85 lines
2.9 KiB
Bash
85 lines
2.9 KiB
Bash
#!/bin/sh
|
|
# script assumes run by sudoer
|
|
set -x
|
|
set -e
|
|
INITIAL_USER="${1}"
|
|
USER="${2}"
|
|
NAME="${3}"
|
|
ADMIN_GROUP="${4}"
|
|
TIMEOUT="${5}" # this is the timeout in minutes to wait for cloud-init
|
|
IGNORE_CLOUDINIT="${6}"
|
|
|
|
if [ -z "${INITIAL_USER}" ]; then echo "INITIAL_USER is not set"; exit 1; fi
|
|
if [ -z "${USER}" ]; then echo "USER is not set"; exit 1; fi
|
|
if [ -z "${NAME}" ]; then echo "NAME is not set"; exit 1; fi
|
|
if [ -z "${ADMIN_GROUP}" ]; then echo "ADMIN_GROUP is not set"; exit 1; fi
|
|
# default timeout to 5min
|
|
if [ -z "${TIMEOUT}" ]; then TIMEOUT=5; fi
|
|
if [ -z "${IGNORE_CLOUDINIT}" ]; then IGNORE_CLOUDINIT=0; fi
|
|
if [ -z "$(which cloud-init)" ]; then IGNORE_CLOUDINIT=1; fi
|
|
if [ "${IGNORE_CLOUDINIT}" = "false" ]; then IGNORE_CLOUDINIT=0; fi
|
|
if [ "${IGNORE_CLOUDINIT}" = "true" ]; then IGNORE_CLOUDINIT=1; fi
|
|
|
|
EXIT=0
|
|
max_attempts=$((TIMEOUT * 60 / 10))
|
|
attempts=0
|
|
interval=10
|
|
|
|
if [ "${IGNORE_CLOUDINIT}" -eq 1 ]; then
|
|
echo "cloud-init not found or ignored, attempting other tools...";
|
|
# check for user, if it doesn't exist generate it
|
|
if [ "$(awk -F: '{ print $1 }' /etc/passwd | grep "${USER}")" = "" ]; then
|
|
if [ "$(which addgroup)" != "" ]; then
|
|
addgroup "${USER}" # generate a group for the user
|
|
adduser --ingroup "${USER}" --shell "/bin/sh" --disabled-password --gecos "${USER}" "${USER}"
|
|
adduser "${USER}" "${ADMIN_GROUP}"
|
|
elif [ "$(which useradd)" != "" ]; then
|
|
useradd -U -s "/bin/sh" -m -G "${ADMIN_GROUP}" "${USER}"
|
|
echo "${USER} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
|
|
else
|
|
echo "No supported user creation tool found";
|
|
EXIT=1
|
|
fi
|
|
install -d -m 0700 /home/"${USER}"/.ssh
|
|
cp .ssh/authorized_keys /home/"${USER}"/.ssh
|
|
chown -R "${USER}":"${USER}" /home/"${USER}"
|
|
passwd -d "${USER}"
|
|
fi
|
|
else
|
|
while [ "$(cloud-init status)" != "status: done" ]; do
|
|
if [ "$(cloud-init status)" = "status: error" ]; then
|
|
EXIT=1
|
|
echo "cloud-init is errored..."
|
|
echo "instance data: "
|
|
cat /var/lib/cloud/instance/cloud-config.txt
|
|
echo "failed script: "
|
|
cat /var/lib/cloud/instance/scripts/config.sh
|
|
echo "log: "
|
|
cat /var/log/cloud-init.log
|
|
break
|
|
fi
|
|
echo "cloud init is \"$(cloud-init status)\""
|
|
attempts=$((attempts + 1))
|
|
if [ ${attempts} = ${max_attempts} ]; then EXIT=1; break; fi
|
|
sleep ${interval};
|
|
done
|
|
echo "cloud init is \"$(cloud-init status)\""
|
|
fi
|
|
|
|
# we need to make sure the hostname is set properly if possible
|
|
if [ "$(which hostnamectl)" = "" ]; then
|
|
echo "hostnamectl not found";
|
|
else
|
|
hostnamectl set-hostname "${NAME}"
|
|
fi
|
|
|
|
# some images set sshd config to only allow initial user to connect (CIS)
|
|
# add our user to the list of allowed users and restart sshd
|
|
if [ "${INITIAL_USER}" != "${USER}" ]; then
|
|
sed -i 's/^AllowUsers.*/& '"${USER}"'/' /etc/ssh/sshd_config
|
|
systemctl restart sshd || true
|
|
systemctl restart ssh || true # ubuntu 24.04...>:(
|
|
fi
|
|
|
|
exit $EXIT
|