def __generate_keypair( self, ec2_keypair_name, private_key_path ):
"""
Generate a keypair in EC2 using the given name and write the private key to the file at
the given path. Return the private and public key contents as a tuple.
"""
ec2_keypair = self.ctx.ec2.create_key_pair( ec2_keypair_name )
if not ec2_keypair.material:
raise AssertionError( "Created key pair but didn't get back private key" )
ssh_privkey = ec2_keypair.material
put( local_path=StringIO( ssh_privkey ), remote_path=private_key_path )
assert ec2_keypair.fingerprint == ec2_keypair_fingerprint( ssh_privkey )
run( 'chmod go= %s' % private_key_path )
ssh_pubkey = private_to_public_key( ssh_privkey )
self.ctx.upload_ssh_pubkey( ssh_pubkey, ec2_keypair.fingerprint )
return ssh_privkey, ssh_pubkey
def __verify_generated_keypair( self, ec2_keypair, private_key_path ):
"""
Verify that the given EC2 keypair matches the private key at the given path. Return the
private and public key contents as a tuple.
"""
ssh_privkey = StringIO( )
get( remote_path=private_key_path, local_path=ssh_privkey )
ssh_privkey = ssh_privkey.getvalue( )
fingerprint = ec2_keypair_fingerprint( ssh_privkey )
if ec2_keypair.fingerprint != fingerprint:
raise UserError(
"The fingerprint {ec2_keypair.fingerprint} of key pair {ec2_keypair.name} doesn't "
"match the fingerprint {fingerprint} of the private key file currently present on "
"the instance. Please delete the key pair from EC2 before retrying. "
.format( **locals( ) ) )
ssh_pubkey = self.ctx.download_ssh_pubkey( ec2_keypair )
if ssh_pubkey != private_to_public_key( ssh_privkey ):
raise RuntimeError( "The private key on the data volume doesn't match the "
"public key in EC2." )
return ssh_privkey, ssh_pubkey
