From: Michael Tremer Date: Tue, 8 Mar 2022 14:26:13 +0000 (+0000) Subject: oci: Only perform network setup once X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fheads%2Foci-cloud-init;p=people%2Fms%2Fipfire-2.x.git oci: Only perform network setup once There is no way on Oracle cloud to identify which network interface is which. For that reason, we configure the first interface as RED on DHCP and will never touch the network setup again. Signed-off-by: Michael Tremer --- diff --git a/src/initscripts/helper/oci-setup b/src/initscripts/helper/oci-setup index 0763a96e7c..953fb2d925 100644 --- a/src/initscripts/helper/oci-setup +++ b/src/initscripts/helper/oci-setup @@ -110,23 +110,25 @@ import_oci_configuration() { fi done <<<"$(get instance/metadata/ssh_authorized_keys)" - # Download the user-data script only on the first boot - if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then - # Download a startup script - local script="$(get instance/metadata/user_data)" - - # Execute the script - if [ "${script:0:2}" = "#!" ]; then - echo "${script}" > /tmp/user-data.script - chmod 700 /tmp/user-data.script - - # Run the script - local now="$(date -u +"%s")" - /tmp/user-data.script &>/var/log/user-data.log.${now} - - # Delete the script right away - rm /tmp/user-data.script - fi + # End here if it isn't the first boot + if [ -e "/var/ipfire/main/firstsetup_ok" ]; then + return 0 + fi + + # Download the user-data script + local script="$(get instance/metadata/user_data)" + + # Execute the script + if [ "${script:0:2}" = "#!" ]; then + echo "${script}" > /tmp/user-data.script + chmod 700 /tmp/user-data.script + + # Run the script + local now="$(date -u +"%s")" + /tmp/user-data.script &>/var/log/user-data.log.${now} + + # Delete the script right away + rm /tmp/user-data.script fi # Import network configuration @@ -151,103 +153,48 @@ import_oci_configuration() { # Calculate the network and broadcast addresses local netaddress="${subnet%/*}" - local index="$(oci_get_interface_param "${id}" "nicIndex")" + # RED + local interface_name="red0" + local gateway="$(oci_get_interface_param "${id}" "virtualRouterIp")" - # Set index to zero if it was empty - if [ -z "${index}" ]; then - index=0 - fi - - case "${index}" in - # RED - 0) - local interface_name="red0" - local gateway="$(oci_get_interface_param "${id}" "virtualRouterIp")" - - ( - echo "RED_TYPE=STATIC" - echo "RED_DEV=${interface_name}" - echo "RED_MACADDR=${mac}" - echo "RED_DESCRIPTION='${id}'" - echo "RED_ADDRESS=${ipv4_address}" - echo "RED_NETMASK=${netmask}" - echo "RED_NETADDRESS=${netaddress}" - echo "RED_MTU=1500" - echo "DEFAULT_GATEWAY=${gateway}" - ) >> /var/ipfire/ethernet/settings - - # Import aliases for RED - #for alias in $(get "instance/network-interfaces/${device_number}/ip-aliases"); do - # echo "${alias},on," - #done > /var/ipfire/ethernet/aliases - ;; - - # GREEN - 1) - local interface_name="green0" - - ( - echo "GREEN_DEV=${interface_name}" - echo "GREEN_MACADDR=${mac}" - echo "GREEN_DESCRIPTION='${id}'" - echo "GREEN_ADDRESS=${ipv4_address}" - echo "GREEN_NETMASK=${netmask}" - echo "GREEN_NETADDRESS=${netaddress}" - echo "GREEN_MTU=${DEFAULT_MTU}" - ) >> /var/ipfire/ethernet/settings - ;; - - # ORANGE - 2) - local interface_name="orange0" - config_type=2 - - ( - echo "ORANGE_DEV=${interface_name}" - echo "ORANGE_MACADDR=${mac}" - echo "ORANGE_DESCRIPTION='${id}'" - echo "ORANGE_ADDRESS=${ipv4_address}" - echo "ORANGE_NETMASK=${netmask}" - echo "ORANGE_NETADDRESS=${netaddress}" - echo "ORANGE_MTU=${DEFAULT_MTU}" - ) >> /var/ipfire/ethernet/settings - ;; - esac + ( + echo "RED_TYPE=DHCP" + echo "RED_DEV=${interface_name}" + echo "RED_MACADDR=${mac}" + echo "RED_DESCRIPTION='${id}'" + ) >> /var/ipfire/ethernet/settings done # Save CONFIG_TYPE echo "CONFIG_TYPE=${config_type}" >> /var/ipfire/ethernet/settings - # Actions performed only on the very first start - if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then - # Disable using ISP nameservers - sed -e "s/^USE_ISP_NAMESERVERS=.*/USE_ISP_NAMESERVERS=off/" -i /var/ipfire/dns/settings + # Disable using ISP nameservers + sed -e "s/^USE_ISP_NAMESERVERS=.*/USE_ISP_NAMESERVERS=off/" -i /var/ipfire/dns/settings - # Enable SSH - sed -e "s/ENABLE_SSH=.*/ENABLE_SSH=on/g" -i /var/ipfire/remote/settings + # Enable SSH + sed -e "s/ENABLE_SSH=.*/ENABLE_SSH=on/g" -i /var/ipfire/remote/settings - # Disable SSH password authentication - sed -e "s/^ENABLE_SSH_PASSWORDS=.*/ENABLE_SSH_PASSWORDS=off/" -i /var/ipfire/remote/settings + # Disable SSH password authentication + sed -e "s/^ENABLE_SSH_PASSWORDS=.*/ENABLE_SSH_PASSWORDS=off/" -i /var/ipfire/remote/settings - # Enable SSH key authentication - sed -e "s/^ENABLE_SSH_KEYS=.*/ENABLE_SSH_KEYS=on/" -i /var/ipfire/remote/settings + # Enable SSH key authentication + sed -e "s/^ENABLE_SSH_KEYS=.*/ENABLE_SSH_KEYS=on/" -i /var/ipfire/remote/settings - # Apply SSH settings - /usr/local/bin/sshctrl + # Apply SSH settings + /usr/local/bin/sshctrl - # Mark SSH to start immediately (but not right now) - touch /var/ipfire/remote/enablessh - chown nobody:nobody /var/ipfire/remote/enablessh + # Mark SSH to start immediately (but not right now) + touch /var/ipfire/remote/enablessh + chown nobody:nobody /var/ipfire/remote/enablessh - # Firewall rules for SSH and WEBIF - ( - echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_srv,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second" - echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second" - ) >> /var/ipfire/firewall/input + # Firewall rules for SSH and WEBIF + ( + echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_srv,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second" + echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second" + ) >> /var/ipfire/firewall/input - # This script has now completed the first steps of setup - touch /var/ipfire/main/firstsetup_ok - fi + # This script has now completed the first steps of setup + touch /var/ipfire/main/firstsetup_ok # All done echo_ok