rkhozinov/customization.md

## customization.md

      
    Raw
  

              customization.md
            
          
    VyOS AMI Customization

rl-system.init

comment-out followings


update_interface_config

to prevent new interface is added when stop/start instance in EC2 classic or create imaage with existing interface


add_new_serial_if || log_failure_msg "can't add serial interfaces"

no serial interface in EC2


vyatta-postconfig-bootup.script

see attached file.

  
## vyatta-postconfig-bootup.script
#!/bin/sh
# This script is called from /etc/rc.local on boot after the Vyatta
# configuration is fully applied. Any modifications done to work around
# unfixed bugs and implement enhancements which are not complete in the Vyatta
# system can be placed here.

# expand volume and enable swap if exists
resize2fs /dev/xvda1
[ -f /dev/xvda3 ] && swapon /dev/xvda3

# run once per instance
instanceId=$( curl -s http://169.254.169.254/latest/meta-data/instance-id )
[ -f /opt/vyatta/tmp/$instanceId ] && exit

# apply config from user-data
sudo -u vyos /usr/bin/expect << EOF
set timeout 60
spawn \$env(SHELL)
send "configure\r"
expect -re  ".*# $"
send "merge http://169.254.169.254/latest/user-data \r"
expect {
  "\[no\] " {send "Y\r"}
  timeout {send_user "Error: timeout\n"; exit}
  eof {send_user "Error: eof\n"; exit}
}
expect {
  "Merge complete." {send "commit\r"}
  timeout {send_user "Error: timeout\n"; exit}
  eof {send_user "Error: eof\n"; exit}
}
expect -re  ".*# $"
send "save\r"
expect -re  ".*# $"
send "exit\r"
expect {
  -re ":\[~/\]\[#$\] " {send "exit\r"}
  timeout {send_user "timeout @3\n"; exit}
  eof {send_user "eof @3\n"; exit}
}
EOF

# import ssh key from meta-data server
sudo -u vyos /usr/bin/expect << EOF
set timeout 30
spawn \$env(SHELL)
send "configure\r"
expect -re  ".*# $"
send "loadkey vyos http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key \r"
expect {
  -re "### 100.0%.*# $" {send "set service ssh disable-password-authentication \r"}
  timeout {send_user "timeout @1\n"; exit}
  eof {send_user "eof @1\n"; exit}
}
expect -re  ".*# $"
send "commit\r"
expect -re  ".*# $"
send "save\r"
expect -re  ".*# $"
send "exit\r"
expect {
  -re ":\[~/\]\[#$\] " {send "cat ~vyos/.ssh/authorized_keys\r"}
  timeout {send_user "timeout @2\n"; exit}
  eof {send_user "eof @2\n"; exit}
}
expect {
  -re ":\[~/\]\[#$\] " {send "exit\r"}
  timeout {send_user "timeout @3\n"; exit}
  eof {send_user "eof @3\n"; exit}
}
EOF

touch /opt/vyatta/tmp/$instanceId
	#!/bin/sh
	# This script is called from /etc/rc.local on boot after the Vyatta
	# configuration is fully applied. Any modifications done to work around
	# unfixed bugs and implement enhancements which are not complete in the Vyatta
	# system can be placed here.

	# expand volume and enable swap if exists
	resize2fs /dev/xvda1
	[ -f /dev/xvda3 ] && swapon /dev/xvda3

	# run once per instance
	instanceId=$( curl -s http://169.254.169.254/latest/meta-data/instance-id )
	[ -f /opt/vyatta/tmp/$instanceId ] && exit

	# apply config from user-data
	sudo -u vyos /usr/bin/expect << EOF
	set timeout 60
	spawn \$env(SHELL)
	send "configure\r"
	expect -re ".*# $"
	send "merge http://169.254.169.254/latest/user-data \r"
	expect {
	"\[no\] " {send "Y\r"}
	timeout {send_user "Error: timeout\n"; exit}
	eof {send_user "Error: eof\n"; exit}
	}
	expect {
	"Merge complete." {send "commit\r"}
	timeout {send_user "Error: timeout\n"; exit}
	eof {send_user "Error: eof\n"; exit}
	}
	expect -re ".*# $"
	send "save\r"
	expect -re ".*# $"
	send "exit\r"
	expect {
	-re ":\[~/\]\[#$\] " {send "exit\r"}
	timeout {send_user "timeout @3\n"; exit}
	eof {send_user "eof @3\n"; exit}
	}
	EOF

	# import ssh key from meta-data server
	sudo -u vyos /usr/bin/expect << EOF
	set timeout 30
	spawn \$env(SHELL)
	send "configure\r"
	expect -re ".*# $"
	send "loadkey vyos http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key \r"
	expect {
	-re "### 100.0%.*# $" {send "set service ssh disable-password-authentication \r"}
	timeout {send_user "timeout @1\n"; exit}
	eof {send_user "eof @1\n"; exit}
	}
	expect -re ".*# $"
	send "commit\r"
	expect -re ".*# $"
	send "save\r"
	expect -re ".*# $"
	send "exit\r"
	expect {
	-re ":\[~/\]\[#$\] " {send "cat ~vyos/.ssh/authorized_keys\r"}
	timeout {send_user "timeout @2\n"; exit}
	eof {send_user "eof @2\n"; exit}
	}
	expect {
	-re ":\[~/\]\[#$\] " {send "exit\r"}
	timeout {send_user "timeout @3\n"; exit}
	eof {send_user "eof @3\n"; exit}
	}
	EOF

	touch /opt/vyatta/tmp/$instanceId