Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

Make AMI public on creation (#426)

Browse Source
This commit is contained in:
Malte Poll 2022-11-03 15:22:51 +01:00 committed by GitHub
parent 7ad55af07c
commit 4a7024c469
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/build-os-image.yml vendored
View File

@ -97,6 +97,7 @@ jobs:
image-raw-manifest-gcp-sha256: ${{ steps.collect-hashes.outputs.image-raw-manifest-gcp-sha256 }} image-raw-manifest-gcp-sha256: ${{ steps.collect-hashes.outputs.image-raw-manifest-gcp-sha256 }}
image-raw-manifest-qemu-sha256: ${{ steps.collect-hashes.outputs.image-raw-manifest-qemu-sha256 }} image-raw-manifest-qemu-sha256: ${{ steps.collect-hashes.outputs.image-raw-manifest-qemu-sha256 }}
strategy: strategy:
fail-fast: false
matrix: matrix:
csp: [aws, azure, gcp, qemu] csp: [aws, azure, gcp, qemu]
steps: steps:
@ -195,6 +196,7 @@ jobs:
id-token: write id-token: write
contents: read contents: read
strategy: strategy:
fail-fast: false
matrix: matrix:
csp: [aws, azure, gcp] csp: [aws, azure, gcp]
upload-variant: [""] upload-variant: [""]
@ -376,6 +378,7 @@ jobs:
needs: [make-os-image] needs: [make-os-image]
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
strategy: strategy:
fail-fast: false
matrix: matrix:
csp: [aws, azure, gcp, qemu] csp: [aws, azure, gcp, qemu]
steps: steps:

13
image/upload/upload_aws.sh
View File

@ -83,6 +83,15 @@ tag_ami_with_backing_snapshot() {
--tags "Key=Name,Value=${AWS_IMAGE_NAME}" --tags "Key=Name,Value=${AWS_IMAGE_NAME}"
} }
make_ami_public() {
local ami_id=$1
local region=$2
aws ec2 modify-image-attribute \
--region "${region}" \
--image-id "${ami_id}" \
--launch-permission "Add=[{Group=all}]"
}
create_ami_from_raw_disk() { create_ami_from_raw_disk() {
echo "Uploading raw disk image to S3" echo "Uploading raw disk image to S3"
aws s3 cp "${AWS_IMAGE_PATH}" "s3://${AWS_BUCKET}/${AWS_IMAGE_FILENAME}" --no-progress aws s3 cp "${AWS_IMAGE_PATH}" "s3://${AWS_BUCKET}/${AWS_IMAGE_FILENAME}" --no-progress
@ -116,6 +125,7 @@ create_ami_from_raw_disk() {
IMAGE_ID=$(echo $REGISTER_OUT | jq -r '.ImageId') IMAGE_ID=$(echo $REGISTER_OUT | jq -r '.ImageId')
AMI_FOR_REGION=( ["${AWS_REGION}"]="${IMAGE_ID}") AMI_FOR_REGION=( ["${AWS_REGION}"]="${IMAGE_ID}")
tag_ami_with_backing_snapshot "${IMAGE_ID}" "${AWS_REGION}" tag_ami_with_backing_snapshot "${IMAGE_ID}" "${AWS_REGION}"
make_ami_public "${IMAGE_ID}" "${AWS_REGION}"
echo "Imported initial AMI as ${IMAGE_ID} in ${AWS_REGION}" echo "Imported initial AMI as ${IMAGE_ID} in ${AWS_REGION}"
} }
@ -138,9 +148,10 @@ create_ami_from_raw_disk
for region in ${AWS_REPLICATION_REGIONS}; do for region in ${AWS_REPLICATION_REGIONS}; do
replicate_ami "${region}" replicate_ami "${region}"
done done
# wait for all images to be available and tag them # wait for all images to be available and tag + publish them
for region in ${AWS_REPLICATION_REGIONS}; do for region in ${AWS_REPLICATION_REGIONS}; do
tag_ami_with_backing_snapshot "${AMI_FOR_REGION[${region}]}" "${region}" tag_ami_with_backing_snapshot "${AMI_FOR_REGION[${region}]}" "${region}"
make_ami_public "${AMI_FOR_REGION[${region}]}" "${region}"
done done
echo -n "{\"${AWS_REGION}\": \"${AMI_FOR_REGION[${AWS_REGION}]}\"" > "${AMI_OUTPUT}" echo -n "{\"${AWS_REGION}\": \"${AMI_FOR_REGION[${AWS_REGION}]}\"" > "${AMI_OUTPUT}"
for region in ${AWS_REPLICATION_REGIONS}; do for region in ${AWS_REPLICATION_REGIONS}; do