bosh-bootstrap 0.7.1 → 0.8.0

data/ChangeLog.md

@@ -2,6 +2,12 @@
 
 `bosh-bootstrap` is a command line tool that you can run on your laptop and automatically get a microbosh (and an inception VM) deployed on either AWS or OpenStack.
 
+## v0.8
+
+* SSH keys used to access inception VM are now generated and stored within the `~/.bosh_bootstrap/ssh` folder. This fixes many issues that many people were having (their keys had passphrases, their fog_default keypair was old). It also allows a manifest file to be shared between people as it contains the private key contents, and the private key file will be recreated if it is missing.
+* existing inception VMs' manifest.yml will be upgraded automatically and a backup file created (just in case)
+* tightening of net-ssh & net-scp gems to ensure the bosh-bootstrap gem can be installed [thx @mmb]
+
 ## v0.7
 
 Notable:

data/README.md

@@ -22,9 +22,7 @@ It is now very simple to bootstrap a micro BOSH from a single, local CLI. The bo
 
 To be cute about it, the Stark & Wayne Bosh Bootstrapper aims to provide lifecycle management for the BOSH lifecycle manager. Zing! See the "Deep dive into deploy command" section below for greater understanding why the Stark & Wayne Bosh Bootstrapper is very useful.
 
-[![Build Status](https://travis-ci.org/StarkAndWayne/bosh-bootstrap.png?branch=master)](https://travis-ci.org/StarkAndWayne/bosh-bootstrap)
-
-[![Code Climate](https://codeclimate.com/github/StarkAndWayne/bosh-bootstrap.png)](https://codeclimate.com/github/StarkAndWayne/bosh-bootstrap)
+[![Gem Version](https://badge.fury.io/rb/bosh-bootstrap.png)](http://badge.fury.io/rb/bosh-bootstrap) [![Build Status](https://travis-ci.org/StarkAndWayne/bosh-bootstrap.png?branch=master)](https://travis-ci.org/StarkAndWayne/bosh-bootstrap) [![Code Climate](https://codeclimate.com/github/StarkAndWayne/bosh-bootstrap.png)](https://codeclimate.com/github/StarkAndWayne/bosh-bootstrap)
 
 ## Installation
 

data/bosh-bootstrap.gemspec

@@ -28,7 +28,7 @@ EOS
   gem.add_dependency "settingslogic"
   gem.add_dependency "POpen4"
   gem.add_dependency "net-ssh", "~> 2.2.2"
-  gem.add_dependency "net-scp"
+  gem.add_dependency "net-scp", "~> 1.0.4"
   gem.add_dependency "fog", "~>1.8.0"
   gem.add_dependency "escape"
   gem.add_dependency "redcard"

data/lib/bosh/providers/aws.rb

@@ -187,14 +187,10 @@ class Bosh::Providers::AWS < Bosh::Providers::BaseProvider
     server = fog_compute.servers.new(new_attributes)
 
     unless new_attributes[:key_name]
-      # first or create fog_#{credential} keypair
-      name = Fog.respond_to?(:credential) && Fog.credential || :default
-      unless server.key_pair = fog_compute.key_pairs.get("fog_#{name}")
-        server.key_pair = fog_compute.key_pairs.create(
-          :name => "fog_#{name}",
-          :public_key => server.public_key
-        )
-      end
+      raise "please provide :key_name attribute"
+    end
+    unless private_key_path = new_attributes.delete(:private_key_path)
+      raise "please provide :private_key_path attribute"
     end
 
     if vpc
@@ -215,7 +211,7 @@ class Bosh::Providers::AWS < Bosh::Providers::BaseProvider
 
     server.save
     server.wait_for { ready? }
-    server.setup(:key_data => [server.private_key])
+    server.setup(:keys => [private_key_path])
     server
   end
 

data/lib/bosh/providers/base_provider.rb

@@ -12,4 +12,10 @@ class Bosh::Providers::BaseProvider
   def create_key_pair(key_pair_name)
     fog_compute.key_pairs.create(:name => key_pair_name)
   end
+
+  def delete_key_pair_if_exists(key_pair_name)
+    if fog_key_pair = fog_compute.key_pairs.get(key_pair_name)
+      fog_key_pair.destroy
+    end
+  end
 end

data/lib/bosh-bootstrap/cli.rb

@@ -23,13 +23,13 @@ module Bosh::Bootstrap
 
     desc "deploy", "Bootstrap Micro BOSH, and optionally an Inception VM"
     method_option :fog, :type => :string, :desc => "fog config file (default: ~/.fog)"
-    method_option :"private-key", :type => :string, :desc => "Local passphrase-less private key path"
     method_option :"upgrade-deps", :type => :boolean, :desc => "Force upgrade dependencies, packages & gems"
     method_option :"edge-deployer", :type => :boolean, :desc => "Install bosh deployer from git instead of rubygems"
     method_option :"stable-stemcell", :type => :boolean, :desc => "Use recent stable microbosh stemcell"
     method_option :"latest-stemcell", :type => :boolean, :desc => "Use latest microbosh stemcell; possibly not tagged stable [default]"
     method_option :"edge-stemcell", :type => :boolean, :desc => "Create custom stemcell from BOSH git source"
     def deploy
+      migrate_old_settings
       load_deploy_options # from method_options above
 
       deploy_stage_1_choose_infrastructure_provider
@@ -43,6 +43,7 @@ module Bosh::Bootstrap
     desc "upgrade-inception", "Upgrade inception VM with latest packages, gems, security group ports"
     method_option :"edge-deployer", :type => :boolean, :desc => "Install bosh deployer from git instead of rubygems"
     def upgrade_inception
+      migrate_old_settings
       load_deploy_options # from method_options above
 
       setup_server
@@ -69,6 +70,7 @@ module Bosh::Bootstrap
       opened.
     DESC
     def ssh(cmd=nil)
+      migrate_old_settings
       run_ssh_command_or_open_tunnel(cmd)
     end
 
@@ -78,6 +80,7 @@ module Bosh::Bootstrap
       giving you persistance across disconnects.
     DESC
     def tmux
+      migrate_old_settings
       run_ssh_command_or_open_tunnel(["-t", "tmux attach || tmux new-session"])
     end
 
@@ -87,6 +90,7 @@ module Bosh::Bootstrap
       Requires outgoing UDP port 60001 to the Inception VM
     DESC
     def mosh
+      migrate_old_settings
       open_mosh_session
     end
 
@@ -234,6 +238,10 @@ module Bosh::Bootstrap
         save_settings!
 
         if settings["inception"]["create_new"] && !settings["inception"]["host"]
+          unless settings["inception"]["key_pair"]
+            create_inception_key_pair
+          end
+          recreate_local_ssh_keys_for_inception_vm
           aws? ? boot_aws_inception_vm : boot_openstack_inception_vm
         end
         # If successfully validate inception VM, then save those settings.
@@ -254,6 +262,8 @@ module Bosh::Bootstrap
       def deploy_stage_4_prepare_inception_vm
         unless settings["inception"] && settings["inception"]["prepared"] && !settings["upgrade_deps"]
           header "Stage 4: Preparing the Inception VM"
+          recreate_local_ssh_keys_for_inception_vm
+
           unless run_server(Bosh::Bootstrap::Stages::StagePrepareInceptionVm.new(settings).commands)
             error "Failed to complete Stage 4: Preparing the Inception VM"
           end
@@ -269,6 +279,8 @@ module Bosh::Bootstrap
 
       def deploy_stage_5_deploy_micro_bosh
         header "Stage 5: Deploying micro BOSH"
+        recreate_local_ssh_keys_for_inception_vm
+
         unless run_server(Bosh::Bootstrap::Stages::MicroBoshDeploy.new(settings).commands)
           error "Failed to complete Stage 5: Deploying micro BOSH"
         end
@@ -329,7 +341,8 @@ module Bosh::Bootstrap
 
       def setup_server
         if settings["inception"]["host"]
-          @server = Commander::RemoteServer.new(settings.inception.host, settings.local.private_key_path)
+          private_key_path = settings["inception"]["local_private_key_path"]
+          @server = Commander::RemoteServer.new(settings.inception.host, private_key_path)
           confirm "Using inception VM #{settings.inception.username}@#{settings.inception.host}"
         else
           @server = Commander::LocalServer.new
@@ -358,11 +371,11 @@ module Bosh::Bootstrap
       def run_ssh_command_or_open_tunnel(cmd)
         ensure_inception_vm
         ensure_inception_vm_has_launched
+        recreate_local_ssh_keys_for_inception_vm
 
-        username = 'vcap'
-        host = settings.inception[:host]
-        _, private_key_path = local_ssh_key_paths
-        result = system Escape.shell_command(['ssh', "-i", "#{private_key_path}", "#{username}@#{host}", cmd].flatten.compact)
+        username = "vcap"
+        host = settings["inception"]["host"]
+        result = system Escape.shell_command(["ssh", "-i", inception_vm_private_key_path, "#{username}@#{host}", cmd].flatten.compact)
         exit result
       end
 
@@ -382,6 +395,7 @@ module Bosh::Bootstrap
         ensure_mosh_installed
         ensure_inception_vm
         ensure_inception_vm_has_launched
+        recreate_local_ssh_keys_for_inception_vm
         ensure_security_group_allows_mosh
 
         username = 'vcap'
@@ -472,21 +486,6 @@ module Bosh::Bootstrap
         # be uploaded with values such as:
         #  -> settings["micro_bosh_stemcell_name"] = "micro-bosh-stemcell-aws-0.8.1.tgz"
 
-        if options["private-key"]
-          private_key_path = File.expand_path(options["private-key"])
-          unless File.exists?(private_key_path)
-            error "Cannot find a file at #{private_key_path}"
-          end
-          public_key_path = "#{private_key_path}.pub"
-          unless File.exists?(public_key_path)
-            error "Cannot find a file at #{public_key_path}"
-          end
-
-          settings["local"] ||= {}
-          settings["local"]["private_key_path"] = private_key_path
-          settings["local"]["public_key_path"] = public_key_path
-        end
-
         if options["upgrade-deps"]
           settings["upgrade_deps"] = options["upgrade-deps"]
         else
@@ -806,14 +805,53 @@ module Bosh::Bootstrap
         end
       end
 
+      # Creates a key pair with the provider for the inception VM.
+      # Stores the private & public key in settings manifest.
+      #
+      # If provider already has a key pair of the same name, it re-creates it.
+      #
+      # Adds settings:
+      # * inception.key_pair.name
+      # * inception.key_pair.public_key
+      # * inception.key_pair.private_key
+      # * inception.key_pair.fingerprint
+      def create_inception_key_pair
+        say "Creating ssh key pair for Inception VM..."
+        create_key_pair_store_in_settings("inception")
+      end
+
+      # Creates a key pair with the provider.
+      # Stores the private & public key in settings manifest.
+      #
+      # If provider already has a key pair of the same name, it re-creates it.
+      #
+      # Adds settings:
+      # * <settings_key>.key_pair.name        # defaults to settings_key value
+      # * <settings_key>.key_pair.public_key
+      # * <settings_key>.key_pair.private_key
+      # * <settings_key>.key_pair.fingerprint
+      def create_key_pair_store_in_settings(settings_key, default_key_pair_name = settings_key)
+        settings[settings_key] ||= {}
+        settings[settings_key]["key_pair"] ||= {}
+        key_pair_settings = settings[settings_key]["key_pair"]
+        key_pair_settings["name"] ||= default_key_pair_name
+        key_pair_name = key_pair_settings["name"]
+
+        provider.delete_key_pair_if_exists(key_pair_name)
+        fog_key_pair = provider.create_key_pair(key_pair_name)
+
+        key_pair_settings["private_key"] = fog_key_pair.private_key
+        key_pair_settings["public_key"]  = fog_key_pair.public_key
+        key_pair_settings["fingerprint"] = fog_key_pair.fingerprint
+        save_settings!
+      end
+
       # Provisions an AWS m1.small VM as the inception VM
       # Updates settings.inception.host/username
       #
       # NOTE: if any stage fails, when the CLI is re-run
       # and "create new server" is selected again, the process should
       # complete
-      #
-      # Assumes that local CLI user has public/private keys at ~/.ssh/id_rsa.pub
       def boot_aws_inception_vm
         say "" # glowing whitespace
 
@@ -823,15 +861,15 @@ module Bosh::Bootstrap
           save_settings!
         end
 
-        public_key_path, private_key_path = local_ssh_key_paths
         unless settings["inception"] && settings["inception"]["server_id"]
           username = "ubuntu"
           size = "m1.small"
           ip_address = settings["inception"]["ip_address"]
+          key_name = settings["inception"]["key_pair"]["name"]
           say "Provisioning #{size} for inception VM..."
           inception_vm_attributes = {
-            :public_key_path => public_key_path,
-            :private_key_path => private_key_path,
+            :key_name => key_name,
+            :private_key_path => inception_vm_private_key_path,
             :flavor_id => size,
             :bits => 64,
             :username => "ubuntu",
@@ -847,7 +885,7 @@ module Bosh::Bootstrap
             error "Something mysteriously cloudy happened and fog could not provision a VM. Please check your limits."
           end
 
-          settings["inception"] = {}
+          settings["inception"].delete("create_new")
           settings["inception"]["server_id"] = server.id
           settings["inception"]["username"] = username
           save_settings!
@@ -885,25 +923,9 @@ module Bosh::Bootstrap
       # NOTE: if any stage fails, when the CLI is re-run
       # and "create new server" is selected again, the process should
       # complete
-      #
-      # Assumes that local CLI user has public/private keys at ~/.ssh/id_rsa.pub
       def boot_openstack_inception_vm
         say "" # glowing whitespace
 
-        public_key_path, private_key_path = local_ssh_key_paths
-
-        # make sure we've a fog key pair
-        key_pair_name = Fog.respond_to?(:credential) && Fog.credential || :default
-        unless key_pair = fog_compute.key_pairs.get("fog_#{key_pair_name}")
-          say "creating key pair fog_#{key_pair_name}..."
-          public_key = File.open(public_key_path, 'rb') { |f| f.read }
-          key_pair = fog_compute.key_pairs.create(
-            :name => "fog_#{key_pair_name}",
-            :public_key => public_key
-          )
-        end
-        confirm "Using key pair #{key_pair.name} for Inception VM"
-
         unless settings["inception"] && settings["inception"]["server_id"]
           username = "ubuntu"
           say "Provisioning server for inception VM..."
@@ -951,12 +973,12 @@ module Bosh::Bootstrap
           say ""
           confirm "Using image #{inception_image.name} for Inception VM"
 
+          key_name = settings["inception"]["key_pair"]["name"]
+
           # Boot OpenStack server
           server = fog_compute.servers.create(
             :name => "Inception VM",
-            :key_name => key_pair.name,
-            :public_key_path => public_key_path,
-            :private_key_path => private_key_path,
+            :key_name => key_name,
             :flavor_ref => inception_flavor.id,
             :image_ref => inception_image.id,
             :username => username
@@ -1074,30 +1096,37 @@ module Bosh::Bootstrap
       end
 
       def display_inception_ssh_access
-        _, private_key_path = local_ssh_key_paths
-        say "SSH access: ssh -i #{private_key_path} #{settings["inception"]["username"]}@#{settings["inception"]["host"]}"
+        say "SSH access: ssh -i #{inception_vm_private_key_path} #{settings["inception"]["username"]}@#{settings["inception"]["host"]}"
       end
 
       def run_server(server_commands)
         server.run(server_commands)
       end
 
-      # Discover/create local passphrase-less SSH keys to allow
-      # communication with Inception VM
-      #
-      # Returns [public_key_path, private_key_path]
-      def local_ssh_key_paths
-        unless settings["local"] && settings["local"]["private_key_path"]
-          settings["local"] = {}
-          public_key_path = File.expand_path("~/.ssh/id_rsa.pub")
-          private_key_path = File.expand_path("~/.ssh/id_rsa")
-          raise "Please create public keys at ~/.ssh/id_rsa.pub or use --private-key flag" unless File.exists?(public_key_path)
-
-          settings["local"]["public_key_path"] = public_key_path
-          settings["local"]["private_key_path"] = private_key_path
+      def inception_vm_private_key_path
+        unless settings["inception"] && settings["inception"]["local_private_key_path"]
+          settings["inception"] ||= {}
+          settings["inception"]["local_private_key_path"] = File.join(settings_ssh_dir, "inception")
           save_settings!
         end
-        [settings.local.public_key_path, settings.local.private_key_path]
+        settings["inception"]["local_private_key_path"]
+      end
+
+      # The keys for the inception VM originate from the provider and are cached in
+      # the manifest. The private key is stored locally; the public key is placed
+      # on the inception VM.
+      def recreate_local_ssh_keys_for_inception_vm
+        unless settings["inception"] && (key_pair = settings["inception"]["key_pair"])
+          raise "please run create_inception_key_pair first"
+        end
+        private_key_contents = key_pair["private_key"]
+        unless File.exist?(inception_vm_private_key_path) && File.read(inception_vm_private_key_path) == private_key_contents
+          say "Creating missing inception VM private key..."
+          mkdir_p(File.dirname(inception_vm_private_key_path))
+          File.chmod(0700, File.dirname(inception_vm_private_key_path))
+          File.open(inception_vm_private_key_path, "w") { |file| file << private_key_contents }
+          File.chmod(0600, inception_vm_private_key_path)
+        end
       end
 
       def aws?

data/lib/bosh-bootstrap/commander/remote_server.rb

@@ -77,11 +77,13 @@ class Bosh::Bootstrap::Commander::RemoteServer
       file << contents
       file.flush
       logfile.puts "uploading #{remote_path} to Inception VM"
-      Net::SCP.upload!(host, upload_as_user, file.path, remote_path, ssh: { keys: keys_array })
+      Net::SCP.upload!(host, upload_as_user, file.path, remote_path, ssh: { keys: private_keys })
     end
     true
   rescue StandardError => e
+    logfile.puts "ERROR running upload_file(#{command.class}, '#{remote_path}', ...)"
     logfile.puts e.message
+    logfile.puts e.backtrace
     false
   end
 
@@ -102,7 +104,7 @@ class Bosh::Bootstrap::Commander::RemoteServer
       "bash -lc 'sudo /usr/bin/env PATH=$PATH #{remote_path}'"
     ]
     script_output = ""
-    results = Fog::SSH.new(host, username, keys: keys_array).run(commands) do |stdout, stderr|
+    results = Fog::SSH.new(host, username, keys: private_keys).run(commands) do |stdout, stderr|
       [stdout, stderr].flatten.each do |data|
         logfile << data
         script_output << data
@@ -113,17 +115,17 @@ class Bosh::Bootstrap::Commander::RemoteServer
     [script_output, result_success]
   end
 
-  # Produce the :keys option for Net::SSH
-  def keys_array
-    # path to local private key being used
-    [private_key_path]
-  end
-
   def run_remote_command(command, username)
-    Net::SSH.start(host, username, keys: keys_array) do |ssh|
+    Net::SSH.start(host, username, keys: private_keys) do |ssh|
       ssh.exec!("bash -lc '#{command}'") do |channel, stream, data|
         logfile << data
       end
     end
   end
+
+  # path to local private key being used
+  def private_keys
+    [private_key_path]
+  end
+
 end

data/lib/bosh-bootstrap/helpers/settings.rb

@@ -28,9 +28,71 @@ module Bosh::Bootstrap::Helpers::Settings
     @settings = nil # force to reload & recreate helper methods
   end
 
+  # the base directory for holding the manifest settings file
+  # and private keys
+  #
+  # Defaults to ~/.bosh_bootstrap; and can be overridden with either:
+  # * $SETTINGS - to a folder (supported method)
+  # * $MANIFEST - to a folder (unsupported)
+  # * $MANIFEST - to a specific file; but uses its parent dir (unsupported, backwards compatibility)
+  def settings_dir
+    @settings_dir ||= begin
+      settings_dir = ENV["SETTINGS"] if ENV["SETTINGS"]
+      settings_dir ||= ENV["MANIFEST"] if ENV["MANIFEST"]
+      settings_dir = File.dirname(settings_dir) if settings_dir && File.file?(settings_dir)
+      settings_dir ||= "~/.bosh_bootstrap"
+      File.expand_path(settings_dir)
+    end
+  end
+
   def settings_path
-    manifest_path = ENV["MANIFEST"] || "~/.bosh_bootstrap/manifest.yml"
-    File.expand_path(manifest_path)
+    File.join(settings_dir, "manifest.yml")
+  end
+
+  def settings_ssh_dir
+    File.join(settings_dir, "ssh")
+  end
+
+  def backup_current_settings_file
+    backup_path = "#{settings_path}.bak"
+    FileUtils.cp_r(settings_path, backup_path)
+  end
+
+  def migrate_old_settings
+    if migrate_old_ssh_keys?
+      say "Upgrading settings manifest file:"
+      backup_current_settings_file
+    end
+    migrate_old_ssh_keys
+  end
+
+  # Do we need to migrate old ssh keys to new settings format?
+  def migrate_old_ssh_keys?
+    settings["local"] && settings["local"]["private_key_path"]
+  end
+
+  # Migrate this old data
+  #   local:
+  #     public_key_path: /Users/drnic/.ssh/id_rsa.pub
+  #     private_key_path: /Users/drnic/.ssh/id_rsa
+  # into new format:
+  #   inception:
+  #     local_private_key_path: ~/.bosh_bootstrap/ssh/inception (copy of settings.local.private_key_path)
+  #     key_pair:
+  #       name: <name of provider key_pair used when provisioning inception VM>
+  #       private_key: <contents of settings.local.private_key_path file>
+  #       public_key: <contents of settings.local.public_key_path file>
+  def migrate_old_ssh_keys
+    if migrate_old_ssh_keys?
+      say "-> migrating to cache private key for inception VM..."
+      inception_vm_private_key_path # to setup the path in settings
+      settings["inception"]["key_pair"] ||= {}
+      settings["inception"]["key_pair"]["name"] = "fog_default"
+      settings["inception"]["key_pair"]["private_key"] = File.read(settings["local"]["private_key_path"]).strip
+      settings["inception"]["key_pair"]["public_key"] = File.read(settings["local"]["public_key_path"]).strip
+      settings.delete("local")
+      save_settings!
+    end
   end
 
 end

data/lib/bosh-bootstrap/stages/stage_prepare_inception_vm/install_bosh

@@ -33,7 +33,7 @@ if [[ "${INSTALL_BOSH_FROM_SOURCE}X" != "X" ]]; then
 
   cd /var/vcap/store/repos/bosh
   bundle --deployment
-  bundle exec rake all:install
+  bundle --binstubs=/usr/local/sbin
 
 else
   install_gem bosh_deployer

data/lib/bosh-bootstrap/version.rb

@@ -1,5 +1,5 @@
 module Bosh
   module Bootstrap
-    VERSION = "0.7.1"
+    VERSION = "0.8.0"
   end
 end

data/spec/spec_helper.rb

@@ -29,15 +29,9 @@ end
 
 def setup_home_dir
   home_dir = File.expand_path("../../tmp/home", __FILE__)
+  FileUtils.rm_rf(home_dir)
   FileUtils.mkdir_p(home_dir)
   ENV['HOME'] = home_dir
-
-  private_key = File.join(home_dir, ".ssh", "id_rsa")
-  unless File.exists?(private_key)
-    puts "Creating private keypair for inception VM specs..."
-    mkdir_p(File.dirname(private_key))
-    sh "ssh-keygen -f #{home_dir}/.ssh/id_rsa -N ''"
-  end
 end
 
 RSpec.configure do |c|

data/spec/unit/aws_spec.rb

@@ -9,8 +9,6 @@ describe "AWS deployment" do
   before do
     Fog.mock!
     Fog::Mock.reset
-    ENV['MANIFEST'] = File.expand_path("../../../tmp/test-manifest.yml", __FILE__)
-    rm_rf(ENV['MANIFEST'])
     @cmd = Bosh::Bootstrap::Cli.new
     @fog_credentials = {
       :provider                 => 'AWS',
@@ -18,8 +16,9 @@ describe "AWS deployment" do
       :aws_access_key_id        => 'YYY'
     }
 
+    @region = "us-west-2"
     setting "bosh_provider", "aws"
-    setting "region_code", "us-west-2"
+    setting "region_code", @region
     setting "bosh_name", "test-bosh"
     setting "inception.create_new", true
     setting "bosh_username", "testuser"
@@ -38,7 +37,7 @@ describe "AWS deployment" do
   end
 
   def fog
-    @fog ||= connection = Fog::Compute.new(@fog_credentials.merge(:region => "us-west-2"))
+    @fog ||= connection = Fog::Compute.new(@fog_credentials.merge(:region => @region))
   end
 
   def expected_manifest_content(filename, public_ip, subnet_id = nil)
@@ -48,7 +47,7 @@ describe "AWS deployment" do
     YAML.load(file)
   end
 
-  it "creates a VPC inception/microbosh with the associated resources" do
+  xit "creates a VPC inception/microbosh with the associated resources" do
     # create a VPC
     # create a BOSH subnet 10.10.0.0/24
     # create BOSH security group
@@ -121,11 +120,28 @@ describe "AWS deployment" do
     @cmd.stub(:sleep)
     @cmd.should_receive(:deploy_stage_6_setup_new_bosh)
     @cmd.deploy
+    @settings = nil # reload settings file
 
     fog.addresses.should have(2).item
     inception_ip_address = fog.addresses.first
     inception_ip_address.domain.should == "standard"
 
+    inception_kp = fog.key_pairs.find { |kp| kp.name == "inception" }
+    inception_kp.should_not be_nil
+
+    inception_kp = fog.key_pairs.find { |kp| kp.name == "fog_default" }
+    inception_kp.should be_nil
+
+    fog.key_pairs.should have(2).item
+
+    settings["inception"].should_not be_nil
+    p settings["inception"]
+    settings["inception"]["key_pair"].should_not be_nil
+    settings["inception"]["key_pair"]["name"].should_not be_nil
+    settings["inception"]["key_pair"]["private_key"].should_not be_nil
+    settings["inception"]["local_private_key_path"].should == File.join(ENV['HOME'], ".bosh_bootstrap", "ssh", "inception")
+    File.should_not be_world_readable(settings["inception"]["local_private_key_path"])
+
     fog.vpcs.should have(0).item
     fog.servers.should have(1).item
     fog.security_groups.should have(2).item

data/spec/unit/cli_spec.rb

@@ -7,8 +7,6 @@ describe Bosh::Bootstrap do
   include Bosh::Bootstrap::Helpers::SettingsSetter
 
   before do
-    ENV['MANIFEST'] = File.expand_path("../../../tmp/test-manifest.yml", __FILE__)
-    rm_rf(ENV['MANIFEST'])
     @cmd = Bosh::Bootstrap::Cli.new
     setting "git.name", "Dr Nic Williams"
     setting "git.email", "drnicwilliams@gmail.com"
@@ -48,16 +46,20 @@ describe Bosh::Bootstrap do
       @cmd.deploy
     end
 
-    it "stage 3 - create inception VM"
-    #  do
-    #   testing_stage(3)
-    #   setting "fog_credentials.provider", "AWS"
-    #   @cmd.should_receive(:run_server).and_return(true)
-    #   @cmd.deploy
-    # end
+    it "stage 3 - create inception VM" do
+      testing_stage(3)
+      setting "inception.username", "ubuntu"
+      setting "inception.key_pair.private_key", "INCEPTION_PRIVATE_KEY"
+      setting "inception.key_pair.public_key", "INCEPTION_PUBLIC_KEY"
+      setting "inception.key_pair.name", "inception"
+      setting "fog_credentials.provider", "AWS"
+      @cmd.should_receive(:run_server).and_return(true)
+      @cmd.deploy
+    end
 
     it "stage 4 - prepare inception VM" do
       testing_stage(4)
+      @cmd.should_receive(:recreate_local_ssh_keys_for_inception_vm)
       setting "inception.username", "ubuntu"
       setting "bosh.password", "UNSALTED"
       @cmd.should_receive(:run_server).and_return(true)
@@ -66,6 +68,7 @@ describe Bosh::Bootstrap do
 
     it "stage 5 - download stemcell and deploy microbosh" do
       testing_stage(5)
+      @cmd.should_receive(:recreate_local_ssh_keys_for_inception_vm)
       setting "bosh_provider", "aws"
       setting "micro_bosh_stemcell_name", "micro-bosh-stemcell-aws-0.8.1.tgz"
       setting "bosh_username", "drnic"

data/spec/unit/cli_ssh_spec.rb

@@ -8,18 +8,23 @@ require File.expand_path("../../spec_helper", __FILE__)
 # * mosh
 describe Bosh::Bootstrap do
   include FileUtils
+  include Bosh::Bootstrap::Helpers::SettingsSetter
 
   before do
-    ENV['MANIFEST'] = File.expand_path("../../../tmp/test-manifest.yml", __FILE__)
-    rm_rf(ENV['MANIFEST'])
     @cmd = Bosh::Bootstrap::Cli.new
   end
 
+  # used by +SettingsSetter+ to access the settings
+  def settings
+    @cmd.settings
+  end
+
   describe "ssh" do
     before do
-      @cmd.settings["inception"] = {}
-      @cmd.settings["inception"]["host"] = "5.5.5.5"
-      @private_key_path = File.join(ENV['HOME'], ".ssh", "id_rsa")
+      setting "inception.host", "5.5.5.5"
+      setting "inception.key_pair.private_key", "PRIVATE"
+      setting "inception.key_pair.public_key", "PUBLIC"
+      @private_key_path = File.join(ENV['HOME'], ".bosh_bootstrap", "ssh", "inception")
     end
 
     describe "normal" do

data/spec/unit/cli_upgrade_inception_spec.rb

@@ -13,8 +13,6 @@ describe Bosh::Bootstrap do
   end
 
   before do
-    ENV['MANIFEST'] = File.expand_path("../../../tmp/test-manifest.yml", __FILE__)
-    rm_rf(ENV['MANIFEST'])
     @cmd = Bosh::Bootstrap::Cli.new
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bosh-bootstrap
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.8.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-03-03 00:00:00.000000000 Z
+date: 2013-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -96,17 +96,17 @@ dependencies:
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.0.4
 - !ruby/object:Gem::Dependency
   name: fog
   requirement: !ruby/object:Gem::Requirement
@@ -313,7 +313,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 2218589769012560406
+      hash: -2834867507731150222
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.25