Merge pull request #4655 from lbordowitz/ostk-sshca

OpenStack: Add ssh agent support
2017-03-14 21:07:03 +01:00 · 2017-03-14 21:07:03 +01:00 · 8c2a8f5f81
parent 677e885422 6cd3cb18da
commit 8c2a8f5f81
5 changed files with 103 additions and 32 deletions
--- a/builder/openstack/builder.go
+++ b/builder/openstack/builder.go
@ -75,10 +75,12 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			Flavor: b.config.Flavor,
 		},
 		&StepKeyPair{
-			Debug:          b.config.PackerDebug,
+			Debug:                b.config.PackerDebug,
-			DebugKeyPath:   fmt.Sprintf("os_%s.pem", b.config.PackerBuildName),
+			DebugKeyPath:         fmt.Sprintf("os_%s.pem", b.config.PackerBuildName),
-			KeyPairName:    b.config.SSHKeyPairName,
+			KeyPairName:          b.config.SSHKeyPairName,
-			PrivateKeyFile: b.config.RunConfig.Comm.SSHPrivateKey,
+			TemporaryKeyPairName: b.config.TemporaryKeyPairName,
 			PrivateKeyFile:       b.config.RunConfig.Comm.SSHPrivateKey,
 			SSHAgentAuth:         b.config.RunConfig.Comm.SSHAgentAuth,
 		},
 		&StepRunSourceServer{
 			Name:             b.config.ImageName,
@ -110,7 +112,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 				computeClient,
 				b.config.SSHInterface,
 				b.config.SSHIPVersion),
-			SSHConfig: SSHConfig(b.config.RunConfig.Comm.SSHUsername,
+			SSHConfig: SSHConfig(
 				b.config.RunConfig.Comm.SSHAgentAuth,
 				b.config.RunConfig.Comm.SSHUsername,
 				b.config.RunConfig.Comm.SSHPassword),
 		},
 		&common.StepProvision{},
--- a/builder/openstack/run_config.go
+++ b/builder/openstack/run_config.go
@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"github.com/mitchellh/packer/common/uuid"
 	"github.com/mitchellh/packer/helper/communicator"
 	"github.com/mitchellh/packer/template/interpolate"
 )
@ -11,10 +12,11 @@ import (
 // RunConfig contains configuration for running an instance from a source
 // image and details on how to access that launched image.
 type RunConfig struct {
-	Comm           communicator.Config `mapstructure:",squash"`
+	Comm                 communicator.Config `mapstructure:",squash"`
-	SSHKeyPairName string              `mapstructure:"ssh_keypair_name"`
+	SSHKeyPairName       string              `mapstructure:"ssh_keypair_name"`
-	SSHInterface   string              `mapstructure:"ssh_interface"`
+	TemporaryKeyPairName string              `mapstructure:"temporary_key_pair_name"`
-	SSHIPVersion   string              `mapstructure:"ssh_ip_version"`
+	SSHInterface         string              `mapstructure:"ssh_interface"`
 	SSHIPVersion         string              `mapstructure:"ssh_ip_version"`
 	SourceImage      string            `mapstructure:"source_image"`
 	SourceImageName  string            `mapstructure:"source_image_name"`
@ -38,6 +40,15 @@ type RunConfig struct {
 }
 func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
 	// If we are not given an explicit ssh_keypair_name or
 	// ssh_private_key_file, then create a temporary one, but only if the
 	// temporary_key_pair_name has not been provided and we are not using
 	// ssh_password.
 	if c.SSHKeyPairName == "" && c.TemporaryKeyPairName == "" &&
 		c.Comm.SSHPrivateKey == "" && c.Comm.SSHPassword == "" {
 		c.TemporaryKeyPairName = fmt.Sprintf("packer_%s", uuid.TimeOrderedUUID())
 	}
 	if c.UseFloatingIp && c.FloatingIpPool == "" {
 		c.FloatingIpPool = "public"
@ -45,6 +56,15 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
 	// Validation
 	errs := c.Comm.Prepare(ctx)
 	if c.SSHKeyPairName != "" {
 		if c.Comm.Type == "winrm" && c.Comm.WinRMPassword == "" && c.Comm.SSHPrivateKey == "" {
 			errs = append(errs, errors.New("A private_key_file must be provided to retrieve the winrm password when using ssh_keypair_name."))
 		} else if c.Comm.SSHPrivateKey == "" && !c.Comm.SSHAgentAuth {
 			errs = append(errs, errors.New("A private_key_file must be provided or ssh_agent_auth enabled when ssh_keypair_name is specified."))
 		}
 	}
 	if c.SourceImage == "" && c.SourceImageName == "" {
 		errs = append(errs, errors.New("Either a source_image or a source_image_name must be specified"))
 	} else if len(c.SourceImage) > 0 && len(c.SourceImageName) > 0 {
--- a/builder/openstack/ssh.go
+++ b/builder/openstack/ssh.go
@ -4,6 +4,8 @@ import (
 	"errors"
 	"fmt"
 	"log"
 	"net"
 	"os"
 	"time"
 	"github.com/gophercloud/gophercloud"
@ -12,6 +14,7 @@ import (
 	"github.com/mitchellh/multistep"
 	packerssh "github.com/mitchellh/packer/communicator/ssh"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/crypto/ssh/agent"
 )
 // CommHost looks up the host for the communicator.
@ -63,8 +66,26 @@ func CommHost(
 // SSHConfig returns a function that can be used for the SSH communicator
 // config for connecting to the instance created over SSH using a private key
 // or a password.
-func SSHConfig(username, password string) func(multistep.StateBag) (*ssh.ClientConfig, error) {
+func SSHConfig(useAgent bool, username, password string) func(multistep.StateBag) (*ssh.ClientConfig, error) {
 	return func(state multistep.StateBag) (*ssh.ClientConfig, error) {
 		if useAgent {
 			authSock := os.Getenv("SSH_AUTH_SOCK")
 			if authSock == "" {
 				return nil, fmt.Errorf("SSH_AUTH_SOCK is not set")
 			}
 			sshAgent, err := net.Dial("unix", authSock)
 			if err != nil {
 				return nil, fmt.Errorf("Cannot connect to SSH Agent socket %q: %s", authSock, err)
 			}
 			return &ssh.ClientConfig{
 				User: username,
 				Auth: []ssh.AuthMethod{
 					ssh.PublicKeysCallback(agent.NewClient(sshAgent).Signers),
 				},
 			}, nil
 		}
 		privateKey, hasKey := state.GetOk("privateKey")
--- a/builder/openstack/step_key_pair.go
+++ b/builder/openstack/step_key_pair.go
@ -10,21 +10,24 @@ import (
 	"github.com/gophercloud/gophercloud/openstack/compute/v2/extensions/keypairs"
 	"github.com/mitchellh/multistep"
 	"github.com/mitchellh/packer/common/uuid"
 	"github.com/mitchellh/packer/packer"
 	"golang.org/x/crypto/ssh"
 )
 type StepKeyPair struct {
-	Debug          bool
+	Debug                bool
-	DebugKeyPath   string
+	SSHAgentAuth         bool
-	KeyPairName    string
+	DebugKeyPath         string
-	PrivateKeyFile string
+	TemporaryKeyPairName string
 	KeyPairName          string
 	PrivateKeyFile       string
 	keyName string
 }
 func (s *StepKeyPair) Run(state multistep.StateBag) multistep.StepAction {
 	ui := state.Get("ui").(packer.Ui)
 	if s.PrivateKeyFile != "" {
 		privateKeyBytes, err := ioutil.ReadFile(s.PrivateKeyFile)
 		if err != nil {
@ -39,14 +42,25 @@ func (s *StepKeyPair) Run(state multistep.StateBag) multistep.StepAction {
 		return multistep.ActionContinue
 	}
-	config := state.Get("config").(Config)
+	if s.SSHAgentAuth && s.KeyPairName == "" {
-	ui := state.Get("ui").(packer.Ui)
+		ui.Say("Using SSH Agent with key pair in Source image")
 	if config.Comm.Type == "ssh" && config.Comm.SSHPassword != "" {
 		ui.Say("Not creating temporary keypair when using password.")
 		return multistep.ActionContinue
 	}
 	if s.SSHAgentAuth && s.KeyPairName != "" {
 		ui.Say(fmt.Sprintf("Using SSH Agent for existing key pair %s", s.KeyPairName))
 		state.Put("keyPair", s.KeyPairName)
 		return multistep.ActionContinue
 	}
 	if s.TemporaryKeyPairName == "" {
 		ui.Say("Not using temporary keypair")
 		state.Put("keyPair", "")
 		return multistep.ActionContinue
 	}
 	config := state.Get("config").(Config)
 	// We need the v2 compute client
 	computeClient, err := config.computeV2Client()
 	if err != nil {
@ -55,10 +69,9 @@ func (s *StepKeyPair) Run(state multistep.StateBag) multistep.StepAction {
 		return multistep.ActionHalt
 	}
-	keyName := fmt.Sprintf("packer %s", uuid.TimeOrderedUUID())
+	ui.Say(fmt.Sprintf("Creating temporary keypair: %s ...", s.TemporaryKeyPairName))
 	ui.Say(fmt.Sprintf("Creating temporary keypair: %s ...", keyName))
 	keypair, err := keypairs.Create(computeClient, keypairs.CreateOpts{
-		Name: keyName,
+		Name: s.TemporaryKeyPairName,
 	}).Extract()
 	if err != nil {
 		state.Put("error", fmt.Errorf("Error creating temporary keypair: %s", err))
@ -70,7 +83,7 @@ func (s *StepKeyPair) Run(state multistep.StateBag) multistep.StepAction {
 		return multistep.ActionHalt
 	}
-	ui.Say(fmt.Sprintf("Created temporary keypair: %s", keyName))
+	ui.Say(fmt.Sprintf("Created temporary keypair: %s", s.TemporaryKeyPairName))
 	keypair.PrivateKey = berToDer(keypair.PrivateKey, ui)
@ -101,10 +114,10 @@ func (s *StepKeyPair) Run(state multistep.StateBag) multistep.StepAction {
 	}
 	// Set the keyname so we know to delete it later
-	s.keyName = keyName
+	s.keyName = s.TemporaryKeyPairName
 	// Set some state data for use in future steps
-	state.Put("keyPair", keyName)
+	state.Put("keyPair", s.keyName)
 	state.Put("privateKey", keypair.PrivateKey)
 	return multistep.ActionContinue
@ -156,11 +169,11 @@ func berToDer(ber string, ui packer.Ui) string {
 func (s *StepKeyPair) Cleanup(state multistep.StateBag) {
 	// If we used an SSH private key file, do not go about deleting
 	// keypairs
-	if s.PrivateKeyFile != "" {
+	if s.PrivateKeyFile != "" || (s.KeyPairName == "" && s.keyName == "") {
 		return
 	}
 	// If no key name is set, then we never created it, so just return
-	if s.keyName == "" {
+	if s.TemporaryKeyPairName == "" {
 		return
 	}
@ -171,14 +184,14 @@ func (s *StepKeyPair) Cleanup(state multistep.StateBag) {
 	computeClient, err := config.computeV2Client()
 	if err != nil {
 		ui.Error(fmt.Sprintf(
-			"Error cleaning up keypair. Please delete the key manually: %s", s.keyName))
+			"Error cleaning up keypair. Please delete the key manually: %s", s.TemporaryKeyPairName))
 		return
 	}
-	ui.Say(fmt.Sprintf("Deleting temporary keypair: %s ...", s.keyName))
+	ui.Say(fmt.Sprintf("Deleting temporary keypair: %s ...", s.TemporaryKeyPairName))
 	err = keypairs.Delete(computeClient, s.keyName).ExtractErr()
 	if err != nil {
 		ui.Error(fmt.Sprintf(
-			"Error cleaning up keypair. Please delete the key manually: %s", s.keyName))
+			"Error cleaning up keypair. Please delete the key manually: %s", s.TemporaryKeyPairName))
 	}
 }
--- a/website/source/docs/builders/openstack.html.md
+++ b/website/source/docs/builders/openstack.html.md
@ -144,8 +144,21 @@ builder.
 -   `ssh_keypair_name` (string) - If specified, this is the key that will be
    used for SSH with the machine. By default, this is blank, and Packer will
    generate a temporary keypair.
    [`ssh_password`](/docs/templates/communicator.html#ssh_password) is used.
    [`ssh_private_key_file`](/docs/templates/communicator.html#ssh_private_key_file)
-    must be specified with this.
+    or `ssh_agent_auth` must be specified when `ssh_keypair_name` is utilized.
 -   `ssh_agent_auth` (boolean) - If true, the local SSH agent will be used to
    authenticate connections to the source instance. No temporary keypair will
    be created, and the values of `ssh_password` and `ssh_private_key_file` will
    be ignored. To use this option with a key pair already configured in the source
    image, leave the `ssh_keypair_name` blank. To associate an existing key pair
    with the source instance, set the `ssh_keypair_name` field to the name
    of the key pair.
 -   `temporary_key_pair_name` (string) - The name of the temporary key pair
    to generate. By default, Packer generates a name that looks like
    `packer_<UUID>`, where \<UUID\> is a 36 character unique identifier.
 -   `tenant_id` or `tenant_name` (string) - The tenant ID or name to boot the
    instance into. Some OpenStack installations require this. If not specified,