-
Notifications
You must be signed in to change notification settings - Fork 0
/
repro
executable file
·149 lines (133 loc) · 5.74 KB
/
repro
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
#!/usr/bin/env bash
export vagrant_2_2_16_subnet_id=$1
export vagrant_2_2_16_security_group_id=$2
if [[ -z $vagrant_2_2_16_subnet_id ]] ||
[[ -z $vagrant_2_2_16_security_group_id ]]
then
cat <<'EOF'
./repro subnet_id security_group_id
subnet_id must be a public subnet
security_group_id must allow ssh access from the host machine
EOF
exit 1
fi
# Emit some system diagnostics, ignoring any errors from missing commands
date '+%FT%T%z'
sw_vers
lsb_release -a
vagrant --version
ssh -V
(
##########################################################################
### Use `ssh-keygen -t rsa …` to generate key
###
### https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/
###
### This is broken on Vagrant 2.2.16 but works on 2.2.15 and down
##########################################################################
# Test that we both have the private key _and_ that it exists in AWS. If
# either is not true then we need to regenerate it.
if [[ ! -f vagrant-2.2.16-sha1-bug-default-rsa ]] ||
! aws ec2 describe-key-pairs --key-names vagrant-2.2.16-sha1-bug-default-rsa
then
if ! ssh-keygen -t rsa -b 4096 -a 2000 -C "default rsa" -N '' -f vagrant-2.2.16-sha1-bug-default-rsa -m PEM
then
echo "Couldn't create vagrant-2.2.16-sha1-bug-default-rsa key"
exit 1
fi
aws ec2 delete-key-pair --key-name vagrant-2.2.16-sha1-bug-default-rsa
if ! aws ec2 import-key-pair \
--key-name vagrant-2.2.16-sha1-bug-default-rsa \
--public-key-material 'fileb://vagrant-2.2.16-sha1-bug-default-rsa.pub' \
--tag-specifications "ResourceType=key-pair,Tags=[{Key=Name,Value=${LOGNAME} vagrant-2.2.16-sha1-bug-default-rsa}]"
then
echo "Couldn't import vagrant-2.2.16-sha1-bug-default-rsa key"
exit 1
fi
fi
ssh-keygen -l -f vagrant-2.2.16-sha1-bug-default-rsa
time vagrant_2_2_16_test_key=vagrant-2.2.16-sha1-bug-default-rsa \
timeout --signal INT 60s vagrant up --debug 2>&1 ||
{
echo 'vagrant-2.2.16-sha1-bug-default-rsa failed to come up'
} &&
vagrant_2_2_16_test_key=vagrant-2.2.16-sha1-bug-default-rsa vagrant destroy -f
##########################################################################
### Use `ssh-keygen -t rsa-sha2-512 …` to generate key
###
### https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/
###
### This is broken on Vagrant 2.2.16 but works on 2.2.15 and down
##########################################################################
# Test that we both have the private key _and_ that it exists in AWS. If
# either is not true then we need to regenerate it.
if [[ ! -f vagrant-2.2.16-sha1-bug-explicit-rsa-sha2-512 ]] ||
! aws ec2 describe-key-pairs --key-names vagrant-2.2.16-sha1-bug-explicit-rsa-sha2-512
then
if ! ssh-keygen -t rsa-sha2-512 -b 4096 -a 2000 -C "explicit rsa-sha2-512" -N '' -f vagrant-2.2.16-sha1-bug-explicit-rsa-sha2-512 -m PEM
then
echo "Couldn't create vagrant-2.2.16-sha1-bug-explicit-rsa-sha2-512 key"
exit 1
fi
aws ec2 delete-key-pair --key-name vagrant-2.2.16-sha1-bug-explicit-rsa-sha2-512
if ! aws ec2 import-key-pair \
--key-name vagrant-2.2.16-sha1-bug-explicit-rsa-sha2-512 \
--public-key-material 'fileb://vagrant-2.2.16-sha1-bug-explicit-rsa-sha2-512.pub' \
--tag-specifications "ResourceType=key-pair,Tags=[{Key=Name,Value=${LOGNAME} vagrant-2.2.16-sha1-bug-explicit-rsa-sha2-512}]"
then
echo "Couldn't import vagrant-2.2.16-sha1-bug-explicit-rsa-sha2-512 key"
exit 1
fi
fi
ssh-keygen -l -f vagrant-2.2.16-sha1-bug-explicit-rsa-sha2-512
time vagrant_2_2_16_test_key=vagrant-2.2.16-sha1-bug-explicit-rsa-sha2-512 \
timeout --signal INT 60s vagrant up --debug 2>&1 ||
{
echo 'vagrant-2.2.16-sha1-bug-explicit-rsa-sha2-512 failed to come up'
} &&
vagrant_2_2_16_test_key=vagrant-2.2.16-sha1-bug-explicit-rsa-sha2-512 vagrant destroy -f
##########################################################################
### Use aws-cli (and thus EC2) to create the keypair
###
### !!! This method appears to work with 2.2.16 !!!
##########################################################################
# Check if we have the private key locally. If we don't we need to
# recreate the whole thing.
if [[ ! -f vagrant-2.2.16-sha1-bug-aws-created ]]
then
# We don't have a local copy of the private key
# If the key already exists then we want to delete it so we can replace
# it
if aws ec2 describe-key-pairs --key-names vagrant-2.2.16-sha1-bug-aws-created
then
aws ec2 delete-key-pair --key-name vagrant-2.2.16-sha1-bug-aws-created ||
{
echo "Failed to delete existing aws key"
exit 1
}
fi
# Now we're sure that the key doesn't exist so we can go ahead and
# create it
aws ec2 create-key-pair \
--key-name vagrant-2.2.16-sha1-bug-aws-created \
--tag-specifications "ResourceType=key-pair,Tags=[{Key=Name,Value=${LOGNAME} vagrant-2.2.16-sha1-bug-aws-created}]" \
--query "KeyMaterial" --output text > vagrant-2.2.16-sha1-bug-aws-created ||
{
echo "Couldn't create key pair"
exit 1
}
fi
chmod 400 vagrant-2.2.16-sha1-bug-aws-created
ssh-keygen -l -f vagrant-2.2.16-sha1-bug-aws-created
time vagrant_2_2_16_test_key=vagrant-2.2.16-sha1-bug-aws-created \
timeout --signal INT 60s vagrant up --debug 2>&1 &&
echo 'vagrant-2.2.16-sha1-bug-aws-created succeeded' ||
{
echo 'vagrant-2.2.16-sha1-bug-aws-created failed to come up'
} &&
vagrant_2_2_16_test_key=vagrant-2.2.16-sha1-bug-aws-created vagrant destroy -f
) 2>&1 |
sed "
s/$vagrant_2_2_16_subnet_id/subnet-redacted/g;
s/$vagrant_2_2_16_security_group_id/sg-redacted/;" |
tee repro.log