def __enter__(self):
self.logger.info('Open SSH session to instance "{0}" (IP: {1})'.format(self.name, self.floating_ip))
self.ssh = paramiko.SSHClient()
self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
k = paramiko.RSAKey.from_private_key_file(self.args.ssh_rsa_private_key_file)
except paramiko.ssh_exception.PasswordRequiredException:
if hasattr(self.args, 'key_password'):
key_password = self.args.key_password
else:
key_password = get_password(self.logger, 'Private key password: '******'Incorrect password for private key')
sys.exit(errno.EACCES)
attempts = self.CONNECTION_ATTEMPTS
while attempts > 0:
try:
self.ssh.connect(hostname=self.floating_ip, username=self.args.ssh_username, pkey=k)
return self
except Exception:
attempts -= 1
self.logger.info('Could not open SSH session, wait for {0} seconds and try {1} times more'
.format(self.CONNECTION_RECOVERY_INTERVAL, attempts))
time.sleep(self.CONNECTION_RECOVERY_INTERVAL)
self.logger.error('Could not open SSH session')
sys.exit(errno.EPERM)
def _setup_keypair(self):
private_key_file = self.args.ssh_rsa_private_key_file
if not private_key_file:
self.logger.error(
'Private key is required. Please specify it using --ssh-rsa-private-key-file argument'
)
sys.exit(errno.EINVAL)
if not os.path.exists(private_key_file):
self.logger.error(
'Specified private key "{}" does not exist'.format(
private_key_file))
sys.exit(errno.ENOENT)
self.logger.info(
'Setup OpenStack keypair using specified private key "{}"'.format(
private_key_file))
private_key = open(private_key_file, 'rb').read()
try:
public_key = RSA.import_key(private_key).publickey().exportKey(
'OpenSSH')
except ValueError:
self.args.key_password = get_password(self.logger,
'Private key password: '******'OpenSSH')
except ValueError:
self.logger.error('Incorrect password for private key')
sys.exit(errno.EACCES)
try:
kp = self.clients.nova.keypairs.get(self.args.os_keypair_name)
kp_public_key = kp.to_dict()['public_key']
# Normalize kp_public_key in order to be able to compare it with public_key
kp_public_key = RSA.import_key(
kp_public_key).publickey().exportKey('OpenSSH')
if public_key != kp_public_key:
self.logger.error(
'Specified private key "{}" does not match "{}" keypair stored in OpenStack'
.format(private_key_file, self.args.os_keypair_name))
sys.exit(errno.EINVAL)
except novaclient.exceptions.NotFound:
self.logger.info(
'Specified keypair "{}" is not found and will be created'.
format(self.args.os_keypair_name))
self.clients.nova.keypairs.create(
self.args.os_keypair_name,
public_key=public_key.decode('utf8'))
def __connect(self):
self.logger.info('Sign in to OpenStack')
auth = v2.Password(**{
'auth_url': self.args.os_auth_url,
'username': self.args.os_username,
'password': get_password(self.logger, 'OpenStack password for authentication: '),
'tenant_name': self.args.os_tenant_name
})
sess = session.Session(auth=auth)
try:
# Perform a request to OpenStack in order to check the correctness of provided username and password.
sess.get_auth_headers()
except keystoneauth1.exceptions.http.Unauthorized:
self.logger.error('Sign in failed: invalid username or password')
sys.exit(errno.EACCES)
return OSClients(self.logger, sess)
def __get_session(self):
self.logger.info('Sign in to OpenStack')
auth = keystoneauth1.identity.v2.Password(
auth_url=self.args.os_auth_url,
username=self.args.os_username,
password=get_password(self.logger,
'OpenStack password for authentication: '),
tenant_name=self.args.os_tenant_name)
session = keystoneauth1.session.Session(auth=auth)
try:
# Perform a request to OpenStack in order to check the correctness of provided username and password.
session.get_auth_headers()
except keystoneauth1.exceptions.http.Unauthorized:
self.logger.error('Sign in failed: invalid username or password')
sys.exit(errno.EACCES)
return session
def __get_session(self):
self.logger.info('Sign in to OpenStack')
try:
with open(self.password_file, 'r') as fp:
password = fp.read()
self.logger.info(f'Use password from "{self.password_file}" file')
except Exception:
password = get_password(self.logger,
'OpenStack password for authentication: ')
auth = keystoneauth1.identity.v3.Password(
auth_url=OS_AUTH_URL,
username=self.os_username,
password=password,
user_domain_name=OS_DOMAIN_NAME,
project_domain_name=OS_DOMAIN_NAME,
project_name=OS_TENANT_NAME,
)
session = keystoneauth1.session.Session(auth=auth)
if not os.path.isfile(self.password_file) and self.store_password:
self.logger.info(
f'Your password is now stored in plain text in "{self.password_file}" file'
)
os.makedirs(os.path.dirname(self.password_file), exist_ok=True)
with open(self.password_file, 'w') as fp:
fp.write(password)
try:
# Perform a request to OpenStack in order to check the correctness of provided username and password.
session.get_auth_headers()
except keystoneauth1.exceptions.http.Unauthorized:
self.logger.error('Sign in failed: invalid username or password')
sys.exit(errno.EACCES)
return session