Merge pull request #8157 from r4f4/capi-aws-copy-ami

openshift-merge-bot[bot] · web-flow · commit 2d5dd7def515 · 2024-04-17T08:50:14.000Z
CORS-3050: capi/aws: copy AMI to target region, if needed
diff --git a/pkg/infrastructure/aws/clusterapi/ami.go b/pkg/infrastructure/aws/clusterapi/ami.go
@@ -0,0 +1,78 @@
+package clusterapi
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/sirupsen/logrus"
+
+	"github.com/openshift/installer/pkg/asset/installconfig"
+)
+
+// copyAMIToRegion copies the AMI to the region configured in the installConfig if needed.
+func copyAMIToRegion(ctx context.Context, installConfig *installconfig.InstallConfig, infraID, rhcosImage string) (string, error) {
+	osImage := strings.SplitN(rhcosImage, ",", 2)
+	amiID := osImage[0]
+	amiRegion := installConfig.Config.AWS.Region
+	if len(osImage) > 1 {
+		amiRegion = osImage[1]
+	}
+
+	// Already in target region, nothing to do
+	if amiRegion == installConfig.Config.AWS.Region {
+		return amiID, nil
+	}
+
+	logrus.Infof("Copying AMI to region %s", installConfig.AWS.Region)
+
+	session, err := installConfig.AWS.Session(ctx)
+	if err != nil {
+		return "", fmt.Errorf("failed to get AWS session: %w", err)
+	}
+	client := ec2.New(session)
+
+	res, err := client.CopyImageWithContext(ctx, &ec2.CopyImageInput{
+		Name:          aws.String(fmt.Sprintf("%s-master", infraID)),
+		ClientToken:   aws.String(infraID),
+		Description:   aws.String("Created by Openshift Installer"),
+		SourceImageId: aws.String(amiID),
+		SourceRegion:  aws.String(amiRegion),
+		Encrypted:     aws.Bool(true),
+	})
+	if err != nil {
+		return "", err
+	}
+
+	name := fmt.Sprintf("%s-ami-%s", infraID, installConfig.AWS.Region)
+	amiTags := make([]*ec2.Tag, 0, len(installConfig.Config.AWS.UserTags)+4)
+	for k, v := range installConfig.Config.AWS.UserTags {
+		amiTags = append(amiTags, &ec2.Tag{
+			Key:   aws.String(k),
+			Value: aws.String(v),
+		})
+	}
+	for k, v := range map[string]string{
+		"Name":         name,
+		"sourceAMI":    amiID,
+		"sourceRegion": amiRegion,
+		fmt.Sprintf("kubernetes.io/cluster/%s", infraID): "owned",
+	} {
+		amiTags = append(amiTags, &ec2.Tag{
+			Key:   aws.String(k),
+			Value: aws.String(v),
+		})
+	}
+
+	_, err = client.CreateTagsWithContext(ctx, &ec2.CreateTagsInput{
+		Resources: []*string{res.ImageId},
+		Tags:      amiTags,
+	})
+	if err != nil {
+		return "", fmt.Errorf("failed to tag AMI copy (%s): %w", name, err)
+	}
+
+	return aws.StringValue(res.ImageId), nil
+}
diff --git a/pkg/infrastructure/aws/clusterapi/aws.go b/pkg/infrastructure/aws/clusterapi/aws.go
@@ -8,6 +8,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/sirupsen/logrus"
+	"k8s.io/utils/ptr"
 	capa "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
 	k8sClient "sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -32,6 +33,16 @@ func (*Provider) PreProvision(ctx context.Context, in clusterapi.PreProvisionInp
 	if err := createIAMRoles(ctx, in.InfraID, in.InstallConfig); err != nil {
 		return fmt.Errorf("failed to create IAM roles: %w", err)
 	}
+
+	amiID, err := copyAMIToRegion(ctx, in.InstallConfig, in.InfraID, string(*in.RhcosImage))
+	if err != nil {
+		return fmt.Errorf("failed to copy AMI: %w", err)
+	}
+	for i := range in.MachineManifests {
+		if awsMachine, ok := in.MachineManifests[i].(*capa.AWSMachine); ok {
+			awsMachine.Spec.AMI = capa.AMIReference{ID: ptr.To(amiID)}
+		}
+	}
 	return nil
 }
 
