alpine-overlay/kubezero/zdt-base/cb_init.sh

109 lines
3.4 KiB
Bash

# We built on top of tiny-cloud
. /etc/conf.d/tiny-cloud
IMDS_ENDPOINT="169.254.169.254"
. /lib/tiny-cloud/"$CLOUD"/imds
_imds() {
wget --quiet --timeout 1 --output-document - \
--header "$(_imds_header)" \
"http://$IMDS_ENDPOINT/$IMDS_URI/$1$IMDS_QUERY"
}
function query_imds() {
MAC=$(_imds meta-data/mac)
AVAILABILITY_ZONE=$(_imds meta-data/placement/availability-zone)
REGION=$(echo ${AVAILABILITY_ZONE} | sed "s/[a-z]$//")
INSTANCE_ID=$(_imds meta-data/instance-id)
cat <<EOF >> /var/lib/cloud/meta-data
AVAILABILITY_ZONE=$AVAILABILITY_ZONE
REGION=$REGION
INSTANCE_ID=$INSTANCE_ID
# Get the internal IP of first interface
IP_ADDRESS=$(_imds meta-data/local-ipv4)
PUBLIC_IP_ADDRESS=$(_imds meta-data/public-ipv4 || true)
MAC=$MAC
VPC_CIDR_RANGE=$(_imds meta-data/network/interfaces/macs/${MAC}/vpc-ipv4-cidr-block)
SUBNET=$(_imds meta-data/network/interfaces/macs/${MAC}/subnet-ipv4-cidr-block)
# Make sure we have basic domain / hostname set at all time
_META_HOSTNAME=$(_imds meta-data/hostname)
DOMAIN_NAME=\${_META_HOSTNAME#*.}
HOSTNAME=\${_META_HOSTNAME%%.*}
AWS_ACCOUNT_ID=$(_imds meta-data/network/interfaces/macs/${MAC}/owner-id)
INSTANCE_LIFE_CYCLE=$(_imds meta-data/instance-life-cycle)
INSTANCE_TYPE=$(_imds meta-data/instance-type)
EOF
}
function get_tags() {
# via metadata AWS restricts tags to NOT have " " or "/" ;-(
#for key in $(_imds meta-data/tags/instance); do
# TAGS[$key]=$(_imds meta-data/tags/instance/"$key")
#done
# Replace all /:.- with _ for valid variable names
while read _key value; do
key=$(echo ${_key//[\/:.-]/_} | tr '[:lower:]' '[:upper:]')
echo "$key=\"$value\"" >> /var/lib/cloud/meta-data
done < <(aws ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCE_ID}" --query 'Tags[*].[Key,Value]')
}
# extract user-data args and cloud meta-data into /var/lib/cloud/meta-data
get_meta_data() {
if [ ! -f /var/lib/cloud/meta-data ]; then
ebegin "collecting metadata, instance tags and parameters"
echo '#!/bin/bash' > /var/lib/cloud/meta-data
query_imds
export AWS_DEFAULT_REGION=$REGION
export AWS_DEFAULT_OUTPUT=text
get_tags
[ -f /var/lib/cloud/user-data ] && bash /var/lib/cloud/user-data extract_parameters
fi
. /var/lib/cloud/meta-data
# Workaround for current CFN ASG_<parameter> hack
_key=$(echo $AWS_CLOUDFORMATION_LOGICAL_ID | tr '[:lower:]' '[:upper:]')
[ -n "$(eval echo \$${_key}_CUSTOMHOSTNAME)" ] && CUSTOMHOSTNAME="$(eval echo \$${_key}_CUSTOMHOSTNAME)"
[ -n "$(eval echo \$${_key}_VOLUMES)" ] && VOLUMES="$(eval echo \$${_key}_VOLUMES)"
return 0
}
################
# IAM SSH KEYS #
################
cb_sshkeys() {
case "$CLOUD" in
aws)
# on AWS call IAM for allowed groups and actual keys
GROUP=${SSHKEYIAMGROUP:-""}
ROLE=${SSHKEYIAMROLE:-"arn:aws:iam::000000000000:role/Undefined"}
[ $ROLE == "arn:aws:iam::000000000000:role/Undefined" ] && ROLE=""
if [ -n "$GROUP" ]; then
# Configure SSHD
sed -i -e "s,^[\s#]*AuthorizedKeysCommand\s.*,AuthorizedKeysCommand /usr/sbin/get_iam_sshkeys.py --user %u --group $GROUP --iamRole \"$ROLE\"," /etc/ssh/sshd_config
sed -i -e "s,^[\s#]*AuthorizedKeysCommandUser\s.*,AuthorizedKeysCommandUser nobody," /etc/ssh/sshd_config
ebegin "added $GROUP to SSH admin keys"
fi
;;
*)
ewarn "Unsupported Cloud: $CLOUD"
return 1
;;
esac
}