Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Using Cloud-Init in an OpenStack Environment to Automate the Initialization of vSRX Instances

 

Starting in Junos OS Release 15.1X49-D100 and Junos OS Release 17.4R1, the cloud-init package (version 0.7x) comes pre-installed in the vSRX image to help simplify configuring new vSRX instances operating in an OpenStack environment according to a specified user-data file. Cloud-init is performed during the first-time boot of a vSRX instance.

Cloud-init is an OpenStack software package for automating the initialization of a cloud instance at boot-up. It is available in Ubuntu and most major Linux and FreeBSD operating systems. Cloud-init is designed to support multiple different cloud providers so that the same virtual machine (VM) image can be directly used in multiple hypervisors and cloud instances without any modification. Cloud-init support in a VM instance runs at boot time (first-time boot) and initializes the VM instance according to the specified user-data file.

A user-data file is a special key in the metadata service that contains a file that cloud-aware applications in the VM instance can access upon a first-time boot. In this case, it is the validated Junos OS configuration file that you intend to upload to a vSRX instance as the active configuration. This file uses the standard Junos OS command syntax to define configuration details, such as root password, management IP address, default gateway, and other configuration statements.

When you create a vSRX instance, you can use cloud-init with a validated Junos OS configuration file (juniper.conf) to automate the initialization of new vSRX instances. The user-data file uses the standard Junos OS syntax to define all the configuration details for your vSRX instance. The default Junos OS configuration is replaced during the vSRX instance launch with a validated Junos OS configuration that you supply in the form of a user-data file.

Note

If using a release earlier than Junos OS Release 15.1X49-D130 and Junos OS Release 18.4R1, the user-data configuration file cannot exceed 16 KB. If your user-data file exceeds this limit, you must compress the file using gzip and use the compressed file. For example, the gzip junos.conf command results in the junos.conf.gz file.



Starting in Junos OS Release 15.1X49-D130 and Junos OS Release 18.4R1, if using a configuration drive data source in an OpenStack environment, the user-data configuration file size can be up to 64 MB.

The configuration must be validated and include details for the fxp0 interface, login, and authentication. It must also have a default route for traffic on fxp0. If any of this information is missing or incorrect, the instance is inaccessible and you must launch a new one.

Warning

Ensure that the user-data configuration file is not configured to perform autoinstallation on interfaces using Dynamic Host Configuration Protocol (DHCP) to assign an IP address to the vSRX. Autoinstallation with DHCP will result in a "commit fail" for the user-data configuration file.

Starting in Junos OS Release 15.1X49-D130 and Junos OS Release 18.4R1, the cloud-init functionality in vSRX has been extended to support the use of a configuration drive data source in an OpenStack environment. The configuration drive uses the user-data attribute to pass a validated Junos OS configuration file to the vSRX instance. The user-data can be plain text or MIME file type text/plain. The configuration drive is typically used in conjunction with the Compute service, and is present to the instance as a disk partition labeled config-2. The configuration drive has a maximum size of 64 MB, and must be formatted with either the vfat or ISO 9660 filesystem.

The configuration drive data source also provides the flexibility to add more than one file that can be used for configuration. A typical use case would be to add a Day0 configuration file and a license file. In this case, there are two methods that can be employed to use a configuration drive data source with a vSRX instance:

  • User-data (Junos OS Configuration File) alone—This approach uses the user-data attribute to pass the Junos OS configuration file to each vSRX instance. The user-data can be plain text or MIME file type text/plain.

  • Junos OS configuration file and license file—This approach uses the configuration drive data source to send the Junos OS configuration and license file(s) to each vSRX instance.

    Note

    If a license file is to be configured in vSRX, it is recommended to use the –file option rather than the user-data option to provide the flexibility to configure files larger than the 16 KB limit of user-data.

To use a configuration drive data source to send Junos OS configuration and license file(s) to a vSRX instance, the files needs to be sent in a specific folder structure. In this application, the folder structure of the configuration drive data source in vSRX is as follows:

//OpenStack//latest/junos-config/configuration.txt

//OpenStack//latest/junos-license/license.lic

Before you begin:

  • Create a configuration file with the Junos OS command syntax and save it. The configuration file can be plain text or MIME file type text/plain. The string #junos-config must be the first line of the user-data configuration file before the Junos OS configuration.

    Note

    The #junos-config string is mandatory in the user-data configuration file; if it is not included, the configuration will not be applied to the vSRX instance as the active configuration.

  • Determine the name for the vSRX instance you want to initialize with a validated Junos OS configuration file.

  • Determine the flavor for your vSRX instance, which defines the compute, memory, and storage capacity of the vSRX instance.

  • Starting in Junos OS Release 15.1X49-D130 and Junos OS Release 18.4R1, if using a configuration drive, ensure the following criteria is met to enable cloud-init support for a configuration drive in OpenStack:

    • The configuration drive must be formatted with either the vfat or iso9660 filesystem.

      Note

      The default format of a configuration drive is an ISO 9660 file system. To explicitly specify the ISO 9660/vfat format, add the config_drive_format=iso9660/vfat line to the nova.conf file.

    • The configuration drive must have a filesystem label of config-2.

    • The folder size must be no greater than 64 MB.

Depending on your OpenStack environment, you can use either an OpenStack command-line interface (such as nova boot or openstack server create) or the OpenStack Dashboard (“Horizon”) to launch and initialize a vSRX instance.

Performing Automatic Setup of a vSRX Instance Using an OpenStack Command-Line Interface

You can launch and manage a vSRX instance using either the nova boot or openstack server create commands, which includes the use of a validated Junos OS configuration user-data file from your local directory to initialize the active configuration of the target vSRX instance.

To initiate the automatic setup of a vSRX instance from an OpenStack command-line client:

  1. If you have not done so already, create a configuration file with the Junos OS command syntax and save the file. The configuration file can be plain text or MIME file type text/plain.

    The user-data configuration file must contain the full vSRX configuration that is to be used as the active configuration on each vSRX instance, and the string #junos-config must be the first line of the user-data configuration file before the Junos OS configuration.

    Note

    The #junos-config string is mandatory in the user-data configuration file; if it is not included, the configuration will not be applied to the vSRX instance as the active configuration.

  2. Copy the Junos OS configuration file to an accessible location from where it can be retrieved to launch the vSRX instance.
  3. Depending on your OpenStack environment, use the nova boot or openstack server create command to launch the vSRX instance with a validated Junos OS configuration file as the specified user-data. Note

    You can also use the nova boot equivalent in an Orchestration service such as HEAT.

    For example:

    • nova boot -user-data </path/to/vsrx_configuration.txt> --image vSRX_image --flavor vSRX_flavor_instance

    • openstack server create -user-data </path/to/vsrx_configuration.txt> --image vSRX_image --flavor vSRX_flavor_instance





      Where:

      -user-data </path/to/vsrx_configuration.txt> specifies the location of the Junos OS configuration file. The user-data configuration file size is limited to approximately 16,384 bytes.

      --image vSRX_image identifies the name of a unique vSRX image.

      --flavor vSRX_flavor_instance identifies the vSRX flavor (ID or name).

    Starting in Junos OS Release 15.1X49-D130 and Junos OS Release 18.4R1, to enable the use of a configuration drive for a specific request in the OpenStack compute environment, include the -config-drive true parameter in the nova boot or openstack server create command.

    Note

    It is possible to enable the configuration drive automatically on all instances by configuring the OpenStack Compute service to always create a configuration drive. To do this, specify the force_config_drive=True option in the nova.conf file.

    For example, to use the user-data attribute to pass the Junos OS configuration to each vSRX instance:

    nova boot -config-drive true -flavor vSRX_flavor_instance -image vSRX_image -user-data </path/to/vsrx_configuration.txt>

    Where:

    -user-data </path/to/vsrx_configuration.txt> specifies the location of the Junos OS configuration file. The user-data configuration file size is limited to approximately 64 MB.

    -image vSRX_image identifies the name of a unique vSRX image.

    -flavor vSRX_flavor_instance identifies the vSRX flavor (ID or name).



    For example, to specify the configuration drive with multiple files (Junos OS configuration file and license file):

    nova boot -config-drive true -flavor vSRX_flavor_instance -image vSRX_image [-file /junos-config/configuration.txt=/path/to/file] [-file /junos-license/license.lic=path/to/license]

    Where:

    [-file /junos-config/configuration.txt=/path/to/file] specifies the location of the Junos OS configuration file.

    [-file /junos-license/license.lic=path/to/license] specifies the location of the Junos OS configuration file.

    -image vSRX_image identifies the name of a unique vSRX image.

    -flavor vSRX_flavor_instance identifies the vSRX flavor (ID or name).

  4. Boot or reboot the vSRX instance. During the initial boot-up sequence, the vSRX instance processes the cloud-init request.Note

    The boot time for the vSRX instance might increase with the use of the cloud-init package. This additional time in the initial boot sequence is due to the operations performed by the cloud-init package. During this operation, the cloud-init package halts the boot sequence and performs a lookup for the configuration data in each data source identified in the cloud.cfg. The time required to look up and populate the cloud data is directly proportional to the number of data sources defined. In the absence of a data source, the lookup process continues until it reaches a predefined timeout of 30 seconds for each data source.

  5. When the initial boot-up sequence resumes, the user-data file replaces the original factory-default Junos OS configuration loaded on the vSRX instance. If the commit succeeds, the factory-default configuration will be permanently replaced. If the configuration is not supported or cannot be applied to the vSRX instance, the vSRX will boot using the default Junos OS configuration.

Performing Automatic Setup of a vSRX Instance from the OpenStack Dashboard (Horizon)

Horizon is the canonical implementation of the OpenStack Dashboard. It provides a Web-based user interface to OpenStack services including Nova, Swift, Keystone, and so on. You can launch and manage a vSRX instance from the OpenStack Dashboard, which includes the use of a validated Junos OS configuration user-data file from your local directory to initialize the active configuration of the target vSRX instance.

To initiate the automatic setup of a vSRX instance from the OpenStack Dashboard:

  1. If you have not done so already, create a configuration file with the Junos OS command syntax and save the file. The configuration file can be plain text or MIME file type text/plain.

    The user-data configuration file must contain the full vSRX configuration that is to be used as the active configuration on each vSRX instance, and the string #junos-config must be the first line of the user-data configuration file before the Junos OS configuration.

    Note

    The #junos-config string is mandatory in the user-data configuration file; if it is not included, the configuration will not be applied to the vSRX instance as the active configuration.

  2. Copy the Junos OS configuration file to an accessible location from where it can be retrieved to launch the vSRX instance.
  3. Log in to the OpenStack Dashboard using your login credentials and then select the appropriate project from the drop-down menu at the top left.
  4. On the Project tab, click the Compute tab and select Instances. The dashboard shows the various instances with its image name, its private and floating IP addresses, size, status, availability zone, task, power state, and so on.
  5. Click Launch Instance. The Launch Instance dialog box appears.
  6. From the Details tab (see Figure 1), enter an instance name for the vSRX VM along with the associated availability zone (for example, Nova) and then click Next. We recommend that you keep this name the same as the hostname assigned to the vSRX VM.



    Figure 1: Launch Instance Details Tab



    Launch Instance Details
Tab
  7. From the Source tab (see Figure 2), select a vSRX VM image source file from the Available list and then click +(Plus). The selected vSRX image appears under Allocated. Click Next.



    Figure 2: Launch Instance Source Tab



    Launch Instance Source
Tab
  8. From the Flavor tab (see Figure 3), select a vSRX instance with a specific compute, memory, and storage capacity from the Available list and then click +(plus sign). The selected vSRX flavor appears under Allocated. Click Next.



    Figure 3: Launch Instance Flavor Tab



    Launch Instance Flavor
Tab
  9. From the Networks tab (see Figure 4), select the specific network of the vSRX instance from the Available list and then click +(plus sign). The selected network appears under Allocated. Click Next. Note

    Do not update any parameters in the Network Ports, Security Groups, or Key Pair tabs in the Launch Instance dialog box.





    Figure 4: Launch Instance Networks Tab



    Launch Instance Networks
Tab
  10. From the Configuration tab (see Figure 5), click Browse and navigate to the location of the validated Junos OS configuration file from your local directory that you want to use as the user-data file. Click Next.



    Figure 5: Launch Instance Configuration Tab



    Launch Instance
Configuration Tab
  11. Confirm that the loaded Junos OS configuration contains the #junos-config string in the first line of the user-data configuration file (see Figure 6) and then click Next. Note

    Do not update any parameters in the Metadata tab of the Launch Instance dialog box.





    Figure 6: Launch Instance Configuration Tab with Loaded Junos OS Configuration



    Launch Instance Configuration Tab with Loaded Junos OS Configuration
  12. Click Launch Instance. During the initial boot-up sequence, the vSRX instance processes the cloud-init request.Note

    The boot time for the vSRX instance might increase with the use of the cloud-init package. This additional time in the initial boot sequence is due to the operations performed by the cloud-init package. During this operation, the cloud-init package halts the boot sequence and performs a lookup for the configuration data in each data source identified in the cloud.cfg. The time required to look up and populate the cloud data is directly proportional to the number of data sources defined. In the absence of a data source, the lookup process continues until it reaches a predefined timeout of 30 seconds for each data source.

  13. When the initial boot-up sequence resumes, the user-data file replaces the original factory-default Junos OS configuration loaded on the vSRX instance. If the commit succeeds, the factory-default configuration will be permanently replaced. If the configuration is not supported or cannot be applied to the vSRX instance, the vSRX will boot using the default Junos OS configuration.
Release History Table
Release
Description
Starting in Junos OS Release 15.1X49-D130 and Junos OS Release 18.4R1, the cloud-init functionality in vSRX has been extended to support the use of a configuration drive data source in an OpenStack environment. The configuration drive uses the user-data attribute to pass a validated Junos OS configuration file to the vSRX instance.
Starting in Junos OS Release 15.1X49-D100 and Junos OS Release 17.4R1, the cloud-init package (version 0.7x) comes pre-installed in the vSRX image to help simplify configuring new vSRX instances operating in an OpenStack environment according to a specified user-data file. Cloud-init is performed during the first-time boot of a vSRX instance.