diff options
| author | Michael Brown | 2017-01-23 15:41:22 +0100 |
|---|---|---|
| committer | Michael Brown | 2017-01-23 15:43:20 +0100 |
| commit | de85336abb7861e4ea4df2e296eb33d179c7c9bd (patch) | |
| tree | d155d26521ee1a4ae45e3baeaa099756ffcf43bc /src/net/tcp | |
| parent | [virtio] Use separate RX and TX empty header buffers (diff) | |
| download | ipxe-de85336abb7861e4ea4df2e296eb33d179c7c9bd.tar.gz ipxe-de85336abb7861e4ea4df2e296eb33d179c7c9bd.tar.xz ipxe-de85336abb7861e4ea4df2e296eb33d179c7c9bd.zip | |
[cloud] Add ability to retrieve Google Compute Engine metadata
For some unspecified "security" reason, the Google Compute Engine
metadata server will refuse any requests that do not include the
non-standard HTTP header "Metadata-Flavor: Google".
Attempt to autodetect such requests (by comparing the hostname against
"metadata.google.internal"), and add the "Metadata-Flavor: Google"
header if applicable.
Enable this feature in the CONFIG=cloud build, and include a sample
embedded script allowing iPXE to boot from a script configured as
metadata via e.g.
# Create shared boot image
make bin/ipxe.usb CONFIG=cloud EMBED=config/cloud/gce.ipxe
# Configure per-instance boot script
gcloud compute instances add-metadata <instance> \
--metadata-from-file ipxeboot=boot.ipxe
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/net/tcp')
| -rw-r--r-- | src/net/tcp/httpgce.c | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/src/net/tcp/httpgce.c b/src/net/tcp/httpgce.c new file mode 100644 index 00000000..c5d87902 --- /dev/null +++ b/src/net/tcp/httpgce.c @@ -0,0 +1,72 @@ +/* + * Copyright (C) 2017 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +/** + * @file + * + * Google Compute Engine (GCE) metadata retrieval + * + * For some unspecified "security" reason, the Google Compute Engine + * metadata server will refuse any requests that do not include the + * non-standard HTTP header "Metadata-Flavor: Google". + */ + +#include <strings.h> +#include <stdio.h> +#include <ipxe/http.h> + +/** Metadata host name + * + * This is used to identify metadata requests, in the absence of any + * more robust mechanism. + */ +#define GCE_METADATA_HOST_NAME "metadata.google.internal" + +/** + * Construct HTTP "Metadata-Flavor" header + * + * @v http HTTP transaction + * @v buf Buffer + * @v len Length of buffer + * @ret len Length of header value, or negative error + */ +static int http_format_metadata_flavor ( struct http_transaction *http, + char *buf, size_t len ) { + + /* Do nothing unless this appears to be a Google Compute + * Engine metadata request. + */ + if ( strcasecmp ( http->request.host, GCE_METADATA_HOST_NAME ) != 0 ) + return 0; + + /* Construct host URI */ + return snprintf ( buf, len, "Google" ); +} + +/** HTTP "Metadata-Flavor" header */ +struct http_request_header http_request_metadata_flavor __http_request_header ={ + .name = "Metadata-Flavor", + .format = http_format_metadata_flavor, +}; |