2016-11-16 16:49:24 +01:00
|
|
|
#!/usr/bin/env nix-shell
|
2016-11-21 16:43:03 +01:00
|
|
|
#! nix-shell -i bash -p qemu ec2_ami_tools jq ec2_api_tools awscli
|
2016-11-16 16:49:24 +01:00
|
|
|
|
|
|
|
|
# To start with do: nix-shell -p awscli --run "aws configure"
|
|
|
|
|
|
2015-09-27 21:01:43 +02:00
|
|
|
|
|
|
|
|
set -o pipefail
|
|
|
|
|
#set -x
|
|
|
|
|
|
|
|
|
|
stateDir=${TMPDIR:-/tmp}/ec2-image
|
|
|
|
|
echo "keeping state in $stateDir"
|
|
|
|
|
mkdir -p $stateDir
|
|
|
|
|
|
|
|
|
|
version=$(nix-instantiate --eval --strict '<nixpkgs>' -A lib.nixpkgsVersion | sed s/'"'//g)
|
2016-04-05 11:18:18 +02:00
|
|
|
major=${version:0:5}
|
|
|
|
|
echo "NixOS version is $version ($major)"
|
2015-09-27 21:01:43 +02:00
|
|
|
|
|
|
|
|
rm -f ec2-amis.nix
|
|
|
|
|
|
2016-07-12 16:57:52 +02:00
|
|
|
types="hvm pv"
|
|
|
|
|
stores="ebs s3"
|
2017-02-19 23:19:07 +01:00
|
|
|
regions="eu-west-1 eu-west-2 eu-central-1 us-east-1 us-east-2 us-west-1 us-west-2 ca-central-1 ap-southeast-1 ap-southeast-2 ap-northeast-1 ap-northeast-2 sa-east-1 ap-south-1"
|
2015-09-27 21:01:43 +02:00
|
|
|
|
2016-07-12 16:57:52 +02:00
|
|
|
for type in $types; do
|
2015-09-27 21:01:43 +02:00
|
|
|
link=$stateDir/$type
|
2016-04-05 11:18:18 +02:00
|
|
|
imageFile=$link/nixos.qcow2
|
2015-09-27 21:01:43 +02:00
|
|
|
system=x86_64-linux
|
|
|
|
|
arch=x86_64
|
|
|
|
|
|
|
|
|
|
# Build the image.
|
|
|
|
|
if ! [ -L $link ]; then
|
|
|
|
|
if [ $type = pv ]; then hvmFlag=false; else hvmFlag=true; fi
|
|
|
|
|
|
|
|
|
|
echo "building image type '$type'..."
|
|
|
|
|
nix-build -o $link \
|
|
|
|
|
'<nixpkgs/nixos>' \
|
|
|
|
|
-A config.system.build.amazonImage \
|
|
|
|
|
--arg configuration "{ imports = [ <nixpkgs/nixos/maintainers/scripts/ec2/amazon-image.nix> ]; ec2.hvm = $hvmFlag; }"
|
|
|
|
|
fi
|
|
|
|
|
|
2016-07-12 16:57:52 +02:00
|
|
|
for store in $stores; do
|
2015-09-27 21:01:43 +02:00
|
|
|
|
|
|
|
|
bucket=nixos-amis
|
|
|
|
|
bucketDir="$version-$type-$store"
|
|
|
|
|
|
|
|
|
|
prevAmi=
|
|
|
|
|
prevRegion=
|
|
|
|
|
|
2016-07-12 16:57:52 +02:00
|
|
|
for region in $regions; do
|
2015-09-27 21:01:43 +02:00
|
|
|
|
|
|
|
|
name=nixos-$version-$arch-$type-$store
|
|
|
|
|
description="NixOS $system $version ($type-$store)"
|
|
|
|
|
|
|
|
|
|
amiFile=$stateDir/$region.$type.$store.ami-id
|
|
|
|
|
|
|
|
|
|
if ! [ -e $amiFile ]; then
|
|
|
|
|
|
|
|
|
|
echo "doing $name in $region..."
|
|
|
|
|
|
|
|
|
|
if [ -n "$prevAmi" ]; then
|
2016-07-12 16:40:36 +02:00
|
|
|
ami=$(aws ec2 copy-image \
|
2015-09-27 21:01:43 +02:00
|
|
|
--region "$region" \
|
2016-07-12 16:40:36 +02:00
|
|
|
--source-region "$prevRegion" --source-image-id "$prevAmi" \
|
2016-11-22 01:59:40 +01:00
|
|
|
--name "$name" --description "$description" | jq -r '.ImageId')
|
2016-07-12 16:40:36 +02:00
|
|
|
if [ "$ami" = null ]; then break; fi
|
2015-09-27 21:01:43 +02:00
|
|
|
else
|
|
|
|
|
|
|
|
|
|
if [ $store = s3 ]; then
|
|
|
|
|
|
|
|
|
|
# Bundle the image.
|
|
|
|
|
imageDir=$stateDir/$type-bundled
|
|
|
|
|
|
2016-04-05 11:18:18 +02:00
|
|
|
# Convert the image to raw format.
|
|
|
|
|
rawFile=$stateDir/$type.raw
|
|
|
|
|
if ! [ -e $rawFile ]; then
|
|
|
|
|
qemu-img convert -f qcow2 -O raw $imageFile $rawFile.tmp
|
|
|
|
|
mv $rawFile.tmp $rawFile
|
|
|
|
|
fi
|
|
|
|
|
|
2015-09-27 21:01:43 +02:00
|
|
|
if ! [ -d $imageDir ]; then
|
|
|
|
|
rm -rf $imageDir.tmp
|
|
|
|
|
mkdir -p $imageDir.tmp
|
|
|
|
|
ec2-bundle-image \
|
|
|
|
|
-d $imageDir.tmp \
|
2016-04-05 11:18:18 +02:00
|
|
|
-i $rawFile --arch $arch \
|
2015-09-27 21:01:43 +02:00
|
|
|
--user "$AWS_ACCOUNT" -c "$EC2_CERT" -k "$EC2_PRIVATE_KEY"
|
|
|
|
|
mv $imageDir.tmp $imageDir
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Upload the bundle to S3.
|
|
|
|
|
if ! [ -e $imageDir/uploaded ]; then
|
|
|
|
|
echo "uploading bundle to S3..."
|
|
|
|
|
ec2-upload-bundle \
|
2016-04-05 11:18:18 +02:00
|
|
|
-m $imageDir/$type.raw.manifest.xml \
|
2015-09-27 21:01:43 +02:00
|
|
|
-b "$bucket/$bucketDir" \
|
2016-07-12 16:40:36 +02:00
|
|
|
-a "$AWS_ACCESS_KEY_ID" -s "$AWS_SECRET_ACCESS_KEY" \
|
2015-09-27 21:01:43 +02:00
|
|
|
--location EU
|
|
|
|
|
touch $imageDir/uploaded
|
|
|
|
|
fi
|
|
|
|
|
|
2016-07-12 16:40:36 +02:00
|
|
|
extraFlags="--image-location $bucket/$bucketDir/$type.raw.manifest.xml"
|
2015-09-27 21:01:43 +02:00
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
|
|
# Convert the image to vhd format so we don't have
|
|
|
|
|
# to upload a huge raw image.
|
|
|
|
|
vhdFile=$stateDir/$type.vhd
|
|
|
|
|
if ! [ -e $vhdFile ]; then
|
2016-04-05 11:18:18 +02:00
|
|
|
qemu-img convert -f qcow2 -O vpc $imageFile $vhdFile.tmp
|
2015-09-27 21:01:43 +02:00
|
|
|
mv $vhdFile.tmp $vhdFile
|
|
|
|
|
fi
|
|
|
|
|
|
2016-05-02 17:44:11 +01:00
|
|
|
vhdFileLogicalBytes="$(qemu-img info "$vhdFile" | grep ^virtual\ size: | cut -f 2 -d \( | cut -f 1 -d \ )"
|
|
|
|
|
vhdFileLogicalGigaBytes=$(((vhdFileLogicalBytes-1)/1024/1024/1024+1)) # Round to the next GB
|
|
|
|
|
|
|
|
|
|
echo "Disk size is $vhdFileLogicalBytes bytes. Will be registered as $vhdFileLogicalGigaBytes GB."
|
|
|
|
|
|
2015-09-27 21:01:43 +02:00
|
|
|
taskId=$(cat $stateDir/$region.$type.task-id 2> /dev/null || true)
|
|
|
|
|
volId=$(cat $stateDir/$region.$type.vol-id 2> /dev/null || true)
|
|
|
|
|
snapId=$(cat $stateDir/$region.$type.snap-id 2> /dev/null || true)
|
|
|
|
|
|
|
|
|
|
# Import the VHD file.
|
|
|
|
|
if [ -z "$snapId" -a -z "$volId" -a -z "$taskId" ]; then
|
|
|
|
|
echo "importing $vhdFile..."
|
|
|
|
|
taskId=$(ec2-import-volume $vhdFile --no-upload -f vhd \
|
2016-07-12 16:40:36 +02:00
|
|
|
-O "$AWS_ACCESS_KEY_ID" -W "$AWS_SECRET_ACCESS_KEY" \
|
|
|
|
|
-o "$AWS_ACCESS_KEY_ID" -w "$AWS_SECRET_ACCESS_KEY" \
|
2015-09-27 21:01:43 +02:00
|
|
|
--region "$region" -z "${region}a" \
|
|
|
|
|
--bucket "$bucket" --prefix "$bucketDir/" \
|
|
|
|
|
| tee /dev/stderr \
|
|
|
|
|
| sed 's/.*\(import-vol-[0-9a-z]\+\).*/\1/ ; t ; d')
|
|
|
|
|
echo -n "$taskId" > $stateDir/$region.$type.task-id
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -z "$snapId" -a -z "$volId" ]; then
|
|
|
|
|
ec2-resume-import $vhdFile -t "$taskId" --region "$region" \
|
2016-07-12 16:40:36 +02:00
|
|
|
-O "$AWS_ACCESS_KEY_ID" -W "$AWS_SECRET_ACCESS_KEY" \
|
|
|
|
|
-o "$AWS_ACCESS_KEY_ID" -w "$AWS_SECRET_ACCESS_KEY"
|
2015-09-27 21:01:43 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Wait for the volume creation to finish.
|
|
|
|
|
if [ -z "$snapId" -a -z "$volId" ]; then
|
|
|
|
|
echo "waiting for import to finish..."
|
|
|
|
|
while true; do
|
2016-07-12 16:40:36 +02:00
|
|
|
volId=$(aws ec2 describe-conversion-tasks --conversion-task-ids "$taskId" --region "$region" | jq -r .ConversionTasks[0].ImportVolume.Volume.Id)
|
|
|
|
|
if [ "$volId" != null ]; then break; fi
|
2015-09-27 21:01:43 +02:00
|
|
|
sleep 10
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
echo -n "$volId" > $stateDir/$region.$type.vol-id
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Delete the import task.
|
|
|
|
|
if [ -n "$volId" -a -n "$taskId" ]; then
|
|
|
|
|
echo "removing import task..."
|
2016-07-12 16:40:36 +02:00
|
|
|
ec2-delete-disk-image -t "$taskId" --region "$region" \
|
|
|
|
|
-O "$AWS_ACCESS_KEY_ID" -W "$AWS_SECRET_ACCESS_KEY" \
|
|
|
|
|
-o "$AWS_ACCESS_KEY_ID" -w "$AWS_SECRET_ACCESS_KEY" || true
|
2015-09-27 21:01:43 +02:00
|
|
|
rm -f $stateDir/$region.$type.task-id
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Create a snapshot.
|
|
|
|
|
if [ -z "$snapId" ]; then
|
|
|
|
|
echo "creating snapshot..."
|
2016-07-12 16:40:36 +02:00
|
|
|
snapId=$(aws ec2 create-snapshot --volume-id "$volId" --region "$region" --description "$description" | jq -r .SnapshotId)
|
|
|
|
|
if [ "$snapId" = null ]; then exit 1; fi
|
2015-09-27 21:01:43 +02:00
|
|
|
echo -n "$snapId" > $stateDir/$region.$type.snap-id
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Wait for the snapshot to finish.
|
|
|
|
|
echo "waiting for snapshot to finish..."
|
|
|
|
|
while true; do
|
2016-07-12 16:40:36 +02:00
|
|
|
status=$(aws ec2 describe-snapshots --snapshot-ids "$snapId" --region "$region" | jq -r .Snapshots[0].State)
|
2015-09-27 21:01:43 +02:00
|
|
|
if [ "$status" = completed ]; then break; fi
|
|
|
|
|
sleep 10
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Delete the volume.
|
|
|
|
|
if [ -n "$volId" ]; then
|
|
|
|
|
echo "deleting volume..."
|
2016-07-12 16:40:36 +02:00
|
|
|
aws ec2 delete-volume --volume-id "$volId" --region "$region" || true
|
2015-09-27 21:01:43 +02:00
|
|
|
rm -f $stateDir/$region.$type.vol-id
|
|
|
|
|
fi
|
|
|
|
|
|
2016-07-12 16:40:36 +02:00
|
|
|
blockDeviceMappings="DeviceName=/dev/sda1,Ebs={SnapshotId=$snapId,VolumeSize=$vhdFileLogicalGigaBytes,DeleteOnTermination=true,VolumeType=gp2}"
|
|
|
|
|
extraFlags=""
|
2015-09-27 21:01:43 +02:00
|
|
|
|
|
|
|
|
if [ $type = pv ]; then
|
2016-07-12 16:40:36 +02:00
|
|
|
extraFlags+=" --root-device-name /dev/sda1"
|
|
|
|
|
else
|
|
|
|
|
extraFlags+=" --root-device-name /dev/sda1"
|
|
|
|
|
extraFlags+=" --sriov-net-support simple"
|
|
|
|
|
extraFlags+=" --ena-support"
|
2015-09-27 21:01:43 +02:00
|
|
|
fi
|
|
|
|
|
|
2016-07-12 16:40:36 +02:00
|
|
|
blockDeviceMappings+=" DeviceName=/dev/sdb,VirtualName=ephemeral0"
|
|
|
|
|
blockDeviceMappings+=" DeviceName=/dev/sdc,VirtualName=ephemeral1"
|
|
|
|
|
blockDeviceMappings+=" DeviceName=/dev/sdd,VirtualName=ephemeral2"
|
|
|
|
|
blockDeviceMappings+=" DeviceName=/dev/sde,VirtualName=ephemeral3"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ $type = hvm ]; then
|
|
|
|
|
extraFlags+=" --sriov-net-support simple"
|
|
|
|
|
extraFlags+=" --ena-support"
|
2015-09-27 21:01:43 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Register the AMI.
|
|
|
|
|
if [ $type = pv ]; then
|
2016-07-12 16:40:36 +02:00
|
|
|
kernel=$(aws ec2 describe-images --owner amazon --filters "Name=name,Values=pv-grub-hd0_1.04-$arch.gz" | jq -r .Images[0].ImageId)
|
|
|
|
|
if [ "$kernel" = null ]; then break; fi
|
2015-09-27 21:01:43 +02:00
|
|
|
echo "using PV-GRUB kernel $kernel"
|
|
|
|
|
extraFlags+=" --virtualization-type paravirtual --kernel $kernel"
|
|
|
|
|
else
|
|
|
|
|
extraFlags+=" --virtualization-type hvm"
|
|
|
|
|
fi
|
|
|
|
|
|
2016-07-12 16:40:36 +02:00
|
|
|
ami=$(aws ec2 register-image \
|
|
|
|
|
--name "$name" \
|
|
|
|
|
--description "$description" \
|
2015-09-27 21:01:43 +02:00
|
|
|
--region "$region" \
|
|
|
|
|
--architecture "$arch" \
|
2016-07-12 16:40:36 +02:00
|
|
|
--block-device-mappings $blockDeviceMappings \
|
|
|
|
|
$extraFlags | jq -r .ImageId)
|
|
|
|
|
if [ "$ami" = null ]; then break; fi
|
2015-09-27 21:01:43 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
echo -n "$ami" > $amiFile
|
|
|
|
|
echo "created AMI $ami of type '$type' in $region..."
|
|
|
|
|
|
|
|
|
|
else
|
|
|
|
|
ami=$(cat $amiFile)
|
|
|
|
|
fi
|
|
|
|
|
|
2016-07-12 16:40:36 +02:00
|
|
|
echo "region = $region, type = $type, store = $store, ami = $ami"
|
|
|
|
|
|
2015-09-27 21:01:43 +02:00
|
|
|
if [ -z "$prevAmi" ]; then
|
|
|
|
|
prevAmi="$ami"
|
|
|
|
|
prevRegion="$region"
|
|
|
|
|
fi
|
2016-07-12 16:57:52 +02:00
|
|
|
done
|
|
|
|
|
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
for type in $types; do
|
|
|
|
|
link=$stateDir/$type
|
|
|
|
|
system=x86_64-linux
|
|
|
|
|
arch=x86_64
|
|
|
|
|
|
|
|
|
|
for store in $stores; do
|
|
|
|
|
|
|
|
|
|
for region in $regions; do
|
|
|
|
|
|
|
|
|
|
name=nixos-$version-$arch-$type-$store
|
|
|
|
|
amiFile=$stateDir/$region.$type.$store.ami-id
|
|
|
|
|
ami=$(cat $amiFile)
|
|
|
|
|
|
|
|
|
|
echo "region = $region, type = $type, store = $store, ami = $ami"
|
|
|
|
|
|
|
|
|
|
echo -n "waiting for AMI..."
|
|
|
|
|
while true; do
|
|
|
|
|
status=$(aws ec2 describe-images --image-ids "$ami" --region "$region" | jq -r .Images[0].State)
|
|
|
|
|
if [ "$status" = available ]; then break; fi
|
|
|
|
|
sleep 10
|
|
|
|
|
echo -n '.'
|
|
|
|
|
done
|
|
|
|
|
echo
|
|
|
|
|
|
|
|
|
|
# Make the image public.
|
|
|
|
|
aws ec2 modify-image-attribute \
|
|
|
|
|
--image-id "$ami" --region "$region" --launch-permission 'Add={Group=all}'
|
2015-09-27 21:01:43 +02:00
|
|
|
|
2016-04-05 11:18:18 +02:00
|
|
|
echo " \"$major\".$region.$type-$store = \"$ami\";" >> ec2-amis.nix
|
2015-09-27 21:01:43 +02:00
|
|
|
done
|
|
|
|
|
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
done
|
