Skip to content

HUDROVADLO

How does it work

There is AMI template in AWS contains all dependencies that our application requires. Ansible playbook hudrovadlo-update-debian.yaml manages this template. For more infromation about AMI maintenance read Maintenance part fo this documentation

The whole image building process manages ESko plugin that comunicate with a small API described in dedicated repository. In short it is set of lambda functions callable via AWS APIgw and flow is described in scheme as follows:

 ESko                            API GW                      AWS Infra

  | ------- Create image  -------> |  
  |                                | -------> lambda (buildVM.py)
  |                                |                  \_ Generate EP install script 
  |                                |                   \_ Create EC2 from AMI image with generated script
  |                                |                                                 |
  |                                |                                                 |
  |                                | <----  BuildDone (Notification and log)  -------+
  | <-----  ESko (with log)  ----- |
  |                                | -------> lambda (exportVM.py)
  |                                |                  \_ Start EC2 export job (restarting EC2)
  |                                |                   \_ Export generated image via S3 and make it available
  |                                |                    \_ EC2 instance stop
  |                                |                                |
  |                                |                                |
  |                                | <---------  Export Done  ------+
  |  <---  ESko (image url)  ----  |
  |
  |

Maintenance

Image maintenance and init from start description

Import image

This step is required just in begining. Because AWS does not allow to export images that wasn’t uploaded before and owned by you. 

cat << EOF > import_debian.json 
[
  {
    "Description": "OVA file debian jessie",
    "Format": "ova",
    "UserBucket": {
        "S3Bucket": "hudrovadlo",
        "S3Key": "debian8.ova"
    }
  }
]
EOF

aws ec2 import-image --description "Debian Jessie template OVA" --disk-containers file://import_debian.json --debug

watch aws --output json ec2 describe-import-image-tasks --import-task-ids import-ami-ID

Export instance

aws ec2 create-instance-export-task \
    --instance-id i-0f4f382bf39863483 \
    --target-environment vmware \
    --export-to-s3-task DiskImageFormat=vhd,ContainerFormat=ova,S3Bucket=hudrovadlo,S3Prefix=centos7-2


watch aws --output json ec2 describe-export-image-tasks --exort-task-ids export-ami-ID

Build image for custommer

curl -kL 'https://p4jrl76su9.execute-api.eu-west-1.amazonaws.com/v1/buildvm' \
  -H "x-api-key: 738SnuGQRf1VjLjU1el047jU5ZFk7p662m6U4VOR" \
  -d '{"hostname":"test-debian", "os":"debian", "easy_cloud_cli":"create debian-test.easyproject.com --repository=git@git.easy.cz:easyredmine/stable-2016.git", "report_url":"http://es.easyproject.com/hudrovadlo"}'

  1. Build Instance (hudrovadlo_build_instance)

    • Run image from specified AMI with user-data variable.
    • After instance has been started get user-data and run it as customizing script
    • There is hudrovadlo_export_instance lambda callback in the end of user-data script.

  2. Export Instance (hudrovadlo_export_instance)

    • Stop given image
    • Start Export instance task
    • Notify ES by callback that export has began

  3. ES should be notified after export job has been finished (S3 create_object event start lambda hudrovadlo_export_done)

    • ES receive temporary url for image (unique url working for 5 days)
    • Stop ec2 instance (after AMI has been crated ec2 is not usefull)

Update AMI

Update AMI image (VM template) using ansible playbook

ANSIBLE_HOST_KEY_CHECKING=false ansible-play hudrovadlo-update-debian.yaml

Set ami-id in ESko via API

# Example

curl -X PUT https://es.easyproject.com/admin/easy_settings/ami_id_debian.json \
    -H "X-Redmine-API-Key: 4846f-TAJNE" \
    -H "Content-Type: application/json" \
    -d '{ "easy_setting": { "id": 24791, "name": "ami_id_debian", "value": "ami-088f10cfa79834ba7", "project_id": null } }'

Debug

Each VM stays in AWS for a few days after the build has been finished so anyone who has acces to AWS can start the image and see all logs and parameters (parameters ara available through instance tags).

EC2 configuration including startup script is availabale from the running instance via API (example bellow) 

curl http://169.254.169.254/latest/meta-data/

# whole init script is there
curl http://169.254.169.254/latest/user-data


# AMI id (which template has been used)
curl http://169.254.169.254/latest/meta-data/ami-id

EC2 instance will be UP till the initial script not finis, so in case of problem and when you don’t have access to aws, start the build process again and get from log in ES the VM ip. Or prefered way is to ASK devops for your personal AWS account.

Usefull outputs from instance init are: - major EC2 init log /var/log/cloud-init-output.log - application installation log cat /home/i-*.log