generated from cloudposse/terraform-example-module
-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathuserdata.sh.tmpl
92 lines (76 loc) · 2.93 KB
/
userdata.sh.tmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#!/bin/bash -ex
exec > >(tee /var/log/user-data.log | logger -t user-data -s 2>/dev/console) 2>&1
echo "Starting user-data script..."
echo "Enabling IP forwarding..."
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
# In systemd, Administrator drop-ins should reside in /etc/systemd/, ensuring they
# are preserved across updates and have higher precedence than vendor defaults.
#
# We name our file 99-custom.conf so it loads last among any .conf files.
# That way, it overrides any settings that come earlier.
# Create the journald configs directory if it doesn't already exist
mkdir -p /etc/systemd/journald.conf.d
cat <<EOF > /etc/systemd/journald.conf.d/99-custom.conf
[Journal]
SystemMaxUse=${journald_system_max_use}
MaxRetentionSec=${journald_max_retention_sec}
EOF
# Restart journald so it picks up the new configuration
systemctl restart systemd-journald
# Function to retry a command up to a maximum number of attempts
retry_command() {
local cmd="$1"
local max_attempts="$2"
local attempt=1
local exit_code=0
while [ $attempt -le $max_attempts ]; do
echo "Attempt $attempt of $max_attempts: $cmd"
eval "$cmd"
exit_code=$?
if [ $exit_code -eq 0 ]; then
echo "Command succeeded: $cmd"
return 0
else
echo "Command failed with exit code $exit_code: $cmd"
attempt=$((attempt + 1))
if [ $attempt -le $max_attempts ]; then
echo "Retrying in 2 seconds..."
sleep 2
fi
fi
done
echo "Command failed after $max_attempts attempts: $cmd"
return $exit_code
}
# Install CloudWatch Agent
echo "Installing CloudWatch Agent..."
retry_command "dnf install -y amazon-cloudwatch-agent" 5
amazon-cloudwatch-agent-ctl -a start -m ec2
# Install Tailscale
echo "Installing Tailscale..."
retry_command "dnf install -y dnf-utils" 5
retry_command "dnf config-manager --add-repo https://pkgs.tailscale.com/stable/amazon-linux/2/tailscale.repo" 5
retry_command "dnf install -y tailscale" 5
%{ if tailscaled_extra_flags_enabled == true }
echo "Exporting FLAGS to /etc/default/tailscaled..."
sed -i "s|^FLAGS=.*|FLAGS=\"${tailscaled_extra_flags}\"|" /etc/default/tailscaled
%{ endif }
# Setup Tailscale
echo "Enabling and starting tailscaled service..."
systemctl enable --now tailscaled
echo "Waiting for tailscaled to initialize..."
sleep 5
# Start tailscale
# We pass --advertise-tags below even though the authkey being created with those tags should result
# in the same effect. This is to be more explicit because tailscale tags are a complicated topic.
tailscale up \
%{ if ssh_enabled == true }--ssh%{ endif } \
%{ if exit_node_enabled == true }--advertise-exit-node%{ endif } \
%{ if tailscale_up_extra_flags_enabled == true }${tailscale_up_extra_flags}%{ endif } \
--advertise-routes=${routes} \
--advertise-tags=${tags} \
--hostname=${hostname} \
--authkey=${authkey}
echo "Tailscale setup completed."