summaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
authorhydrajump <wave@hydrajump.com>2014-04-28 21:34:50 +0200
committerhydrajump <wave@hydrajump.com>2014-04-28 21:34:50 +0200
commitb1c49eca75ad30d17596f3062f33542c4139817f (patch)
tree27867a539353c90b4b9cde385d14fb4805039047 /etc
parentc02405850b592c99d00697b69115cd112b9592ee (diff)
downloadvyatta-cfg-system-b1c49eca75ad30d17596f3062f33542c4139817f.tar.gz
vyatta-cfg-system-b1c49eca75ad30d17596f3062f33542c4139817f.zip
Add support for installing a new image on the Amazon AMI
- Check if installing on AWS EC2 platform via instance metadata. - Configure GRUB correctly, so that boot messages are available via instance's console. - Add init.d script to fetch user's EC2 public key during boot.
Diffstat (limited to 'etc')
-rw-r--r--etc/init.d/ec2-fetch-ssh-public-key114
1 files changed, 114 insertions, 0 deletions
diff --git a/etc/init.d/ec2-fetch-ssh-public-key b/etc/init.d/ec2-fetch-ssh-public-key
new file mode 100644
index 00000000..05955f05
--- /dev/null
+++ b/etc/init.d/ec2-fetch-ssh-public-key
@@ -0,0 +1,114 @@
+#!/bin/bash
+### BEGIN INIT INFO
+# Provides: ec2-fetch-ssh-public-key
+# Required-Start: vyatta-router
+# Required-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: AWS EC2 instance init script to fetch and load ssh public key
+# Description: Retrieve user's public ssh key from EC2 instance metadata
+# and load/set the key in config.boot
+### END INIT INFO
+
+# Author: hydrajump <wave@hydrajump.com>
+#
+# Based on http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/building-shared-amis.html#public-amis-install-credentials
+# https://github.com/andsens/bootstrap-vz/blob/master/providers/ec2/assets/init.d/ec2-get-credentials
+
+. /lib/lsb/init-functions
+
+: ${vyatta_env:=/etc/default/vyatta}
+source $vyatta_env
+
+# Configuration commands
+SHELL_API=/bin/cli-shell-api
+COMMIT=/opt/vyatta/sbin/my_commit
+SAVE=/opt/vyatta/sbin/vyatta-save-config.pl
+LOADKEY=/opt/vyatta/sbin/vyatta-load-user-key.pl
+
+public_key_url=http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
+username='vyos'
+ssh_dir="/home/$username/.ssh"
+authorized_keys="$ssh_dir/authorized_keys"
+group='vyattacfg'
+
+# Obtain config session environment
+session_env=$($SHELL_API getSessionEnv $PPID)
+if [ $? -ne 0 ]; then
+ echo "An error occured while obtaining session environment!"
+ exit 0
+fi
+
+# Evaluate config environment string
+eval $session_env
+
+# Setup the config session
+$SHELL_API setupSession
+if [ $? -ne 0 ]; then
+ echo "An error occured while setting up the configuration session!"
+ exit 0
+fi
+
+load_ssh_public_key ()
+{
+ # Doesn't work.
+ # if [ -x $vyatta_sbindir/vyatta-load-user-key.pl ]; then
+ # log_action_msg "Loaded ssh public key for user $username"
+ # sg ${group} -c "$vyatta_sbindir/vyatta-load-user-key.pl $username $public_key"
+ # fi
+
+ # Do this instead
+ # Obtain session environment
+ # Evaluate environment string
+ # Setup the session
+ # Commit and save config change
+ # Tear down the session
+
+ log_action_msg "EC2: Loaded ssh public key for user $username"
+ $LOADKEY $username $public_key_url
+
+ # Commit and save to config.boot
+ $COMMIT
+ $SAVE
+}
+
+# Try to get the ssh public key from instance metadata
+log_action_msg "EC2: -----BEGIN FETCH SSH PUBLIC KEY-----"
+log_action_msg "EC2: Requesting ssh public key from EC2 instance metadata"
+public_key=`/usr/bin/curl --silent -f $public_key_url`
+if [ -n "$public_key" ]; then
+ log_action_msg "EC2: Downloaded ssh public key from EC2 instance metadata"
+ if [ ! -d $ssh_dir ]; then
+ mkdir -m 700 $ssh_dir
+ # chown $username:$username $ssh_dir
+ fi
+
+ # Check if the ssh public key is already loaded
+ if ! grep -s -q "$public_key" $authorized_keys; then
+ load_ssh_public_key
+ # chmod 600 $authorized_keys
+ # chown $username:$username $authorized_keys
+ else
+ log_action_msg "EC2: Already loaded ssh public key for user $username"
+ fi
+else
+ log_action_msg "
+ == WARNING ==
+ No ssh public key found!
+ If you launch an instance without specifying a keypair,
+ you can't connect to the instance.
+ Please terminate this instance and launch a new EC2 instance.
+
+ == IMPORTANT ==
+ Don't forget to create a keypair or select an existing one
+ before you launch the new instance"
+fi
+log_action_msg "EC2: -----END FETCH SSH PUBLIC KEY-----"
+
+# Tear down the config session
+$SHELL_API teardownSession
+if [ $? -ne 0 ]; then
+ echo "An error occured while tearing down the session!"
+ exit 0
+fi
+exit 0