Making first boot scripts just got easier (but building vyos-1x got a bit harder)
Posted 18 Jul, 2018 by Daniil Baturin
As you probably know already, we are working on integrating cloud-init into VyOS, which will allow us to support multiple cloud platforms, and get rid of the custom script for EC2. The hard part of this project is that just allowing cloud-init to do what it normally does in Debian would not produce desired results, we need to make it modify the config.
This raises a question when this should occur and how it should be done. Since modifying running config with scripts has its difficulties in the current backend, and even if it didn't, it still could potentially clash with user's commits, we thought we may want to modify the config.boot file before it's loaded instead.
One advantage is that once we have common functionality implemented, it can be reused not only in cloud-init, but also in the installer, and in custom first boot scripts if someone wants them.
To test this concept, I've added a library names vyos.initialsetup that includes a collection of functions for common settings such as user passwords and keys, host name, default route, name servers, and interface addresses.
Here's an example of a script you can run on your system for demonstration (adjust user name and do ssh-keygen if necessary):
import vyos.configtree as vct
import vyos.initialsetup as vis
with open('/opt/vyatta/etc/config.boot.default') as f:
config_string = f.read()
with open('/home/dmbaturin/.ssh/id_rsa.pub') as f:
key_string = f.read()
config = vct.ConfigTree(config_string)
vis.set_user_password(config, 'vyos', 'qwerty')
vis.set_user_ssh_key(config, 'vyos', key_string)
# Default level is admin
vis.create_user(config, 'dmbaturin', password=None, key=key_string)
# Default type is ethernet
vis.set_interface_address(config, 'eth0', '192.0.2.10/24')
vis.set_name_servers(config, ['203.0.113.10', '203.0.113.20'])
The script will print a customized config based on the default config.
This is the good thing. The bad, or rather somewhat inconvenient thing is that vyos-1x package build now depends on the libvyosconfig0 package that provides the library behind the vyos.configtree module, and it's essential for running unit tests for those modules.
You should add the "deb http://dev.packages.vyos.net/repositories/current/vyos/ current main" repository to the sources.list on your build machine and install libvyosconfig0 with APT, or simply take the file from the repo and install it by hand with dpkg.
I hope the increased reliability we gain from those unit test outweighs the inconvenience of additional setup.