Skip to content

Instantly share code, notes, and snippets.

@webvictim

webvictim/update-nodename-from-tag.sh

Last active March 10, 2022 16:08
Show Gist options
  • Save webvictim/6c09f241c303c84161b703b2f0077a98 to your computer and use it in GitHub Desktop.
Save webvictim/6c09f241c303c84161b703b2f0077a98 to your computer and use it in GitHub Desktop.
Download ZIP
Script to update Teleport nodename from an AWS EC2 tag
Raw
update-nodename-from-tag.sh
#!/bin/bash
set -eo pipefail
# set config file path on command line
if [[ "$1" == "" ]] || [[ "$2" == "" ]]; then
echo "Usage: $(basename $0) <tag to use> <path to config file>"
exit 1
fi
# AWS tag to use for nodename
TAG_NAME="$1"
# path to teleport config file
CONFIG_FILE="$2"
# error out early if the config file path is invalid
if [ ! -f ${CONFIG_FILE} ]; then
echo "ERROR: ${CONFIG_FILE} does not exist"
exit 2
fi
# don't change this section
IMDS_TOKEN=$(curl -sS -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 300")
IMDS_TOKEN_HEADER="-H \"X-aws-ec2-metadata-token: ${IMDS_TOKEN}\""
# check if IMDS contains tag data (requires this to be enabled at instance level)
# see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS
IMDS_TAG_RESPONSE_CODE=$(curl -sS "${IMDS_TOKEN_HEADER}" -o /dev/null -w "%{http_code}" http://169.254.169.254/latest/meta-data/tags/instance)
# if it does, use that data
if [[ "${IMDS_TAG_RESPONSE_CODE}" == "200" ]]; then
TAG_SOURCE="instance metadata"
TAG_EXISTS=$(curl -sS "${IMDS_TOKEN_HEADER}" -o /dev/null -w "%{http_code}" http://169.254.169.254/latest/meta-data/tags/instance/${TAG_NAME})
if [[ "${TAG_EXISTS}" == "200" ]]; then
TAG_VALUE="$(curl -sS "${IMDS_TOKEN_HEADER}" http://169.254.169.254/latest/meta-data/tags/instance/${TAG_NAME})"
else
TAG_VALUE=""
fi
# if not, fall back to using AWS CLI instead (requires instance role with Ec2:DescribeTags permission and awscli installed)
else
if ! type "aws" >/dev/null 2>&1; then
echo "'aws' CLI not found in \$PATH and tags in instance metadata is not enabled"
echo "Either enable tags in instance metadata, or install aws CLI (usually the awscli package)"
exit 4
fi
TAG_SOURCE="AWS API"
INSTANCE_ID=$(curl -sS "${IMDS_TOKEN_HEADER}" http://169.254.169.254/latest/meta-data/instance-id)
REGION=$(curl -sS "${IMDS_TOKEN_HEADER}" http://169.254.169.254/latest/meta-data/placement/availability-zone | sed -e "s:\([0-9][0-9]*\)[a-z]*\$:\\1:")
TAG_VALUE="$(aws ec2 describe-tags --filters "Name=resource-id,Values=$INSTANCE_ID" "Name=key,Values=$TAG_NAME" --region $REGION --output=text | cut -f5)"
fi
if [[ "${TAG_VALUE}" == "" ]]; then
echo "ERROR: no value found for tag '${TAG_NAME}' (using ${TAG_SOURCE})"
exit 3
fi
NODENAME=${TAG_VALUE}
# if the 'nodename' line exists in the config, update it
if grep -q "nodename" ${CONFIG_FILE}; then
sed -i "s/ nodename: .*/ nodename: \"${NODENAME}\"/g" ${CONFIG_FILE}
echo "Updated nodename: ${NODENAME} in ${CONFIG_FILE}"
# if it doesn't, find out where 'teleport:' appears and insert it on the line below
else
LINE_NUMBER=$(grep -n teleport: teleport.yaml | cut -d: -f1)
# error out if 'teleport:' doesn't appear
if [[ "${LINE_NUMBER}" == "" ]]; then
echo "ERROR: couldn't find 'teleport:' section in ${CONFIG_FILE}"
exit 4
# otherwise, increment the line number by one and insert 'nodename' there
else
INSERT_LINE_NUMBER=$((LINE_NUMBER+1))
fi
sed -i "${INSERT_LINE_NUMBER}i\ nodename: \"${NODENAME}\"" ${CONFIG_FILE}
echo "Inserted nodename: ${NODENAME} into ${CONFIG_FILE} at line ${INSERT_LINE_NUMBER}"
fi
# validate config file
teleport configure --test ${CONFIG_FILE}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment