]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - src/initscripts/helper/oci-setup
6 # Set PATH to find our own executables
7 export PATH
=/ usr
/ local
/ sbin
:/ usr
/ local
/ bin
: ${PATH}
9 # GCP only supports an MTU of 1460
15 wget
-qO - "http://169.254.169.254/opc/v1/ ${file} "
21 local o1
= $
(( ( n
& 0xff000000 ) >> 24 ))
22 local o2
= $
(( ( n
& 0xff0000 ) >> 16 ))
23 local o3
= $
(( ( n
& 0xff00 ) >> 8 ))
24 local o4
= $
(( ( n
& 0xff ) ))
26 printf "%d.%d.%d.%d \n " " ${o1}" "${o2}" "${o3}" "${o4} "
35 for i
in ${address//\./ } ; do
36 integer
= $
(( ( integer
<< 8) + i ))
39 printf "%d\n" " ${integer} "
45 local zeros=$(( 32 - prefix ))
49 for (( i=0; i< ${zeros} ; i++ )); do
50 netmask=$(( (netmask << 1) ^ 1 ))
53 to_address "$(( netmask ^ 0xffffffff ))"
56 oci_list_interfaces() {
57 get "vnics/" | python3 -c "import json, sys; print(\"\n\".join([vnic[\"vnicId\"] for vnic in json.load(sys.stdin)]))"
60 oci_get_interface_param() {
64 get "vnics/" | python3 -c "import json, sys; print(\"\n\".join(vnic.get(\" ${param} \", \"\") for vnic in json.load(sys.stdin) if vnic[\"vnicId\"] == \" ${id} \"))"
67 import_oci_configuration() {
68 local instance_id="$(get instance/id)"
70 boot_mesg "Importing Oracle Cloud Infrastructure configuration for instance ${instance_id} ..."
73 echo " ${instance_id} " > /var/run/oci-instance-id
75 # Initialise system settings
76 local hostname=$(get instance/hostname)
79 if ! grep -q "^HOSTNAME=" /var/ipfire/main/settings; then
80 echo "HOSTNAME= ${hostname%%.*} " >> /var/ipfire/main/settings
84 if ! grep -q "^DOMAINNAME=" /var/ipfire/main/settings; then
85 echo "DOMAINNAME= ${hostname#*.} " >> /var/ipfire/main/settings
89 if ! getent passwd setup &>/dev/null; then
90 useradd setup -s /usr/bin/run-setup -g nobody -m
96 # Import SSH keys for setup user
98 while read -r line; do
99 # Strip the username part from the key
100 local key=" ${line#*:} "
102 if [ -n " ${key} " ] && ! grep -q "^ ${key} $" "/home/setup/.ssh/authorized_keys" 2>/dev/null; then
103 mkdir -p "/home/setup/.ssh"
104 chmod 700 "/home/setup/.ssh"
105 chown setup.nobody "/home/setup/.ssh"
107 echo " ${key} " >> "/home/setup/.ssh/authorized_keys"
108 chmod 600 "/home/setup/.ssh/authorized_keys"
109 chown setup.nobody "/home/setup/.ssh/authorized_keys"
111 done <<<"$(get instance/metadata/ssh_authorized_keys)"
113 # Download the user-data script only on the first boot
114 if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then
115 # Download a startup script
116 local script="$(get instance/metadata/user_data)"
119 if [ " ${script:0:2} " = "#!" ]; then
120 echo " ${script} " > /tmp/user-data.script
121 chmod 700 /tmp/user-data.script
124 local now="$(date -u +"%s")"
125 /tmp/user-data.script &>/var/log/user-data.log. ${now}
127 # Delete the script right away
128 rm /tmp/user-data.script
132 # Import network configuration
133 # After this, no network connectivity will be available from this script due to the
134 # renaming of the network interfaces for which they have to be shut down
136 : > /var/ipfire/ethernet/settings
139 for id in $(oci_list_interfaces); do
140 local mac="$(oci_get_interface_param " ${id} " "macAddr")"
143 local ipv4_address="$(oci_get_interface_param " ${id} " "privateIp")"
144 local ipv4_address_num="$(to_integer " ${ipv4_address} ")"
146 local subnet="$(oci_get_interface_param " ${id} " "subnetCidrBlock")"
147 local prefix=" ${subnet#*/} "
149 local netmask="$(prefix2netmask " ${prefix} ")"
150 local netmask_num="$(to_integer " ${netmask} ")"
152 # Calculate the network and broadcast addresses
153 local netaddress=" ${subnet%/*} "
154 local broadcast="$(to_address $(( ipv4_address_num | (0xffffffff ^ netmask_num) )))"
156 local index="$(oci_get_interface_param " ${id} " "nicIndex")"
158 # Set index to zero if it was empty
159 if [ -z " ${index} " ]; then
166 local interface_name="red0"
167 local gateway="$(oci_get_interface_param " ${id} " "virtualRouterIp")"
170 echo "RED_TYPE=STATIC"
171 echo "RED_DEV= ${interface_name} "
172 echo "RED_MACADDR= ${mac} "
173 echo "RED_DESCRIPTION=' ${id} '"
174 echo "RED_ADDRESS= ${ipv4_address} "
175 echo "RED_NETMASK= ${netmask} "
176 echo "RED_NETADDRESS= ${netaddress} "
177 echo "RED_BROADCAST= ${broadcast} "
179 echo "DEFAULT_GATEWAY= ${gateway} "
180 ) >> /var/ipfire/ethernet/settings
182 # Import aliases for RED
183 #for alias in $(get "instance/network-interfaces/ ${device_number} /ip-aliases"); do
184 # echo " ${alias} ,on,"
185 #done > /var/ipfire/ethernet/aliases
190 local interface_name="green0"
193 echo "GREEN_DEV= ${interface_name} "
194 echo "GREEN_MACADDR= ${mac} "
195 echo "GREEN_DESCRIPTION=' ${id} '"
196 echo "GREEN_ADDRESS= ${ipv4_address} "
197 echo "GREEN_NETMASK= ${netmask} "
198 echo "GREEN_NETADDRESS= ${netaddress} "
199 echo "GREEN_BROADCAST= ${broadcast} "
200 echo "GREEN_MTU= ${DEFAULT_MTU} "
201 ) >> /var/ipfire/ethernet/settings
206 local interface_name="orange0"
210 echo "ORANGE_DEV= ${interface_name} "
211 echo "ORANGE_MACADDR= ${mac} "
212 echo "ORANGE_DESCRIPTION=' ${id} '"
213 echo "ORANGE_ADDRESS= ${ipv4_address} "
214 echo "ORANGE_NETMASK= ${netmask} "
215 echo "ORANGE_NETADDRESS= ${netaddress} "
216 echo "ORANGE_BROADCAST= ${broadcast} "
217 echo "ORANGE_MTU= ${DEFAULT_MTU} "
218 ) >> /var/ipfire/ethernet/settings
224 echo "CONFIG_TYPE= ${config_type} " >> /var/ipfire/ethernet/settings
226 # Actions performed only on the very first start
227 if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then
228 # Disable using ISP nameservers
229 sed -e "s/^USE_ISP_NAMESERVERS=.*/USE_ISP_NAMESERVERS=off/" -i /var/ipfire/dns/settings
232 sed -e "s/ENABLE_SSH=.*/ENABLE_SSH=on/g" -i /var/ipfire/remote/settings
234 # Disable SSH password authentication
235 sed -e "s/^ENABLE_SSH_PASSWORDS=.*/ENABLE_SSH_PASSWORDS=off/" -i /var/ipfire/remote/settings
237 # Enable SSH key authentication
238 sed -e "s/^ENABLE_SSH_KEYS=.*/ENABLE_SSH_KEYS=on/" -i /var/ipfire/remote/settings
241 /usr/local/bin/sshctrl
243 # Mark SSH to start immediately (but not right now)
244 touch /var/ipfire/remote/enablessh
245 chown nobody:nobody /var/ipfire/remote/enablessh
247 # Firewall rules for SSH and WEBIF
249 echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_srv,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
250 echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
251 ) >> /var/ipfire/firewall/input
253 # This script has now completed the first steps of setup
254 touch /var/ipfire/main/firstsetup_ok
263 # Bring up the interface
264 ip link set " ${interface} " up
267 BOUND|RENEW|REBIND|REBOOT)
268 # Remove any previous IP addresses
269 ip addr flush dev " ${interface} "
271 # Add (or re-add) the new IP address
272 ip addr add " ${new_ip_address}/${new_subnet_mask}" dev "${interface} "
274 # Add the default route
275 ip route add " ${new_routers} " dev " ${interface} "
276 ip route add default via " ${new_routers} "
279 for domain_name_server in ${new_domain_name_servers} ; do
280 echo "nameserver ${domain_name_server} "
281 done > /etc/resolv.conf
283 # The system is online now
284 touch /var/ipfire/red/active
286 # Import OCI configuration
287 import_oci_configuration
290 EXPIRE|FAIL|RELEASE|STOP)
291 # The system is no longer online
292 rm -f /var/ipfire/red/active
294 # Remove all IP addresses
295 ip addr flush dev " ${interface} "
297 # Shut down the interface
298 ip link set " ${interface} " down
302 echo "Unhandled reason: ${reason} " >&2