optionally supports waiting for the password to be available

This commit is contained in:
Rick Mendes 2015-06-09 08:55:58 -07:00
parent 80153611ab
commit 70a7a46d52

View file

@ -15,7 +15,7 @@ options:
required: true
key_file:
description:
- path to the file containing the key pair used on the instance
- Path to the file containing the key pair used on the instance.
required: true
key_passphrase:
version_added: "2.0"
@ -28,6 +28,18 @@ options:
required: false
default: null
aliases: [ 'aws_region', 'ec2_region' ]
wait:
version_added: "2.0"
description:
- Whether or not to wait for the password to be available before returning.
required: false
default: "no"
choices: [ "yes", "no" ]
wait_timeout:
version_added: "2.0"
description:
- Number of seconds to wait before giving up.
default: 120
extends_documentation_fragment: aws
'''
@ -51,12 +63,24 @@ tasks:
region: us-east-1
key_file: "~/aws-creds/my_protected_test_key.pem"
key_passphrase: "secret"
# Example of waiting for a password
tasks:
- name: get the Administrator password
ec2_win_password:
profile: my-boto-profile
instance_id: i-XXXXXX
region: us-east-1
key_file: "~/aws-creds/my_test_key.pem"
wait: yes
wait_timeout: 45
'''
from base64 import b64decode
from os.path import expanduser
from Crypto.Cipher import PKCS1_v1_5
from Crypto.PublicKey import RSA
import datetime
try:
import boto.ec2
@ -70,6 +94,8 @@ def main():
instance_id = dict(required=True),
key_file = dict(required=True),
key_passphrase = dict(default=None),
wait = dict(type='bool', default=False),
wait_timeout = dict(default=120),
)
)
module = AnsibleModule(argument_spec=argument_spec)
@ -80,11 +106,28 @@ def main():
instance_id = module.params.get('instance_id')
key_file = expanduser(module.params.get('key_file'))
key_passphrase = module.params.get('key_passphrase')
wait = module.params.get('wait')
wait_timeout = int(module.params.get('wait_timeout'))
ec2 = ec2_connect(module)
data = ec2.get_password_data(instance_id)
decoded = b64decode(data)
if wait:
start = datetime.datetime.now()
end = start + datetime.timedelta(seconds=wait_timeout)
while datetime.datetime.now() < end:
data = ec2.get_password_data(instance_id)
decoded = b64decode(data)
if wait and not decoded:
time.sleep(5)
else:
break
else:
data = ec2.get_password_data(instance_id)
decoded = b64decode(data)
if wait and datetime.datetime.now() >= end:
module.fail_json(msg = "wait for password timeout after %d seconds" % wait_timeout)
f = open(key_file, 'r')
key = RSA.importKey(f.read(), key_passphrase)
@ -92,14 +135,18 @@ def main():
sentinel = 'password decryption failed!!!'
try:
decrypted = cipher.decrypt(decoded, sentinel)
decrypted = cipher.decrypt(decoded, sentinel)
except ValueError as e:
decrypted = None
decrypted = None
if decrypted == None:
module.exit_json(win_password='', changed=False)
else:
module.exit_json(win_password=decrypted, changed=True)
if wait:
elapsed = datetime.datetime.now() - start
module.exit_json(win_password=decrypted, changed=True, elapsed=elapsed.seconds)
else:
module.exit_json(win_password=decrypted, changed=True)
# import module snippets
from ansible.module_utils.basic import *