Rename, refactor uncloud-init

This commit is contained in:
fnux 2020-01-23 13:53:14 +01:00
parent bd984a67d3
commit 715efd78e7
2 changed files with 76 additions and 105 deletions

View File

@ -1,105 +0,0 @@
#!/bin/sh
# Some Global Variables
ssh_authorized_keys_path='/root/.ssh/authorized_keys'
ssh_config_path='/etc/ssh/ssh_config'
sshd_config_path='/etc/ssh/sshd_config'
etc_resolv_path='/etc/resolv.conf'
# Functions
get_distro() {
OS=$(cat /etc/*release | grep ID | head -1 | cut -c 4-)
echo $OS
}
setup_ssh() {
tput setaf 2; tput bold; echo "Setting up SSH"; tput sgr0;
mkdir -p $(dirname $ssh_authorized_keys_path)
touch $ssh_authorized_keys_path
if ! grep -q "PasswordAuthentication no" $sshd_config_path; then
echo "PasswordAuthentication no" >> $sshd_config_path
fi
if ! grep -q "PermitRootLogin yes" $sshd_config_path; then
echo "PermitRootLogin yes" >> $sshd_config_path
fi
# TODO: Make sure to replace the following address with http://metadata
# whenever we got http://metadata resolving to url work successfully.
metadata=$(curl -s http://metadata)
echo "$metadata" | jq -r '.["ssh-keys"] | .[]' > ssh-key-list.txt
while read ssh_key; do
if ! grep -q "$ssh_key" $ssh_authorized_keys_path; then
echo $ssh_key >> $ssh_authorized_keys_path
fi
done < ssh-key-list.txt
rm -f ssh-key-list.txt
service -q sshd restart
}
grow_partition() {
tput setaf 2; tput bold; echo "Growing Partition"; tput sgr0;
# TODO: Try to replace the growpart to parted
sh growpart -q /dev/vda 3 > /dev/null;
}
make_script_verbose() {
# Show output of this script
if [[ ! -e /etc/conf.d/local ]] && ! grep -q "rc_verbose=yes" /etc/conf.d/local; then
echo "rc_verbose=yes" >> /etc/conf.d/local
fi
}
setup_dns() {
tput setaf 2; tput bold; echo "Setting up DNS"; tput sgr0;
# Check if rdnssd is installed, if not put Google's DNS
# into /etc/resolv.conf and install rdnssd for the next time
if ! apk list | grep -q ndisc6; then
echo "nameserver 2001:4860:4860::8888" >> $etc_resolv_path
echo "nameserver 2001:4860:4860::8844" >> $etc_resolv_path
echo "nameserver 8.8.8.8" >> $etc_resolv_path
echo "nameserver 8.8.4.4" >> $etc_resolv_path
fi
}
# Main Code Starts here
# Change dir to current dir
cd "$(dirname "$0")"
make_script_verbose
setup_dns
# Initial Package Installation
if [[ $(get_distro) = "alpine" ]]; then
tput setaf 2; tput bold; echo "Installing/Updating/Upgrading Packages"; tput sgr0;
edge_package_flags='--update-cache --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ --allow-untrusted'
apk update -q
apk upgrade
apk add -q ndisc6 $edge_package_flags
apk add -q openssh-server sfdisk util-linux jq curl ncurses
else
echo "Unsupported OS"
exit 1
fi
rc-update -q add rdnssd
service -q rdnssd start
setup_ssh
grow_partition

76
uncloud-init Executable file
View File

@ -0,0 +1,76 @@
#!/bin/sh
#
# Initialize an uncloud VM. This script depends on:
# curl grep getent (i.e. glibc) curl,dirname (i.e. coreutils)
###
# TODO: handle command-line parameters.
DEPLOY_SSH_AUTHORIZED_KEYS=1
OVERRIDE_EXISTING_SSH_AUTHORIZED_KEYS=0
GROW_ROOT_PARTITION=0
SSH_USER=root
SSH_DAEMON_CONFIG=/etc/ssh/sshd_config
UNCLOUD_METADATA_SERVER=https://key.wf
###
# SSH key deployment logic.
deploy_ssh_authorized_keys () {
# Ensure SSHD configuration can be found.
if [ ! -f "$SSH_DAEMON_CONFIG" ]; then
echo "Could not find SSHD configuration at $SSH_DAEMON_CONFIG" >&2
exit 1
fi
# Ensure that login is not prevented by SSHD configuration.
if [ "$SSH_USER" = "root" ]; then
if grep -q -e "^PermitRootLogin no$" "$SSH_DAEMON_CONFIG"; then
echo "PermitRootLogin yes" >> "$SSH_DAEMON_CONFIG"
fi
fi
# Get home directory of SSH_USER.
homedir=$(getent passwd "$SSH_USER" | cut -d: -f6)
if [ $? != 0 ]; then
echo "Could not resolve user $SSH_USER." >&2
exit 1
fi
# Fetch and deploy SSH keys from metadata server.
authorized_keys_file="$homedir/.ssh/authorized_keys"
mkdir -p $(dirname "$authorized_keys_file")
if [ -f "$authorized_keys_file" ] \
&& if [ ! $OVERRIDE_EXISTING_SSH_AUTHORIZED_KEYS ];
echo "Aborting SSH key deployement to not override existing $authorized_keys_file."
echo "You can change this behavior with the OVERRIDE_EXISTING_SSH_AUTHORIZED_KEYS flag."
return
fi
curl "$METDATA_SERVER/fnux" --output $authorized_keys_file
}
###
# Partition/filesystem growth logic.
grow_root_partition () {
# TODO
}
###
# Entrypoint.
if [ $DEPLOY_SSH_AUTHORIZED_KEYS ]; then
routine='SSH authorized_keys deployment routine'
echo "--- RUNNING $routine..."
deploy_ssh_authorized_keys()
echo "--- DONE with $routine."
fi
if [ $GROW_ROOT_PARTITION ]: then
routine='SSH authorized_keys deployment routine'
echo "--- RUNNING $routine..."
grow_root_partition()
echo "--- DONE with $routine."
fi