Skip to content

feat: Support Debian-based distros #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: Support Debian-based distros #62

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 58 additions & 10 deletions userdata.sh.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,19 @@ exec > >(tee /var/log/user-data.log | logger -t user-data -s 2>/dev/console) 2>&

echo "Starting user-data script..."

echo "Determining package manager..."

# Work with both dnf and apt-get.
if command -v apt-get >/dev/null 2>&1; then
PKG_MANAGER=apt-get
INSTALL_CMD="apt-get install -y"
else
PKG_MANAGER=dnf
INSTALL_CMD="dnf install -y"
fi

echo "Detected the following package manager: $PKG_MANAGER."

echo "Enabling IP forwarding..."
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' >> /etc/sysctl.conf
Expand Down Expand Up @@ -54,26 +67,61 @@ retry_command() {
return $exit_code
}

# Install CloudWatch Agent
echo "Installing CloudWatch Agent..."
retry_command "dnf install -y amazon-cloudwatch-agent" 5
# Function to install necessary packages per distro.
install_packages() {
case "$PKG_MANAGER" in
apt-get)
# Update package cache.
echo "Updating package cache..."
retry_command "$PKG_MANAGER update" 5

# Install utilities.
echo "Installing utilities..."
retry_command "$INSTALL_CMD curl wget" 5

# Install CloudWatch Agent.
echo "Installing CloudWatch Agent..."
distro=$(grep '^ID=' /etc/os-release | cut -d'=' -f2)
arch=$(uname -m)
case "$arch" in
x86_64)
arch=amd64
;;
*)
arch=arm64
;;
esac
Comment on lines +84 to +93
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Improve architecture detection for better compatibility.

The current architecture mapping is overly simplistic and may cause issues with other architectures like i386, s390x, or ppc64le.

Consider using a more comprehensive architecture mapping:

-      case "$arch" in
-        x86_64)
-          arch=amd64
-          ;;
-        *)
-          arch=arm64
-          ;;
-      esac
+      case "$arch" in
+        x86_64)
+          arch=amd64
+          ;;
+        aarch64|arm64)
+          arch=arm64
+          ;;
+        *)
+          echo "Unsupported architecture: $arch"
+          exit 1
+          ;;
+      esac
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
distro=$(grep '^ID=' /etc/os-release | cut -d'=' -f2)
arch=$(uname -m)
case "$arch" in
x86_64)
arch=amd64
;;
*)
arch=arm64
;;
esac
distro=$(grep '^ID=' /etc/os-release | cut -d'=' -f2)
arch=$(uname -m)
case "$arch" in
x86_64)
arch=amd64
;;
aarch64|arm64)
arch=arm64
;;
*)
echo "Unsupported architecture: $arch"
exit 1
;;
esac
🤖 Prompt for AI Agents 
In userdata.sh.tmpl around lines 84 to 93, the architecture detection is too
simplistic, only mapping x86_64 to amd64 and everything else to arm64, which can
cause issues with other architectures like i386, s390x, or ppc64le. Update the
case statement to include explicit mappings for common architectures such as
i386 to 386, s390x to s390x, ppc64le to ppc64le, and keep amd64 for x86_64,
while defaulting to arm64 only if no other match is found. This will improve
compatibility across different systems.

retry_command "wget https://amazoncloudwatch-agent.s3.amazonaws.com/$distro/$arch/latest/amazon-cloudwatch-agent.deb" 5
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Validate distro ID before using in URL construction.

The script extracts the distro ID directly from /etc/os-release without validation, which could lead to malformed URLs or security issues if the distro ID contains unexpected characters.

Add validation for the distro ID:

       distro=$(grep '^ID=' /etc/os-release | cut -d'=' -f2)
+      # Remove quotes and validate distro ID
+      distro=$(echo "$distro" | tr -d '"' | grep -E '^[a-z0-9]+$')
+      if [ -z "$distro" ]; then
+        echo "Could not determine valid distro ID"
+        exit 1
+      fi
       arch=$(uname -m)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
retry_command "wget https://amazoncloudwatch-agent.s3.amazonaws.com/$distro/$arch/latest/amazon-cloudwatch-agent.deb" 5
distro=$(grep '^ID=' /etc/os-release | cut -d'=' -f2)
# Remove quotes and validate distro ID
distro=$(echo "$distro" | tr -d '"' | grep -E '^[a-z0-9]+$')
if [ -z "$distro" ]; then
echo "Could not determine valid distro ID"
exit 1
fi
arch=$(uname -m)
retry_command "wget https://amazoncloudwatch-agent.s3.amazonaws.com/$distro/$arch/latest/amazon-cloudwatch-agent.deb" 5
🤖 Prompt for AI Agents 
In userdata.sh.tmpl at line 94, the distro ID used in the wget URL is extracted
without validation, risking malformed URLs or security issues. Add validation
logic to ensure the distro ID contains only expected characters (e.g.,
alphanumeric, dashes) before using it in the URL. If the validation fails,
handle the error appropriately or set a default safe value to prevent unsafe URL
construction.

retry_command "dpkg -i -E ./amazon-cloudwatch-agent.deb" 5
;;
*)
# Install utilities.
echo "Installing utilities..."
retry_command "$INSTALL_CMD dnf-utils" 5
Comment on lines +99 to +100
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Inconsistent utility installation between package managers.

For apt-get systems, the script installs curl and wget, but for dnf systems it only installs dnf-utils. This inconsistency could cause issues if later parts of the script expect these utilities to be available.

Ensure consistent utility installation:

       # Install utilities.
       echo "Installing utilities..."
-      retry_command "$INSTALL_CMD dnf-utils" 5
+      retry_command "$INSTALL_CMD curl wget dnf-utils" 5
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
echo "Installing utilities..."
retry_command "$INSTALL_CMD dnf-utils" 5
# Install utilities.
echo "Installing utilities..."
retry_command "$INSTALL_CMD curl wget dnf-utils" 5
🤖 Prompt for AI Agents 
In userdata.sh.tmpl around lines 99 to 100, the script installs curl and wget
for apt-get systems but only installs dnf-utils for dnf systems, causing
inconsistency. Modify the dnf installation command to also include curl and wget
along with dnf-utils to ensure these utilities are consistently installed across
package managers.


# Install CloudWatch Agent.
echo "Installing CloudWatch Agent..."
retry_command "$INSTALL_CMD amazon-cloudwatch-agent" 5
;;
esac
}

# Install necessary packages.
echo "Installing necessary packages..."
install_packages

# Start the CloudWatch Agent.
amazon-cloudwatch-agent-ctl -a start -m ec2

# Install Tailscale
echo "Installing Tailscale..."
retry_command "dnf install -y dnf-utils" 5
retry_command "dnf config-manager --add-repo https://pkgs.tailscale.com/stable/amazon-linux/2/tailscale.repo" 5
retry_command "dnf install -y tailscale" 5
retry_command "curl -fsSL https://tailscale.com/install.sh | sh" 5

%{ if tailscaled_extra_flags_enabled == true }
echo "Exporting FLAGS to /etc/default/tailscaled..."
sed -i "s|^FLAGS=.*|FLAGS=\"${tailscaled_extra_flags}\"|" /etc/default/tailscaled
%{ endif }

# Setup Tailscale
echo "Enabling and starting tailscaled service..."
systemctl enable --now tailscaled

Comment on lines -73 to -76
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why remove these lines @cmam?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah from your comment in PR description, it sounds like the new install script that you're invoking does this step?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed @Gowiem, if you check the install script provided by Tailscale, they cover the service registration (https://tailscale.com/install.sh).

echo "Waiting for tailscaled to initialize..."
sleep 5

Expand Down