2015-06-13 17:42:38 -04:00
|
|
|
package communicator
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
2015-06-13 18:05:10 -04:00
|
|
|
"fmt"
|
2018-08-22 11:03:25 -04:00
|
|
|
"io/ioutil"
|
|
|
|
"net"
|
2015-06-13 18:05:10 -04:00
|
|
|
"os"
|
2015-06-13 17:42:38 -04:00
|
|
|
"time"
|
|
|
|
|
2018-08-22 11:03:25 -04:00
|
|
|
packerssh "github.com/hashicorp/packer/communicator/ssh"
|
|
|
|
"github.com/hashicorp/packer/helper/multistep"
|
2018-08-27 10:13:15 -04:00
|
|
|
helperssh "github.com/hashicorp/packer/helper/ssh"
|
2018-12-02 19:56:33 -05:00
|
|
|
"github.com/hashicorp/packer/packer"
|
2017-04-04 16:39:01 -04:00
|
|
|
"github.com/hashicorp/packer/template/interpolate"
|
2017-01-18 16:11:48 -05:00
|
|
|
"github.com/masterzen/winrm"
|
2018-08-22 11:03:25 -04:00
|
|
|
"golang.org/x/crypto/ssh"
|
|
|
|
"golang.org/x/crypto/ssh/agent"
|
2015-06-13 17:42:38 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
// Config is the common configuration that communicators allow within
|
|
|
|
// a builder.
|
|
|
|
type Config struct {
|
2015-06-14 01:05:48 -04:00
|
|
|
Type string `mapstructure:"communicator"`
|
|
|
|
|
|
|
|
// SSH
|
2017-06-19 10:21:33 -04:00
|
|
|
SSHHost string `mapstructure:"ssh_host"`
|
|
|
|
SSHPort int `mapstructure:"ssh_port"`
|
|
|
|
SSHUsername string `mapstructure:"ssh_username"`
|
|
|
|
SSHPassword string `mapstructure:"ssh_password"`
|
2018-08-28 10:10:39 -04:00
|
|
|
SSHKeyPairName string `mapstructure:"ssh_keypair_name"`
|
2018-08-28 11:49:10 -04:00
|
|
|
SSHTemporaryKeyPairName string `mapstructure:"temporary_key_pair_name"`
|
2018-09-14 14:03:23 -04:00
|
|
|
SSHClearAuthorizedKeys bool `mapstructure:"ssh_clear_authorized_keys"`
|
2018-08-23 10:35:07 -04:00
|
|
|
SSHPrivateKeyFile string `mapstructure:"ssh_private_key_file"`
|
2018-08-29 08:28:09 -04:00
|
|
|
SSHInterface string `mapstructure:"ssh_interface"`
|
|
|
|
SSHIPVersion string `mapstructure:"ssh_ip_version"`
|
2017-06-19 10:21:33 -04:00
|
|
|
SSHPty bool `mapstructure:"ssh_pty"`
|
|
|
|
SSHTimeout time.Duration `mapstructure:"ssh_timeout"`
|
|
|
|
SSHAgentAuth bool `mapstructure:"ssh_agent_auth"`
|
|
|
|
SSHDisableAgentForwarding bool `mapstructure:"ssh_disable_agent_forwarding"`
|
|
|
|
SSHHandshakeAttempts int `mapstructure:"ssh_handshake_attempts"`
|
|
|
|
SSHBastionHost string `mapstructure:"ssh_bastion_host"`
|
|
|
|
SSHBastionPort int `mapstructure:"ssh_bastion_port"`
|
|
|
|
SSHBastionAgentAuth bool `mapstructure:"ssh_bastion_agent_auth"`
|
|
|
|
SSHBastionUsername string `mapstructure:"ssh_bastion_username"`
|
|
|
|
SSHBastionPassword string `mapstructure:"ssh_bastion_password"`
|
2018-08-27 10:33:30 -04:00
|
|
|
SSHBastionPrivateKeyFile string `mapstructure:"ssh_bastion_private_key_file"`
|
2017-06-19 10:21:33 -04:00
|
|
|
SSHFileTransferMethod string `mapstructure:"ssh_file_transfer_method"`
|
2017-10-10 10:04:15 -04:00
|
|
|
SSHProxyHost string `mapstructure:"ssh_proxy_host"`
|
|
|
|
SSHProxyPort int `mapstructure:"ssh_proxy_port"`
|
|
|
|
SSHProxyUsername string `mapstructure:"ssh_proxy_username"`
|
|
|
|
SSHProxyPassword string `mapstructure:"ssh_proxy_password"`
|
2018-01-31 01:00:37 -05:00
|
|
|
SSHKeepAliveInterval time.Duration `mapstructure:"ssh_keep_alive_interval"`
|
2018-01-31 02:09:12 -05:00
|
|
|
SSHReadWriteTimeout time.Duration `mapstructure:"ssh_read_write_timeout"`
|
2018-11-06 14:01:41 -05:00
|
|
|
// SSH Internals
|
|
|
|
SSHPublicKey []byte
|
|
|
|
SSHPrivateKey []byte
|
2015-06-14 01:05:48 -04:00
|
|
|
|
|
|
|
// WinRM
|
2018-02-08 18:10:53 -05:00
|
|
|
WinRMUser string `mapstructure:"winrm_username"`
|
2018-02-07 23:16:15 -05:00
|
|
|
WinRMPassword string `mapstructure:"winrm_password"`
|
2018-02-08 18:10:53 -05:00
|
|
|
WinRMHost string `mapstructure:"winrm_host"`
|
2016-03-10 13:47:30 -05:00
|
|
|
WinRMPort int `mapstructure:"winrm_port"`
|
|
|
|
WinRMTimeout time.Duration `mapstructure:"winrm_timeout"`
|
2018-02-07 23:16:15 -05:00
|
|
|
WinRMUseSSL bool `mapstructure:"winrm_use_ssl"`
|
2018-02-08 18:10:53 -05:00
|
|
|
WinRMInsecure bool `mapstructure:"winrm_insecure"`
|
|
|
|
WinRMUseNTLM bool `mapstructure:"winrm_use_ntlm"`
|
2017-01-18 16:11:48 -05:00
|
|
|
WinRMTransportDecorator func() winrm.Transporter
|
2019-02-15 18:05:29 -05:00
|
|
|
|
|
|
|
// Delay
|
|
|
|
PauseBeforeConnect time.Duration `mapstructure:"pause_before_connecting"`
|
2015-06-13 17:42:38 -04:00
|
|
|
}
|
|
|
|
|
2018-11-06 13:59:40 -05:00
|
|
|
// ReadSSHPrivateKeyFile returns the SSH private key bytes
|
|
|
|
func (c *Config) ReadSSHPrivateKeyFile() ([]byte, error) {
|
|
|
|
var privateKey []byte
|
|
|
|
|
|
|
|
if c.SSHPrivateKeyFile != "" {
|
2018-12-02 19:56:33 -05:00
|
|
|
keyPath, err := packer.ExpandUser(c.SSHPrivateKeyFile)
|
2018-11-06 13:59:40 -05:00
|
|
|
if err != nil {
|
2018-12-02 19:32:20 -05:00
|
|
|
return []byte{}, fmt.Errorf("Error expanding path for SSH private key: %s", err)
|
2018-12-02 19:06:14 -05:00
|
|
|
}
|
|
|
|
|
2018-11-06 13:59:40 -05:00
|
|
|
privateKey, err = ioutil.ReadFile(keyPath)
|
|
|
|
if err != nil {
|
|
|
|
return privateKey, fmt.Errorf("Error on reading SSH private key: %s", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return privateKey, nil
|
|
|
|
}
|
|
|
|
|
2018-08-22 11:03:25 -04:00
|
|
|
// SSHConfigFunc returns a function that can be used for the SSH communicator
|
|
|
|
// config for connecting to the instance created over SSH using the private key
|
|
|
|
// or password.
|
|
|
|
func (c *Config) SSHConfigFunc() func(multistep.StateBag) (*ssh.ClientConfig, error) {
|
|
|
|
return func(state multistep.StateBag) (*ssh.ClientConfig, error) {
|
|
|
|
sshConfig := &ssh.ClientConfig{
|
2018-08-22 11:08:46 -04:00
|
|
|
User: c.SSHUsername,
|
2018-08-22 11:03:25 -04:00
|
|
|
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
|
|
|
|
}
|
|
|
|
|
2018-08-22 11:08:46 -04:00
|
|
|
if c.SSHAgentAuth {
|
2018-08-22 11:03:25 -04:00
|
|
|
authSock := os.Getenv("SSH_AUTH_SOCK")
|
|
|
|
if authSock == "" {
|
|
|
|
return nil, fmt.Errorf("SSH_AUTH_SOCK is not set")
|
|
|
|
}
|
|
|
|
|
|
|
|
sshAgent, err := net.Dial("unix", authSock)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("Cannot connect to SSH Agent socket %q: %s", authSock, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
sshConfig.Auth = append(sshConfig.Auth, ssh.PublicKeysCallback(agent.NewClient(sshAgent).Signers))
|
|
|
|
}
|
|
|
|
|
|
|
|
var privateKeys [][]byte
|
2018-08-23 10:35:07 -04:00
|
|
|
if c.SSHPrivateKeyFile != "" {
|
2018-10-31 17:47:50 -04:00
|
|
|
privateKey, err := c.ReadSSHPrivateKeyFile()
|
2018-08-22 11:03:25 -04:00
|
|
|
if err != nil {
|
2018-10-31 17:47:50 -04:00
|
|
|
return nil, err
|
2018-08-22 11:03:25 -04:00
|
|
|
}
|
2018-10-31 17:47:50 -04:00
|
|
|
privateKeys = append(privateKeys, privateKey)
|
2018-08-22 11:03:25 -04:00
|
|
|
}
|
2018-08-22 12:16:25 -04:00
|
|
|
|
|
|
|
// aws,alicloud,cloudstack,digitalOcean,oneAndOne,openstack,oracle & profitbricks key
|
2018-08-22 11:03:25 -04:00
|
|
|
if iKey, hasKey := state.GetOk("privateKey"); hasKey {
|
|
|
|
privateKeys = append(privateKeys, []byte(iKey.(string)))
|
|
|
|
}
|
|
|
|
|
2018-08-23 11:27:31 -04:00
|
|
|
if len(c.SSHPrivateKey) != 0 {
|
|
|
|
privateKeys = append(privateKeys, c.SSHPrivateKey)
|
2018-08-22 11:03:25 -04:00
|
|
|
}
|
2018-08-22 12:16:25 -04:00
|
|
|
|
2018-08-22 11:03:25 -04:00
|
|
|
for _, key := range privateKeys {
|
|
|
|
signer, err := ssh.ParsePrivateKey(key)
|
|
|
|
if err != nil {
|
2018-11-06 14:02:51 -05:00
|
|
|
return nil, fmt.Errorf("Error on parsing SSH private key: %s", err)
|
2018-08-22 11:03:25 -04:00
|
|
|
}
|
|
|
|
sshConfig.Auth = append(sshConfig.Auth, ssh.PublicKeys(signer))
|
|
|
|
}
|
|
|
|
|
2018-08-22 11:08:46 -04:00
|
|
|
if c.SSHPassword != "" {
|
2018-08-22 11:03:25 -04:00
|
|
|
sshConfig.Auth = append(sshConfig.Auth,
|
2018-08-22 11:08:46 -04:00
|
|
|
ssh.Password(c.SSHPassword),
|
|
|
|
ssh.KeyboardInteractive(packerssh.PasswordKeyboardInteractive(c.SSHPassword)),
|
2018-08-22 11:03:25 -04:00
|
|
|
)
|
|
|
|
}
|
|
|
|
return sshConfig, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-06-14 02:12:59 -04:00
|
|
|
// Port returns the port that will be used for access based on config.
|
|
|
|
func (c *Config) Port() int {
|
|
|
|
switch c.Type {
|
|
|
|
case "ssh":
|
|
|
|
return c.SSHPort
|
|
|
|
case "winrm":
|
|
|
|
return c.WinRMPort
|
|
|
|
default:
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-05-18 20:22:53 -04:00
|
|
|
// Host returns the port that will be used for access based on config.
|
|
|
|
func (c *Config) Host() string {
|
|
|
|
switch c.Type {
|
|
|
|
case "ssh":
|
|
|
|
return c.SSHHost
|
|
|
|
case "winrm":
|
|
|
|
return c.WinRMHost
|
|
|
|
default:
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// User returns the port that will be used for access based on config.
|
|
|
|
func (c *Config) User() string {
|
|
|
|
switch c.Type {
|
|
|
|
case "ssh":
|
|
|
|
return c.SSHUsername
|
|
|
|
case "winrm":
|
|
|
|
return c.WinRMUser
|
|
|
|
default:
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Password returns the port that will be used for access based on config.
|
|
|
|
func (c *Config) Password() string {
|
|
|
|
switch c.Type {
|
|
|
|
case "ssh":
|
|
|
|
return c.SSHPassword
|
|
|
|
case "winrm":
|
|
|
|
return c.WinRMPassword
|
|
|
|
default:
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-06-13 17:42:38 -04:00
|
|
|
func (c *Config) Prepare(ctx *interpolate.Context) []error {
|
2015-06-13 17:50:45 -04:00
|
|
|
if c.Type == "" {
|
|
|
|
c.Type = "ssh"
|
|
|
|
}
|
|
|
|
|
2015-06-14 01:05:48 -04:00
|
|
|
var errs []error
|
|
|
|
switch c.Type {
|
|
|
|
case "ssh":
|
|
|
|
if es := c.prepareSSH(ctx); len(es) > 0 {
|
|
|
|
errs = append(errs, es...)
|
|
|
|
}
|
|
|
|
case "winrm":
|
|
|
|
if es := c.prepareWinRM(ctx); len(es) > 0 {
|
|
|
|
errs = append(errs, es...)
|
|
|
|
}
|
2015-10-11 14:48:16 -04:00
|
|
|
case "docker", "none":
|
2015-10-11 14:20:50 -04:00
|
|
|
break
|
|
|
|
default:
|
|
|
|
return []error{fmt.Errorf("Communicator type %s is invalid", c.Type)}
|
2015-06-14 01:05:48 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
return errs
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Config) prepareSSH(ctx *interpolate.Context) []error {
|
2015-06-13 17:42:38 -04:00
|
|
|
if c.SSHPort == 0 {
|
|
|
|
c.SSHPort = 22
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.SSHTimeout == 0 {
|
|
|
|
c.SSHTimeout = 5 * time.Minute
|
|
|
|
}
|
|
|
|
|
2018-01-31 01:00:37 -05:00
|
|
|
if c.SSHKeepAliveInterval == 0 {
|
|
|
|
c.SSHKeepAliveInterval = 5 * time.Second
|
|
|
|
}
|
|
|
|
|
2015-06-13 19:39:42 -04:00
|
|
|
if c.SSHHandshakeAttempts == 0 {
|
|
|
|
c.SSHHandshakeAttempts = 10
|
|
|
|
}
|
|
|
|
|
2015-06-17 16:10:42 -04:00
|
|
|
if c.SSHBastionHost != "" {
|
|
|
|
if c.SSHBastionPort == 0 {
|
|
|
|
c.SSHBastionPort = 22
|
|
|
|
}
|
2015-06-17 16:33:59 -04:00
|
|
|
|
2018-08-27 10:33:30 -04:00
|
|
|
if c.SSHBastionPrivateKeyFile == "" && c.SSHPrivateKeyFile != "" {
|
|
|
|
c.SSHBastionPrivateKeyFile = c.SSHPrivateKeyFile
|
2015-06-17 16:33:59 -04:00
|
|
|
}
|
2015-06-17 16:10:42 -04:00
|
|
|
}
|
|
|
|
|
2017-10-10 10:04:15 -04:00
|
|
|
if c.SSHProxyHost != "" {
|
|
|
|
if c.SSHProxyPort == 0 {
|
|
|
|
c.SSHProxyPort = 1080
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-07-26 19:39:56 -04:00
|
|
|
if c.SSHFileTransferMethod == "" {
|
|
|
|
c.SSHFileTransferMethod = "scp"
|
|
|
|
}
|
|
|
|
|
2015-06-13 17:42:38 -04:00
|
|
|
// Validation
|
|
|
|
var errs []error
|
2015-06-14 01:05:48 -04:00
|
|
|
if c.SSHUsername == "" {
|
2016-11-15 16:06:15 -05:00
|
|
|
errs = append(errs, errors.New("An ssh_username must be specified\n Note: some builders used to default ssh_username to \"root\"."))
|
2015-06-14 01:05:48 -04:00
|
|
|
}
|
2015-06-13 18:05:10 -04:00
|
|
|
|
2018-08-23 10:35:07 -04:00
|
|
|
if c.SSHPrivateKeyFile != "" {
|
2018-12-02 19:56:33 -05:00
|
|
|
path, err := packer.ExpandUser(c.SSHPrivateKeyFile)
|
2018-10-31 17:47:50 -04:00
|
|
|
if err != nil {
|
|
|
|
errs = append(errs, fmt.Errorf(
|
|
|
|
"ssh_private_key_file is invalid: %s", err))
|
|
|
|
} else if _, err := os.Stat(path); err != nil {
|
2015-06-14 01:05:48 -04:00
|
|
|
errs = append(errs, fmt.Errorf(
|
|
|
|
"ssh_private_key_file is invalid: %s", err))
|
2018-10-31 17:47:50 -04:00
|
|
|
} else if _, err := helperssh.FileSigner(path); err != nil {
|
2015-06-14 01:05:48 -04:00
|
|
|
errs = append(errs, fmt.Errorf(
|
|
|
|
"ssh_private_key_file is invalid: %s", err))
|
2015-06-13 18:05:10 -04:00
|
|
|
}
|
2015-06-13 17:42:38 -04:00
|
|
|
}
|
|
|
|
|
2017-05-28 08:05:03 -04:00
|
|
|
if c.SSHBastionHost != "" && !c.SSHBastionAgentAuth {
|
2018-08-27 10:33:30 -04:00
|
|
|
if c.SSHBastionPassword == "" && c.SSHBastionPrivateKeyFile == "" {
|
2015-06-17 16:10:42 -04:00
|
|
|
errs = append(errs, errors.New(
|
|
|
|
"ssh_bastion_password or ssh_bastion_private_key_file must be specified"))
|
2018-10-31 18:26:18 -04:00
|
|
|
} else if c.SSHBastionPrivateKeyFile != "" {
|
2018-12-02 19:56:33 -05:00
|
|
|
path, err := packer.ExpandUser(c.SSHBastionPrivateKeyFile)
|
2018-10-31 18:26:18 -04:00
|
|
|
if err != nil {
|
|
|
|
errs = append(errs, fmt.Errorf(
|
|
|
|
"ssh_bastion_private_key_file is invalid: %s", err))
|
|
|
|
} else if _, err := os.Stat(path); err != nil {
|
|
|
|
errs = append(errs, fmt.Errorf(
|
|
|
|
"ssh_bastion_private_key_file is invalid: %s", err))
|
|
|
|
} else if _, err := helperssh.FileSigner(path); err != nil {
|
|
|
|
errs = append(errs, fmt.Errorf(
|
|
|
|
"ssh_bastion_private_key_file is invalid: %s", err))
|
|
|
|
}
|
2015-06-17 16:10:42 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-07-26 19:39:56 -04:00
|
|
|
if c.SSHFileTransferMethod != "scp" && c.SSHFileTransferMethod != "sftp" {
|
|
|
|
errs = append(errs, fmt.Errorf(
|
|
|
|
"ssh_file_transfer_method ('%s') is invalid, valid methods: sftp, scp",
|
|
|
|
c.SSHFileTransferMethod))
|
|
|
|
}
|
|
|
|
|
2017-10-14 16:38:44 -04:00
|
|
|
if c.SSHBastionHost != "" && c.SSHProxyHost != "" {
|
|
|
|
errs = append(errs, errors.New("please specify either ssh_bastion_host or ssh_proxy_host, not both"))
|
|
|
|
}
|
|
|
|
|
2015-06-13 17:42:38 -04:00
|
|
|
return errs
|
|
|
|
}
|
2015-06-14 01:05:48 -04:00
|
|
|
|
|
|
|
func (c *Config) prepareWinRM(ctx *interpolate.Context) []error {
|
2016-02-29 09:26:28 -05:00
|
|
|
if c.WinRMPort == 0 && c.WinRMUseSSL {
|
|
|
|
c.WinRMPort = 5986
|
|
|
|
} else if c.WinRMPort == 0 {
|
2015-06-14 01:05:48 -04:00
|
|
|
c.WinRMPort = 5985
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.WinRMTimeout == 0 {
|
|
|
|
c.WinRMTimeout = 30 * time.Minute
|
|
|
|
}
|
|
|
|
|
2017-06-07 07:08:12 -04:00
|
|
|
if c.WinRMUseNTLM == true {
|
|
|
|
c.WinRMTransportDecorator = func() winrm.Transporter { return &winrm.ClientNTLM{} }
|
|
|
|
}
|
|
|
|
|
2015-06-14 01:05:48 -04:00
|
|
|
var errs []error
|
|
|
|
if c.WinRMUser == "" {
|
|
|
|
errs = append(errs, errors.New("winrm_username must be specified."))
|
|
|
|
}
|
|
|
|
|
|
|
|
return errs
|
|
|
|
}
|