Created
December 16, 2017 18:17
-
-
Save djmetzle/4f253bb473a9b102e8f626cacfba90ee to your computer and use it in GitHub Desktop.
Steal an ENI for a Fedora/RedHat/CentOS Instance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -ex | |
| # Steal an ENI | |
| # (uses "ONLINE_ENI_ID" from the environment) | |
| # Get some instance basics | |
| METADATA_ENDPOINT="http://169.254.169.254/latest/dynamic/instance-identity/document" | |
| AWS_REGION=`curl -s $METADATA_ENDPOINT | jq .region -r` | |
| INSTANCE_ID=`curl -s http://169.254.169.254/latest/meta-data/instance-id` | |
| # Metadata about this ENI | |
| ENI_INFO=`aws ec2 describe-network-interfaces \ | |
| --region $AWS_REGION \ | |
| --network-interface-ids $ONLINE_ENI_ID` | |
| # Metadata about this subnet | |
| ENI_SUBNET_ID=`jq -r '.NetworkInterfaces[] | .SubnetId' <(echo $ENI_INFO)` | |
| SUBNET_INFO=`aws ec2 describe-subnets \ | |
| --region $AWS_REGION \ | |
| --subnet-ids $ENI_SUBNET_ID` | |
| # Parameters for the new instance config | |
| ENI_HWADDR=`jq -r '.NetworkInterfaces[] | .MacAddress' <(echo $ENI_INFO)` | |
| ENI_PRIVATEIP=`jq -r '.NetworkInterfaces[] | .PrivateIpAddress' <(echo $ENI_INFO)` | |
| ATTACHMENT_STATUS=`jq -r '.NetworkInterfaces[] | .Status' <(echo $ENI_INFO)` | |
| CIDR_BLOCK=`jq -r '.Subnets[] | .CidrBlock' <(echo $SUBNET_INFO)` | |
| # Scrape the VPC local gateway from the default route | |
| DEFAULT_ROUTE=`ip route | grep default` | |
| GATEWAY_REGEX='via\s+(\S+)\s+dev' | |
| if [[ $DEFAULT_ROUTE =~ $GATEWAY_REGEX ]]; then | |
| LOCAL_GATEWAY="${BASH_REMATCH[1]}" | |
| else | |
| echo "No default route found!?" | |
| exit 1 | |
| fi | |
| # Force eth0 to be the default gateway (possibly not necessary) | |
| sed -i '/GATEWAYDEV/d' /etc/sysconfig/network | |
| echo 'GATEWAYDEV=eth0' >> /etc/sysconfig/network | |
| # Add an ifcfg entry for the new interface | |
| cat <<EOT >/etc/sysconfig/network-scripts/ifcfg-eth1 | |
| DEVICE="eth1" | |
| BOOTPROTO="dhcp" | |
| ONBOOT="yes" | |
| TYPE="Ethernet" | |
| USERCTL="yes" | |
| PEERDNS="yes" | |
| IPV6INIT="no" | |
| PERSISTENT_DHCLIENT="1" | |
| EOT | |
| # Add a route | |
| echo "default via $LOCAL_GATEWAY dev eth1 table 2" \ | |
| > /etc/sysconfig/network-scripts/route-eth1 | |
| echo "$CIDR_BLOCK dev eth1 src $ENI_PRIVATEIP table 2" \ | |
| >> /etc/sysconfig/network-scripts/route-eth1 | |
| # Add a rule | |
| echo "from $ENI_PRIVATEIP/32 table 2" > /etc/sysconfig/network-scripts/rule-eth1 | |
| # Do the thing! | |
| if [[ "$ATTACHMENT_STATUS" = "in-use" ]]; then | |
| ATTACHMENT_ID=`jq -r '.NetworkInterfaces[] | .Attachment | .AttachmentId' <(echo $ENI_INFO)` | |
| # detach the ENI first before attaching | |
| aws ec2 detach-network-interface \ | |
| --region $AWS_REGION \ | |
| --attachment-id $ATTACHMENT_ID | |
| fi | |
| # attach the interface | |
| aws ec2 attach-network-interface \ | |
| --region $AWS_REGION \ | |
| --instance-id $INSTANCE_ID \ | |
| --device-index 1 \ | |
| --network-interface-id $ONLINE_ENI_ID | |
| # restart the network service to pick up changes | |
| systemctl restart network |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment