aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJake Buchholz <tomalok@gmail.com>2020-05-01 15:00:36 -0700
committerMike Crute <mike@crute.us>2020-05-05 15:03:03 -0700
commit07a0b9f3c881f3efdc7ef31aa179047be835262a (patch)
tree795a86001820d12c853ca7da9fbc54a9eeb8b4fb
parent080517315494517a1085aea7ea372421ca7220f3 (diff)
downloadtiny-ec2-bootstrap-07a0b9f3c881f3efdc7ef31aa179047be835262a.tar.bz2
tiny-ec2-bootstrap-07a0b9f3c881f3efdc7ef31aa179047be835262a.tar.xz
tiny-ec2-bootstrap-07a0b9f3c881f3efdc7ef31aa179047be835262a.zip
Support IMDSv2 / Make shellcheck Happierrelease-1.3.2
* get/use Instance MetaData Service v2 token, thanks @junkb (resolves #6) * make shellcheck happier * fix installation of multiple SSH keys for EC2_USER * use 'grep -q' to detect shebang in user_data
Diffstat
-rw-r--r--tiny-ec2-bootstrap23
1 files changed, 15 insertions, 8 deletions
diff --git a/tiny-ec2-bootstrap b/tiny-ec2-bootstrap
index 9c62afb..a8dea2e 100644
--- a/tiny-ec2-bootstrap
+++ b/tiny-ec2-bootstrap
@@ -5,15 +5,22 @@ description="Provides EC2 cloud bootstrap"
5 5
6# override in /etc/conf.d/tiny-ec2-bootstrap 6# override in /etc/conf.d/tiny-ec2-bootstrap
7EC2_USER=${EC2_USER:-alpine} 7EC2_USER=${EC2_USER:-alpine}
8IMDS2_TOKEN_TTL=${IMDS2_TOKEN_TTL:-5}
8 9
9depend() { 10depend() {
10 need net 11 need net
11 provide cloud-final 12 provide cloud-final
12} 13}
13 14
15_get_metadata_token() {
16 echo -ne "PUT /latest/api/token HTTP/1.0\r\nX-aws-ec2-metadata-token-ttl-seconds: $IMDS2_TOKEN_TTL\r\n\r\n" |
17 nc 169.254.169.254 80 | tail -n 1
18}
19
14_get_metadata() { 20_get_metadata() {
15 local uri="$1" 21 local uri="$1"
16 wget -qO - "http://169.254.169.254/latest/$uri" 2>/dev/null 22 wget -qO - --header "X-aws-ec2-metadata-token: $(_get_metadata_token)" \
23 "http://169.254.169.254/latest/$uri" 2>/dev/null
17} 24}
18 25
19_update_hostname() { 26_update_hostname() {
@@ -26,8 +33,8 @@ _update_hostname() {
26 33
27_set_ssh_keys() { 34_set_ssh_keys() {
28 local user="$1" 35 local user="$1"
29 local group="$(getent passwd $user | cut -d: -f4)" 36 local group="$(getent passwd "$user" | cut -d: -f4)"
30 local ssh_dir="$(getent passwd $user | cut -d: -f6)/.ssh" 37 local ssh_dir="$(getent passwd "$user" | cut -d: -f6)/.ssh"
31 local keys_file="$ssh_dir/authorized_keys" 38 local keys_file="$ssh_dir/authorized_keys"
32 39
33 if [ ! -d "$ssh_dir" ]; then 40 if [ ! -d "$ssh_dir" ]; then
@@ -39,16 +46,16 @@ _set_ssh_keys() {
39 46
40 touch "$keys_file" 47 touch "$keys_file"
41 chmod 600 "$keys_file" 48 chmod 600 "$keys_file"
42 chown -R $user:$group "$ssh_dir" 49 chown -R "$user:$group" "$ssh_dir"
43 50
44 for key in "$(_get_metadata meta-data/public-keys/)"; do 51 for key in $(_get_metadata meta-data/public-keys/); do
45 echo $(_get_metadata "meta-data/public-keys/${key%=*}/openssh-key/") >> "$keys_file" 52 _get_metadata "meta-data/public-keys/${key%=*}/openssh-key/" >> "$keys_file"
46 done 53 done
47} 54}
48 55
49_run_userdata() { 56_run_userdata() {
50 user_data=$(_get_metadata user-data) 57 user_data=$(_get_metadata user-data)
51 if echo $user_data | grep '^#!/' 2>&1 >/dev/null; then 58 if echo "$user_data" | grep -q '^#!/'; then
52 echo "$user_data" > /var/lib/cloud/user-data.sh 59 echo "$user_data" > /var/lib/cloud/user-data.sh
53 chmod +x /var/lib/cloud/user-data.sh 60 chmod +x /var/lib/cloud/user-data.sh
54 /var/lib/cloud/user-data.sh 2>&1 | tee /var/log/cloud-bootstrap.log 61 /var/lib/cloud/user-data.sh 2>&1 | tee /var/log/cloud-bootstrap.log
@@ -57,7 +64,7 @@ _run_userdata() {
57} 64}
58 65
59_resize_root_partition() { 66_resize_root_partition() {
60 resize2fs $(mountpoint -n / | cut -d' ' -f1) 67 resize2fs "$(mountpoint -n / | cut -d' ' -f1)"
61} 68}
62 69
63_disable_password() { 70_disable_password() {
© 2015 Mike Crute