This repository has been archived by the owner on Aug 30, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 14
/
rc-ec2user.local
98 lines (86 loc) · 3.43 KB
/
rc-ec2user.local
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# load pci hotplug for dynamic disk attach in KVM (for EBS)
depmod -a
modprobe acpiphp || true
# simple attempt to get the user ssh key using the meta-data service
# set up root user
if [ ! -d /root/.ssh ]; then
mkdir -p /root/.ssh
elif [ ! -d /home/ec2-user/.ssh ]; then
# set up ec2-user
mkdir -p /home/ec2-user/.ssh
elif [ ! -f /root/.ssh/authorized_keys ]; then
echo >> /root/.ssh/authorized_keys
curl --retry 3 --retry-delay 10 -m 45 -s http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key | grep 'ssh-rsa' | xargs -I {} echo "no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command=\"echo 'Please login as the user ec2-user rather than the user root.';echo;sleep 10\" {}" >> /root/.ssh/authorized_keys
echo "AUTHORIZED_KEYS:"
echo "************************"
cat /root/.ssh/authorized_keys
echo "************************"
elif [ ! -f /home/ec2-user/.ssh/authorized_keys ]; then
echo >> /home/ec2-user/.ssh/authorized_keys
curl --retry 3 --retry-delay 10 -m 45 -s http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key | grep 'ssh-rsa' >> /home/ec2-user/.ssh/authorized_keys
echo "AUTHORIZED_KEYS:"
echo "************************"
cat /home/ec2-user/.ssh/authorized_keys
echo "************************"
chown -R ec2-user:ec2-user /home/ec2-user/.ssh
fi
# restore security context
if [ -x /sbin/restorecon ]; then
restorecon /root/.ssh/authorized_keys
restorecon /home/ec2-user/.ssh/authorized_keys
fi
# set the hostname to something sensible
META_HOSTNAME="`curl -s http://169.254.169.254/latest/meta-data/local-hostname`"
META_IP="`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`"
if [ ${META_HOSTNAME} = ${META_IP} ]; then
META_HOSTNAME="`echo $META_HOSTNAME | sed -e 's/\./-/g' | xargs -I {} echo "ip-{}"`"
fi
hostname $META_HOSTNAME
echo >> /etc/hosts
echo "${META_IP} ${META_HOSTNAME}" >> /etc/hosts
# set MOTD
cat /etc/redhat-release | xargs -I {} /usr/bin/linux_logo -a -g -F "{}\nKernel Version #V\n#U\n#L\n" | head -2 > /etc/motd
# since ephemeral or swap may not be mounted or on different devices
# (specially on xen) let's look for them. This is fairly hackish.
if ! swapon -s|grep partition > /dev/null ; then
# no swap partition
for x in `ls /dev/[xvsh]*d[a-z]3` ; do
swapon $x 2> /dev/null
done
fi
if ! mount | cut -f 1 -d ' '|grep /dev|grep 2 > /dev/null ; then
mkdir -p /media/ephemeral0
if [ -d /media/ephemeral0 ]; then
if [ -z "`ls /media/ephemeral0/*`" ]; then
# try to mount only if the mount point is empty
for x in `ls /dev/[xvsh]*d[a-z]2` ; do
mount $x /media/ephemeral0 2> /dev/null
done
fi
fi
fi
# clear out swap
sync && /sbin/sysctl vm.drop_caches=3 && swapoff -a && swapon -a
# check if the user-data is a script, and if so execute it
TMP_FILE="/tmp/user-data-$$"
curl --retry 3 --retry-delay 10 -m 60 -o $TMP_FILE http://169.254.169.254/latest/user-data
if [ -s $TMP_FILE ]; then
echo "Downloaded user data in $TMP_FILE"
if [ "`head -c 2 $TMP_FILE`" = "#!" ]; then
chmod 700 $TMP_FILE
echo "User data is a script: executing it"
sh $TMP_FILE
fi
fi
exit 0