help = "Domain to target")
args = parser.parse_args()
if args.aws_credentials is None:
parser.print_usage()
print("Error: AWS credentials not provided and AWS_CREDENTIALS is not defined")
sys.exit(1)
if args.ssh_key is None:
parser.print_usage()
print("Error: SSH key not provided and SSH_KEY is not defined")
sys.exit(1)
session = aws.create_session(args.aws_credentials)
bastion = aws.machine_lookup(session, 'bastion.' + args.domain)
iam = session.resource('iam')
client = session.client('iam')
domain = args.domain.replace('.', '-')
print("Opening ssh tunnel")
with vault_tunnel(args.ssh_key, bastion):
print("\tcomplete")
v = Vault('vault.' + args.domain)
#while True:
# try:
# v.revoke_secret_prefix('aws/creds/ingest-loadtest')
# except Exception as ex:
parser.add_argument("--local-port",
default=None,
type=int,
help="Local port to use when tunneling")
parser.add_argument("command",
choices=commands,
metavar="command",
help="Command to execute")
parser.add_argument("arguments",
nargs="*",
help="Arguments to pass to the command")
args = parser.parse_args()
bosslet_config = args.bosslet_config
bastion = aws.machine_lookup(bosslet_config.session,
bosslet_config.names.bastion.dns)
ssh_target = SSHTarget(bosslet_config.ssh_key, args.ip, args.port,
args.user)
bastions = [SSHTarget(bosslet_config.ssh_key, bastion, 22, 'ec2-user')]
if bosslet_config.outbound_bastion:
bastions.insert(0, bosslet_config.outbound_bastion)
ssh = SSHConnection(ssh_target, bastions, args.local_port)
if args.command in ("ssh", ):
ssh.shell()
elif args.command in ("scp", ):
ret = ssh.scp(*args.arguments)
sys.exit(ret)
elif args.command in ("ssh-cmd", ):
ret = ssh.cmd(*args.arguments)
print("Error: SSH key '{}' does not exist".format(args.ssh_key))
sys.exit(1)
session = aws.create_session(args.aws_credentials)
# This next step will make bastion work with 1.consul or 1.vault internal names.
boss_position = 1
try:
int(args.internal.split(".", 1)[0])
boss_position = 2
except ValueError:
pass
bastion_host = args.bastion if args.bastion else "bastion." + args.internal.split(
".", boss_position)[boss_position]
bastion = aws.machine_lookup(session, bastion_host)
if args.private_ip:
private = args.internal
else:
private = aws.machine_lookup(session, args.internal, public_ip=False)
ssh = SSHConnection(args.ssh_key, private, bastion)
if args.command in ("ssh", ):
ssh.shell()
elif args.command in ("scp", ):
ret = ssh.scp(*args.arguments)
sys.exit(ret)
elif args.command in ("ssh-cmd", ):
ret = ssh.cmd(*args.arguments)
sys.exit(ret)
parser.print_usage()
print("Error: AWS credentials not provided and AWS_CREDENTIALS is not defined")
sys.exit(1)
if args.ssh_key is None:
parser.print_usage()
print("Error: SSH key not provided and SSH_KEY is not defined")
sys.exit(1)
if not os.path.exists(args.ssh_key):
parser.print_usage()
print("Error: SSH key '{}' does not exist".format(args.ssh_key))
sys.exit(1)
session = aws.create_session(args.aws_credentials)
if args.private_ip:
ip = args.hostname
else:
ip = aws.machine_lookup(session, args.hostname)
# the bastion server (being an AWS AMI) has a differnt username
if args.user is None:
user = "******" if args.hostname.startswith("bastion") else "ubuntu"
else:
user = args.user
ssh = SSHConnection(args.ssh_key, (ip, 22, user))
if args.cmd:
ret = ssh.cmd(args.cmd)
else:
ret = ssh.shell()
sys.exit(ret)