// Suggest at least 15 minutes for timeout
public static String waitForPasswordOnAws(
ComputeService computeService, final NodeMetadata node, long timeout, TimeUnit timeUnit)
throws TimeoutException {
ComputeServiceContext computeServiceContext = computeService.getContext();
AWSEC2Api ec2Client = computeServiceContext.unwrapApi(AWSEC2Api.class);
final WindowsApi client = ec2Client.getWindowsApi().get();
final String region = node.getLocation().getParent().getId();
// The Administrator password will take some time before it is ready - Amazon says sometimes 15
// minutes.
// So we create a predicate that tests if the password is ready, and wrap it in a retryable
// predicate.
Predicate<String> passwordReady =
new Predicate<String>() {
@Override
public boolean apply(String s) {
if (Strings.isNullOrEmpty(s)) return false;
PasswordData data = client.getPasswordDataInRegion(region, s);
if (data == null) return false;
return !Strings.isNullOrEmpty(data.getPasswordData());
}
};
LOG.info("Waiting for password, for " + node.getProviderId() + ":" + node.getId());
Predicate<String> passwordReadyRetryable =
Predicates2.retry(
passwordReady, timeUnit.toMillis(timeout), 10 * 1000, TimeUnit.MILLISECONDS);
boolean ready = passwordReadyRetryable.apply(node.getProviderId());
if (!ready)
throw new TimeoutException(
"Password not available for "
+ node
+ " in region "
+ region
+ " after "
+ timeout
+ " "
+ timeUnit.name());
// Now pull together Amazon's encrypted password blob, and the private key that jclouds
// generated
PasswordDataAndPrivateKey dataAndKey =
new PasswordDataAndPrivateKey(
client.getPasswordDataInRegion(region, node.getProviderId()),
node.getCredentials().getPrivateKey());
// And apply it to the decryption function
WindowsLoginCredentialsFromEncryptedData f =
computeServiceContext
.utils()
.injector()
.getInstance(WindowsLoginCredentialsFromEncryptedData.class);
LoginCredentials credentials = f.apply(dataAndKey);
return credentials.getPassword();
}
public JschSshClient(
ProxyConfig proxyConfig,
BackoffLimitedRetryHandler backoffLimitedRetryHandler,
HostAndPort socket,
LoginCredentials loginCredentials,
int timeout) {
this.user = checkNotNull(loginCredentials, "loginCredentials").getUser();
this.host = checkNotNull(socket, "socket").getHostText();
checkArgument(socket.getPort() > 0, "ssh port must be greater then zero" + socket.getPort());
checkArgument(
loginCredentials.getPassword() != null || loginCredentials.getPrivateKey() != null,
"you must specify a password or a key");
this.backoffLimitedRetryHandler =
checkNotNull(backoffLimitedRetryHandler, "backoffLimitedRetryHandler");
if (loginCredentials.getPrivateKey() == null) {
this.toString =
String.format(
"%s:pw[%s]@%s:%d",
loginCredentials.getUser(),
base16()
.lowerCase()
.encode(md5().hashString(loginCredentials.getPassword(), UTF_8).asBytes()),
host,
socket.getPort());
} else {
String fingerPrint = fingerprintPrivateKey(loginCredentials.getPrivateKey());
String sha1 = sha1PrivateKey(loginCredentials.getPrivateKey());
this.toString =
String.format(
"%s:rsa[fingerprint(%s),sha1(%s)]@%s:%d",
loginCredentials.getUser(), fingerPrint, sha1, host, socket.getPort());
}
sessionConnection =
SessionConnection.builder()
.hostAndPort(HostAndPort.fromParts(host, socket.getPort()))
.loginCredentials(loginCredentials)
.proxy(checkNotNull(proxyConfig, "proxyConfig"))
.connectTimeout(timeout)
.sessionTimeout(timeout)
.build();
}
@Override
public Session create() throws Exception {
JSch jsch = new JSch();
session =
jsch.getSession(
loginCredentials.getUser(),
hostAndPort.getHostText(),
hostAndPort.getPortOrDefault(22));
if (sessionTimeout != 0) session.setTimeout(sessionTimeout);
if (loginCredentials.getPrivateKey() == null) {
session.setPassword(loginCredentials.getPassword());
} else {
byte[] privateKey = loginCredentials.getPrivateKey().getBytes();
if (CredentialUtils.isPrivateKeyEncrypted(privateKey)) {
throw new IllegalArgumentException(
"JschSshClientModule does not support private keys that require a passphrase");
}
jsch.addIdentity(
loginCredentials.getUser(),
Arrays.copyOf(privateKey, privateKey.length),
null,
emptyPassPhrase);
}
java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
session.setConfig(config);
session.connect(connectTimeout);
return session;
}
