# We built on top of tiny-cloud . /etc/tiny-cloud.conf IMDS_ENDPOINT="169.254.169.254" . /lib/tiny-cloud/cloud/"$CLOUD"/imds _imds() { wget --quiet --timeout 1 --output-document - \ --header "$(_imds_header)" \ "http://$IMDS_ENDPOINT/$IMDS_URI/$1$IMDS_QUERY" } function query_imds() { MAC=$(_imds meta-data/mac) AVAILABILITY_ZONE=$(_imds meta-data/placement/availability-zone) REGION=$(echo ${AVAILABILITY_ZONE} | sed "s/[a-z]$//") INSTANCE_ID=$(_imds meta-data/instance-id) cat <> /var/lib/cloud/meta-data AVAILABILITY_ZONE=$AVAILABILITY_ZONE REGION=$REGION INSTANCE_ID=$INSTANCE_ID # Get the internal IP of first interface IP_ADDRESS=$(_imds meta-data/local-ipv4) PUBLIC_IP_ADDRESS=$(_imds meta-data/public-ipv4 || true) MAC=$MAC VPC_CIDR_RANGE=$(_imds meta-data/network/interfaces/macs/${MAC}/vpc-ipv4-cidr-block) SUBNET=$(_imds meta-data/network/interfaces/macs/${MAC}/subnet-ipv4-cidr-block) # Make sure we have basic domain / hostname set at all time _META_HOSTNAME=$(_imds meta-data/hostname) DOMAIN_NAME=\${_META_HOSTNAME#*.} HOSTNAME=\${_META_HOSTNAME%%.*} AWS_ACCOUNT_ID=$(_imds meta-data/network/interfaces/macs/${MAC}/owner-id) INSTANCE_LIFE_CYCLE=$(_imds meta-data/instance-life-cycle) INSTANCE_TYPE=$(_imds meta-data/instance-type) EOF } function get_tags() { # via metadata AWS restricts tags to NOT have " " or "/" ;-( #for key in $(_imds meta-data/tags/instance); do # TAGS[$key]=$(_imds meta-data/tags/instance/"$key") #done # Replace all /:.- with _ for valid variable names while read _key value; do key=$(echo ${_key//[\/:.-]/_} | tr '[:lower:]' '[:upper:]') echo "$key=\"$value\"" >> /var/lib/cloud/meta-data done < <(aws ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCE_ID}" --query 'Tags[*].[Key,Value]') } # extract user-data args and cloud meta-data into /var/lib/cloud/meta-data get_meta_data() { if [ ! -f /var/lib/cloud/meta-data ]; then ebegin "collecting metadata, instance tags and parameters" echo '#!/bin/bash' > /var/lib/cloud/meta-data query_imds export AWS_DEFAULT_REGION=$REGION export AWS_DEFAULT_OUTPUT=text get_tags [ -f /var/lib/cloud/user-data ] && bash /var/lib/cloud/user-data extract_parameters fi . /var/lib/cloud/meta-data # Workaround for current CFN ASG_ hack _key=$(echo $AWS_CLOUDFORMATION_LOGICAL_ID | tr '[:lower:]' '[:upper:]') [ -n "$(eval echo \$${_key}_CUSTOMHOSTNAME)" ] && CUSTOMHOSTNAME="$(eval echo \$${_key}_CUSTOMHOSTNAME)" [ -n "$(eval echo \$${_key}_VOLUMES)" ] && VOLUMES="$(eval echo \$${_key}_VOLUMES)" return 0 } ################ # IAM SSH KEYS # ################ cb_sshkeys() { case "$CLOUD" in aws) # on AWS call IAM for allowed groups and actual keys GROUP=${SSHKEYIAMGROUP:-""} ROLE=${SSHKEYIAMROLE:-"arn:aws:iam::000000000000:role/Undefined"} [ $ROLE == "arn:aws:iam::000000000000:role/Undefined" ] && ROLE="" if [ -n "$GROUP" ]; then # Configure SSHD sed -i -e "s,^[\s#]*AuthorizedKeysCommand\s.*,AuthorizedKeysCommand /usr/sbin/get_iam_sshkeys.py --user %u --group $GROUP --iamRole \"$ROLE\"," /etc/ssh/sshd_config sed -i -e "s,^[\s#]*AuthorizedKeysCommandUser\s.*,AuthorizedKeysCommandUser nobody," /etc/ssh/sshd_config ebegin "added $GROUP to SSH admin keys" fi ;; *) ewarn "Unsupported Cloud: $CLOUD" return 1 ;; esac }