Merge branch 'aws_custom' into 'main'

Allow to override default IMDS endpoint See merge request alpine/cloud/tiny-cloud!147
Add support for AWS IMDSv1
2026-05-06 15:50:47 +03:00 · 2026-03-25 19:12:14 +00:00 · 2026-03-25 20:09:10 +01:00 · 2026-03-25 20:08:30 +01:00
4 changed files with 56 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -105,6 +105,36 @@ Alternatively, you can add `tinycloud=cloud=<cloud>` (preferred) or `ds=<cloud>`
 `/sys/class/dmi/id/product_serial` (QEMU hack) is another way to explicitly
 choose a cloud provider.
 ### Custom Metadata Service Endpoint
 For custom or non-standard metadata services, you can
 override the default IMDS endpoint by setting `IMDS_ENDPOINT` in
 `/etc/tiny-cloud.conf`:
 ```sh
 # For Tinkerbell or other custom metadata services
 IMDS_ENDPOINT=192.0.2.1:50061
 ```
 The default endpoint is `169.254.169.254` for most cloud providers. This
 setting allows you to specify a custom IP address and optional port for the
 metadata service.
 ### AWS Metadata API Version
 For AWS-compatible metadata services that don't support IMDSv2 tokens (like
 Tinkerbell's Hegel), you can specify the API version in `/etc/tiny-cloud.conf`:
 ```sh
 # Use IMDSv1 (2009-04-04) without tokens for Tinkerbell
 CLOUD=aws
 IMDS_ENDPOINT=192.0.2.1:50061
 IMDS_URI=2009-04-04
 ```
 The default is `latest` which uses IMDSv2 with token authentication. Setting
 `IMDS_URI=2009-04-04` uses the older IMDSv1 API without tokens.
 ## Operation
 The first time an instance boots -- either freshly instantiated from an image,
--- a/bin/imds
+++ b/bin/imds
@ -52,7 +52,8 @@ unset -f \
 ### default variables/functions
 # Common to many clouds
-IMDS_ENDPOINT="169.254.169.254"
+# Can be overridden in /etc/tiny-cloud.conf
 : "${IMDS_ENDPOINT:=169.254.169.254}"
 # Common to AWS and NoCloud(ish)
 IMDS_HOSTNAME="meta-data/hostname"
--- a/lib/tiny-cloud/cloud/aws/imds
+++ b/lib/tiny-cloud/cloud/aws/imds
@ -5,14 +5,22 @@
 IMDS_HEADER="X-aws-ec2-metadata-token"
 IMDS_TOKEN_TTL_HEADER="X-aws-ec2-metadata-token-ttl-seconds"
 : "${IMDS_TOKEN_TTL:=5}"
-IMDS_URI="latest"
+# Allow override of IMDS API version (default: latest, can use 2009-04-04 for IMDSv1)
 : "${IMDS_URI:=latest}"
 _imds_token() {
-	printf "PUT /latest/api/token HTTP/1.0\r\n%s: %s\r\n\r\n" \
+	# Only try to get token if using 'latest' API version (IMDSv2)
-		"$IMDS_TOKEN_TTL_HEADER" "$IMDS_TOKEN_TTL" \
+	# Older versions like 2009-04-04 don't support tokens (IMDSv1)
-		| nc -w 1 "$IMDS_ENDPOINT" 80 | tail -n 1
+	if [ "$IMDS_URI" = "latest" ]; then
 		printf "PUT /latest/api/token HTTP/1.0\r\n%s: %s\r\n\r\n" \
 			"$IMDS_TOKEN_TTL_HEADER" "$IMDS_TOKEN_TTL" \
 			| nc -w 1 "$IMDS_ENDPOINT" 80 | tail -n 1
 	fi
 }
 _imds_header() {
-	echo "$IMDS_HEADER: $(_imds_token)"
+	local token="$(_imds_token)"
 	if [ -n "$token" ]; then
 		echo "$IMDS_HEADER: $token"
 	fi
 }
--- a/lib/tiny-cloud/tiny-cloud.conf
+++ b/lib/tiny-cloud/tiny-cloud.conf
@ -8,7 +8,17 @@
 # User account where instance SSH keys are installed
 #CLOUD_USER=alpine
-# IMDS token validity, in seconds (AWS only)
+# IMDS endpoint override (IP:PORT or IP)
 # Defaults to 169.254.169.254 for most clouds
 # Useful for custom metadata services
 #IMDS_ENDPOINT=169.254.169.254
 # IMDS API version (AWS only)
 # Defaults to 'latest' (IMDSv2 with tokens)
 # Use '2009-04-04' for IMDSv1 without tokens (e.g., Tinkerbell)
 #IMDS_URI=latest
 # IMDS token validity, in seconds (AWS only, IMDSv2)
 #IMDS_TOKEN_TTL=5
 # Location of var directory
Author	SHA1	Message	Date
Leonardo Arena	545763d8c1	Merge branch 'aws_custom' into 'main' Allow to override default IMDS endpoint See merge request alpine/cloud/tiny-cloud!147	2026-03-25 19:12:14 +00:00
Leonardo Arena	0a877f2eb9	Add support for AWS IMDSv1	2026-03-25 20:09:10 +01:00
Leonardo Arena	b5adb70a48	Allow to override default IMDS endpoint	2026-03-25 20:08:30 +01:00