Merge pull request #378 from crawford/azure

oem/azure: add more image-publishing functionality

oem/azure/common.sh

@@ -1,4 +1,21 @@
 AZURE_ENVIRONMENT=AzureCloud
+REGIONS=(
+	"West Europe"
+	"North Europe"
+	"East Asia"
+	"Southeast Asia"
+	"East US"
+	"West US"
+	"Japan East"
+	"Japan West"
+	"Central US"
+	"East US 2"
+	"Brazil South"
+	"North Central US"
+	"South Central US"
+	"Australia East"
+	"Australia Southeast"
+)
 
 getManagementEndpoint() {
 	azure account env show --environment=$AZURE_ENVIRONMENT --json | \
@@ -7,5 +24,5 @@ getManagementEndpoint() {
 
 getSubscriptionId() {
 	azure account show --json | \
-		jq '.id' --raw-output
+		jq '.[0].id' --raw-output
 }

oem/azure/publish.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+# This script will copy the Azure image from the CoreOS build bucket into
+# Azure storage, create an Azure VM image, and replicate it to all regions. It
+# to be run in an environment where the azure-xplat-cli has been installed and
+# configured with the production credentials and (optionally) SUBSCRIPTION_ID
+# is defined, containing the subscription GUID.
+
+DIR=$(dirname $0)
+. $DIR/common.sh
+
+set -e
+
+WORKDIR=$(mktemp --directory)
+trap "rm --force --recursive ${WORKDIR}" SIGINT SIGTERM EXIT
+
+IMAGE_PATH="${WORKDIR}/coreos_production_azure_image.vhd"
+
+UGROUP="${1^}"
+LGROUP="${1,}"
+VERSION=$2
+DATE=$3
+GS_BUCKET_URL="gs://builds.release.core-os.net/${LGROUP}/boards/amd64-usr/${VERSION}/coreos_production_azure_image.vhd.bz2"
+
+if [[ -z $UGROUP || -z $VERSION ]]; then
+	echo "Usage: $0 <group> <version> [<published date>]"
+	exit 2
+fi
+
+echo "Downloading image from CoreOS build bucket..."
+gsutil cp ${GS_BUCKET_URL} "${IMAGE_PATH}.bz2"
+
+echo "Unzipping image..."
+bunzip2 "${IMAGE_PATH}.bz2"
+
+echo "Inflating image..."
+qemu-img convert -f vpc -O raw "${IMAGE_PATH}" "${IMAGE_PATH}.bin"
+qemu-img convert -f raw -o subformat=fixed -O vpc "${IMAGE_PATH}.bin" "${IMAGE_PATH}"
+
+echo "Fetching Azure storage account key..."
+ACCOUNT_KEY=$(azure storage account keys list coreos --json | \
+	jq '.primaryKey' --raw-output)
+
+echo "Uploading image as page blob into Azure..."
+azure storage blob upload \
+	--account-name="coreos" \
+	--account-key="${ACCOUNT_KEY}" \
+	--file="${IMAGE_PATH}" \
+	--container="publish" \
+	--blob="coreos-${VERSION}-${LGROUP}.vhd" \
+	--blobtype="Page"
+
+echo "Creating Azure image from blob..."
+azure vm image create \
+	--blob-url="https://coreos.blob.core.windows.net/publish/coreos-${VERSION}-${LGROUP}.vhd" \
+	--os="linux" \
+	--label="CoreOS ${UGROUP}" \
+	"CoreOS-${UGROUP}-${VERSION}"
+
+echo "Setting image metadata..."
+$DIR/set-image-metadata.sh "${UGROUP}" "${VERSION}" "${DATE}"
+
+echo "Requesting image replication..."
+$DIR/replicate-image.sh "${UGROUP}" "${VERSION}"

oem/azure/replicate-image.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+
+# This script will replicate the given image into all Azure regions. It needs
+# to be run in an environment where the azure-xplat-cli has been installed and
+# configured with the production credentials and (optionally) SUBSCRIPTION_ID
+# is defined, containing the subscription GUID.
+
+DIR=$(dirname $0)
+. $DIR/common.sh
+
+set -e
+
+GROUP="${1^}"
+VERSION=$2
+
+if [[ -z $GROUP || -z $VERSION ]]; then
+	echo "Usage: $0 <group> <version>"
+	exit 2
+fi
+
+image_name="CoreOS-${GROUP}-${VERSION}"
+
+subscription_id=$SUBSCRIPTION_ID
+if [ -z $subscription_id ]; then
+	subscription_id=$(getSubscriptionId)
+fi
+
+requestBody="<ReplicationInput xmlns=\"http://schemas.microsoft.com/windowsazure\">\n\t<TargetLocations>\n"
+for region in "${REGIONS[@]}"; do
+	requestBody+="\t\t<Region>$region</Region>\n"
+done
+requestBody+="\t</TargetLocations>\n</ReplicationInput>"
+
+url="$(getManagementEndpoint)/${subscription_id}/services/images/${image_name}/replicate"
+
+workdir=$(mktemp --directory)
+trap "rm --force --recursive ${workdir}" SIGINT SIGTERM EXIT
+
+azure account cert export \
+	--file="${workdir}/cert" \
+	--subscription="${subscription_id}" > /dev/null
+
+result=$(echo -e "${requestBody}" | curl \
+	--silent \
+	--request PUT \
+	--header "x-ms-version: 2014-10-01" \
+	--header "Content-Type: application/xml" \
+	--cert "${workdir}/cert" \
+	--url "${url}" \
+	--write-out "%{http_code}" \
+	--output "${workdir}/out" \
+	--data-binary @-)
+
+if [[ $result != 200 ]]; then
+	echo "${result} - $(< ${workdir}/out)"
+	exit 1
+fi

oem/azure/set-image-metadata.sh

@@ -1,9 +1,10 @@
 #!/bin/bash
 
-# This script will set the icon for the specified OS image to the CoreOS logo.
-# It needs to be run in an environment where the azure-xplat-cli has been
-# installed and configured with the production credentials and (optionally)
-# SUBSCRIPTION_ID is defined, containing the subscription GUID.
+# This script will set the icon, recommended VM size, and optionally the
+# publication date for the specified OS image to the CoreOS logo. It needs to
+# be run in an environment where the azure-xplat-cli has been installed and
+# configured with the production credentials and (optionally) SUBSCRIPTION_ID
+# is defined, containing the subscription GUID.
 
 DIR=$(dirname $0)
 . $DIR/common.sh
@@ -15,17 +16,37 @@ set -e
 ICON="coreos-globe-color-lg-100px.png"
 SMALL_ICON="coreos-globe-color-lg-45px.png"
 
+RECOMMENDED_VM_SIZE="Medium"
+
 GROUP="${1^}"
 VERSION=$2
+DATE=$3
 
 if [[ -z $GROUP || -z $VERSION ]]; then
-	echo "Usage: $0 <group> <version>"
+	echo "Usage: $0 <group> <version> [<published date>]"
 	exit 2
 fi
 
 image_name="CoreOS-${GROUP}-${VERSION}"
 label="CoreOS ${GROUP}"
-workdir=$(mktemp --directory)
+image_family=$label
+published_date=$(date --date="${DATE}" --rfc-3339=date)
+description=""
+case $GROUP in
+	Alpha)
+		description="The Alpha channel closely tracks current development work and is released frequently. The newest versions of docker, etcd and fleet will be available for testing."
+		;;
+	Beta)
+		description="The Beta channel consists of promoted Alpha releases. Mix a few Beta machines into your production clusters to catch any bugs specific to your hardware or configuration."
+		;;
+	Stable)
+		description="The Stable channel should be used by production clusters. Versions of CoreOS are battle-tested within the Beta and Alpha channels before being promoted."
+		;;
+	*)
+		echo "Invalid group \"${1}\""
+		exit 2
+		;;
+esac
 
 subscription_id=$SUBSCRIPTION_ID
 if [ -z $subscription_id ]; then
@@ -37,18 +58,23 @@ requestBody="<OSImage xmlns=\"http://schemas.microsoft.com/windowsazure\"
 
 	<Label>${label}</Label>
 	<Name>${image_name}</Name>
+	<Description>${description}</Description>
+	<ImageFamily>${image_family}</ImageFamily>
+	<PublishedDate>${published_date}</PublishedDate>
 	<IconUri>${ICON}</IconUri>
+	<RecommendedVMSize>${RECOMMENDED_VM_SIZE}</RecommendedVMSize>
 	<SmallIconUri>${SMALL_ICON}</SmallIconUri>
 </OSImage>"
 
 url="$(getManagementEndpoint)/${subscription_id}/services/images/${image_name}"
 
+workdir=$(mktemp --directory)
+trap "rm --force --recursive ${workdir}" SIGINT SIGTERM EXIT
+
 azure account cert export \
 	--file="${workdir}/cert" \
 	--subscription="${subscription_id}" > /dev/null
 
-trap "rm --force --recursive ${workdir}" SIGINT SIGTERM EXIT
-
 result=$(echo "${requestBody}" | curl \
 	--silent \
 	--request PUT \

oem/azure/share-image.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# This script will replicate the given image into all Azure regions. It needs
+# to be run in an environment where the azure-xplat-cli has been installed and
+# configured with the production credentials and (optionally) SUBSCRIPTION_ID
+# is defined, containing the subscription GUID.
+
+DIR=$(dirname $0)
+. $DIR/common.sh
+
+set -e
+
+GROUP="${1^}"
+VERSION=$2
+
+if [[ -z $GROUP || -z $VERSION ]]; then
+	echo "Usage: $0 <group> <version>"
+	exit 2
+fi
+
+image_name="CoreOS-${GROUP}-${VERSION}"
+
+subscription_id=$SUBSCRIPTION_ID
+if [ -z $subscription_id ]; then
+	subscription_id=$(getSubscriptionId)
+fi
+
+url="$(getManagementEndpoint)/${subscription_id}/services/images/${image_name}/share?permission=public"
+
+workdir=$(mktemp --directory)
+trap "rm --force --recursive ${workdir}" SIGINT SIGTERM EXIT
+
+azure account cert export \
+	--file="${workdir}/cert" \
+	--subscription="${subscription_id}" > /dev/null
+
+result=$(curl \
+	--silent \
+	--request PUT \
+	--header "x-ms-version: 2014-10-01" \
+	--header "Content-Type: application/xml" \
+	--header "Content-Length: 0" \
+	--cert "${workdir}/cert" \
+	--url "${url}" \
+	--write-out "%{http_code}" \
+	--output "${workdir}/out")
+
+if [[ $result != 200 ]]; then
+	echo "${result} - $(< ${workdir}/out)"
+	exit 1
+fi

oem/azure/unreplicate-image.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# This script will un-replicate the given image. It needs to be run in an
+# environment where the azure-xplat-cli has been installed and configured with
+# the production credentials and (optionally) SUBSCRIPTION_ID is defined,
+# containing the subscription GUID.
+
+DIR=$(dirname $0)
+. $DIR/common.sh
+
+set -e
+
+GROUP="${1^}"
+VERSION=$2
+
+if [[ -z $GROUP || -z $VERSION ]]; then
+	echo "Usage: $0 <group> <version>"
+	exit 2
+fi
+
+image_name="CoreOS-${GROUP}-${VERSION}"
+
+subscription_id=$SUBSCRIPTION_ID
+if [ -z $subscription_id ]; then
+	subscription_id=$(getSubscriptionId)
+fi
+
+url="$(getManagementEndpoint)/${subscription_id}/services/images/${image_name}/unreplicate"
+
+workdir=$(mktemp --directory)
+trap "rm --force --recursive ${workdir}" SIGINT SIGTERM EXIT
+
+azure account cert export \
+	--file="${workdir}/cert" \
+	--subscription="${subscription_id}" > /dev/null
+
+result=$(curl \
+	--silent \
+	--request PUT \
+	--header "x-ms-version: 2014-10-01" \
+	--header "Content-Type: application/xml" \
+	--header "Content-Length: 0" \
+	--cert "${workdir}/cert" \
+	--url "${url}" \
+	--write-out "%{http_code}" \
+	--output "${workdir}/out")
+
+if [[ $result != 200 ]]; then
+	echo "${result} - $(< ${workdir}/out)"
+	exit 1
+fi