jclouds-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johanna Jones <johanna.jone...@gmail.com>
Subject Re: Jclouds security with EC2
Date Mon, 05 Aug 2013 15:58:31 GMT
Thanks for the detailed reply. In interest of security, I want the only way
to get into instances I spin up is the private key I generated myself and
only ever have it be on my computer, not in the cloud, 'cause why not? :)
It sounds like jclouds might support this with using
overrideLoginCredentials so it will use my regular .ssh key, and not have
Amazon create a new key and also authorize my existing key? The
cloud-example seems to have Amazon create a key pair, and also authorizes
my key. I can't even find the private key part of the one Amazon created.
Thanks!


On Wed, Jul 31, 2013 at 7:22 PM, Andrew Phillips <andrewp@apache.org> wrote:

> I found the line, which looks like jclouds doesn't generate it's own
>> keys, instead relying on EC2API:
>> keyPair = ec2Api.getKeyPairApi().get().**createKeyPairInRegion(region,
>>  keyName);
>>
>
> Well spotted ;-) Yes, if jclouds *eventually* decides that it needs to
> make a new key, it uses the API (the base EC2 driver does not support key
> import, only key creation).
>
> But the decision on whether a key needs to made, or not, is more
> complicated than that. The story starts when you run createNodesInGroup and
> quickly goes to EC2CreateNodesInGroupThenAddTo**Set [1] and then (if
> you're on AWS) to CreateKeyPairPlacementAndSecur**
> ityGroupsAsNeededAndReturnRunO**ptions [2].
>
> The logic in createNewKeyPairUnlessUserSpec**ifiedOtherwise in that class
> determines whether a key pair is imported, an existing key pair is used or
> a new key pair created.
>
> The test cases are not exactly easy to read, unfortunately, but the test
> names at least should help give you an idea of the possible combinations
> [3, 4].
>
> If you want to access the target system using your local credentials,
> you'll need to use something like template.getOptions().**authorizePublicKey(...)
> [5] or template.getOptions().**overrideLoginCredentials(...) [6]
>
> ap
>
> [1] https://github.com/jclouds/**jclouds/blob/master/apis/ec2/**
> src/main/java/org/jclouds/ec2/**compute/strategy/**
> EC2CreateNodesInGroupThenAddTo**Set.java<https://github.com/jclouds/jclouds/blob/master/apis/ec2/src/main/java/org/jclouds/ec2/compute/strategy/EC2CreateNodesInGroupThenAddToSet.java>
> [2] https://github.com/jclouds/**jclouds/blob/master/providers/**
> aws-ec2/src/main/java/org/**jclouds/aws/ec2/compute/**strategy/**
> CreateKeyPairPlacementAndSecur**ityGroupsAsNeededAndReturnRunO**
> ptions.java<https://github.com/jclouds/jclouds/blob/master/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/strategy/CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.java>
> [3] https://github.com/jclouds/**jclouds/blob/master/providers/**
> aws-ec2/src/test/java/org/**jclouds/aws/ec2/compute/**strategy/**
> CreateKeyPairPlacementAndSecur**ityGroupsAsNeededAndReturnRunO**
> ptionsTest.java<https://github.com/jclouds/jclouds/blob/master/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/strategy/CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptionsTest.java>
> [4] https://github.com/jclouds/**jclouds/blob/master/apis/ec2/**
> src/test/java/org/jclouds/ec2/**compute/strategy/**
> CreateKeyPairAndSecurityGroups**AsNeededAndReturnRunOptionsTes**t.java<https://github.com/jclouds/jclouds/blob/master/apis/ec2/src/test/java/org/jclouds/ec2/compute/strategy/CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptionsTest.java>
> [5] https://github.com/jclouds/**jclouds-examples/blob/master/**
> ec2-computeservice-spot/src/**main/java/org/jclouds/**
> examples/ec2/spot/MainApp.**java#L82<https://github.com/jclouds/jclouds-examples/blob/master/ec2-computeservice-spot/src/main/java/org/jclouds/examples/ec2/spot/MainApp.java#L82>
> [6] https://github.com/jclouds/**jclouds-examples/blob/master/**
> compute-basics/src/main/java/**org/jclouds/examples/compute/**
> basics/MainApp.java#L168<https://github.com/jclouds/jclouds-examples/blob/master/compute-basics/src/main/java/org/jclouds/examples/compute/basics/MainApp.java#L168>
>

Mime
View raw message