|
|
@ -15,14 +15,33 @@ options:
|
|
|
|
required: true
|
|
|
|
required: true
|
|
|
|
key_file:
|
|
|
|
key_file:
|
|
|
|
description:
|
|
|
|
description:
|
|
|
|
- path to the file containing the key pair used on the instance
|
|
|
|
- Path to the file containing the key pair used on the instance.
|
|
|
|
required: true
|
|
|
|
required: true
|
|
|
|
|
|
|
|
key_passphrase:
|
|
|
|
|
|
|
|
version_added: "2.0"
|
|
|
|
|
|
|
|
description:
|
|
|
|
|
|
|
|
- The passphrase for the instance key pair. The key must use DES or 3DES encryption for this module to decrypt it. You can use openssl to convert your password protected keys if they do not use DES or 3DES. ex) openssl rsa -in current_key -out new_key -des3.
|
|
|
|
|
|
|
|
required: false
|
|
|
|
|
|
|
|
default: null
|
|
|
|
region:
|
|
|
|
region:
|
|
|
|
description:
|
|
|
|
description:
|
|
|
|
- The AWS region to use. Must be specified if ec2_url is not used. If not specified then the value of the EC2_REGION environment variable, if any, is used.
|
|
|
|
- The AWS region to use. Must be specified if ec2_url is not used. If not specified then the value of the EC2_REGION environment variable, if any, is used.
|
|
|
|
required: false
|
|
|
|
required: false
|
|
|
|
default: null
|
|
|
|
default: null
|
|
|
|
aliases: [ 'aws_region', 'ec2_region' ]
|
|
|
|
aliases: [ 'aws_region', 'ec2_region' ]
|
|
|
|
|
|
|
|
wait:
|
|
|
|
|
|
|
|
version_added: "2.0"
|
|
|
|
|
|
|
|
description:
|
|
|
|
|
|
|
|
- Whether or not to wait for the password to be available before returning.
|
|
|
|
|
|
|
|
required: false
|
|
|
|
|
|
|
|
default: "no"
|
|
|
|
|
|
|
|
choices: [ "yes", "no" ]
|
|
|
|
|
|
|
|
wait_timeout:
|
|
|
|
|
|
|
|
version_added: "2.0"
|
|
|
|
|
|
|
|
description:
|
|
|
|
|
|
|
|
- Number of seconds to wait before giving up.
|
|
|
|
|
|
|
|
required: false
|
|
|
|
|
|
|
|
default: 120
|
|
|
|
|
|
|
|
|
|
|
|
extends_documentation_fragment: aws
|
|
|
|
extends_documentation_fragment: aws
|
|
|
|
'''
|
|
|
|
'''
|
|
|
@ -36,12 +55,34 @@ tasks:
|
|
|
|
instance_id: i-XXXXXX
|
|
|
|
instance_id: i-XXXXXX
|
|
|
|
region: us-east-1
|
|
|
|
region: us-east-1
|
|
|
|
key_file: "~/aws-creds/my_test_key.pem"
|
|
|
|
key_file: "~/aws-creds/my_test_key.pem"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Example of getting a password with a password protected key
|
|
|
|
|
|
|
|
tasks:
|
|
|
|
|
|
|
|
- name: get the Administrator password
|
|
|
|
|
|
|
|
ec2_win_password:
|
|
|
|
|
|
|
|
profile: my-boto-profile
|
|
|
|
|
|
|
|
instance_id: i-XXXXXX
|
|
|
|
|
|
|
|
region: us-east-1
|
|
|
|
|
|
|
|
key_file: "~/aws-creds/my_protected_test_key.pem"
|
|
|
|
|
|
|
|
key_passphrase: "secret"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Example of waiting for a password
|
|
|
|
|
|
|
|
tasks:
|
|
|
|
|
|
|
|
- name: get the Administrator password
|
|
|
|
|
|
|
|
ec2_win_password:
|
|
|
|
|
|
|
|
profile: my-boto-profile
|
|
|
|
|
|
|
|
instance_id: i-XXXXXX
|
|
|
|
|
|
|
|
region: us-east-1
|
|
|
|
|
|
|
|
key_file: "~/aws-creds/my_test_key.pem"
|
|
|
|
|
|
|
|
wait: yes
|
|
|
|
|
|
|
|
wait_timeout: 45
|
|
|
|
'''
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
|
|
from base64 import b64decode
|
|
|
|
from base64 import b64decode
|
|
|
|
from os.path import expanduser
|
|
|
|
from os.path import expanduser
|
|
|
|
from Crypto.Cipher import PKCS1_v1_5
|
|
|
|
from Crypto.Cipher import PKCS1_v1_5
|
|
|
|
from Crypto.PublicKey import RSA
|
|
|
|
from Crypto.PublicKey import RSA
|
|
|
|
|
|
|
|
import datetime
|
|
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
import boto.ec2
|
|
|
|
import boto.ec2
|
|
|
@ -54,6 +95,9 @@ def main():
|
|
|
|
argument_spec.update(dict(
|
|
|
|
argument_spec.update(dict(
|
|
|
|
instance_id = dict(required=True),
|
|
|
|
instance_id = dict(required=True),
|
|
|
|
key_file = dict(required=True),
|
|
|
|
key_file = dict(required=True),
|
|
|
|
|
|
|
|
key_passphrase = dict(no_log=True, default=None, required=False),
|
|
|
|
|
|
|
|
wait = dict(type='bool', default=False, required=False),
|
|
|
|
|
|
|
|
wait_timeout = dict(default=120, required=False),
|
|
|
|
)
|
|
|
|
)
|
|
|
|
)
|
|
|
|
)
|
|
|
|
module = AnsibleModule(argument_spec=argument_spec)
|
|
|
|
module = AnsibleModule(argument_spec=argument_spec)
|
|
|
@ -63,26 +107,48 @@ def main():
|
|
|
|
|
|
|
|
|
|
|
|
instance_id = module.params.get('instance_id')
|
|
|
|
instance_id = module.params.get('instance_id')
|
|
|
|
key_file = expanduser(module.params.get('key_file'))
|
|
|
|
key_file = expanduser(module.params.get('key_file'))
|
|
|
|
|
|
|
|
key_passphrase = module.params.get('key_passphrase')
|
|
|
|
|
|
|
|
wait = module.params.get('wait')
|
|
|
|
|
|
|
|
wait_timeout = int(module.params.get('wait_timeout'))
|
|
|
|
|
|
|
|
|
|
|
|
ec2 = ec2_connect(module)
|
|
|
|
ec2 = ec2_connect(module)
|
|
|
|
|
|
|
|
|
|
|
|
data = ec2.get_password_data(instance_id)
|
|
|
|
if wait:
|
|
|
|
decoded = b64decode(data)
|
|
|
|
start = datetime.datetime.now()
|
|
|
|
|
|
|
|
end = start + datetime.timedelta(seconds=wait_timeout)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
while datetime.datetime.now() < end:
|
|
|
|
|
|
|
|
data = ec2.get_password_data(instance_id)
|
|
|
|
|
|
|
|
decoded = b64decode(data)
|
|
|
|
|
|
|
|
if wait and not decoded:
|
|
|
|
|
|
|
|
time.sleep(5)
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
break
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
data = ec2.get_password_data(instance_id)
|
|
|
|
|
|
|
|
decoded = b64decode(data)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if wait and datetime.datetime.now() >= end:
|
|
|
|
|
|
|
|
module.fail_json(msg = "wait for password timeout after %d seconds" % wait_timeout)
|
|
|
|
|
|
|
|
|
|
|
|
f = open(key_file, 'r')
|
|
|
|
f = open(key_file, 'r')
|
|
|
|
key = RSA.importKey(f.read())
|
|
|
|
key = RSA.importKey(f.read(), key_passphrase)
|
|
|
|
cipher = PKCS1_v1_5.new(key)
|
|
|
|
cipher = PKCS1_v1_5.new(key)
|
|
|
|
sentinel = 'password decryption failed!!!'
|
|
|
|
sentinel = 'password decryption failed!!!'
|
|
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
decrypted = cipher.decrypt(decoded, sentinel)
|
|
|
|
decrypted = cipher.decrypt(decoded, sentinel)
|
|
|
|
except ValueError as e:
|
|
|
|
except ValueError as e:
|
|
|
|
decrypted = None
|
|
|
|
decrypted = None
|
|
|
|
|
|
|
|
|
|
|
|
if decrypted == None:
|
|
|
|
if decrypted == None:
|
|
|
|
module.exit_json(win_password='', changed=False)
|
|
|
|
module.exit_json(win_password='', changed=False)
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
module.exit_json(win_password=decrypted, changed=True)
|
|
|
|
if wait:
|
|
|
|
|
|
|
|
elapsed = datetime.datetime.now() - start
|
|
|
|
|
|
|
|
module.exit_json(win_password=decrypted, changed=True, elapsed=elapsed.seconds)
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
module.exit_json(win_password=decrypted, changed=True)
|
|
|
|
|
|
|
|
|
|
|
|
# import module snippets
|
|
|
|
# import module snippets
|
|
|
|
from ansible.module_utils.basic import *
|
|
|
|
from ansible.module_utils.basic import *
|
|
|
|