export-ami.sh

#!/bin/bash -e

shopt -s extglob

aws_profile=occ-taskcluster
aws_region=us-west-2
aws_key_name=occ_ami_builder
aws_instance_type=c4.2xlarge

declare -A aws_instance_export_tasks

for aws_ami_id in ami-83ed71fb ami-0ba4a2b1c39430268; do
  aws_client_token=$(uuidgen)
  mkdir -p ~/ec2/${aws_client_token}
  aws ec2 run-instances --profile ${aws_profile} --region ${aws_region} --image-id ${aws_ami_id} --key-name ${aws_key_name} --instance-type ${aws_instance_type} --client-token ${aws_client_token} > ~/ec2/${aws_client_token}/instance.json
  aws_instance_id=$(jq -r '.Instances[0].InstanceId' ~/ec2/${aws_client_token}/instance.json)
  until `aws ec2 wait instance-running --profile ${aws_profile} --region ${aws_region} --instance-ids ${aws_instance_id} >/dev/null 2>&1`; do
    echo "[export-ami $(date --utc +"%F %T.%3NZ")] waiting for instance ${aws_instance_id} (${aws_ami_id}) to start."
  done
  aws ec2 stop-instances --profile ${aws_profile} --region ${aws_region} --instance-ids ${aws_instance_id}
  until `aws ec2 wait instance-stopped --profile ${aws_profile} --region ${aws_region} --instance-ids ${aws_instance_id} >/dev/null 2>&1`; do
    echo "[export-ami $(date --utc +"%F %T.%3NZ")] waiting for instance ${aws_instance_id} (${aws_ami_id}) to stop."
  done
  aws ec2 create-instance-export-task --profile ${aws_profile} --region ${aws_region} --description ${aws_ami_id} --instance-id ${aws_instance_id} --target-environment vmware --export-to-s3-task DiskImageFormat=vhd,ContainerFormat=ova,S3Bucket=windows-ami-builder,S3Prefix=export/${aws_ami_id}_ > ~/ec2/${aws_client_token}/export-task.json
  aws_instance_export_task_id=$(jq -r '.ExportTask.ExportTaskId' ~/ec2/${aws_client_token}/export-task.json)
  aws_instance_export_tasks[${aws_instance_export_task_id}]=$(jq -r '.ExportTask.State' ~/ec2/${aws_client_token}/export-task.json)
  echo "[export-ami $(date --utc +"%F %T.%3NZ")] instance export for ${aws_instance_id} (${aws_ami_id}) initiated with export task id: ${aws_instance_export_task_id}"
done


while [[ ${aws_instance_export_tasks[@]} == *"active"* ]]; do
  for aws_instance_export_task_id in "${!aws_instance_export_tasks[@]}"; do
    aws_instance_export_tasks[${aws_instance_export_task_id}]=$(aws ec2 describe-export-tasks --profile ${aws_profile} --region ${aws_region} --export-task_ids ${aws_instance_export_task_id} | jq -r '.ExportTask.State')
    echo "[export-ami $(date --utc +"%F %T.%3NZ")] task id: ${aws_instance_export_task_id} has state: ${aws_instance_export_tasks[${aws_instance_export_task_id}]}"
  done
done

launch_ec2_instance.sh

#!/bin/bash -e

# notes:
# - this script uses the aws ec2 cli.
#   you can get it here: https://docs.aws.amazon.com/cli/latest/userguide/installing.html
# - the aws ec2 cli usage here relies on the existence of an aws credentials file at ~/.aws/credentials containing contents like the following:
#   [occ-taskcluster]
#   aws_account_id = your_aws_account_id
#   aws_access_key_id = your_aws_access_key_id
#   aws_secret_access_key = your_aws_secret_access_key
# - this script uses password store to look up the Administrator password for the rdp connection at the end.
#   you can get it here: https://www.passwordstore.org/#download
# - the password store usage here assumes that you store an Administrator password for each ami in your password repository.
#   eg: Mozilla/relops/ec2/${aws_ami_id}

shopt -s extglob


aws_profile=occ-taskcluster
aws_region=us-west-2
aws_key_name=occ_ami_builder
aws_ami_name_search_term=${aws_ami_name_search_term:='Windows_10_Enterprise_1703_15063_296_en-US_x64_MBR-VAC-*'}
aws_instance_type=g3.4xlarge
# security groups:
# - rdp-only - gecko-workers: sg-3bd7bf41
# - ssh-only - gecko-workers: sg-5bd6be21
aws_security_group_ids="sg-3bd7bf41 sg-5bd6be21"
# subnet:
# subnet-f94cb29f has access (open firewall ports) for the kts server
aws_subnet_id=subnet-f94cb29f
aws_block_device_mappings='[{"DeviceName": "/dev/xvda","Ebs": {"DeleteOnTermination": true,"VolumeSize": 120,"VolumeType": "gp2"}},{"DeviceName": "xvdf","Ebs": {"DeleteOnTermination": true,"VolumeSize": 120,"VolumeType": "gp2"}}]'
aws_client_token=$(uuidgen)
echo "[launch-instance $(date --utc +"%F %T.%3NZ")] client token is: ${aws_client_token}"
aws_ami_id="$(aws ec2 describe-images --profile ${aws_profile} --region ${aws_region} --owners self --filters "Name=state,Values=available" "Name=name,Values=${aws_ami_name_search_term}" --query 'Images[*].{A:CreationDate,B:ImageId}' --output text | sort -u | tail -1 | cut -f2)"
echo "[launch-instance $(date --utc +"%F %T.%3NZ")] latest ami for: ${aws_ami_name_search_term}, in region: ${aws_region}, is: ${aws_ami_id}"

mkdir -p ~/ec2/${aws_client_token}
aws ec2 run-instances --profile ${aws_profile} --region ${aws_region} --image-id ${aws_ami_id} --key-name ${aws_key_name} --security-group-ids ${aws_security_group_ids} --subnet-id ${aws_subnet_id} --instance-type ${aws_instance_type} --block-device-mappings "${aws_block_device_mappings}" --instance-initiated-shutdown-behavior stop --client-token ${aws_client_token} > ~/ec2/${aws_client_token}/instance.json
#jq '.' ~/ec2/${aws_client_token}/instance.json

aws_instance_id=$(jq -r '.Instances[0].InstanceId' ~/ec2/${aws_client_token}/instance.json)
echo "[launch-instance $(date --utc +"%F %T.%3NZ")] instance id is: ${aws_instance_id}"

xdg-open https://${aws_region}.console.aws.amazon.com/ec2/v2/home?region=${aws_region}#Instances:keyName=${aws_key_name};instanceId=${aws_instance_id}

aws_public_ip=$(aws ec2 describe-instances --profile ${aws_profile} --region ${aws_region} --instance-id ${aws_instance_id} --query "Reservations[0].Instances[0].PublicIpAddress" --output text)
echo "[launch-instance $(date --utc +"%F %T.%3NZ")] public ip is: ${aws_public_ip}"

until xfreerdp /u:Administrator /p:$(pass Mozilla/relops/ec2/${aws_ami_id}) /cert-ignore /kbd:809 /w:2400 /h:1200 +clipboard /v:${aws_public_ip}; do sleep 5; done