/images/
    
  3. Add seed.iso as a disk to the virt-install command. For instance, for a VM with virtual NICs.

    # virt-install --name vm1 --vcpus=3,sockets=1,cores=3,threads=1 \
                   --os-type linux --cpu host --network=default,model=e1000 \
                   --ram 8192 --noautoconsole --import \
                   --disk /var/lib/libvirt/images/vm1.qcow2,device=disk,bus=virtio \
                   --disk /var/lib/libvirt/images/seed.iso,device=disk,bus=virtio
    

OpenStack

Cloud-init is integrated within OpenStack.

  1. Write a cloud-init user-data file. In this example, we setup the root password and upload a license file.

    # cat << EOF > /tmp/user-data
    #cloud-config
    write_files:
     - path: /etc/turbo.lic
       content: |
         LICENSE 6wind turbo-ipsec 01.99.99 permanent uncounted
           hostid=isv=628CE7A75DA9EFB7B3A2D3CDEB566889 customer=yourcompany
           _ck=c082fce984 sig="60PG4527MCR2KEKTD2UP7TRN18G1R6GDJCUM2XH508A03PHQ
    chpasswd:
      list: |
        root:myrootpassword
    EOF
    
  2. Start the VM with the additional parameter --user-data.

    # openstack server create --flavor turbo-ipsec \
                              --image turbo-ipsec \
                              --user-data /tmp/user-data \
                              turbo-ipsec_vm
    

Examples

Here is a user-data example, where we pre-install the license file (make sure you replace the contents by your own), and we upload a startup configuration for the CLI (you can also upload alternative configurations).

#cloud-config
write_files:
- path: /etc/turbo.lic
  content: |
   LICENSE 6wind turbo-router 01.99.99 permanent uncounted
     hostid=isv=628CE7A75DA9EFB7B3A2D3CDEB566889 customer=yourcompany
     _ck=c082fce984 sig="60PG4527MCR2KEKTD2UP7TRN18G1R6GDJCUM2XH508A03PHQ
     BQ168E3GWWK3VQ43TK0YPQ01KWVG"
- path: /etc/sysrepo/data/vrouter.startup
   content: |
      {
         "vrouter:config": {
            "vrf": [
               {
                  "name": "main",
                  "vrouter-interface:interface": {
                     "physical": [
                        {
                           "name": "pub1",
                           "port": "ens1",
                           "ipv4": {
                              "dhcp": {
                                 "enabled": true
                               }
                            }
                         }
                      ]
                   }
                }
             ],
             "vrouter-system:system": {
                "vrouter-fast-path:fast-path": {
                   "port": [
                      "pci-b0s5"
                   ]
                }
             }
          }
       }