CloudyScripts 2.14.62 → 2.14.63

data/Rakefile

@@ -12,16 +12,17 @@ require 'rake/testtask'
 
 spec = Gem::Specification.new do |s|
   s.name = 'CloudyScripts'
-  #s.version = '2.14.54' #<number cloud-stacks supported>.<number cloud-scripts>.<counting releases>
-  s.version = '2.14.62' #<number cloud-stacks supported>.<number cloud-scripts>.<counting releases>
+  s.version = '2.14.63' #<number cloud-stacks supported>.<number cloud-scripts>.<counting releases>
   s.has_rdoc = true
   s.extra_rdoc_files = ['README.rdoc', 'LICENSE']
   s.summary = 'Scripts to facilitate programming for infrastructure clouds.'
   s.description = s.summary
   s.homepage = "http://elastic-security.com"
-  s.rubyforge_project = "cloudyscripts"
-  s.author = 'Matthias Jung'
-  s.email = 'matthias.jung@gmail.com'
+  s.rubyforge_project = "CloudyScripts"
+  #s.author = 'Matthias Jung'
+  s.authors = ['Matthias Jung', 'Frederic Donnat']
+  #s.email = 'matthias.jung@gmail.com'
+  s.email = ['matthias.jung@gmail.com', 'fred@secludit.com']
   # s.executables = ['your_executable_here']
   s.files = %w(LICENSE README.rdoc Rakefile) + Dir.glob("{bin,lib,spec}/**/*")
   s.require_path = "lib"

data/lib/help/ec2_helper.rb

@@ -130,7 +130,7 @@ class Ec2Helper
       end
       return amis['imagesSet']['item'][0][prop.to_s]
     rescue
-        raise Exception.new("image #{ami_id} not found")
+      raise Exception.new("image #{ami_id} not found")
     end
   end
 
@@ -146,7 +146,7 @@ class Ec2Helper
       end
       return amis['imagesSet']['item'][0]['blockDeviceMapping']['item'][0]['ebs'][prop.to_s]
     rescue
-        raise Exception.new("image #{ami_id} not found")
+      raise Exception.new("image #{ami_id} not found")
     end
   end
 
@@ -264,4 +264,10 @@ class Ec2Helper
     instance_info['instancesSet']['item'][0][prop.to_s]
   end
 
+  # Check if keypair exist
+  def check_keypair(keypair_name)
+    puts "check if '#{keypair_name}' keypair exists"
+    @ec2_api.describe_keypairs(:key_name => keypair_name)
+  end
+
 end

data/lib/help/helper.rb

@@ -35,3 +35,12 @@ def check_aws_desc(str)
     return false
   end
 end
+
+# Check SSH key for connecting AWS instance 
+# Constraints: A RSA Private Key
+def check_ssh_key(key)
+  priv_key = OpenSSL::PKey::RSA.new(key)
+  if !priv_key.private?()
+    raise Exception.new("Invalid SSH Key")
+  end
+end

data/lib/help/remote_command_handler.rb

@@ -69,6 +69,11 @@ class RemoteCommandHandler
     get_output("uname -r").strip
   end
 
+  # return teh result of mount
+  def mount_output()
+    get_output("mount").strip
+  end
+
   # Return all the partitions of a device
   def get_device_partition(device)
     get_output("ls #{device}*").strip
@@ -79,16 +84,18 @@ class RemoteCommandHandler
     get_output("sfdisk -d #{device}")
   end
 
-  # GSet the partition table of a device
+  # Set the partition table of a device
   def set_partition_table(device, partition_table)
     push_data = "\"" + partition_table.gsub(/\/dev\/(s|xv)d[a-z]/, "#{device}") + "\""
     remote_execute("sfdisk -f #{device}", push_data, nil)
   end
 
   # Get root partition label
+  # NB: add '/dev' detection in order to avoid entries containing 'rootfs'
   def get_root_device()
     #get_output("cat /etc/mtab | grep -E '[[:blank:]]+\/[[:blank:]]+' | cut -d ' ' -f 1").strip
-    get_output("mount | grep -E '[[:blank:]]+\/[[:blank:]]+' | cut -d ' ' -f 1").strip
+    #get_output("mount | grep -E '[[:blank:]]+\/[[:blank:]]+' | cut -d ' ' -f 1").strip
+    get_output("mount | grep -E '[[:blank:]]+\/[[:blank:]]+' | grep -E '\/dev' | cut -d ' ' -f 1").strip
   end
 
   # Get the device of a specific partition
@@ -385,9 +392,9 @@ class RemoteCommandHandler
       if sudo
         channel.request_pty do |ch, success|
           if success
-            @logger.debug("pty successfully obtained")
+            @logger.debug("pty successfully obtained") if debug
           else
-            @logger.debug("could not obtain pty")
+            @logger.debug("could not obtain pty") if debug
           end
         end
       end

data/lib/help/state_transition_helper.rb

@@ -39,11 +39,11 @@ module StateTransitionHelper
   # Returns:
   # * OS of the connected machine
   def connect(dns_name, user_name, ssh_keyfile = nil, ssh_keydata = nil,
-      trials = 10, wait_between_trials = 20)
+      trials = 10, wait_between_trials = 30)
     post_message("connecting '#{user_name}' to #{dns_name}...")
     connected = false
     last_connection_problem = ""
-    remaining_trials = trials-1
+    remaining_trials = trials
     while !connected && remaining_trials > 0
       remaining_trials -= 1
       if ssh_keyfile != nil
@@ -409,8 +409,8 @@ module StateTransitionHelper
         done = true
         timeout = 0
       end
-      sleep(5)
-      timeout -= 5
+      sleep(10)
+      timeout -= 10
     end
     msg = ""
     if !done
@@ -444,8 +444,8 @@ module StateTransitionHelper
         done = true
         timeout = 0
       end
-      sleep(5)
-      timeout -= 5
+      sleep(10)
+      timeout -= 10
     end
     msg = ""
     if !done
@@ -563,23 +563,26 @@ module StateTransitionHelper
     return image_id
   end
 
+  # Create a Security group with specific rules
+  # NB: - if the Security Group already exists add teh required rules if not present
+  #     - do not try to delete the Security Group because this will disallow multi-tasks and parallelization
   def create_security_group_with_rules(name, desc, rules)
     post_message("going to create '#{name}' Security Group...")
     @logger.debug "create Security Group (name: #{name}, desc: #{desc})"
     begin
-      res = ec2_handler().describe_security_groups(:group_name => name)
-      if res['securityGroupInfo']['item'].size > 0
-        @logger.warn "'#{name}' Security Group found. Another Security Group already exists with the same name. Deleting it first."
-        res = ec2_handler().delete_security_group(:group_name => name) 
-      end
-    rescue AWS::InvalidGroupNotFound => e
-      @logger.debug "'#{name}' Security Group not found."
+      res = ec2_handler().create_security_group(:group_name => name, :group_description => desc)
+    rescue AWS::InvalidGroupDuplicate => e
+      @logger.warn "'#{name}' Security Group already exists: #{e.to_s}"
+    ensure
+      rules.each(){ |rule|
+        begin
+          ec2_handler().authorize_security_group_ingress(:group_name => name,
+            :ip_protocol => rule[:ip_protocol], :from_port => rule[:from_port], :to_port => rule[:to_port], :cidr_ip => rule[:cidr_ip])
+        rescue AWS::InvalidPermissionDuplicate => e
+          @logger.warn "'#{rule[:proto].upcase()} (#{rule[:from_port]}-#{rule[:to_port]})' rule already exists: #{e.to_s}"
+        end
+      }
     end
-    res = ec2_handler().create_security_group(:group_name => name, :group_description => desc)
-    rules.each(){ |rule|
-      ec2_handler().authorize_security_group_ingress(:group_name => name,
-        :ip_protocol => rule[:ip_protocol], :from_port => rule[:from_port], :to_port => rule[:to_port], :cidr_ip => rule[:cidr_ip])
-    }
     return true
   end
 
@@ -605,9 +608,9 @@ module StateTransitionHelper
     @logger.debug "create filesystem on #{dns_name} to #{device}"
     status = remote_handler().create_filesystem("ext3", device)
     if status == false
-      raise Exception.new("failed to create ext3 filesystem on #{device} device on #{dns_name}")
+      raise Exception.new("Failed to create ext3 filesystem on #{device} device on #{dns_name}")
     end
-    post_message("filesystem system successfully created")
+    post_message("filesystem system successfully created on device #{device}")
   end
 
   # Create a file-system on a given machine (assumes to be connected already).
@@ -626,7 +629,7 @@ module StateTransitionHelper
     @logger.debug "create '#{fs_type}' filesystem on device '#{device}'"
     status = remote_handler().create_filesystem(fs_type, device)
     if status == false
-      raise Exception.new("failed to create #{type} filesystem on #{device} device on #{dns_name}")
+      raise Exception.new("Failed to create #{type} filesystem on #{device} device on #{dns_name}")
     end
     post_message("#{fs_type} filesystem system successfully created on device #{device}")
     if !label.nil? && !label.empty?
@@ -635,7 +638,7 @@ module StateTransitionHelper
       if remote_handler().set_device_label_ext(device, label, fs_type)
         post_message("label #{label} added to device #{device}")
       else
-        raise Exception.new("failed to add label #{label} to device #{device}")
+        raise Exception.new("Failed to add label #{label} to device #{device}")
       end
     end
   end
@@ -810,6 +813,9 @@ module StateTransitionHelper
   # Get root partition
   def get_root_device_name()
     post_message("Retrieving '/' root device name...")
+    @logger.debug "issuing very first mount..."
+    mount_output = remote_handler().mount_output()
+    @logger.debug "mount output:\n#{mount_output}"
     @logger.debug "get root device name"
     root_device = remote_handler().get_root_device()
     @logger.debug "Found '#{root_device}' as root device"
@@ -994,7 +1000,7 @@ module StateTransitionHelper
     post_message("going to zip the EBS volume")
     stderr = remote_handler().zip(source_dir, zip_file_dest+"/"+zip_file_name)
     if stderr.size > 0
-      @logger.info("zip operation generated error and might not be complete. output: #{stderr.join("\n")}")
+      @logger.warn("zip operation generated error and might not be complete. output: #{stderr.join("\n")}")
       post_message("zip operation generated error and might not be complete. output: #{stderr.join("\n")}")
     end
     post_message("EBS volume successfully zipped")

data/lib/scripts/ec2/ami2_ebs_conversion.rb

@@ -4,6 +4,7 @@ require "help/remote_command_handler"
 #require "help/dm_crypt_helper"
 require "help/ec2_helper"
 require "AWS"
+require "help/helper"
 
 # Creates a bootable EBS storage from an existing AMI.
 #
@@ -31,15 +32,23 @@ class Ami2EbsConversion < Ec2Script
   end
 
   def check_input_parameters()
-    if @input_params[:security_group_name] == nil
-      @input_params[:security_group_name] = "default"
-    end
     if @input_params[:ami_id] == nil && !(@input_params[:ami_id] =~ /^ami-.*$/)
       raise Exception.new("Invalid AMI ID specified: #{@input_params[:ami_id]}")
     end
     ec2_helper = Ec2Helper.new(@input_params[:ec2_api_handler])
+    # AWS Security Group
+    if @input_params[:security_group_name] == nil
+      @input_params[:security_group_name] = "default"
+    end
     if !ec2_helper.check_open_port(@input_params[:security_group_name], 22)
-      raise Exception.new("Port 22 must be opened for security group #{@input_params[:security_group_name]} to connect via SSH")
+      post_message("'#{@input_params[:security_group_name]}' Security Group not opened port 22 for connect via SSH in source region")
+      @input_params[:security_group_name] = nil
+    end
+    # AWS KeyPair
+    if @input_params[:key_name] == nil || @input_params[:key_name].empty?()
+      raise Exception.new("No KeyPair name specified")
+    else
+     ec2_helper.check_keypair(@input_params[:key_name])
     end
     if @input_params[:name] == nil
       @input_params[:name] = "Boot EBS (for AMI #{@input_params[:ami_id]}) at #{Time.now.strftime('%d/%m/%Y %H.%M.%S')}"
@@ -53,9 +62,16 @@ class Ami2EbsConversion < Ec2Script
     if @input_params[:root_device_name] == nil
       @input_params[:root_device_name] = "/dev/sda1"
     end
+    # SSH Parameters
     if @input_params[:ssh_username] == nil
       @input_params[:ssh_username] = "root"
     end
+    if @input_params[:ssh_keydata] == nil
+      raise Exception.new("No Private Key for source region")
+    else
+      post_message("Checking SSH key for source region...")
+      check_ssh_key(@input_params[:ssh_keydata])
+    end
     if @input_params[:connect_trials] == nil
       @input_params[:connect_trials] = 6
     end
@@ -84,6 +100,14 @@ class Ami2EbsConversion < Ec2Script
   class InitialState < Ami2EbsConversionState
     def enter
       puts "DEBUG: params: #{@context[:ami_id]}, #{@context[:key_name]}, #{@context[:security_group_name]}"
+      #XXX: create a CloudyScripts Security Group with TCP port 22 publicly opened
+      if @context[:security_group_name] == nil
+        @context[:security_group_name] = Ec2Script::CS_SEC_GRP_NAME
+        create_security_group_with_rules(@context[:security_group_name], Ec2Script::CS_SEC_GRP_DESC,
+          [{:ip_protocol => "tcp", :from_port => 22, :to_port => 22, :cidr_ip => "0.0.0.0/0"}])
+        post_message("'#{@context[:security_group_name]}' Security Group created with TCP port 22 publicly opened.")
+      end
+
       @context[:instance_id], @context[:dns_name], @context[:availability_zone], 
         @context[:kernel_id], @context[:ramdisk_id], @context[:architecture] =
         launch_instance(@context[:ami_id], @context[:key_name], @context[:security_group_name])
@@ -102,7 +126,7 @@ class Ami2EbsConversion < Ec2Script
   # Storage created. Attach it.
   class StorageCreated < Ami2EbsConversionState
     def enter
-      attach_volume(@context[:volume_id], @context[:instance_id], @context[:temp_device_name])
+      attach_volume(@context[:volume_id], @context[:instance_id], @context[:temp_device_name], Ec2Script::CS_AWS_TIMEOUT)
       StorageAttached.new(@context)
     end
   end

data/lib/scripts/ec2/copy_ami.rb

@@ -40,7 +40,8 @@ class CopyAmi < Ec2Script
   end
 
   def check_input_parameters()
-    if @input_params[:ami_id] == nil && !(@input_params[:ami_id] =~ /^ami-.*$/)
+    post_message("Checking parameters...")
+    if @input_params[:ami_id] == nil || !(@input_params[:ami_id] =~ /^ami-.*$/)
       raise Exception.new("Invalid AMI ID specified: #{@input_params[:ami_id]}")
     end
     ec2_helper = Ec2Helper.new(@input_params[:ec2_api_handler])
@@ -48,6 +49,29 @@ class CopyAmi < Ec2Script
       raise Exception.new("must be an EBS type image")
     end
     local_ec2_helper = ec2_helper
+    remote_ec2_helper = Ec2Helper.new(@input_params[:target_ec2_handler])
+    # AWS KeyPair
+    if @input_params[:source_key_name] == nil || @input_params[:source_key_name].empty?()
+      raise Exception.new("No KeyPair name specified for source region")
+    else
+      begin
+        local_ec2_helper.check_keypair(@input_params[:source_key_name])
+      rescue Exception => e
+        post_message("'#{@input_params[:source_key_name]}' Key pair not found in source region") 
+        raise Exception.new("source region: #{e.to_s}")
+      end
+    end
+    if @input_params[:target_key_name] == nil || @input_params[:target_key_name].empty?()
+      raise Exception.new("No KeyPair name specified for target region")
+    else
+      begin
+        remote_ec2_helper.check_keypair(@input_params[:target_key_name])
+      rescue Exception => e
+        post_message("'#{@input_params[:target_key_name]}' Key pair not found in target region") 
+        raise Exception.new("target region: #{e.to_s}")
+      end
+    end
+    # AWS SecurityGroup
     if @input_params[:source_security_group] == nil
       @input_params[:source_security_group] = "default"
     end
@@ -57,7 +81,6 @@ class CopyAmi < Ec2Script
     else
       post_message("'#{@input_params[:source_security_group]}' Security Group opened port 22 for connect via SSH in source region")
     end
-    remote_ec2_helper = Ec2Helper.new(@input_params[:target_ec2_handler])
     if @input_params[:target_security_group] == nil
       @input_params[:target_security_group] = "default"
     end
@@ -67,18 +90,41 @@ class CopyAmi < Ec2Script
     else
       post_message("'#{@input_params[:target_security_group]}' Security Group opened port 22 for connect via SSH in target region")
     end
+    # Device to use
     if @input_params[:root_device_name] == nil
       @input_params[:root_device_name] = "/dev/sda1"
     end
     if @input_params[:temp_device_name] == nil
       @input_params[:temp_device_name] = "/dev/sdj"
     end
+    # SSH Parameters
     if @input_params[:source_ssh_username] == nil
       @input_params[:source_ssh_username] = "root"
     end
     if @input_params[:target_ssh_username] == nil
       @input_params[:target_ssh_username] = "root"
     end
+    if @input_params[:source_ssh_keydata] == nil
+      raise Exception.new("No Private Key for source region")
+    else
+      begin
+        check_ssh_key(@input_params[:source_ssh_keydata])
+      rescue Exception => e
+        post_message("not a Private Key: #{e.to_s}")
+        raise Exception.new("Invalid Private Key for source region: #{e.to_s}")
+      end
+    end
+    if @input_params[:target_ssh_keydata] == nil
+      raise Exception.new("No Private Key for target region")
+    else
+      begin
+        check_ssh_key(@input_params[:target_ssh_keydata])
+      rescue Exception => e
+        post_message("not a Private Key: #{e.to_s}") 
+        raise Exception.new("Invalid Private Key for target region: #{e.to_s}")
+      end
+    end
+    # AWS Name and Description
     if @input_params[:description] == nil || !check_aws_desc(@input_params[:description])
       @input_params[:description] = "Created by CloudyScripts - #{self.class.name}"
     end
@@ -150,7 +196,8 @@ class CopyAmi < Ec2Script
         @context[:source_availability_zone])
       device = @context[:temp_device_name]
       mount_point = "/mnt/tmp_#{@context[:source_volume_id]}"
-      attach_volume(@context[:source_volume_id], @context[:source_instance_id], device)
+      #XXX: attach volume after root partition detection
+      #attach_volume(@context[:source_volume_id], @context[:source_instance_id], device)
       connect(@context[:source_dns_name], @context[:source_ssh_username], nil, @context[:source_ssh_keydata]) 
       # detect if there is a shift for device mapping (between AWS and the operating system of the system)
       root_device_name = get_root_device_name()
@@ -167,6 +214,9 @@ class CopyAmi < Ec2Script
         aws_device_letter.succ!
       end
 
+      # attach volume
+      attach_volume(@context[:source_volume_id], @context[:source_instance_id], device, Ec2Script::CS_AWS_TIMEOUT)
+
       device = "/dev/sd#{aws_device_letter}"
       # detect root partition vs root volume: simply check if we have several /dev/sdx* entries
       parts_count = get_partition_count(device)
@@ -229,7 +279,7 @@ class CopyAmi < Ec2Script
       @context[:target_volume_id] = create_volume(@context[:target_availability_zone], volume_size)
       device = @context[:temp_device_name]
       mount_point = "/mnt/tmp_#{@context[:target_volume_id]}"
-      attach_volume(@context[:target_volume_id], @context[:target_instance_id], device)
+      attach_volume(@context[:target_volume_id], @context[:target_instance_id], device, Ec2Script::CS_AWS_TIMEOUT)
       connect(@context[:target_dns_name], @context[:target_ssh_username], nil, @context[:target_ssh_keydata])
       # check if we need to create a partition table
       if !(@context[:partition_table] == nil)
@@ -332,6 +382,7 @@ class CopyAmi < Ec2Script
   # in the both regions.
   class AmiRegisteredState < CopyAmiState
     def enter()
+      post_message("Cleaning Source and Target Regions...")
       error = []
       local_region()
       begin

data/lib/scripts/ec2/copy_ami_test.rb

@@ -0,0 +1,449 @@
+require "help/script_execution_state"
+require "scripts/ec2/ec2_script"
+require "help/remote_command_handler"
+require "help/dm_crypt_helper"
+require "help/ec2_helper"
+require "AWS"
+require "help/helper"
+
+
+# Copy a given snapshot to another region
+# * start up instance in source-region, create a snapshot from the mounted EBS
+# * then create volume from snapshot, attach volume, and mount it
+# * start up instance in destination-region, create empty volume of same size, attache volume, and mount it
+# * copy the destination key to the source instance
+# * perform an rsynch
+#   sync -PHAXaz --rsh "ssh -i /home/${src_user}/.ssh/id_${dst_keypair}" --rsync-path "sudo rsync" ${src_dir}/ ${dst_user}@${dst_public_fqdn}:${dst_dir}/
+# * create a snapshot of the volume
+# * register the snapshot as AMI
+# * clean-up everything
+
+class CopyAmiTest < Ec2Script
+  # context information needed
+  # * the EC2 credentials (see #Ec2Script)
+  # * ami_id => the ID of the AMI to be copied in another region
+  # * target_ec2_handler => The EC2 handler connected to the region where the snapshot is being copied to
+  # * source_ssh_username => The username for ssh for source-instance (default = root)
+  # * source_key_name => Key name of the instance that manages the snaphot-volume in the source region
+  # * source_ssh_key_data => Key information for the security group that starts the AMI [if not set, use ssh_key_files]
+  # * source_ssh_key_files => Key information for the security group that starts the AMI
+  # * target_ssh_username => The username for ssh for target-instance (default = root)
+  # * target_key_name => Key name of the instance that manages the snaphot-volume in the target region
+  # * target_ssh_key_data => Key information for the security group that starts the AMI [if not set, use ssh_key_files]
+  # * target_ssh_key_files => Key information for the security group that starts the AMI
+  # * target_ami_id => ID of the AMI to start in the target region
+  # * name => name of new AMI to be created
+  # * description => description of new AMI to be created
+  
+  def initialize(input_params)
+    super(input_params)
+  end
+
+  def check_input_parameters()
+    post_message("Checking parameters...")
+    if @input_params[:ami_id] == nil || !(@input_params[:ami_id] =~ /^ami-.*$/)
+      raise Exception.new("Invalid AMI ID specified: #{@input_params[:ami_id]}")
+    end
+    ec2_helper = Ec2Helper.new(@input_params[:ec2_api_handler])
+    if ec2_helper.ami_prop(@input_params[:ami_id], 'rootDeviceType') != "ebs"
+      raise Exception.new("must be an EBS type image")
+    end
+    local_ec2_helper = ec2_helper
+    remote_ec2_helper = Ec2Helper.new(@input_params[:target_ec2_handler])
+    # AWS KeyPair
+    if @input_params[:source_key_name] == nil || @input_params[:source_key_name].empty?()
+      raise Exception.new("No KeyPair name specified for source region")
+    else
+      begin
+        local_ec2_helper.check_keypair(@input_params[:source_key_name])
+      rescue Exception => e
+        post_message("'#{@input_params[:source_key_name]}' Key pair not found in source region") 
+        raise Exception.new("source region: #{e.to_s}")
+      end
+    end
+    if @input_params[:target_key_name] == nil || @input_params[:target_key_name].empty?()
+      raise Exception.new("No KeyPair name specified for target region")
+    else
+      begin
+        remote_ec2_helper.check_keypair(@input_params[:target_key_name])
+      rescue Exception => e
+        post_message("'#{@input_params[:target_key_name]}' Key pair not found in target region") 
+        raise Exception.new("target region: #{e.to_s}")
+      end
+    end
+    # AWS SecurityGroup
+    if @input_params[:source_security_group] == nil
+      @input_params[:source_security_group] = "default"
+    end
+    if !local_ec2_helper.check_open_port(@input_params[:source_security_group], 22)
+      post_message("'#{@input_params[:source_security_group]}' Security Group not opened port 22 for connect via SSH in source region")
+      @input_params[:source_security_group] = nil
+    else
+      post_message("'#{@input_params[:source_security_group]}' Security Group opened port 22 for connect via SSH in source region")
+    end
+    if @input_params[:target_security_group] == nil
+      @input_params[:target_security_group] = "default"
+    end
+    if !remote_ec2_helper.check_open_port(@input_params[:target_security_group], 22)
+      post_message("'#{@input_params[:target_security_group]}' Security Group not opened port 22 for connect via SSH in target region")
+      @input_params[:target_security_group] = nil
+    else
+      post_message("'#{@input_params[:target_security_group]}' Security Group opened port 22 for connect via SSH in target region")
+    end
+    # Device to use
+    if @input_params[:root_device_name] == nil
+      @input_params[:root_device_name] = "/dev/sda1"
+    end
+    if @input_params[:temp_device_name] == nil
+      @input_params[:temp_device_name] = "/dev/sdj"
+    end
+    # SSH Parameters
+    if @input_params[:source_ssh_username] == nil
+      @input_params[:source_ssh_username] = "root"
+    end
+    if @input_params[:target_ssh_username] == nil
+      @input_params[:target_ssh_username] = "root"
+    end
+    if @input_params[:source_ssh_keydata] == nil
+      raise Exception.new("No Private Key for source region")
+    else
+      begin
+        check_ssh_key(@input_params[:source_ssh_keydata])
+      rescue Exception => e
+        post_message("not a Private Key: #{e.to_s}")
+        raise Exception.new("Invalid Private Key for source region: #{e.to_s}")
+      end
+    end
+    if @input_params[:target_ssh_keydata] == nil
+      raise Exception.new("No Private Key for target region")
+    else
+      begin
+        check_ssh_key(@input_params[:target_ssh_keydata])
+      rescue Exception => e
+        post_message("not a Private Key: #{e.to_s}") 
+        raise Exception.new("Invalid Private Key for target region: #{e.to_s}")
+      end
+    end
+    # AWS Name and Description
+    if @input_params[:description] == nil || !check_aws_desc(@input_params[:description])
+      @input_params[:description] = "Created by CloudyScripts - #{self.class.name}"
+    end
+    if @input_params[:name] == nil || !check_aws_name(@input_params[:name])
+      @input_params[:name] = "Created_by_CloudyScripts/#{self.class.name}_from_#{@input_params[:ami_id]}"
+    end
+  end
+
+  # Load the initial state for the script.
+  # Abstract method to be implemented by extending classes.
+  def load_initial_state()
+    CopyAmiTestState.load_state(@input_params)
+  end
+
+  private
+
+  # Here begins the state machine implementation
+  class CopyAmiTestState < ScriptExecutionState
+
+    def self.load_state(context)
+      InitialState.new(context)
+    end
+
+    def local_region
+      self.ec2_handler=(@context[:ec2_api_handler])
+    end
+
+    def remote_region
+      self.ec2_handler=(@context[:target_ec2_handler])
+    end
+  end
+
+  # Initial state: start up AMI in source region
+  class InitialState < CopyAmiTestState
+    def enter()
+      local_region()
+      #XXX: create a CloudyScripts Security Group with TCP port 22 publicly opened
+      if @context[:source_security_group] == nil
+        @context[:source_security_group] = Ec2Script::CS_SEC_GRP_NAME
+        create_security_group_with_rules(@context[:source_security_group], Ec2Script::CS_SEC_GRP_DESC, 
+          [{:ip_protocol => "tcp", :from_port => 22, :to_port => 22, :cidr_ip => "0.0.0.0/0"}])
+        post_message("'#{@context[:source_security_group]}' Security Group created with TCP port 22 publicly opened.")
+      end
+
+      @context[:source_instance_id], @context[:source_dns_name], @context[:source_availability_zone], 
+        @context[:kernel_id], @context[:ramdisk_id], @context[:architecture], @context[:root_device_name] =
+        launch_instance(@context[:ami_id], @context[:source_key_name], @context[:source_security_group])
+      ec2_helper = Ec2Helper.new(@context[:ec2_api_handler])
+      @context[:ebs_volume_id] = ec2_helper.get_attached_volumes(@context[:source_instance_id])[0]['volumeId']	#TODO: what when more root devices?
+
+      SourceInstanceLaunchedState.new(@context)
+    end
+  end
+
+  # Source is started. Create a snapshot on the volume that is linked to the instance.
+  class SourceInstanceLaunchedState < CopyAmiTestState
+    def enter()
+      @context[:snapshot_id] = create_snapshot(@context[:ebs_volume_id], 
+        "Created by CloudyScripts - #{self.get_superclass_name()} from #{@context[:ebs_volume_id]}")
+
+      AmiSnapshotCreatedState.new(@context)
+    end
+  end
+
+  # Snapshot is created from the AMI. Create a volume from the snapshot, attach and mount the volume as second device.
+  class AmiSnapshotCreatedState < CopyAmiTestState
+    def enter()
+      @context[:source_volume_id] = create_volume_from_snapshot(@context[:snapshot_id],
+        @context[:source_availability_zone])
+      device = @context[:temp_device_name]
+      mount_point = "/mnt/tmp_#{@context[:source_volume_id]}"
+      #XXX: attach volume after root partition detection
+      attach_volume(@context[:source_volume_id], @context[:source_instance_id], device)
+      connect(@context[:source_dns_name], @context[:source_ssh_username], nil, @context[:source_ssh_keydata]) 
+      # detect if there is a shift for device mapping (between AWS and the operating system of the system)
+      root_device_name = get_root_device_name()
+      # detect letters
+      aws_root_device = @context[:root_device_name]
+      aws_letter = aws_root_device.split('/')[2].gsub('sd', '').gsub('xvd', '').gsub(/[0-9]/, '')
+      os_letter = root_device_name.split('/')[2].gsub('sd', '').gsub('xvd', '').gsub(/[0-9]/, '')
+      aws_device_letter = device.split('/')[2].gsub('sd', '').gsub('xvd', '').gsub(/[0-9]/, '')
+      if !aws_letter.eql?(os_letter)
+        post_message("Detected specific kernel with shift between AWS and Kernel OS for device naming: '#{aws_root_device}' vs '#{root_device_name}'")
+      end
+      while !aws_letter.eql?(os_letter)
+        aws_letter.succ!
+        aws_device_letter.succ!
+      end
+
+      # attach volume
+      #attach_volume(@context[:source_volume_id], @context[:source_instance_id], device)
+
+      device = "/dev/sd#{aws_device_letter}"
+      # detect root partition vs root volume: simply check if we have several /dev/sdx* entries
+      parts_count = get_partition_count(device)
+      if parts_count >= 2
+        # retrieve partition table, in order to restore it in the target region
+        post_message("Detected specific volume with a valid partition table on device '#{device}'...")
+        partition_table = get_partition_table(device)
+        @context[:partition_table] = partition_table
+        #XXX: HANDLE at a LOWER LEVEL
+        # update partition table with device
+        # s/device/@context[:temp_device_name]/ on partition table 
+        #@context[:partition_table] = partition_table.gsub("#{device}", "#{@context[:temp_device_name]}")
+        # retrieve the root partition number
+        os_nb = root_device_name.split('/')[2].gsub('sd', '').gsub('xvd', '').gsub(/[a-z]/, '')
+        device = device + os_nb
+        @context[:root_partition_nb] = os_nb
+        post_message("Using root partition: '#{device}'...")
+      end
+      post_message("Using AWS name '#{@context[:temp_device_name]}' and OS name '#{device}'")
+      mount_fs(mount_point, device)
+      # get root partition label and filesystem type
+      #@context[:label] = get_root_partition_label()
+      #@context[:fs_type] = get_root_partition_fs_type()
+      @context[:fs_type], @context[:label] = get_root_partition_fs_type_and_label()
+      disconnect()
+
+      #XXX: go to clean up state
+      #SourceVolumeReadyState.new(@context)
+      AmiRegisteredState.new(@context)      
+    end
+  end
+
+  # Source is ready. Now start instance in the target region
+  class SourceVolumeReadyState < CopyAmiTestState
+    def enter()
+      remote_region()
+      #XXX: create a CloudyScripts Security Group with TCP port 22 publicly opened
+      if @context[:target_security_group] == nil
+        @context[:target_security_group] = Ec2Script::CS_SEC_GRP_NAME
+        create_security_group_with_rules(@context[:target_security_group], Ec2Script::CS_SEC_GRP_DESC, 
+          [{:ip_protocol => "tcp", :from_port => 22, :to_port => 22, :cidr_ip => "0.0.0.0/0"}])
+        post_message("'#{@context[:target_security_group]}' Security Group created with TCP port 22 publicly opened.")
+      end
+
+      result = launch_instance(@context[:target_ami_id], @context[:target_key_name], @context[:target_security_group])
+      @context[:target_instance_id] = result.first
+      @context[:target_dns_name] = result[1]
+      @context[:target_availability_zone] = result[2]
+
+      TargetInstanceLaunchedState.new(@context)
+    end
+  end
+
+  # Destination instance is started. Now configure storage.
+  class TargetInstanceLaunchedState < CopyAmiTestState
+    def enter()
+      local_region()
+      ec2_helper = Ec2Helper.new(@context[:ec2_api_handler])
+      volume_size = ec2_helper.snapshot_prop(@context[:snapshot_id], :volumeSize).to_i
+      #
+      remote_region()
+      @context[:target_volume_id] = create_volume(@context[:target_availability_zone], volume_size)
+      device = @context[:temp_device_name]
+      mount_point = "/mnt/tmp_#{@context[:target_volume_id]}"
+      attach_volume(@context[:target_volume_id], @context[:target_instance_id], device)
+      connect(@context[:target_dns_name], @context[:target_ssh_username], nil, @context[:target_ssh_keydata])
+      # check if we need to create a partition table
+      if !(@context[:partition_table] == nil)
+        post_message("Creating a partition table on device '#{device}'...")
+        set_partition_table(device, @context[:partition_table])
+        #XXX: HANDLE at a LOWER LEVEL
+        # before adding partition table, adjust device name
+        #set_partition_table(device, @context[:partition_table].gsub(/\/dev\/(s|xv)d[a-z]/, "#{@context[:temp_device_name]}"))
+        # adjust partition to mount
+        device = device + @context[:root_partition_nb]
+      end
+      # make root partition
+      create_labeled_fs(@context[:target_dns_name], device, @context[:fs_type], @context[:label])
+      mount_fs(mount_point, device)
+      disconnect()
+
+      TargetVolumeReadyState.new(@context)
+    end
+  end
+
+  # Storages are ready. Only thing missing: the key of the target region
+  # must be available on the instance in the source region to be able to perform
+  # a remote copy.
+  class TargetVolumeReadyState < CopyAmiTestState
+    def enter()
+      post_message("upload key of target-instance to source-instance...")
+      path_candidates = ["/#{@context[:source_ssh_username]}/.ssh/",
+        "/home/#{@context[:source_ssh_username]}/.ssh/"]
+      key_path = determine_file(@context[:source_dns_name], @context[:source_ssh_username], @context[:source_ssh_keydata], path_candidates)
+      #XXX: fix the problem fo key name with white space
+      #upload_file(@context[:source_dns_name], @context[:source_ssh_username], @context[:source_ssh_keydata],
+      #  @context[:target_ssh_keyfile], "#{key_path}#{@context[:target_key_name]}.pem")
+      upload_file(@context[:source_dns_name], @context[:source_ssh_username], @context[:source_ssh_keydata],
+        @context[:target_ssh_keyfile], "#{key_path}#{@context[:target_key_name].gsub(/\s+/, '_')}.pem")
+      post_message("credentials are in place to connect source and target.")
+
+      KeyInPlaceState.new(@context)
+    end
+  end
+
+  # Now we can copy.
+  class KeyInPlaceState < CopyAmiTestState
+    def enter()
+      connect(@context[:target_dns_name], @context[:target_ssh_username], nil, @context[:target_ssh_keydata])
+      disable_ssh_tty(@context[:target_dns_name])
+      disconnect()
+      #
+      connect(@context[:source_dns_name], @context[:source_ssh_username], nil, @context[:source_ssh_keydata])
+      source_dir = "/mnt/tmp_#{@context[:source_volume_id]}/"
+      dest_dir = "/mnt/tmp_#{@context[:target_volume_id]}"
+      #XXX: fix the problem fo key name with white space
+      #remote_copy(@context[:source_ssh_username], @context[:target_key_name], source_dir, 
+      #  @context[:target_dns_name], @context[:target_ssh_username], dest_dir)
+      remote_copy(@context[:source_ssh_username], @context[:target_key_name].gsub(/\s+/, '_'), source_dir, 
+        @context[:target_dns_name], @context[:target_ssh_username], dest_dir)
+      disconnect()
+      #
+      connect(@context[:target_dns_name], @context[:target_ssh_username], nil, @context[:target_ssh_keydata])
+      enable_ssh_tty(@context[:target_dns_name])
+      unmount_fs(dest_dir)
+      disconnect()
+
+      DataCopiedState.new(@context)
+    end
+  end
+
+  # Data of snapshot now copied to the new volume. Create a snapshot of the
+  # new volume.
+  class DataCopiedState < CopyAmiTestState
+    def enter()
+      remote_region()
+      @context[:new_snapshot_id] = create_snapshot(@context[:target_volume_id], 
+        "Created by CloudyScripts - #{self.get_superclass_name()} from #{@context[:target_volume_id]}")
+
+      TargetSnapshotCreatedState.new(@context)
+    end
+  end
+
+  # Snapshot Operation done. Now this snapshot must be registered as AMI
+  class TargetSnapshotCreatedState < CopyAmiTestState
+    def enter()
+      remote_region()
+      # Get Amazon Kernel Image ID
+      aki = get_aws_kernel_image_aki(@context[:source_availability_zone], @context[:kernel_id],
+        @context[:target_availability_zone])
+      device = @context[:root_device_name]
+      if !(@context[:partition_table] == nil)
+        device.gsub!(/[0-9]/, '')
+        post_message("Using BlockDevice for snapshot registration rather than RootDevice '#{device}' due to a valid partition table on device...")
+      end
+      @context[:result][:image_id] = register_snapshot(@context[:new_snapshot_id], @context[:name],
+        device, @context[:description], aki, nil, @context[:architecture])
+
+      AmiRegisteredState.new(@context)
+    end
+  end
+
+  # AMI is registered. Now only cleanup is missing, i.e. shut down instances and
+  # remote the volumes that were created. Start with cleaning the ressources
+  # in the both regions.
+  class AmiRegisteredState < CopyAmiTestState
+    def enter()
+       post_message("Cleaning Source and Target Regions...")
+      error = []
+      local_region()
+      begin
+        shut_down_instance(@context[:source_instance_id])
+      rescue Exception => e
+        error << e
+        post_message("Unable to shutdown instance '#{@context[:source_instance_id]}' in source region: #{e.to_s}")
+      end
+      begin
+        delete_volume(@context[:source_volume_id])
+      rescue Exception => e
+        error << e
+        post_message("Unable to delete volume '#{@context[:source_volume_id]}' in source region: #{e.to_s}")
+      end
+      begin
+        delete_snapshot(@context[:snapshot_id])
+      rescue Exception => e
+        error << e
+        post_message("Unable to delete snapshot '#{@context[:snapshot_id]}' in source region: #{e.to_s}")
+      end
+      #XXX: delete Security Group according to its name
+      if @context[:source_security_group].eql?(Ec2Script::CS_SEC_GRP_NAME)
+        begin
+          delete_security_group(@context[:source_security_group])
+        rescue Exception => e
+          error << e
+          post_message("Unable to delete Security Group '#{@context[:source_security_group]}' in source region: #{e.to_s}")
+        end
+      end
+      #
+      remote_region()
+      begin
+        shut_down_instance(@context[:target_instance_id])
+      rescue Exception => e
+        error << e
+        post_message("Unable to shutdown instance '#{@context[:target_instance_id]}' in target region: #{e.to_s}")
+      end
+      begin
+        delete_volume(@context[:target_volume_id])
+      rescue Exception => e
+        error << e
+        post_message("Unable to delete volume '#{@context[:target_volume_id]}' in target region: #{e.to_s}")
+      end
+      #XXX: delete Security Group according to its name
+      if @context[:target_security_group].eql?(Ec2Script::CS_SEC_GRP_NAME)
+        begin
+          delete_security_group(@context[:target_security_group])
+        rescue
+          error << e
+          post_message("Unable to delete Security Group '#{@context[:target_security_group]}' in target region: #{e.to_s}")
+        end
+      end
+
+      if error.size() > 0
+        raise Exception.new("Cleanup error(s)")
+      end
+
+      Done.new(@context)
+    end
+  end
+
+end