ec2_init revision 1.4 
11.1Sjmcneill#!/bin/sh
21.1Sjmcneill#
31.4Srhialto# $NetBSD: ec2_init,v 1.4 2021/07/20 19:31:23 rhialto Exp $
41.1Sjmcneill#
51.1Sjmcneill# PROVIDE: ec2_init
61.1Sjmcneill# REQUIRE: NETWORKING
71.1Sjmcneill# BEFORE:  LOGIN
81.1Sjmcneill
91.1Sjmcneill$_rc_subr_loaded . /etc/rc.subr
101.1Sjmcneill
111.1Sjmcneillname="ec2_init"
121.1Sjmcneillrcvar=${name}
131.1Sjmcneillstart_cmd="ec2_init"
141.1Sjmcneillstop_cmd=":"
151.1Sjmcneill
161.2SjmcneillEC2_USER="ec2-user"
171.1SjmcneillMETADATA_URL="http://169.254.169.254/latest/meta-data/"
181.1SjmcneillSSH_KEY_URL="public-keys/0/openssh-key"
191.1SjmcneillHOSTNAME_URL="hostname"
201.1Sjmcneill
211.2SjmcneillSSH_KEY_FILE="/home/${EC2_USER}/.ssh/authorized_keys"
221.2Sjmcneill
231.3SrhialtoOS_METADATA_URL="http://169.254.169.254/openstack/latest/meta_data.json"
241.3Srhialto
251.2Sjmcneillec2_newuser()
261.2Sjmcneill{
271.2Sjmcneill	echo "Creating EC2 user account ${EC2_USER}"
281.2Sjmcneill	useradd -g users -G wheel,operator -m "${EC2_USER}"
291.2Sjmcneill}
301.1Sjmcneill
311.4Srhialtoextract_random_seed()
321.4Srhialto{
331.4Srhialto	sed -n -e '/random_seed/s/.*"random_seed": *"\([A-Za-z0-9+/=]*\)".*/\1/p'
341.4Srhialto}
351.4Srhialto
361.1Sjmcneillec2_init()
371.1Sjmcneill{
381.1Sjmcneill	(
391.1Sjmcneill	umask 022
401.2Sjmcneill
411.3Srhialto	# set hostname; it may be 5-10 seconds for the metadata service
421.3Srhialto	# to  become reachable.
431.3Srhialto	try=0
441.3Srhialto	while [ $((try++)) -lt 20 ]
451.3Srhialto	do
461.4Srhialto		HOSTNAME=$(ftp -o - -q 2 "${METADATA_URL}${HOSTNAME_URL}")
471.3Srhialto		if [ -n "$HOSTNAME" ]; then
481.3Srhialto			echo "Setting EC2 hostname: ${HOSTNAME}"
491.3Srhialto			echo "$HOSTNAME" > /etc/myname
501.3Srhialto			hostname "$HOSTNAME"
511.3Srhialto			break
521.3Srhialto		fi
531.3Srhialto		echo "EC2 hostname not available yet (try $try)"
541.3Srhialto		sleep 1
551.3Srhialto	done
561.3Srhialto
571.2Sjmcneill	# create EC2 user
581.2Sjmcneill	id "${EC2_USER}" >/dev/null 2>&1 || ec2_newuser
591.2Sjmcneill
601.3Srhialto	# fetch the public key from Amazon Web Services
611.4Srhialto	EC2_SSH_KEY=$(ftp -o - -q 2 "${METADATA_URL}${SSH_KEY_URL}")
621.1Sjmcneill
631.1Sjmcneill	if [ -n "$EC2_SSH_KEY" ]; then
641.1Sjmcneill		# A key pair is associated with this instance, add it
651.2Sjmcneill		# to EC2_USER's 'authorized_keys' file
661.1Sjmcneill		mkdir -p $(dirname "$SSH_KEY_FILE")
671.2Sjmcneill		chown "${EC2_USER}:users" $(dirname "$SSH_KEY_FILE")
681.1Sjmcneill		touch "$SSH_KEY_FILE"
691.2Sjmcneill		chown "${EC2_USER}:users" "$SSH_KEY_FILE"
701.1Sjmcneill		cd $(dirname "$SSH_KEY_FILE")
711.1Sjmcneill
721.1Sjmcneill		grep -q "$EC2_SSH_KEY" "$SSH_KEY_FILE"
731.1Sjmcneill		if [ $? -ne 0 ]; then
741.3Srhialto			echo "Setting EC2 SSH public key for user ${EC2_USER}: ${EC2_SSH_KEY##* }"
751.1Sjmcneill			echo "$EC2_SSH_KEY" >> "$SSH_KEY_FILE"
761.1Sjmcneill		fi
771.1Sjmcneill	fi
781.1Sjmcneill
791.4Srhialto	# May contain a "random_seed".
801.4Srhialto	OS_METADATA="$(ftp -o - -q 2 ${OS_METADATA_URL})"
811.3Srhialto	if echo "$OS_METADATA" | grep -q random_seed; then
821.4Srhialto		echo "$OS_METADATA" | extract_random_seed |
831.4Srhialto		    base64 -di >> /dev/urandom
841.3Srhialto	fi
851.1Sjmcneill	)
861.1Sjmcneill}
871.1Sjmcneill
881.1Sjmcneillload_rc_config $name
891.1Sjmcneillrun_rc_command "$1"
90