Re: Amazon EC2 setup
On Sat, 1 Dec 2018, Martin Husemann wrote: Would it be possible (grep in dmesg, check sysctl, whatever?) to verify we are running on an EC2? And if not, require some explicit rc.conf entry to force this (e.g. for testing puroses), but in usual setups default this script to off? Exactly what this commit does.. ec2_init is only set to YES if an ena(4) device is attached.
Re: Amazon EC2 setup
On Sat, Dec 01, 2018 at 10:44:05AM -0400, Jared McNeill wrote: > https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html > > On Sat, 1 Dec 2018, m...@netbsd.org wrote: > > > This feels all kinds of insecure, is that the official way to do it? Would it be possible (grep in dmesg, check sysctl, whatever?) to verify we are running on an EC2? And if not, require some explicit rc.conf entry to force this (e.g. for testing puroses), but in usual setups default this script to off? Martin
Re: CVS commit: src/sys/dev/ic
On 01/12/2018 15:07, Jaromir Dolecek wrote: > -#define NVME_ID_CTRLR_ONCS_SET_FEATURES __BIT(4) > +#define NVME_ID_CTRLR_ONCS_SAVE __BIT(4) Unintended? sbin/nvmectl/identify.c:(cdata->oncs & NVME_ID_CTRLR_ONCS_SET_FEATURES) ? Nick
Re: Amazon EC2 setup
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html On Sat, 1 Dec 2018, m...@netbsd.org wrote: This feels all kinds of insecure, is that the official way to do it? Index: src/distrib/utils/embedded/files/ec2_init diff -u /dev/null src/distrib/utils/embedded/files/ec2_init:1.1 --- /dev/null Fri Nov 30 20:53:02 2018 +++ src/distrib/utils/embedded/files/ec2_init Fri Nov 30 20:53:02 2018 @@ -0,0 +1,52 @@ +#!/bin/sh +# +# $NetBSD: ec2_init,v 1.1 2018/11/30 20:53:02 jmcneill Exp $ +# +# PROVIDE: ec2_init +# REQUIRE: NETWORKING +# BEFORE: LOGIN + +$_rc_subr_loaded . /etc/rc.subr + +name="ec2_init" +rcvar=${name} +start_cmd="ec2_init" +stop_cmd=":" + +METADATA_URL="http://169.254.169.254/latest/meta-data/"; +SSH_KEY_URL="public-keys/0/openssh-key" +HOSTNAME_URL="hostname" + +SSH_KEY_FILE="/root/.ssh/authorized_keys" + +ec2_init() +{ + ( + umask 022 + # fetch the key pair from Amazon Web Services + EC2_SSH_KEY=$(ftp -o - "${METADATA_URL}${SSH_KEY_URL}") + + if [ -n "$EC2_SSH_KEY" ]; then + # A key pair is associated with this instance, add it + # to root 'authorized_keys' file + mkdir -p $(dirname "$SSH_KEY_FILE") + touch "$SSH_KEY_FILE" + cd $(dirname "$SSH_KEY_FILE") + + grep -q "$EC2_SSH_KEY" "$SSH_KEY_FILE" + if [ $? -ne 0 ]; then + echo "Setting EC2 SSH key pair: ${EC2_SSH_KEY##* }" + echo "$EC2_SSH_KEY" >> "$SSH_KEY_FILE" + fi + fi + + # set hostname + HOSTNAME=$(ftp -o - "${METADATA_URL}${HOSTNAME_URL}") + echo "Setting EC2 hostname: ${HOSTNAME}" + echo "$HOSTNAME" > /etc/myname + hostname "$HOSTNAME" + ) +} + +load_rc_config $name +run_rc_command "$1"
Amazon EC2 setup
This feels all kinds of insecure, is that the official way to do it? > Index: src/distrib/utils/embedded/files/ec2_init > diff -u /dev/null src/distrib/utils/embedded/files/ec2_init:1.1 > --- /dev/null Fri Nov 30 20:53:02 2018 > +++ src/distrib/utils/embedded/files/ec2_init Fri Nov 30 20:53:02 2018 > @@ -0,0 +1,52 @@ > +#!/bin/sh > +# > +# $NetBSD: ec2_init,v 1.1 2018/11/30 20:53:02 jmcneill Exp $ > +# > +# PROVIDE: ec2_init > +# REQUIRE: NETWORKING > +# BEFORE: LOGIN > + > +$_rc_subr_loaded . /etc/rc.subr > + > +name="ec2_init" > +rcvar=${name} > +start_cmd="ec2_init" > +stop_cmd=":" > + > +METADATA_URL="http://169.254.169.254/latest/meta-data/"; > +SSH_KEY_URL="public-keys/0/openssh-key" > +HOSTNAME_URL="hostname" > + > +SSH_KEY_FILE="/root/.ssh/authorized_keys" > + > +ec2_init() > +{ > + ( > + umask 022 > + # fetch the key pair from Amazon Web Services > + EC2_SSH_KEY=$(ftp -o - "${METADATA_URL}${SSH_KEY_URL}") > + > + if [ -n "$EC2_SSH_KEY" ]; then > + # A key pair is associated with this instance, add it > + # to root 'authorized_keys' file > + mkdir -p $(dirname "$SSH_KEY_FILE") > + touch "$SSH_KEY_FILE" > + cd $(dirname "$SSH_KEY_FILE") > + > + grep -q "$EC2_SSH_KEY" "$SSH_KEY_FILE" > + if [ $? -ne 0 ]; then > + echo "Setting EC2 SSH key pair: ${EC2_SSH_KEY##* }" > + echo "$EC2_SSH_KEY" >> "$SSH_KEY_FILE" > + fi > + fi > + > + # set hostname > + HOSTNAME=$(ftp -o - "${METADATA_URL}${HOSTNAME_URL}") > + echo "Setting EC2 hostname: ${HOSTNAME}" > + echo "$HOSTNAME" > /etc/myname > + hostname "$HOSTNAME" > + ) > +} > + > +load_rc_config $name > +run_rc_command "$1" >