alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Google Compute image:

Browse source 
Removed the 'wait for GCE metadata service' job, as it was causing
issues with the metadata service (likely some firewall or something).
In stead, use wget with retries (including connection refused) in
stead or curl for fetching the SSH keys. Also made the stdout/-err
of this job appear in the console.
This commit is contained in:
Rob Vermaas 2014-08-01 15:25:50 +02:00
parent 0baac649aa
commit 3566807e76
1 changed files with 7 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
nixos/modules/virtualisation/google-compute-image.nix
View file

@ -121,19 +121,6 @@ in
networking.usePredictableInterfaceNames = false;
systemd.services.wait-metadata-online = {
description = "Wait for GCE metadata server to become reachable";
wantedBy = [ "network-online.target" ];
before = [ "network-online.target" ];
path = [ pkgs.netcat ];
script = ''
# wait for the metadata server to become available for up to 60 seconds
for counter in {1..30}; do sleep 2 && nc -vzw 2 metadata 80 && break; done
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
};
systemd.services.fetch-ssh-keys =
{ description = "Fetch host keys and authorized_keys for root user";
@ -142,14 +129,15 @@ in
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
path = [ pkgs.curl ];
path = [ pkgs.wget ];
script =
''
wget="wget --retry-connrefused -t 6 --waitretry=10"
# Don't download the SSH key if it has already been downloaded
if ! [ -e /root/.ssh/authorized_keys ]; then
echo "obtaining SSH key..."
mkdir -p /root/.ssh
curl -o /root/authorized-keys-metadata http://metadata/0.1/meta-data/authorized-keys
$wget -O /root/authorized-keys-metadata http://metadata/0.1/meta-data/authorized-keys
if [ $? -eq 0 -a -e /root/authorized-keys-metadata ]; then
cat /root/authorized-keys-metadata | cut -d: -f2- > /root/key.pub
if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then
@ -162,7 +150,7 @@ in
fi
echo "obtaining SSH private host key..."
curl -o /root/ssh_host_ecdsa_key --retry-max-time 60 http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key
$wget -O /root/ssh_host_ecdsa_key http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key
if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key ]; then
mv -f /root/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key
echo "downloaded ssh_host_ecdsa_key"
@ -170,7 +158,7 @@ in
fi
echo "obtaining SSH public host key..."
curl -o /root/ssh_host_ecdsa_key.pub --retry-max-time 60 http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key_pub
$wget -O /root/ssh_host_ecdsa_key.pub http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key_pub
if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key.pub ]; then
mv -f /root/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
echo "downloaded ssh_host_ecdsa_key.pub"
@ -179,7 +167,7 @@ in
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
serviceConfig.StandardError = "journal+console";
serviceConfig.StandardOutput = "journal+console";
};
}