def PreliminarilyVerifyInstance(self, instance_id, remote, identity_file,
options):
"""Verify the instance's identity by connecting and running a command.
Args:
instance_id: str, id of the compute instance.
remote: ssh.Remote, remote to connect to.
identity_file: str, optional key file.
options: dict, optional ssh options.
Raises:
ssh.CommandError: The ssh command failed.
core_exceptions.NetworkIssueError: The instance id does not match.
"""
metadata_id_url = (
'http://metadata.google.internal/computeMetadata/v1/instance/id')
# Exit codes 255 and 1 are taken by OpenSSH and PuTTY.
# 23 chosen by fair dice roll.
remote_command = [
'[ `curl "{}" -H "Metadata-Flavor: Google" -q` = {} ] || exit 23'.
format(metadata_id_url, instance_id)
]
cmd = ssh.SSHCommand(remote,
identity_file=identity_file,
options=options,
remote_command=remote_command)
return_code = cmd.Run(self.env, force_connect=True) # pytype: disable=attribute-error
if return_code == 0:
return
elif return_code == 23:
raise core_exceptions.NetworkIssueError(
'Established connection with host {} but was unable to '
'confirm ID of the instance.'.format(remote.host))
raise ssh.CommandError(cmd, return_code=return_code)
def _PreliminarylyVerifyInstance(self, args, instance, project, user,
ip_address):
ssh_args = ssh_utils.GetSshArgsForPreliminaryVerification(
args, user, instance, ip_address, self.env, self.keys)
ssh_return_code = self.ActuallyRun(
args,
ssh_args,
user,
instance,
project,
ip_address,
strict_error_checking=False,
use_account_service=self._use_accounts_service)
if ssh_return_code == 0:
return
if ssh_return_code == 255:
raise core_exceptions.NetworkIssueError(
'Unable to connect to private IP {0}.'.format(ip_address))
if ssh_return_code == 1:
raise core_exceptions.NetworkIssueError(
'Established connection with private IP {0} but was unable to '
'confirm ID of the instance.'.format(ip_address))
raise exceptions.FailedSubCommand(' '.join(ssh_args), ssh_return_code)
def PreliminarilyVerifyInstance(self, instance_id, remote, identity_file,
options):
"""Verify the instance's identity by connecting and running a command.
Args:
instance_id: str, id of the compute instance.
remote: ssh.Remote, remote to connect to.
identity_file: str, optional key file.
options: dict, optional ssh options.
Raises:
ssh.CommandError: The ssh command failed.
core_exceptions.NetworkIssueError: The instance id does not match.
"""
if not properties.VALUES.ssh.verify_internal_ip.GetBool():
log.warning(
'Skipping internal IP verification connection and connecting to [{}] '
'in the current subnet. This may be the wrong host if the instance '
'is in a different subnet!'.format(remote.host))
return
metadata_id_url = (
'http://metadata.google.internal/computeMetadata/v1/instance/id')
# Exit codes 255 and 1 are taken by OpenSSH and PuTTY.
# 23 chosen by fair dice roll.
remote_command = [
'[ `curl "{}" -H "Metadata-Flavor: Google" -q` = {} ] || exit 23'
.format(metadata_id_url, instance_id)]
cmd = ssh.SSHCommand(remote, identity_file=identity_file,
options=options, remote_command=remote_command)
return_code = cmd.Run(
self.env,
force_connect=properties.VALUES.ssh.putty_force_connect.GetBool())
if return_code == 0:
return
elif return_code == 23:
raise core_exceptions.NetworkIssueError(
'Established connection with host {} but was unable to '
'confirm ID of the instance.'.format(remote.host))
raise ssh.CommandError(cmd, return_code=return_code)
