Machine: Use existing keypair for new machines on EC2

+1

+1

+1

I have been looking at the code within the driver, It looks like I could make this happen, The assumption would have to be that the private key is available to be passed as a parameter to the driver. This is because docker-machine expects the key to be available in the .docker directory.

+1

@nathanleclaire Nathan, is it worth putting together a pull request for this given that the driver model is changing?

@jeffellin It is probably fine. The changes to the actual driver code to support the new plugin model won't be huge and the inevitable rebase (on either end) is pretty manageable.

So for those of you who +1'd I created a change that takes an additional optional parameter

This will be the path to your private key. You will also need a public key that will have the same name with the .pub extension. Initially I thought I could just provide a keypair name but you still need the private key so that SSH and other functions still work. In essence you are still creating a new keypair in ec2 that matches the machine name but using a pub/priv key that you have locally.

The cleanest thing to do is to still create a keypair for your machine but using a key you have in your procession otherwise other lifecycle changes would be required, such as not removing the keypair from ec2 when deleting the instance via docker machine.

Thoughts?

+1

For those of you adding +1, the pull request is out there with this functionality.

ETA for supporting it in digital ocean?

Is that already exists for openstack driver ?

Thanks. Github closed the other pr for reasons I don't understand and Nathan was unable to reopen it. Thus the new pr

Thanks for the merge and the help.

On Jan 15, 2016, at 3:49 PM, Jean-Laurent de Morlhon [email protected] wrote:

Closed #1898 via c3131ec.

—
Reply to this email directly or view it on GitHub.

according to the documentation, I can use the env variable AWS_SSH_KEYPATH without having to add --amazonec2-ssh-keypath to every create. However this is not working for me (a new keypair is created for each machine). I'm on osx el capitan, docker 1.9.0.

A new key pair is always created,  however the key that you specify is used.  This will result in a lot of duplicate keys but it is the correct behavior based on the existing machine model.  

On March 17, 2016 at 1:33:20 PM, @bachr_ ([email protected]) wrote:

according to the documentation, I can use the env variable AWS_SSH_KEYPATH without having to add --amazonec2-ssh-keypath to every create. However this is not working for me (a new keypair is created for each machine). I'm on osx el capitan, docker 1.9.0.

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub

Thanks the quick reply, just to be sure the value of AWS_SSH_KEYPATH should be something like /my/directory/tree/my-key-pair.pem or I have to omit .pem ?? (both are not working for me)
Then I need my key to ssh into the instances ssh -i /my/directory/tree/my-key-pair.pem ubuntu@instance-ip-addr (using default ami) to install some stuff with a script/ansible.

Is there any proper documentation on this ? I am still unable to find way through this issue as well.

As @dzlab pointed out, this feature isn't necessarily complete (or I'm misunderstanding it), as Amazon keys are .pem file - there is no private/public key pair (specifically, no file ending in the .pub extension).

The public key is automatically placed on the server's authorized_keys file(s) at create time - the implication being that the AWS API is used to inform AWS which existing keypair to use prior to creating the instance.

In regular AWS usage, we don't get the public key directly on our machines (we download the private key only). We would have to manually retrieve the public key from and existing ec2 instance prior to running a docker-machine create command.

I'd imagine this would be a bit of a change/special case for the amazonec2 driver, as it would likely change a bit of the flow for where docker-machine stores/expects keys to live?

+1

+1

+1

+1

Don't have permission to create Key Pairs in aws. Only usable for me if an existing Key Pair can be used without creating new ones.

Error creating machine: Error in driver during machine creation: unable to create key pair: UnauthorizedOperation: You are not authorized to perform this operation.

+1

+1