def sync_keypairs(keypair_name, public_key_file): """ Synchronize SSH keypairs across all EC2 regions. keypair_name The name of the keypair. public_key_file The path to the file containing the public key portion of the keypair. """ fp = open(public_key_file) material = fp.read() fp.close() for region in boto.ec2.regions(): ec2 = region.connect() # Try to list the keypair. If it doesn't exist # in this region, then import it. try: key = ec2.get_all_key_pairs(keynames=[keypair_name])[0] print 'Keypair(%s) already exists in %s' % (keypair_name, region.name) except ec2.ResponseError, e: if e.code == 'InvalidKeyPair.NotFound': print 'Importing keypair(%s) to %s' % (keypair_name, region.name) ec2.import_key_pair(keypair_name, material)
def create_keypair(econfig_file=None, region=None, keyname="bcbio"): """Create a bcbio keypair and import to ec2. Gives us access to keypair locally and at AWS. """ import boto import boto.ec2 if econfig_file: keypair_dir = os.path.dirname(econfig_file).replace("elasticluster", "aws_keypairs") else: keypair_dir = os.path.join(os.getcwd(), "aws_keypairs") if not os.path.exists(keypair_dir): os.makedirs(keypair_dir) private_key = os.path.join(os.path.join(keypair_dir, keyname)) new_key = not os.path.exists(private_key) if new_key: cmd = ["ssh-keygen", "-t", "rsa", "-N", "", "-f", private_key, "-C", "bcbio_aws_keypair"] subprocess.check_call(cmd) public_key = private_key + ".pub" if region: ec2 = boto.ec2.connect_to_region(region) else: ec2 = boto.connect_ec2() key = ec2.get_key_pair(keyname) if key and new_key: print("Non matching key %s found in AWS, removing." % keyname) ec2.delete_key_pair(keyname) key = None if not key: print("Key %s not found in AWS, importing created key" % keyname) with open(public_key) as in_handle: ec2.import_key_pair(keyname, in_handle.read()) return {"user_key_name": keyname, "user_key_private": private_key, "user_key_public": public_key}
def create_account(args, dbh, iam, ec2, user_name, name, note=''): response = iam.create_user(user_name) user = response.user password = generate_password(args) response = iam.create_login_profile(user_name, password) iam.add_user_to_group(args.default_group, user_name) public_key = _generate_keypair(args, user_name) _put_user_policy(args, iam, user_name) ec2.import_key_pair(user_name, public_key) dbh.execute(""" INSERT INTO users (user_name, name, note, password) VALUES (:user_name, :name, :note, :password) """, {'user_name': user_name, 'name': name, 'note': note, 'password': password})
def checkKeyPair(self, keypair_name, public_key_file): fp = open(public_key_file) material = fp.read() fp.close() for region in boto.ec2.regions(): ec2 = region.connect() try: key = ec2.get_all_key_pairs(keynames=[keypair_name])[0] print 'Keypair(%s) already exists in %s' % \ (keypair_name, region.name) except ec2.ResponseError, e: if e.code == 'InvalidKeyPair.NotFound': print 'Importing keypair(%s) to %s' % \ (keypair_name, region.name) ec2.import_key_pair(keypair_name, material)
def main(key, secret, ssh_key_name, ssh_key_dir, config_path): ssh_key_dir = os.path.abspath(ssh_key_dir) cer = ssh_key_name + ".cer" pem = ssh_key_name + ".pem" cer_path = os.path.join(ssh_key_dir, cer) pem_path = os.path.join(ssh_key_dir, pem) config = { "access_key_id": key, "secret_access_key": secret, "certificate_path": pem_path, } generate_client_cert(pem_path) generate_server_cert(pem_path, cer_path) all_regions = boto.ec2.regions( aws_access_key_id=key, aws_secret_access_key=secret) with open(cer_path, 'rb') as f: cert_data = f.read() for region in all_regions: print "---" print "Importing to:", region.name print "---" try: ec2 = boto.ec2.connect_to_region( region.name, aws_access_key_id=key, aws_secret_access_key=secret) ec2.import_key_pair( ssh_key_name, cert_data) except Exception as e: sys.stderr.write( "Unable to import {} to {}: {}\n".format( ssh_key_name, region.name, e)) with open(config_path, 'w') as f: json.dump(config, f, indent=2)
if key_material: # EC2's fingerprints are non-trivial to generate, so push this key # to a temporary name and make ec2 calculate the fingerprint for us. # # http://blog.jbrowne.com/?p=23 # https://forums.aws.amazon.com/thread.jspa?messageID=352828 # find an unused name test = 'empty' while test: randomchars = [random.choice(string.ascii_letters + string.digits) for x in range(0,10)] tmpkeyname = "ansible-" + ''.join(randomchars) test = ec2.get_key_pair(tmpkeyname) # create tmp key tmpkey = ec2.import_key_pair(tmpkeyname, key_material) # get tmp key fingerprint tmpfingerprint = tmpkey.fingerprint # delete tmp key tmpkey.delete() if key.fingerprint != tmpfingerprint: if not module.check_mode: key.delete() key = ec2.import_key_pair(name, key_material) if wait: start = time.time() action_complete = False while (time.time() - start) < wait_timeout: if ec2.get_key_pair(name):
def main(): argument_spec = ec2_argument_spec() argument_spec.update( dict( name=dict(required=True), key_material=dict(required=False), force=dict(required=False, type='bool', default=True), state=dict(default='present', choices=['present', 'absent']), wait=dict(type='bool', default=False), wait_timeout=dict(default=300), )) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, ) if not HAS_BOTO: module.fail_json(msg='boto required for this module') name = module.params['name'] state = module.params.get('state') key_material = module.params.get('key_material') force = module.params.get('force') wait = module.params.get('wait') wait_timeout = int(module.params.get('wait_timeout')) changed = False ec2 = ec2_connect(module) # find the key if present key = ec2.get_key_pair(name) # Ensure requested key is absent if state == 'absent': if key: '''found a match, delete it''' if not module.check_mode: try: key.delete() if wait: start = time.time() action_complete = False while (time.time() - start) < wait_timeout: if not ec2.get_key_pair(name): action_complete = True break time.sleep(1) if not action_complete: module.fail_json( msg= "timed out while waiting for the key to be removed" ) except Exception as e: module.fail_json( msg="Unable to delete key pair '%s' - %s" % (key, e)) key = None changed = True # Ensure requested key is present elif state == 'present': if key: # existing key found if key_material and force: # EC2's fingerprints are non-trivial to generate, so push this key # to a temporary name and make ec2 calculate the fingerprint for us. # # http://blog.jbrowne.com/?p=23 # https://forums.aws.amazon.com/thread.jspa?messageID=352828 # find an unused name test = 'empty' while test: randomchars = [ random.choice(string.ascii_letters + string.digits) for x in range(0, 10) ] tmpkeyname = "ansible-" + ''.join(randomchars) test = ec2.get_key_pair(tmpkeyname) # create tmp key tmpkey = ec2.import_key_pair(tmpkeyname, key_material) # get tmp key fingerprint tmpfingerprint = tmpkey.fingerprint # delete tmp key tmpkey.delete() if key.fingerprint != tmpfingerprint: if not module.check_mode: key.delete() key = ec2.import_key_pair(name, key_material) if wait: start = time.time() action_complete = False while (time.time() - start) < wait_timeout: if ec2.get_key_pair(name): action_complete = True break time.sleep(1) if not action_complete: module.fail_json( msg= "timed out while waiting for the key to be re-created" ) changed = True pass # if the key doesn't exist, create it now else: '''no match found, create it''' if not module.check_mode: if key_material: '''We are providing the key, need to import''' key = ec2.import_key_pair(name, key_material) else: ''' No material provided, let AWS handle the key creation and retrieve the private key ''' key = ec2.create_key_pair(name) if wait: start = time.time() action_complete = False while (time.time() - start) < wait_timeout: if ec2.get_key_pair(name): action_complete = True break time.sleep(1) if not action_complete: module.fail_json( msg= "timed out while waiting for the key to be created" ) changed = True if key: data = {'name': key.name, 'fingerprint': key.fingerprint} if key.material: data.update({'private_key': key.material}) module.exit_json(changed=changed, key=data) else: module.exit_json(changed=changed, key=None)
parser.add_argument("public_key", help="The key pair's public key file (e.g. ~/.ssh/my-key.pub)") parser.add_argument("-r", "--region", help="A region substring selector (e.g. 'us-west')") parser.add_argument("--access_key_id", dest='aws_access_key_id', help="Your AWS Access Key ID") parser.add_argument("--secret_access_key", dest='aws_secret_access_key', help="Your AWS Secret Access Key") args = parser.parse_args() credentials = {'aws_access_key_id': args.aws_access_key_id, 'aws_secret_access_key': args.aws_secret_access_key} def isSelected(region): return True if region.name.find(args.region) != -1 else False # execute business logic heading = "Importing key pair named '" + args.key_name + "'" regions = boto.ec2.regions() if args.region: heading += " (filtered by region '" + args.region + "')" regions = filter(isSelected, regions) public_key_file = open(args.public_key, 'r') public_key_body = public_key_file.read() print heading + ":" for region in regions: pprint(region.name, indent=2) try: ec2 = boto.connect_ec2(region=region, **credentials) print 'Importing key pair ' + args.key_name ec2.import_key_pair(args.key_name, public_key_body) except boto.exception.BotoServerError, e: print e.error_message
parser = argparse.ArgumentParser( description='Imports a key pair in all/some available EC2 regions', parents=[bc.build_region_parser(), bc.build_common_parser()]) parser.add_argument("key_name", help="A key pair name") parser.add_argument( "public_key", help="The key pair's public key file (e.g. ~/.ssh/my-key.pub)") args = parser.parse_args() # process common command line arguments log = logging.getLogger('botocross') bc.configure_logging(log, args.log_level) credentials = bc.parse_credentials(args) regions = bc.filter_regions(boto.ec2.regions(), args.region) # execute business logic log.info("Importing key pair named '" + args.key_name + "':") public_key_file = open(args.public_key, 'r') public_key_body = public_key_file.read() for region in regions: pprint(region.name, indent=2) try: ec2 = boto.connect_ec2(region=region, **credentials) print 'Importing key pair ' + args.key_name ec2.import_key_pair(args.key_name, public_key_body) except boto.exception.BotoServerError, e: log.error(e.error_message)
print args.keypair_name print args.public_key_file """ Synchronize SSH keypairs across all EC2 regions. keypair_name The name of the keypair. public_key_file The path to the file containing the public key portion of the keypair. """ fp = open(args.public_key_file) material = fp.read() fp.close() for region in boto.ec2.regions(): print 'Importing key to %s region' %region.name ec2 = region.connect() # Try to list the keypair. If it doesn't exist # in this region, then import it. try: key = ec2.get_all_key_pairs(keynames=[args.keypair_name])[0] print 'Keypair(%s) already exists in %s' % (args.keypair_name, region.name) except ec2.ResponseError, e: if e.code == 'InvalidKeyPair.NotFound': print 'Importing keypair(%s) to %s' % (args.keypair_name, region.name) ec2.import_key_pair(args.keypair_name, material)
def keyfile_import(keyname, new_region): file = open(os.path.expanduser('~')+'/.ssh/test').readline() for conn_region in new_region: print "Importing '%s' to '%s'" % (keyname, conn_region) ec2 = boto.ec2.connect_to_region(conn_region) ec2.import_key_pair(keyname, file)