skynet · June 24, 2013 02:13
diff --git a/cloud-init.sh b/cloud-init.sh
 #!/bin/bash

 function getpublickey()
 {
     x=$(curl -fs http://169.254.169.254/latest/meta-data/public-keys/)
     if [ $? -eq 0 ]; then
             for i in $x; do
                     index=$(echo $i|cut -d = -f 1)
                     format=$(curl -s http://169.254.169.254/latest/meta-data/public-keys/$index/)
                     echo $(curl -s http://169.254.169.254/latest/meta-data/public-keys/$index/$format)
             done
     else
             echo "SSH Key not available"
     fi
 }

 #-----------------------------------------------------------------------------------------------------
 #-- ADJUST THESE!
 #
 HOSTNAME=newhostname
 DOMAIN=domain.com
 NEW_USERNAME=johndoe

 DDNS_ENABLED=YES                        # set to NO if you don't want to use Dynamic DNS update
 DDNS_USERNAME=johndoe
 DDNS_PASSWORD='secretpassword'
 DDNS_SUFFIX=dyndns.info

 SSHD_PORT=333

 ## SSH public keys:
 #
 SSH_KEYS=$(getpublickey)
 # SSH_KEYS="ssh-rsa Iw8tVmqnawCGkFlvSyZB........Jnp== [email protected] Comment: \"[email protected]\""
 #
 # note: if you didn't add your public key to AWS Key Pair when creating the EC2 instance, you'll HAVE to 
 #       set the SSH_KEYS on the line above manually, otherwise you'll be locked out of your newly created
 #       instances.


 #-----------------------------------------------------------------------------------------------------
 #-- YOU DON'T NEED TO EDIT ANYTHING BELOW THIS LINE, UNLESS YOU WANT TO DO SPECIFIC CUSTOMIZATIONS TO:
 #--    - packages being installed
 #--    - users to be added/deleted
 #--    - ssh_keys to be added to ~/.ssh/authorized_keys
 #--    - sshd default Port
 #--    - hostname and FQDN updates
 #--    - disable motd
 #--    - customize DynDNS
 #--    - customize pre-configured .profile and /etc/profile
 #--


 #-- packages to install
 #
 apt-get -y update
 apt-get -y upgrade
 if  [ $DDNS_ENABLED = YES ];
 then
    apt-get -y install ddclient     # if you want to automatically update IP addresses
 fi

 #-- user customizations:
 #     . add your customized user
 #     . delete default 'ubuntu' user
 #     . add SSH Key, with proper permissions
 #     . add new user to sudoers
 #
 useradd -p '*' -m -s '/bin/bash' $NEW_USERNAME
 adduser --quiet $NEW_USERNAME sudo
 adduser --quiet $NEW_USERNAME adm
 adduser --quiet $NEW_USERNAME admin
 deluser --quiet ubuntu
 mkdir /home/$NEW_USERNAME/.ssh
 echo "$SSH_KEYS" > /home/$NEW_USERNAME/.ssh/authorized_keys
 chmod 0700 /home/$NEW_USERNAME/.ssh
 chmod 0600 /home/$NEW_USERNAME/.ssh/authorized_keys
 chown $NEW_USERNAME.$NEW_USERNAME /home/$NEW_USERNAME/.ssh
 chown $NEW_USERNAME.$NEW_USERNAME /home/$NEW_USERNAME/.ssh/authorized_keys

 #-- sudoersr
 sed -i "s/^ubuntu/$NEW_USERNAME/g" /etc/sudoers.d/*


 #-- sshd daemon: move sshd to a non-standard port number. This reduces dramatically
 #   the number of spam bots hitting your server
 #
 sed -i "s/^Port 22/Port $SSHD_PORT/" /etc/ssh/sshd_config


 #-- hostname & FQDN: adjust server hostname and add FQDN to /etc/hosts
 #
 cat <<EOF > /etc/network/if-up.d/updhosts
 #!/bin/bash
 MY_DOMAIN=$DOMAIN
 MY_HOSTNAME=$HOSTNAME
 PUBLIC_IPV4=\`/usr/bin/curl -s http://169.254.169.254/latest/meta-data/public-ipv4\`

 #-- add HOSTNAME
 echo "\$MY_HOSTNAME" >/etc/hostname

 #-- add FQDN to hosts file (or replace the line, if it already exists)
 if grep -qs "\$MY_HOSTNAME.\$MY_DOMAIN" /etc/hosts
 then
        sed -i "s/.*\$MY_HOSTNAME.\$MY_DOMAIN.*/\$PUBLIC_IPV4 \$MY_HOSTNAME.\$MY_DOMAIN \$MY_HOSTNAME/g" /etc/hosts
 else
        echo "\$PUBLIC_IPV4 \$MY_HOSTNAME.\$MY_DOMAIN \$MY_HOSTNAME" >> /etc/hosts
 fi
 service hostname restart > /dev/null 2>&1
 echo "updhosts last updated: \`date\`" > /tmp/updhosts.pid
 EOF

 #-- adjust ownership & permissions
 chown root.root /etc/network/if-up.d/updhosts
 chmod 0755 /etc/network/if-up.d/updhosts


 #-- motd: disable all useless info that Canonical folks added by default to login.
 #
 touch /home/$NEW_USERNAME/.hushlogin
 chown $NEW_USERNAME.$NEW_USERNAME /home/$NEW_USERNAME/.hushlogin


 #-- DDNS - Add this EC2 instance to your DynamicDNS service
 #
 #   Please note that the host MUST ALREADY EXIST before you try to update. That's pitty, but DynDNS does not support
 #   automatic creation of hosts via REST/API (in fact they do, but only with the DynDNS Managed Servers,
 #   which cost $30/month)
 #
 #   I'm using the following convention: ROOTDOMAIN-HOSTNAME.$DDNS_SUFFIX. For example:
 #       domain-host1.dyndns.info        (hostname = host1)
 #       domain-host2.dyndns.info        (hostname = host2)
 #       domain-host3.dyndns.info        (hostname = host3)
 #       ...
 #
 if  [ $DDNS_ENABLED = YES ];
 then

    ROOT_DOMAIN=`echo $DOMAIN | cut -f1 -d'.'`
    cat <<EOF > /etc/ddclient.conf
 #
 # /etc/ddclient.conf

 #-- daemon config
 #
 daemon=300
 syslog=yes
 ssl=yes
 mail-failure=root
 pid=/var/run/ddclient.pid
 cache=/tmp/ddclient.cache

 #-- service being used - DynDNS2
 #
 protocol=dyndns2
 server=members.dyndns.org
 use=web, web=checkip.dyndns.com, web-skip='IP Address'
 ## this will determine IP via DynDNS' CheckIP server (will get ext IP from EC2)

 #-- DynDNS credentials
 #
 login=$DDNS_USERNAME
 password='$DDNS_PASSWORD'

 #-- add wildcard CNAME?
 wildcard=YES

 #-- Dynamic DNS hostname(s) go here
 #
 $ROOT_DOMAIN-$HOSTNAME.$DDNS_SUFFIX
 EOF

    # start ddclient daemon, and add to runlevel 2
    service ddclient start > /dev/null 2>&1
    ln -s /etc/init.d/ddclient /etc/rc2.d/S50ddclient

 fi


 #-- Shell customizations: .profile, /etc/profile
 #
 #   This is highly personal. Change as you see fit. I like to auto-start a GNU Screen (if one isn't running already).
 #   I'm also picky with aliases, usage of UP/DOWN arrow keys to backtrack previous shell history and so on.
 #
 #
 cat <<EOF >> /home/$NEW_USERNAME/.profile

 # automatically starts GNU/Screen:
 #
 if [ -z "\$STY" ]; then
        # we're not running yet (on this shell). Let's re-attach (or create)...
        screen -xR mySession

 else
        # we're within screen already, so just adjust the prompt (so the hardstatusline can
        # show the running command properly)
        export PS1=\'\[\033k\033\\\]\u@\h:\w\$ \' # set command prompt for screen

 fi
 EOF

 cat <<EOF >> /etc/profile

 # Personal customizations
 umask 022
 alias dir='ls -la'
 alias bin='cd /usr/local/bin'
 alias www='cd /www'
 alias log='cd /var/log'

 bind '"\e[A": history-search-backward'
 bind '"\e[B": history-search-forward'

 export EDITOR=pico
 export PATH="\$PATH:.:"
 EOF


 #-- All done. Time to restart sshd (so the new port can be used), ddclient
 #
 service ssh restart > /dev/null 2>&1
 /etc/network/if-up.d/updhosts           # set hostname

 echo "cloud-init script finished at: `date`" >> /tmp/cloudinit.pid
	#!/bin/bash

	function getpublickey()
	{
	x=$(curl -fs http://169.254.169.254/latest/meta-data/public-keys/)
	if [ $? -eq 0 ]; then
	for i in $x; do
	index=$(echo $i\|cut -d = -f 1)
	format=$(curl -s http://169.254.169.254/latest/meta-data/public-keys/$index/)
	echo $(curl -s http://169.254.169.254/latest/meta-data/public-keys/$index/$format)
	done
	else
	echo "SSH Key not available"
	fi
	}

	#-----------------------------------------------------------------------------------------------------
	#-- ADJUST THESE!
	#
	HOSTNAME=newhostname
	DOMAIN=domain.com
	NEW_USERNAME=johndoe

	DDNS_ENABLED=YES # set to NO if you don't want to use Dynamic DNS update
	DDNS_USERNAME=johndoe
	DDNS_PASSWORD='secretpassword'
	DDNS_SUFFIX=dyndns.info

	SSHD_PORT=333

	## SSH public keys:
	#
	SSH_KEYS=$(getpublickey)
	# SSH_KEYS="ssh-rsa Iw8tVmqnawCGkFlvSyZB........Jnp== [email protected] Comment: \"[email protected]\""
	#
	# note: if you didn't add your public key to AWS Key Pair when creating the EC2 instance, you'll HAVE to
	# set the SSH_KEYS on the line above manually, otherwise you'll be locked out of your newly created
	# instances.


	#-----------------------------------------------------------------------------------------------------
	#-- YOU DON'T NEED TO EDIT ANYTHING BELOW THIS LINE, UNLESS YOU WANT TO DO SPECIFIC CUSTOMIZATIONS TO:
	#-- - packages being installed
	#-- - users to be added/deleted
	#-- - ssh_keys to be added to ~/.ssh/authorized_keys
	#-- - sshd default Port
	#-- - hostname and FQDN updates
	#-- - disable motd
	#-- - customize DynDNS
	#-- - customize pre-configured .profile and /etc/profile
	#--


	#-- packages to install
	#
	apt-get -y update
	apt-get -y upgrade
	if [ $DDNS_ENABLED = YES ];
	then
	apt-get -y install ddclient # if you want to automatically update IP addresses
	fi

	#-- user customizations:
	# . add your customized user
	# . delete default 'ubuntu' user
	# . add SSH Key, with proper permissions
	# . add new user to sudoers
	#
	useradd -p '*' -m -s '/bin/bash' $NEW_USERNAME
	adduser --quiet $NEW_USERNAME sudo
	adduser --quiet $NEW_USERNAME adm
	adduser --quiet $NEW_USERNAME admin
	deluser --quiet ubuntu
	mkdir /home/$NEW_USERNAME/.ssh
	echo "$SSH_KEYS" > /home/$NEW_USERNAME/.ssh/authorized_keys
	chmod 0700 /home/$NEW_USERNAME/.ssh
	chmod 0600 /home/$NEW_USERNAME/.ssh/authorized_keys
	chown $NEW_USERNAME.$NEW_USERNAME /home/$NEW_USERNAME/.ssh
	chown $NEW_USERNAME.$NEW_USERNAME /home/$NEW_USERNAME/.ssh/authorized_keys

	#-- sudoersr
	sed -i "s/^ubuntu/$NEW_USERNAME/g" /etc/sudoers.d/*


	#-- sshd daemon: move sshd to a non-standard port number. This reduces dramatically
	# the number of spam bots hitting your server
	#
	sed -i "s/^Port 22/Port $SSHD_PORT/" /etc/ssh/sshd_config


	#-- hostname & FQDN: adjust server hostname and add FQDN to /etc/hosts
	#
	cat <<EOF > /etc/network/if-up.d/updhosts
	#!/bin/bash
	MY_DOMAIN=$DOMAIN
	MY_HOSTNAME=$HOSTNAME
	PUBLIC_IPV4=\`/usr/bin/curl -s http://169.254.169.254/latest/meta-data/public-ipv4\`

	#-- add HOSTNAME
	echo "\$MY_HOSTNAME" >/etc/hostname

	#-- add FQDN to hosts file (or replace the line, if it already exists)
	if grep -qs "\$MY_HOSTNAME.\$MY_DOMAIN" /etc/hosts
	then
	sed -i "s/.\$MY_HOSTNAME.\$MY_DOMAIN./\$PUBLIC_IPV4 \$MY_HOSTNAME.\$MY_DOMAIN \$MY_HOSTNAME/g" /etc/hosts
	else
	echo "\$PUBLIC_IPV4 \$MY_HOSTNAME.\$MY_DOMAIN \$MY_HOSTNAME" >> /etc/hosts
	fi
	service hostname restart > /dev/null 2>&1
	echo "updhosts last updated: \`date\`" > /tmp/updhosts.pid
	EOF

	#-- adjust ownership & permissions
	chown root.root /etc/network/if-up.d/updhosts
	chmod 0755 /etc/network/if-up.d/updhosts


	#-- motd: disable all useless info that Canonical folks added by default to login.
	#
	touch /home/$NEW_USERNAME/.hushlogin
	chown $NEW_USERNAME.$NEW_USERNAME /home/$NEW_USERNAME/.hushlogin


	#-- DDNS - Add this EC2 instance to your DynamicDNS service
	#
	# Please note that the host MUST ALREADY EXIST before you try to update. That's pitty, but DynDNS does not support
	# automatic creation of hosts via REST/API (in fact they do, but only with the DynDNS Managed Servers,
	# which cost $30/month)
	#
	# I'm using the following convention: ROOTDOMAIN-HOSTNAME.$DDNS_SUFFIX. For example:
	# domain-host1.dyndns.info (hostname = host1)
	# domain-host2.dyndns.info (hostname = host2)
	# domain-host3.dyndns.info (hostname = host3)
	# ...
	#
	if [ $DDNS_ENABLED = YES ];
	then

	ROOT_DOMAIN=`echo $DOMAIN \| cut -f1 -d'.'`
	cat <<EOF > /etc/ddclient.conf
	#
	# /etc/ddclient.conf

	#-- daemon config
	#
	daemon=300
	syslog=yes
	ssl=yes
	mail-failure=root
	pid=/var/run/ddclient.pid
	cache=/tmp/ddclient.cache

	#-- service being used - DynDNS2
	#
	protocol=dyndns2
	server=members.dyndns.org
	use=web, web=checkip.dyndns.com, web-skip='IP Address'
	## this will determine IP via DynDNS' CheckIP server (will get ext IP from EC2)

	#-- DynDNS credentials
	#
	login=$DDNS_USERNAME
	password='$DDNS_PASSWORD'

	#-- add wildcard CNAME?
	wildcard=YES

	#-- Dynamic DNS hostname(s) go here
	#
	$ROOT_DOMAIN-$HOSTNAME.$DDNS_SUFFIX
	EOF

	# start ddclient daemon, and add to runlevel 2
	service ddclient start > /dev/null 2>&1
	ln -s /etc/init.d/ddclient /etc/rc2.d/S50ddclient

	fi


	#-- Shell customizations: .profile, /etc/profile
	#
	# This is highly personal. Change as you see fit. I like to auto-start a GNU Screen (if one isn't running already).
	# I'm also picky with aliases, usage of UP/DOWN arrow keys to backtrack previous shell history and so on.
	#
	#
	cat <<EOF >> /home/$NEW_USERNAME/.profile

	# automatically starts GNU/Screen:
	#
	if [ -z "\$STY" ]; then
	# we're not running yet (on this shell). Let's re-attach (or create)...
	screen -xR mySession

	else
	# we're within screen already, so just adjust the prompt (so the hardstatusline can
	# show the running command properly)
	export PS1=\'\[\033k\033\\\]\u@\h:\w\$ \' # set command prompt for screen

	fi
	EOF

	cat <<EOF >> /etc/profile

	# Personal customizations
	umask 022
	alias dir='ls -la'
	alias bin='cd /usr/local/bin'
	alias www='cd /www'
	alias log='cd /var/log'

	bind '"\e[A": history-search-backward'
	bind '"\e[B": history-search-forward'

	export EDITOR=pico
	export PATH="\$PATH:.:"
	EOF


	#-- All done. Time to restart sshd (so the new port can be used), ddclient
	#
	service ssh restart > /dev/null 2>&1
	/etc/network/if-up.d/updhosts # set hostname

	echo "cloud-init script finished at: `date`" >> /tmp/cloudinit.pid