Show More
@@ -1,884 +1,892 b'' | |||||
1 | # aws.py - Automation code for Amazon Web Services |
|
1 | # aws.py - Automation code for Amazon Web Services | |
2 | # |
|
2 | # | |
3 | # Copyright 2019 Gregory Szorc <gregory.szorc@gmail.com> |
|
3 | # Copyright 2019 Gregory Szorc <gregory.szorc@gmail.com> | |
4 | # |
|
4 | # | |
5 | # This software may be used and distributed according to the terms of the |
|
5 | # This software may be used and distributed according to the terms of the | |
6 | # GNU General Public License version 2 or any later version. |
|
6 | # GNU General Public License version 2 or any later version. | |
7 |
|
7 | |||
8 | # no-check-code because Python 3 native. |
|
8 | # no-check-code because Python 3 native. | |
9 |
|
9 | |||
10 | import contextlib |
|
10 | import contextlib | |
11 | import copy |
|
11 | import copy | |
12 | import hashlib |
|
12 | import hashlib | |
13 | import json |
|
13 | import json | |
14 | import os |
|
14 | import os | |
15 | import pathlib |
|
15 | import pathlib | |
16 | import subprocess |
|
16 | import subprocess | |
17 | import time |
|
17 | import time | |
18 |
|
18 | |||
19 | import boto3 |
|
19 | import boto3 | |
20 | import botocore.exceptions |
|
20 | import botocore.exceptions | |
21 |
|
21 | |||
22 | from .winrm import ( |
|
22 | from .winrm import ( | |
23 | run_powershell, |
|
23 | run_powershell, | |
24 | wait_for_winrm, |
|
24 | wait_for_winrm, | |
25 | ) |
|
25 | ) | |
26 |
|
26 | |||
27 |
|
27 | |||
28 | SOURCE_ROOT = pathlib.Path(os.path.abspath(__file__)).parent.parent.parent.parent |
|
28 | SOURCE_ROOT = pathlib.Path(os.path.abspath(__file__)).parent.parent.parent.parent | |
29 |
|
29 | |||
30 | INSTALL_WINDOWS_DEPENDENCIES = (SOURCE_ROOT / 'contrib' / |
|
30 | INSTALL_WINDOWS_DEPENDENCIES = (SOURCE_ROOT / 'contrib' / | |
31 | 'install-windows-dependencies.ps1') |
|
31 | 'install-windows-dependencies.ps1') | |
32 |
|
32 | |||
33 |
|
33 | |||
34 | KEY_PAIRS = { |
|
34 | KEY_PAIRS = { | |
35 | 'automation', |
|
35 | 'automation', | |
36 | } |
|
36 | } | |
37 |
|
37 | |||
38 |
|
38 | |||
39 | SECURITY_GROUPS = { |
|
39 | SECURITY_GROUPS = { | |
40 | 'windows-dev-1': { |
|
40 | 'windows-dev-1': { | |
41 | 'description': 'Mercurial Windows instances that perform build automation', |
|
41 | 'description': 'Mercurial Windows instances that perform build automation', | |
42 | 'ingress': [ |
|
42 | 'ingress': [ | |
43 | { |
|
43 | { | |
44 | 'FromPort': 22, |
|
44 | 'FromPort': 22, | |
45 | 'ToPort': 22, |
|
45 | 'ToPort': 22, | |
46 | 'IpProtocol': 'tcp', |
|
46 | 'IpProtocol': 'tcp', | |
47 | 'IpRanges': [ |
|
47 | 'IpRanges': [ | |
48 | { |
|
48 | { | |
49 | 'CidrIp': '0.0.0.0/0', |
|
49 | 'CidrIp': '0.0.0.0/0', | |
50 | 'Description': 'SSH from entire Internet', |
|
50 | 'Description': 'SSH from entire Internet', | |
51 | }, |
|
51 | }, | |
52 | ], |
|
52 | ], | |
53 | }, |
|
53 | }, | |
54 | { |
|
54 | { | |
55 | 'FromPort': 3389, |
|
55 | 'FromPort': 3389, | |
56 | 'ToPort': 3389, |
|
56 | 'ToPort': 3389, | |
57 | 'IpProtocol': 'tcp', |
|
57 | 'IpProtocol': 'tcp', | |
58 | 'IpRanges': [ |
|
58 | 'IpRanges': [ | |
59 | { |
|
59 | { | |
60 | 'CidrIp': '0.0.0.0/0', |
|
60 | 'CidrIp': '0.0.0.0/0', | |
61 | 'Description': 'RDP from entire Internet', |
|
61 | 'Description': 'RDP from entire Internet', | |
62 | }, |
|
62 | }, | |
63 | ], |
|
63 | ], | |
64 |
|
64 | |||
65 | }, |
|
65 | }, | |
66 | { |
|
66 | { | |
67 | 'FromPort': 5985, |
|
67 | 'FromPort': 5985, | |
68 | 'ToPort': 5986, |
|
68 | 'ToPort': 5986, | |
69 | 'IpProtocol': 'tcp', |
|
69 | 'IpProtocol': 'tcp', | |
70 | 'IpRanges': [ |
|
70 | 'IpRanges': [ | |
71 | { |
|
71 | { | |
72 | 'CidrIp': '0.0.0.0/0', |
|
72 | 'CidrIp': '0.0.0.0/0', | |
73 | 'Description': 'PowerShell Remoting (Windows Remote Management)', |
|
73 | 'Description': 'PowerShell Remoting (Windows Remote Management)', | |
74 | }, |
|
74 | }, | |
75 | ], |
|
75 | ], | |
76 | } |
|
76 | } | |
77 | ], |
|
77 | ], | |
78 | }, |
|
78 | }, | |
79 | } |
|
79 | } | |
80 |
|
80 | |||
81 |
|
81 | |||
82 | IAM_ROLES = { |
|
82 | IAM_ROLES = { | |
83 | 'ephemeral-ec2-role-1': { |
|
83 | 'ephemeral-ec2-role-1': { | |
84 | 'description': 'Mercurial temporary EC2 instances', |
|
84 | 'description': 'Mercurial temporary EC2 instances', | |
85 | 'policy_arns': [ |
|
85 | 'policy_arns': [ | |
86 | 'arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM', |
|
86 | 'arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM', | |
87 | ], |
|
87 | ], | |
88 | }, |
|
88 | }, | |
89 | } |
|
89 | } | |
90 |
|
90 | |||
91 |
|
91 | |||
92 | ASSUME_ROLE_POLICY_DOCUMENT = ''' |
|
92 | ASSUME_ROLE_POLICY_DOCUMENT = ''' | |
93 | { |
|
93 | { | |
94 | "Version": "2012-10-17", |
|
94 | "Version": "2012-10-17", | |
95 | "Statement": [ |
|
95 | "Statement": [ | |
96 | { |
|
96 | { | |
97 | "Effect": "Allow", |
|
97 | "Effect": "Allow", | |
98 | "Principal": { |
|
98 | "Principal": { | |
99 | "Service": "ec2.amazonaws.com" |
|
99 | "Service": "ec2.amazonaws.com" | |
100 | }, |
|
100 | }, | |
101 | "Action": "sts:AssumeRole" |
|
101 | "Action": "sts:AssumeRole" | |
102 | } |
|
102 | } | |
103 | ] |
|
103 | ] | |
104 | } |
|
104 | } | |
105 | '''.strip() |
|
105 | '''.strip() | |
106 |
|
106 | |||
107 |
|
107 | |||
108 | IAM_INSTANCE_PROFILES = { |
|
108 | IAM_INSTANCE_PROFILES = { | |
109 | 'ephemeral-ec2-1': { |
|
109 | 'ephemeral-ec2-1': { | |
110 | 'roles': [ |
|
110 | 'roles': [ | |
111 | 'ephemeral-ec2-role-1', |
|
111 | 'ephemeral-ec2-role-1', | |
112 | ], |
|
112 | ], | |
113 | } |
|
113 | } | |
114 | } |
|
114 | } | |
115 |
|
115 | |||
116 |
|
116 | |||
117 | # User Data for Windows EC2 instance. Mainly used to set the password |
|
117 | # User Data for Windows EC2 instance. Mainly used to set the password | |
118 | # and configure WinRM. |
|
118 | # and configure WinRM. | |
119 | # Inspired by the User Data script used by Packer |
|
119 | # Inspired by the User Data script used by Packer | |
120 | # (from https://www.packer.io/intro/getting-started/build-image.html). |
|
120 | # (from https://www.packer.io/intro/getting-started/build-image.html). | |
121 | WINDOWS_USER_DATA = r''' |
|
121 | WINDOWS_USER_DATA = r''' | |
122 | <powershell> |
|
122 | <powershell> | |
123 |
|
123 | |||
124 | # TODO enable this once we figure out what is failing. |
|
124 | # TODO enable this once we figure out what is failing. | |
125 | #$ErrorActionPreference = "stop" |
|
125 | #$ErrorActionPreference = "stop" | |
126 |
|
126 | |||
127 | # Set administrator password |
|
127 | # Set administrator password | |
128 | net user Administrator "%s" |
|
128 | net user Administrator "%s" | |
129 | wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE |
|
129 | wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE | |
130 |
|
130 | |||
131 | # First, make sure WinRM can't be connected to |
|
131 | # First, make sure WinRM can't be connected to | |
132 | netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block |
|
132 | netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block | |
133 |
|
133 | |||
134 | # Delete any existing WinRM listeners |
|
134 | # Delete any existing WinRM listeners | |
135 | winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null |
|
135 | winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null | |
136 | winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null |
|
136 | winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null | |
137 |
|
137 | |||
138 | # Create a new WinRM listener and configure |
|
138 | # Create a new WinRM listener and configure | |
139 | winrm create winrm/config/listener?Address=*+Transport=HTTP |
|
139 | winrm create winrm/config/listener?Address=*+Transport=HTTP | |
140 | winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}' |
|
140 | winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}' | |
141 | winrm set winrm/config '@{MaxTimeoutms="7200000"}' |
|
141 | winrm set winrm/config '@{MaxTimeoutms="7200000"}' | |
142 | winrm set winrm/config/service '@{AllowUnencrypted="true"}' |
|
142 | winrm set winrm/config/service '@{AllowUnencrypted="true"}' | |
143 | winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="12000"}' |
|
143 | winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="12000"}' | |
144 | winrm set winrm/config/service/auth '@{Basic="true"}' |
|
144 | winrm set winrm/config/service/auth '@{Basic="true"}' | |
145 | winrm set winrm/config/client/auth '@{Basic="true"}' |
|
145 | winrm set winrm/config/client/auth '@{Basic="true"}' | |
146 |
|
146 | |||
147 | # Configure UAC to allow privilege elevation in remote shells |
|
147 | # Configure UAC to allow privilege elevation in remote shells | |
148 | $Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' |
|
148 | $Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' | |
149 | $Setting = 'LocalAccountTokenFilterPolicy' |
|
149 | $Setting = 'LocalAccountTokenFilterPolicy' | |
150 | Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force |
|
150 | Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force | |
151 |
|
151 | |||
152 | # Configure and restart the WinRM Service; Enable the required firewall exception |
|
152 | # Configure and restart the WinRM Service; Enable the required firewall exception | |
153 | Stop-Service -Name WinRM |
|
153 | Stop-Service -Name WinRM | |
154 | Set-Service -Name WinRM -StartupType Automatic |
|
154 | Set-Service -Name WinRM -StartupType Automatic | |
155 | netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any |
|
155 | netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any | |
156 | Start-Service -Name WinRM |
|
156 | Start-Service -Name WinRM | |
157 |
|
157 | |||
158 | # Disable firewall on private network interfaces so prompts don't appear. |
|
158 | # Disable firewall on private network interfaces so prompts don't appear. | |
159 | Set-NetFirewallProfile -Name private -Enabled false |
|
159 | Set-NetFirewallProfile -Name private -Enabled false | |
160 | </powershell> |
|
160 | </powershell> | |
161 | '''.lstrip() |
|
161 | '''.lstrip() | |
162 |
|
162 | |||
163 |
|
163 | |||
164 | WINDOWS_BOOTSTRAP_POWERSHELL = ''' |
|
164 | WINDOWS_BOOTSTRAP_POWERSHELL = ''' | |
165 | Write-Output "installing PowerShell dependencies" |
|
165 | Write-Output "installing PowerShell dependencies" | |
166 | Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force |
|
166 | Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force | |
167 | Set-PSRepository -Name PSGallery -InstallationPolicy Trusted |
|
167 | Set-PSRepository -Name PSGallery -InstallationPolicy Trusted | |
168 | Install-Module -Name OpenSSHUtils -RequiredVersion 0.0.2.0 |
|
168 | Install-Module -Name OpenSSHUtils -RequiredVersion 0.0.2.0 | |
169 |
|
169 | |||
170 | Write-Output "installing OpenSSL server" |
|
170 | Write-Output "installing OpenSSL server" | |
171 | Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 |
|
171 | Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | |
172 | # Various tools will attempt to use older versions of .NET. So we enable |
|
172 | # Various tools will attempt to use older versions of .NET. So we enable | |
173 | # the feature that provides them so it doesn't have to be auto-enabled |
|
173 | # the feature that provides them so it doesn't have to be auto-enabled | |
174 | # later. |
|
174 | # later. | |
175 | Write-Output "enabling .NET Framework feature" |
|
175 | Write-Output "enabling .NET Framework feature" | |
176 | Install-WindowsFeature -Name Net-Framework-Core |
|
176 | Install-WindowsFeature -Name Net-Framework-Core | |
177 | ''' |
|
177 | ''' | |
178 |
|
178 | |||
179 |
|
179 | |||
180 | class AWSConnection: |
|
180 | class AWSConnection: | |
181 | """Manages the state of a connection with AWS.""" |
|
181 | """Manages the state of a connection with AWS.""" | |
182 |
|
182 | |||
183 | def __init__(self, automation, region: str, ensure_ec2_state: bool=True): |
|
183 | def __init__(self, automation, region: str, ensure_ec2_state: bool=True): | |
184 | self.automation = automation |
|
184 | self.automation = automation | |
185 | self.local_state_path = automation.state_path |
|
185 | self.local_state_path = automation.state_path | |
186 |
|
186 | |||
187 | self.prefix = 'hg-' |
|
187 | self.prefix = 'hg-' | |
188 |
|
188 | |||
189 | self.session = boto3.session.Session(region_name=region) |
|
189 | self.session = boto3.session.Session(region_name=region) | |
190 | self.ec2client = self.session.client('ec2') |
|
190 | self.ec2client = self.session.client('ec2') | |
191 | self.ec2resource = self.session.resource('ec2') |
|
191 | self.ec2resource = self.session.resource('ec2') | |
192 | self.iamclient = self.session.client('iam') |
|
192 | self.iamclient = self.session.client('iam') | |
193 | self.iamresource = self.session.resource('iam') |
|
193 | self.iamresource = self.session.resource('iam') | |
194 | self.security_groups = {} |
|
194 | self.security_groups = {} | |
195 |
|
195 | |||
196 | if ensure_ec2_state: |
|
196 | if ensure_ec2_state: | |
197 | ensure_key_pairs(automation.state_path, self.ec2resource) |
|
197 | ensure_key_pairs(automation.state_path, self.ec2resource) | |
198 | self.security_groups = ensure_security_groups(self.ec2resource) |
|
198 | self.security_groups = ensure_security_groups(self.ec2resource) | |
199 | ensure_iam_state(self.iamresource) |
|
199 | ensure_iam_state(self.iamclient, self.iamresource) | |
200 |
|
200 | |||
201 | def key_pair_path_private(self, name): |
|
201 | def key_pair_path_private(self, name): | |
202 | """Path to a key pair private key file.""" |
|
202 | """Path to a key pair private key file.""" | |
203 | return self.local_state_path / 'keys' / ('keypair-%s' % name) |
|
203 | return self.local_state_path / 'keys' / ('keypair-%s' % name) | |
204 |
|
204 | |||
205 | def key_pair_path_public(self, name): |
|
205 | def key_pair_path_public(self, name): | |
206 | return self.local_state_path / 'keys' / ('keypair-%s.pub' % name) |
|
206 | return self.local_state_path / 'keys' / ('keypair-%s.pub' % name) | |
207 |
|
207 | |||
208 |
|
208 | |||
209 | def rsa_key_fingerprint(p: pathlib.Path): |
|
209 | def rsa_key_fingerprint(p: pathlib.Path): | |
210 | """Compute the fingerprint of an RSA private key.""" |
|
210 | """Compute the fingerprint of an RSA private key.""" | |
211 |
|
211 | |||
212 | # TODO use rsa package. |
|
212 | # TODO use rsa package. | |
213 | res = subprocess.run( |
|
213 | res = subprocess.run( | |
214 | ['openssl', 'pkcs8', '-in', str(p), '-nocrypt', '-topk8', |
|
214 | ['openssl', 'pkcs8', '-in', str(p), '-nocrypt', '-topk8', | |
215 | '-outform', 'DER'], |
|
215 | '-outform', 'DER'], | |
216 | capture_output=True, |
|
216 | capture_output=True, | |
217 | check=True) |
|
217 | check=True) | |
218 |
|
218 | |||
219 | sha1 = hashlib.sha1(res.stdout).hexdigest() |
|
219 | sha1 = hashlib.sha1(res.stdout).hexdigest() | |
220 | return ':'.join(a + b for a, b in zip(sha1[::2], sha1[1::2])) |
|
220 | return ':'.join(a + b for a, b in zip(sha1[::2], sha1[1::2])) | |
221 |
|
221 | |||
222 |
|
222 | |||
223 | def ensure_key_pairs(state_path: pathlib.Path, ec2resource, prefix='hg-'): |
|
223 | def ensure_key_pairs(state_path: pathlib.Path, ec2resource, prefix='hg-'): | |
224 | remote_existing = {} |
|
224 | remote_existing = {} | |
225 |
|
225 | |||
226 | for kpi in ec2resource.key_pairs.all(): |
|
226 | for kpi in ec2resource.key_pairs.all(): | |
227 | if kpi.name.startswith(prefix): |
|
227 | if kpi.name.startswith(prefix): | |
228 | remote_existing[kpi.name[len(prefix):]] = kpi.key_fingerprint |
|
228 | remote_existing[kpi.name[len(prefix):]] = kpi.key_fingerprint | |
229 |
|
229 | |||
230 | # Validate that we have these keys locally. |
|
230 | # Validate that we have these keys locally. | |
231 | key_path = state_path / 'keys' |
|
231 | key_path = state_path / 'keys' | |
232 | key_path.mkdir(exist_ok=True, mode=0o700) |
|
232 | key_path.mkdir(exist_ok=True, mode=0o700) | |
233 |
|
233 | |||
234 | def remove_remote(name): |
|
234 | def remove_remote(name): | |
235 | print('deleting key pair %s' % name) |
|
235 | print('deleting key pair %s' % name) | |
236 | key = ec2resource.KeyPair(name) |
|
236 | key = ec2resource.KeyPair(name) | |
237 | key.delete() |
|
237 | key.delete() | |
238 |
|
238 | |||
239 | def remove_local(name): |
|
239 | def remove_local(name): | |
240 | pub_full = key_path / ('keypair-%s.pub' % name) |
|
240 | pub_full = key_path / ('keypair-%s.pub' % name) | |
241 | priv_full = key_path / ('keypair-%s' % name) |
|
241 | priv_full = key_path / ('keypair-%s' % name) | |
242 |
|
242 | |||
243 | print('removing %s' % pub_full) |
|
243 | print('removing %s' % pub_full) | |
244 | pub_full.unlink() |
|
244 | pub_full.unlink() | |
245 | print('removing %s' % priv_full) |
|
245 | print('removing %s' % priv_full) | |
246 | priv_full.unlink() |
|
246 | priv_full.unlink() | |
247 |
|
247 | |||
248 | local_existing = {} |
|
248 | local_existing = {} | |
249 |
|
249 | |||
250 | for f in sorted(os.listdir(key_path)): |
|
250 | for f in sorted(os.listdir(key_path)): | |
251 | if not f.startswith('keypair-') or not f.endswith('.pub'): |
|
251 | if not f.startswith('keypair-') or not f.endswith('.pub'): | |
252 | continue |
|
252 | continue | |
253 |
|
253 | |||
254 | name = f[len('keypair-'):-len('.pub')] |
|
254 | name = f[len('keypair-'):-len('.pub')] | |
255 |
|
255 | |||
256 | pub_full = key_path / f |
|
256 | pub_full = key_path / f | |
257 | priv_full = key_path / ('keypair-%s' % name) |
|
257 | priv_full = key_path / ('keypair-%s' % name) | |
258 |
|
258 | |||
259 | with open(pub_full, 'r', encoding='ascii') as fh: |
|
259 | with open(pub_full, 'r', encoding='ascii') as fh: | |
260 | data = fh.read() |
|
260 | data = fh.read() | |
261 |
|
261 | |||
262 | if not data.startswith('ssh-rsa '): |
|
262 | if not data.startswith('ssh-rsa '): | |
263 | print('unexpected format for key pair file: %s; removing' % |
|
263 | print('unexpected format for key pair file: %s; removing' % | |
264 | pub_full) |
|
264 | pub_full) | |
265 | pub_full.unlink() |
|
265 | pub_full.unlink() | |
266 | priv_full.unlink() |
|
266 | priv_full.unlink() | |
267 | continue |
|
267 | continue | |
268 |
|
268 | |||
269 | local_existing[name] = rsa_key_fingerprint(priv_full) |
|
269 | local_existing[name] = rsa_key_fingerprint(priv_full) | |
270 |
|
270 | |||
271 | for name in sorted(set(remote_existing) | set(local_existing)): |
|
271 | for name in sorted(set(remote_existing) | set(local_existing)): | |
272 | if name not in local_existing: |
|
272 | if name not in local_existing: | |
273 | actual = '%s%s' % (prefix, name) |
|
273 | actual = '%s%s' % (prefix, name) | |
274 | print('remote key %s does not exist locally' % name) |
|
274 | print('remote key %s does not exist locally' % name) | |
275 | remove_remote(actual) |
|
275 | remove_remote(actual) | |
276 | del remote_existing[name] |
|
276 | del remote_existing[name] | |
277 |
|
277 | |||
278 | elif name not in remote_existing: |
|
278 | elif name not in remote_existing: | |
279 | print('local key %s does not exist remotely' % name) |
|
279 | print('local key %s does not exist remotely' % name) | |
280 | remove_local(name) |
|
280 | remove_local(name) | |
281 | del local_existing[name] |
|
281 | del local_existing[name] | |
282 |
|
282 | |||
283 | elif remote_existing[name] != local_existing[name]: |
|
283 | elif remote_existing[name] != local_existing[name]: | |
284 | print('key fingerprint mismatch for %s; ' |
|
284 | print('key fingerprint mismatch for %s; ' | |
285 | 'removing from local and remote' % name) |
|
285 | 'removing from local and remote' % name) | |
286 | remove_local(name) |
|
286 | remove_local(name) | |
287 | remove_remote('%s%s' % (prefix, name)) |
|
287 | remove_remote('%s%s' % (prefix, name)) | |
288 | del local_existing[name] |
|
288 | del local_existing[name] | |
289 | del remote_existing[name] |
|
289 | del remote_existing[name] | |
290 |
|
290 | |||
291 | missing = KEY_PAIRS - set(remote_existing) |
|
291 | missing = KEY_PAIRS - set(remote_existing) | |
292 |
|
292 | |||
293 | for name in sorted(missing): |
|
293 | for name in sorted(missing): | |
294 | actual = '%s%s' % (prefix, name) |
|
294 | actual = '%s%s' % (prefix, name) | |
295 | print('creating key pair %s' % actual) |
|
295 | print('creating key pair %s' % actual) | |
296 |
|
296 | |||
297 | priv_full = key_path / ('keypair-%s' % name) |
|
297 | priv_full = key_path / ('keypair-%s' % name) | |
298 | pub_full = key_path / ('keypair-%s.pub' % name) |
|
298 | pub_full = key_path / ('keypair-%s.pub' % name) | |
299 |
|
299 | |||
300 | kp = ec2resource.create_key_pair(KeyName=actual) |
|
300 | kp = ec2resource.create_key_pair(KeyName=actual) | |
301 |
|
301 | |||
302 | with priv_full.open('w', encoding='ascii') as fh: |
|
302 | with priv_full.open('w', encoding='ascii') as fh: | |
303 | fh.write(kp.key_material) |
|
303 | fh.write(kp.key_material) | |
304 | fh.write('\n') |
|
304 | fh.write('\n') | |
305 |
|
305 | |||
306 | priv_full.chmod(0o0600) |
|
306 | priv_full.chmod(0o0600) | |
307 |
|
307 | |||
308 | # SSH public key can be extracted via `ssh-keygen`. |
|
308 | # SSH public key can be extracted via `ssh-keygen`. | |
309 | with pub_full.open('w', encoding='ascii') as fh: |
|
309 | with pub_full.open('w', encoding='ascii') as fh: | |
310 | subprocess.run( |
|
310 | subprocess.run( | |
311 | ['ssh-keygen', '-y', '-f', str(priv_full)], |
|
311 | ['ssh-keygen', '-y', '-f', str(priv_full)], | |
312 | stdout=fh, |
|
312 | stdout=fh, | |
313 | check=True) |
|
313 | check=True) | |
314 |
|
314 | |||
315 | pub_full.chmod(0o0600) |
|
315 | pub_full.chmod(0o0600) | |
316 |
|
316 | |||
317 |
|
317 | |||
318 | def delete_instance_profile(profile): |
|
318 | def delete_instance_profile(profile): | |
319 | for role in profile.roles: |
|
319 | for role in profile.roles: | |
320 | print('removing role %s from instance profile %s' % (role.name, |
|
320 | print('removing role %s from instance profile %s' % (role.name, | |
321 | profile.name)) |
|
321 | profile.name)) | |
322 | profile.remove_role(RoleName=role.name) |
|
322 | profile.remove_role(RoleName=role.name) | |
323 |
|
323 | |||
324 | print('deleting instance profile %s' % profile.name) |
|
324 | print('deleting instance profile %s' % profile.name) | |
325 | profile.delete() |
|
325 | profile.delete() | |
326 |
|
326 | |||
327 |
|
327 | |||
328 | def ensure_iam_state(iamresource, prefix='hg-'): |
|
328 | def ensure_iam_state(iamclient, iamresource, prefix='hg-'): | |
329 | """Ensure IAM state is in sync with our canonical definition.""" |
|
329 | """Ensure IAM state is in sync with our canonical definition.""" | |
330 |
|
330 | |||
331 | remote_profiles = {} |
|
331 | remote_profiles = {} | |
332 |
|
332 | |||
333 | for profile in iamresource.instance_profiles.all(): |
|
333 | for profile in iamresource.instance_profiles.all(): | |
334 | if profile.name.startswith(prefix): |
|
334 | if profile.name.startswith(prefix): | |
335 | remote_profiles[profile.name[len(prefix):]] = profile |
|
335 | remote_profiles[profile.name[len(prefix):]] = profile | |
336 |
|
336 | |||
337 | for name in sorted(set(remote_profiles) - set(IAM_INSTANCE_PROFILES)): |
|
337 | for name in sorted(set(remote_profiles) - set(IAM_INSTANCE_PROFILES)): | |
338 | delete_instance_profile(remote_profiles[name]) |
|
338 | delete_instance_profile(remote_profiles[name]) | |
339 | del remote_profiles[name] |
|
339 | del remote_profiles[name] | |
340 |
|
340 | |||
341 | remote_roles = {} |
|
341 | remote_roles = {} | |
342 |
|
342 | |||
343 | for role in iamresource.roles.all(): |
|
343 | for role in iamresource.roles.all(): | |
344 | if role.name.startswith(prefix): |
|
344 | if role.name.startswith(prefix): | |
345 | remote_roles[role.name[len(prefix):]] = role |
|
345 | remote_roles[role.name[len(prefix):]] = role | |
346 |
|
346 | |||
347 | for name in sorted(set(remote_roles) - set(IAM_ROLES)): |
|
347 | for name in sorted(set(remote_roles) - set(IAM_ROLES)): | |
348 | role = remote_roles[name] |
|
348 | role = remote_roles[name] | |
349 |
|
349 | |||
350 | print('removing role %s' % role.name) |
|
350 | print('removing role %s' % role.name) | |
351 | role.delete() |
|
351 | role.delete() | |
352 | del remote_roles[name] |
|
352 | del remote_roles[name] | |
353 |
|
353 | |||
354 | # We've purged remote state that doesn't belong. Create missing |
|
354 | # We've purged remote state that doesn't belong. Create missing | |
355 | # instance profiles and roles. |
|
355 | # instance profiles and roles. | |
356 | for name in sorted(set(IAM_INSTANCE_PROFILES) - set(remote_profiles)): |
|
356 | for name in sorted(set(IAM_INSTANCE_PROFILES) - set(remote_profiles)): | |
357 | actual = '%s%s' % (prefix, name) |
|
357 | actual = '%s%s' % (prefix, name) | |
358 | print('creating IAM instance profile %s' % actual) |
|
358 | print('creating IAM instance profile %s' % actual) | |
359 |
|
359 | |||
360 | profile = iamresource.create_instance_profile( |
|
360 | profile = iamresource.create_instance_profile( | |
361 | InstanceProfileName=actual) |
|
361 | InstanceProfileName=actual) | |
362 | remote_profiles[name] = profile |
|
362 | remote_profiles[name] = profile | |
363 |
|
363 | |||
|
364 | waiter = iamclient.get_waiter('instance_profile_exists') | |||
|
365 | waiter.wait(InstanceProfileName=actual) | |||
|
366 | print('IAM instance profile %s is available' % actual) | |||
|
367 | ||||
364 | for name in sorted(set(IAM_ROLES) - set(remote_roles)): |
|
368 | for name in sorted(set(IAM_ROLES) - set(remote_roles)): | |
365 | entry = IAM_ROLES[name] |
|
369 | entry = IAM_ROLES[name] | |
366 |
|
370 | |||
367 | actual = '%s%s' % (prefix, name) |
|
371 | actual = '%s%s' % (prefix, name) | |
368 | print('creating IAM role %s' % actual) |
|
372 | print('creating IAM role %s' % actual) | |
369 |
|
373 | |||
370 | role = iamresource.create_role( |
|
374 | role = iamresource.create_role( | |
371 | RoleName=actual, |
|
375 | RoleName=actual, | |
372 | Description=entry['description'], |
|
376 | Description=entry['description'], | |
373 | AssumeRolePolicyDocument=ASSUME_ROLE_POLICY_DOCUMENT, |
|
377 | AssumeRolePolicyDocument=ASSUME_ROLE_POLICY_DOCUMENT, | |
374 | ) |
|
378 | ) | |
375 |
|
379 | |||
|
380 | waiter = iamclient.get_waiter('role_exists') | |||
|
381 | waiter.wait(RoleName=actual) | |||
|
382 | print('IAM role %s is available' % actual) | |||
|
383 | ||||
376 | remote_roles[name] = role |
|
384 | remote_roles[name] = role | |
377 |
|
385 | |||
378 | for arn in entry['policy_arns']: |
|
386 | for arn in entry['policy_arns']: | |
379 | print('attaching policy %s to %s' % (arn, role.name)) |
|
387 | print('attaching policy %s to %s' % (arn, role.name)) | |
380 | role.attach_policy(PolicyArn=arn) |
|
388 | role.attach_policy(PolicyArn=arn) | |
381 |
|
389 | |||
382 | # Now reconcile state of profiles. |
|
390 | # Now reconcile state of profiles. | |
383 | for name, meta in sorted(IAM_INSTANCE_PROFILES.items()): |
|
391 | for name, meta in sorted(IAM_INSTANCE_PROFILES.items()): | |
384 | profile = remote_profiles[name] |
|
392 | profile = remote_profiles[name] | |
385 | wanted = {'%s%s' % (prefix, role) for role in meta['roles']} |
|
393 | wanted = {'%s%s' % (prefix, role) for role in meta['roles']} | |
386 | have = {role.name for role in profile.roles} |
|
394 | have = {role.name for role in profile.roles} | |
387 |
|
395 | |||
388 | for role in sorted(have - wanted): |
|
396 | for role in sorted(have - wanted): | |
389 | print('removing role %s from %s' % (role, profile.name)) |
|
397 | print('removing role %s from %s' % (role, profile.name)) | |
390 | profile.remove_role(RoleName=role) |
|
398 | profile.remove_role(RoleName=role) | |
391 |
|
399 | |||
392 | for role in sorted(wanted - have): |
|
400 | for role in sorted(wanted - have): | |
393 | print('adding role %s to %s' % (role, profile.name)) |
|
401 | print('adding role %s to %s' % (role, profile.name)) | |
394 | profile.add_role(RoleName=role) |
|
402 | profile.add_role(RoleName=role) | |
395 |
|
403 | |||
396 |
|
404 | |||
397 | def find_windows_server_2019_image(ec2resource): |
|
405 | def find_windows_server_2019_image(ec2resource): | |
398 | """Find the Amazon published Windows Server 2019 base image.""" |
|
406 | """Find the Amazon published Windows Server 2019 base image.""" | |
399 |
|
407 | |||
400 | images = ec2resource.images.filter( |
|
408 | images = ec2resource.images.filter( | |
401 | Filters=[ |
|
409 | Filters=[ | |
402 | { |
|
410 | { | |
403 | 'Name': 'owner-alias', |
|
411 | 'Name': 'owner-alias', | |
404 | 'Values': ['amazon'], |
|
412 | 'Values': ['amazon'], | |
405 | }, |
|
413 | }, | |
406 | { |
|
414 | { | |
407 | 'Name': 'state', |
|
415 | 'Name': 'state', | |
408 | 'Values': ['available'], |
|
416 | 'Values': ['available'], | |
409 | }, |
|
417 | }, | |
410 | { |
|
418 | { | |
411 | 'Name': 'image-type', |
|
419 | 'Name': 'image-type', | |
412 | 'Values': ['machine'], |
|
420 | 'Values': ['machine'], | |
413 | }, |
|
421 | }, | |
414 | { |
|
422 | { | |
415 | 'Name': 'name', |
|
423 | 'Name': 'name', | |
416 | 'Values': ['Windows_Server-2019-English-Full-Base-2019.02.13'], |
|
424 | 'Values': ['Windows_Server-2019-English-Full-Base-2019.02.13'], | |
417 | }, |
|
425 | }, | |
418 | ]) |
|
426 | ]) | |
419 |
|
427 | |||
420 | for image in images: |
|
428 | for image in images: | |
421 | return image |
|
429 | return image | |
422 |
|
430 | |||
423 | raise Exception('unable to find Windows Server 2019 image') |
|
431 | raise Exception('unable to find Windows Server 2019 image') | |
424 |
|
432 | |||
425 |
|
433 | |||
426 | def ensure_security_groups(ec2resource, prefix='hg-'): |
|
434 | def ensure_security_groups(ec2resource, prefix='hg-'): | |
427 | """Ensure all necessary Mercurial security groups are present. |
|
435 | """Ensure all necessary Mercurial security groups are present. | |
428 |
|
436 | |||
429 | All security groups are prefixed with ``hg-`` by default. Any security |
|
437 | All security groups are prefixed with ``hg-`` by default. Any security | |
430 | groups having this prefix but aren't in our list are deleted. |
|
438 | groups having this prefix but aren't in our list are deleted. | |
431 | """ |
|
439 | """ | |
432 | existing = {} |
|
440 | existing = {} | |
433 |
|
441 | |||
434 | for group in ec2resource.security_groups.all(): |
|
442 | for group in ec2resource.security_groups.all(): | |
435 | if group.group_name.startswith(prefix): |
|
443 | if group.group_name.startswith(prefix): | |
436 | existing[group.group_name[len(prefix):]] = group |
|
444 | existing[group.group_name[len(prefix):]] = group | |
437 |
|
445 | |||
438 | purge = set(existing) - set(SECURITY_GROUPS) |
|
446 | purge = set(existing) - set(SECURITY_GROUPS) | |
439 |
|
447 | |||
440 | for name in sorted(purge): |
|
448 | for name in sorted(purge): | |
441 | group = existing[name] |
|
449 | group = existing[name] | |
442 | print('removing legacy security group: %s' % group.group_name) |
|
450 | print('removing legacy security group: %s' % group.group_name) | |
443 | group.delete() |
|
451 | group.delete() | |
444 |
|
452 | |||
445 | security_groups = {} |
|
453 | security_groups = {} | |
446 |
|
454 | |||
447 | for name, group in sorted(SECURITY_GROUPS.items()): |
|
455 | for name, group in sorted(SECURITY_GROUPS.items()): | |
448 | if name in existing: |
|
456 | if name in existing: | |
449 | security_groups[name] = existing[name] |
|
457 | security_groups[name] = existing[name] | |
450 | continue |
|
458 | continue | |
451 |
|
459 | |||
452 | actual = '%s%s' % (prefix, name) |
|
460 | actual = '%s%s' % (prefix, name) | |
453 | print('adding security group %s' % actual) |
|
461 | print('adding security group %s' % actual) | |
454 |
|
462 | |||
455 | group_res = ec2resource.create_security_group( |
|
463 | group_res = ec2resource.create_security_group( | |
456 | Description=group['description'], |
|
464 | Description=group['description'], | |
457 | GroupName=actual, |
|
465 | GroupName=actual, | |
458 | ) |
|
466 | ) | |
459 |
|
467 | |||
460 | group_res.authorize_ingress( |
|
468 | group_res.authorize_ingress( | |
461 | IpPermissions=group['ingress'], |
|
469 | IpPermissions=group['ingress'], | |
462 | ) |
|
470 | ) | |
463 |
|
471 | |||
464 | security_groups[name] = group_res |
|
472 | security_groups[name] = group_res | |
465 |
|
473 | |||
466 | return security_groups |
|
474 | return security_groups | |
467 |
|
475 | |||
468 |
|
476 | |||
469 | def terminate_ec2_instances(ec2resource, prefix='hg-'): |
|
477 | def terminate_ec2_instances(ec2resource, prefix='hg-'): | |
470 | """Terminate all EC2 instances managed by us.""" |
|
478 | """Terminate all EC2 instances managed by us.""" | |
471 | waiting = [] |
|
479 | waiting = [] | |
472 |
|
480 | |||
473 | for instance in ec2resource.instances.all(): |
|
481 | for instance in ec2resource.instances.all(): | |
474 | if instance.state['Name'] == 'terminated': |
|
482 | if instance.state['Name'] == 'terminated': | |
475 | continue |
|
483 | continue | |
476 |
|
484 | |||
477 | for tag in instance.tags or []: |
|
485 | for tag in instance.tags or []: | |
478 | if tag['Key'] == 'Name' and tag['Value'].startswith(prefix): |
|
486 | if tag['Key'] == 'Name' and tag['Value'].startswith(prefix): | |
479 | print('terminating %s' % instance.id) |
|
487 | print('terminating %s' % instance.id) | |
480 | instance.terminate() |
|
488 | instance.terminate() | |
481 | waiting.append(instance) |
|
489 | waiting.append(instance) | |
482 |
|
490 | |||
483 | for instance in waiting: |
|
491 | for instance in waiting: | |
484 | instance.wait_until_terminated() |
|
492 | instance.wait_until_terminated() | |
485 |
|
493 | |||
486 |
|
494 | |||
487 | def remove_resources(c, prefix='hg-'): |
|
495 | def remove_resources(c, prefix='hg-'): | |
488 | """Purge all of our resources in this EC2 region.""" |
|
496 | """Purge all of our resources in this EC2 region.""" | |
489 | ec2resource = c.ec2resource |
|
497 | ec2resource = c.ec2resource | |
490 | iamresource = c.iamresource |
|
498 | iamresource = c.iamresource | |
491 |
|
499 | |||
492 | terminate_ec2_instances(ec2resource, prefix=prefix) |
|
500 | terminate_ec2_instances(ec2resource, prefix=prefix) | |
493 |
|
501 | |||
494 | for image in ec2resource.images.filter(Owners=['self']): |
|
502 | for image in ec2resource.images.filter(Owners=['self']): | |
495 | if image.name.startswith(prefix): |
|
503 | if image.name.startswith(prefix): | |
496 | remove_ami(ec2resource, image) |
|
504 | remove_ami(ec2resource, image) | |
497 |
|
505 | |||
498 | for group in ec2resource.security_groups.all(): |
|
506 | for group in ec2resource.security_groups.all(): | |
499 | if group.group_name.startswith(prefix): |
|
507 | if group.group_name.startswith(prefix): | |
500 | print('removing security group %s' % group.group_name) |
|
508 | print('removing security group %s' % group.group_name) | |
501 | group.delete() |
|
509 | group.delete() | |
502 |
|
510 | |||
503 | for profile in iamresource.instance_profiles.all(): |
|
511 | for profile in iamresource.instance_profiles.all(): | |
504 | if profile.name.startswith(prefix): |
|
512 | if profile.name.startswith(prefix): | |
505 | delete_instance_profile(profile) |
|
513 | delete_instance_profile(profile) | |
506 |
|
514 | |||
507 | for role in iamresource.roles.all(): |
|
515 | for role in iamresource.roles.all(): | |
508 | if role.name.startswith(prefix): |
|
516 | if role.name.startswith(prefix): | |
509 | for p in role.attached_policies.all(): |
|
517 | for p in role.attached_policies.all(): | |
510 | print('detaching policy %s from %s' % (p.arn, role.name)) |
|
518 | print('detaching policy %s from %s' % (p.arn, role.name)) | |
511 | role.detach_policy(PolicyArn=p.arn) |
|
519 | role.detach_policy(PolicyArn=p.arn) | |
512 |
|
520 | |||
513 | print('removing role %s' % role.name) |
|
521 | print('removing role %s' % role.name) | |
514 | role.delete() |
|
522 | role.delete() | |
515 |
|
523 | |||
516 |
|
524 | |||
517 | def wait_for_ip_addresses(instances): |
|
525 | def wait_for_ip_addresses(instances): | |
518 | """Wait for the public IP addresses of an iterable of instances.""" |
|
526 | """Wait for the public IP addresses of an iterable of instances.""" | |
519 | for instance in instances: |
|
527 | for instance in instances: | |
520 | while True: |
|
528 | while True: | |
521 | if not instance.public_ip_address: |
|
529 | if not instance.public_ip_address: | |
522 | time.sleep(2) |
|
530 | time.sleep(2) | |
523 | instance.reload() |
|
531 | instance.reload() | |
524 | continue |
|
532 | continue | |
525 |
|
533 | |||
526 | print('public IP address for %s: %s' % ( |
|
534 | print('public IP address for %s: %s' % ( | |
527 | instance.id, instance.public_ip_address)) |
|
535 | instance.id, instance.public_ip_address)) | |
528 | break |
|
536 | break | |
529 |
|
537 | |||
530 |
|
538 | |||
531 | def remove_ami(ec2resource, image): |
|
539 | def remove_ami(ec2resource, image): | |
532 | """Remove an AMI and its underlying snapshots.""" |
|
540 | """Remove an AMI and its underlying snapshots.""" | |
533 | snapshots = [] |
|
541 | snapshots = [] | |
534 |
|
542 | |||
535 | for device in image.block_device_mappings: |
|
543 | for device in image.block_device_mappings: | |
536 | if 'Ebs' in device: |
|
544 | if 'Ebs' in device: | |
537 | snapshots.append(ec2resource.Snapshot(device['Ebs']['SnapshotId'])) |
|
545 | snapshots.append(ec2resource.Snapshot(device['Ebs']['SnapshotId'])) | |
538 |
|
546 | |||
539 | print('deregistering %s' % image.id) |
|
547 | print('deregistering %s' % image.id) | |
540 | image.deregister() |
|
548 | image.deregister() | |
541 |
|
549 | |||
542 | for snapshot in snapshots: |
|
550 | for snapshot in snapshots: | |
543 | print('deleting snapshot %s' % snapshot.id) |
|
551 | print('deleting snapshot %s' % snapshot.id) | |
544 | snapshot.delete() |
|
552 | snapshot.delete() | |
545 |
|
553 | |||
546 |
|
554 | |||
547 | def wait_for_ssm(ssmclient, instances): |
|
555 | def wait_for_ssm(ssmclient, instances): | |
548 | """Wait for SSM to come online for an iterable of instance IDs.""" |
|
556 | """Wait for SSM to come online for an iterable of instance IDs.""" | |
549 | while True: |
|
557 | while True: | |
550 | res = ssmclient.describe_instance_information( |
|
558 | res = ssmclient.describe_instance_information( | |
551 | Filters=[ |
|
559 | Filters=[ | |
552 | { |
|
560 | { | |
553 | 'Key': 'InstanceIds', |
|
561 | 'Key': 'InstanceIds', | |
554 | 'Values': [i.id for i in instances], |
|
562 | 'Values': [i.id for i in instances], | |
555 | }, |
|
563 | }, | |
556 | ], |
|
564 | ], | |
557 | ) |
|
565 | ) | |
558 |
|
566 | |||
559 | available = len(res['InstanceInformationList']) |
|
567 | available = len(res['InstanceInformationList']) | |
560 | wanted = len(instances) |
|
568 | wanted = len(instances) | |
561 |
|
569 | |||
562 | print('%d/%d instances available in SSM' % (available, wanted)) |
|
570 | print('%d/%d instances available in SSM' % (available, wanted)) | |
563 |
|
571 | |||
564 | if available == wanted: |
|
572 | if available == wanted: | |
565 | return |
|
573 | return | |
566 |
|
574 | |||
567 | time.sleep(2) |
|
575 | time.sleep(2) | |
568 |
|
576 | |||
569 |
|
577 | |||
570 | def run_ssm_command(ssmclient, instances, document_name, parameters): |
|
578 | def run_ssm_command(ssmclient, instances, document_name, parameters): | |
571 | """Run a PowerShell script on an EC2 instance.""" |
|
579 | """Run a PowerShell script on an EC2 instance.""" | |
572 |
|
580 | |||
573 | res = ssmclient.send_command( |
|
581 | res = ssmclient.send_command( | |
574 | InstanceIds=[i.id for i in instances], |
|
582 | InstanceIds=[i.id for i in instances], | |
575 | DocumentName=document_name, |
|
583 | DocumentName=document_name, | |
576 | Parameters=parameters, |
|
584 | Parameters=parameters, | |
577 | CloudWatchOutputConfig={ |
|
585 | CloudWatchOutputConfig={ | |
578 | 'CloudWatchOutputEnabled': True, |
|
586 | 'CloudWatchOutputEnabled': True, | |
579 | }, |
|
587 | }, | |
580 | ) |
|
588 | ) | |
581 |
|
589 | |||
582 | command_id = res['Command']['CommandId'] |
|
590 | command_id = res['Command']['CommandId'] | |
583 |
|
591 | |||
584 | for instance in instances: |
|
592 | for instance in instances: | |
585 | while True: |
|
593 | while True: | |
586 | try: |
|
594 | try: | |
587 | res = ssmclient.get_command_invocation( |
|
595 | res = ssmclient.get_command_invocation( | |
588 | CommandId=command_id, |
|
596 | CommandId=command_id, | |
589 | InstanceId=instance.id, |
|
597 | InstanceId=instance.id, | |
590 | ) |
|
598 | ) | |
591 | except botocore.exceptions.ClientError as e: |
|
599 | except botocore.exceptions.ClientError as e: | |
592 | if e.response['Error']['Code'] == 'InvocationDoesNotExist': |
|
600 | if e.response['Error']['Code'] == 'InvocationDoesNotExist': | |
593 | print('could not find SSM command invocation; waiting') |
|
601 | print('could not find SSM command invocation; waiting') | |
594 | time.sleep(1) |
|
602 | time.sleep(1) | |
595 | continue |
|
603 | continue | |
596 | else: |
|
604 | else: | |
597 | raise |
|
605 | raise | |
598 |
|
606 | |||
599 | if res['Status'] == 'Success': |
|
607 | if res['Status'] == 'Success': | |
600 | break |
|
608 | break | |
601 | elif res['Status'] in ('Pending', 'InProgress', 'Delayed'): |
|
609 | elif res['Status'] in ('Pending', 'InProgress', 'Delayed'): | |
602 | time.sleep(2) |
|
610 | time.sleep(2) | |
603 | else: |
|
611 | else: | |
604 | raise Exception('command failed on %s: %s' % ( |
|
612 | raise Exception('command failed on %s: %s' % ( | |
605 | instance.id, res['Status'])) |
|
613 | instance.id, res['Status'])) | |
606 |
|
614 | |||
607 |
|
615 | |||
608 | @contextlib.contextmanager |
|
616 | @contextlib.contextmanager | |
609 | def temporary_ec2_instances(ec2resource, config): |
|
617 | def temporary_ec2_instances(ec2resource, config): | |
610 | """Create temporary EC2 instances. |
|
618 | """Create temporary EC2 instances. | |
611 |
|
619 | |||
612 | This is a proxy to ``ec2client.run_instances(**config)`` that takes care of |
|
620 | This is a proxy to ``ec2client.run_instances(**config)`` that takes care of | |
613 | managing the lifecycle of the instances. |
|
621 | managing the lifecycle of the instances. | |
614 |
|
622 | |||
615 | When the context manager exits, the instances are terminated. |
|
623 | When the context manager exits, the instances are terminated. | |
616 |
|
624 | |||
617 | The context manager evaluates to the list of data structures |
|
625 | The context manager evaluates to the list of data structures | |
618 | describing each created instance. The instances may not be available |
|
626 | describing each created instance. The instances may not be available | |
619 | for work immediately: it is up to the caller to wait for the instance |
|
627 | for work immediately: it is up to the caller to wait for the instance | |
620 | to start responding. |
|
628 | to start responding. | |
621 | """ |
|
629 | """ | |
622 |
|
630 | |||
623 | ids = None |
|
631 | ids = None | |
624 |
|
632 | |||
625 | try: |
|
633 | try: | |
626 | res = ec2resource.create_instances(**config) |
|
634 | res = ec2resource.create_instances(**config) | |
627 |
|
635 | |||
628 | ids = [i.id for i in res] |
|
636 | ids = [i.id for i in res] | |
629 | print('started instances: %s' % ' '.join(ids)) |
|
637 | print('started instances: %s' % ' '.join(ids)) | |
630 |
|
638 | |||
631 | yield res |
|
639 | yield res | |
632 | finally: |
|
640 | finally: | |
633 | if ids: |
|
641 | if ids: | |
634 | print('terminating instances: %s' % ' '.join(ids)) |
|
642 | print('terminating instances: %s' % ' '.join(ids)) | |
635 | for instance in res: |
|
643 | for instance in res: | |
636 | instance.terminate() |
|
644 | instance.terminate() | |
637 | print('terminated %d instances' % len(ids)) |
|
645 | print('terminated %d instances' % len(ids)) | |
638 |
|
646 | |||
639 |
|
647 | |||
640 | @contextlib.contextmanager |
|
648 | @contextlib.contextmanager | |
641 | def create_temp_windows_ec2_instances(c: AWSConnection, config): |
|
649 | def create_temp_windows_ec2_instances(c: AWSConnection, config): | |
642 | """Create temporary Windows EC2 instances. |
|
650 | """Create temporary Windows EC2 instances. | |
643 |
|
651 | |||
644 | This is a higher-level wrapper around ``create_temp_ec2_instances()`` that |
|
652 | This is a higher-level wrapper around ``create_temp_ec2_instances()`` that | |
645 | configures the Windows instance for Windows Remote Management. The emitted |
|
653 | configures the Windows instance for Windows Remote Management. The emitted | |
646 | instances will have a ``winrm_client`` attribute containing a |
|
654 | instances will have a ``winrm_client`` attribute containing a | |
647 | ``pypsrp.client.Client`` instance bound to the instance. |
|
655 | ``pypsrp.client.Client`` instance bound to the instance. | |
648 | """ |
|
656 | """ | |
649 | if 'IamInstanceProfile' in config: |
|
657 | if 'IamInstanceProfile' in config: | |
650 | raise ValueError('IamInstanceProfile cannot be provided in config') |
|
658 | raise ValueError('IamInstanceProfile cannot be provided in config') | |
651 | if 'UserData' in config: |
|
659 | if 'UserData' in config: | |
652 | raise ValueError('UserData cannot be provided in config') |
|
660 | raise ValueError('UserData cannot be provided in config') | |
653 |
|
661 | |||
654 | password = c.automation.default_password() |
|
662 | password = c.automation.default_password() | |
655 |
|
663 | |||
656 | config = copy.deepcopy(config) |
|
664 | config = copy.deepcopy(config) | |
657 | config['IamInstanceProfile'] = { |
|
665 | config['IamInstanceProfile'] = { | |
658 | 'Name': 'hg-ephemeral-ec2-1', |
|
666 | 'Name': 'hg-ephemeral-ec2-1', | |
659 | } |
|
667 | } | |
660 | config.setdefault('TagSpecifications', []).append({ |
|
668 | config.setdefault('TagSpecifications', []).append({ | |
661 | 'ResourceType': 'instance', |
|
669 | 'ResourceType': 'instance', | |
662 | 'Tags': [{'Key': 'Name', 'Value': 'hg-temp-windows'}], |
|
670 | 'Tags': [{'Key': 'Name', 'Value': 'hg-temp-windows'}], | |
663 | }) |
|
671 | }) | |
664 | config['UserData'] = WINDOWS_USER_DATA % password |
|
672 | config['UserData'] = WINDOWS_USER_DATA % password | |
665 |
|
673 | |||
666 | with temporary_ec2_instances(c.ec2resource, config) as instances: |
|
674 | with temporary_ec2_instances(c.ec2resource, config) as instances: | |
667 | wait_for_ip_addresses(instances) |
|
675 | wait_for_ip_addresses(instances) | |
668 |
|
676 | |||
669 | print('waiting for Windows Remote Management service...') |
|
677 | print('waiting for Windows Remote Management service...') | |
670 |
|
678 | |||
671 | for instance in instances: |
|
679 | for instance in instances: | |
672 | client = wait_for_winrm(instance.public_ip_address, 'Administrator', password) |
|
680 | client = wait_for_winrm(instance.public_ip_address, 'Administrator', password) | |
673 | print('established WinRM connection to %s' % instance.id) |
|
681 | print('established WinRM connection to %s' % instance.id) | |
674 | instance.winrm_client = client |
|
682 | instance.winrm_client = client | |
675 |
|
683 | |||
676 | yield instances |
|
684 | yield instances | |
677 |
|
685 | |||
678 |
|
686 | |||
679 | def ensure_windows_dev_ami(c: AWSConnection, prefix='hg-'): |
|
687 | def ensure_windows_dev_ami(c: AWSConnection, prefix='hg-'): | |
680 | """Ensure Windows Development AMI is available and up-to-date. |
|
688 | """Ensure Windows Development AMI is available and up-to-date. | |
681 |
|
689 | |||
682 | If necessary, a modern AMI will be built by starting a temporary EC2 |
|
690 | If necessary, a modern AMI will be built by starting a temporary EC2 | |
683 | instance and bootstrapping it. |
|
691 | instance and bootstrapping it. | |
684 |
|
692 | |||
685 | Obsolete AMIs will be deleted so there is only a single AMI having the |
|
693 | Obsolete AMIs will be deleted so there is only a single AMI having the | |
686 | desired name. |
|
694 | desired name. | |
687 |
|
695 | |||
688 | Returns an ``ec2.Image`` of either an existing AMI or a newly-built |
|
696 | Returns an ``ec2.Image`` of either an existing AMI or a newly-built | |
689 | one. |
|
697 | one. | |
690 | """ |
|
698 | """ | |
691 | ec2client = c.ec2client |
|
699 | ec2client = c.ec2client | |
692 | ec2resource = c.ec2resource |
|
700 | ec2resource = c.ec2resource | |
693 | ssmclient = c.session.client('ssm') |
|
701 | ssmclient = c.session.client('ssm') | |
694 |
|
702 | |||
695 | name = '%s%s' % (prefix, 'windows-dev') |
|
703 | name = '%s%s' % (prefix, 'windows-dev') | |
696 |
|
704 | |||
697 | config = { |
|
705 | config = { | |
698 | 'BlockDeviceMappings': [ |
|
706 | 'BlockDeviceMappings': [ | |
699 | { |
|
707 | { | |
700 | 'DeviceName': '/dev/sda1', |
|
708 | 'DeviceName': '/dev/sda1', | |
701 | 'Ebs': { |
|
709 | 'Ebs': { | |
702 | 'DeleteOnTermination': True, |
|
710 | 'DeleteOnTermination': True, | |
703 | 'VolumeSize': 32, |
|
711 | 'VolumeSize': 32, | |
704 | 'VolumeType': 'gp2', |
|
712 | 'VolumeType': 'gp2', | |
705 | }, |
|
713 | }, | |
706 | } |
|
714 | } | |
707 | ], |
|
715 | ], | |
708 | 'ImageId': find_windows_server_2019_image(ec2resource).id, |
|
716 | 'ImageId': find_windows_server_2019_image(ec2resource).id, | |
709 | 'InstanceInitiatedShutdownBehavior': 'stop', |
|
717 | 'InstanceInitiatedShutdownBehavior': 'stop', | |
710 | 'InstanceType': 't3.medium', |
|
718 | 'InstanceType': 't3.medium', | |
711 | 'KeyName': '%sautomation' % prefix, |
|
719 | 'KeyName': '%sautomation' % prefix, | |
712 | 'MaxCount': 1, |
|
720 | 'MaxCount': 1, | |
713 | 'MinCount': 1, |
|
721 | 'MinCount': 1, | |
714 | 'SecurityGroupIds': [c.security_groups['windows-dev-1'].id], |
|
722 | 'SecurityGroupIds': [c.security_groups['windows-dev-1'].id], | |
715 | } |
|
723 | } | |
716 |
|
724 | |||
717 | commands = [ |
|
725 | commands = [ | |
718 | # Need to start the service so sshd_config is generated. |
|
726 | # Need to start the service so sshd_config is generated. | |
719 | 'Start-Service sshd', |
|
727 | 'Start-Service sshd', | |
720 | 'Write-Output "modifying sshd_config"', |
|
728 | 'Write-Output "modifying sshd_config"', | |
721 | r'$content = Get-Content C:\ProgramData\ssh\sshd_config', |
|
729 | r'$content = Get-Content C:\ProgramData\ssh\sshd_config', | |
722 | '$content = $content -replace "Match Group administrators","" -replace "AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys",""', |
|
730 | '$content = $content -replace "Match Group administrators","" -replace "AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys",""', | |
723 | r'$content | Set-Content C:\ProgramData\ssh\sshd_config', |
|
731 | r'$content | Set-Content C:\ProgramData\ssh\sshd_config', | |
724 | 'Import-Module OpenSSHUtils', |
|
732 | 'Import-Module OpenSSHUtils', | |
725 | r'Repair-SshdConfigPermission C:\ProgramData\ssh\sshd_config -Confirm:$false', |
|
733 | r'Repair-SshdConfigPermission C:\ProgramData\ssh\sshd_config -Confirm:$false', | |
726 | 'Restart-Service sshd', |
|
734 | 'Restart-Service sshd', | |
727 | 'Write-Output "installing OpenSSL client"', |
|
735 | 'Write-Output "installing OpenSSL client"', | |
728 | 'Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0', |
|
736 | 'Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0', | |
729 | 'Set-Service -Name sshd -StartupType "Automatic"', |
|
737 | 'Set-Service -Name sshd -StartupType "Automatic"', | |
730 | 'Write-Output "OpenSSH server running"', |
|
738 | 'Write-Output "OpenSSH server running"', | |
731 | ] |
|
739 | ] | |
732 |
|
740 | |||
733 | with INSTALL_WINDOWS_DEPENDENCIES.open('r', encoding='utf-8') as fh: |
|
741 | with INSTALL_WINDOWS_DEPENDENCIES.open('r', encoding='utf-8') as fh: | |
734 | commands.extend(l.rstrip() for l in fh) |
|
742 | commands.extend(l.rstrip() for l in fh) | |
735 |
|
743 | |||
736 | # Disable Windows Defender when bootstrapping because it just slows |
|
744 | # Disable Windows Defender when bootstrapping because it just slows | |
737 | # things down. |
|
745 | # things down. | |
738 | commands.insert(0, 'Set-MpPreference -DisableRealtimeMonitoring $true') |
|
746 | commands.insert(0, 'Set-MpPreference -DisableRealtimeMonitoring $true') | |
739 | commands.append('Set-MpPreference -DisableRealtimeMonitoring $false') |
|
747 | commands.append('Set-MpPreference -DisableRealtimeMonitoring $false') | |
740 |
|
748 | |||
741 | # Compute a deterministic fingerprint to determine whether image needs |
|
749 | # Compute a deterministic fingerprint to determine whether image needs | |
742 | # to be regenerated. |
|
750 | # to be regenerated. | |
743 | fingerprint = { |
|
751 | fingerprint = { | |
744 | 'instance_config': config, |
|
752 | 'instance_config': config, | |
745 | 'user_data': WINDOWS_USER_DATA, |
|
753 | 'user_data': WINDOWS_USER_DATA, | |
746 | 'initial_bootstrap': WINDOWS_BOOTSTRAP_POWERSHELL, |
|
754 | 'initial_bootstrap': WINDOWS_BOOTSTRAP_POWERSHELL, | |
747 | 'bootstrap_commands': commands, |
|
755 | 'bootstrap_commands': commands, | |
748 | } |
|
756 | } | |
749 |
|
757 | |||
750 | fingerprint = json.dumps(fingerprint, sort_keys=True) |
|
758 | fingerprint = json.dumps(fingerprint, sort_keys=True) | |
751 | fingerprint = hashlib.sha256(fingerprint.encode('utf-8')).hexdigest() |
|
759 | fingerprint = hashlib.sha256(fingerprint.encode('utf-8')).hexdigest() | |
752 |
|
760 | |||
753 | # Find existing AMIs with this name and delete the ones that are invalid. |
|
761 | # Find existing AMIs with this name and delete the ones that are invalid. | |
754 | # Store a reference to a good image so it can be returned one the |
|
762 | # Store a reference to a good image so it can be returned one the | |
755 | # image state is reconciled. |
|
763 | # image state is reconciled. | |
756 | images = ec2resource.images.filter( |
|
764 | images = ec2resource.images.filter( | |
757 | Filters=[{'Name': 'name', 'Values': [name]}]) |
|
765 | Filters=[{'Name': 'name', 'Values': [name]}]) | |
758 |
|
766 | |||
759 | existing_image = None |
|
767 | existing_image = None | |
760 |
|
768 | |||
761 | for image in images: |
|
769 | for image in images: | |
762 | if image.tags is None: |
|
770 | if image.tags is None: | |
763 | print('image %s for %s lacks required tags; removing' % ( |
|
771 | print('image %s for %s lacks required tags; removing' % ( | |
764 | image.id, image.name)) |
|
772 | image.id, image.name)) | |
765 | remove_ami(ec2resource, image) |
|
773 | remove_ami(ec2resource, image) | |
766 | else: |
|
774 | else: | |
767 | tags = {t['Key']: t['Value'] for t in image.tags} |
|
775 | tags = {t['Key']: t['Value'] for t in image.tags} | |
768 |
|
776 | |||
769 | if tags.get('HGIMAGEFINGERPRINT') == fingerprint: |
|
777 | if tags.get('HGIMAGEFINGERPRINT') == fingerprint: | |
770 | existing_image = image |
|
778 | existing_image = image | |
771 | else: |
|
779 | else: | |
772 | print('image %s for %s has wrong fingerprint; removing' % ( |
|
780 | print('image %s for %s has wrong fingerprint; removing' % ( | |
773 | image.id, image.name)) |
|
781 | image.id, image.name)) | |
774 | remove_ami(ec2resource, image) |
|
782 | remove_ami(ec2resource, image) | |
775 |
|
783 | |||
776 | if existing_image: |
|
784 | if existing_image: | |
777 | return existing_image |
|
785 | return existing_image | |
778 |
|
786 | |||
779 | print('no suitable Windows development image found; creating one...') |
|
787 | print('no suitable Windows development image found; creating one...') | |
780 |
|
788 | |||
781 | with create_temp_windows_ec2_instances(c, config) as instances: |
|
789 | with create_temp_windows_ec2_instances(c, config) as instances: | |
782 | assert len(instances) == 1 |
|
790 | assert len(instances) == 1 | |
783 | instance = instances[0] |
|
791 | instance = instances[0] | |
784 |
|
792 | |||
785 | wait_for_ssm(ssmclient, [instance]) |
|
793 | wait_for_ssm(ssmclient, [instance]) | |
786 |
|
794 | |||
787 | # On first boot, install various Windows updates. |
|
795 | # On first boot, install various Windows updates. | |
788 | # We would ideally use PowerShell Remoting for this. However, there are |
|
796 | # We would ideally use PowerShell Remoting for this. However, there are | |
789 | # trust issues that make it difficult to invoke Windows Update |
|
797 | # trust issues that make it difficult to invoke Windows Update | |
790 | # remotely. So we use SSM, which has a mechanism for running Windows |
|
798 | # remotely. So we use SSM, which has a mechanism for running Windows | |
791 | # Update. |
|
799 | # Update. | |
792 | print('installing Windows features...') |
|
800 | print('installing Windows features...') | |
793 | run_ssm_command( |
|
801 | run_ssm_command( | |
794 | ssmclient, |
|
802 | ssmclient, | |
795 | [instance], |
|
803 | [instance], | |
796 | 'AWS-RunPowerShellScript', |
|
804 | 'AWS-RunPowerShellScript', | |
797 | { |
|
805 | { | |
798 | 'commands': WINDOWS_BOOTSTRAP_POWERSHELL.split('\n'), |
|
806 | 'commands': WINDOWS_BOOTSTRAP_POWERSHELL.split('\n'), | |
799 | }, |
|
807 | }, | |
800 | ) |
|
808 | ) | |
801 |
|
809 | |||
802 | # Reboot so all updates are fully applied. |
|
810 | # Reboot so all updates are fully applied. | |
803 | print('rebooting instance %s' % instance.id) |
|
811 | print('rebooting instance %s' % instance.id) | |
804 | ec2client.reboot_instances(InstanceIds=[instance.id]) |
|
812 | ec2client.reboot_instances(InstanceIds=[instance.id]) | |
805 |
|
813 | |||
806 | time.sleep(15) |
|
814 | time.sleep(15) | |
807 |
|
815 | |||
808 | print('waiting for Windows Remote Management to come back...') |
|
816 | print('waiting for Windows Remote Management to come back...') | |
809 | client = wait_for_winrm(instance.public_ip_address, 'Administrator', |
|
817 | client = wait_for_winrm(instance.public_ip_address, 'Administrator', | |
810 | c.automation.default_password()) |
|
818 | c.automation.default_password()) | |
811 | print('established WinRM connection to %s' % instance.id) |
|
819 | print('established WinRM connection to %s' % instance.id) | |
812 | instance.winrm_client = client |
|
820 | instance.winrm_client = client | |
813 |
|
821 | |||
814 | print('bootstrapping instance...') |
|
822 | print('bootstrapping instance...') | |
815 | run_powershell(instance.winrm_client, '\n'.join(commands)) |
|
823 | run_powershell(instance.winrm_client, '\n'.join(commands)) | |
816 |
|
824 | |||
817 | print('bootstrap completed; stopping %s to create image' % instance.id) |
|
825 | print('bootstrap completed; stopping %s to create image' % instance.id) | |
818 | instance.stop() |
|
826 | instance.stop() | |
819 |
|
827 | |||
820 | ec2client.get_waiter('instance_stopped').wait( |
|
828 | ec2client.get_waiter('instance_stopped').wait( | |
821 | InstanceIds=[instance.id], |
|
829 | InstanceIds=[instance.id], | |
822 | WaiterConfig={ |
|
830 | WaiterConfig={ | |
823 | 'Delay': 5, |
|
831 | 'Delay': 5, | |
824 | }) |
|
832 | }) | |
825 | print('%s is stopped' % instance.id) |
|
833 | print('%s is stopped' % instance.id) | |
826 |
|
834 | |||
827 | image = instance.create_image( |
|
835 | image = instance.create_image( | |
828 | Name=name, |
|
836 | Name=name, | |
829 | Description='Mercurial Windows development environment', |
|
837 | Description='Mercurial Windows development environment', | |
830 | ) |
|
838 | ) | |
831 |
|
839 | |||
832 | image.create_tags(Tags=[ |
|
840 | image.create_tags(Tags=[ | |
833 | { |
|
841 | { | |
834 | 'Key': 'HGIMAGEFINGERPRINT', |
|
842 | 'Key': 'HGIMAGEFINGERPRINT', | |
835 | 'Value': fingerprint, |
|
843 | 'Value': fingerprint, | |
836 | }, |
|
844 | }, | |
837 | ]) |
|
845 | ]) | |
838 |
|
846 | |||
839 | print('waiting for image %s' % image.id) |
|
847 | print('waiting for image %s' % image.id) | |
840 |
|
848 | |||
841 | ec2client.get_waiter('image_available').wait( |
|
849 | ec2client.get_waiter('image_available').wait( | |
842 | ImageIds=[image.id], |
|
850 | ImageIds=[image.id], | |
843 | ) |
|
851 | ) | |
844 |
|
852 | |||
845 | print('image %s available as %s' % (image.id, image.name)) |
|
853 | print('image %s available as %s' % (image.id, image.name)) | |
846 |
|
854 | |||
847 | return image |
|
855 | return image | |
848 |
|
856 | |||
849 |
|
857 | |||
850 | @contextlib.contextmanager |
|
858 | @contextlib.contextmanager | |
851 | def temporary_windows_dev_instances(c: AWSConnection, image, instance_type, |
|
859 | def temporary_windows_dev_instances(c: AWSConnection, image, instance_type, | |
852 | prefix='hg-', disable_antivirus=False): |
|
860 | prefix='hg-', disable_antivirus=False): | |
853 | """Create a temporary Windows development EC2 instance. |
|
861 | """Create a temporary Windows development EC2 instance. | |
854 |
|
862 | |||
855 | Context manager resolves to the list of ``EC2.Instance`` that were created. |
|
863 | Context manager resolves to the list of ``EC2.Instance`` that were created. | |
856 | """ |
|
864 | """ | |
857 | config = { |
|
865 | config = { | |
858 | 'BlockDeviceMappings': [ |
|
866 | 'BlockDeviceMappings': [ | |
859 | { |
|
867 | { | |
860 | 'DeviceName': '/dev/sda1', |
|
868 | 'DeviceName': '/dev/sda1', | |
861 | 'Ebs': { |
|
869 | 'Ebs': { | |
862 | 'DeleteOnTermination': True, |
|
870 | 'DeleteOnTermination': True, | |
863 | 'VolumeSize': 32, |
|
871 | 'VolumeSize': 32, | |
864 | 'VolumeType': 'gp2', |
|
872 | 'VolumeType': 'gp2', | |
865 | }, |
|
873 | }, | |
866 | } |
|
874 | } | |
867 | ], |
|
875 | ], | |
868 | 'ImageId': image.id, |
|
876 | 'ImageId': image.id, | |
869 | 'InstanceInitiatedShutdownBehavior': 'stop', |
|
877 | 'InstanceInitiatedShutdownBehavior': 'stop', | |
870 | 'InstanceType': instance_type, |
|
878 | 'InstanceType': instance_type, | |
871 | 'KeyName': '%sautomation' % prefix, |
|
879 | 'KeyName': '%sautomation' % prefix, | |
872 | 'MaxCount': 1, |
|
880 | 'MaxCount': 1, | |
873 | 'MinCount': 1, |
|
881 | 'MinCount': 1, | |
874 | 'SecurityGroupIds': [c.security_groups['windows-dev-1'].id], |
|
882 | 'SecurityGroupIds': [c.security_groups['windows-dev-1'].id], | |
875 | } |
|
883 | } | |
876 |
|
884 | |||
877 | with create_temp_windows_ec2_instances(c, config) as instances: |
|
885 | with create_temp_windows_ec2_instances(c, config) as instances: | |
878 | if disable_antivirus: |
|
886 | if disable_antivirus: | |
879 | for instance in instances: |
|
887 | for instance in instances: | |
880 | run_powershell( |
|
888 | run_powershell( | |
881 | instance.winrm_client, |
|
889 | instance.winrm_client, | |
882 | 'Set-MpPreference -DisableRealtimeMonitoring $true') |
|
890 | 'Set-MpPreference -DisableRealtimeMonitoring $true') | |
883 |
|
891 | |||
884 | yield instances |
|
892 | yield instances |
@@ -1,119 +1,119 b'' | |||||
1 | # |
|
1 | # | |
2 | # This file is autogenerated by pip-compile |
|
2 | # This file is autogenerated by pip-compile | |
3 | # To update, run: |
|
3 | # To update, run: | |
4 | # |
|
4 | # | |
5 | # pip-compile -U --generate-hashes --output-file contrib/automation/requirements.txt contrib/automation/requirements.txt.in |
|
5 | # pip-compile -U --generate-hashes --output-file contrib/automation/requirements.txt contrib/automation/requirements.txt.in | |
6 | # |
|
6 | # | |
7 | asn1crypto==0.24.0 \ |
|
7 | asn1crypto==0.24.0 \ | |
8 | --hash=sha256:2f1adbb7546ed199e3c90ef23ec95c5cf3585bac7d11fb7eb562a3fe89c64e87 \ |
|
8 | --hash=sha256:2f1adbb7546ed199e3c90ef23ec95c5cf3585bac7d11fb7eb562a3fe89c64e87 \ | |
9 | --hash=sha256:9d5c20441baf0cb60a4ac34cc447c6c189024b6b4c6cd7877034f4965c464e49 \ |
|
9 | --hash=sha256:9d5c20441baf0cb60a4ac34cc447c6c189024b6b4c6cd7877034f4965c464e49 \ | |
10 | # via cryptography |
|
10 | # via cryptography | |
11 |
boto3==1.9.1 |
|
11 | boto3==1.9.137 \ | |
12 | --hash=sha256:06414c75d1f62af7d04fd652b38d1e4fd3cfd6b35bad978466af88e2aaecd00d \ |
|
12 | --hash=sha256:882cc4869b47b51dae4b4a900769e72171ff00e0b6bca644b2d7a7ad7378f324 \ | |
13 | --hash=sha256:f3b77dff382374773d02411fa47ee408f4f503aeebd837fd9dc9ed8635bc5e8e |
|
13 | --hash=sha256:cd503a7e7a04f1c14d2801f9727159dfa88c393b4004e98940fa4aa205d920c8 | |
14 |
botocore==1.12.1 |
|
14 | botocore==1.12.137 \ | |
15 | --hash=sha256:6af473c52d5e3e7ff82de5334e9fee96b2d5ec2df5d78bc00cd9937e2573a7a8 \ |
|
15 | --hash=sha256:0d95794f6b1239c75e2c5f966221bcd4b68020fddb5676f757531eedbb612ed8 \ | |
16 | --hash=sha256:9f5123c7be704b17aeacae99b5842ab17bda1f799dd29134de8c70e0a50a45d7 \ |
|
16 | --hash=sha256:3213cf48cf2ceee10fc3b93221f2cd1c38521cca7584f547d5c086213cc60f35 \ | |
17 | # via boto3, s3transfer |
|
17 | # via boto3, s3transfer | |
18 | certifi==2019.3.9 \ |
|
18 | certifi==2019.3.9 \ | |
19 | --hash=sha256:59b7658e26ca9c7339e00f8f4636cdfe59d34fa37b9b04f6f9e9926b3cece1a5 \ |
|
19 | --hash=sha256:59b7658e26ca9c7339e00f8f4636cdfe59d34fa37b9b04f6f9e9926b3cece1a5 \ | |
20 | --hash=sha256:b26104d6835d1f5e49452a26eb2ff87fe7090b89dfcaee5ea2212697e1e1d7ae \ |
|
20 | --hash=sha256:b26104d6835d1f5e49452a26eb2ff87fe7090b89dfcaee5ea2212697e1e1d7ae \ | |
21 | # via requests |
|
21 | # via requests | |
22 |
cffi==1.12. |
|
22 | cffi==1.12.3 \ | |
23 | --hash=sha256:00b97afa72c233495560a0793cdc86c2571721b4271c0667addc83c417f3d90f \ |
|
23 | --hash=sha256:041c81822e9f84b1d9c401182e174996f0bae9991f33725d059b771744290774 \ | |
24 | --hash=sha256:0ba1b0c90f2124459f6966a10c03794082a2f3985cd699d7d63c4a8dae113e11 \ |
|
24 | --hash=sha256:046ef9a22f5d3eed06334d01b1e836977eeef500d9b78e9ef693f9380ad0b83d \ | |
25 | --hash=sha256:0bffb69da295a4fc3349f2ec7cbe16b8ba057b0a593a92cbe8396e535244ee9d \ |
|
25 | --hash=sha256:066bc4c7895c91812eff46f4b1c285220947d4aa46fa0a2651ff85f2afae9c90 \ | |
26 | --hash=sha256:21469a2b1082088d11ccd79dd84157ba42d940064abbfa59cf5f024c19cf4891 \ |
|
26 | --hash=sha256:066c7ff148ae33040c01058662d6752fd73fbc8e64787229ea8498c7d7f4041b \ | |
27 | --hash=sha256:2e4812f7fa984bf1ab253a40f1f4391b604f7fc424a3e21f7de542a7f8f7aedf \ |
|
27 | --hash=sha256:2444d0c61f03dcd26dbf7600cf64354376ee579acad77aef459e34efcb438c63 \ | |
28 | --hash=sha256:2eac2cdd07b9049dd4e68449b90d3ef1adc7c759463af5beb53a84f1db62e36c \ |
|
28 | --hash=sha256:300832850b8f7967e278870c5d51e3819b9aad8f0a2c8dbe39ab11f119237f45 \ | |
29 | --hash=sha256:2f9089979d7456c74d21303c7851f158833d48fb265876923edcb2d0194104ed \ |
|
29 | --hash=sha256:34c77afe85b6b9e967bd8154e3855e847b70ca42043db6ad17f26899a3df1b25 \ | |
30 | --hash=sha256:3dd13feff00bddb0bd2d650cdb7338f815c1789a91a6f68fdc00e5c5ed40329b \ |
|
30 | --hash=sha256:46de5fa00f7ac09f020729148ff632819649b3e05a007d286242c4882f7b1dc3 \ | |
31 | --hash=sha256:4065c32b52f4b142f417af6f33a5024edc1336aa845b9d5a8d86071f6fcaac5a \ |
|
31 | --hash=sha256:4aa8ee7ba27c472d429b980c51e714a24f47ca296d53f4d7868075b175866f4b \ | |
32 | --hash=sha256:51a4ba1256e9003a3acf508e3b4f4661bebd015b8180cc31849da222426ef585 \ |
|
32 | --hash=sha256:4d0004eb4351e35ed950c14c11e734182591465a33e960a4ab5e8d4f04d72647 \ | |
33 | --hash=sha256:59888faac06403767c0cf8cfb3f4a777b2939b1fbd9f729299b5384f097f05ea \ |
|
33 | --hash=sha256:4e3d3f31a1e202b0f5a35ba3bc4eb41e2fc2b11c1eff38b362de710bcffb5016 \ | |
34 | --hash=sha256:59c87886640574d8b14910840327f5cd15954e26ed0bbd4e7cef95fa5aef218f \ |
|
34 | --hash=sha256:50bec6d35e6b1aaeb17f7c4e2b9374ebf95a8975d57863546fa83e8d31bdb8c4 \ | |
35 | --hash=sha256:610fc7d6db6c56a244c2701575f6851461753c60f73f2de89c79bbf1cc807f33 \ |
|
35 | --hash=sha256:55cad9a6df1e2a1d62063f79d0881a414a906a6962bc160ac968cc03ed3efcfb \ | |
36 | --hash=sha256:70aeadeecb281ea901bf4230c6222af0248c41044d6f57401a614ea59d96d145 \ |
|
36 | --hash=sha256:5662ad4e4e84f1eaa8efce5da695c5d2e229c563f9d5ce5b0113f71321bcf753 \ | |
37 | --hash=sha256:71e1296d5e66c59cd2c0f2d72dc476d42afe02aeddc833d8e05630a0551dad7a \ |
|
37 | --hash=sha256:59b4dc008f98fc6ee2bb4fd7fc786a8d70000d058c2bbe2698275bc53a8d3fa7 \ | |
38 | --hash=sha256:8fc7a49b440ea752cfdf1d51a586fd08d395ff7a5d555dc69e84b1939f7ddee3 \ |
|
38 | --hash=sha256:73e1ffefe05e4ccd7bcea61af76f36077b914f92b76f95ccf00b0c1b9186f3f9 \ | |
39 | --hash=sha256:9b5c2afd2d6e3771d516045a6cfa11a8da9a60e3d128746a7fe9ab36dfe7221f \ |
|
39 | --hash=sha256:a1f0fd46eba2d71ce1589f7e50a9e2ffaeb739fb2c11e8192aa2b45d5f6cc41f \ | |
40 | --hash=sha256:9c759051ebcb244d9d55ee791259ddd158188d15adee3c152502d3b69005e6bd \ |
|
40 | --hash=sha256:a2e85dc204556657661051ff4bab75a84e968669765c8a2cd425918699c3d0e8 \ | |
41 | --hash=sha256:b4d1011fec5ec12aa7cc10c05a2f2f12dfa0adfe958e56ae38dc140614035804 \ |
|
41 | --hash=sha256:a5457d47dfff24882a21492e5815f891c0ca35fefae8aa742c6c263dac16ef1f \ | |
42 | --hash=sha256:b4f1d6332339ecc61275bebd1f7b674098a66fea11a00c84d1c58851e618dc0d \ |
|
42 | --hash=sha256:a8dccd61d52a8dae4a825cdbb7735da530179fea472903eb871a5513b5abbfdc \ | |
43 | --hash=sha256:c030cda3dc8e62b814831faa4eb93dd9a46498af8cd1d5c178c2de856972fd92 \ |
|
43 | --hash=sha256:ae61af521ed676cf16ae94f30fe202781a38d7178b6b4ab622e4eec8cefaff42 \ | |
44 | --hash=sha256:c2e1f2012e56d61390c0e668c20c4fb0ae667c44d6f6a2eeea5d7148dcd3df9f \ |
|
44 | --hash=sha256:b012a5edb48288f77a63dba0840c92d0504aa215612da4541b7b42d849bc83a3 \ | |
45 | --hash=sha256:c37c77d6562074452120fc6c02ad86ec928f5710fbc435a181d69334b4de1d84 \ |
|
45 | --hash=sha256:d2c5cfa536227f57f97c92ac30c8109688ace8fa4ac086d19d0af47d134e2909 \ | |
46 | --hash=sha256:c8149780c60f8fd02752d0429246088c6c04e234b895c4a42e1ea9b4de8d27fb \ |
|
46 | --hash=sha256:d42b5796e20aacc9d15e66befb7a345454eef794fdb0737d1af593447c6c8f45 \ | |
47 | --hash=sha256:cbeeef1dc3c4299bd746b774f019de9e4672f7cc666c777cd5b409f0b746dac7 \ |
|
47 | --hash=sha256:dee54f5d30d775f525894d67b1495625dd9322945e7fee00731952e0368ff42d \ | |
48 | --hash=sha256:e113878a446c6228669144ae8a56e268c91b7f1fafae927adc4879d9849e0ea7 \ |
|
48 | --hash=sha256:e070535507bd6aa07124258171be2ee8dfc19119c28ca94c9dfb7efd23564512 \ | |
49 | --hash=sha256:e21162bf941b85c0cda08224dade5def9360f53b09f9f259adb85fc7dd0e7b35 \ |
|
49 | --hash=sha256:e1ff2748c84d97b065cc95429814cdba39bcbd77c9c85c89344b317dc0d9cbff \ | |
50 | --hash=sha256:fb6934ef4744becbda3143d30c6604718871495a5e36c408431bf33d9c146889 \ |
|
50 | --hash=sha256:ed851c75d1e0e043cbf5ca9a8e1b13c4c90f3fbd863dacb01c0808e2b5204201 \ | |
51 | # via cryptography |
|
51 | # via cryptography | |
52 | chardet==3.0.4 \ |
|
52 | chardet==3.0.4 \ | |
53 | --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \ |
|
53 | --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \ | |
54 | --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 \ |
|
54 | --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 \ | |
55 | # via requests |
|
55 | # via requests | |
56 | cryptography==2.6.1 \ |
|
56 | cryptography==2.6.1 \ | |
57 | --hash=sha256:066f815f1fe46020877c5983a7e747ae140f517f1b09030ec098503575265ce1 \ |
|
57 | --hash=sha256:066f815f1fe46020877c5983a7e747ae140f517f1b09030ec098503575265ce1 \ | |
58 | --hash=sha256:210210d9df0afba9e000636e97810117dc55b7157c903a55716bb73e3ae07705 \ |
|
58 | --hash=sha256:210210d9df0afba9e000636e97810117dc55b7157c903a55716bb73e3ae07705 \ | |
59 | --hash=sha256:26c821cbeb683facb966045e2064303029d572a87ee69ca5a1bf54bf55f93ca6 \ |
|
59 | --hash=sha256:26c821cbeb683facb966045e2064303029d572a87ee69ca5a1bf54bf55f93ca6 \ | |
60 | --hash=sha256:2afb83308dc5c5255149ff7d3fb9964f7c9ee3d59b603ec18ccf5b0a8852e2b1 \ |
|
60 | --hash=sha256:2afb83308dc5c5255149ff7d3fb9964f7c9ee3d59b603ec18ccf5b0a8852e2b1 \ | |
61 | --hash=sha256:2db34e5c45988f36f7a08a7ab2b69638994a8923853dec2d4af121f689c66dc8 \ |
|
61 | --hash=sha256:2db34e5c45988f36f7a08a7ab2b69638994a8923853dec2d4af121f689c66dc8 \ | |
62 | --hash=sha256:409c4653e0f719fa78febcb71ac417076ae5e20160aec7270c91d009837b9151 \ |
|
62 | --hash=sha256:409c4653e0f719fa78febcb71ac417076ae5e20160aec7270c91d009837b9151 \ | |
63 | --hash=sha256:45a4f4cf4f4e6a55c8128f8b76b4c057027b27d4c67e3fe157fa02f27e37830d \ |
|
63 | --hash=sha256:45a4f4cf4f4e6a55c8128f8b76b4c057027b27d4c67e3fe157fa02f27e37830d \ | |
64 | --hash=sha256:48eab46ef38faf1031e58dfcc9c3e71756a1108f4c9c966150b605d4a1a7f659 \ |
|
64 | --hash=sha256:48eab46ef38faf1031e58dfcc9c3e71756a1108f4c9c966150b605d4a1a7f659 \ | |
65 | --hash=sha256:6b9e0ae298ab20d371fc26e2129fd683cfc0cfde4d157c6341722de645146537 \ |
|
65 | --hash=sha256:6b9e0ae298ab20d371fc26e2129fd683cfc0cfde4d157c6341722de645146537 \ | |
66 | --hash=sha256:6c4778afe50f413707f604828c1ad1ff81fadf6c110cb669579dea7e2e98a75e \ |
|
66 | --hash=sha256:6c4778afe50f413707f604828c1ad1ff81fadf6c110cb669579dea7e2e98a75e \ | |
67 | --hash=sha256:8c33fb99025d353c9520141f8bc989c2134a1f76bac6369cea060812f5b5c2bb \ |
|
67 | --hash=sha256:8c33fb99025d353c9520141f8bc989c2134a1f76bac6369cea060812f5b5c2bb \ | |
68 | --hash=sha256:9873a1760a274b620a135054b756f9f218fa61ca030e42df31b409f0fb738b6c \ |
|
68 | --hash=sha256:9873a1760a274b620a135054b756f9f218fa61ca030e42df31b409f0fb738b6c \ | |
69 | --hash=sha256:9b069768c627f3f5623b1cbd3248c5e7e92aec62f4c98827059eed7053138cc9 \ |
|
69 | --hash=sha256:9b069768c627f3f5623b1cbd3248c5e7e92aec62f4c98827059eed7053138cc9 \ | |
70 | --hash=sha256:9e4ce27a507e4886efbd3c32d120db5089b906979a4debf1d5939ec01b9dd6c5 \ |
|
70 | --hash=sha256:9e4ce27a507e4886efbd3c32d120db5089b906979a4debf1d5939ec01b9dd6c5 \ | |
71 | --hash=sha256:acb424eaca214cb08735f1a744eceb97d014de6530c1ea23beb86d9c6f13c2ad \ |
|
71 | --hash=sha256:acb424eaca214cb08735f1a744eceb97d014de6530c1ea23beb86d9c6f13c2ad \ | |
72 | --hash=sha256:c8181c7d77388fe26ab8418bb088b1a1ef5fde058c6926790c8a0a3d94075a4a \ |
|
72 | --hash=sha256:c8181c7d77388fe26ab8418bb088b1a1ef5fde058c6926790c8a0a3d94075a4a \ | |
73 | --hash=sha256:d4afbb0840f489b60f5a580a41a1b9c3622e08ecb5eec8614d4fb4cd914c4460 \ |
|
73 | --hash=sha256:d4afbb0840f489b60f5a580a41a1b9c3622e08ecb5eec8614d4fb4cd914c4460 \ | |
74 | --hash=sha256:d9ed28030797c00f4bc43c86bf819266c76a5ea61d006cd4078a93ebf7da6bfd \ |
|
74 | --hash=sha256:d9ed28030797c00f4bc43c86bf819266c76a5ea61d006cd4078a93ebf7da6bfd \ | |
75 | --hash=sha256:e603aa7bb52e4e8ed4119a58a03b60323918467ef209e6ff9db3ac382e5cf2c6 \ |
|
75 | --hash=sha256:e603aa7bb52e4e8ed4119a58a03b60323918467ef209e6ff9db3ac382e5cf2c6 \ | |
76 | # via pypsrp |
|
76 | # via pypsrp | |
77 | docutils==0.14 \ |
|
77 | docutils==0.14 \ | |
78 | --hash=sha256:02aec4bd92ab067f6ff27a38a38a41173bf01bed8f89157768c1573f53e474a6 \ |
|
78 | --hash=sha256:02aec4bd92ab067f6ff27a38a38a41173bf01bed8f89157768c1573f53e474a6 \ | |
79 | --hash=sha256:51e64ef2ebfb29cae1faa133b3710143496eca21c530f3f71424d77687764274 \ |
|
79 | --hash=sha256:51e64ef2ebfb29cae1faa133b3710143496eca21c530f3f71424d77687764274 \ | |
80 | --hash=sha256:7a4bd47eaf6596e1295ecb11361139febe29b084a87bf005bf899f9a42edc3c6 \ |
|
80 | --hash=sha256:7a4bd47eaf6596e1295ecb11361139febe29b084a87bf005bf899f9a42edc3c6 \ | |
81 | # via botocore |
|
81 | # via botocore | |
82 | idna==2.8 \ |
|
82 | idna==2.8 \ | |
83 | --hash=sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407 \ |
|
83 | --hash=sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407 \ | |
84 | --hash=sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c \ |
|
84 | --hash=sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c \ | |
85 | # via requests |
|
85 | # via requests | |
86 | jmespath==0.9.4 \ |
|
86 | jmespath==0.9.4 \ | |
87 | --hash=sha256:3720a4b1bd659dd2eecad0666459b9788813e032b83e7ba58578e48254e0a0e6 \ |
|
87 | --hash=sha256:3720a4b1bd659dd2eecad0666459b9788813e032b83e7ba58578e48254e0a0e6 \ | |
88 | --hash=sha256:bde2aef6f44302dfb30320115b17d030798de8c4110e28d5cf6cf91a7a31074c \ |
|
88 | --hash=sha256:bde2aef6f44302dfb30320115b17d030798de8c4110e28d5cf6cf91a7a31074c \ | |
89 | # via boto3, botocore |
|
89 | # via boto3, botocore | |
90 |
ntlm-auth==1. |
|
90 | ntlm-auth==1.3.0 \ | |
91 | --hash=sha256:7bc02a3fbdfee7275d3dc20fce8028ed8eb6d32364637f28be9e9ae9160c6d5c \ |
|
91 | --hash=sha256:bb2fd03c665f0f62c5f65695b62dcdb07fb7a45df6ebc86c770be2054d6902dd \ | |
92 | --hash=sha256:9b13eaf88f16a831637d75236a93d60c0049536715aafbf8190ba58a590b023e \ |
|
92 | --hash=sha256:ce5b4483ed761f341a538a426a71a52e5a9cf5fd834ebef1d2090f9eef14b3f8 \ | |
93 | # via pypsrp |
|
93 | # via pypsrp | |
94 | pycparser==2.19 \ |
|
94 | pycparser==2.19 \ | |
95 | --hash=sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3 \ |
|
95 | --hash=sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3 \ | |
96 | # via cffi |
|
96 | # via cffi | |
97 | pypsrp==0.3.1 \ |
|
97 | pypsrp==0.3.1 \ | |
98 | --hash=sha256:309853380fe086090a03cc6662a778ee69b1cae355ae4a932859034fd76e9d0b \ |
|
98 | --hash=sha256:309853380fe086090a03cc6662a778ee69b1cae355ae4a932859034fd76e9d0b \ | |
99 | --hash=sha256:90f946254f547dc3493cea8493c819ab87e152a755797c93aa2668678ba8ae85 |
|
99 | --hash=sha256:90f946254f547dc3493cea8493c819ab87e152a755797c93aa2668678ba8ae85 | |
100 | python-dateutil==2.8.0 \ |
|
100 | python-dateutil==2.8.0 \ | |
101 | --hash=sha256:7e6584c74aeed623791615e26efd690f29817a27c73085b78e4bad02493df2fb \ |
|
101 | --hash=sha256:7e6584c74aeed623791615e26efd690f29817a27c73085b78e4bad02493df2fb \ | |
102 | --hash=sha256:c89805f6f4d64db21ed966fda138f8a5ed7a4fdbc1a8ee329ce1b74e3c74da9e \ |
|
102 | --hash=sha256:c89805f6f4d64db21ed966fda138f8a5ed7a4fdbc1a8ee329ce1b74e3c74da9e \ | |
103 | # via botocore |
|
103 | # via botocore | |
104 | requests==2.21.0 \ |
|
104 | requests==2.21.0 \ | |
105 | --hash=sha256:502a824f31acdacb3a35b6690b5fbf0bc41d63a24a45c4004352b0242707598e \ |
|
105 | --hash=sha256:502a824f31acdacb3a35b6690b5fbf0bc41d63a24a45c4004352b0242707598e \ | |
106 | --hash=sha256:7bf2a778576d825600030a110f3c0e3e8edc51dfaafe1c146e39a2027784957b \ |
|
106 | --hash=sha256:7bf2a778576d825600030a110f3c0e3e8edc51dfaafe1c146e39a2027784957b \ | |
107 | # via pypsrp |
|
107 | # via pypsrp | |
108 | s3transfer==0.2.0 \ |
|
108 | s3transfer==0.2.0 \ | |
109 | --hash=sha256:7b9ad3213bff7d357f888e0fab5101b56fa1a0548ee77d121c3a3dbfbef4cb2e \ |
|
109 | --hash=sha256:7b9ad3213bff7d357f888e0fab5101b56fa1a0548ee77d121c3a3dbfbef4cb2e \ | |
110 | --hash=sha256:f23d5cb7d862b104401d9021fc82e5fa0e0cf57b7660a1331425aab0c691d021 \ |
|
110 | --hash=sha256:f23d5cb7d862b104401d9021fc82e5fa0e0cf57b7660a1331425aab0c691d021 \ | |
111 | # via boto3 |
|
111 | # via boto3 | |
112 | six==1.12.0 \ |
|
112 | six==1.12.0 \ | |
113 | --hash=sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c \ |
|
113 | --hash=sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c \ | |
114 | --hash=sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73 \ |
|
114 | --hash=sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73 \ | |
115 | # via cryptography, pypsrp, python-dateutil |
|
115 | # via cryptography, pypsrp, python-dateutil | |
116 |
urllib3==1.24. |
|
116 | urllib3==1.24.2 \ | |
117 | --hash=sha256:61bf29cada3fc2fbefad4fdf059ea4bd1b4a86d2b6d15e1c7c0b582b9752fe39 \ |
|
117 | --hash=sha256:4c291ca23bbb55c76518905869ef34bdd5f0e46af7afe6861e8375643ffee1a0 \ | |
118 | --hash=sha256:de9529817c93f27c8ccbfead6985011db27bd0ddfcdb2d86f3f663385c6a9c22 \ |
|
118 | --hash=sha256:9a247273df709c4fedb38c711e44292304f73f39ab01beda9f6b9fc375669ac3 \ | |
119 | # via botocore, requests |
|
119 | # via botocore, requests |
General Comments 0
You need to be logged in to leave comments.
Login now