Skip to content

Instantly share code, notes, and snippets.

@tjkirch
Created August 7, 2020 18:21
Show Gist options
  • Save tjkirch/b0ac076be189af44551a20f5c5bed7c5 to your computer and use it in GitHub Desktop.
Save tjkirch/b0ac076be189af44551a20f5c5bed7c5 to your computer and use it in GitHub Desktop.
diff --git a/Makefile.toml b/Makefile.toml
index 624dead..e784a39 100644
--- a/Makefile.toml
+++ b/Makefile.toml
@@ -339,13 +339,23 @@ script = [
set -e
cleanup() {
- [ -n "${root_image}" ] && rm -f "${root_image}"
- [ -n "${data_image}" ] && rm -f "${data_image}"
+ [ -f "${root_image}" ] && rm -f "${root_image}"
+ [ -f "${data_image}" ] && rm -f "${data_image}"
}
trap 'cleanup' EXIT
export PATH="${BUILDSYS_TOOLS_DIR}/bin:${PATH}"
+# Canonicalize architecture identifier to the value recognized by EC2.
+case "${BUILDSYS_ARCH,,}" in
+ arm64|aarch64)
+ arch=arm64 ;;
+ x86_64|amd64)
+ arch=x86_64 ;;
+ *)
+ arch="${BUILDSYS_ARCH}" ;;
+esac
+
# Unlz4 the root / data images
rootlz4="${BUILDSYS_OUTPUT_DIR}/${BUILDSYS_NAME_FULL}.img.lz4"
root_image="${rootlz4%.lz4}"
@@ -365,7 +375,7 @@ pubsys \
${PUBLISH_ROOT_VOLUME_SIZE:+--root-volume-size "${PUBLISH_ROOT_VOLUME_SIZE}"} \
--data-volume-size "${PUBLISH_DATA_VOLUME_SIZE}" \
\
- --arch "${BUILDSYS_ARCH}" \
+ --arch "${arch}" \
--name "${PUBLISH_AMI_NAME}" \
--description "${PUBLISH_AMI_DESCRIPTION:-${PUBLISH_AMI_NAME}}" \
${NO_PROGRESS:+--no-progress} \
diff --git a/tools/pubsys/Infra.toml.example b/tools/pubsys/Infra.toml.example
index 2dd8541..6446150 100644
--- a/tools/pubsys/Infra.toml.example
+++ b/tools/pubsys/Infra.toml.example
@@ -31,6 +31,11 @@ signing_keys = { default = { file = { path = "/home/user/key.pem" } } }
# The list of regions in which you want to publish AMIs. We register an AMI in
# the first region and copy it to all other regions.
regions = ["us-west-2", "us-east-1", "us-east-2"]
+# If specified, we use this named profile from ~/.aws/credentials, rather than
+# the default path of trying credentials from the environment, from a
+# credential process, from the default profile, and then from an IAM instance
+# profile.
+profile = "my-profile"
# If specified, we assume this role before making any API calls.
role = "arn:aws:iam::012345678901:role/assume-global"
diff --git a/tools/pubsys/src/aws/ami/mod.rs b/tools/pubsys/src/aws/ami/mod.rs
index d619456..1340654 100644
--- a/tools/pubsys/src/aws/ami/mod.rs
+++ b/tools/pubsys/src/aws/ami/mod.rs
@@ -85,8 +85,7 @@ pub(crate) async fn run(args: &Args, ami_args: &AmiArgs) -> Result<()> {
.map(|name| region_from_string(&name, &aws))
.collect::<Result<VecDeque<Region>>>()?;
- // Prefer to start with the first region in the aws.regions list, fall back to the region in
- // the profile, if they gave one, and finally fall back to the default region.
+ // We register in this base region first, then copy from there to any other regions.
let base_region = regions.pop_front().context(error::MissingConfig {
missing: "aws.regions",
})?;
diff --git a/tools/pubsys/src/aws/ami/register.rs b/tools/pubsys/src/aws/ami/register.rs
index 94a7e80..8e9a3cc 100644
--- a/tools/pubsys/src/aws/ami/register.rs
+++ b/tools/pubsys/src/aws/ami/register.rs
@@ -15,6 +15,7 @@ const DATA_DEVICE_NAME: &str = "/dev/xvdb";
const VIRT_TYPE: &str = "hvm";
const VOLUME_TYPE: &str = "gp2";
const SRIOV: &str = "simple";
+const ENA: bool = true;
/// Helper for `register_image`. Inserts registered snapshot IDs into `cleanup_snapshot_ids` so
/// they can be cleaned up on failure if desired.
@@ -96,7 +97,7 @@ async fn _register_image(
architecture: Some(ami_args.arch.clone()),
block_device_mappings: Some(vec![root_bdm, data_bdm]),
description: ami_args.description.clone(),
- ena_support: Some(true),
+ ena_support: Some(ENA),
name: ami_args.name.clone(),
root_device_name: Some(ROOT_DEVICE_NAME.to_string()),
sriov_net_support: Some(SRIOV.to_string()),
diff --git a/tools/pubsys/src/aws/ami/wait.rs b/tools/pubsys/src/aws/ami/wait.rs
index 23e7bb0..c1570e8 100644
--- a/tools/pubsys/src/aws/ami/wait.rs
+++ b/tools/pubsys/src/aws/ami/wait.rs
@@ -60,7 +60,7 @@ pub(crate) async fn wait_for_ami(
.context(error::DescribeImages {
region: region.name(),
})?;
- // The response contains an Option<Vec<Snapshot>>, so we have to check that we got a
+ // The response contains an Option<Vec<Image>>, so we have to check that we got a
// list at all, and then that the list contains the ID in question.
if let Some(images) = describe_response.images {
let mut saw_it = false;
@@ -94,7 +94,7 @@ pub(crate) async fn wait_for_ami(
}
}
if !saw_it {
- // Did not find snapshot in list; reset success count and try again (if we have spare attempts)
+ // Did not find image in list; reset success count and try again (if we have spare attempts)
successes = 0;
}
} else {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment