al/tiny-cloud
al/tiny-cloud
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/cloud/tiny-cloud.git synced 2025-12-15 11:22:43 +03:00
Code Packages Wiki

Support IMDSv2 / Make shellcheck Happier

Browse Source 
* get/use Instance MetaData Service v2 token, thanks @junkb (resolves #6)
* make shellcheck happier
* fix installation of multiple SSH keys for EC2_USER
* use 'grep -q' to detect shebang in user_data
This commit is contained in:
Jake Buchholz 2020-05-01 15:00:36 -07:00 committed by Mike Crute
parent 0805173154
commit 07a0b9f3c8
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
tiny-ec2-bootstrap
View File

@ -5,15 +5,22 @@ description="Provides EC2 cloud bootstrap"
# override in /etc/conf.d/tiny-ec2-bootstrap
EC2_USER=${EC2_USER:-alpine}
IMDS2_TOKEN_TTL=${IMDS2_TOKEN_TTL:-5}
depend() {
need net
provide cloud-final
}
_get_metadata_token() {
echo -ne "PUT /latest/api/token HTTP/1.0\r\nX-aws-ec2-metadata-token-ttl-seconds: $IMDS2_TOKEN_TTL\r\n\r\n" |
nc 169.254.169.254 80 | tail -n 1
}
_get_metadata() {
local uri="$1"
wget -qO - "http://169.254.169.254/latest/$uri" 2>/dev/null
wget -qO - --header "X-aws-ec2-metadata-token: $(_get_metadata_token)" \
"http://169.254.169.254/latest/$uri" 2>/dev/null
}
_update_hostname() {
@ -26,8 +33,8 @@ _update_hostname() {
_set_ssh_keys() {
local user="$1"
local group="$(getent passwd $user | cut -d: -f4)"
local ssh_dir="$(getent passwd $user | cut -d: -f6)/.ssh"
local group="$(getent passwd "$user" | cut -d: -f4)"
local ssh_dir="$(getent passwd "$user" | cut -d: -f6)/.ssh"
local keys_file="$ssh_dir/authorized_keys"
if [ ! -d "$ssh_dir" ]; then
@ -39,16 +46,16 @@ _set_ssh_keys() {
touch "$keys_file"
chmod 600 "$keys_file"
chown -R $user:$group "$ssh_dir"
chown -R "$user:$group" "$ssh_dir"
for key in "$(_get_metadata meta-data/public-keys/)"; do
echo $(_get_metadata "meta-data/public-keys/${key%=*}/openssh-key/") >> "$keys_file"
for key in $(_get_metadata meta-data/public-keys/); do
_get_metadata "meta-data/public-keys/${key%=*}/openssh-key/" >> "$keys_file"
done
}
_run_userdata() {
user_data=$(_get_metadata user-data)
if echo $user_data | grep '^#!/' 2>&1 >/dev/null; then
if echo "$user_data" | grep -q '^#!/'; then
echo "$user_data" > /var/lib/cloud/user-data.sh
chmod +x /var/lib/cloud/user-data.sh
/var/lib/cloud/user-data.sh 2>&1 | tee /var/log/cloud-bootstrap.log
@ -57,7 +64,7 @@ _run_userdata() {
}
_resize_root_partition() {
resize2fs $(mountpoint -n / | cut -d' ' -f1)
resize2fs "$(mountpoint -n / | cut -d' ' -f1)"
}
_disable_password() {