diff options
4 files changed, 169 insertions, 20 deletions
diff --git a/ b/
index e17669eb..21e73e01 100644
--- a/
+++ b/
@@ -18,6 +18,7 @@ checkparamsonreboot_SCRIPTS =
checkparamsonreboot_DATA =
checkparamsonreboot_DATA += scripts/check-params-on-reboot.d/README
+initd_SCRIPTS += etc/init.d/ec2-fetch-ssh-public-key
initd_SCRIPTS += etc/init.d/vyatta-config-reboot-params
checkparamsonreboot_SCRIPTS += scripts/check-params-on-reboot.d/ipv6_disable_blacklist
diff --git a/debian/ b/debian/
index 735b49ff..a89ef711 100755
--- a/debian/
+++ b/debian/
@@ -13,7 +13,7 @@ do
update-rc.d -f ${init} remove >/dev/null
-# remove extra call to clock setup only need one. this speeds up boot
+# remove extra call to clock setup only need one. this speeds up boot
# Mystery: why does Debian do it twice?
if [ -L /etc/rcS.d/S* -a -L /etc/rcS.d/S* ]; then
rm /etc/rcS.d/S*
@@ -89,7 +89,7 @@ if [ "$sysconfdir" != "/etc" ]; then
# Set file capabilities
sed -r -e '/^#/d' -e '/^[[:blank:]]*$/d' < $sysconfdir/filecaps | \
- while read capability path; do
+ while read capability path; do
touch -c $path
setcap $capability $path
@@ -211,6 +211,14 @@ done
# add vyatta-config-reboot-params to start at boot up
update-rc.d vyatta-config-reboot-params start 20 S
+# Enable ec2-fetch-ssh-public-key init script
+if [ -f "$sysconfdir"/config/.aws ]; then
+ insserv ec2-fetch-ssh-public-key --default
+ # Remove temp. file from install-image-existing L50
+ rm "$sysconfdir"/config/.aws
# Local Variables:
# mode: shell-script
# sh-indentation: 4
diff --git a/etc/init.d/ec2-fetch-ssh-public-key b/etc/init.d/ec2-fetch-ssh-public-key
new file mode 100644
index 00000000..05955f05
--- /dev/null
+++ b/etc/init.d/ec2-fetch-ssh-public-key
@@ -0,0 +1,114 @@
+# Provides: ec2-fetch-ssh-public-key
+# Required-Start: vyatta-router
+# Required-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: AWS EC2 instance init script to fetch and load ssh public key
+# Description: Retrieve user's public ssh key from EC2 instance metadata
+# and load/set the key in config.boot
+# Author: hydrajump <>
+# Based on
+. /lib/lsb/init-functions
+: ${vyatta_env:=/etc/default/vyatta}
+source $vyatta_env
+# Configuration commands
+# Obtain config session environment
+session_env=$($SHELL_API getSessionEnv $PPID)
+if [ $? -ne 0 ]; then
+ echo "An error occured while obtaining session environment!"
+ exit 0
+# Evaluate config environment string
+eval $session_env
+# Setup the config session
+$SHELL_API setupSession
+if [ $? -ne 0 ]; then
+ echo "An error occured while setting up the configuration session!"
+ exit 0
+load_ssh_public_key ()
+ # Doesn't work.
+ # if [ -x $vyatta_sbindir/ ]; then
+ # log_action_msg "Loaded ssh public key for user $username"
+ # sg ${group} -c "$vyatta_sbindir/ $username $public_key"
+ # fi
+ # Do this instead
+ # Obtain session environment
+ # Evaluate environment string
+ # Setup the session
+ # Commit and save config change
+ # Tear down the session
+ log_action_msg "EC2: Loaded ssh public key for user $username"
+ $LOADKEY $username $public_key_url
+ # Commit and save to config.boot
+# Try to get the ssh public key from instance metadata
+log_action_msg "EC2: -----BEGIN FETCH SSH PUBLIC KEY-----"
+log_action_msg "EC2: Requesting ssh public key from EC2 instance metadata"
+public_key=`/usr/bin/curl --silent -f $public_key_url`
+if [ -n "$public_key" ]; then
+ log_action_msg "EC2: Downloaded ssh public key from EC2 instance metadata"
+ if [ ! -d $ssh_dir ]; then
+ mkdir -m 700 $ssh_dir
+ # chown $username:$username $ssh_dir
+ fi
+ # Check if the ssh public key is already loaded
+ if ! grep -s -q "$public_key" $authorized_keys; then
+ load_ssh_public_key
+ # chmod 600 $authorized_keys
+ # chown $username:$username $authorized_keys
+ else
+ log_action_msg "EC2: Already loaded ssh public key for user $username"
+ fi
+ log_action_msg "
+ == WARNING ==
+ No ssh public key found!
+ If you launch an instance without specifying a keypair,
+ you can't connect to the instance.
+ Please terminate this instance and launch a new EC2 instance.
+ Don't forget to create a keypair or select an existing one
+ before you launch the new instance"
+log_action_msg "EC2: -----END FETCH SSH PUBLIC KEY-----"
+# Tear down the config session
+$SHELL_API teardownSession
+if [ $? -ne 0 ]; then
+ echo "An error occured while tearing down the session!"
+ exit 0
+exit 0
diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing
index ac020c96..b172b6f6 100755
--- a/scripts/install/install-image-existing
+++ b/scripts/install/install-image-existing
@@ -27,7 +27,7 @@ get_grub_index () {
is_kvm=`echo $cur_line | grep KVM`
is_serial=`echo $cur_line | grep Serial`
# index 0 is KVM, 1 is Serial
if [ -n "$is_serial" ]; then
echo 1
@@ -36,6 +36,21 @@ get_grub_index () {
+# Check if installing on AWS EC2 AMI
+is_amazon_ec2_ami () {
+ ami_id_url=
+ ami_id=$(/usr/bin/curl --silent "$ami_id_url")
+ if [ -n "$ami_id" ]; then
+ echo "Installing on VyOS AMI"
+ # Create a temporary file to provide conditional
+ # check for init.d config in
+ # /debian/ L215
+ touch ${INST_ROOT}${VYATTA_CFG_DIR}/.aws
+ fi
if [ `whoami` != 'root' ] ; then
failure_exit 'This script must be run with root privileges.'
@@ -145,7 +160,7 @@ if [ ! -f "$squash_img" ] || [ -z "$boot_files" ]; then
becho 'Cannot find the files. Exiting...'
exit 1
cp -p $squash_img $target_squash >&/dev/null
cp --no-dereference --preserve=all $boot_files $REL_ROOT/ >&/dev/null
@@ -242,21 +257,33 @@ fi
if [ -e "$DEF_GRUB" ]; then
echo "Setting up grub configuration..."
- new_index=$(get_grub_index)
- def_grub_vers=/tmp/def_grub.$$
- cp $DEF_GRUB $def_grub_vers
- sed -i "s/menuentry \"VyOS.*(/menuentry \"VyOS $NEWNAME (/" $def_grub_vers
- sed -i "s/menuentry \"Lost password change.*(/menuentry \"Lost password change $NEWNAME (/" $def_grub_vers
- sed -i "sX/boot/[A-Za-z0-9\.\-]*X/boot/${NEWNAME}Xg" $def_grub_vers
- old_grub_cfg=$BOOT_DIR/grub/grub.cfg
- new_grub_cfg=/tmp/grub.cfg.$$
- sed -n '/^menuentry/q;p' $old_grub_cfg >$new_grub_cfg
- cat $def_grub_vers >> $new_grub_cfg
- sed -n '/^menuentry/,${p}' $old_grub_cfg >>$new_grub_cfg
- sed -i "s/^set default=[0-9]\+$/set default=$new_index/" $new_grub_cfg
- mv $new_grub_cfg $old_grub_cfg
+ if is_amazon_ec2_ami; then
+ sed -i '/menuentry/ i\
+ menuentry '"VyOS AMI (HVM) $NEWNAME"' { \
+ linux /boot/'$NEWNAME'/vmlinuz boot=live quiet vyatta-union=/boot/'$NEWNAME' console=ttyS0 \
+ initrd /boot/'$NEWNAME'/initrd.img \
+ } \
+ ' $BOOT_DIR/grub/grub.cfg
+ else
+ new_index=$(get_grub_index)
+ def_grub_vers=/tmp/def_grub.$$
+ cp $DEF_GRUB $def_grub_vers
+ sed -i "s/menuentry \"VyOS.*(/menuentry \"VyOS $NEWNAME (/" $def_grub_vers
+ sed -i "s/menuentry \"Lost password change.*(/menuentry \"Lost password change $NEWNAME (/" $def_grub_vers
+ sed -i "sX/boot/[A-Za-z0-9\.\-]*X/boot/${NEWNAME}Xg" $def_grub_vers
+ old_grub_cfg=$BOOT_DIR/grub/grub.cfg
+ new_grub_cfg=/tmp/grub.cfg.$$
+ sed -n '/^menuentry/q;p' $old_grub_cfg >$new_grub_cfg
+ cat $def_grub_vers >> $new_grub_cfg
+ sed -n '/^menuentry/,${p}' $old_grub_cfg >>$new_grub_cfg
+ sed -i "s/^set default=[0-9]\+$/set default=$new_index/" $new_grub_cfg
+ mv $new_grub_cfg $old_grub_cfg
+ fi
# Update the default image symlink used by Xen
if [ -L $BOOT_DIR/%%default_image ]; then
@@ -271,4 +298,3 @@ echo 'Done.'
# done
exit 0