1 1.1 jmcneill #!/bin/sh 2 1.1 jmcneill # 3 1.8 jschauma # $NetBSD: ec2_init,v 1.8 2026/05/16 20:59:59 jschauma Exp $ 4 1.1 jmcneill # 5 1.1 jmcneill # PROVIDE: ec2_init 6 1.1 jmcneill # REQUIRE: NETWORKING 7 1.1 jmcneill # BEFORE: LOGIN 8 1.1 jmcneill 9 1.1 jmcneill $_rc_subr_loaded . /etc/rc.subr 10 1.1 jmcneill 11 1.1 jmcneill name="ec2_init" 12 1.1 jmcneill rcvar=${name} 13 1.1 jmcneill start_cmd="ec2_init" 14 1.1 jmcneill stop_cmd=":" 15 1.1 jmcneill 16 1.8 jschauma HOSTNAME_URL="hostname" 17 1.8 jschauma 18 1.7 jschauma IMDS_IP="169.254.169.254" 19 1.8 jschauma IMDS_IPv6="fd00:ec2::254" 20 1.5 jmcneill 21 1.8 jschauma CLOUD_TYPE=EC2 22 1.6 riastrad case "$(/sbin/sysctl -n machdep.dmi.chassis-asset-tag 2>/dev/null)" in 23 1.5 jmcneill OracleCloud*) 24 1.5 jmcneill CLOUD_TYPE=OCI 25 1.5 jmcneill ;; 26 1.5 jmcneill esac 27 1.5 jmcneill 28 1.8 jschauma EC2_USER="ec2-user" 29 1.5 jmcneill case ${CLOUD_TYPE} in 30 1.5 jmcneill EC2) 31 1.5 jmcneill EC2_USER="ec2-user" 32 1.8 jschauma METADATA_URL_PATH="latest/meta-data/" 33 1.5 jmcneill SSH_KEY_URL="public-keys/0/openssh-key" 34 1.5 jmcneill ;; 35 1.5 jmcneill OCI) 36 1.5 jmcneill EC2_USER="opc" 37 1.8 jschauma METADATA_URL_PATH="opc/v1/instance/" 38 1.5 jmcneill SSH_KEY_URL="metadata/ssh_authorized_keys" 39 1.5 jmcneill ;; 40 1.5 jmcneill esac 41 1.5 jmcneill 42 1.1 jmcneill 43 1.8 jschauma ec2_hostname() 44 1.8 jschauma { 45 1.8 jschauma # hostname may already be set via /etc/rc.d/network 46 1.8 jschauma if [ -n "$hostname" ] || [ -f /etc/myname ]; then 47 1.8 jschauma return 48 1.8 jschauma fi 49 1.2 jmcneill 50 1.8 jschauma ( 51 1.8 jschauma umask 022 52 1.8 jschauma HOSTNAME=$(ftp -o - -q 2 "${METADATA_URL}${HOSTNAME_URL}") 53 1.8 jschauma if [ -n "$HOSTNAME" ]; then 54 1.8 jschauma echo "Setting ${CLOUD_TYPE} hostname: ${HOSTNAME}" 55 1.8 jschauma echo "$HOSTNAME" > /etc/myname 56 1.8 jschauma hostname "$HOSTNAME" 57 1.8 jschauma break 58 1.8 jschauma fi 59 1.8 jschauma ) 60 1.8 jschauma } 61 1.3 rhialto 62 1.8 jschauma ec2_init() 63 1.2 jmcneill { 64 1.8 jschauma ec2_metadata 65 1.8 jschauma ec2_hostname 66 1.8 jschauma ec2_user 67 1.8 jschauma ec2_random_seed 68 1.2 jmcneill } 69 1.1 jmcneill 70 1.4 rhialto 71 1.8 jschauma ec2_metadata() 72 1.1 jmcneill { 73 1.8 jschauma local imds="${IMDS_IP}" 74 1.2 jmcneill 75 1.8 jschauma # It may be 5-10 seconds for the metadata service 76 1.8 jschauma # to become reachable. Try IPv4 first (AWS does not 77 1.8 jschauma # enable the IPv6 metadata endpoint by default), then 78 1.8 jschauma # IPv6 and use whichever works. 79 1.3 rhialto try=0 80 1.3 rhialto while [ $((try++)) -lt 20 ] 81 1.3 rhialto do 82 1.8 jschauma ftp -o /dev/null -q 2 http://${IMDS_IP}/${METADATA_URL_PATH}/${HOSTNAME_URL} >/dev/null 2>&1 83 1.8 jschauma if [ $? -eq 0 ]; then 84 1.3 rhialto break 85 1.3 rhialto fi 86 1.8 jschauma 87 1.8 jschauma ftp -o /dev/null -q 2 http://[${IMDS_IPv6}]/${METADATA_URL_PATH}/${HOSTNAME_URL} >/dev/null 2>&1 88 1.8 jschauma if [ $? -eq 0 ]; then 89 1.8 jschauma imds="[${IMDS_IPv6}]" 90 1.8 jschauma break 91 1.8 jschauma fi 92 1.8 jschauma 93 1.8 jschauma echo "Metadata service not available yet (try $try / 20)..." 94 1.3 rhialto sleep 1 95 1.3 rhialto done 96 1.3 rhialto 97 1.8 jschauma METADATA_URL="http://${imds}/${METADATA_URL_PATH}" 98 1.8 jschauma 99 1.8 jschauma SSH_KEY_FILE="/home/${EC2_USER}/.ssh/authorized_keys" 100 1.8 jschauma 101 1.8 jschauma OS_METADATA_URL="http://${imds}/openstack/latest/meta_data.json" 102 1.8 jschauma } 103 1.8 jschauma 104 1.8 jschauma ec2_newuser() 105 1.8 jschauma { 106 1.8 jschauma echo "Creating ${CLOUD_TYPE} user account ${EC2_USER}" 107 1.8 jschauma useradd -g users -G wheel,operator -m "${EC2_USER}" 108 1.8 jschauma } 109 1.8 jschauma 110 1.8 jschauma ec2_random_seed() 111 1.8 jschauma { 112 1.8 jschauma # May contain a "random_seed". 113 1.8 jschauma OS_METADATA="$(ftp -o - -q 2 ${OS_METADATA_URL} 2>/dev/null)" 114 1.8 jschauma if echo "$OS_METADATA" | grep -q random_seed; then 115 1.8 jschauma echo "$OS_METADATA" | extract_random_seed | 116 1.8 jschauma base64 -di >> /dev/urandom 117 1.8 jschauma fi 118 1.8 jschauma } 119 1.8 jschauma 120 1.8 jschauma ec2_user() 121 1.8 jschauma { 122 1.5 jmcneill # create cloud user 123 1.2 jmcneill id "${EC2_USER}" >/dev/null 2>&1 || ec2_newuser 124 1.2 jmcneill 125 1.5 jmcneill # fetch the public key from the metadata service 126 1.4 rhialto EC2_SSH_KEY=$(ftp -o - -q 2 "${METADATA_URL}${SSH_KEY_URL}") 127 1.1 jmcneill 128 1.1 jmcneill if [ -n "$EC2_SSH_KEY" ]; then 129 1.1 jmcneill # A key pair is associated with this instance, add it 130 1.2 jmcneill # to EC2_USER's 'authorized_keys' file 131 1.1 jmcneill mkdir -p $(dirname "$SSH_KEY_FILE") 132 1.2 jmcneill chown "${EC2_USER}:users" $(dirname "$SSH_KEY_FILE") 133 1.1 jmcneill touch "$SSH_KEY_FILE" 134 1.2 jmcneill chown "${EC2_USER}:users" "$SSH_KEY_FILE" 135 1.1 jmcneill cd $(dirname "$SSH_KEY_FILE") 136 1.1 jmcneill 137 1.1 jmcneill grep -q "$EC2_SSH_KEY" "$SSH_KEY_FILE" 138 1.1 jmcneill if [ $? -ne 0 ]; then 139 1.5 jmcneill echo "Setting ${CLOUD_TYPE} SSH public key for user ${EC2_USER}: ${EC2_SSH_KEY##* }" 140 1.1 jmcneill echo "$EC2_SSH_KEY" >> "$SSH_KEY_FILE" 141 1.1 jmcneill fi 142 1.1 jmcneill fi 143 1.8 jschauma } 144 1.1 jmcneill 145 1.8 jschauma extract_random_seed() 146 1.8 jschauma { 147 1.8 jschauma sed -n -e '/random_seed/s/.*"random_seed": *"\([A-Za-z0-9+/=]*\)".*/\1/p' 148 1.1 jmcneill } 149 1.1 jmcneill 150 1.1 jmcneill load_rc_config $name 151 1.1 jmcneill run_rc_command "$1" 152