Rename, refactor uncloud-init
This commit is contained in:
parent
bd984a67d3
commit
715efd78e7
2 changed files with 76 additions and 105 deletions
105
ucloud-init.sh
105
ucloud-init.sh
|
|
@ -1,105 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Some Global Variables
|
||||
|
||||
ssh_authorized_keys_path='/root/.ssh/authorized_keys'
|
||||
ssh_config_path='/etc/ssh/ssh_config'
|
||||
sshd_config_path='/etc/ssh/sshd_config'
|
||||
etc_resolv_path='/etc/resolv.conf'
|
||||
|
||||
|
||||
# Functions
|
||||
|
||||
get_distro() {
|
||||
OS=$(cat /etc/*release | grep ID | head -1 | cut -c 4-)
|
||||
echo $OS
|
||||
}
|
||||
|
||||
setup_ssh() {
|
||||
tput setaf 2; tput bold; echo "Setting up SSH"; tput sgr0;
|
||||
|
||||
mkdir -p $(dirname $ssh_authorized_keys_path)
|
||||
touch $ssh_authorized_keys_path
|
||||
|
||||
if ! grep -q "PasswordAuthentication no" $sshd_config_path; then
|
||||
echo "PasswordAuthentication no" >> $sshd_config_path
|
||||
fi
|
||||
|
||||
if ! grep -q "PermitRootLogin yes" $sshd_config_path; then
|
||||
echo "PermitRootLogin yes" >> $sshd_config_path
|
||||
fi
|
||||
|
||||
# TODO: Make sure to replace the following address with http://metadata
|
||||
# whenever we got http://metadata resolving to url work successfully.
|
||||
|
||||
metadata=$(curl -s http://metadata)
|
||||
|
||||
echo "$metadata" | jq -r '.["ssh-keys"] | .[]' > ssh-key-list.txt
|
||||
while read ssh_key; do
|
||||
if ! grep -q "$ssh_key" $ssh_authorized_keys_path; then
|
||||
echo $ssh_key >> $ssh_authorized_keys_path
|
||||
fi
|
||||
|
||||
done < ssh-key-list.txt
|
||||
rm -f ssh-key-list.txt
|
||||
|
||||
service -q sshd restart
|
||||
}
|
||||
|
||||
grow_partition() {
|
||||
tput setaf 2; tput bold; echo "Growing Partition"; tput sgr0;
|
||||
|
||||
# TODO: Try to replace the growpart to parted
|
||||
sh growpart -q /dev/vda 3 > /dev/null;
|
||||
}
|
||||
|
||||
make_script_verbose() {
|
||||
# Show output of this script
|
||||
if [[ ! -e /etc/conf.d/local ]] && ! grep -q "rc_verbose=yes" /etc/conf.d/local; then
|
||||
echo "rc_verbose=yes" >> /etc/conf.d/local
|
||||
fi
|
||||
}
|
||||
|
||||
setup_dns() {
|
||||
tput setaf 2; tput bold; echo "Setting up DNS"; tput sgr0;
|
||||
|
||||
# Check if rdnssd is installed, if not put Google's DNS
|
||||
# into /etc/resolv.conf and install rdnssd for the next time
|
||||
if ! apk list | grep -q ndisc6; then
|
||||
echo "nameserver 2001:4860:4860::8888" >> $etc_resolv_path
|
||||
echo "nameserver 2001:4860:4860::8844" >> $etc_resolv_path
|
||||
echo "nameserver 8.8.8.8" >> $etc_resolv_path
|
||||
echo "nameserver 8.8.4.4" >> $etc_resolv_path
|
||||
fi
|
||||
}
|
||||
|
||||
# Main Code Starts here
|
||||
|
||||
# Change dir to current dir
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
make_script_verbose
|
||||
|
||||
setup_dns
|
||||
|
||||
# Initial Package Installation
|
||||
if [[ $(get_distro) = "alpine" ]]; then
|
||||
tput setaf 2; tput bold; echo "Installing/Updating/Upgrading Packages"; tput sgr0;
|
||||
|
||||
edge_package_flags='--update-cache --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ --allow-untrusted'
|
||||
|
||||
apk update -q
|
||||
apk upgrade
|
||||
apk add -q ndisc6 $edge_package_flags
|
||||
apk add -q openssh-server sfdisk util-linux jq curl ncurses
|
||||
else
|
||||
echo "Unsupported OS"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
rc-update -q add rdnssd
|
||||
service -q rdnssd start
|
||||
|
||||
setup_ssh
|
||||
|
||||
grow_partition
|
||||
76
uncloud-init
Executable file
76
uncloud-init
Executable file
|
|
@ -0,0 +1,76 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Initialize an uncloud VM. This script depends on:
|
||||
# curl grep getent (i.e. glibc) curl,dirname (i.e. coreutils)
|
||||
|
||||
###
|
||||
# TODO: handle command-line parameters.
|
||||
|
||||
DEPLOY_SSH_AUTHORIZED_KEYS=1
|
||||
OVERRIDE_EXISTING_SSH_AUTHORIZED_KEYS=0
|
||||
GROW_ROOT_PARTITION=0
|
||||
|
||||
SSH_USER=root
|
||||
SSH_DAEMON_CONFIG=/etc/ssh/sshd_config
|
||||
UNCLOUD_METADATA_SERVER=https://key.wf
|
||||
|
||||
###
|
||||
# SSH key deployment logic.
|
||||
|
||||
deploy_ssh_authorized_keys () {
|
||||
# Ensure SSHD configuration can be found.
|
||||
if [ ! -f "$SSH_DAEMON_CONFIG" ]; then
|
||||
echo "Could not find SSHD configuration at $SSH_DAEMON_CONFIG" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Ensure that login is not prevented by SSHD configuration.
|
||||
if [ "$SSH_USER" = "root" ]; then
|
||||
if grep -q -e "^PermitRootLogin no$" "$SSH_DAEMON_CONFIG"; then
|
||||
echo "PermitRootLogin yes" >> "$SSH_DAEMON_CONFIG"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Get home directory of SSH_USER.
|
||||
homedir=$(getent passwd "$SSH_USER" | cut -d: -f6)
|
||||
if [ $? != 0 ]; then
|
||||
echo "Could not resolve user $SSH_USER." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Fetch and deploy SSH keys from metadata server.
|
||||
authorized_keys_file="$homedir/.ssh/authorized_keys"
|
||||
mkdir -p $(dirname "$authorized_keys_file")
|
||||
if [ -f "$authorized_keys_file" ] \
|
||||
&& if [ ! $OVERRIDE_EXISTING_SSH_AUTHORIZED_KEYS ];
|
||||
echo "Aborting SSH key deployement to not override existing $authorized_keys_file."
|
||||
echo "You can change this behavior with the OVERRIDE_EXISTING_SSH_AUTHORIZED_KEYS flag."
|
||||
return
|
||||
fi
|
||||
|
||||
curl "$METDATA_SERVER/fnux" --output $authorized_keys_file
|
||||
}
|
||||
|
||||
###
|
||||
# Partition/filesystem growth logic.
|
||||
|
||||
grow_root_partition () {
|
||||
# TODO
|
||||
}
|
||||
|
||||
###
|
||||
# Entrypoint.
|
||||
|
||||
if [ $DEPLOY_SSH_AUTHORIZED_KEYS ]; then
|
||||
routine='SSH authorized_keys deployment routine'
|
||||
echo "--- RUNNING $routine..."
|
||||
deploy_ssh_authorized_keys()
|
||||
echo "--- DONE with $routine."
|
||||
fi
|
||||
|
||||
if [ $GROW_ROOT_PARTITION ]: then
|
||||
routine='SSH authorized_keys deployment routine'
|
||||
echo "--- RUNNING $routine..."
|
||||
grow_root_partition()
|
||||
echo "--- DONE with $routine."
|
||||
fi
|
||||
Loading…
Reference in a new issue