1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
# Copyright (C) 2009-2010 Canonical Ltd.
# Copyright (C) 2012 Hewlett-Packard Development Company, L.P.
#
# Author: Scott Moser <scott.moser@canonical.com>
# Author: Juerg Haefliger <juerg.haefliger@hp.com>
#
# This file is part of cloud-init. See LICENSE file for license information.
"""
Disable EC2 Metadata
--------------------
**Summary:** disable aws ec2 metadata
This module can disable the ec2 datasource by rejecting the route to
``169.254.169.254``, the usual route to the datasource. This module is disabled
by default.
**Internal name:** ``cc_disable_ec2_metadata``
**Module frequency:** always
**Supported distros:** all
**Config keys**::
disable_ec2_metadata: <true/false>
"""
from cloudinit import subp, util
from cloudinit.settings import PER_ALWAYS
frequency = PER_ALWAYS
REJECT_CMD_IF = ["route", "add", "-host", "169.254.169.254", "reject"]
REJECT_CMD_IP = ["ip", "route", "add", "prohibit", "169.254.169.254"]
def handle(name, cfg, _cloud, log, _args):
disabled = util.get_cfg_option_bool(cfg, "disable_ec2_metadata", False)
if disabled:
reject_cmd = None
if subp.which("ip"):
reject_cmd = REJECT_CMD_IP
elif subp.which("ifconfig"):
reject_cmd = REJECT_CMD_IF
else:
log.error(
'Neither "route" nor "ip" command found, unable to '
"manipulate routing table"
)
return
subp.subp(reject_cmd, capture=False)
else:
log.debug(
"Skipping module named %s, disabling the ec2 route not enabled",
name,
)
# vi: ts=4 expandtab
|