Example #1
0
def main():
    argument_spec = ec2_argument_spec()
    argument_spec.update(dict(
            instance_id = dict(required=True),
            key_file = dict(required=True),
            key_passphrase = dict(no_log=True, default=None, required=False),
            wait = dict(type='bool', default=False, required=False),
            wait_timeout = dict(default=120, required=False),
        )
    )
    module = AnsibleModule(argument_spec=argument_spec)

    if not HAS_BOTO:
        module.fail_json(msg='Boto required for this module.')

    instance_id = module.params.get('instance_id')
    key_file = expanduser(module.params.get('key_file'))
    key_passphrase = module.params.get('key_passphrase')
    wait = module.params.get('wait')
    wait_timeout = int(module.params.get('wait_timeout'))

    ec2 = ec2_connect(module)

    if wait:
        start = datetime.datetime.now()
        end = start + datetime.timedelta(seconds=wait_timeout)

        while datetime.datetime.now() < end:
            data = ec2.get_password_data(instance_id)
            decoded = b64decode(data)
            if wait and not decoded:
                time.sleep(5)
            else:
                break
    else:
        data = ec2.get_password_data(instance_id)
        decoded = b64decode(data)

    if wait and datetime.datetime.now() >= end:
        module.fail_json(msg = "wait for password timeout after %d seconds" % wait_timeout)

    f = open(key_file, 'r')
    key = RSA.importKey(f.read(), key_passphrase)
    cipher = PKCS1_v1_5.new(key)
    sentinel = 'password decryption failed!!!'

    try:
        decrypted = cipher.decrypt(decoded, sentinel)
    except ValueError as e:
        decrypted = None

    if decrypted == None:
        module.exit_json(win_password='', changed=False)
    else:
        if wait:
            elapsed = datetime.datetime.now() - start
            module.exit_json(win_password=decrypted, changed=True, elapsed=elapsed.seconds)
        else:
            module.exit_json(win_password=decrypted, changed=True)
def main():
    argument_spec = ec2_argument_spec()
    argument_spec.update(dict(
            instance_id = dict(required=True),
            key_file = dict(required=True),
        )
    )
    module = AnsibleModule(argument_spec=argument_spec)

    if not HAS_BOTO:
        module.fail_json(msg='Boto required for this module.')

    instance_id = module.params.get('instance_id')
    key_file = expanduser(module.params.get('key_file'))

    ec2 = ec2_connect(module)

    data = ec2.get_password_data(instance_id)
    decoded = b64decode(data)

    f = open(key_file, 'r')
    key = RSA.importKey(f.read())
    cipher = PKCS1_v1_5.new(key)
    sentinel = 'password decryption failed!!!'

    try:
      decrypted = cipher.decrypt(decoded, sentinel)
    except ValueError as e:
      decrypted = None

    if decrypted == None:
        module.exit_json(win_password='', changed=False)
    else:
        module.exit_json(win_password=decrypted, changed=True)
def main():
    argument_spec = ec2_argument_spec()
    argument_spec.update(dict(
            instance_id = dict(required=True),
            key_file = dict(required=True),
        )
    )
    module = AnsibleModule(argument_spec=argument_spec)

    if not HAS_BOTO:
        module.fail_json(msg='Boto required for this module.')

    instance_id = module.params.get('instance_id')
    key_file = expanduser(module.params.get('key_file'))

    ec2 = ec2_connect(module)

    data = ec2.get_password_data(instance_id)
    decoded = b64decode(data)

    f = open(key_file, 'r')
    key = RSA.importKey(f.read())
    cipher = PKCS1_v1_5.new(key)
    sentinel = 'password decryption failed!!!'

    try:
      decrypted = cipher.decrypt(decoded, sentinel)
    except ValueError as e:
      decrypted = None

    if decrypted == None:
        module.exit_json(win_password='', changed=False)
    else:
        module.exit_json(win_password=decrypted, changed=True)
Example #4
0
def getWindowsPassword(ec2, instance, keyfile):
    plaintext = None
    password_data = None
    try:
        input = open(keyfile)
        key = RSA.importKey(input.read())
        input.close()
        # is this really the best way?
        while not password_data:
            print "getting password for instance: ", instance
            password_data = ec2.get_password_data(instance)
            time.sleep(10)
        cipher = PKCS1_v1_5.new(key)
        plaintext = cipher.decrypt(password_data.decode('base64'), None)
    except IOError, e:
        print "IOError: ", e[0], e[1], keyfile
Example #5
0
def getWindowsPassword(ec2, instance, keyfile):
    plaintext = None
    password_data = None
    try:
        input = open(keyfile)
        key = RSA.importKey(input.read())
        input.close()
        # is this really the best way?
        while not password_data:
            print "getting password for instance: ", instance
            password_data = ec2.get_password_data(instance)
            print "intermed data", password_data
            time.sleep(10)
        cipher = PKCS1_v1_5.new(key)
        plaintext = cipher.decrypt(password_data.decode('base64'), None)
    except IOError, e:
        print "IOError: ", e[0], e[1], keyfile
Example #6
0
def attach_volume(module, ec2, volume, instance):

    device_name = module.params.get('device_name')
    delete_on_termination = module.params.get('delete_on_termination')
    changed = False

    # If device_name isn't set, make a choice based on best practices here:
    # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html

    # In future this needs to be more dynamic but combining block device mapping best practices
    # (bounds for devices, as above) with instance.block_device_mapping data would be tricky. For me ;)

    # Use password data attribute to tell whether the instance is Windows or Linux
    if device_name is None:
        try:
            if not ec2.get_password_data(instance.id):
                device_name = '/dev/sdf'
            else:
                device_name = '/dev/xvdf'
        except boto.exception.BotoServerError as e:
            module.fail_json(msg="%s: %s" % (e.error_code, e.error_message))

    if volume.attachment_state() is not None:
        adata = volume.attach_data
        if adata.instance_id != instance.id:
            module.fail_json(
                msg="Volume %s is already attached to another instance: %s" %
                (volume.id, adata.instance_id))
        else:
            # Volume is already attached to right instance
            changed = modify_dot_attribute(module, ec2, instance, device_name)
    else:
        try:
            volume.attach(instance.id, device_name)
            while volume.attachment_state() != 'attached':
                time.sleep(3)
                volume.update()
            changed = True
        except boto.exception.BotoServerError as e:
            module.fail_json(msg="%s: %s" % (e.error_code, e.error_message))

        modify_dot_attribute(module, ec2, instance, device_name)

    return volume, changed
Example #7
0
def attach_volume(module, ec2, volume, instance):

    device_name = module.params.get('device_name')
    delete_on_termination = module.params.get('delete_on_termination')
    changed = False

    # If device_name isn't set, make a choice based on best practices here:
    # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html

    # In future this needs to be more dynamic but combining block device mapping best practices
    # (bounds for devices, as above) with instance.block_device_mapping data would be tricky. For me ;)

    # Use password data attribute to tell whether the instance is Windows or Linux
    if device_name is None:
        try:
            if not ec2.get_password_data(instance.id):
                device_name = '/dev/sdf'
            else:
                device_name = '/dev/xvdf'
        except boto.exception.BotoServerError as e:
            module.fail_json(msg = "%s: %s" % (e.error_code, e.error_message))

    if volume.attachment_state() is not None:
        adata = volume.attach_data
        if adata.instance_id != instance.id:
            module.fail_json(msg = "Volume %s is already attached to another instance: %s"
                             % (volume.id, adata.instance_id))
        else:
            # Volume is already attached to right instance
            changed = modify_dot_attribute(module, ec2, instance, device_name)
    else:
        try:
            volume.attach(instance.id, device_name)
            while volume.attachment_state() != 'attached':
                time.sleep(3)
                volume.update()
            changed = True
        except boto.exception.BotoServerError as e:
            module.fail_json(msg = "%s: %s" % (e.error_code, e.error_message))

        modify_dot_attribute(module, ec2, instance, device_name)

    return volume, changed
Example #8
0
def attach_volume(module, ec2, volume, instance):

    device_name = module.params.get("device_name")
    changed = False

    # If device_name isn't set, make a choice based on best practices here:
    # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html

    # In future this needs to be more dynamic but combining block device mapping best practices
    # (bounds for devices, as above) with instance.block_device_mapping data would be tricky. For me ;)

    # Use password data attribute to tell whether the instance is Windows or Linux
    if device_name is None:
        try:
            if not ec2.get_password_data(instance.id):
                device_name = "/dev/sdf"
            else:
                device_name = "/dev/xvdf"
        except boto.exception.BotoServerError, e:
            module.fail_json(msg="%s: %s" % (e.error_code, e.error_message))
Example #9
0
def attach_volume(module, ec2, volume, instance):

    device_name = module.params.get('device_name')
    changed = False

    # If device_name isn't set, make a choice based on best practices here:
    # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html

    # In future this needs to be more dynamic but combining block device mapping best practices
    # (bounds for devices, as above) with instance.block_device_mapping data would be tricky. For me ;)

    # Use password data attribute to tell whether the instance is Windows or Linux
    if device_name is None:
        try:
            if not ec2.get_password_data(instance.id):
                device_name = '/dev/sdf'
            else:
                device_name = '/dev/xvdf'
        except boto.exception.BotoServerError, e:
            module.fail_json(msg="%s: %s" % (e.error_code, e.error_message))
Example #10
0
            while volume.attachment_state() != 'attached':
                time.sleep(3)
                volume.update()
        except boto.exception.BotoServerError, e:
            module.fail_json(msg = "%s: %s" % (e.error_code, e.error_message))

    # If device_name isn't set, make a choice based on best practices here:
    # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html

    # In future this needs to be more dynamic but combining block device mapping best practices
    # (bounds for devices, as above) with instance.block_device_mapping data would be tricky. For me ;)

    # Use password data attribute to tell whether the instance is Windows or Linux
    if device_name is None and instance:
        try:
            if not ec2.get_password_data(instance.id):
                device_name = '/dev/sdf'
                attach = volume.attach(instance.id, device_name)
                while volume.attachment_state() != 'attached':
                    time.sleep(3)
                    volume.update()
            else:
                device_name = '/dev/xvdf'
                attach = volume.attach(instance.id, device_name)
                while volume.attachment_state() != 'attached':
                    time.sleep(3)
                    volume.update()
        except boto.exception.BotoServerError, e:
            module.fail_json(msg = "%s: %s" % (e.error_code, e.error_message))

def detach_volume(module, ec2):
Example #11
0
            while volume.attachment_state() != 'attached':
                time.sleep(3)
                volume.update()
        except boto.exception.BotoServerError, e:
            module.fail_json(msg="%s: %s" % (e.error_code, e.error_message))

    # If device_name isn't set, make a choice based on best practices here:
    # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html

    # In future this needs to be more dynamic but combining block device mapping best practices
    # (bounds for devices, as above) with instance.block_device_mapping data would be tricky. For me ;)

    # Use password data attribute to tell whether the instance is Windows or Linux
    if device_name is None and instance:
        try:
            if not ec2.get_password_data(instance.id):
                device_name = '/dev/sdf'
                attach = volume.attach(instance.id, device_name)
                while volume.attachment_state() != 'attached':
                    time.sleep(3)
                    volume.update()
            else:
                device_name = '/dev/xvdf'
                attach = volume.attach(instance.id, device_name)
                while volume.attachment_state() != 'attached':
                    time.sleep(3)
                    volume.update()
        except boto.exception.BotoServerError, e:
            module.fail_json(msg="%s: %s" % (e.error_code, e.error_message))

def main():
    argument_spec = ec2_argument_spec()
    argument_spec.update(
        dict(
            instance_id=dict(required=True),
            key_file=dict(required=False, type='path'),
            key_file_data=dict(required=False, type='str', no_log=True),
            key_passphrase=dict(no_log=True, default=None, required=False),
            wait=dict(type='bool', default=False, required=False),
            wait_timeout=dict(default=120, required=False),
        ))
    module = AnsibleModule(argument_spec=argument_spec,
                           mutually_exclusive=[
                               ['key_file', 'key_file_data'],
                           ],
                           required_one_of=[['key_file', 'key_file_data']])

    if not HAS_BOTO:
        module.fail_json(msg='Boto required for this module.')

    instance_id = module.params.get('instance_id')
    key_file = module.params.get('key_file')
    key_file_data = module.params.get('key_file_data')
    if module.params.get('key_passphrase') is None:
        b_key_passphrase = None
    else:
        b_key_passphrase = to_bytes(module.params.get('key_passphrase'),
                                    errors='surrogate_or_strict')
    wait = module.params.get('wait')
    wait_timeout = int(module.params.get('wait_timeout'))

    ec2 = ec2_connect(module)

    if wait:
        start = datetime.datetime.now()
        end = start + datetime.timedelta(seconds=wait_timeout)

        while datetime.datetime.now() < end:
            data = ec2.get_password_data(instance_id)
            decoded = b64decode(data)
            if wait and not decoded:
                time.sleep(5)
            else:
                break
    else:
        data = ec2.get_password_data(instance_id)
        decoded = b64decode(data)

    if wait and datetime.datetime.now() >= end:
        module.fail_json(msg="wait for password timeout after %d seconds" %
                         wait_timeout)

    if key_file_data is None:
        try:
            f = open(key_file, 'rb')
        except IOError as e:
            module.fail_json(msg="I/O error (%d) opening key file: %s" %
                             (e.errno, e.strerror))
        else:
            try:
                with f:
                    key = load_pem_private_key(f.read(), b_key_passphrase,
                                               BACKEND)
            except (ValueError, TypeError) as e:
                module.fail_json(msg="unable to parse key file")
    else:
        key = load_pem_private_key(key_file_data, b_key_passphrase, BACKEND)

    try:
        decrypted = key.decrypt(decoded, PKCS1v15())
    except ValueError as e:
        decrypted = None

    if decrypted is None:
        module.exit_json(win_password='', changed=False)
    else:
        if wait:
            elapsed = datetime.datetime.now() - start
            module.exit_json(win_password=decrypted,
                             changed=True,
                             elapsed=elapsed.seconds)
        else:
            module.exit_json(win_password=decrypted, changed=True)
def main():
    argument_spec = ec2_argument_spec()
    argument_spec.update(
        dict(
            instance_id=dict(required=True),
            key_file=dict(required=True),
            key_passphrase=dict(no_log=True, default=None, required=False),
            wait=dict(type='bool', default=False, required=False),
            wait_timeout=dict(default=120, required=False),
        ))
    module = AnsibleModule(argument_spec=argument_spec)

    if not HAS_BOTO:
        module.fail_json(msg='Boto required for this module.')

    instance_id = module.params.get('instance_id')
    key_file = expanduser(module.params.get('key_file'))
    key_passphrase = module.params.get('key_passphrase')
    wait = module.params.get('wait')
    wait_timeout = int(module.params.get('wait_timeout'))

    ec2 = ec2_connect(module)

    if wait:
        start = datetime.datetime.now()
        end = start + datetime.timedelta(seconds=wait_timeout)

        while datetime.datetime.now() < end:
            data = ec2.get_password_data(instance_id)
            decoded = b64decode(data)
            if wait and not decoded:
                time.sleep(5)
            else:
                break
    else:
        data = ec2.get_password_data(instance_id)
        decoded = b64decode(data)

    if wait and datetime.datetime.now() >= end:
        module.fail_json(msg="wait for password timeout after %d seconds" %
                         wait_timeout)

    try:
        f = open(key_file, 'r')
    except IOError as e:
        module.fail_json(msg="I/O error (%d) opening key file: %s" %
                         (e.errno, e.strerror))
    else:
        try:
            with f:
                key = RSA.importKey(f.read(), key_passphrase)
        except (ValueError, IndexError, TypeError) as e:
            module.fail_json(msg="unable to parse key file")

    cipher = PKCS1_v1_5.new(key)
    sentinel = 'password decryption failed!!!'

    try:
        decrypted = cipher.decrypt(decoded, sentinel)
    except ValueError as e:
        decrypted = None

    if decrypted == None:
        module.exit_json(win_password='', changed=False)
    else:
        if wait:
            elapsed = datetime.datetime.now() - start
            module.exit_json(win_password=decrypted,
                             changed=True,
                             elapsed=elapsed.seconds)
        else:
            module.exit_json(win_password=decrypted, changed=True)
Example #14
0
def main():
    argument_spec = ec2_argument_spec()
    argument_spec.update(dict(
        instance_id = dict(required=True),
        key_file = dict(required=True, type='path'),
        key_passphrase = dict(no_log=True, default=None, required=False),
        wait = dict(type='bool', default=False, required=False),
        wait_timeout = dict(default=120, required=False),
    )
    )
    module = AnsibleModule(argument_spec=argument_spec)

    if not HAS_BOTO:
        module.fail_json(msg='Boto required for this module.')

    instance_id = module.params.get('instance_id')
    key_file = module.params.get('key_file')
    b_key_passphrase = to_bytes(module.params.get('key_passphrase'), errors='surrogate_or_strict')
    wait = module.params.get('wait')
    wait_timeout = int(module.params.get('wait_timeout'))

    ec2 = ec2_connect(module)

    if wait:
        start = datetime.datetime.now()
        end = start + datetime.timedelta(seconds=wait_timeout)

        while datetime.datetime.now() < end:
            data = ec2.get_password_data(instance_id)
            decoded = b64decode(data)
            if wait and not decoded:
                time.sleep(5)
            else:
                break
    else:
        data = ec2.get_password_data(instance_id)
        decoded = b64decode(data)

    if wait and datetime.datetime.now() >= end:
        module.fail_json(msg = "wait for password timeout after %d seconds" % wait_timeout)

    try:
        f = open(key_file, 'rb')
    except IOError as e:
        module.fail_json(msg = "I/O error (%d) opening key file: %s" % (e.errno, e.strerror))
    else:
        try:
            with f:
                key = load_pem_private_key(f.read(), b_key_passphrase, BACKEND)
        except (ValueError, TypeError) as e:
            module.fail_json(msg = "unable to parse key file")

    try:
        decrypted = key.decrypt(decoded, PKCS1v15())
    except ValueError as e:
        decrypted = None

    if decrypted is None:
        module.exit_json(win_password='', changed=False)
    else:
        if wait:
            elapsed = datetime.datetime.now() - start
            module.exit_json(win_password=decrypted, changed=True, elapsed=elapsed.seconds)
        else:
            module.exit_json(win_password=decrypted, changed=True)