Last active
January 13, 2016 08:52
-
-
Save grenade/eae87d47459a57e915ba to your computer and use it in GitHub Desktop.
create an rdp session to an ec2 or ix windows instance using password-store and awscli to effortlessly manage instance passwords
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # usage: | |
| # $ rdp cltbld@b-2008-ec2-0999 | |
| # $ rdp b-2008-ec2-0999 | |
| # $ kb=en-us rdp b-2008-ec2-0999 | |
| res=${res:=2400x1200} | |
| kb=${kb:=en-gb} | |
| key=${key:=~/.ssh/aws-ssh-key} | |
| : ${1:?hostname required} | |
| if [[ $1 == *"@"* ]]; then | |
| host=${1#*@} | |
| usr=${1%@*} | |
| else | |
| host=$1 | |
| usr=${usr:=root} | |
| fi | |
| #echo "user: $usr, host: $host." | |
| if [[ $host == *"-ec2-"* ]]; then | |
| pass_dir=Mozilla/relops/ec2 | |
| elif [[ $host == *"-spot-"* ]]; then | |
| pass_dir=Mozilla/relops/spot | |
| elif [[ $host == *"-ix-"* ]]; then | |
| pass_dir=Mozilla/relops/ix | |
| else | |
| echo "Error: Unable to determine password directory." | |
| pass_dir= | |
| fi | |
| #if [[ "$pass_dir" != "" ]]; then | |
| # echo "pass_dir: $pass_dir." | |
| #fi | |
| fqdn=`nslookup $host | grep -oP 'canonical name = [0-9a-z\-]*\.\K[0-9a-z\.]*\.mozilla\.com'` | |
| if [[ "$fqdn" == "" ]]; then | |
| fqdn=`nslookup $host.try.mozilla.org | grep -oP 'canonical name = [0-9a-z\-]*\.\K[0-9a-z\.]*\.mozilla\.com'` | |
| fi | |
| if [[ "$fqdn" == "" ]]; then | |
| fqdn=`nslookup $host.build.mozilla.org | grep -oP 'canonical name = [0-9a-z\-]*\.\K[0-9a-z\.]*\.mozilla\.com'` | |
| fi | |
| if [[ "$fqdn" == "" ]]; then | |
| fqdn=`nslookup $host.test.mozilla.org | grep -oP 'canonical name = [0-9a-z\-]*\.\K[0-9a-z\.]*\.mozilla\.com'` | |
| fi | |
| #if [[ "$fqdn" == "" ]] && [[ "$host" == *"-ec2-"* ]]; then | |
| # if [[ "$host" == "b-"* ]]; then | |
| # fqdn="build.mozilla.org" | |
| # elif [[ "$host" == "y-"* ]]; then | |
| # fqdn="try.mozilla.org" | |
| # fi | |
| #fi | |
| if [[ "$fqdn" == "" ]] && [[ "$host" == *"-spot-"* ]]; then | |
| instance_ip=`aws ec2 describe-instances --filters --region us-west-2 "Name=tag:Name,Values=$host" --output text --query 'Reservations[*].Instances[*].PrivateIpAddress'` | |
| if [[ "$instance_ip" != "" ]]; then | |
| dns_atom="usw2" | |
| else | |
| instance_ip=`aws ec2 describe-instances --filters --region us-east-1 "Name=tag:Name,Values=$host" --output text --query 'Reservations[*].Instances[*].PrivateIpAddress'` | |
| dns_atom="use1" | |
| fi | |
| if [[ "$instance_ip" != "" ]]; then | |
| if [[ "$host" == "b-"* ]]; then | |
| fqdn="build.releng.$dns_atom.mozilla.com" | |
| elif [[ "$host" == "y-"* ]]; then | |
| fqdn="try.releng.$dns_atom.mozilla.com" | |
| elif [[ "$host" == "t-"* ]]; then | |
| fqdn="test.releng.$dns_atom.mozilla.com" | |
| fi | |
| fi | |
| if [[ "$host" == "b-"* ]]; then | |
| fqdn="build.mozilla.org" | |
| elif [[ "$host" == "y-"* ]]; then | |
| fqdn="try.mozilla.org" | |
| elif [[ "$host" == "t-"* ]]; then | |
| fqdn="test.mozilla.org" | |
| fi | |
| fi | |
| if [[ ! -e /usr/bin/pass ]]; then | |
| sudo dnf install -y pass | |
| fi | |
| if [[ -e ~/.password-store/$pass_dir/$usr@$host.$fqdn.gpg ]]; then | |
| #echo "found ~/.password-store/$pass_dir/$usr@$host.$fqdn.gpg" | |
| password=`pass $pass_dir/$usr@$host.$fqdn` | |
| elif [[ "$fqdn" != "" ]]; then | |
| if [[ ! -e /usr/bin/aws ]]; then | |
| sudo pip install --quiet awscli | |
| fi | |
| if [[ $fqdn == *".use1."* ]]; then | |
| ec2_region=us-east-1 | |
| elif [[ $fqdn == *".usw2."* ]]; then | |
| ec2_region=us-west-2 | |
| fi | |
| if [[ "$ec2_region" != "" ]]; then | |
| instance_id=`aws ec2 describe-instances --filters --region $ec2_region "Name=tag:Name,Values=$host" --output text --query 'Reservations[*].Instances[*].InstanceId'` | |
| if [[ "$instance_id" != "" ]]; then | |
| password=`aws ec2 get-password-data --region $ec2_region --instance-id $instance_id --priv-launch-key $key --output text --query 'PasswordData'` | |
| fi | |
| if [[ "$password" != "" ]]; then | |
| echo $password | pass insert -e $pass_dir/$usr@$host.$fqdn | |
| fi | |
| fi | |
| if [[ "$password" == "" ]]; then | |
| if [[ ! -e ~/.password-store/$pass_dir/$usr@$host.$fqdn.gpg ]]; then | |
| ln -s ../ec2/[email protected] ~/.password-store/$pass_dir/$usr@$host.$fqdn.gpg | |
| password=`pass $pass_dir/$usr@$host.$fqdn` | |
| git --git-dir=$HOME/.password-store/.git --work-tree=$HOME/.password-store add $pass_dir/$usr@$host.$fqdn.gpg | |
| git --git-dir=$HOME/.password-store/.git --work-tree=$HOME/.password-store commit -m "Add shared password for $pass_dir/$usr@$host.$fqdn to store." | |
| fi | |
| fi | |
| fi | |
| if [[ "$password" != "" ]]; then | |
| if [[ "$instance_ip" != "" ]]; then | |
| #echo "rdesktop -u $usr -p \"$password\" -k $kb -g $res -a 16 -K -r clipboard:CLIPBOARD $instance_ip" | |
| nohup rdesktop -u $usr -p "$password" -k $kb -g $res -a 16 -K -r clipboard:CLIPBOARD $instance_ip &>/dev/null & | |
| else | |
| #rdesktop -u $usr -p "$password" -k $kb -g $res -a 16 -K -r clipboard:CLIPBOARD $host.$fqdn | |
| #echo "rdesktop -u $usr -p \"$password\" -k $kb -g $res -a 16 -K -r clipboard:CLIPBOARD $host.$fqdn" | |
| nohup rdesktop -u $usr -p "$password" -k $kb -g $res -a 16 -K -r clipboard:CLIPBOARD $host.$fqdn &>/dev/null & | |
| fi | |
| elif [[ "$fqdn" == "" ]]; then | |
| vpnup=`nmcli connection show --active id openvpn.scl3.mozilla.com` | |
| if [[ "$vpnup" == "" ]]; then | |
| nmcli connection up id openvpn.scl3.mozilla.com | |
| echo "Error: The VPN was not connected. Try again" | |
| else | |
| echo "Error: Failed to find fqdn for $host" | |
| fi | |
| else | |
| echo "Error: Failed to find credentials for $host.$fqdn" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment