2015-06-13 17:42:38 -04:00
|
|
|
package communicator
|
|
|
|
|
|
|
|
import (
|
2018-01-22 18:32:33 -05:00
|
|
|
"context"
|
2015-06-13 17:42:38 -04:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
"log"
|
2015-06-17 16:10:42 -04:00
|
|
|
"net"
|
2017-05-28 08:05:03 -04:00
|
|
|
"os"
|
2015-06-13 17:42:38 -04:00
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
|
2017-04-04 16:39:01 -04:00
|
|
|
"github.com/hashicorp/packer/communicator/ssh"
|
2018-01-19 19:18:44 -05:00
|
|
|
"github.com/hashicorp/packer/helper/multistep"
|
2018-08-27 10:13:15 -04:00
|
|
|
helperssh "github.com/hashicorp/packer/helper/ssh"
|
2017-04-04 16:39:01 -04:00
|
|
|
"github.com/hashicorp/packer/packer"
|
2018-10-31 18:26:18 -04:00
|
|
|
"github.com/mitchellh/go-homedir"
|
2015-06-13 17:42:38 -04:00
|
|
|
gossh "golang.org/x/crypto/ssh"
|
2017-05-28 08:05:03 -04:00
|
|
|
"golang.org/x/crypto/ssh/agent"
|
2017-10-10 10:04:15 -04:00
|
|
|
"golang.org/x/net/proxy"
|
2015-06-13 17:42:38 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
// StepConnectSSH is a step that only connects to SSH.
|
|
|
|
//
|
|
|
|
// In general, you should use StepConnect.
|
|
|
|
type StepConnectSSH struct {
|
|
|
|
// All the fields below are documented on StepConnect
|
2015-06-13 19:23:33 -04:00
|
|
|
Config *Config
|
|
|
|
Host func(multistep.StateBag) (string, error)
|
|
|
|
SSHConfig func(multistep.StateBag) (*gossh.ClientConfig, error)
|
|
|
|
SSHPort func(multistep.StateBag) (int, error)
|
2015-06-13 17:42:38 -04:00
|
|
|
}
|
|
|
|
|
2018-01-22 18:31:41 -05:00
|
|
|
func (s *StepConnectSSH) Run(_ context.Context, state multistep.StateBag) multistep.StepAction {
|
2015-06-13 17:42:38 -04:00
|
|
|
ui := state.Get("ui").(packer.Ui)
|
|
|
|
|
|
|
|
var comm packer.Communicator
|
|
|
|
var err error
|
|
|
|
|
|
|
|
cancel := make(chan struct{})
|
|
|
|
waitDone := make(chan bool, 1)
|
|
|
|
go func() {
|
|
|
|
ui.Say("Waiting for SSH to become available...")
|
|
|
|
comm, err = s.waitForSSH(state, cancel)
|
|
|
|
waitDone <- true
|
|
|
|
}()
|
|
|
|
|
|
|
|
log.Printf("[INFO] Waiting for SSH, up to timeout: %s", s.Config.SSHTimeout)
|
|
|
|
timeout := time.After(s.Config.SSHTimeout)
|
|
|
|
WaitLoop:
|
|
|
|
for {
|
|
|
|
// Wait for either SSH to become available, a timeout to occur,
|
|
|
|
// or an interrupt to come through.
|
|
|
|
select {
|
|
|
|
case <-waitDone:
|
|
|
|
if err != nil {
|
|
|
|
ui.Error(fmt.Sprintf("Error waiting for SSH: %s", err))
|
|
|
|
state.Put("error", err)
|
|
|
|
return multistep.ActionHalt
|
|
|
|
}
|
|
|
|
|
|
|
|
ui.Say("Connected to SSH!")
|
|
|
|
state.Put("communicator", comm)
|
|
|
|
break WaitLoop
|
|
|
|
case <-timeout:
|
|
|
|
err := fmt.Errorf("Timeout waiting for SSH.")
|
|
|
|
state.Put("error", err)
|
|
|
|
ui.Error(err.Error())
|
|
|
|
close(cancel)
|
|
|
|
return multistep.ActionHalt
|
|
|
|
case <-time.After(1 * time.Second):
|
|
|
|
if _, ok := state.GetOk(multistep.StateCancelled); ok {
|
|
|
|
// The step sequence was cancelled, so cancel waiting for SSH
|
|
|
|
// and just start the halting process.
|
|
|
|
close(cancel)
|
|
|
|
log.Println("[WARN] Interrupt detected, quitting waiting for SSH.")
|
|
|
|
return multistep.ActionHalt
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return multistep.ActionContinue
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *StepConnectSSH) Cleanup(multistep.StateBag) {
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *StepConnectSSH) waitForSSH(state multistep.StateBag, cancel <-chan struct{}) (packer.Communicator, error) {
|
2015-06-17 16:10:42 -04:00
|
|
|
// Determine if we're using a bastion host, and if so, retrieve
|
|
|
|
// that configuration. This configuration doesn't change so we
|
|
|
|
// do this one before entering the retry loop.
|
|
|
|
var bProto, bAddr string
|
|
|
|
var bConf *gossh.ClientConfig
|
2017-10-10 10:04:15 -04:00
|
|
|
var pAddr string
|
|
|
|
var pAuth *proxy.Auth
|
2015-06-17 16:10:42 -04:00
|
|
|
if s.Config.SSHBastionHost != "" {
|
|
|
|
// The protocol is hardcoded for now, but may be configurable one day
|
|
|
|
bProto = "tcp"
|
|
|
|
bAddr = fmt.Sprintf(
|
|
|
|
"%s:%d", s.Config.SSHBastionHost, s.Config.SSHBastionPort)
|
|
|
|
|
|
|
|
conf, err := sshBastionConfig(s.Config)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("Error configuring bastion: %s", err)
|
|
|
|
}
|
|
|
|
bConf = conf
|
|
|
|
}
|
|
|
|
|
2017-10-10 10:04:15 -04:00
|
|
|
if s.Config.SSHProxyHost != "" {
|
|
|
|
pAddr = fmt.Sprintf("%s:%d", s.Config.SSHProxyHost, s.Config.SSHProxyPort)
|
|
|
|
if s.Config.SSHProxyUsername != "" {
|
|
|
|
pAuth = new(proxy.Auth)
|
|
|
|
pAuth.User = s.Config.SSHBastionUsername
|
|
|
|
pAuth.Password = s.Config.SSHBastionPassword
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2015-06-13 17:42:38 -04:00
|
|
|
handshakeAttempts := 0
|
|
|
|
|
|
|
|
var comm packer.Communicator
|
|
|
|
first := true
|
|
|
|
for {
|
|
|
|
// Don't check for cancel or wait on first iteration
|
|
|
|
if !first {
|
|
|
|
select {
|
|
|
|
case <-cancel:
|
|
|
|
log.Println("[DEBUG] SSH wait cancelled. Exiting loop.")
|
|
|
|
return nil, errors.New("SSH wait cancelled")
|
|
|
|
case <-time.After(5 * time.Second):
|
|
|
|
}
|
|
|
|
}
|
|
|
|
first = false
|
|
|
|
|
|
|
|
// First we request the TCP connection information
|
2015-06-13 19:23:33 -04:00
|
|
|
host, err := s.Host(state)
|
2015-06-13 17:42:38 -04:00
|
|
|
if err != nil {
|
|
|
|
log.Printf("[DEBUG] Error getting SSH address: %s", err)
|
|
|
|
continue
|
|
|
|
}
|
2015-06-13 19:23:33 -04:00
|
|
|
port := s.Config.SSHPort
|
|
|
|
if s.SSHPort != nil {
|
|
|
|
port, err = s.SSHPort(state)
|
|
|
|
if err != nil {
|
|
|
|
log.Printf("[DEBUG] Error getting SSH port: %s", err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
2015-06-13 17:42:38 -04:00
|
|
|
|
|
|
|
// Retrieve the SSH configuration
|
|
|
|
sshConfig, err := s.SSHConfig(state)
|
|
|
|
if err != nil {
|
|
|
|
log.Printf("[DEBUG] Error getting SSH config: %s", err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2015-06-17 16:10:42 -04:00
|
|
|
// Attempt to connect to SSH port
|
|
|
|
var connFunc func() (net.Conn, error)
|
2015-06-13 19:23:33 -04:00
|
|
|
address := fmt.Sprintf("%s:%d", host, port)
|
2015-06-17 16:10:42 -04:00
|
|
|
if bAddr != "" {
|
|
|
|
// We're using a bastion host, so use the bastion connfunc
|
|
|
|
connFunc = ssh.BastionConnectFunc(
|
|
|
|
bProto, bAddr, bConf, "tcp", address)
|
2017-10-10 10:04:15 -04:00
|
|
|
} else if pAddr != "" {
|
|
|
|
// Connect via SOCKS5 proxy
|
|
|
|
connFunc = ssh.ProxyConnectFunc(pAddr, pAuth, "tcp", address)
|
2015-06-17 16:10:42 -04:00
|
|
|
} else {
|
|
|
|
// No bastion host, connect directly
|
|
|
|
connFunc = ssh.ConnectFunc("tcp", address)
|
|
|
|
}
|
2015-06-13 19:23:33 -04:00
|
|
|
|
2015-06-13 17:42:38 -04:00
|
|
|
nc, err := connFunc()
|
|
|
|
if err != nil {
|
|
|
|
log.Printf("[DEBUG] TCP connection to SSH ip/port failed: %s", err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
nc.Close()
|
|
|
|
|
|
|
|
// Then we attempt to connect via SSH
|
|
|
|
config := &ssh.Config{
|
2018-08-24 18:56:44 -04:00
|
|
|
Connection: connFunc,
|
|
|
|
SSHConfig: sshConfig,
|
|
|
|
Pty: s.Config.SSHPty,
|
2017-06-19 10:21:33 -04:00
|
|
|
DisableAgentForwarding: s.Config.SSHDisableAgentForwarding,
|
|
|
|
UseSftp: s.Config.SSHFileTransferMethod == "sftp",
|
2018-01-31 01:00:37 -05:00
|
|
|
KeepAliveInterval: s.Config.SSHKeepAliveInterval,
|
2018-01-31 02:09:12 -05:00
|
|
|
Timeout: s.Config.SSHReadWriteTimeout,
|
2015-06-13 17:42:38 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
log.Println("[INFO] Attempting SSH connection...")
|
|
|
|
comm, err = ssh.New(address, config)
|
|
|
|
if err != nil {
|
|
|
|
log.Printf("[DEBUG] SSH handshake err: %s", err)
|
|
|
|
|
|
|
|
// Only count this as an attempt if we were able to attempt
|
|
|
|
// to authenticate. Note this is very brittle since it depends
|
|
|
|
// on the string of the error... but I don't see any other way.
|
|
|
|
if strings.Contains(err.Error(), "authenticate") {
|
|
|
|
log.Printf(
|
|
|
|
"[DEBUG] Detected authentication error. Increasing handshake attempts.")
|
|
|
|
handshakeAttempts += 1
|
|
|
|
}
|
|
|
|
|
2015-06-13 19:39:42 -04:00
|
|
|
if handshakeAttempts < s.Config.SSHHandshakeAttempts {
|
|
|
|
// Try to connect via SSH a handful of times. We sleep here
|
|
|
|
// so we don't get a ton of authentication errors back to back.
|
|
|
|
time.Sleep(2 * time.Second)
|
2015-06-13 17:42:38 -04:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
return comm, nil
|
|
|
|
}
|
2015-06-17 16:10:42 -04:00
|
|
|
|
|
|
|
func sshBastionConfig(config *Config) (*gossh.ClientConfig, error) {
|
2017-02-27 14:30:08 -05:00
|
|
|
auth := make([]gossh.AuthMethod, 0, 2)
|
2015-06-17 16:10:42 -04:00
|
|
|
if config.SSHBastionPassword != "" {
|
|
|
|
auth = append(auth,
|
|
|
|
gossh.Password(config.SSHBastionPassword),
|
|
|
|
gossh.KeyboardInteractive(
|
|
|
|
ssh.PasswordKeyboardInteractive(config.SSHBastionPassword)))
|
|
|
|
}
|
|
|
|
|
2018-08-27 10:33:30 -04:00
|
|
|
if config.SSHBastionPrivateKeyFile != "" {
|
2018-10-31 18:26:18 -04:00
|
|
|
path, err := homedir.Expand(config.SSHBastionPrivateKeyFile)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf(
|
|
|
|
"Error expanding path for SSH bastion private key: %s", err)
|
|
|
|
}
|
|
|
|
signer, err := helperssh.FileSigner(path)
|
2015-06-17 16:10:42 -04:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
auth = append(auth, gossh.PublicKeys(signer))
|
|
|
|
}
|
|
|
|
|
2017-05-28 08:05:03 -04:00
|
|
|
if config.SSHBastionAgentAuth {
|
|
|
|
authSock := os.Getenv("SSH_AUTH_SOCK")
|
|
|
|
if authSock == "" {
|
|
|
|
return nil, fmt.Errorf("SSH_AUTH_SOCK is not set")
|
|
|
|
}
|
|
|
|
|
|
|
|
sshAgent, err := net.Dial("unix", authSock)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("Cannot connect to SSH Agent socket %q: %s", authSock, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
auth = append(auth, gossh.PublicKeysCallback(agent.NewClient(sshAgent).Signers))
|
|
|
|
}
|
|
|
|
|
2015-06-17 16:10:42 -04:00
|
|
|
return &gossh.ClientConfig{
|
2017-05-28 14:35:01 -04:00
|
|
|
User: config.SSHBastionUsername,
|
|
|
|
Auth: auth,
|
|
|
|
HostKeyCallback: gossh.InsecureIgnoreHostKey(),
|
2015-06-17 16:10:42 -04:00
|
|
|
}, nil
|
|
|
|
}
|