jclouds-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johanna Jones <johanna.jone...@gmail.com>
Subject Re: Jclouds security with EC2
Date Mon, 05 Aug 2013 16:40:03 GMT
I just double checked and there is a jclouds# key in the authorized_ssh.
Because I have my own AMI with my key already authorized, I really don't
need jclouds to do any messing around with keys. I just need it to use the
one that's already there, which is doing I think with
overrideLoginCredentials, but is also creating a new key pair. Maybe I'm
overcomplicating this, but it seems like just having one key is a good
simple solution.

On Mon, Aug 5, 2013 at 11:58 AM, Johanna Jones <johanna.jones11@gmail.com>wrote:

> Thanks for the detailed reply. In interest of security, I want the only
> way to get into instances I spin up is the private key I generated myself
> and only ever have it be on my computer, not in the cloud, 'cause why not?
> :)
> It sounds like jclouds might support this with using
> overrideLoginCredentials so it will use my regular .ssh key, and not have
> Amazon create a new key and also authorize my existing key? The
> cloud-example seems to have Amazon create a key pair, and also authorizes
> my key. I can't even find the private key part of the one Amazon created.
> Thanks!
> On Wed, Jul 31, 2013 at 7:22 PM, Andrew Phillips <andrewp@apache.org>wrote:
>> I found the line, which looks like jclouds doesn't generate it's own
>>> keys, instead relying on EC2API:
>>> keyPair = ec2Api.getKeyPairApi().get().**createKeyPairInRegion(region,
>>>  keyName);
>> Well spotted ;-) Yes, if jclouds *eventually* decides that it needs to
>> make a new key, it uses the API (the base EC2 driver does not support key
>> import, only key creation).
>> But the decision on whether a key needs to made, or not, is more
>> complicated than that. The story starts when you run createNodesInGroup and
>> quickly goes to EC2CreateNodesInGroupThenAddTo**Set [1] and then (if
>> you're on AWS) to CreateKeyPairPlacementAndSecur**
>> ityGroupsAsNeededAndReturnRunO**ptions [2].
>> The logic in createNewKeyPairUnlessUserSpec**ifiedOtherwise in that
>> class determines whether a key pair is imported, an existing key pair is
>> used or a new key pair created.
>> The test cases are not exactly easy to read, unfortunately, but the test
>> names at least should help give you an idea of the possible combinations
>> [3, 4].
>> If you want to access the target system using your local credentials,
>> you'll need to use something like template.getOptions().**authorizePublicKey(...)
>> [5] or template.getOptions().**overrideLoginCredentials(...) [6]
>> ap
>> [1] https://github.com/jclouds/**jclouds/blob/master/apis/ec2/**
>> src/main/java/org/jclouds/ec2/**compute/strategy/**
>> EC2CreateNodesInGroupThenAddTo**Set.java<https://github.com/jclouds/jclouds/blob/master/apis/ec2/src/main/java/org/jclouds/ec2/compute/strategy/EC2CreateNodesInGroupThenAddToSet.java>
>> [2] https://github.com/jclouds/**jclouds/blob/master/providers/**
>> aws-ec2/src/main/java/org/**jclouds/aws/ec2/compute/**strategy/**
>> CreateKeyPairPlacementAndSecur**ityGroupsAsNeededAndReturnRunO**
>> ptions.java<https://github.com/jclouds/jclouds/blob/master/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/strategy/CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.java>
>> [3] https://github.com/jclouds/**jclouds/blob/master/providers/**
>> aws-ec2/src/test/java/org/**jclouds/aws/ec2/compute/**strategy/**
>> CreateKeyPairPlacementAndSecur**ityGroupsAsNeededAndReturnRunO**
>> ptionsTest.java<https://github.com/jclouds/jclouds/blob/master/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/strategy/CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptionsTest.java>
>> [4] https://github.com/jclouds/**jclouds/blob/master/apis/ec2/**
>> src/test/java/org/jclouds/ec2/**compute/strategy/**
>> CreateKeyPairAndSecurityGroups**AsNeededAndReturnRunOptionsTes**t.java<https://github.com/jclouds/jclouds/blob/master/apis/ec2/src/test/java/org/jclouds/ec2/compute/strategy/CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptionsTest.java>
>> [5] https://github.com/jclouds/**jclouds-examples/blob/master/**
>> ec2-computeservice-spot/src/**main/java/org/jclouds/**
>> examples/ec2/spot/MainApp.**java#L82<https://github.com/jclouds/jclouds-examples/blob/master/ec2-computeservice-spot/src/main/java/org/jclouds/examples/ec2/spot/MainApp.java#L82>
>> [6] https://github.com/jclouds/**jclouds-examples/blob/master/**
>> compute-basics/src/main/java/**org/jclouds/examples/compute/**
>> basics/MainApp.java#L168<https://github.com/jclouds/jclouds-examples/blob/master/compute-basics/src/main/java/org/jclouds/examples/compute/basics/MainApp.java#L168>

View raw message