]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - src/initscripts/helper/oci-setup
4dbc05ae3fab017f25f53966cfb9b9ea3296218c
2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
25 # Set PATH to find our own executables
26 export PATH
=/ usr
/ local
/ sbin
:/ usr
/ local
/ bin
: ${PATH}
28 # GCP only supports an MTU of 1460
34 wget
-qO - "http://169.254.169.254/opc/v1/ ${file} "
40 local o1
= $
(( ( n
& 0xff000000 ) >> 24 ))
41 local o2
= $
(( ( n
& 0xff0000 ) >> 16 ))
42 local o3
= $
(( ( n
& 0xff00 ) >> 8 ))
43 local o4
= $
(( ( n
& 0xff ) ))
45 printf "%d.%d.%d.%d \n " " ${o1}" "${o2}" "${o3}" "${o4} "
54 for i
in ${address//\./ } ; do
55 integer
= $
(( ( integer
<< 8) + i ))
58 printf "%d\n" " ${integer} "
64 local zeros=$(( 32 - prefix ))
68 for (( i=0; i< ${zeros} ; i++ )); do
69 netmask=$(( (netmask << 1) ^ 1 ))
72 to_address "$(( netmask ^ 0xffffffff ))"
75 oci_list_interfaces() {
76 get "vnics/" | python3 -c "import json, sys; print(\"\n\".join([vnic[\"vnicId\"] for vnic in json.load(sys.stdin)]))"
79 oci_get_interface_param() {
83 get "vnics/" | python3 -c "import json, sys; print(\"\n\".join(vnic.get(\" ${param} \", \"\") for vnic in json.load(sys.stdin) if vnic[\"vnicId\"] == \" ${id} \"))"
86 import_oci_configuration() {
87 local instance_id="$(get instance/id)"
89 boot_mesg "Importing Oracle Cloud Infrastructure configuration for instance ${instance_id} ..."
92 echo " ${instance_id} " > /var/run/oci-instance-id
94 # Initialise system settings
95 local hostname=$(get instance/hostname)
98 if ! grep -q "^HOSTNAME=" /var/ipfire/main/settings; then
99 echo "HOSTNAME= ${hostname%%.*} " >> /var/ipfire/main/settings
103 if ! grep -q "^DOMAINNAME=" /var/ipfire/main/settings; then
104 echo "DOMAINNAME= ${hostname#*.} " >> /var/ipfire/main/settings
108 if ! getent passwd setup &>/dev/null; then
109 useradd setup -s /usr/bin/run-setup -g nobody -m
115 # Import SSH keys for setup user
117 while read -r line; do
118 # Strip the username part from the key
119 local key=" ${line#*:} "
121 if [ -n " ${key} " ] && ! grep -q "^ ${key} $" "/home/setup/.ssh/authorized_keys" 2>/dev/null; then
122 mkdir -p "/home/setup/.ssh"
123 chmod 700 "/home/setup/.ssh"
124 chown setup.nobody "/home/setup/.ssh"
126 echo " ${key} " >> "/home/setup/.ssh/authorized_keys"
127 chmod 600 "/home/setup/.ssh/authorized_keys"
128 chown setup.nobody "/home/setup/.ssh/authorized_keys"
130 done <<<"$(get instance/metadata/ssh_authorized_keys)"
132 # Download the user-data script only on the first boot
133 if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then
134 # Download a startup script
135 local script="$(get instance/metadata/user_data)"
138 if [ " ${script:0:2} " = "#!" ]; then
139 echo " ${script} " > /tmp/user-data.script
140 chmod 700 /tmp/user-data.script
143 local now="$(date -u +"%s")"
144 /tmp/user-data.script &>/var/log/user-data.log. ${now}
146 # Delete the script right away
147 rm /tmp/user-data.script
151 # Import network configuration
152 # After this, no network connectivity will be available from this script due to the
153 # renaming of the network interfaces for which they have to be shut down
155 : > /var/ipfire/ethernet/settings
158 for id in $(oci_list_interfaces); do
159 local mac="$(oci_get_interface_param " ${id} " "macAddr")"
162 local ipv4_address="$(oci_get_interface_param " ${id} " "privateIp")"
163 local ipv4_address_num="$(to_integer " ${ipv4_address} ")"
165 local subnet="$(oci_get_interface_param " ${id} " "subnetCidrBlock")"
166 local prefix=" ${subnet#*/} "
168 local netmask="$(prefix2netmask " ${prefix} ")"
170 # Calculate the network and broadcast addresses
171 local netaddress=" ${subnet%/*} "
173 local index="$(oci_get_interface_param " ${id} " "nicIndex")"
175 # Set index to zero if it was empty
176 if [ -z " ${index} " ]; then
183 local interface_name="red0"
184 local gateway="$(oci_get_interface_param " ${id} " "virtualRouterIp")"
187 echo "RED_TYPE=STATIC"
188 echo "RED_DEV= ${interface_name} "
189 echo "RED_MACADDR= ${mac} "
190 echo "RED_DESCRIPTION=' ${id} '"
191 echo "RED_ADDRESS= ${ipv4_address} "
192 echo "RED_NETMASK= ${netmask} "
193 echo "RED_NETADDRESS= ${netaddress} "
195 echo "DEFAULT_GATEWAY= ${gateway} "
196 ) >> /var/ipfire/ethernet/settings
198 # Import aliases for RED
199 #for alias in $(get "instance/network-interfaces/ ${device_number} /ip-aliases"); do
200 # echo " ${alias} ,on,"
201 #done > /var/ipfire/ethernet/aliases
206 local interface_name="green0"
209 echo "GREEN_DEV= ${interface_name} "
210 echo "GREEN_MACADDR= ${mac} "
211 echo "GREEN_DESCRIPTION=' ${id} '"
212 echo "GREEN_ADDRESS= ${ipv4_address} "
213 echo "GREEN_NETMASK= ${netmask} "
214 echo "GREEN_NETADDRESS= ${netaddress} "
215 echo "GREEN_MTU= ${DEFAULT_MTU} "
216 ) >> /var/ipfire/ethernet/settings
221 local interface_name="orange0"
225 echo "ORANGE_DEV= ${interface_name} "
226 echo "ORANGE_MACADDR= ${mac} "
227 echo "ORANGE_DESCRIPTION=' ${id} '"
228 echo "ORANGE_ADDRESS= ${ipv4_address} "
229 echo "ORANGE_NETMASK= ${netmask} "
230 echo "ORANGE_NETADDRESS= ${netaddress} "
231 echo "ORANGE_MTU= ${DEFAULT_MTU} "
232 ) >> /var/ipfire/ethernet/settings
238 echo "CONFIG_TYPE= ${config_type} " >> /var/ipfire/ethernet/settings
240 # Actions performed only on the very first start
241 if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then
242 # Disable using ISP nameservers
243 sed -e "s/^USE_ISP_NAMESERVERS=.*/USE_ISP_NAMESERVERS=off/" -i /var/ipfire/dns/settings
246 sed -e "s/ENABLE_SSH=.*/ENABLE_SSH=on/g" -i /var/ipfire/remote/settings
248 # Disable SSH password authentication
249 sed -e "s/^ENABLE_SSH_PASSWORDS=.*/ENABLE_SSH_PASSWORDS=off/" -i /var/ipfire/remote/settings
251 # Enable SSH key authentication
252 sed -e "s/^ENABLE_SSH_KEYS=.*/ENABLE_SSH_KEYS=on/" -i /var/ipfire/remote/settings
255 /usr/local/bin/sshctrl
257 # Mark SSH to start immediately (but not right now)
258 touch /var/ipfire/remote/enablessh
259 chown nobody:nobody /var/ipfire/remote/enablessh
261 # Firewall rules for SSH and WEBIF
263 echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_srv,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
264 echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
265 ) >> /var/ipfire/firewall/input
267 # This script has now completed the first steps of setup
268 touch /var/ipfire/main/firstsetup_ok
277 # Bring up the interface
278 ip link set " ${interface} " up
281 BOUND|RENEW|REBIND|REBOOT)
282 # Remove any previous IP addresses
283 ip addr flush dev " ${interface} "
285 # Add (or re-add) the new IP address
286 ip addr add " ${new_ip_address}/${new_subnet_mask}" dev "${interface} "
288 # Add the default route
289 ip route add " ${new_routers} " dev " ${interface} "
290 ip route add default via " ${new_routers} "
293 for domain_name_server in ${new_domain_name_servers} ; do
294 echo "nameserver ${domain_name_server} "
295 done > /etc/resolv.conf
297 # The system is online now
298 touch /var/ipfire/red/active
300 # Import OCI configuration
301 import_oci_configuration
304 EXPIRE|FAIL|RELEASE|STOP)
305 # The system is no longer online
306 rm -f /var/ipfire/red/active
308 # Remove all IP addresses
309 ip addr flush dev " ${interface} "
311 # Shut down the interface
312 ip link set " ${interface} " down
316 echo "Unhandled reason: ${reason} " >&2