2.4.1. Automated pre-configuration using Cloud-init¶
If you installed Turbo IPsec as a new Linux system, it includes a Day-1 configuration mechanism that starts a DHCP client on the first interface and enables a SSH server on it, so that the user can remotely access the console. This mechanism relies on cloud-init and can be customized as described in the following sections.
Cloud-init¶
Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance. Using cloud-init, it is possible to preconfigure Turbo IPsec.
See also
For more information about Cloud-init, refer to https://cloudinit.readthedocs.io/en/latest/
Customizing the Turbo IPsec configuration files is possible only at first boot. The turbo service is started sooner in the next boots, before cloud-init.
Libvirt¶
The simpler way of using cloud-init with libvirt is to create an iso file labelled cidata.
See also
For more information, refer to https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html
Write a
user-data
file and ameta-data
file. In this example, we setup the root password and upload a license file.# cat << EOF > /tmp/user-data #cloud-config write_files: - path: /etc/turbo.lic content: | LICENSE 6wind turbo-ipsec 01.99.99 permanent uncounted hostid=isv=628CE7A75DA9EFB7B3A2D3CDEB566889 customer=yourcompany _ck=c082fce984 sig="60PG4527MCR2KEKTD2UP7TRN18G1R6GDJCUM2XH508A03PHQ chpasswd: list: | root:myrootpassword EOF # cat << EOF > meta-data instance-id: turbo-vm local-hostname: turbo-vm EOF
Build an iso image with the
cidata
label containing theuser-data
andmeta-data
and put it in the libvirtimages
directory.# apt-get install -y genisoimage # genisoimage -output seed.iso -volid cidata \ -joliet -rock user-data meta-data # cp seed.iso /var/lib/libvirt/images/
Add
seed.iso
as a disk to thevirt-install
command. For instance, for a VM with virtual NICs.# virt-install --name vm1 --vcpus=3,sockets=1,cores=3,threads=1 \ --os-type linux --cpu host --network=default,model=e1000 \ --ram 8192 --noautoconsole --import \ --disk /var/lib/libvirt/images/vm1.qcow2,device=disk,bus=virtio \ --disk /var/lib/libvirt/images/seed.iso,device=disk,bus=virtio
OpenStack¶
Cloud-init is integrated within OpenStack.
Write a cloud-init
user-data
file. In this example, we setup the root password and upload a license file.# cat << EOF > /tmp/user-data #cloud-config write_files: - path: /etc/turbo.lic content: | LICENSE 6wind turbo-ipsec 01.99.99 permanent uncounted hostid=isv=628CE7A75DA9EFB7B3A2D3CDEB566889 customer=yourcompany _ck=c082fce984 sig="60PG4527MCR2KEKTD2UP7TRN18G1R6GDJCUM2XH508A03PHQ chpasswd: list: | root:myrootpassword EOF
Start the VM with the additional parameter
--user-data
.# openstack server create --flavor turbo-ipsec \ --image turbo-ipsec \ --user-data /tmp/user-data \ turbo-ipsec_vm
Examples¶
Here is a user-data
example, where we pre-install the license file (make sure
you replace the contents by your own), and we upload a startup configuration
for the CLI (you can also upload alternative configurations).
#cloud-config
write_files:
- path: /etc/turbo.lic
content: |
LICENSE 6wind turbo-router 01.99.99 permanent uncounted
hostid=isv=628CE7A75DA9EFB7B3A2D3CDEB566889 customer=yourcompany
_ck=c082fce984 sig="60PG4527MCR2KEKTD2UP7TRN18G1R6GDJCUM2XH508A03PHQ
BQ168E3GWWK3VQ43TK0YPQ01KWVG"
- path: /etc/sysrepo/data/vrouter.startup
content: |
{
"vrouter:config": {
"vrf": [
{
"name": "main",
"vrouter-interface:interface": {
"physical": [
{
"name": "pub1",
"port": "ens1",
"ipv4": {
"dhcp": {
"enabled": true
}
}
}
]
}
}
],
"vrouter-system:system": {
"vrouter-fast-path:fast-path": {
"port": [
"pci-b0s5"
]
}
}
}
}