11.1Sjmcneill#!/bin/sh
21.1Sjmcneill#
31.6Sriastrad# $NetBSD: ec2_init,v 1.6 2023/09/27 00:27:07 riastradh Exp $
41.1Sjmcneill#
51.1Sjmcneill# PROVIDE: ec2_init
61.1Sjmcneill# REQUIRE: NETWORKING
71.1Sjmcneill# BEFORE:  LOGIN
81.1Sjmcneill
91.1Sjmcneill$_rc_subr_loaded . /etc/rc.subr
101.1Sjmcneill
111.1Sjmcneillname="ec2_init"
121.1Sjmcneillrcvar=${name}
131.1Sjmcneillstart_cmd="ec2_init"
141.1Sjmcneillstop_cmd=":"
151.1Sjmcneill
161.5SjmcneillCLOUD_TYPE=EC2	# default
171.5Sjmcneill
181.6Sriastradcase "$(/sbin/sysctl -n machdep.dmi.chassis-asset-tag 2>/dev/null)" in
191.5SjmcneillOracleCloud*)
201.5Sjmcneill	CLOUD_TYPE=OCI
211.5Sjmcneill	;;
221.5Sjmcneillesac
231.5Sjmcneill
241.5Sjmcneillcase ${CLOUD_TYPE} in
251.5SjmcneillEC2)
261.5Sjmcneill	EC2_USER="ec2-user"
271.5Sjmcneill	METADATA_URL="http://169.254.169.254/latest/meta-data/"
281.5Sjmcneill	SSH_KEY_URL="public-keys/0/openssh-key"
291.5Sjmcneill	;;
301.5SjmcneillOCI)
311.5Sjmcneill	EC2_USER="opc"
321.5Sjmcneill	METADATA_URL="http://169.254.169.254/opc/v1/instance/"
331.5Sjmcneill	SSH_KEY_URL="metadata/ssh_authorized_keys"
341.5Sjmcneill	;;
351.5Sjmcneillesac
361.5Sjmcneill
371.1SjmcneillHOSTNAME_URL="hostname"
381.1Sjmcneill
391.2SjmcneillSSH_KEY_FILE="/home/${EC2_USER}/.ssh/authorized_keys"
401.2Sjmcneill
411.3SrhialtoOS_METADATA_URL="http://169.254.169.254/openstack/latest/meta_data.json"
421.3Srhialto
431.2Sjmcneillec2_newuser()
441.2Sjmcneill{
451.5Sjmcneill	echo "Creating ${CLOUD_TYPE} user account ${EC2_USER}"
461.2Sjmcneill	useradd -g users -G wheel,operator -m "${EC2_USER}"
471.2Sjmcneill}
481.1Sjmcneill
491.4Srhialtoextract_random_seed()
501.4Srhialto{
511.4Srhialto	sed -n -e '/random_seed/s/.*"random_seed": *"\([A-Za-z0-9+/=]*\)".*/\1/p'
521.4Srhialto}
531.4Srhialto
541.1Sjmcneillec2_init()
551.1Sjmcneill{
561.1Sjmcneill	(
571.1Sjmcneill	umask 022
581.2Sjmcneill
591.3Srhialto	# set hostname; it may be 5-10 seconds for the metadata service
601.5Sjmcneill	# to become reachable.
611.3Srhialto	try=0
621.3Srhialto	while [ $((try++)) -lt 20 ]
631.3Srhialto	do
641.4Srhialto		HOSTNAME=$(ftp -o - -q 2 "${METADATA_URL}${HOSTNAME_URL}")
651.3Srhialto		if [ -n "$HOSTNAME" ]; then
661.5Sjmcneill			echo "Setting ${CLOUD_TYPE} hostname: ${HOSTNAME}"
671.3Srhialto			echo "$HOSTNAME" > /etc/myname
681.3Srhialto			hostname "$HOSTNAME"
691.3Srhialto			break
701.3Srhialto		fi
711.5Sjmcneill		echo "${CLOUD_TYPE} hostname not available yet (try $try)"
721.3Srhialto		sleep 1
731.3Srhialto	done
741.3Srhialto
751.5Sjmcneill	# create cloud user
761.2Sjmcneill	id "${EC2_USER}" >/dev/null 2>&1 || ec2_newuser
771.2Sjmcneill
781.5Sjmcneill	# fetch the public key from the metadata service
791.4Srhialto	EC2_SSH_KEY=$(ftp -o - -q 2 "${METADATA_URL}${SSH_KEY_URL}")
801.1Sjmcneill
811.1Sjmcneill	if [ -n "$EC2_SSH_KEY" ]; then
821.1Sjmcneill		# A key pair is associated with this instance, add it
831.2Sjmcneill		# to EC2_USER's 'authorized_keys' file
841.1Sjmcneill		mkdir -p $(dirname "$SSH_KEY_FILE")
851.2Sjmcneill		chown "${EC2_USER}:users" $(dirname "$SSH_KEY_FILE")
861.1Sjmcneill		touch "$SSH_KEY_FILE"
871.2Sjmcneill		chown "${EC2_USER}:users" "$SSH_KEY_FILE"
881.1Sjmcneill		cd $(dirname "$SSH_KEY_FILE")
891.1Sjmcneill
901.1Sjmcneill		grep -q "$EC2_SSH_KEY" "$SSH_KEY_FILE"
911.1Sjmcneill		if [ $? -ne 0 ]; then
921.5Sjmcneill			echo "Setting ${CLOUD_TYPE} SSH public key for user ${EC2_USER}: ${EC2_SSH_KEY##* }"
931.1Sjmcneill			echo "$EC2_SSH_KEY" >> "$SSH_KEY_FILE"
941.1Sjmcneill		fi
951.1Sjmcneill	fi
961.1Sjmcneill
971.4Srhialto	# May contain a "random_seed".
981.4Srhialto	OS_METADATA="$(ftp -o - -q 2 ${OS_METADATA_URL})"
991.3Srhialto	if echo "$OS_METADATA" | grep -q random_seed; then
1001.4Srhialto		echo "$OS_METADATA" | extract_random_seed |
1011.4Srhialto		    base64 -di >> /dev/urandom
1021.3Srhialto	fi
1031.1Sjmcneill	)
1041.1Sjmcneill}
1051.1Sjmcneill
1061.1Sjmcneillload_rc_config $name
1071.1Sjmcneillrun_rc_command "$1"
108