mirror of
https://gitlab.alpinelinux.org/alpine/cloud/tiny-cloud.git
synced 2026-05-06 15:50:47 +03:00
Compare commits
2 Commits
545763d8c1
...
defc504ce2
| Author | SHA1 | Date | |
|---|---|---|---|
|
defc504ce2 | ||
|
744b4829ae |
15
README.md
15
README.md
@ -120,21 +120,6 @@ The default endpoint is `169.254.169.254` for most cloud providers. This
|
|||||||
setting allows you to specify a custom IP address and optional port for the
|
setting allows you to specify a custom IP address and optional port for the
|
||||||
metadata service.
|
metadata service.
|
||||||
|
|
||||||
### AWS Metadata API Version
|
|
||||||
|
|
||||||
For AWS-compatible metadata services that don't support IMDSv2 tokens (like
|
|
||||||
Tinkerbell's Hegel), you can specify the API version in `/etc/tiny-cloud.conf`:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
# Use IMDSv1 (2009-04-04) without tokens for Tinkerbell
|
|
||||||
CLOUD=aws
|
|
||||||
IMDS_ENDPOINT=192.0.2.1:50061
|
|
||||||
IMDS_URI=2009-04-04
|
|
||||||
```
|
|
||||||
|
|
||||||
The default is `latest` which uses IMDSv2 with token authentication. Setting
|
|
||||||
`IMDS_URI=2009-04-04` uses the older IMDSv1 API without tokens.
|
|
||||||
|
|
||||||
## Operation
|
## Operation
|
||||||
|
|
||||||
The first time an instance boots -- either freshly instantiated from an image,
|
The first time an instance boots -- either freshly instantiated from an image,
|
||||||
|
|||||||
@ -5,22 +5,14 @@
|
|||||||
IMDS_HEADER="X-aws-ec2-metadata-token"
|
IMDS_HEADER="X-aws-ec2-metadata-token"
|
||||||
IMDS_TOKEN_TTL_HEADER="X-aws-ec2-metadata-token-ttl-seconds"
|
IMDS_TOKEN_TTL_HEADER="X-aws-ec2-metadata-token-ttl-seconds"
|
||||||
: "${IMDS_TOKEN_TTL:=5}"
|
: "${IMDS_TOKEN_TTL:=5}"
|
||||||
# Allow override of IMDS API version (default: latest, can use 2009-04-04 for IMDSv1)
|
IMDS_URI="latest"
|
||||||
: "${IMDS_URI:=latest}"
|
|
||||||
|
|
||||||
_imds_token() {
|
_imds_token() {
|
||||||
# Only try to get token if using 'latest' API version (IMDSv2)
|
printf "PUT /latest/api/token HTTP/1.0\r\n%s: %s\r\n\r\n" \
|
||||||
# Older versions like 2009-04-04 don't support tokens (IMDSv1)
|
"$IMDS_TOKEN_TTL_HEADER" "$IMDS_TOKEN_TTL" \
|
||||||
if [ "$IMDS_URI" = "latest" ]; then
|
| nc -w 1 "$IMDS_ENDPOINT" 80 | tail -n 1
|
||||||
printf "PUT /latest/api/token HTTP/1.0\r\n%s: %s\r\n\r\n" \
|
|
||||||
"$IMDS_TOKEN_TTL_HEADER" "$IMDS_TOKEN_TTL" \
|
|
||||||
| nc -w 1 "$IMDS_ENDPOINT" 80 | tail -n 1
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
_imds_header() {
|
_imds_header() {
|
||||||
local token="$(_imds_token)"
|
echo "$IMDS_HEADER: $(_imds_token)"
|
||||||
if [ -n "$token" ]; then
|
|
||||||
echo "$IMDS_HEADER: $token"
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -13,12 +13,7 @@
|
|||||||
# Useful for custom metadata services
|
# Useful for custom metadata services
|
||||||
#IMDS_ENDPOINT=169.254.169.254
|
#IMDS_ENDPOINT=169.254.169.254
|
||||||
|
|
||||||
# IMDS API version (AWS only)
|
# IMDS token validity, in seconds (AWS only)
|
||||||
# Defaults to 'latest' (IMDSv2 with tokens)
|
|
||||||
# Use '2009-04-04' for IMDSv1 without tokens (e.g., Tinkerbell)
|
|
||||||
#IMDS_URI=latest
|
|
||||||
|
|
||||||
# IMDS token validity, in seconds (AWS only, IMDSv2)
|
|
||||||
#IMDS_TOKEN_TTL=5
|
#IMDS_TOKEN_TTL=5
|
||||||
|
|
||||||
# Location of var directory
|
# Location of var directory
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user