jkordish · January 16, 2019 10:55
diff --git a/cloud-init.sh b/cloud-init.sh
 # not really needed anymore as consul supports the ability to filter our ec2 instances now
 #create initial consul server config sans server IPs
 cat<<EOF > /tmp/consul_config.json
 {
    "datacenter": "${dc}",
    "retry_join": [
    ]
 }
 EOF

 # load the credentials from the ec2 instance profile
 source /etc/profile.d/creds.sh

 # wait a bit until a couple consul servers are up
 until [ "$(aws ec2 describe-instances --region $AWS_DEFAULT_REGION --filters "Name=tag:service,Values=consul" "Name=instance-state-name,Values=running" "Name=tag:cust_id,Values=${dc}"| jq -r '.Reservations[].Instances[].PrivateIpAddress' | wc -l | tr -d '[[:space:]]')" -gt "2" ]; do sleep 5;done

 # find running consul servers within our vpc
 CONSUL_SERVERS=$(aws ec2 describe-instances --region $AWS_DEFAULT_REGION --filters "Name=tag:service,Values=consul" "Name=instance-state-name,Values=running" "Name=tag:cust_id,Values=${dc}"| jq "[.Reservations[].Instances[].PrivateIpAddress]")

 # add the IPs into the our consul config so we bring up the cluster
 jq ".retry_join |= [.][]+ $CONSUL_SERVERS" /tmp/consul_config.json > /etc/consul.d/agent.json

 stop consul || true
 start consul || true
diff --git a/creds.sh b/creds.sh
 #!/bin/bash
 iam_role=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/)

 export AWS_ACCOUNT_ID=$(/usr/bin/curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | /usr/bin/jq .accountId | /usr/bin/tr -d '"')
 export AWS_DEFAULT_REGION=$(/usr/bin/curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | /usr/bin/jq .region | /usr/bin/tr -d '"')
 export AWS_ACCESS_KEY_ID=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$iam_role | /usr/bin/jq .AccessKeyId | /usr/bin/tr -d '"')
 export AWS_SECRET_ACCESS_KEY=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$iam_role | /usr/bin/jq .SecretAccessKey | /usr/bin/tr -d '"')
 export AWS_SECURITY_TOKEN=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$iam_role | /usr/bin/jq .Token | /usr/bin/tr -d '"')
	# not really needed anymore as consul supports the ability to filter our ec2 instances now
	#create initial consul server config sans server IPs
	cat<<EOF > /tmp/consul_config.json
	{
	"datacenter": "${dc}",
	"retry_join": [
	]
	}
	EOF

	# load the credentials from the ec2 instance profile
	source /etc/profile.d/creds.sh

	# wait a bit until a couple consul servers are up
	until [ "$(aws ec2 describe-instances --region $AWS_DEFAULT_REGION --filters "Name=tag:service,Values=consul" "Name=instance-state-name,Values=running" "Name=tag:cust_id,Values=${dc}"\| jq -r '.Reservations[].Instances[].PrivateIpAddress' \| wc -l \| tr -d '[[:space:]]')" -gt "2" ]; do sleep 5;done

	# find running consul servers within our vpc
	CONSUL_SERVERS=$(aws ec2 describe-instances --region $AWS_DEFAULT_REGION --filters "Name=tag:service,Values=consul" "Name=instance-state-name,Values=running" "Name=tag:cust_id,Values=${dc}"\| jq "[.Reservations[].Instances[].PrivateIpAddress]")

	# add the IPs into the our consul config so we bring up the cluster
	jq ".retry_join \|= [.][]+ $CONSUL_SERVERS" /tmp/consul_config.json > /etc/consul.d/agent.json

	stop consul \|\| true
	start consul \|\| true
	#!/bin/bash
	iam_role=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/)

	export AWS_ACCOUNT_ID=$(/usr/bin/curl -s http://169.254.169.254/latest/dynamic/instance-identity/document \| /usr/bin/jq .accountId \| /usr/bin/tr -d '"')
	export AWS_DEFAULT_REGION=$(/usr/bin/curl -s http://169.254.169.254/latest/dynamic/instance-identity/document \| /usr/bin/jq .region \| /usr/bin/tr -d '"')
	export AWS_ACCESS_KEY_ID=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$iam_role \| /usr/bin/jq .AccessKeyId \| /usr/bin/tr -d '"')
	export AWS_SECRET_ACCESS_KEY=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$iam_role \| /usr/bin/jq .SecretAccessKey \| /usr/bin/tr -d '"')
	export AWS_SECURITY_TOKEN=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$iam_role \| /usr/bin/jq .Token \| /usr/bin/tr -d '"')