amigrind 0.1.1

data/lib/amigrind/blueprints/parent_blueprint_source.rb

@@ -0,0 +1,10 @@
+module Amigrind
+  module Blueprints
+    class ParentBlueprintSource
+      include Virtus.model(constructor: false, mass_assignment: false)
+
+      attribute :name, String
+      attribute :channel, Symbol
+    end
+  end
+end

data/lib/amigrind/blueprints/provisioner.rb

@@ -0,0 +1,20 @@
+module Amigrind
+  module Blueprints
+    class Provisioner
+      include Virtus.model(constructor: false, mass_assignment: false)
+
+      attribute :name, String
+      attribute :weight, Fixnum
+
+      def racker_name
+        "#{name}-#{weight}-#{self.class.name.demodulize}"
+      end
+
+      def to_racker_hash
+        raise "#{self.class.name}#to_racker_hash must be implemented."
+      end
+    end
+  end
+end
+
+Dir["#{__dir__}/provisioners/**.rb"].each { |f| require_relative f }

data/lib/amigrind/blueprints/provisioners/file_upload.rb

@@ -0,0 +1,29 @@
+module Amigrind
+  module Blueprints
+    module Provisioners
+      class FileUpload < Amigrind::Blueprints::Provisioner
+        attribute :source, String
+        attribute :destination, String
+        attribute :direction_method, String
+
+        def direction=(dir)
+          case dir
+          when :download, :upload
+            @direction_method = dir.to_s
+          else
+            raise "unrecognized 'direction': #{dir}"
+          end
+        end
+
+        def to_racker_hash
+          {
+            type: 'file',
+            source: @source,
+            destination: @destination,
+            direction: @direction_method
+          }.delete_if { |_, v| v.nil? }
+        end
+      end
+    end
+  end
+end

data/lib/amigrind/blueprints/provisioners/local_shell.rb

@@ -0,0 +1,28 @@
+module Amigrind
+  module Blueprints
+    module Provisioners
+      class LocalShell < Amigrind::Blueprints::Provisioner
+        attribute :inline, Array[String]
+
+        def command=(cmd)
+          raise "'command' must be a String or an array of String." \
+            unless cmd.is_a?(String) ||
+                   (cmd.respond_to?(:all?) && cmd.all? { |l| l.is_a?(String) })
+
+          if cmd.is_a?(String)
+            @inline = cmd.split("\n")
+          else
+            @inline = cmd
+          end
+        end
+
+        def to_racker_hash
+          {
+            type: 'shell-local',
+            command: @inline.join("\n")
+          }
+        end
+      end
+    end
+  end
+end

data/lib/amigrind/blueprints/provisioners/remote_shell.rb

@@ -0,0 +1,57 @@
+module Amigrind
+  module Blueprints
+    module Provisioners
+      class RemoteShell < Amigrind::Blueprints::Provisioner
+        attribute :inline, Array[String]
+        attribute :scripts, Array[String]
+        attribute :binary, Boolean
+        attribute :env_vars, Hash[String => String]
+        attribute :execute_command, String
+        attribute :inline_shebang, String
+        attribute :remote_path, String
+        attribute :skip_clean, Boolean
+        attribute :start_retry_timeout, ActiveSupport::Duration
+
+        def run_as_root!
+          @execute_command = "{{ .Vars }} sudo -E -S sh '{{ .Path }}'"
+        end
+
+        def command=(cmd)
+          raise "'command' must be a String or an array of String." \
+            unless cmd.is_a?(String) ||
+                   (cmd.respond_to?(:all?) && cmd.all? { |l| l.is_a?(String) })
+
+          @inline = cmd.is_a?(String) ? cmd.split("\n") : cmd
+        end
+
+        def environment_vars=(vars)
+          raise "'vars' must be a Hash with Symbol or String keys and stringable values." \
+            unless vars.all? { |k, v| (k.is_a?(Symbol) || k.is_a?(String)) && v.respond_to?(:to_s)}
+
+          @env_vars =
+            (@env_vars || {}).merge(vars.map { |k, v| [ k.to_s, v.to_s ] }.to_h)
+        end
+
+        def to_racker_hash
+          # This trims leading whitespace off of heredoc commands, but leaves
+          # them as inlines. They're easier to read when you have to look at the Packer
+          # output when you do this.
+          trim_count = @inline.map { |line| line[/\A */].size }.min
+          lines = @inline.map { |line| line[trim_count..-1] }
+
+          {
+            type: 'shell',
+            binary: @binary,
+            inline: lines,
+            scripts: @scripts,
+            environment_vars: (@env_vars || {}).map { |k, v| "#{k}=#{v}" },
+            execute_command: @execute_command,
+            inline_shebang: @inline_shebang,
+            start_retry_timeout:
+              @start_retry_timeout.nil? ? nil : "#{@start_retry_timeout}s"
+          }
+        end
+      end
+    end
+  end
+end

data/lib/amigrind/build/packer_runner.rb

@@ -0,0 +1,106 @@
+module Amigrind
+  module Build
+    class PackerRunner
+      include Virtus.model
+      include Amigrind::Core::Logging::Mixin
+
+      attribute :template, Hash
+      attribute :amigrind_client, Amigrind::Core::Client
+      attribute :blueprint, Amigrind::Blueprints::Blueprint
+      attribute :repo, Amigrind::Repo
+
+      def initialize(template, amigrind_client, blueprint, repo)
+        @template = template
+        @amigrind_client = amigrind_client
+        @blueprint = blueprint
+        @repo = repo
+      end
+
+      def run
+        credentials = @amigrind_client.credentials
+
+        aws_env_vars =
+          case credentials.class
+          when Aws::Credentials
+            "AWS_ACCESS_KEY_ID='#{access_key}' AWS_SECRET_ACCESS_KEY='#{secret_key}'"
+            {
+              'AWS_ACCESS_KEY_ID' => credentials.access_key_id,
+              'AWS_SECRET_ACCESS_KEY' => credentials.instance_variable_get(:@secret_access_key)
+            }
+          when Aws::SharedCredentials
+            {
+              'AWS_PROFILE' => credentials.profile_name,
+              'AWS_DEFAULT_PROFILE' => credentials.profile_name
+            }
+          else
+            {}
+          end
+
+        thread = nil
+        retval = {
+          region: @blueprint.aws.region,
+          spools: { stdout: [], stderr: [] }
+        }
+
+        Dir.chdir @repo.path do
+          Open3.popen3(aws_env_vars, 'packer build -machine-readable -') do |i, o, e, thr|
+            thread = thr
+            retval[:pid] = thread.pid
+
+            i.write @template
+            i.flush
+            i.close_write
+
+            streams = [ o, e ]
+
+            stream_names = { o.fileno => :stdout, e.fileno => :stderr }
+
+            until streams.find { |f| !f.eof }.nil?
+              ready = IO.select(streams)
+
+              if ready
+                readable_streams = ready[0]
+
+                readable_streams.each do |stream|
+                  stream_name = stream_names[stream.fileno]
+
+                  begin
+                    data = stream.read_nonblock(8192).strip
+                    debug_log data
+
+                    retval[:spools][stream_name] << data
+                    tokens = data.split(',')
+
+                    unless tokens.empty?
+                      if stream != o || tokens[2] == 'ui'
+                        tokens.last.split('\n').each do |log_line|
+                          info_log "packer | #{log_line.gsub('%!(PACKER_COMMA)', ',')}"
+                        end
+                      end
+
+                      if tokens[2] == 'artifact' && tokens[4] == 'id'
+                        retval[:amis] =
+                          tokens[5].split('%!(PACKER_COMMA)').map { |pair| pair.split(':') }.to_h
+                      end
+                    end
+                  rescue EOFError => _
+                    debug_log "#{stream_name} eof"
+                    streams.delete stream # this is necessary, otherwise
+                  end
+                end
+              end
+            end
+          end
+        end
+
+        retval[:success] = thread.value.success?
+        retval[:exit_code] = thread.value.exitstatus
+
+        raise "ERROR: packer returned successfully, but couldn't parse AMIs?" \
+          if retval[:success] && (retval[:amis].nil? || retval[:amis].empty?)
+
+        retval
+      end
+    end
+  end
+end

data/lib/amigrind/build/rackerizer.rb

@@ -0,0 +1,134 @@
+module Amigrind
+  module Build
+    class Rackerizer
+      include Amigrind::Core::Logging::Mixin
+      include Virtus.model(constructor: false, mass_assignment: false)
+
+      attribute :amigrind_client, Amigrind::Core::Client
+      attribute :blueprint, Amigrind::Blueprints::Blueprint
+      attribute :repo, Amigrind::Repo
+
+      def initialize(amigrind_client, blueprint, repo)
+        @amigrind_client = amigrind_client
+        @blueprint = blueprint
+        @repo = repo
+      end
+
+      def rackerize
+        t = Racker::Template.new
+
+        do_builder(t)
+        do_provisioners(t)
+
+        JSON.pretty_generate(t.to_packer)
+      end
+
+      private
+
+      def do_builder(t)
+        latest_build =
+          @amigrind_client.get_image_by_channel(name: @blueprint.name, channel: :latest)
+        build_id =
+          if latest_build.nil?
+            1
+          else
+            latest_build.tags.find { |t| t.key == Amigrind::Core::AMIGRIND_ID_TAG }.value.to_i + 1
+          end
+
+        source_ami =
+          if @blueprint.source.is_a?(Amigrind::Blueprints::BaseAMISource)
+            ami_id = @blueprint.source.ids[@blueprint.aws.region]
+
+            raise "source AMI was not provided for region #{@blueprint.aws.region}." if ami_id.nil?
+            ami_id
+          elsif @blueprint.source.is_a?(Amigrind::Blueprints::ParentBlueprintSource)
+            parent_name = @blueprint.source.name
+            parent_channel = @blueprint.source.channel
+
+            parent_image =
+              @amigrind_client.get_image_by_channel(name: parent_name,
+                                                    channel: parent_channel)
+
+            raise "parent image (#{parent_name} #{parent_channel}) not found." if parent_image.nil?
+
+            parent_image.id
+          else
+            raise "blueprint source is unrecognized (#{@blueprint.source.class})"
+          end
+
+        raise "source_ami is nil; check to make sure!" if source_ami.nil?
+
+        amigrind_tags = {
+          Amigrind::Core::AMIGRIND_NAME_TAG => @blueprint.name,
+          Amigrind::Core::AMIGRIND_ID_TAG => build_id
+        }.delete_if { |_, v| v.nil? }
+
+        unless @blueprint.build_channel.nil?
+          channel_tag =
+            Amigrind::Core::AMIGRIND_CHANNEL_TAG % { channel_name: @blueprint.build_channel }
+          amigrind_tags[channel_tag] = 1
+        end
+
+        unless parent_image.nil? # we're in a parented image
+          amigrind_tags[Amigrind::Core::AMIGRIND_PARENT_NAME_TAG] = @blueprint.source.name
+          amigrind_tags[Amigrind::Core::AMIGRIND_PARENT_ID_TAG] =
+            parent_image.tags.find { |t| t.key == Amigrind::Core::AMIGRIND_ID_TAG }.value
+        end
+
+        # Note that we do not pull in credentials here! That would fail hilariously and
+        # with much gnashing of teeth if we're on an instance with IAM credentials.
+        # Instead, when we execute Packer on this script, we pass along environment
+        # variables containing AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY or AWS_PROFILE,
+        # like a boss or boss-shaped object.
+        #
+        # This also lets us avoid having sensitive information in the Packer file that
+        # we might, say, print to stdout.
+        builder = {
+          type: 'amazon-ebs',
+          ami_name: "#{@blueprint.name}-#{build_id.to_s.rjust(6, '0')}",
+          source_ami: source_ami,
+
+          instance_type: @blueprint.aws.instance_type,
+          ssh_username: @blueprint.aws.ssh_username,
+
+          region: @blueprint.aws.region,
+          ami_regions: @blueprint.aws.copy_regions,
+
+          ami_description: @blueprint.description,
+
+          launch_block_device_mappings: @blueprint.aws.launch_block_device_mappings,
+          ami_block_device_mappings: @blueprint.aws.ami_block_device_mappings,
+
+          associate_public_ip_address: @blueprint.aws.associate_public_ip_address,
+          ebs_optimized: @blueprint.aws.ebs_optimized,
+          enhanced_networking: @blueprint.aws.enhanced_networking,
+          force_deregister: false, # no, this will not be allowed
+          iam_instance_profile: @blueprint.aws.iam_instance_profile,
+          run_tags: @blueprint.aws.run_tags,
+          run_volume_tags: @blueprint.aws.run_volume_tags,
+          security_group_ids: @blueprint.aws.security_group_ids,
+          ssh_keypair_name: @blueprint.aws.ssh_keypair_name,
+          ssh_private_ip: @blueprint.aws.ssh_private_ip,
+          subnet_id: @blueprint.aws.subnet_ids.sample, # randomly select from allowed subnets
+          user_data: @blueprint.aws.user_data,
+          vpc_id: @blueprint.aws.vpc_id,
+
+          tags: amigrind_tags
+        }
+        builder[:windows_password_timeout] = "#{@blueprint.aws.windows_password_timeout}s" \
+          unless @blueprint.aws.windows_password_timeout.nil?
+
+        t.builders['amigrind'] = builder.delete_if { |_, v| [ nil, [], {} ].include?(v) }.deep_stringify_keys
+      end
+
+      def do_provisioners(t)
+        @blueprint.provisioners.each do |provisioner|
+          t.provisioners[provisioner.weight.to_i] = {}
+          rh = provisioner.to_racker_hash
+          rh.delete_if { |k, v| v.nil? || v == [] }
+          t.provisioners[provisioner.weight.to_i][provisioner.racker_name] = rh
+        end
+      end
+    end
+  end
+end

data/lib/amigrind/builder.rb

@@ -0,0 +1,46 @@
+module Amigrind
+  class Builder
+    include Virtus.model
+    include Amigrind::Core::Logging::Mixin
+
+    attribute :blueprint, Amigrind::Blueprints::Blueprint
+    attribute :repo, Amigrind::Repo
+
+    def initialize(aws_credentials, blueprint, repo)
+      @blueprint = blueprint
+      @repo = repo
+
+      @amigrind_client = Amigrind::Core::Client.new(@blueprint.aws.region, aws_credentials)
+    end
+
+    def build
+      lint
+      template = rackerize
+
+      run(template)
+    end
+
+    def lint
+      errors = []
+
+      errors << "No channel set in the blueprint; this will result in " \
+                "an image that can only be retrieved via :latest, which " \
+                "you may not want." if @blueprint.build_channel.nil?
+
+      errors.each { |e| warn_log(e) }
+    end
+
+    def rackerize
+      template = Build::Rackerizer.new(@amigrind_client, @blueprint, @repo).rackerize
+    end
+
+    private
+
+    def run(template)
+      runner = Build::PackerRunner.new(template, @amigrind_client, @blueprint, @repo)
+
+      runner.run
+    end
+
+  end
+end

data/lib/amigrind/cli.rb

@@ -0,0 +1,12 @@
+require 'amigrind'
+require 'cri'
+
+Dir["#{__dir__}/cli/**/*.rb"].each { |f| require_relative f }
+
+module Amigrind
+  module CLI
+    def self.run(args)
+      ROOT.run(args)
+    end
+  end
+end