diff options
| author | Rickard Nilsson <rickynils@gmail.com> | 2014-07-30 17:55:30 +0200 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-08-05 15:12:26 +0200 |
| commit | 534a01c2b0199c21b6e08b3a5b38a9f5e7cd231f (patch) | |
| tree | 60343c0b4a17b20973ca1e6777dfc8732de6367f /nixos/modules/virtualisation/ec2-data.nix | |
| parent | 69b426a1eb0957761df860100715084e903d454c (diff) | |
| download | nixlib-534a01c2b0199c21b6e08b3a5b38a9f5e7cd231f.tar nixlib-534a01c2b0199c21b6e08b3a5b38a9f5e7cd231f.tar.gz nixlib-534a01c2b0199c21b6e08b3a5b38a9f5e7cd231f.tar.bz2 nixlib-534a01c2b0199c21b6e08b3a5b38a9f5e7cd231f.tar.lz nixlib-534a01c2b0199c21b6e08b3a5b38a9f5e7cd231f.tar.xz nixlib-534a01c2b0199c21b6e08b3a5b38a9f5e7cd231f.tar.zst nixlib-534a01c2b0199c21b6e08b3a5b38a9f5e7cd231f.zip | |
amazon ec2: Make fetch-ec2-data more robust
curl does not retry if it is unable to connect to the metadata server. For some reason, when creating a new AMI with a recent nixpkgs, the metadata server would not be available when fetch-ec2-data ran. Switching to wget that can retry even on TCP connection errors solved this problem. I also made the fetch-ec2-data depend on ip-up.target, to get it to start a bit later.
Diffstat (limited to 'nixos/modules/virtualisation/ec2-data.nix')
| -rw-r--r-- | nixos/modules/virtualisation/ec2-data.nix | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/nixos/modules/virtualisation/ec2-data.nix b/nixos/modules/virtualisation/ec2-data.nix index 246d35065317..93a83a3e42af 100644 --- a/nixos/modules/virtualisation/ec2-data.nix +++ b/nixos/modules/virtualisation/ec2-data.nix @@ -22,21 +22,22 @@ with lib; systemd.services."fetch-ec2-data" = { description = "Fetch EC2 Data"; - wantedBy = [ "multi-user.target" ]; + wantedBy = [ "multi-user.target" "sshd.service" ]; before = [ "sshd.service" ]; - after = [ "network.target" ]; + wants = [ "ip-up.target" ]; + after = [ "ip-up.target" ]; - path = [ pkgs.curl pkgs.iproute ]; + path = [ pkgs.wget pkgs.iproute ]; script = '' ip route del blackhole 169.254.169.254/32 || true - curl="curl --retry 3 --retry-delay 0 --fail" + wget="wget -q --retry-connrefused -O -" echo "setting host name..." ${optionalString (config.networking.hostName == "") '' - ${pkgs.nettools}/bin/hostname $($curl http://169.254.169.254/1.0/meta-data/hostname) + ${pkgs.nettools}/bin/hostname $($wget http://169.254.169.254/1.0/meta-data/hostname) ''} # Don't download the SSH key if it has already been injected @@ -44,7 +45,7 @@ with lib; if ! [ -e /root/.ssh/authorized_keys ]; then echo "obtaining SSH key..." mkdir -p /root/.ssh - $curl -o /root/key.pub http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key + $wget http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key > /root/key.pub if [ $? -eq 0 -a -e /root/key.pub ]; then if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then cat /root/key.pub >> /root/.ssh/authorized_keys @@ -58,7 +59,7 @@ with lib; # Extract the intended SSH host key for this machine from # the supplied user data, if available. Otherwise sshd will # generate one normally. - $curl http://169.254.169.254/2011-01-01/user-data > /root/user-data || true + $wget http://169.254.169.254/2011-01-01/user-data > /root/user-data || true key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)" key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)" if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then |