to_address "$(( netmask ^ 0xffffffff ))"
}
+find_interface() {
+ local mac="${1}"
+
+ local path
+ for path in /sys/class/net/*; do
+ local address="$(<${path}/address)"
+
+ if [ "${mac}" = "${address}" ]; then
+ basename "${path}"
+ return 0
+ fi
+ done
+
+ return 1
+}
+
import_aws_configuration() {
local instance_id="$(get instance-id)"
boot_mesg "Importing AWS configuration for instance ${instance_id}..."
+ # Store instance ID
+ echo "${instance_id}" > /var/run/aws-instance-id
+
# Initialise system settings
- if [ ! -s "/var/ipfire/main/settings" ]; then
- local hostname=$(get local-hostname)
+ local hostname=$(get local-hostname)
- (
- echo "HOSTNAME=${hostname%%.*}"
- echo "DOMAINNAME=${hostname#*.}"
- ) > /var/ipfire/main/settings
+ # Set hostname
+ if ! grep -q "^HOSTNAME=" /var/ipfire/main/settings; then
+ echo "HOSTNAME=${hostname%%.*}" >> /var/ipfire/main/settings
+ fi
+
+ # Set domainname
+ if ! grep -q "^DOMAINNAME=" /var/ipfire/main/settings; then
+ echo "DOMAINNAME=${hostname#*.}" >> /var/ipfire/main/settings
+ fi
+
+ # Create setup user
+ if ! getent passwd setup &>/dev/null; then
+ useradd setup -s /usr/bin/run-setup -g nobody -m
+
+ # Unlock the account
+ usermod -p "x" setup
fi
+ # Import SSH keys for setup user
+ local line
+ for line in $(get "public-keys/"); do
+ local key_no="${line%=*}"
+
+ local key="$(get public-keys/${key_no}/openssh-key)"
+ if [ -n "${key}" ] && ! grep -q "^${key}$" "/home/setup/.ssh/authorized_keys" 2>/dev/null; then
+ mkdir -p "/home/setup/.ssh"
+ chmod 700 "/home/setup/.ssh"
+
+ echo "${key}" >> "/home/setup/.ssh/authorized_keys"
+ chmod 600 "/home/setup/.ssh/authorized_keys"
+ fi
+ done
+
# Import any DNS server settings
eval $(/usr/local/bin/readhash <(grep -E "^DNS([0-9])=" /var/ipfire/ethernet/settings 2>/dev/null))
# Import network configuration
- (
- # RED + GREEN
- echo "CONFIG_TYPE=1"
- ) > /var/ipfire/ethernet/settings
+ # After this, no network connectivity will be available from this script due to the
+ # renaming of the network interfaces for which they have to be shut down
+ local config_type=1
+ : > /var/ipfire/ethernet/settings
+ local mac
for mac in $(get network/interfaces/macs/); do
# Remove trailing slash
mac="${mac//\//}"
local ipv4_address="$(get "network/interfaces/macs/${mac}/local-ipv4s" | head -n1)"
local ipv4_address_num="$(to_integer "${ipv4_address}")"
+ # Get VPC subnet
+ local vpc="$(get "network/interfaces/macs/${mac}/vpc-ipv4-cidr-block")"
+ local vpc_netaddress="${vpc%/*}"
+ local vpc_netaddress_num="$(to_integer "${vpc_netaddress}")"
+
# Get subnet size
local subnet="$(get "network/interfaces/macs/${mac}/subnet-ipv4-cidr-block")"
local netaddress_num="$(to_integer "${netaddress}")"
local broadcast="$(to_address $(( ipv4_address_num | (0xffffffff ^ netmask_num) )))"
- # The gateway is always the first IP address in the subnet
- local gateway="$(to_address $(( netaddress_num + 1 )))"
-
- # The AWS internal DNS service is available on the fourth IP address of each subnet
- local dns1="$(to_address $(( netaddress_num + 4 )))"
- local dns2=
-
case "${device_number}" in
# RED
0)
+ local interface_name="red0"
+
+ # The gateway is always the first IP address in the subnet
+ local gateway="$(to_address $(( netaddress_num + 1 )))"
+
+ # The AWS internal DNS service is available on the second IP address of the VPC
+ local dns1="$(to_address $(( vpc_netaddress_num + 2 )))"
+ local dns2=
+
(
echo "RED_TYPE=STATIC"
- echo "RED_DEV=red0"
+ echo "RED_DEV=${interface_name}"
echo "RED_MACADDR=${mac}"
echo "RED_DESCRIPTION='${interface_id}'"
echo "RED_ADDRESS=${ipv4_address}"
# GREEN
1)
+ local interface_name="green0"
+
(
- echo "GREEN_DEV=green0"
+ echo "GREEN_DEV=${interface_name}"
echo "GREEN_MACADDR=${mac}"
echo "GREEN_DESCRIPTION='${interface_id}'"
echo "GREEN_ADDRESS=${ipv4_address}"
echo "GREEN_BROADCAST=${broadcast}"
) >> /var/ipfire/ethernet/settings
;;
- esac
- done
- # DEBUG
- cat /var/ipfire/ethernet/settings
+ # ORANGE
+ 2)
+ local interface_name="orange0"
+ config_type=2
- # Import SSH keys
- local line
- for line in $(get "public-keys/"); do
- local key_no="${line%=*}"
+ (
+ echo "ORANGE_DEV=${interface_name}"
+ echo "ORANGE_MACADDR=${mac}"
+ echo "ORANGE_DESCRIPTION='${interface_id}'"
+ echo "ORANGE_ADDRESS=${ipv4_address}"
+ echo "ORANGE_NETMASK=${netmask}"
+ echo "ORANGE_NETADDRESS=${netaddress}"
+ echo "ORANGE_BROADCAST=${broadcast}"
+ ) >> /var/ipfire/ethernet/settings
+ ;;
+ esac
- local key="$(get public-keys/${key_no}/openssh-key)"
- if [ -n "${key}" ] && ! grep -q "^${key}$" /root/.ssh/authorized_keys 2>/dev/null; then
- mkdir -p /root/.ssh
- chmod 700 /root/.ssh
+ # Rename interface
+ local interface="$(find_interface "${mac}")"
- echo "${key}" >> /root/.ssh/authorized_keys
- chmod 600 /root/.ssh/authorized_keys
+ if [ -n "${interface}" ] && [ -n "${interface_name}" ] && [ "${interface}" != "${interface_name}" ]; then
+ ip link set "${interface}" down
+ ip link set "${interface}" name "${interface_name}"
fi
done
+ # Save CONFIG_TYPE
+ echo "CONFIG_TYPE=${config_type}" >> /var/ipfire/ethernet/settings
+
# Actions performed only on the very first start
if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then
# Enable SSH
- touch /var/ipfire/remote/enablessh
- chown nobody:nobody /var/ipfire/remote/enablessh
+ sed -e "s/ENABLE_SSH=.*/ENABLE_SSH=on/g" -i /var/ipfire/remote/settings
# Enable SSH key authentication
sed -e "s/^ENABLE_SSH_KEYS=.*/ENABLE_SSH_KEYS=on/" -i /var/ipfire/remote/settings
+ # Apply SSH settings
+ /usr/local/bin/sshctrl
+
+ # Mark SSH to start immediately (but not right now)
+ touch /var/ipfire/remote/enablessh
+ chown nobody:nobody /var/ipfire/remote/enablessh
+
# Firewall rules for SSH and WEBIF
(
echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_srv,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"