For some unspecified "security" reason, the Google Compute Engine metadata server will refuse any requests that do not include the non-standard HTTP header "Metadata-Flavor: Google". Attempt to autodetect such requests (by comparing the hostname against "metadata.google.internal"), and add the "Metadata-Flavor: Google" header if applicable. Enable this feature in the CONFIG=cloud build, and include a sample embedded script allowing iPXE to boot from a script configured as metadata via e.g. # Create shared boot image make bin/ipxe.usb CONFIG=cloud EMBED=config/cloud/gce.ipxe # Configure per-instance boot script gcloud compute instances add-metadata <instance> \ --metadata-from-file ipxeboot=boot.ipxe Signed-off-by: Michael Brown <mcb30@ipxe.org>

7 years ago · de85336abb
--- a/src/config/cloud/gce.ipxe
+++ b/src/config/cloud/gce.ipxe
@@ -0,0 +1,7 @@
 
				
				+#!ipxe
			
 
				
				+
			
 
				
				+echo Google Compute Engine - iPXE boot via metadata
			
 
				
				+ifstat ||
			
 
				
				+dhcp ||
			
 
				
				+route ||
			
 
				
				+chain -ar http://metadata.google.internal/computeMetadata/v1/instance/attributes/ipxeboot
			
--- a/src/config/cloud/general.h
+++ b/src/config/cloud/general.h
@@ -0,0 +1,4 @@
 
				
				+/* Allow retrieval of metadata (such as an iPXE boot script) from
			
 
				
				+ * Google Compute Engine metadata server.
			
 
				
				+ */
			
 
				
				+#define HTTP_HACK_GCE
			
--- a/src/config/config_http.c
+++ b/src/config/config_http.c
@@ -43,3 +43,6 @@ REQUIRE_OBJECT ( httpdigest );
 
				
				 #ifdef HTTP_ENC_PEERDIST
			
 
				
				 REQUIRE_OBJECT ( peerdist );
			
 
				
				 #endif
			
 
				
				+#ifdef HTTP_HACK_GCE
			
 
				
				+REQUIRE_OBJECT ( httpgce );
			
 
				
				+#endif
			
--- a/src/config/general.h
+++ b/src/config/general.h
@@ -78,6 +78,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 
				
				 #define HTTP_AUTH_BASIC		/* Basic authentication */
			
 
				
				 #define HTTP_AUTH_DIGEST	/* Digest authentication */
			
 
				
				 //#define HTTP_ENC_PEERDIST	/* PeerDist content encoding */
			
 
				
				+//#define HTTP_HACK_GCE		/* Google Compute Engine hacks */
			
 
				
				 
			
 
				
				 /*
			
 
				
				  * 802.11 cryptosystems and handshaking protocols
			
--- a/src/net/tcp/httpgce.c
+++ b/src/net/tcp/httpgce.c
@@ -0,0 +1,72 @@
 
				
				+/*
			
 
				
				+ * Copyright (C) 2017 Michael Brown <mbrown@fensystems.co.uk>.
			
 
				
				+ *
			
 
				
				+ * This program is free software; you can redistribute it and/or
			
 
				
				+ * modify it under the terms of the GNU General Public License as
			
 
				
				+ * published by the Free Software Foundation; either version 2 of the
			
 
				
				+ * License, or any later version.
			
 
				
				+ *
			
 
				
				+ * This program is distributed in the hope that it will be useful, but
			
 
				
				+ * WITHOUT ANY WARRANTY; without even the implied warranty of
			
 
				
				+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
			
 
				
				+ * General Public License for more details.
			
 
				
				+ *
			
 
				
				+ * You should have received a copy of the GNU General Public License
			
 
				
				+ * along with this program; if not, write to the Free Software
			
 
				
				+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
			
 
				
				+ * 02110-1301, USA.
			
 
				
				+ *
			
 
				
				+ * You can also choose to distribute this program under the terms of
			
 
				
				+ * the Unmodified Binary Distribution Licence (as given in the file
			
 
				
				+ * COPYING.UBDL), provided that you have satisfied its requirements.
			
 
				
				+ */
			
 
				
				+
			
 
				
				+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
			
 
				
				+
			
 
				
				+/**
			
 
				
				+ * @file
			
 
				
				+ *
			
 
				
				+ * Google Compute Engine (GCE) metadata retrieval
			
 
				
				+ *
			
 
				
				+ * For some unspecified "security" reason, the Google Compute Engine
			
 
				
				+ * metadata server will refuse any requests that do not include the
			
 
				
				+ * non-standard HTTP header "Metadata-Flavor: Google".
			
 
				
				+ */
			
 
				
				+
			
 
				
				+#include <strings.h>
			
 
				
				+#include <stdio.h>
			
 
				
				+#include <ipxe/http.h>
			
 
				
				+
			
 
				
				+/** Metadata host name
			
 
				
				+ *
			
 
				
				+ * This is used to identify metadata requests, in the absence of any
			
 
				
				+ * more robust mechanism.
			
 
				
				+ */
			
 
				
				+#define GCE_METADATA_HOST_NAME "metadata.google.internal"
			
 
				
				+
			
 
				
				+/**
			
 
				
				+ * Construct HTTP "Metadata-Flavor" header
			
 
				
				+ *
			
 
				
				+ * @v http		HTTP transaction
			
 
				
				+ * @v buf		Buffer
			
 
				
				+ * @v len		Length of buffer
			
 
				
				+ * @ret len		Length of header value, or negative error
			
 
				
				+ */
			
 
				
				+static int http_format_metadata_flavor ( struct http_transaction *http,
			
 
				
				+					 char *buf, size_t len ) {
			
 
				
				+
			
 
				
				+	/* Do nothing unless this appears to be a Google Compute
			
 
				
				+	 * Engine metadata request.
			
 
				
				+	 */
			
 
				
				+	if ( strcasecmp ( http->request.host, GCE_METADATA_HOST_NAME ) != 0 )
			
 
				
				+		return 0;
			
 
				
				+
			
 
				
				+	/* Construct host URI */
			
 
				
				+	return snprintf ( buf, len, "Google" );
			
 
				
				+}
			
 
				
				+
			
 
				
				+/** HTTP "Metadata-Flavor" header */
			
 
				
				+struct http_request_header http_request_metadata_flavor __http_request_header ={
			
 
				
				+	.name = "Metadata-Flavor",
			
 
				
				+	.format = http_format_metadata_flavor,
			
 
				
				+};