2017-08-17 20:30:44 -04:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
# Internal Initialization
|
|
|
|
|
|
|
|
source "${DIP_FUNCTIONS}"
|
|
|
|
|
2017-08-20 00:07:59 -04:00
|
|
|
[[ -r "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_NAME}.conf" ]] && \
|
2017-08-17 20:30:44 -04:00
|
|
|
source "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_NAME}.conf"
|
|
|
|
|
2017-08-20 00:07:59 -04:00
|
|
|
[[ -r "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_EXEC}.conf" ]] && \
|
2017-08-17 20:30:44 -04:00
|
|
|
source "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_EXEC}.conf"
|
|
|
|
|
|
|
|
if [[ -z "$agent_aws_sg_id" ]]; then
|
2017-08-20 00:07:59 -04:00
|
|
|
logerr "ERROR: Need 'agent_aws_sg_id' to be defined to your Security Group ID"
|
|
|
|
exit 99
|
2017-08-17 20:30:44 -04:00
|
|
|
fi
|
|
|
|
|
2018-12-07 22:09:12 -05:00
|
|
|
#if [[ -d "${DIP_BASE_DIR}/aws" ]]; then
|
|
|
|
# if [[ ! -r "${DIP_BASE_DIR}/aws/config" ]]; then
|
|
|
|
# logerr "ERROR: AWS config file not found: '${DIP_BASE_DIR}/aws/config'"
|
|
|
|
# exit 99
|
|
|
|
# elif [[ ! -r "${DIP_BASE_DIR}/aws/credentials" ]]; then
|
|
|
|
# logerr "ERROR: AWS credentials file not found: '${DIP_BASE_DIR}/aws/credentials'"
|
|
|
|
# exit 99
|
|
|
|
# else
|
|
|
|
# export AWS_CONFIG_FILE="${DIP_BASE_DIR}/aws/config"
|
|
|
|
# export AWS_SHARED_CREDENTIALS_FILE="${DIP_BASE_DIR}/aws/credentials"
|
|
|
|
# fi
|
|
|
|
#else
|
|
|
|
# logerr "ERROR: AWS config directory not found. '${DIP_BASE_DIR}/aws/' is expected to exist and contain 'config' and 'credentials' for AWS access."
|
|
|
|
# exit 99
|
|
|
|
#fi
|
|
|
|
|
|
|
|
if [[ -z "$AWS_ACCESS_KEY_ID" || -z "$AWS_SECRET_ACCESS_KEY" || -z "$AWS_DEFAULT_REGION" ]]; then
|
|
|
|
echo "ERROR: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY need to be set"
|
2017-08-20 00:07:59 -04:00
|
|
|
exit 99
|
2017-08-17 20:30:44 -04:00
|
|
|
fi
|
|
|
|
|
2017-08-20 00:07:59 -04:00
|
|
|
if [[ -z "$DIP_CUR_IP" || -z "$DIP_OLD_IP" ]]; then
|
2017-08-17 20:30:44 -04:00
|
|
|
logerr "ERROR: Agent expects currentip, and existingip."
|
|
|
|
exit 98
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
# Main
|
|
|
|
|
|
|
|
if valid_ipv4 "$DIP_CUR_IP"; then
|
2017-08-20 00:07:59 -04:00
|
|
|
if [[ "${DIP_CUR_IP}/32" = "${DIP_OLD_IP}/32" ]]; then
|
|
|
|
log "No changes required."
|
|
|
|
else
|
|
|
|
log "Updating Security Group IP"
|
|
|
|
aws ec2 revoke-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"IpRanges\": [{\"CidrIp\": \"${DIP_OLD_IP}/32\"}]}]"
|
|
|
|
aws ec2 authorize-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"IpRanges\": [{\"CidrIp\": \"${DIP_CUR_IP}/32\"}]}]"
|
|
|
|
fi
|
2017-08-17 20:30:44 -04:00
|
|
|
fi
|
|
|
|
|
|
|
|
if valid_ipv6 "$DIP_CUR_IP"; then
|
2017-08-20 00:07:59 -04:00
|
|
|
currentprefix=$(getIPv6Prefix "$DIP_CUR_IP")
|
|
|
|
existingprefix=$(getIPv6Prefix "$DIP_OLD_IP")
|
|
|
|
|
|
|
|
if [[ "$currentprefix" = "$existingprefix" ]]; then
|
|
|
|
log "No changes required."
|
|
|
|
else
|
|
|
|
log "Updating Security Group IPv6"
|
2018-12-07 22:09:12 -05:00
|
|
|
aws ec2 revoke-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${existingprefix}\"}]}]"
|
|
|
|
aws ec2 authorize-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${currentprefix}\"}]}]"
|
2017-08-20 00:07:59 -04:00
|
|
|
fi
|
2017-08-17 20:30:44 -04:00
|
|
|
fi
|