Installing the required packages
We start by installing the required packages on our instance :
# apt-get update && apt-get upgrade && apt-get install openvpn bridge-utils unzip -y
Creating the server configuration template
Create a configuration for Openvpn, and save it under
/etc/openvpn/server.conf:port 1194 proto udp dev tap0 up "/etc/openvpn/up.sh br0" down "/etc/openvpn/down.sh br0" script-security 3 system persist-key persist-tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem ifconfig-pool-persist ipp.txt server-bridge VPN_IP DHCP_SUBNET DHCP_LOWER DHCP_UPPER client-to-client keepalive 10 120 comp-lzo max-clients 1 user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 mute 20
Create the network scripts
The next step is to create both scripts that will be used when the network components will start up and shut down. The scripts will be respectively saved under
/etc/openvpn/up.shand/etc/openvpn/down.sh:/etc/openvpn/up.sh#!/bin/sh # Openvpn startup script. BR=$1 DEV=$2 MTU=$3 /sbin/ifconfig $DEV mtu $MTU promisc up /sbin/brctl addif $BR $DEV
/etc/openvpn/down.sh#!/bin/sh # Openvpn shutdown script BR=$1 DEV=$2 /usr/sbin/brctl delif $BR $DEV /sbin/ifconfig $DEV down
Make these two scripts executables by running the following command :
# chmod +x /etc/openvpn/{up.sh,down.sh}Edit the network interface configuration file
Update the
/etc/network/interfacesaccordingly (We tear down the main interface and enable the bridged interface) :# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet manual up ifconfig $IFACE 0.0.0.0 up down ifconfig $IFACE down auto br0 iface br0 inet dhcp bridge_ports eth0
Edit the rc.local file
The next step consists in updating the
/etc/rc.localfile. We will ask our image to retrive the payload, decrypt it, and use both key and CRL for our Openvpn service :/etc/rc.local#!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. ####### These lines go at the end of /etc/rc.local ####### . /lib/lsb/init-functions echo Downloading payload from userdata wget http://169.254.169.254/latest/user-data -O /tmp/payload.b64 echo Decrypting base64 payload openssl enc -d -base64 -in /tmp/payload.b64 -out /tmp/payload.zip mkdir -p /tmp/payload echo Unzipping payload file unzip -o /tmp/payload.zip -d /tmp/payload/ # if the autorun.sh script exists, run it if [ -e /tmp/payload/autorun.sh ]; then echo Running autorun.sh cd /tmp/payload chmod 700 /etc/openvpn/server.key sh /tmp/payload/autorun.sh if [ ! -e /etc/openvpn/dh1024.pem ]; then openssl dhparam -out /etc/openvpn/dh1024.pem 1024 fi else echo rc.local : No autorun script to run fi exit 0The called script (
autorun.sh) is a script which mainly parses the network settings of the running instances in order to set up the initial routes. Your instance is now ready to be used as a cloudpipe image. In the next step, we will update that instance to Glance.
