Merge pull request #6713 from hashicorp/cleanup_keys

new option allowing user to clean up the ephemeral ssh key from the a…
This commit is contained in:
Adrien Delorme 2018-09-14 11:12:33 -07:00 committed by GitHub
commit fc75449e06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
30 changed files with 155 additions and 0 deletions

View File

@ -157,6 +157,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.RunConfig.Comm.SSHConfigFunc(),
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.RunConfig.Comm,
},
&stepStopAlicloudInstance{
ForceStop: b.config.ForceStopInstance,
},

View File

@ -211,6 +211,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.RunConfig.Comm.SSHConfigFunc(),
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.RunConfig.Comm,
},
&awscommon.StepStopEBSBackedInstance{
Skip: b.config.IsSpotInstance(),
DisableStopInstance: b.config.DisableStopInstance,

View File

@ -228,6 +228,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.RunConfig.Comm.SSHConfigFunc(),
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.RunConfig.Comm,
},
&awscommon.StepStopEBSBackedInstance{
Skip: b.config.IsSpotInstance(),
DisableStopInstance: b.config.DisableStopInstance,

View File

@ -203,6 +203,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.RunConfig.Comm.SSHConfigFunc(),
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.RunConfig.Comm,
},
&awscommon.StepStopEBSBackedInstance{
Skip: b.config.IsSpotInstance(),
DisableStopInstance: b.config.DisableStopInstance,

View File

@ -286,6 +286,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.RunConfig.Comm.SSHConfigFunc(),
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.RunConfig.Comm,
},
&StepUploadX509Cert{},
&StepBundleVolume{
Debug: b.config.PackerDebug,

View File

@ -177,6 +177,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.Comm.SSHConfigFunc(),
},
&packerCommon.StepProvision{},
&packerCommon.StepCleanupTempKeys{
Comm: &b.config.Comm,
},
NewStepGetOSDisk(azureClient, ui),
NewStepGetAdditionalDisks(azureClient, ui),
NewStepPowerOffCompute(azureClient, ui),

View File

@ -82,6 +82,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
WinRMPort: commPort,
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.Comm,
},
&stepShutdownInstance{},
&stepCreateTemplate{},
}

View File

@ -90,6 +90,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.Comm.SSHConfigFunc(),
},
new(common.StepProvision),
&common.StepCleanupTempKeys{
Comm: &b.config.Comm,
},
new(stepShutdown),
new(stepPowerOff),
new(stepSnapshot),

View File

@ -54,6 +54,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
},
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.Comm,
},
}
if b.config.Discard {

View File

@ -71,6 +71,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
WinRMConfig: winrmConfig,
},
new(common.StepProvision),
&common.StepCleanupTempKeys{
Comm: &b.config.Comm,
},
}
if _, exists := b.config.Metadata[StartupScriptKey]; exists || b.config.StartupScriptFile != "" {
steps = append(steps, new(StepWaitStartupScript))

View File

@ -460,6 +460,11 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
// provision requires communicator to be setup
&common.StepProvision{},
// Remove ephemeral key from authorized_hosts if using SSH communicator
&common.StepCleanupTempKeys{
Comm: &b.config.SSHConfig.Comm,
},
&hypervcommon.StepShutdown{
Command: b.config.ShutdownCommand,
Timeout: b.config.ShutdownTimeout,

View File

@ -489,6 +489,11 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
// provision requires communicator to be setup
&common.StepProvision{},
// Remove ephemeral SSH keys, if using
&common.StepCleanupTempKeys{
Comm: &b.config.SSHConfig.Comm,
},
&hypervcommon.StepShutdown{
Command: b.config.ShutdownCommand,
Timeout: b.config.ShutdownTimeout,

View File

@ -54,6 +54,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.Comm.SSHConfigFunc(),
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.Comm,
},
NewStepStopServerInstance(conn, ui),
NewStepCreateServerImage(conn, ui, b.config),
NewStepDeleteBlockStorageInstance(conn, ui, b.config),

View File

@ -48,6 +48,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.Comm.SSHConfigFunc(),
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.Comm,
},
new(stepTakeSnapshot),
}

View File

@ -133,6 +133,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.RunConfig.Comm.SSHConfigFunc(),
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.RunConfig.Comm,
},
&StepStopServer{},
&StepDetachVolume{
UseBlockStorageVolume: b.config.UseBlockStorageVolume,

View File

@ -77,6 +77,12 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.Comm.SSHConfigFunc(),
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.Comm,
},
&common.StepCleanupTempKeys{
Comm: &b.config.Comm,
},
&stepSnapshot{},
&stepListImages{},
}

View File

@ -69,6 +69,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.Comm.SSHConfigFunc(),
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.Comm,
},
&stepImage{},
}

View File

@ -209,6 +209,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
Ctx: b.config.ctx,
},
new(common.StepProvision),
&common.StepCleanupTempKeys{
Comm: &b.config.SSHConfig.Comm,
},
&parallelscommon.StepShutdown{
Command: b.config.ShutdownCommand,
Timeout: b.config.ShutdownTimeout,

View File

@ -102,6 +102,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
Command: b.config.ShutdownCommand,
Timeout: b.config.ShutdownTimeout,
},
&common.StepCleanupTempKeys{
Comm: &b.config.SSHConfig.Comm,
},
&parallelscommon.StepPrlctl{
Commands: b.config.PrlctlPost,
Ctx: b.config.ctx,

View File

@ -45,6 +45,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.Comm.SSHConfigFunc(),
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.Comm,
},
new(stepTakeSnapshot),
}

View File

@ -403,6 +403,12 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
steps = append(steps,
new(common.StepProvision),
)
steps = append(steps,
&common.StepCleanupTempKeys{
Comm: &b.config.Comm,
},
)
steps = append(steps,
new(stepShutdown),
)

View File

@ -61,6 +61,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.Comm.SSHConfigFunc(),
},
new(common.StepProvision),
&common.StepCleanupTempKeys{
Comm: &b.config.Comm,
},
new(stepShutdown),
new(stepSnapshot),
new(stepImage),

View File

@ -68,6 +68,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SSHConfig: b.config.Comm.SSHConfigFunc(),
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &config.Comm,
},
&StepStopMachine{},
&StepCreateImageFromMachine{},
&StepDeleteMachine{},

View File

@ -267,6 +267,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
Ctx: b.config.ctx,
},
new(common.StepProvision),
&common.StepCleanupTempKeys{
Comm: &b.config.SSHConfig.Comm,
},
&vboxcommon.StepShutdown{
Command: b.config.ShutdownCommand,
Timeout: b.config.ShutdownTimeout,

View File

@ -128,6 +128,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
Ctx: b.config.ctx,
},
new(common.StepProvision),
&common.StepCleanupTempKeys{
Comm: &b.config.SSHConfig.Comm,
},
&vboxcommon.StepShutdown{
Command: b.config.ShutdownCommand,
Timeout: b.config.ShutdownTimeout,

View File

@ -368,6 +368,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
Ctx: b.config.ctx,
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.SSHConfig.Comm,
},
&vmwcommon.StepShutdown{
Command: b.config.ShutdownCommand,
Timeout: b.config.ShutdownTimeout,

View File

@ -111,6 +111,9 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
Ctx: b.config.ctx,
},
&common.StepProvision{},
&common.StepCleanupTempKeys{
Comm: &b.config.SSHConfig.Comm,
},
&vmwcommon.StepShutdown{
Command: b.config.ShutdownCommand,
Timeout: b.config.ShutdownTimeout,

View File

@ -0,0 +1,56 @@
package common
import (
"context"
"fmt"
"log"
"github.com/hashicorp/packer/helper/communicator"
"github.com/hashicorp/packer/helper/multistep"
"github.com/hashicorp/packer/packer"
)
type StepCleanupTempKeys struct {
Comm *communicator.Config
}
func (s *StepCleanupTempKeys) Run(_ context.Context, state multistep.StateBag) multistep.StepAction {
// This step is mostly cosmetic; Packer deletes the ephemeral keys anyway
// so there's no realistic situation where these keys can cause issues.
// However, it's nice to clean up after yourself.
comm := state.Get("communicator").(packer.Communicator)
ui := state.Get("ui").(packer.Ui)
if !s.Comm.SSHClearAuthorizedKeys {
return multistep.ActionContinue
}
if s.Comm.Type != "ssh" {
return multistep.ActionContinue
}
if s.Comm.SSHTemporaryKeyPairName == "" {
return multistep.ActionContinue
}
cmd := new(packer.RemoteCmd)
ui.Say("Trying to remove ephemeral keys from authorized_keys files")
cmd.Command = fmt.Sprintf("sed -i.bak '/ssh-rsa.*%s$/d' ~/.ssh/authorized_keys; rm ~/.ssh/authorized_keys.bak", s.Comm.SSHTemporaryKeyPairName)
if err := cmd.StartWithUi(comm, ui); err != nil {
log.Printf("Error cleaning up ~/.ssh/authorized_keys; please clean up keys manually: %s", err)
}
cmd = new(packer.RemoteCmd)
cmd.Command = fmt.Sprintf("sudo sed -i.bak '/ssh-rsa.*%s$/d' /root/.ssh/authorized_keys; sudo rm /root/.ssh/authorized_keys.bak", s.Comm.SSHTemporaryKeyPairName)
if err := cmd.StartWithUi(comm, ui); err != nil {
log.Printf("Error cleaning up /root/.ssh/authorized_keys; please clean up keys manually: %s", err)
}
return multistep.ActionContinue
}
func (s *StepCleanupTempKeys) Cleanup(state multistep.StateBag) {
}

View File

@ -31,6 +31,7 @@ type Config struct {
SSHPrivateKey []byte `mapstructure:"ssh_private_key"`
SSHKeyPairName string `mapstructure:"ssh_keypair_name"`
SSHTemporaryKeyPairName string `mapstructure:"temporary_key_pair_name"`
SSHClearAuthorizedKeys bool `mapstructure:"ssh_clear_authorized_keys"`
SSHPrivateKeyFile string `mapstructure:"ssh_private_key_file"`
SSHInterface string `mapstructure:"ssh_interface"`
SSHIPVersion string `mapstructure:"ssh_ip_version"`

View File

@ -79,6 +79,13 @@ The SSH communicator has the following options:
- `ssh_bastion_username` (string) - The username to connect to the bastion
host.
- `ssh_clear_authorized_keys` (boolean) - If true, Packer will attempt to
remove its temporary key from `~/.ssh/authorized_keys` and
`/root/.ssh/authorized_keys`. This is a mostly cosmetic option, since Packer
will delete the temporary private key from the host system regardless of
whether this is set to true (unless the user has set the `-debug` flag).
Defaults to "false"; currently only works on guests with `sed` installed.
- `ssh_disable_agent_forwarding` (boolean) - If true, SSH agent forwarding
will be disabled. Defaults to `false`.