forked from zalando-stups/taupage
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathcreate-ami.sh
More file actions
executable file
·267 lines (209 loc) · 7.96 KB
/
create-ami.sh
File metadata and controls
executable file
·267 lines (209 loc) · 7.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
#!/usr/bin/env bash
set -x
# finally terminate ec2 instance
function finally {
if [ $DRY_RUN = true ]; then
echo "Dry run requested; skipping server termination"
else
# delete instance
echo "Terminating server..."
aws ec2 terminate-instances --region $region --instance-ids $instanceid > /dev/null
# Cleanup files
rm -f ssh_config $keyfile
fi
}
trap finally EXIT TERM SEGV ABRT QUIT INT
# default description (may be overriden by config file)
ami_description="TEST Taupage AMI with Docker runtime"
# argument parsing
if [ "$1" = "--dry-run" ]; then
echo "Dry run requested."
DRY_RUN=true
shift
else
DRY_RUN=false
fi
if [ -z "$1" ] || [ ! -r "$1" ]; then
echo "Usage: $0 [--dry-run] <config-file>" >&2
exit 1
fi
CONFIG_FILE=./$1
# load configuration file
source $CONFIG_FILE
# reset path
cd $(dirname $0)
if [ ! -f "$secret_dir/secret-vars.sh" ]; then
echo "Missing secret-vars.sh in secret dir" >&2
exit 1
fi
# create server
echo "Starting a base server..."
result=$(aws ec2 run-instances \
--image-id $base_ami \
--count 1 \
--associate-public-ip-address \
--instance-type $instance_type \
--key-name $keypair \
--security-group-ids $security_group \
--output json \
--region $region \
--subnet-id $subnet)
instanceid=$(echo $result | jq .Instances\[0\].InstanceId | sed 's/"//g')
echo "Instance: $instanceid"
aws ec2 create-tags --region $region --resources $instanceid --tags "Key=Name,Value=Taupage AMI Builder"
while [ true ]; do
result=$(aws ec2 describe-instances --region $region --instance-id $instanceid --output json)
ip=$(echo $result | jq .Reservations\[0\].Instances\[0\].PublicIpAddress | sed 's/"//g')
[ ! -z "$ip" ] && [ "$ip" != "null" ] && break
echo "Waiting for public IP..."
sleep 5
done
echo "IP: $ip"
# wait for server
while [ true ]; do
echo "Waiting for server..."
set +e
ssh $ssh_args ubuntu@$ip echo >/dev/null
alive=$?
set -e
if [ $alive -eq 0 ]; then
break
fi
sleep 2
done
if [[ $OSTYPE == darwin* ]]; then
# Disable tar'ing resource forks on Macs
export COPYFILE_DISABLE=true
fi
# upload files
echo "Uploading runtime/* files to server..."
tar cv -C runtime --exclude=__pycache__ . | ssh $ssh_args ubuntu@$ip sudo tar xv --no-same-owner --no-overwrite-dir -C /
echo "Set link to old taupage file"
ssh $ssh_args ubuntu@$ip sudo ln -s /meta/taupage.yaml /etc/taupage.yaml
echo "Uploading build/* files to server..."
tar cv build | ssh $ssh_args ubuntu@$ip sudo tar xv --no-same-owner -C /tmp
echo "Uploading secret/* files to server..."
tar cv -C $secret_dir . | ssh $ssh_args ubuntu@$ip sudo tar xv --no-same-owner -C /tmp/build
if [ ! -z "$proprietary_dir" ]; then
echo "Uploading proprietary/* files to server..."
ssh $ssh_args ubuntu@$ip sudo mkdir /opt/proprietary
tar cv -C $proprietary_dir . | ssh $ssh_args ubuntu@$ip sudo tar xv --no-same-owner -C /opt/proprietary
fi
ssh $ssh_args ubuntu@$ip find /tmp/build
# execute upgrade script
echo "Executing upgrade script..."
ssh $ssh_args ubuntu@$ip sudo /tmp/build/upgrade.sh
# # reboot instance so that kernel upgrades can take effect
echo "Rebooting instance"
aws ec2 reboot-instances --region $region --instance-ids $instanceid
sleep 60
echo "Uploading runtime/* files to server..."
tar cv -C runtime --exclude=__pycache__ . | ssh $ssh_args ubuntu@$ip sudo tar xv --no-same-owner --no-overwrite-dir -C /
echo "Uploading build/* files to server..."
tar cv build | ssh $ssh_args ubuntu@$ip sudo tar xv --no-same-owner -C /tmp
echo "Uploading secret/* files to server..."
tar cv -C $secret_dir . | ssh $ssh_args ubuntu@$ip sudo tar xv --no-same-owner -C /tmp/build
# execute setup script
echo "Executing setup script..."
ssh $ssh_args ubuntu@$ip sudo /tmp/build/setup.sh
if [ $DRY_RUN = true ]; then
echo "Dry run requested; skipping image creation and sharing!"
exit 0
fi
# cleanup build scripts
echo "Cleaning up build files from server..."
ssh $ssh_args ubuntu@$ip sudo rm -rf /tmp/build
# remove ubuntu user
# echo "Removing ubuntu user from system..."
# ssh $ssh_args ubuntu@$ip sudo /tmp/delete-ubuntu-user-wrapper.sh
# echo "Giving deluser some time..."
# sleep 15
echo "Stopping instance to enable ENA support"
aws ec2 stop-instances --region $region --instance-ids $instanceid
while [[ $(aws ec2 describe-instances --region $region --instance-id $instanceid --output json | jq -r '.Reservations[].Instances[].State.Name') != "stopped" ]]; do
echo "Waiting for Instance.State == 'stopped'"
sleep 5
done
echo "Setting EnaSupport flag"
aws ec2 modify-instance-attribute --region $region --instance-id $instanceid --ena-support
# create ami
ami_name="Taupage${ami_suffix}-AMI-$(date +%Y%m%d-%H%M%S)"
echo "Creating $ami_name ..."
result=$(aws ec2 create-image \
--region $region \
--instance-id $instanceid \
--output json \
--name $ami_name \
--description "$ami_description")
imageid=$(echo $result | jq .ImageId | sed 's/"//g')
echo "Image: $imageid"
state="no state yet"
while [ true ]; do
echo "Waiting for AMI creation... ($state)"
result=$(aws ec2 describe-images --region $region --output json --image-id $imageid)
state=$(echo $result | jq .Images\[0\].State | sed 's/"//g')
if [ "$state" = "failed" ]; then
echo "Image creation failed."
exit 1
elif [ "$state" = "available" ]; then
break
fi
sleep 10
done
# run tests
./test.sh $CONFIG_FILE $imageid
# Early exit if tests failed
EXITCODE_TESTS=$?
if [ $EXITCODE_TESTS -ne 0 ]; then
echo "!!! AMI $ami_name ($imageid) create failed "
exit $EXITCODE_TESTS
fi
# TODO exit if git is dirty
rm -f ./list_of_new_amis
echo "$region,$imageid" >> ./list_of_new_amis
echo "Attaching launch permission to accounts: $accounts"
# get commitID
commit_id=$( git rev-parse HEAD )
# Tag AMI with commit id
aws ec2 create-tags --region $region --resources $imageid --tags Key=CommitID,Value=$commit_id
# share ami
for account in $accounts; do
echo "Sharing AMI with account $account ..."
aws ec2 modify-image-attribute --region $region --image-id $imageid --launch-permission "{\"Add\":[{\"UserId\":\"$account\"}]}"
done
for target_region in $copy_regions; do
echo "Copying AMI to region $target_region ..."
result=$(aws ec2 copy-image --source-region $region --source-image-id $imageid --region $target_region --name $ami_name --description "$ami_description" --output json)
target_imageid=$(echo $result | jq .ImageId | sed 's/"//g')
state="no state yet"
while [ true ]; do
echo "Waiting for AMI creation in $target_region ... ($state)"
result=$(aws ec2 describe-images --region $target_region --output json --image-id $target_imageid)
state=$(echo $result | jq .Images\[0\].State | sed 's/"//g')
if [ "$state" = "failed" ]; then
echo "Image creation failed."
exit 1
elif [ "$state" = "available" ]; then
break
fi
sleep 10
done
# Tag the copied AMI in the target region
aws ec2 create-tags --region $target_region --resources $target_imageid --tags Key=CommitID,Value=$commit_id
for account in $accounts; do
echo "Sharing AMI with account $account ..."
aws ec2 modify-image-attribute --region $target_region --image-id $target_imageid --launch-permission "{\"Add\":[{\"UserId\":\"$account\"}]}"
#write ami and region to file for later parsing
done
echo "$target_region,$target_imageid" >> ./list_of_new_amis
done
#git add new release tag
# git tag $ami_name
# git push --tags
# finished!
echo "AMI $ami_name ($imageid) successfully created and shared."
# HipChat notification
if [ "$hipchat_notification_enabled" = 'true' ]; then
echo "Sending HipChat notification..."
curl -s -S -X POST -H "Content-Type: application/json" -d "{\"message\":\"$hipchat_message\"}" "https://${hipchat_server_address}/v2/room/${hipchat_room_id}/notification?auth_token=${hipchat_auth_token}"
fi