From patchwork Thu May 19 09:40:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 5628 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4L3lGC4k7sz3x1v for ; Thu, 19 May 2022 09:40:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4L3lG91rX2z47G; Thu, 19 May 2022 09:40:33 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4L3lG90HBxz2yZk; Thu, 19 May 2022 09:40:33 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4L3lG71pXfz2xCY for ; Thu, 19 May 2022 09:40:31 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4L3lG63Vqyz12m; Thu, 19 May 2022 09:40:30 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1652953230; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=jLyzZHHZEZibQiEOiepeQHMcUjHko3GwlkMwNpBpG+A=; b=kqFSWQze5Yiv6piS5ZQV0dnELw5QVN9NbtjuP6qZLche4tZZzdzI8rR6KcpkpNQ2lZe/I4 fCiUeb/oLKbnkXCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1652953230; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=jLyzZHHZEZibQiEOiepeQHMcUjHko3GwlkMwNpBpG+A=; b=SU3u6YN4v0k4IKPMhCybNF2dKm4jpyuTWnKG7gHfRdUZw/X8cssgWdQeDV7ELKI3Lf9lNP WVpY4z1cYoaPXwU3pXjsgrimO5zerlSiBluEA6fzCfD7KjaM/afmrQu+o3oOSlbge8WVyp Mglj3JJUTC7O9IuugxN/xRlyJMQt7MFRPMJ7ps8oEn5szeME2ev9eSbI54SWVuo9s2Jlmw gwhdhSIhJZzFInuP9A3h1P+mOuI23wDbiLxpxrm3AQAPEQUoiO9RVmaBKlojeDxcb/q9sH BWcoU0dBfix6bWwoncqAnOCy32EdC3Op2OlN9dnQEN5bBBj1TUidnVPJLGOfTg== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 1/3] cloud: Execute user-data scripts at the end of initialization Date: Thu, 19 May 2022 09:40:25 +0000 Message-Id: <20220519094027.200441-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This is useful when the user-data needs to reboot an instance. Previously, some initialization did not happen which is now being done first before the user-data script is being executed. This gives users more flexibility about what they are doing in those scripts. Signed-off-by: Michael Tremer --- src/initscripts/helper/aws-setup | 35 +++++++++++------------ src/initscripts/helper/azure-setup | 35 +++++++++++------------ src/initscripts/helper/exoscale-setup | 35 +++++++++++------------ src/initscripts/helper/gcp-setup | 35 +++++++++++------------ src/initscripts/helper/oci-setup | 41 +++++++++++++-------------- 5 files changed, 83 insertions(+), 98 deletions(-) diff --git a/src/initscripts/helper/aws-setup b/src/initscripts/helper/aws-setup index a40d4beeb..f14f4eb57 100644 --- a/src/initscripts/helper/aws-setup +++ b/src/initscripts/helper/aws-setup @@ -118,25 +118,6 @@ import_aws_configuration() { fi done - # Download the user-data script only on the first boot - if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then - # Download user-data - local user_data="$(get user-data)" - - # Save user-data script to be executed later - if [ "${user_data:0:2}" = "#!" ]; then - echo "${user_data}" > /tmp/aws-user-data.script - chmod 700 /tmp/aws-user-data.script - - # Run the user-data script - local now="$(date -u +"%s")" - /tmp/aws-user-data.script &>/var/log/user-data.log.${now} - - # Delete the script right away - rm /tmp/aws-user-data.script - fi - fi - # Import network configuration # After this, no network connectivity will be available from this script due to the # renaming of the network interfaces for which they have to be shut down @@ -259,6 +240,22 @@ import_aws_configuration() { echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second" ) >> /var/ipfire/firewall/input + # Download user-data + local user_data="$(get user-data)" + + # Save user-data script to be executed later + if [ "${user_data:0:2}" = "#!" ]; then + echo "${user_data}" > /tmp/aws-user-data.script + chmod 700 /tmp/aws-user-data.script + + # Run the user-data script + local now="$(date -u +"%s")" + /tmp/aws-user-data.script &>/var/log/user-data.log.${now} + + # Delete the script right away + rm /tmp/aws-user-data.script + fi + # This script has now completed the first steps of setup touch /var/ipfire/main/firstsetup_ok fi diff --git a/src/initscripts/helper/azure-setup b/src/initscripts/helper/azure-setup index 1eff57799..7a4422a35 100644 --- a/src/initscripts/helper/azure-setup +++ b/src/initscripts/helper/azure-setup @@ -141,25 +141,6 @@ import_azure_configuration() { fi done - # Download the user-data script only on the first boot - if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then - # Download user-data - local user_data="$(get customData)" - - # Save user-data script to be executed later - if [ "${user_data:0:2}" = "#!" ]; then - echo "${user_data}" > /tmp/azure-user-data.script - chmod 700 /tmp/azure-user-data.script - - # Run the user-data script - local now="$(date -u +"%s")" - /tmp/azure-user-data.script &>/var/log/user-data.log.${now} - - # Delete the script right away - rm /tmp/azure-user-data.script - fi - fi - # Import network configuration # After this, no network connectivity will be available from this script due to the # renaming of the network interfaces for which they have to be shut down @@ -279,6 +260,22 @@ import_azure_configuration() { echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second" ) >> /var/ipfire/firewall/input + # Download user-data + local user_data="$(get customData)" + + # Save user-data script to be executed later + if [ "${user_data:0:2}" = "#!" ]; then + echo "${user_data}" > /tmp/azure-user-data.script + chmod 700 /tmp/azure-user-data.script + + # Run the user-data script + local now="$(date -u +"%s")" + /tmp/azure-user-data.script &>/var/log/user-data.log.${now} + + # Delete the script right away + rm /tmp/azure-user-data.script + fi + # This script has now completed the first steps of setup touch /var/ipfire/main/firstsetup_ok fi diff --git a/src/initscripts/helper/exoscale-setup b/src/initscripts/helper/exoscale-setup index e9295cc9c..02fdda2a3 100644 --- a/src/initscripts/helper/exoscale-setup +++ b/src/initscripts/helper/exoscale-setup @@ -83,25 +83,6 @@ import_exoscale_configuration() { chown setup.nobody "/home/setup/.ssh/authorized_keys" fi - # Download the user-data script only on the first boot - if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then - # Download user-data - local user_data="$(get user-data)" - - # Save user-data script to be executed later - if [ "${user_data:0:2}" = "#!" ]; then - echo "${user_data}" > /tmp/user-data.script - chmod 700 /tmp/user-data.script - - # Run the user-data script - local now="$(date -u +"%s")" - /tmp/user-data.script &>/var/log/user-data.log.${now} - - # Delete the script right away - rm /tmp/user-data.script - fi - fi - # Import any previous settings for the local interfaces eval $(/usr/local/bin/readhash <(grep -E "^(GREEN|ORANGE)_.*=" /var/ipfire/ethernet/settings 2>/dev/null)) @@ -208,6 +189,22 @@ import_exoscale_configuration() { echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second" ) >> /var/ipfire/firewall/input + # Download user-data + local user_data="$(get user-data)" + + # Save user-data script to be executed later + if [ "${user_data:0:2}" = "#!" ]; then + echo "${user_data}" > /tmp/user-data.script + chmod 700 /tmp/user-data.script + + # Run the user-data script + local now="$(date -u +"%s")" + /tmp/user-data.script &>/var/log/user-data.log.${now} + + # Delete the script right away + rm /tmp/user-data.script + fi + # This script has now completed the first steps of setup touch /var/ipfire/main/firstsetup_ok fi diff --git a/src/initscripts/helper/gcp-setup b/src/initscripts/helper/gcp-setup index 935194931..4f5148c3e 100644 --- a/src/initscripts/helper/gcp-setup +++ b/src/initscripts/helper/gcp-setup @@ -118,25 +118,6 @@ import_gcp_configuration() { fi done <<<"$(get instance/attributes/ssh-keys)" - # Download the user-data script only on the first boot - if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then - # Download a startup script - local script="$(get instance/attributes/startup-script)" - - # Execute the script - if [ "${script:0:2}" = "#!" ]; then - echo "${script}" > /tmp/gcp-startup.script - chmod 700 /tmp/gcp-startup.script - - # Run the script - local now="$(date -u +"%s")" - /tmp/gcp-startup.script &>/var/log/startup-script.log.${now} - - # Delete the script right away - rm /tmp/gcp-startup.script - fi - fi - # Import network configuration # After this, no network connectivity will be available from this script due to the # renaming of the network interfaces for which they have to be shut down @@ -249,6 +230,22 @@ import_gcp_configuration() { echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second" ) >> /var/ipfire/firewall/input + # Download a startup script + local script="$(get instance/attributes/startup-script)" + + # Execute the script + if [ "${script:0:2}" = "#!" ]; then + echo "${script}" > /tmp/gcp-startup.script + chmod 700 /tmp/gcp-startup.script + + # Run the script + local now="$(date -u +"%s")" + /tmp/gcp-startup.script &>/var/log/startup-script.log.${now} + + # Delete the script right away + rm /tmp/gcp-startup.script + fi + # This script has now completed the first steps of setup touch /var/ipfire/main/firstsetup_ok fi diff --git a/src/initscripts/helper/oci-setup b/src/initscripts/helper/oci-setup index 782fde5a2..312014b74 100644 --- a/src/initscripts/helper/oci-setup +++ b/src/initscripts/helper/oci-setup @@ -147,28 +147,6 @@ import_oci_configuration() { fi done <<<"$(get instance/metadata/ssh_authorized_keys)" - # Download the user-data script only on the first boot - if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then - # Download a startup script - local script="$(get instance/metadata/user_data)" - - # Try to decode this - script="$(try_base64_decode "${script}")" - - # Execute the script - if [ "${script:0:2}" = "#!" ]; then - echo "${script}" > /tmp/user-data.script - chmod 700 /tmp/user-data.script - - # Run the script - local now="$(date -u +"%s")" - /tmp/user-data.script &>/var/log/user-data.log.${now} - - # Delete the script right away - rm /tmp/user-data.script - fi - fi - # Import network configuration # After this, no network connectivity will be available from this script due to the # renaming of the network interfaces for which they have to be shut down @@ -285,6 +263,25 @@ import_oci_configuration() { echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second" ) >> /var/ipfire/firewall/input + # Download a startup script + local script="$(get instance/metadata/user_data)" + + # Try to decode this + script="$(try_base64_decode "${script}")" + + # Execute the script + if [ "${script:0:2}" = "#!" ]; then + echo "${script}" > /tmp/user-data.script + chmod 700 /tmp/user-data.script + + # Run the script + local now="$(date -u +"%s")" + /tmp/user-data.script &>/var/log/user-data.log.${now} + + # Delete the script right away + rm /tmp/user-data.script + fi + # This script has now completed the first steps of setup touch /var/ipfire/main/firstsetup_ok fi