Merge pull request #573 from marineam/ami

oem/ami: write ami index files to storage after copy
2026-05-04 19:56:32 +02:00 · 2016-07-18 13:24:00 -07:00 · 2016-07-18 13:24:00 -07:00 · 2858074a8b
commit 2858074a8b
parent 951eba86dd 8f0bd31486
3 changed files with 136 additions and 44 deletions
--- a/oem/ami/prod.sh
+++ b/oem/ami/prod.sh
@ -19,3 +19,5 @@ $DIR/copy_ami.sh -l 477645798544 ${args}

 source $DIR/ami-builder-us-gov-auth.sh
 $DIR/import.sh ${args}
+
+update_json.sh ${args}
--- a/oem/ami/publish_ami.sh
+++ b/oem/ami/publish_ami.sh
@ -10,7 +10,6 @@ USAGE="Usage: $0 -V 100.0.0
    -V VERSION  Find AMI by CoreOS version. (required)
    -b BOARD    Set to the board name, default is amd64-usr
    -g GROUP    Set the update group, default is alpha
-    -s STORAGE  GS URL for Google storage to upload to.
    -h          this ;-)
    -v          Verbose, see all the things!

@ -18,7 +17,6 @@ This script must be run from an ec2 host with the ec2 tools installed.
 "

 IMAGE="coreos_production_ami"
-GS_URL="gs://builds.release.core-os.net"
 AMI=
 VER=
 BOARD="amd64-usr"
@ -34,7 +32,6 @@ do
        V) VER="$OPTARG";;
        b) BOARD="$OPTARG";;
        g) GROUP="$OPTARG";;
-        s) GS_URL="$OPTARG";;
        h) echo "$USAGE"; exit;;
        v) set -x;;
        *) exit 1;;
@ -78,17 +75,6 @@ for r in "${ALL_REGIONS[@]}"; do
    HVM_AMIS[${r}]=$HVM
 done

-# ignore this crap: /usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
-upload_file() {
-    local name="$1"
-    local content="$2"
-    url="$GS_URL/$GROUP/boards/$BOARD/$VER/${IMAGE}_${name}"
-    echo -e "$content" \
-        | python -W "ignore:Not using mpz_powm_sec" \
-        `which gsutil` cp - "$url"
-    echo "OK, ${url}=${content}"
-}
-
 publish_ami() {
    local r="$1"
    local virt_type="$2"
@ -118,42 +104,12 @@ publish_ami() {
    echo "Making $r_amiid in $r public"
    ec2-modify-image-attribute --region "$r" \
        "$r_amiid" --launch-permission -a all
-
-    # compatibility name from before addition of hvm
-    if [[ "${virt_type}" == "pv" ]]; then
-        upload_file "${r}.txt" "$r_amiid"
-    fi
-
-    upload_file "${virt_type}_${r}.txt" "$r_amiid"
 }

-PV_ALL=""
 for r in "${!AMIS[@]}"; do
    publish_ami "$r" pv "${AMIS[$r]}"
-    PV_ALL+="|${r}=${AMIS[$r]}"
 done
-PV_ALL="${PV_ALL#|}"

-HVM_ALL=""
 for r in "${!HVM_AMIS[@]}"; do
    publish_ami "$r" hvm "${HVM_AMIS[$r]}"
-    HVM_ALL+="|${r}=${HVM_AMIS[$r]}"
 done
-HVM_ALL="${HVM_ALL#|}"
-
-AMI_ALL="{\n  \"amis\": ["
-for r in "${ALL_REGIONS[@]}"; do
-	AMI_ALL+="\n    {"
-	AMI_ALL+="\n      \"name\": \"${r}\","
-	AMI_ALL+="\n      \"pv\":   \"${AMIS[$r]}\","
-	AMI_ALL+="\n      \"hvm\":  \"${HVM_AMIS[$r]}\""
-	AMI_ALL+="\n    },"
-done
-AMI_ALL="${AMI_ALL%,}"
-AMI_ALL+="\n  ]\n}"
-
-upload_file "all.txt" "${PV_ALL}"
-upload_file "pv.txt" "${PV_ALL}"
-upload_file "hvm.txt" "${HVM_ALL}"
-upload_file "all.json" "${AMI_ALL}"
-echo "Done"
--- a/oem/ami/update_json.sh
+++ b/oem/ami/update_json.sh
@ -0,0 +1,134 @@
+#!/bin/bash
+#
+# Set pipefail along with -e in hopes that we catch more errors
+set -e -o pipefail
+
+DIR=$(dirname $0)
+source $DIR/regions.sh
+
+USAGE="Usage: $0 -V 100.0.0
+    -V VERSION  Find AMI by CoreOS version. (required)
+    -b BOARD    Set to the board name, default is amd64-usr
+    -g GROUP    Set the update group, default is alpha
+    -s STORAGE  GS URL for Google storage to upload to.
+    -h          this ;-)
+    -v          Verbose, see all the things!
+
+This script must be run from an ec2 host with the ec2 tools installed.
+"
+
+IMAGE="coreos_production_ami"
+GS_URL="gs://builds.release.core-os.net"
+AMI=
+VER=
+BOARD="amd64-usr"
+GROUP="alpha"
+
+clean_version() {
+    sed -e 's%[^A-Za-z0-9()\\./_-]%_%g' <<< "$1"
+}
+
+while getopts "V:b:g:s:hv" OPTION
+do
+    case $OPTION in
+        V) VER="$OPTARG";;
+        b) BOARD="$OPTARG";;
+        g) GROUP="$OPTARG";;
+        s) GS_URL="$OPTARG";;
+        h) echo "$USAGE"; exit;;
+        v) set -x;;
+        *) exit 1;;
+    esac
+done
+
+if [[ $(id -u) -eq 0 ]]; then
+    echo "$0: This command should not be ran run as root!" >&2
+    exit 1
+fi
+
+if [[ ! -n "$VER" ]]; then
+    echo "$0: AMI version required via -V" >&2
+    echo "$USAGE" >&2
+    exit 1
+fi
+
+search_name=$(clean_version "CoreOS-$GROUP-$VER")
+declare -A AMIS HVM_AMIS
+for r in "${ALL_REGIONS[@]}"; do
+    # Hacky but avoids writing an indirection layer to handle auth...
+    if [[ "${r}" == "us-gov-west-1" ]]; then
+        source $DIR/ami-builder-us-gov-auth.sh
+    else
+        source $DIR/marineam-auth.sh
+    fi
+
+    AMI=$(ec2-describe-images --region=${r} -F name="${search_name}" \
+        | grep -m1 ^IMAGE | cut -f2) || true
+    if [[ -z "$AMI" ]]; then
+        echo "$0: Cannot find an AMI named ${search_name} in ${r}" >&2
+        exit 1
+    fi
+    AMIS[${r}]=$AMI
+    HVM=$(ec2-describe-images --region=${r} -F name="${search_name}-hvm" \
+        | grep -m1 ^IMAGE | cut -f2) || true
+    if [[ -z "$HVM" ]]; then
+        echo "$0: Cannot find an AMI named ${search_name}-hvm in ${r}" >&2
+        exit 1
+    fi
+    HVM_AMIS[${r}]=$HVM
+done
+
+# ignore this crap: /usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
+upload_file() {
+    local name="$1"
+    local content="$2"
+    url="$GS_URL/$GROUP/boards/$BOARD/$VER/${IMAGE}_${name}"
+    echo -e "$content" \
+        | python -W "ignore:Not using mpz_powm_sec" \
+        `which gsutil` cp - "$url"
+    echo "OK, ${url}=${content}"
+}
+
+publish_ami() {
+    local r="$1"
+    local virt_type="$2"
+    local r_amiid="$3"
+
+    # compatibility name from before addition of hvm
+    if [[ "${virt_type}" == "pv" ]]; then
+        upload_file "${r}.txt" "$r_amiid"
+    fi
+
+    upload_file "${virt_type}_${r}.txt" "$r_amiid"
+}
+
+PV_ALL=""
+for r in "${!AMIS[@]}"; do
+    publish_ami "$r" pv "${AMIS[$r]}"
+    PV_ALL+="|${r}=${AMIS[$r]}"
+done
+PV_ALL="${PV_ALL#|}"
+
+HVM_ALL=""
+for r in "${!HVM_AMIS[@]}"; do
+    publish_ami "$r" hvm "${HVM_AMIS[$r]}"
+    HVM_ALL+="|${r}=${HVM_AMIS[$r]}"
+done
+HVM_ALL="${HVM_ALL#|}"
+
+AMI_ALL="{\n  \"amis\": ["
+for r in "${ALL_REGIONS[@]}"; do
+	AMI_ALL+="\n    {"
+	AMI_ALL+="\n      \"name\": \"${r}\","
+	AMI_ALL+="\n      \"pv\":   \"${AMIS[$r]}\","
+	AMI_ALL+="\n      \"hvm\":  \"${HVM_AMIS[$r]}\""
+	AMI_ALL+="\n    },"
+done
+AMI_ALL="${AMI_ALL%,}"
+AMI_ALL+="\n  ]\n}"
+
+upload_file "all.txt" "${PV_ALL}"
+upload_file "pv.txt" "${PV_ALL}"
+upload_file "hvm.txt" "${HVM_ALL}"
+upload_file "all.json" "${AMI_ALL}"
+echo "Done"