Add equinix support #56

bwarden · 2022-10-10T20:57:40Z

No description provided.

bwarden · 2022-10-14T17:58:27Z

@ahkok mind reviewing?

src/ucd-data-fetch.c

configure.ac

src/ucd-data-fetch.c

tests/fetch_data/public-keys

Makefile.am

bwarden · 2022-10-14T21:58:10Z

I finally figured out how to get the fetch_test and fetch_data contents into the dist tarball.

ahkok · 2022-10-21T16:11:09Z

This looks mostly ready now.

The data fetcher tool operated assuming the key file presented on the server contains only 1 key. However, several cloud providers use this file to present multiple keys to the client systems at provisioning time and this should be functional. Without this change, only the first key will be properly inserted into yaml, and all secondary keys will result in a yaml failure or be ignored entirely. It would look something like this: ``` ssh_authorized_keys: - ssh-rsa <correct key 1> ssh-rsa <this key 2 will be ignored> ssh-rsa <this key 3 will be ignored> ``` The template is modified to allow line-by-line reading of the key file from the server, and each line written will be prefixed with the yaml " - " entry prefix in the output file. When writing the SSH keys to our generated cloud-config file, make sure to follow with an extra line feed before we concatenate the user-data contents. Otherwise, we could end up including the first line of the user-data response in the authorized_keys file, e.g. ssh-rsa <...key...> user@host#cloud-config ^^^^^^^^^^^^^ Instead, worst case, /var/lib/cloud/<provider>-user-data might just have an extra (ignored) blank line.

Instead of creating a unique service file for each provider, just use a single instance service. We'll change the symlinks in packaging.

Some servers require the host name to be sent in the user-data API request. We can allow a host name instead of IP address in the config struct by doing a lookup if it's not an IP address already.

To provision on equinix we can grab the `keys` file from their service. The address I entered in the template is tentative - it needs to be checked that metadata.platformequinix.com resolves to that address in their internal network as well that it's on a static IP address and not some RR load balancer service - ideally.

Don't close the socket until we're done reading. Make sure the socket fd/stream gets closed in all the error paths preceding our close/fclose. Also ensure the output file is closed properly in error cases.

Additional URI https://metadata.platformequinix.com/userdata Also add missing users key in generated equinix conf Our output for the equinix cloud config file omitted the "users:" key prior to defining the user.

To improve package test capabilities, introduce a test target that will attempt to fetch SSH keys and user data from a locally-spawned test server. Add other bits in ucd-data-fetch.c to support testing. Add fetch_test, which spawns an HTTP server to serve some sample user-data and cloud-config files, and verify that ucd-data-fetch can retrieve them.

In case networking takes as long as a minute to come up, give hostname lookup up to 100 seconds to complete. Give initial HTTP request up to 120 seconds _from when we started_ to succeed, so even if we spent all our time waiting on DNS, we still give 20 more seconds for the HTTP server.

CURL isn't used in this project - cleanup.

e135135

bwarden marked this pull request as ready for review October 14, 2022 17:48

bwarden force-pushed the add-equinix-support branch from a4dffbc to c5a293a Compare October 14, 2022 17:58