69 lines
2.1 KiB
Bash
69 lines
2.1 KiB
Bash
#!/bin/sh
|
|
# script assumes run by sudo
|
|
set -x
|
|
set -e
|
|
INITIAL_USER="${1}"
|
|
USER="${2}"
|
|
NAME="${3}"
|
|
ADMIN_GROUP="${4}"
|
|
TIMEOUT="${5}" # this is the timeout in minutes to wait for cloud-init
|
|
|
|
if [ -z "${INITIAL_USER}" ]; then echo "INITIAL_USER is not set"; exit 1; fi
|
|
if [ -z "${USER}" ]; then echo "USER is not set"; exit 1; fi
|
|
if [ -z "${NAME}" ]; then echo "NAME is not set"; exit 1; fi
|
|
if [ -z "${ADMIN_GROUP}" ]; then echo "ADMIN_GROUP is not set"; exit 1; fi
|
|
# default timeout to 5min
|
|
if [ -z "${TIMEOUT}" ]; then TIMEOUT=5; fi
|
|
|
|
if [ "$(which cloud-init)" = "" ]; then
|
|
echo "cloud-init not found";
|
|
# check for user, if it doesn't exist generate it
|
|
if [ "$(awk -F: '{ print $1 }' /etc/passwd | grep "${USER}")" = "" ]; then
|
|
addgroup "${USER}"
|
|
adduser -g "${USER}" -s "/bin/sh" -G "${USER}" -D "${USER}"
|
|
addgroup "${USER}" "${ADMIN_GROUP}"
|
|
install -d -m 0700 /home/"${USER}"/.ssh
|
|
cp .ssh/authorized_keys /home/"${USER}"/.ssh
|
|
chown -R "${USER}":"${USER}" /home/"${USER}"
|
|
passwd -d "${USER}"
|
|
fi
|
|
exit 0;
|
|
fi
|
|
|
|
EXIT=0
|
|
max_attempts=$((TIMEOUT * 60 / 10))
|
|
attempts=0
|
|
interval=10
|
|
while [ "$(cloud-init status)" != "status: done" ]; do
|
|
if [ "$(cloud-init status)" = "status: error" ]; then
|
|
EXIT=1
|
|
echo "cloud-init is errored..."
|
|
echo "instance data: "
|
|
cat /var/lib/cloud/instance/cloud-config.txt
|
|
echo "failed script: "
|
|
cat /var/lib/cloud/instance/scripts/config.sh
|
|
echo "log: "
|
|
cat /var/log/cloud-init.log
|
|
break
|
|
fi
|
|
echo "cloud init is \"$(cloud-init status)\""
|
|
attempts=$((attempts + 1))
|
|
if [ ${attempts} = ${max_attempts} ]; then EXIT=1; break; fi
|
|
sleep ${interval};
|
|
done
|
|
echo "cloud init is \"$(cloud-init status)\""
|
|
|
|
# we need to make sure the hostname is set properly if possible
|
|
if [ "$(which hostnamectl)" = "" ]; then
|
|
echo "hostnamectl not found";
|
|
else
|
|
hostnamectl set-hostname "${NAME}"
|
|
fi
|
|
# some images set sshd config to only allow initial user to connect (CIS)
|
|
# add our user to the list of allowed users and restart sshd
|
|
if [ "${INITIAL_USER}" != "${USER}" ]; then
|
|
sed -i 's/^AllowUsers.*/& '"${USER}"'/' /etc/ssh/sshd_config
|
|
systemctl restart sshd
|
|
fi
|
|
|
|
exit $EXIT |