workaround a problem with permissions on ~ec2-user/.ssh/authorized_keys
This commit is contained in:
John Morrison
Родитель
1d80315db9
Коммит
3484af09b2
79
awsbox.js
79
awsbox.js
|
|
@ -514,58 +514,61 @@ verbs.create = function(args) {
|
|||
|
||||
console.log(" ... public url will be:", config.public_url);
|
||||
|
||||
ssh.copyUpConfig(deets.ipAddress, config, function(err) {
|
||||
ssh.ensureSshAccessPerms(deets.ipAddress, function(err) {
|
||||
checkErr(err);
|
||||
console.log(" ... victory! server is accessible and configured");
|
||||
|
||||
key.addKeysFromDirectory(deets.ipAddress, opts.keydir, function(msg) {
|
||||
console.log(" ... " + msg);
|
||||
}, function(err) {
|
||||
ssh.copyUpConfig(deets.ipAddress, config, function(err) {
|
||||
checkErr(err);
|
||||
console.log(" ... victory! server is accessible and configured");
|
||||
|
||||
console.log(" ... applying system updates");
|
||||
ssh.updatePackages(deets.ipAddress, function(err) {
|
||||
key.addKeysFromDirectory(deets.ipAddress, opts.keydir, function(msg) {
|
||||
console.log(" ... " + msg);
|
||||
}, function(err) {
|
||||
checkErr(err);
|
||||
|
||||
function postRemote() {
|
||||
console.log(" ... configuring SSL behavior (" + opts.ssl + ")");
|
||||
ssh.configureProxy(deets.ipAddress, opts.ssl, function(err) {
|
||||
checkErr(err);
|
||||
if (awsboxJson.packages) {
|
||||
console.log(" ... finally, installing custom packages: " + awsboxJson.packages.join(', '));
|
||||
}
|
||||
ssh.installPackages(deets.ipAddress, awsboxJson.packages, function(err) {
|
||||
checkErr(err);
|
||||
hooks.runRemoteHook('postcreate', deets, function(err) {
|
||||
checkErr(err);
|
||||
console.log(" ... applying system updates");
|
||||
ssh.updatePackages(deets.ipAddress, function(err) {
|
||||
checkErr(err);
|
||||
|
||||
copySSLCertIfAvailable(opts, deets, function(err) {
|
||||
function postRemote() {
|
||||
console.log(" ... configuring SSL behavior (" + opts.ssl + ")");
|
||||
ssh.configureProxy(deets.ipAddress, opts.ssl, function(err) {
|
||||
checkErr(err);
|
||||
if (awsboxJson.packages) {
|
||||
console.log(" ... finally, installing custom packages: " + awsboxJson.packages.join(', '));
|
||||
}
|
||||
ssh.installPackages(deets.ipAddress, awsboxJson.packages, function(err) {
|
||||
checkErr(err);
|
||||
hooks.runRemoteHook('postcreate', deets, function(err) {
|
||||
checkErr(err);
|
||||
hooks.runLocalHook('postcreate', deets, function(err) {
|
||||
|
||||
copySSLCertIfAvailable(opts, deets, function(err) {
|
||||
checkErr(err);
|
||||
printInstructions(name, dnsHost, opts.u, deets);
|
||||
hooks.runLocalHook('postcreate', deets, function(err) {
|
||||
checkErr(err);
|
||||
printInstructions(name, dnsHost, opts.u, deets);
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
if (!opts.remote) {
|
||||
postRemote();
|
||||
} else {
|
||||
git.addRemote(name, deets.ipAddress, function(err) {
|
||||
if (err && /already exists/.test(err)) {
|
||||
console.log(("OOPS! you already have a git remote named '" + name + "'!").error);
|
||||
console.log("to create a new one: git remote add <name> " +
|
||||
"app@" + deets.ipAddress + ":git");
|
||||
} else {
|
||||
checkErr(err);
|
||||
}
|
||||
console.log(" ... and your git remote is all set up");
|
||||
if (!opts.remote) {
|
||||
postRemote();
|
||||
});
|
||||
}
|
||||
} else {
|
||||
git.addRemote(name, deets.ipAddress, function(err) {
|
||||
if (err && /already exists/.test(err)) {
|
||||
console.log(("OOPS! you already have a git remote named '" + name + "'!").error);
|
||||
console.log("to create a new one: git remote add <name> " +
|
||||
"app@" + deets.ipAddress + ":git");
|
||||
} else {
|
||||
checkErr(err);
|
||||
}
|
||||
console.log(" ... and your git remote is all set up");
|
||||
postRemote();
|
||||
});
|
||||
}
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
|||
27
lib/ssh.js
27
lib/ssh.js
|
|
@ -12,6 +12,33 @@ function passthrough(cp) {
|
|||
cp.stderr.pipe(process.stderr);
|
||||
}
|
||||
|
||||
exports.ensureSshAccessPerms = function(host, cb) {
|
||||
// Something, possibly cloud-init is resetting these permissions when we
|
||||
// create the AMI. So this is a sad way to set them back for app@ has
|
||||
// access to the EC2 instance.
|
||||
var tries = 0;
|
||||
var destination = 'ec2-user@' + host;
|
||||
var cmd = "chmod go+x /home/ec2-user/.ssh";
|
||||
var args = ['-o', 'StrictHostKeyChecking=no', destination, cmd];
|
||||
function oneTry() {
|
||||
child_process.execFile(ssh, args, function(err) {
|
||||
if (err) {
|
||||
if (++tries > MAX_TRIES) return cb("can't connect via SSH. stupid amazon");
|
||||
process.stdout.write(tries <= 1 ? " ..." : ".");
|
||||
setTimeout(oneTry, 3000);
|
||||
} else {
|
||||
cmd = "chmod go+r /home/ec2-user/.ssh/authorized_keys";
|
||||
args = ['-o', 'StrictHostKeyChecking=no', destination, cmd];
|
||||
child_process.execFile(ssh, args, function(err) {
|
||||
if (err) return cb(err);
|
||||
cb();
|
||||
});
|
||||
}
|
||||
});
|
||||
}
|
||||
oneTry();
|
||||
};
|
||||
|
||||
exports.copyUpConfig = function(host, configContents, cb) {
|
||||
var tries = 0;
|
||||
temp.open({}, function(err, r) {
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче