mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-04 23:22:22 +01:00
EC2: Move network config into a separate function
Having the "base" FreeBSD network configuration (aka. what is used when not using cloud-init) in ec2.conf will allow us to reuse it in other AMIs. Sponsored by: Amazon Differential Revision: https://reviews.freebsd.org/D46507
This commit is contained in:
parent
81d3df02bc
commit
f961ddb28d
@ -22,29 +22,6 @@ vm_extra_pre_umount() {
|
||||
# via EC2 user-data.
|
||||
echo 'firstboot_pkgs_list="devel/py-awscli"' >> ${DESTDIR}/etc/rc.conf
|
||||
|
||||
# EC2 instances use DHCP to get their network configuration. IPv6
|
||||
# requires accept_rtadv.
|
||||
echo 'ifconfig_DEFAULT="SYNCDHCP accept_rtadv"' >> ${DESTDIR}/etc/rc.conf
|
||||
|
||||
# The EC2 DHCP server can be trusted to know whether an IP address is
|
||||
# assigned to us; we don't need to ARP to check if anyone else is using
|
||||
# the address before we start using it.
|
||||
echo 'dhclient_arpwait="NO"' >> ${DESTDIR}/etc/rc.conf
|
||||
|
||||
# Enable IPv6 on all interfaces, and spawn DHCPv6 via rtsold
|
||||
echo 'ipv6_activate_all_interfaces="YES"' >> ${DESTDIR}/etc/rc.conf
|
||||
echo 'rtsold_enable="YES"' >> ${DESTDIR}/etc/rc.conf
|
||||
echo 'rtsold_flags="-M /usr/local/libexec/rtsold-M -a"' >> ${DESTDIR}/etc/rc.conf
|
||||
|
||||
# Provide a script which rtsold can use to launch DHCPv6
|
||||
mkdir -p ${DESTDIR}/usr/local/libexec
|
||||
cat > ${DESTDIR}/usr/local/libexec/rtsold-M <<'EOF'
|
||||
#!/bin/sh
|
||||
|
||||
/usr/local/sbin/dhclient -6 -nw -N -cf /dev/null $1
|
||||
EOF
|
||||
chmod 755 ${DESTDIR}/usr/local/libexec/rtsold-M
|
||||
|
||||
# Any EC2 ephemeral disks seen when the system first boots will
|
||||
# be "new" disks; there is no "previous boot" when they might have
|
||||
# been seen and used already.
|
||||
@ -53,5 +30,8 @@ EOF
|
||||
# Configuration common to all EC2 AMIs
|
||||
ec2_common
|
||||
|
||||
# Standard FreeBSD network configuration
|
||||
ec2_base_networking
|
||||
|
||||
return 0
|
||||
}
|
||||
|
@ -104,3 +104,30 @@ EOF
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
ec2_base_networking () {
|
||||
# EC2 instances use DHCP to get their network configuration. IPv6
|
||||
# requires accept_rtadv.
|
||||
echo 'ifconfig_DEFAULT="SYNCDHCP accept_rtadv"' >> ${DESTDIR}/etc/rc.conf
|
||||
|
||||
# The EC2 DHCP server can be trusted to know whether an IP address is
|
||||
# assigned to us; we don't need to ARP to check if anyone else is using
|
||||
# the address before we start using it.
|
||||
echo 'dhclient_arpwait="NO"' >> ${DESTDIR}/etc/rc.conf
|
||||
|
||||
# Enable IPv6 on all interfaces, and spawn DHCPv6 via rtsold
|
||||
echo 'ipv6_activate_all_interfaces="YES"' >> ${DESTDIR}/etc/rc.conf
|
||||
echo 'rtsold_enable="YES"' >> ${DESTDIR}/etc/rc.conf
|
||||
echo 'rtsold_flags="-M /usr/local/libexec/rtsold-M -a"' >> ${DESTDIR}/etc/rc.conf
|
||||
|
||||
# Provide a script which rtsold can use to launch DHCPv6
|
||||
mkdir -p ${DESTDIR}/usr/local/libexec
|
||||
cat > ${DESTDIR}/usr/local/libexec/rtsold-M <<'EOF'
|
||||
#!/bin/sh
|
||||
|
||||
/usr/local/sbin/dhclient -6 -nw -N -cf /dev/null $1
|
||||
EOF
|
||||
chmod 755 ${DESTDIR}/usr/local/libexec/rtsold-M
|
||||
|
||||
return 0
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user