summaryrefslogtreecommitdiff
path: root/ec2init
diff options
context:
space:
mode:
Diffstat (limited to 'ec2init')
-rw-r--r--ec2init/CloudConfig.py9
-rw-r--r--ec2init/__init__.py3
2 files changed, 12 insertions, 0 deletions
diff --git a/ec2init/CloudConfig.py b/ec2init/CloudConfig.py
index 9c58246f..17a14363 100644
--- a/ec2init/CloudConfig.py
+++ b/ec2init/CloudConfig.py
@@ -23,6 +23,7 @@ import ec2init.util as util
import subprocess
import os
import glob
+import sys
per_instance="once-per-instance"
@@ -37,11 +38,13 @@ class CloudConfig():
self.cloud.get_data_source()
self.add_handler('apt-update-upgrade', self.h_apt_update_upgrade)
self.add_handler('config-ssh')
+ self.add_handler('disable-ec2-metadata')
def get_config_obj(self,cfgfile):
f=file(cfgfile)
cfg=yaml.load(f.read())
f.close()
+ if cfg is None: cfg = { }
return(util.mergedict(cfg,self.cloud.cfg))
def convert_old_config(self):
@@ -143,6 +146,12 @@ class CloudConfig():
return(True)
+ def h_disable_ec2_metadata(self,name,args):
+ if util.get_cfg_option_bool(self.cfg, "disable_ec2_metadata", False):
+ #fwall="iptables -A OUTPUT -p tcp --dport 80 --destination 169.254.169.254 -j REJECT"
+ fwall="route add -host 169.254.169.254 reject"
+ subprocess.call(fwall.split(' '))
+
def h_config_ssh(self,name,args):
# remove the static keys from the pristine image
for f in glob.glob("/etc/ssh/ssh_host_*_key*"):
diff --git a/ec2init/__init__.py b/ec2init/__init__.py
index 9d701619..80203c80 100644
--- a/ec2init/__init__.py
+++ b/ec2init/__init__.py
@@ -73,12 +73,15 @@ class EC2Init:
stream.close()
except:
pass
+
+ if conf is None: conf = { }
# support reading the old ConfigObj format file and merging
# it into the yaml dictionary
try:
from configobj import ConfigObj
oldcfg = ConfigObj(self.old_conffile)
+ if oldcfg is None: oldcfg = { }
conf = util.mergedict(conf,oldcfg)
except:
pass