From 3566807e76748cbf52d8fa6eafad9485b55a11f5 Mon Sep 17 00:00:00 2001
From: Rob Vermaas <rob.vermaas@gmail.com>
Date: Fri, 1 Aug 2014 15:25:50 +0200
Subject: [PATCH] Google Compute image:
Removed the 'wait for GCE metadata service' job, as it was causing
issues with the metadata service (likely some firewall or something).
In stead, use wget with retries (including connection refused) in
stead or curl for fetching the SSH keys. Also made the stdout/-err
of this job appear in the console.
---
.../virtualisation/google-compute-image.nix | 26 +++++--------------
1 file changed, 7 insertions(+), 19 deletions(-)
diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix
index 9a4d11d550a1..697423ac60be 100644
--- a/nixos/modules/virtualisation/google-compute-image.nix
+++ b/nixos/modules/virtualisation/google-compute-image.nix
@@ -121,19 +121,6 @@ in
networking.usePredictableInterfaceNames = false;
- systemd.services.wait-metadata-online = {
- description = "Wait for GCE metadata server to become reachable";
- wantedBy = [ "network-online.target" ];
- before = [ "network-online.target" ];
- path = [ pkgs.netcat ];
- script = ''
- # wait for the metadata server to become available for up to 60 seconds
- for counter in {1..30}; do sleep 2 && nc -vzw 2 metadata 80 && break; done
- '';
- serviceConfig.Type = "oneshot";
- serviceConfig.RemainAfterExit = true;
- };
-
systemd.services.fetch-ssh-keys =
{ description = "Fetch host keys and authorized_keys for root user";
@@ -142,14 +129,15 @@ in
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
- path = [ pkgs.curl ];
+ path = [ pkgs.wget ];
script =
''
+ wget="wget --retry-connrefused -t 6 --waitretry=10"
# Don't download the SSH key if it has already been downloaded
if ! [ -e /root/.ssh/authorized_keys ]; then
echo "obtaining SSH key..."
mkdir -p /root/.ssh
- curl -o /root/authorized-keys-metadata http://metadata/0.1/meta-data/authorized-keys
+ $wget -O /root/authorized-keys-metadata http://metadata/0.1/meta-data/authorized-keys
if [ $? -eq 0 -a -e /root/authorized-keys-metadata ]; then
cat /root/authorized-keys-metadata | cut -d: -f2- > /root/key.pub
if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then
@@ -162,7 +150,7 @@ in
fi
echo "obtaining SSH private host key..."
- curl -o /root/ssh_host_ecdsa_key --retry-max-time 60 http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key
+ $wget -O /root/ssh_host_ecdsa_key http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key
if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key ]; then
mv -f /root/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key
echo "downloaded ssh_host_ecdsa_key"
@@ -170,7 +158,7 @@ in
fi
echo "obtaining SSH public host key..."
- curl -o /root/ssh_host_ecdsa_key.pub --retry-max-time 60 http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key_pub
+ $wget -O /root/ssh_host_ecdsa_key.pub http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key_pub
if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key.pub ]; then
mv -f /root/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
echo "downloaded ssh_host_ecdsa_key.pub"
@@ -179,7 +167,7 @@ in
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
+ serviceConfig.StandardError = "journal+console";
+ serviceConfig.StandardOutput = "journal+console";
};
-
-
}