From 395d88941c2a0d3ec4a9aa2905c745f20f46617b Mon Sep 17 00:00:00 2001 From: James Nugent Date: Sun, 23 Oct 2016 22:26:14 -0500 Subject: [PATCH] amazon: Allow SSH Agent auth for existing key pair This commit allows SSH Agent authentication to be used with an existing key pair defined in AWS. --- builder/amazon/common/step_key_pair.go | 18 ++++++++++++------ .../source/docs/builders/amazon-ebs.html.md | 11 +++++++---- .../docs/builders/amazon-instance.html.md | 8 +++++--- 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/builder/amazon/common/step_key_pair.go b/builder/amazon/common/step_key_pair.go index 5f3e536de..334e4d729 100644 --- a/builder/amazon/common/step_key_pair.go +++ b/builder/amazon/common/step_key_pair.go @@ -25,13 +25,8 @@ type StepKeyPair struct { func (s *StepKeyPair) Run(state multistep.StateBag) multistep.StepAction { ui := state.Get("ui").(packer.Ui) - if s.SSHAgentAuth { - ui.Say("Using SSH Agent") - return multistep.ActionContinue - } - if s.PrivateKeyFile != "" { - ui.Say("Using existing ssh private key") + ui.Say("Using existing SSH private key") privateKeyBytes, err := ioutil.ReadFile(s.PrivateKeyFile) if err != nil { state.Put("error", fmt.Errorf( @@ -45,6 +40,17 @@ func (s *StepKeyPair) Run(state multistep.StateBag) multistep.StepAction { return multistep.ActionContinue } + if s.SSHAgentAuth && s.KeyPairName == "" { + ui.Say("Using SSH Agent with key pair in Source AMI") + return multistep.ActionContinue + } + + if s.SSHAgentAuth && s.KeyPairName != "" { + ui.Say(fmt.Sprintf("Using SSH Agent for existing key pair %s", s.KeyPairName)) + state.Put("keyPair", s.KeyPairName) + return multistep.ActionContinue + } + if s.TemporaryKeyPairName == "" { ui.Say("Not using temporary keypair") state.Put("keyPair", "") diff --git a/website/source/docs/builders/amazon-ebs.html.md b/website/source/docs/builders/amazon-ebs.html.md index 841f464ef..ee9d78cfe 100644 --- a/website/source/docs/builders/amazon-ebs.html.md +++ b/website/source/docs/builders/amazon-ebs.html.md @@ -188,17 +188,20 @@ builder. `Linux/UNIX (Amazon VPC)`, `SUSE Linux (Amazon VPC)`, `Windows (Amazon VPC)` - `ssh_keypair_name` (string) - If specified, this is the key that will be - used for SSH with the machine. By default, this is blank, and Packer will + used for SSH with the machine. The key must match a key pair name loaded + up into Amazon EC2. By default, this is blank, and Packer will generate a temporary keypair unless [`ssh_password`](/docs/templates/communicator.html#ssh_password) is used. [`ssh_private_key_file`](/docs/templates/communicator.html#ssh_private_key_file) - must be specified with this. + or `ssh_agent_auth` must be specified when `ssh_keypair_name` is utilized. - `ssh_agent_auth` (boolean) - If true, the local SSH agent will be used to authenticate connections to the source instance. No temporary keypair will be created, and the values of `ssh_password` and `ssh_private_key_file` will - be ignored. This is suitable for use if the source AMI already has authorized - keys configured. + be ignored. To use this option with a key pair already configured in the source + AMI, leave the `ssh_keypair_name` blank. To associate an existing key pair + in AWS with the source instance, set the `ssh_keypair_name` field to the name + of the key pair. - `ssh_private_ip` (boolean) - If true, then SSH will always use the private IP if available. diff --git a/website/source/docs/builders/amazon-instance.html.md b/website/source/docs/builders/amazon-instance.html.md index 474197ea8..5d2e9d8ba 100644 --- a/website/source/docs/builders/amazon-instance.html.md +++ b/website/source/docs/builders/amazon-instance.html.md @@ -210,13 +210,15 @@ builder. generate a temporary keypair unless [`ssh_password`](/docs/templates/communicator.html#ssh_password) is used. [`ssh_private_key_file`](/docs/templates/communicator.html#ssh_private_key_file) - must be specified when `ssh_keypair_name` is utilized. + or `ssh_agent_auth` must be specified when `ssh_keypair_name` is utilized. - `ssh_agent_auth` (boolean) - If true, the local SSH agent will be used to authenticate connections to the source instance. No temporary keypair will be created, and the values of `ssh_password` and `ssh_private_key_file` will - be ignored. This is suitable for use if the source AMI already has authorized - keys configured. + be ignored. To use this option with a key pair already configured in the source + AMI, leave the `ssh_keypair_name` blank. To associate an existing key pair + in AWS with the source instance, set the `ssh_keypair_name` field to the name + of the key pair. - `ssh_private_ip` (boolean) - If true, then SSH will always use the private IP if available.