#!/bin/env bash # Prepended to this automatically are the following: #SERVER= #HOSTNAME= #ROLES= #REPO_URL= #BRANCH= #SSH_SECRET_ID= if ! curl -fLs -m 5 http://169.254.169.254/latest/dynamic/instance-identity/document | grep instanceId; then echo "This should be run on AWS instances, not locally." exit 1 fi set -e set -x # Set the hostname early echo "$HOSTNAME" >/etc/hostname hostname "$HOSTNAME" sed -i "s/localhost$/localhost $HOSTNAME $SERVER/" /etc/hosts # Delete the ubuntu user userdel ubuntu # Make sure root doesn't have a password passwd -d root # Allow root logins sed -i 's/disable_root: true/disable_root: false/' /etc/cloud/cloud.cfg # Ensure all apt updates (here and in the installer) are non-interactive export DEBIAN_FRONTEND=noninteractive # Dependencies to install AWS CLI ( apt-get -qy update apt-get -qy --with-new-pkgs -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" upgrade apt-get -qy install jq unzip curl apt-get -qy autoclean ) # The following line gets subbed in with the contents of bootstrap-awscli.sh AWS= # Set up AWS so we can use the role credentials we were started with, which give secrets access mkdir -p /root/.aws cat >/root/.aws/config <"$SSHDIR/$KEYFILE" if [[ "$KEYFILE" != *".pub" ]]; then chmod 600 "$SSHDIR/$KEYFILE" fi done chown -R "$USERNAME:$USERNAME" "$SSHDIR" } install_keys root # Provide GitHub known_hosts setup; you can verify against fingerprints at # https://docs.github.com/en/github/authenticating-to-github/githubs-ssh-key-fingerprints # via `ssh-keygen -lf` cat >/root/.ssh/known_hosts <