bob-l2: implement fetch-metadata service

ilyaluk · ilyaluk · commit 81ea927da185 · 2025-10-24T16:12:18.000+04:00
diff --git a/bob-l2/mkosi.extra/etc/systemd/system/fetch-metadata.service b/bob-l2/mkosi.extra/etc/systemd/system/fetch-metadata.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Fetch some environment variables from metadata service
+After=network.target network-setup.service
+Requires=network-setup.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/fetch-metadata.sh
+RemainAfterExit=yes
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=minimal.target
diff --git a/bob-l2/mkosi.extra/etc/systemd/system/searcher-container.service.d/needs-metadata.conf b/bob-l2/mkosi.extra/etc/systemd/system/searcher-container.service.d/needs-metadata.conf
@@ -0,0 +1,6 @@
+[Unit]
+After=fetch-metadata.service
+Requires=fetch-metadata.service
+
+[Service]
+EnvironmentFile=/etc/metadata.env
diff --git a/bob-l2/mkosi.extra/etc/systemd/system/searcher-firewall.service.d/needs-metadata.conf b/bob-l2/mkosi.extra/etc/systemd/system/searcher-firewall.service.d/needs-metadata.conf
@@ -0,0 +1,6 @@
+[Unit]
+After=fetch-metadata.service
+Requires=fetch-metadata.service
+
+[Service]
+EnvironmentFile=/etc/metadata.env
diff --git a/bob-l2/mkosi.extra/usr/bin/fetch-metadata.sh b/bob-l2/mkosi.extra/usr/bin/fetch-metadata.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+set -eu -o pipefail
+
+# This script fetches couple of pre-defined keys from instance metadata server
+# and writes them to /etc/metadata.env in the format:
+#   METADATA_{KEY}='{VALUE}'
+#
+# It also checks that received values do not contain newlines and conform to
+# ^[a-zA-Z0-9.,@:/_ -]*$
+
+# TODO: we should have fallback for local development in QEMU
+
+rm -f /etc/metadata.env # just in case
+touch /etc/metadata.env
+
+METADATA_URL="http://169.254.169.254/computeMetadata/v1/instance/attributes/"
+fetch_metadata_value() {
+    local key="$1"
+    curl -s -H "Metadata-Flavor: Google" "${METADATA_URL}${key}"
+}
+
+for key in \
+    BOB_L2_BACKRUNS_IP \
+    BOB_L2_TX_STREAM_IP \
+    BOB_L2_OP_NODE_CIDR
+do
+    value=$(fetch_metadata_value "$key")
+
+    if [ "$(echo "$value" | wc -l)" -ne 1 ]; then
+        echo "Error: Value for $key contains newlines"
+        exit 1
+    fi
+
+    if echo "$value" | grep -qvE '^[a-zA-Z0-9.,@:/_ -]*$'; then
+        echo "Error: Value for $key contains bad characters"
+        exit 1
+    fi
+
+    echo "METADATA_$key='$value'" >> /etc/metadata.env
+done
