ITisOpen.net

Creating a Vyatta AMI

05 February 2012

I wanted to use and quickly found that Vyatta was the solution I was searching for. After playing with it for a while in my home lab, I decided to try to create an AMI I could trust for my Virtual Private Cloud. I found this interesting thread and used it as a starting base for my experimentations.

  1. Vyatta6.1 *test* AMIs available on Amazon EC2

Since cloud-init is not available on the Vyatta image, you have to handle by yourself the ssh public key which will let you log on the system with the “vyatta” user. This can be done by adding tweaking the /etc/rc.local script. We’ll also add code to load the Vyatta configuration from the instance’s user-data!

cat << EOT > /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

# Quick & dirty hack to prevent nash from hogging the CPU:
/usr/bin/killall nash-hotplug

# Import vyatta config from user-data:
su -c "/etc/import_vyatta_config.exp"

# Import ssh public key for this instance and disable password authentication:
su -c "/etc/import_ssh_pubkey.exp" vyatta

exit 0
EOT

Next, set the execute bits on the script so it can be executed by the system.

chmod 755 rc.local

Next, create the expect script to import the Vyatta configuration from user-data.

cat <<EOT > /etc/import_vyatta_config.exp
#!/usr/bin/expect
set timeout 60
spawn $env(SHELL)
send "configure\r"
expect -re  ".*# $"
send "load http://169.254.169.254/latest/user-data \r"
expect {
  "? \\\[no\\\] " {send "n\r"}
  -re "### 100.0%.*# $" {send "commit  \r"}
  timeout {send_user "Error: timeout\n"; exit}
  eof {send_user "Error: eof\n"; exit}
}
#expect -re  ".*# $"
#send "save\r"
expect -re  ".*# $"
send "exit\r"
#expect eof
EOT

Once again, don’t forget to set the execute bits!

chmod 755 /etc/import_vyatta_config.exp

Next, create the expect script to import the Vyatta configuration from user-data.

cat << EOT > /etc/import_ssh_pubkey.exp
#!/usr/bin/expect
set timeout 30
spawn $env(SHELL)
send "configure\r"
expect -re  ".*# $"
send "loadkey vyatta http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key \r"
expect {
  -re "### 100.0%.*# $" {send "set service ssh disable-password-authentication \r"}
  timeout {send_user "timeout @1\n"; exit}
  eof {send_user "eof @1\n"; exit}
}
expect -re  ".*# $"
send "commit\r"
#expect -re  ".*# $"
#send "save\r"
expect -re  ".*# $"
send "exit\r"
expect {
  -re ":\[~/\]\[#$\] " {send "cat ~vyatta/.ssh/authorized_keys\r"}
  timeout {send_user "timeout @2\n"; exit}
  eof {send_user "eof @2\n"; exit}
}
expect {
  -re ":\[~/\]\[#$\] " {send "exit\r"}
  timeout {send_user "timeout @3\n"; exit}
  eof {send_user "eof @3\n"; exit}
}
#expect eof
EOT

And once again, don’t forget to set the execute bits!

chmod 755 /etc/import_ssh_pubkey.exp

Job’s done! You can now detach your EBS volume, snapshot it and register the AMI from the snapshot!

blog comments powered by Disqus