diff options
author | hydrajump <wave@hydrajump.com> | 2014-04-28 21:34:50 +0200 |
---|---|---|
committer | hydrajump <wave@hydrajump.com> | 2014-04-28 21:34:50 +0200 |
commit | b1c49eca75ad30d17596f3062f33542c4139817f (patch) | |
tree | 27867a539353c90b4b9cde385d14fb4805039047 /etc | |
parent | c02405850b592c99d00697b69115cd112b9592ee (diff) | |
download | vyatta-cfg-system-b1c49eca75ad30d17596f3062f33542c4139817f.tar.gz vyatta-cfg-system-b1c49eca75ad30d17596f3062f33542c4139817f.zip |
Add support for installing a new image on the Amazon AMI
- Check if installing on AWS EC2 platform via instance metadata.
- Configure GRUB correctly, so that boot messages are available
via instance's console.
- Add init.d script to fetch user's EC2 public key during boot.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/init.d/ec2-fetch-ssh-public-key | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/etc/init.d/ec2-fetch-ssh-public-key b/etc/init.d/ec2-fetch-ssh-public-key new file mode 100644 index 00000000..05955f05 --- /dev/null +++ b/etc/init.d/ec2-fetch-ssh-public-key @@ -0,0 +1,114 @@ +#!/bin/bash +### BEGIN INIT INFO +# Provides: ec2-fetch-ssh-public-key +# Required-Start: vyatta-router +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: AWS EC2 instance init script to fetch and load ssh public key +# Description: Retrieve user's public ssh key from EC2 instance metadata +# and load/set the key in config.boot +### END INIT INFO + +# Author: hydrajump <wave@hydrajump.com> +# +# Based on http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/building-shared-amis.html#public-amis-install-credentials +# https://github.com/andsens/bootstrap-vz/blob/master/providers/ec2/assets/init.d/ec2-get-credentials + +. /lib/lsb/init-functions + +: ${vyatta_env:=/etc/default/vyatta} +source $vyatta_env + +# Configuration commands +SHELL_API=/bin/cli-shell-api +COMMIT=/opt/vyatta/sbin/my_commit +SAVE=/opt/vyatta/sbin/vyatta-save-config.pl +LOADKEY=/opt/vyatta/sbin/vyatta-load-user-key.pl + +public_key_url=http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key +username='vyos' +ssh_dir="/home/$username/.ssh" +authorized_keys="$ssh_dir/authorized_keys" +group='vyattacfg' + +# Obtain config session environment +session_env=$($SHELL_API getSessionEnv $PPID) +if [ $? -ne 0 ]; then + echo "An error occured while obtaining session environment!" + exit 0 +fi + +# Evaluate config environment string +eval $session_env + +# Setup the config session +$SHELL_API setupSession +if [ $? -ne 0 ]; then + echo "An error occured while setting up the configuration session!" + exit 0 +fi + +load_ssh_public_key () +{ + # Doesn't work. + # if [ -x $vyatta_sbindir/vyatta-load-user-key.pl ]; then + # log_action_msg "Loaded ssh public key for user $username" + # sg ${group} -c "$vyatta_sbindir/vyatta-load-user-key.pl $username $public_key" + # fi + + # Do this instead + # Obtain session environment + # Evaluate environment string + # Setup the session + # Commit and save config change + # Tear down the session + + log_action_msg "EC2: Loaded ssh public key for user $username" + $LOADKEY $username $public_key_url + + # Commit and save to config.boot + $COMMIT + $SAVE +} + +# Try to get the ssh public key from instance metadata +log_action_msg "EC2: -----BEGIN FETCH SSH PUBLIC KEY-----" +log_action_msg "EC2: Requesting ssh public key from EC2 instance metadata" +public_key=`/usr/bin/curl --silent -f $public_key_url` +if [ -n "$public_key" ]; then + log_action_msg "EC2: Downloaded ssh public key from EC2 instance metadata" + if [ ! -d $ssh_dir ]; then + mkdir -m 700 $ssh_dir + # chown $username:$username $ssh_dir + fi + + # Check if the ssh public key is already loaded + if ! grep -s -q "$public_key" $authorized_keys; then + load_ssh_public_key + # chmod 600 $authorized_keys + # chown $username:$username $authorized_keys + else + log_action_msg "EC2: Already loaded ssh public key for user $username" + fi +else + log_action_msg " + == WARNING == + No ssh public key found! + If you launch an instance without specifying a keypair, + you can't connect to the instance. + Please terminate this instance and launch a new EC2 instance. + + == IMPORTANT == + Don't forget to create a keypair or select an existing one + before you launch the new instance" +fi +log_action_msg "EC2: -----END FETCH SSH PUBLIC KEY-----" + +# Tear down the config session +$SHELL_API teardownSession +if [ $? -ne 0 ]; then + echo "An error occured while tearing down the session!" + exit 0 +fi +exit 0 |