1af8f4864Sjmcneill#!/bin/sh 2af8f4864Sjmcneill# 3*c2966121Sriastradh# $NetBSD: ec2_init,v 1.6 2023/09/27 00:27:07 riastradh Exp $ 4af8f4864Sjmcneill# 5af8f4864Sjmcneill# PROVIDE: ec2_init 6af8f4864Sjmcneill# REQUIRE: NETWORKING 7af8f4864Sjmcneill# BEFORE: LOGIN 8af8f4864Sjmcneill 9af8f4864Sjmcneill$_rc_subr_loaded . /etc/rc.subr 10af8f4864Sjmcneill 11af8f4864Sjmcneillname="ec2_init" 12af8f4864Sjmcneillrcvar=${name} 13af8f4864Sjmcneillstart_cmd="ec2_init" 14af8f4864Sjmcneillstop_cmd=":" 15af8f4864Sjmcneill 16c99ed817SjmcneillCLOUD_TYPE=EC2 # default 17c99ed817Sjmcneill 18*c2966121Sriastradhcase "$(/sbin/sysctl -n machdep.dmi.chassis-asset-tag 2>/dev/null)" in 19c99ed817SjmcneillOracleCloud*) 20c99ed817Sjmcneill CLOUD_TYPE=OCI 21c99ed817Sjmcneill ;; 22c99ed817Sjmcneillesac 23c99ed817Sjmcneill 24c99ed817Sjmcneillcase ${CLOUD_TYPE} in 25c99ed817SjmcneillEC2) 26fc920d3dSjmcneill EC2_USER="ec2-user" 27af8f4864Sjmcneill METADATA_URL="http://169.254.169.254/latest/meta-data/" 28af8f4864Sjmcneill SSH_KEY_URL="public-keys/0/openssh-key" 29c99ed817Sjmcneill ;; 30c99ed817SjmcneillOCI) 31c99ed817Sjmcneill EC2_USER="opc" 32c99ed817Sjmcneill METADATA_URL="http://169.254.169.254/opc/v1/instance/" 33c99ed817Sjmcneill SSH_KEY_URL="metadata/ssh_authorized_keys" 34c99ed817Sjmcneill ;; 35c99ed817Sjmcneillesac 36c99ed817Sjmcneill 37af8f4864SjmcneillHOSTNAME_URL="hostname" 38af8f4864Sjmcneill 39fc920d3dSjmcneillSSH_KEY_FILE="/home/${EC2_USER}/.ssh/authorized_keys" 40fc920d3dSjmcneill 417a21ea70SrhialtoOS_METADATA_URL="http://169.254.169.254/openstack/latest/meta_data.json" 427a21ea70Srhialto 43fc920d3dSjmcneillec2_newuser() 44fc920d3dSjmcneill{ 45c99ed817Sjmcneill echo "Creating ${CLOUD_TYPE} user account ${EC2_USER}" 46fc920d3dSjmcneill useradd -g users -G wheel,operator -m "${EC2_USER}" 47fc920d3dSjmcneill} 48af8f4864Sjmcneill 49ad4e5873Srhialtoextract_random_seed() 50ad4e5873Srhialto{ 51ad4e5873Srhialto sed -n -e '/random_seed/s/.*"random_seed": *"\([A-Za-z0-9+/=]*\)".*/\1/p' 52ad4e5873Srhialto} 53ad4e5873Srhialto 54af8f4864Sjmcneillec2_init() 55af8f4864Sjmcneill{ 56af8f4864Sjmcneill ( 57af8f4864Sjmcneill umask 022 58fc920d3dSjmcneill 597a21ea70Srhialto # set hostname; it may be 5-10 seconds for the metadata service 607a21ea70Srhialto # to become reachable. 617a21ea70Srhialto try=0 627a21ea70Srhialto while [ $((try++)) -lt 20 ] 637a21ea70Srhialto do 64ad4e5873Srhialto HOSTNAME=$(ftp -o - -q 2 "${METADATA_URL}${HOSTNAME_URL}") 657a21ea70Srhialto if [ -n "$HOSTNAME" ]; then 66c99ed817Sjmcneill echo "Setting ${CLOUD_TYPE} hostname: ${HOSTNAME}" 677a21ea70Srhialto echo "$HOSTNAME" > /etc/myname 687a21ea70Srhialto hostname "$HOSTNAME" 697a21ea70Srhialto break 707a21ea70Srhialto fi 71c99ed817Sjmcneill echo "${CLOUD_TYPE} hostname not available yet (try $try)" 727a21ea70Srhialto sleep 1 737a21ea70Srhialto done 747a21ea70Srhialto 75c99ed817Sjmcneill # create cloud user 76fc920d3dSjmcneill id "${EC2_USER}" >/dev/null 2>&1 || ec2_newuser 77fc920d3dSjmcneill 78c99ed817Sjmcneill # fetch the public key from the metadata service 79ad4e5873Srhialto EC2_SSH_KEY=$(ftp -o - -q 2 "${METADATA_URL}${SSH_KEY_URL}") 80af8f4864Sjmcneill 81af8f4864Sjmcneill if [ -n "$EC2_SSH_KEY" ]; then 82af8f4864Sjmcneill # A key pair is associated with this instance, add it 83fc920d3dSjmcneill # to EC2_USER's 'authorized_keys' file 84af8f4864Sjmcneill mkdir -p $(dirname "$SSH_KEY_FILE") 85fc920d3dSjmcneill chown "${EC2_USER}:users" $(dirname "$SSH_KEY_FILE") 86af8f4864Sjmcneill touch "$SSH_KEY_FILE" 87fc920d3dSjmcneill chown "${EC2_USER}:users" "$SSH_KEY_FILE" 88af8f4864Sjmcneill cd $(dirname "$SSH_KEY_FILE") 89af8f4864Sjmcneill 90af8f4864Sjmcneill grep -q "$EC2_SSH_KEY" "$SSH_KEY_FILE" 91af8f4864Sjmcneill if [ $? -ne 0 ]; then 92c99ed817Sjmcneill echo "Setting ${CLOUD_TYPE} SSH public key for user ${EC2_USER}: ${EC2_SSH_KEY##* }" 93af8f4864Sjmcneill echo "$EC2_SSH_KEY" >> "$SSH_KEY_FILE" 94af8f4864Sjmcneill fi 95af8f4864Sjmcneill fi 96af8f4864Sjmcneill 97ad4e5873Srhialto # May contain a "random_seed". 98ad4e5873Srhialto OS_METADATA="$(ftp -o - -q 2 ${OS_METADATA_URL})" 997a21ea70Srhialto if echo "$OS_METADATA" | grep -q random_seed; then 100ad4e5873Srhialto echo "$OS_METADATA" | extract_random_seed | 101ad4e5873Srhialto base64 -di >> /dev/urandom 1027a21ea70Srhialto fi 103af8f4864Sjmcneill ) 104af8f4864Sjmcneill} 105af8f4864Sjmcneill 106af8f4864Sjmcneillload_rc_config $name 107af8f4864Sjmcneillrun_rc_command "$1" 108