source-git / cloud-init

Clone
Source Code
GIT

Blame cloudinit/config/cc_disable_ec2_metadata.py

c8 c8s master
  1.   751c4ad1de71910dcc8b05f9313ce104938c69d1
  2.   cloudinit
  3.   config
  4.   cc_disable_ec2_metadata.py
Blob History Raw
Packit Service a04d08 
# Copyright (C) 2009-2010 Canonical Ltd.
Packit Service a04d08 
# Copyright (C) 2012 Hewlett-Packard Development Company, L.P.
Packit Service a04d08 
#
Packit Service a04d08 
# Author: Scott Moser <scott.moser@canonical.com>
Packit Service a04d08 
# Author: Juerg Haefliger <juerg.haefliger@hp.com>
Packit Service a04d08 
#
Packit Service a04d08 
# This file is part of cloud-init. See LICENSE file for license information.
Packit Service a04d08
Packit Service a04d08 
"""
Packit Service a04d08 
Disable EC2 Metadata
Packit Service a04d08 
--------------------
Packit Service a04d08 
**Summary:** disable aws ec2 metadata
Packit Service a04d08
Packit Service a04d08 
This module can disable the ec2 datasource by rejecting the route to
Packit Service a04d08 
``169.254.169.254``, the usual route to the datasource. This module is disabled
Packit Service a04d08 
by default.
Packit Service a04d08
Packit Service a04d08 
**Internal name:** ``cc_disable_ec2_metadata``
Packit Service a04d08
Packit Service a04d08 
**Module frequency:** per always
Packit Service a04d08
Packit Service a04d08 
**Supported distros:** all
Packit Service a04d08
Packit Service a04d08 
**Config keys**::
Packit Service a04d08
Packit Service a04d08 
    disable_ec2_metadata: <true/false>
Packit Service a04d08 
"""
Packit Service a04d08
Packit Service 751c4a 
from cloudinit import subp
Packit Service a04d08 
from cloudinit import util
Packit Service a04d08
Packit Service a04d08 
from cloudinit.settings import PER_ALWAYS
Packit Service a04d08
Packit Service a04d08 
frequency = PER_ALWAYS
Packit Service a04d08
Packit Service a04d08 
REJECT_CMD_IF = ['route', 'add', '-host', '169.254.169.254', 'reject']
Packit Service a04d08 
REJECT_CMD_IP = ['ip', 'route', 'add', 'prohibit', '169.254.169.254']
Packit Service a04d08
Packit Service a04d08
Packit Service a04d08 
def handle(name, cfg, _cloud, log, _args):
Packit Service a04d08 
    disabled = util.get_cfg_option_bool(cfg, "disable_ec2_metadata", False)
Packit Service a04d08 
    if disabled:
Packit Service a04d08 
        reject_cmd = None
Packit Service 751c4a 
        if subp.which('ip'):
Packit Service a04d08 
            reject_cmd = REJECT_CMD_IP
Packit Service 751c4a 
        elif subp.which('ifconfig'):
Packit Service a04d08 
            reject_cmd = REJECT_CMD_IF
Packit Service a04d08 
        else:
Packit Service a04d08 
            log.error(('Neither "route" nor "ip" command found, unable to '
Packit Service a04d08 
                       'manipulate routing table'))
Packit Service a04d08 
            return
Packit Service 751c4a 
        subp.subp(reject_cmd, capture=False)
Packit Service a04d08 
    else:
Packit Service a04d08 
        log.debug(("Skipping module named %s,"
Packit Service a04d08 
                   " disabling the ec2 route not enabled"), name)
Packit Service a04d08
Packit Service a04d08 
# vi: ts=4 expandtab

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation