109 lines
3.4 KiB
Bash
109 lines
3.4 KiB
Bash
# We built on top of tiny-cloud
|
|
. /etc/tiny-cloud.conf
|
|
|
|
IMDS_ENDPOINT="169.254.169.254"
|
|
. /lib/tiny-cloud/cloud/"$CLOUD"/imds
|
|
|
|
_imds() {
|
|
wget --quiet --timeout 1 --output-document - \
|
|
--header "$(_imds_header)" \
|
|
"http://$IMDS_ENDPOINT/$IMDS_URI/$1$IMDS_QUERY"
|
|
}
|
|
|
|
function query_imds() {
|
|
MAC=$(_imds meta-data/mac)
|
|
AVAILABILITY_ZONE=$(_imds meta-data/placement/availability-zone)
|
|
REGION=$(echo ${AVAILABILITY_ZONE} | sed "s/[a-z]$//")
|
|
INSTANCE_ID=$(_imds meta-data/instance-id)
|
|
|
|
cat <<EOF >> /var/lib/cloud/meta-data
|
|
AVAILABILITY_ZONE=$AVAILABILITY_ZONE
|
|
REGION=$REGION
|
|
INSTANCE_ID=$INSTANCE_ID
|
|
|
|
# Get the internal IP of first interface
|
|
IP_ADDRESS=$(_imds meta-data/local-ipv4)
|
|
PUBLIC_IP_ADDRESS=$(_imds meta-data/public-ipv4 || true)
|
|
|
|
MAC=$MAC
|
|
VPC_CIDR_RANGE=$(_imds meta-data/network/interfaces/macs/${MAC}/vpc-ipv4-cidr-block)
|
|
SUBNET=$(_imds meta-data/network/interfaces/macs/${MAC}/subnet-ipv4-cidr-block)
|
|
|
|
# Make sure we have basic domain / hostname set at all time
|
|
_META_HOSTNAME=$(_imds meta-data/hostname)
|
|
DOMAIN_NAME=\${_META_HOSTNAME#*.}
|
|
HOSTNAME=\${_META_HOSTNAME%%.*}
|
|
|
|
AWS_ACCOUNT_ID=$(_imds meta-data/network/interfaces/macs/${MAC}/owner-id)
|
|
INSTANCE_LIFE_CYCLE=$(_imds meta-data/instance-life-cycle)
|
|
|
|
INSTANCE_TYPE=$(_imds meta-data/instance-type)
|
|
EOF
|
|
}
|
|
|
|
function get_tags() {
|
|
# via metadata AWS restricts tags to NOT have " " or "/" ;-(
|
|
#for key in $(_imds meta-data/tags/instance); do
|
|
# TAGS[$key]=$(_imds meta-data/tags/instance/"$key")
|
|
#done
|
|
# Replace all /:.- with _ for valid variable names
|
|
while read _key value; do
|
|
key=$(echo ${_key//[\/:.-]/_} | tr '[:lower:]' '[:upper:]')
|
|
echo "$key=\"$value\"" >> /var/lib/cloud/meta-data
|
|
done < <(aws ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCE_ID}" --query 'Tags[*].[Key,Value]')
|
|
}
|
|
|
|
# extract user-data args and cloud meta-data into /var/lib/cloud/meta-data
|
|
get_meta_data() {
|
|
if [ ! -f /var/lib/cloud/meta-data ]; then
|
|
ebegin "collecting metadata, instance tags and parameters"
|
|
|
|
echo '#!/bin/bash' > /var/lib/cloud/meta-data
|
|
|
|
query_imds
|
|
|
|
export AWS_DEFAULT_REGION=$REGION
|
|
export AWS_DEFAULT_OUTPUT=text
|
|
|
|
get_tags
|
|
|
|
[ -f /var/lib/cloud/user-data ] && bash /var/lib/cloud/user-data extract_parameters
|
|
fi
|
|
|
|
. /var/lib/cloud/meta-data
|
|
|
|
# Workaround for current CFN ASG_<parameter> hack
|
|
_key=$(echo $AWS_CLOUDFORMATION_LOGICAL_ID | tr '[:lower:]' '[:upper:]')
|
|
[ -n "$(eval echo \$${_key}_CUSTOMHOSTNAME)" ] && CUSTOMHOSTNAME="$(eval echo \$${_key}_CUSTOMHOSTNAME)"
|
|
[ -n "$(eval echo \$${_key}_VOLUMES)" ] && VOLUMES="$(eval echo \$${_key}_VOLUMES)"
|
|
|
|
return 0
|
|
}
|
|
|
|
|
|
################
|
|
# IAM SSH KEYS #
|
|
################
|
|
cb_sshkeys() {
|
|
case "$CLOUD" in
|
|
aws)
|
|
# on AWS call IAM for allowed groups and actual keys
|
|
GROUP=${SSHKEYIAMGROUP:-""}
|
|
ROLE=${SSHKEYIAMROLE:-"arn:aws:iam::000000000000:role/Undefined"}
|
|
[ $ROLE == "arn:aws:iam::000000000000:role/Undefined" ] && ROLE=""
|
|
|
|
if [ -n "$GROUP" ]; then
|
|
# Configure SSHD
|
|
sed -i -e "s,^[\s#]*AuthorizedKeysCommand\s.*,AuthorizedKeysCommand /usr/sbin/get_iam_sshkeys.py --user %u --group $GROUP --iamRole \"$ROLE\"," /etc/ssh/sshd_config
|
|
sed -i -e "s,^[\s#]*AuthorizedKeysCommandUser\s.*,AuthorizedKeysCommandUser nobody," /etc/ssh/sshd_config
|
|
|
|
ebegin "added $GROUP to SSH admin keys"
|
|
fi
|
|
;;
|
|
*)
|
|
ewarn "Unsupported Cloud: $CLOUD"
|
|
return 1
|
|
;;
|
|
esac
|
|
}
|