blob: 1a7c16900abf47cc5c9689433580167c9093deb4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
# frozen_string_literal: true
#
# Author:: Tim Dysinger (<tim@dysinger.net>)
# Author:: Benjamin Black (<bb@chef.io>)
# Author:: Christopher Brown (<cb@chef.io>)
# Author:: Tim Smith (<tsmith@chef.io>)
# Copyright:: Copyright (c) Chef Software Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# How we detect EC2 from easiest to hardest & least reliable
# 1. Ohai ec2 hint exists. This always works
# 2. Xen hypervisor UUID starts with 'ec2'. This catches Linux HVM & paravirt instances
# 3. DMI bios version data mentions amazon. This catches HVM instances in a VPC on the Xen based hypervisor
# 3. DMI bios vendor data mentions amazon. This catches HVM instances in a VPC on the non-Xen based hypervisor
# 4. Kernel data mentioned Amazon. This catches Windows HVM & paravirt instances
Ohai.plugin(:EC2) do
require_relative "../mixin/ec2_metadata"
include Ohai::Mixin::Ec2Metadata
provides "ec2"
# look for amazon string in dmi vendor bios data within the sys tree.
# this works even if the system lacks dmidecode use by the Dmi plugin
# this gets us detection of new Xen-less HVM instances that are within a VPC
# @return [Boolean] do we have Amazon DMI data?
def has_ec2_amazon_dmi?
# detect a version of '4.2.amazon'
if /Amazon/.match?(file_val_if_exists("/sys/class/dmi/id/bios_vendor"))
logger.trace("Plugin EC2: has_ec2_amazon_dmi? == true")
true
else
logger.trace("Plugin EC2: has_ec2_amazon_dmi? == false")
false
end
end
# look for amazon string in dmi bios version data within the sys tree.
# this works even if the system lacks dmidecode use by the Dmi plugin
# this gets us detection of HVM instances that are within a VPC
# @return [Boolean] do we have Amazon DMI data?
def has_ec2_xen_dmi?
# detect a version of '4.2.amazon'
if /amazon/.match?(file_val_if_exists("/sys/class/dmi/id/bios_version"))
logger.trace("Plugin EC2: has_ec2_xen_dmi? == true")
true
else
logger.trace("Plugin EC2: has_ec2_xen_dmi? == false")
false
end
end
# looks for a xen UUID that starts with ec2 from within the Linux sys tree
# @return [Boolean] do we have a Xen UUID or not?
def has_ec2_xen_uuid?
if /^ec2/.match?(file_val_if_exists("/sys/hypervisor/uuid"))
logger.trace("Plugin EC2: has_ec2_xen_uuid? == true")
return true
end
logger.trace("Plugin EC2: has_ec2_xen_uuid? == false")
false
end
# looks at the identifying number WMI value to see if it starts with ec2.
# this is actually the same value we're looking at in has_ec2_xen_uuid? on
# linux hosts
# @return [Boolean] do we have a Xen Identifying Number or not?
def has_ec2_identifying_number?
if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
require "wmi-lite/wmi" unless defined?(WmiLite::Wmi)
wmi = WmiLite::Wmi.new
if /^ec2/.match?(wmi.first_of("Win32_ComputerSystemProduct")["identifyingnumber"])
logger.trace("Plugin EC2: has_ec2_identifying_number? == true")
true
end
else
logger.trace("Plugin EC2: has_ec2_identifying_number? == false")
false
end
end
# return the contents of a file if the file exists
# @param path[String] abs path to the file
# @return [String] contents of the file if it exists
def file_val_if_exists(path)
if file_exist?(path)
file_read(path)
end
end
# a single check that combines all the various detection methods for EC2
# @return [Boolean] Does the system appear to be on EC2
def looks_like_ec2?
return true if hint?("ec2")
return true if has_ec2_xen_uuid? || has_ec2_amazon_dmi? || has_ec2_xen_dmi? || has_ec2_identifying_number?
end
collect_data do
require "base64" unless defined?(Base64)
if looks_like_ec2?
logger.trace("Plugin EC2: looks_like_ec2? == true")
ec2 Mash.new
fetch_metadata.each do |k, v|
# this includes sensitive data we don't want to store on the node
next if k == "identity_credentials_ec2_security_credentials_ec2_instance"
# fetch_metadata returns IAM security credentials, including the IAM user's
# secret access key. We'd rather not have ohai send this information
# to the server. If the instance is associated with an IAM role we grab
# only the "info" key and the IAM role name.
# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-categories.html
if k == "iam" && !hint?("iam")
ec2[:iam] = v.select { |key, value| key == "info" }
if v["security-credentials"] && v["security-credentials"].keys.length == 1
ec2[:iam]["role_name"] = v["security-credentials"].keys[0]
end
else
ec2[k] = v
end
end
ec2[:userdata] = fetch_userdata
ec2[:account_id] = fetch_dynamic_data["accountId"]
ec2[:availability_zone] = fetch_dynamic_data["availabilityZone"]
ec2[:region] = fetch_dynamic_data["region"]
if ec2[:userdata] && ec2[:userdata].encoding == Encoding::BINARY
logger.trace("Plugin EC2: Binary UserData Found. Storing in base64")
ec2[:userdata] = Base64.encode64(ec2[:userdata])
end
else
logger.trace("Plugin EC2: looks_like_ec2? == false")
false
end
end
end
|
