blob: 05955f059a6217db4aed9fc698ecfe8db151efe2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
#!/bin/bash
### BEGIN INIT INFO
# Provides: ec2-fetch-ssh-public-key
# Required-Start: vyatta-router
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop:
# Short-Description: AWS EC2 instance init script to fetch and load ssh public key
# Description: Retrieve user's public ssh key from EC2 instance metadata
# and load/set the key in config.boot
### END INIT INFO
# Author: hydrajump <wave@hydrajump.com>
#
# Based on http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/building-shared-amis.html#public-amis-install-credentials
# https://github.com/andsens/bootstrap-vz/blob/master/providers/ec2/assets/init.d/ec2-get-credentials
. /lib/lsb/init-functions
: ${vyatta_env:=/etc/default/vyatta}
source $vyatta_env
# Configuration commands
SHELL_API=/bin/cli-shell-api
COMMIT=/opt/vyatta/sbin/my_commit
SAVE=/opt/vyatta/sbin/vyatta-save-config.pl
LOADKEY=/opt/vyatta/sbin/vyatta-load-user-key.pl
public_key_url=http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
username='vyos'
ssh_dir="/home/$username/.ssh"
authorized_keys="$ssh_dir/authorized_keys"
group='vyattacfg'
# Obtain config session environment
session_env=$($SHELL_API getSessionEnv $PPID)
if [ $? -ne 0 ]; then
echo "An error occured while obtaining session environment!"
exit 0
fi
# Evaluate config environment string
eval $session_env
# Setup the config session
$SHELL_API setupSession
if [ $? -ne 0 ]; then
echo "An error occured while setting up the configuration session!"
exit 0
fi
load_ssh_public_key ()
{
# Doesn't work.
# if [ -x $vyatta_sbindir/vyatta-load-user-key.pl ]; then
# log_action_msg "Loaded ssh public key for user $username"
# sg ${group} -c "$vyatta_sbindir/vyatta-load-user-key.pl $username $public_key"
# fi
# Do this instead
# Obtain session environment
# Evaluate environment string
# Setup the session
# Commit and save config change
# Tear down the session
log_action_msg "EC2: Loaded ssh public key for user $username"
$LOADKEY $username $public_key_url
# Commit and save to config.boot
$COMMIT
$SAVE
}
# Try to get the ssh public key from instance metadata
log_action_msg "EC2: -----BEGIN FETCH SSH PUBLIC KEY-----"
log_action_msg "EC2: Requesting ssh public key from EC2 instance metadata"
public_key=`/usr/bin/curl --silent -f $public_key_url`
if [ -n "$public_key" ]; then
log_action_msg "EC2: Downloaded ssh public key from EC2 instance metadata"
if [ ! -d $ssh_dir ]; then
mkdir -m 700 $ssh_dir
# chown $username:$username $ssh_dir
fi
# Check if the ssh public key is already loaded
if ! grep -s -q "$public_key" $authorized_keys; then
load_ssh_public_key
# chmod 600 $authorized_keys
# chown $username:$username $authorized_keys
else
log_action_msg "EC2: Already loaded ssh public key for user $username"
fi
else
log_action_msg "
== WARNING ==
No ssh public key found!
If you launch an instance without specifying a keypair,
you can't connect to the instance.
Please terminate this instance and launch a new EC2 instance.
== IMPORTANT ==
Don't forget to create a keypair or select an existing one
before you launch the new instance"
fi
log_action_msg "EC2: -----END FETCH SSH PUBLIC KEY-----"
# Tear down the config session
$SHELL_API teardownSession
if [ $? -ne 0 ]; then
echo "An error occured while tearing down the session!"
exit 0
fi
exit 0
|
