Untitled

mail@pastecode.io avatar
unknown
plain_text
a year ago
6.2 kB
7
Indexable
#!/bin/bash

# this script likely isn't how we want to handle building different images. For now though this
# will let us build something for testing, the lab, and for inclusion in the IPCs provided by Hyve

# region is used for pulling down agents in advance of image building. Need to check if the agents
# are the same across regions
export REGION=us-east-1
export AWS_DEFAULT_REGION=$REGION

IMAGE_TYPE=""
POLLER_HOSTNAME=""

# obtain SSM Activation arguments using MegloPythonTools ssm_site_activation command
BAKE_IN_SSM_ACTIVATION=false
SSM_CODE=""
SSM_ID=""
SSM_REGION=""
SSM_ACTIVATION=""


usage="Usage: $0 -t <IMAGE_TYPE[vbox|lab6|lab7|corp-colo]> -n <POLLER_HOSTNAME> -s -c <SSM_CODE> -i <SSM_ID> -r <SSM_REGION>"

while getopts "h?t:n:sc:i:r:" opt
do
  case "$opt" in
    h|\?)
      echo "$usage"
      exit 1
      ;;
    t)
      IMAGE_TYPE=$OPTARG
      ;;
    n)
      POLLER_HOSTNAME=$OPTARG
      ;;
    s)
      BAKE_IN_SSM_ACTIVATION=true
      ;;
    c)
      SSM_CODE=$OPTARG
      ;;
    i)
      SSM_ID=$OPTARG
      ;;
    r)
      SSM_REGION=$OPTARG
      REGION=$OPTARG
      ;;
  esac
done


if [[ "$IMAGE_TYPE" == "" ]]; then
  echo $'\nMissing required param IMAGE_TYPE:\n-t <IMAGE_TYPE[vbox|lab6|lab7|corp-colo]>'
  echo "$usage"
  exit 1
fi

# it's really a distinction of corp vs vpc for determining NTP servers
# tie in as a basic usage test
if [ "$IMAGE_TYPE" = "lab6" ]; then
  export NTP_SERVERS="'10.50.32.5', '10.50.32.69', '10.50.32.133'"
elif [ "$IMAGE_TYPE" = "lab7" ]; then
  export NTP_SERVERS="'10.50.32.5', '10.50.32.69', '10.50.32.133'"
elif [ "$IMAGE_TYPE" = "iad77" ]; then
  export NTP_SERVERS="'10.50.32.5', '10.50.32.69', '10.50.32.133'"
elif [ "$IMAGE_TYPE" = "lhr65" ]; then
  export NTP_SERVERS="'10.50.32.5', '10.50.32.69', '10.50.32.133'"
elif [ "$IMAGE_TYPE" = "corp-colo" ]; then
  export NTP_SERVERS="ntp.corp.amazon.com"
elif [ "$IMAGE_TYPE" = "corp-colo-with-dhcp" ]; then
  export NTP_SERVERS="ntp.corp.amazon.com"
elif [ "$IMAGE_TYPE" = "vbox" ]; then
  export NTP_SERVERS="ntp.corp.amazon.com"
else
  echo "Invalid IMAGE_TYPE passed in: ${IMAGE_TYPE}"
  echo "$usage"
  exit 1
fi

export IMAGE_TYPE=$IMAGE_TYPE

if [[ "$POLLER_HOSTNAME" == "" ]]; then
  echo $'\nMissing required param POLLER_HOSTNAME:\n-n <POLLER_HOSTNAME>'
  echo "$usage"
  exit 1
fi

export POLLER_HOSTNAME=$POLLER_HOSTNAME

if [ "$BAKE_IN_SSM_ACTIVATION" = true ] ; then
  echo "Detected Bake in SSM Activation flag '-s'"
  if [[ "$SSM_CODE" == "" ]]; then
    echo $'\nMissing required param for baked in SSM Activation SSM_CODE:\n-c <SSM_CODE>'
    echo "$usage"
    exit 1
  fi
  if [[ "$SSM_ID" == "" ]]; then
    echo $'\nMissing required param for baked in SSM Activation SSM_ID:\n-i <SSM_ID>'
    echo "$usage"
    exit 1
  fi
  if [[ "$SSM_REGION" == "" ]]; then
    echo $'\nMissing required param for baked in SSM Activation SSM_REGION:\n-r <SSM_REGION>'
    echo "$usage"
    exit 1
  fi
  SSM_ACTIVATION="- echo \"yes\" | sudo amazon-ssm-agent -register -code \"${SSM_CODE}\" -id \"${SSM_ID}\" -region \"${SSM_REGION}\" \&\& sudo systemctl restart amazon-ssm-agent"
fi

export SSM_ACTIVATION=$SSM_ACTIVATION

if [ ! -e "./input/base.iso" ]; then
  echo "./input/base.iso is missing! Download image from GLV repo and retry"
  exit 1
fi

res=`aws secretsmanager get-secret-value --secret-id meglo/glv/localuser --query SecretString --output text`
export LOCAL_LOGIN_USERNAME=`echo $res | jq -r '.username'`
if [ "$LOCAL_LOGIN_USERNAME" = "" ]; then
  echo "Missing local login! Please ensure you have proper permissions to retrieve the user from secrets manager. Exiting."
  exit 1
fi
RAW_PASSWORD=`echo $res | jq -r '.passwordHash'`
# these hashed pwds have $ characters which mess with env variables & sed replacement in payload.yaml
# use eval to escape them and then export that variable
eval LOCAL_LOGIN_PASSWORD=\"${RAW_PASSWORD//\$/\\\$}\"
export LOCAL_LOGIN_PASSWORD

res=`aws secretsmanager get-secret-value --secret-id meglo/glv/remoteuser --query SecretString --output text`
export REMOTE_LOGIN_USERNAME=`echo $res | jq -r '.username'`
RAW_SSH_KEY=`echo $res | jq -r '.publicRSAKey'`
eval REMOTE_LOGIN_SSH_KEY=\"${RAW_SSH_KEY//\$/\\\$}\"
export REMOTE_LOGIN_SSH_KEY

# Get s3 endpoint endpoints to download the codedeploy, ssm and cloudwatch agents
res=`ripcli rip -r $REGION -s s3 -a endpoint`
export S3_ENDPOINT=$res

# copy our configs to build so we can mutate there
mkdir -p glv_image_build/configuration/glv/ubuntu
rm -rf glv_image_build/configuration/glv/ubuntu
cp -r configuration/glv/ubuntu glv_image_build/configuration/glv/

# pass a number of env variables for replacement from the payload.yaml file

# Function to generate ISO
generate_iso() {
  docker run --env REGION \
    --env S3_ENDPOINT --env POLLER_HOSTNAME \
    --env REMOTE_LOGIN_USERNAME --env REMOTE_LOGIN_SSH_KEY \
    --env LOCAL_LOGIN_USERNAME --env LOCAL_LOGIN_PASSWORD \
    --env IMAGE_TYPE --env NTP_SERVERS \
    --env SSM_ACTIVATION \
    --privileged \
    -v $(pwd):/app \
    664776140435.dkr.ecr.us-west-2.amazonaws.com/galacticlaunchvehicle:latest \
    generate_image -b ./input/base.iso -d ./glv_image_build/meglo_glv_$IMAGE_TYPE.iso -p glv_image_build/configuration/glv/ubuntu/payload
}

# Maximum number of attempts
max_attempts=3
current_attempt=1

# Loop until ISO is generated or maximum attempts reached
while [ "$current_attempt" -le "$max_attempts" ]; do
  echo "Attempting to generate ISO (Attempt $current_attempt)..."
  
  # Call the function to generate ISO
  generate_iso

  # Check if ISO file exists
  if [ -e "./glv_image_build/meglo_glv_$IMAGE_TYPE.iso" ]; then
    echo "Generated ISO: $(pwd)/glv_image_build/meglo_glv_$IMAGE_TYPE.iso"
    break
  else
    echo "ISO generation failed (Attempt $current_attempt). Retrying..."
    ((current_attempt++))
  fi
done

# Check if maximum attempts reached
if [ "$current_attempt" -gt "$max_attempts" ]; then
  echo "Maximum attempts reached. Unable to generate ISO."
fi
Leave a Comment