def main(): argument_spec = ec2_argument_spec() argument_spec.update(dict( instance_id = dict(required=True), key_file = dict(required=True), key_passphrase = dict(no_log=True, default=None, required=False), wait = dict(type='bool', default=False, required=False), wait_timeout = dict(default=120, required=False), ) ) module = AnsibleModule(argument_spec=argument_spec) if not HAS_BOTO: module.fail_json(msg='Boto required for this module.') instance_id = module.params.get('instance_id') key_file = expanduser(module.params.get('key_file')) key_passphrase = module.params.get('key_passphrase') wait = module.params.get('wait') wait_timeout = int(module.params.get('wait_timeout')) ec2 = ec2_connect(module) if wait: start = datetime.datetime.now() end = start + datetime.timedelta(seconds=wait_timeout) while datetime.datetime.now() < end: data = ec2.get_password_data(instance_id) decoded = b64decode(data) if wait and not decoded: time.sleep(5) else: break else: data = ec2.get_password_data(instance_id) decoded = b64decode(data) if wait and datetime.datetime.now() >= end: module.fail_json(msg = "wait for password timeout after %d seconds" % wait_timeout) f = open(key_file, 'r') key = RSA.importKey(f.read(), key_passphrase) cipher = PKCS1_v1_5.new(key) sentinel = 'password decryption failed!!!' try: decrypted = cipher.decrypt(decoded, sentinel) except ValueError as e: decrypted = None if decrypted == None: module.exit_json(win_password='', changed=False) else: if wait: elapsed = datetime.datetime.now() - start module.exit_json(win_password=decrypted, changed=True, elapsed=elapsed.seconds) else: module.exit_json(win_password=decrypted, changed=True)
def main(): argument_spec = ec2_argument_spec() argument_spec.update(dict( instance_id = dict(required=True), key_file = dict(required=True), ) ) module = AnsibleModule(argument_spec=argument_spec) if not HAS_BOTO: module.fail_json(msg='Boto required for this module.') instance_id = module.params.get('instance_id') key_file = expanduser(module.params.get('key_file')) ec2 = ec2_connect(module) data = ec2.get_password_data(instance_id) decoded = b64decode(data) f = open(key_file, 'r') key = RSA.importKey(f.read()) cipher = PKCS1_v1_5.new(key) sentinel = 'password decryption failed!!!' try: decrypted = cipher.decrypt(decoded, sentinel) except ValueError as e: decrypted = None if decrypted == None: module.exit_json(win_password='', changed=False) else: module.exit_json(win_password=decrypted, changed=True)
def getWindowsPassword(ec2, instance, keyfile): plaintext = None password_data = None try: input = open(keyfile) key = RSA.importKey(input.read()) input.close() # is this really the best way? while not password_data: print "getting password for instance: ", instance password_data = ec2.get_password_data(instance) time.sleep(10) cipher = PKCS1_v1_5.new(key) plaintext = cipher.decrypt(password_data.decode('base64'), None) except IOError, e: print "IOError: ", e[0], e[1], keyfile
def getWindowsPassword(ec2, instance, keyfile): plaintext = None password_data = None try: input = open(keyfile) key = RSA.importKey(input.read()) input.close() # is this really the best way? while not password_data: print "getting password for instance: ", instance password_data = ec2.get_password_data(instance) print "intermed data", password_data time.sleep(10) cipher = PKCS1_v1_5.new(key) plaintext = cipher.decrypt(password_data.decode('base64'), None) except IOError, e: print "IOError: ", e[0], e[1], keyfile
def attach_volume(module, ec2, volume, instance): device_name = module.params.get('device_name') delete_on_termination = module.params.get('delete_on_termination') changed = False # If device_name isn't set, make a choice based on best practices here: # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html # In future this needs to be more dynamic but combining block device mapping best practices # (bounds for devices, as above) with instance.block_device_mapping data would be tricky. For me ;) # Use password data attribute to tell whether the instance is Windows or Linux if device_name is None: try: if not ec2.get_password_data(instance.id): device_name = '/dev/sdf' else: device_name = '/dev/xvdf' except boto.exception.BotoServerError as e: module.fail_json(msg="%s: %s" % (e.error_code, e.error_message)) if volume.attachment_state() is not None: adata = volume.attach_data if adata.instance_id != instance.id: module.fail_json( msg="Volume %s is already attached to another instance: %s" % (volume.id, adata.instance_id)) else: # Volume is already attached to right instance changed = modify_dot_attribute(module, ec2, instance, device_name) else: try: volume.attach(instance.id, device_name) while volume.attachment_state() != 'attached': time.sleep(3) volume.update() changed = True except boto.exception.BotoServerError as e: module.fail_json(msg="%s: %s" % (e.error_code, e.error_message)) modify_dot_attribute(module, ec2, instance, device_name) return volume, changed
def attach_volume(module, ec2, volume, instance): device_name = module.params.get('device_name') delete_on_termination = module.params.get('delete_on_termination') changed = False # If device_name isn't set, make a choice based on best practices here: # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html # In future this needs to be more dynamic but combining block device mapping best practices # (bounds for devices, as above) with instance.block_device_mapping data would be tricky. For me ;) # Use password data attribute to tell whether the instance is Windows or Linux if device_name is None: try: if not ec2.get_password_data(instance.id): device_name = '/dev/sdf' else: device_name = '/dev/xvdf' except boto.exception.BotoServerError as e: module.fail_json(msg = "%s: %s" % (e.error_code, e.error_message)) if volume.attachment_state() is not None: adata = volume.attach_data if adata.instance_id != instance.id: module.fail_json(msg = "Volume %s is already attached to another instance: %s" % (volume.id, adata.instance_id)) else: # Volume is already attached to right instance changed = modify_dot_attribute(module, ec2, instance, device_name) else: try: volume.attach(instance.id, device_name) while volume.attachment_state() != 'attached': time.sleep(3) volume.update() changed = True except boto.exception.BotoServerError as e: module.fail_json(msg = "%s: %s" % (e.error_code, e.error_message)) modify_dot_attribute(module, ec2, instance, device_name) return volume, changed
def attach_volume(module, ec2, volume, instance): device_name = module.params.get("device_name") changed = False # If device_name isn't set, make a choice based on best practices here: # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html # In future this needs to be more dynamic but combining block device mapping best practices # (bounds for devices, as above) with instance.block_device_mapping data would be tricky. For me ;) # Use password data attribute to tell whether the instance is Windows or Linux if device_name is None: try: if not ec2.get_password_data(instance.id): device_name = "/dev/sdf" else: device_name = "/dev/xvdf" except boto.exception.BotoServerError, e: module.fail_json(msg="%s: %s" % (e.error_code, e.error_message))
def attach_volume(module, ec2, volume, instance): device_name = module.params.get('device_name') changed = False # If device_name isn't set, make a choice based on best practices here: # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html # In future this needs to be more dynamic but combining block device mapping best practices # (bounds for devices, as above) with instance.block_device_mapping data would be tricky. For me ;) # Use password data attribute to tell whether the instance is Windows or Linux if device_name is None: try: if not ec2.get_password_data(instance.id): device_name = '/dev/sdf' else: device_name = '/dev/xvdf' except boto.exception.BotoServerError, e: module.fail_json(msg="%s: %s" % (e.error_code, e.error_message))
while volume.attachment_state() != 'attached': time.sleep(3) volume.update() except boto.exception.BotoServerError, e: module.fail_json(msg = "%s: %s" % (e.error_code, e.error_message)) # If device_name isn't set, make a choice based on best practices here: # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html # In future this needs to be more dynamic but combining block device mapping best practices # (bounds for devices, as above) with instance.block_device_mapping data would be tricky. For me ;) # Use password data attribute to tell whether the instance is Windows or Linux if device_name is None and instance: try: if not ec2.get_password_data(instance.id): device_name = '/dev/sdf' attach = volume.attach(instance.id, device_name) while volume.attachment_state() != 'attached': time.sleep(3) volume.update() else: device_name = '/dev/xvdf' attach = volume.attach(instance.id, device_name) while volume.attachment_state() != 'attached': time.sleep(3) volume.update() except boto.exception.BotoServerError, e: module.fail_json(msg = "%s: %s" % (e.error_code, e.error_message)) def detach_volume(module, ec2):
while volume.attachment_state() != 'attached': time.sleep(3) volume.update() except boto.exception.BotoServerError, e: module.fail_json(msg="%s: %s" % (e.error_code, e.error_message)) # If device_name isn't set, make a choice based on best practices here: # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html # In future this needs to be more dynamic but combining block device mapping best practices # (bounds for devices, as above) with instance.block_device_mapping data would be tricky. For me ;) # Use password data attribute to tell whether the instance is Windows or Linux if device_name is None and instance: try: if not ec2.get_password_data(instance.id): device_name = '/dev/sdf' attach = volume.attach(instance.id, device_name) while volume.attachment_state() != 'attached': time.sleep(3) volume.update() else: device_name = '/dev/xvdf' attach = volume.attach(instance.id, device_name) while volume.attachment_state() != 'attached': time.sleep(3) volume.update() except boto.exception.BotoServerError, e: module.fail_json(msg="%s: %s" % (e.error_code, e.error_message))
def main(): argument_spec = ec2_argument_spec() argument_spec.update( dict( instance_id=dict(required=True), key_file=dict(required=False, type='path'), key_file_data=dict(required=False, type='str', no_log=True), key_passphrase=dict(no_log=True, default=None, required=False), wait=dict(type='bool', default=False, required=False), wait_timeout=dict(default=120, required=False), )) module = AnsibleModule(argument_spec=argument_spec, mutually_exclusive=[ ['key_file', 'key_file_data'], ], required_one_of=[['key_file', 'key_file_data']]) if not HAS_BOTO: module.fail_json(msg='Boto required for this module.') instance_id = module.params.get('instance_id') key_file = module.params.get('key_file') key_file_data = module.params.get('key_file_data') if module.params.get('key_passphrase') is None: b_key_passphrase = None else: b_key_passphrase = to_bytes(module.params.get('key_passphrase'), errors='surrogate_or_strict') wait = module.params.get('wait') wait_timeout = int(module.params.get('wait_timeout')) ec2 = ec2_connect(module) if wait: start = datetime.datetime.now() end = start + datetime.timedelta(seconds=wait_timeout) while datetime.datetime.now() < end: data = ec2.get_password_data(instance_id) decoded = b64decode(data) if wait and not decoded: time.sleep(5) else: break else: data = ec2.get_password_data(instance_id) decoded = b64decode(data) if wait and datetime.datetime.now() >= end: module.fail_json(msg="wait for password timeout after %d seconds" % wait_timeout) if key_file_data is None: try: f = open(key_file, 'rb') except IOError as e: module.fail_json(msg="I/O error (%d) opening key file: %s" % (e.errno, e.strerror)) else: try: with f: key = load_pem_private_key(f.read(), b_key_passphrase, BACKEND) except (ValueError, TypeError) as e: module.fail_json(msg="unable to parse key file") else: key = load_pem_private_key(key_file_data, b_key_passphrase, BACKEND) try: decrypted = key.decrypt(decoded, PKCS1v15()) except ValueError as e: decrypted = None if decrypted is None: module.exit_json(win_password='', changed=False) else: if wait: elapsed = datetime.datetime.now() - start module.exit_json(win_password=decrypted, changed=True, elapsed=elapsed.seconds) else: module.exit_json(win_password=decrypted, changed=True)
def main(): argument_spec = ec2_argument_spec() argument_spec.update( dict( instance_id=dict(required=True), key_file=dict(required=True), key_passphrase=dict(no_log=True, default=None, required=False), wait=dict(type='bool', default=False, required=False), wait_timeout=dict(default=120, required=False), )) module = AnsibleModule(argument_spec=argument_spec) if not HAS_BOTO: module.fail_json(msg='Boto required for this module.') instance_id = module.params.get('instance_id') key_file = expanduser(module.params.get('key_file')) key_passphrase = module.params.get('key_passphrase') wait = module.params.get('wait') wait_timeout = int(module.params.get('wait_timeout')) ec2 = ec2_connect(module) if wait: start = datetime.datetime.now() end = start + datetime.timedelta(seconds=wait_timeout) while datetime.datetime.now() < end: data = ec2.get_password_data(instance_id) decoded = b64decode(data) if wait and not decoded: time.sleep(5) else: break else: data = ec2.get_password_data(instance_id) decoded = b64decode(data) if wait and datetime.datetime.now() >= end: module.fail_json(msg="wait for password timeout after %d seconds" % wait_timeout) try: f = open(key_file, 'r') except IOError as e: module.fail_json(msg="I/O error (%d) opening key file: %s" % (e.errno, e.strerror)) else: try: with f: key = RSA.importKey(f.read(), key_passphrase) except (ValueError, IndexError, TypeError) as e: module.fail_json(msg="unable to parse key file") cipher = PKCS1_v1_5.new(key) sentinel = 'password decryption failed!!!' try: decrypted = cipher.decrypt(decoded, sentinel) except ValueError as e: decrypted = None if decrypted == None: module.exit_json(win_password='', changed=False) else: if wait: elapsed = datetime.datetime.now() - start module.exit_json(win_password=decrypted, changed=True, elapsed=elapsed.seconds) else: module.exit_json(win_password=decrypted, changed=True)
def main(): argument_spec = ec2_argument_spec() argument_spec.update(dict( instance_id = dict(required=True), key_file = dict(required=True, type='path'), key_passphrase = dict(no_log=True, default=None, required=False), wait = dict(type='bool', default=False, required=False), wait_timeout = dict(default=120, required=False), ) ) module = AnsibleModule(argument_spec=argument_spec) if not HAS_BOTO: module.fail_json(msg='Boto required for this module.') instance_id = module.params.get('instance_id') key_file = module.params.get('key_file') b_key_passphrase = to_bytes(module.params.get('key_passphrase'), errors='surrogate_or_strict') wait = module.params.get('wait') wait_timeout = int(module.params.get('wait_timeout')) ec2 = ec2_connect(module) if wait: start = datetime.datetime.now() end = start + datetime.timedelta(seconds=wait_timeout) while datetime.datetime.now() < end: data = ec2.get_password_data(instance_id) decoded = b64decode(data) if wait and not decoded: time.sleep(5) else: break else: data = ec2.get_password_data(instance_id) decoded = b64decode(data) if wait and datetime.datetime.now() >= end: module.fail_json(msg = "wait for password timeout after %d seconds" % wait_timeout) try: f = open(key_file, 'rb') except IOError as e: module.fail_json(msg = "I/O error (%d) opening key file: %s" % (e.errno, e.strerror)) else: try: with f: key = load_pem_private_key(f.read(), b_key_passphrase, BACKEND) except (ValueError, TypeError) as e: module.fail_json(msg = "unable to parse key file") try: decrypted = key.decrypt(decoded, PKCS1v15()) except ValueError as e: decrypted = None if decrypted is None: module.exit_json(win_password='', changed=False) else: if wait: elapsed = datetime.datetime.now() - start module.exit_json(win_password=decrypted, changed=True, elapsed=elapsed.seconds) else: module.exit_json(win_password=decrypted, changed=True)