1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
|
#!/usr/bin/python
#
# Copyright 2009 Canonical Ltd. This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).
"""
Generate an EC2 image that is capable of running the Windmill browser UI
testing tool.
You must provide a base image that will be augmented with the necessary
packages and configuration.
The script requires certain options to be specified in order to function
properly. These options may be supplied using command-line switches, or
via a config file, with the --config command-line switch. The default
config file location is ~/.ec2/ec2bundle.cfg
The config file format simply replicates the required command-line options
as configuration keys.
---- ec2bundle.cfg ---
[DEFAULT]
key = gsg-keypair
identity-file = ~/.ec2/foo-keypair-id_rsa
private-key = ~/.ec2/pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
cert =~/.ec2/cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
user-id = AIDADH4IGTRXXKCD
access-key = SOMEBIGSTRINGOFDIGITS
secret-key = s0m3funKyStr1Ng0fD1gitZ
#bucket = foo # Required, but you probably want to customize it each time.
---- fin ---
"""
__metatype__ = type
# Reuse a whole bunch of code from ec2test.py.
import ConfigParser
import ec2test
import logging
import optparse
import os
import paramiko
import select
import socket
import subprocess
import sys
import time
log = logging.getLogger(__name__)
info = log.info
debug = log.debug
usage = """
Generate an EC2 image for Windmill testing in Firefox.
usage: %prog [options] AMI-ID
"""
class Instance:
"""An EC2 instance controller."""
def __init__(self, instance):
self._instance = instance
@property
def id(self):
return self._instance.id
@property
def hostname(self):
return self._instance.public_dns_name
def stop(self):
instance = self._instance
instance.update()
if instance.state not in ('shutting-down', 'terminated'):
# terminate instance
instance.stop()
instance.update()
info('instance %s\n' % (instance.state,))
def wait_for_instance_to_start(self):
"""Wait for the instance to transition to the "running" state."""
instance = self._instance
info('Instance %s starting..' % instance.id)
start = time.time()
while instance.state == 'pending':
sys.stdout.write('.')
sys.stdout.flush()
time.sleep(5)
instance.update()
if instance.state == 'running':
info('\ninstance now running at %s\n' % instance.public_dns_name)
elapsed = time.time() - start
info('Started in %d minutes %d seconds\n' %
(elapsed // 60, elapsed % 60))
cout = instance.get_console_output()
info(cout.output)
else:
raise RuntimeError('failed to start: %s\n' % instance.state)
@classmethod
def from_image(cls, account, ami_id, instance_type):
"""Return a new instance using the given startup parameters."""
info("Starting instance")
# Set up a security group that opens up ports 22, 80, and 443. Also
# opens up access for our IP.
account.acquire_security_group()
image = account.acquire_image(ami_id)
key = account.name
debug("Image: %s, Type: %s, Key: %s" % (
ami_id, instance_type, key))
reservation = image.run(
key_name=key,
security_groups=[key],
instance_type=instance_type)
instance = cls(reservation.instances[0])
instance.wait_for_instance_to_start()
return instance
@classmethod
def from_running_instance(cls, account, instance_id):
"""Create an object from an already running EC2 instance."""
instance = account.get_instance(instance_id)
if not instance:
raise RuntimeError(
"Unable to connect to instance %s" % instance_id)
info("Connected to instance %s" % instance_id)
proxy = cls(instance)
# Just to be extra safe.
proxy.wait_for_instance_to_start()
return proxy
class SSHConnector:
"""Handle the various aspects of using an SSH connection."""
def __init__(self, hostname, user, identity_file):
self.hostname = hostname
self.user = user
self.identity_file = os.path.expanduser(identity_file)
self._client = None
def get_private_key(self):
"""Generate a private key object for our keyfile"""
fp = os.path.expanduser(self.identity_file)
return paramiko.RSAKey.from_private_key(open(fp))
def connect(self):
info('Waiting for SSH to come available: %s@%s\n' % (
self.user, self.hostname))
debug("Using private key file: %s" % self.identity_file)
private_key = self.get_private_key()
for count in range(10):
self._client = paramiko.SSHClient()
self._client.set_missing_host_key_policy(ec2test.AcceptAllPolicy())
try:
self._client.connect(
self.hostname,
username=self.user,
pkey=private_key,
allow_agent=False,
look_for_keys=False)
except (socket.error, paramiko.AuthenticationException), e:
log.warning('wait_for_connection: %r' % (e,))
if count < 9:
time.sleep(5)
info('retrying...')
else:
raise
else:
break
def exec_command(self, remote_command, check_return=True):
"""Execute a command on the remote server.
Raises an error if the command returns an exit status that is not
zero, unless the option `check_return=False' has been given.
"""
info('Executing command: %s@%s %s\n' % (self.user, self.hostname, remote_command))
session = self._client.get_transport().open_session()
session.exec_command(remote_command)
session.shutdown_write()
# TODO: change this to use the logging module
while True:
select.select([session], [], [], 0.5)
if session.recv_ready():
data = session.recv(4096)
if data:
sys.stdout.write(data)
sys.stdout.flush()
if session.recv_stderr_ready():
data = session.recv_stderr(4096)
if data:
sys.stderr.write(data)
sys.stderr.flush()
if session.exit_status_ready():
break
session.close()
# XXX: JonathanLange 2009-05-31: If the command is killed by a signal
# on the remote server, the SSH protocol does not send an exit_status,
# it instead sends a different message with the number of the signal
# that killed the process. AIUI, this code will fail confusingly if
# that happens.
exit_status = session.recv_exit_status()
if exit_status and check_return:
raise RuntimeError('Command failed: %s' % (remote_command,))
return exit_status
def copy_to_remote(self, local_filename, remote_filename):
cmd = [
'scp',
'-i', self.identity_file,
local_filename,
'%s@%s:%s' % (self.user, self.hostname, remote_filename)
]
info("Executing command: %s" % ' '.join(cmd))
subprocess.check_call(cmd)
def user_command(self):
"""Return a user-friendly ssh command-line string."""
return "ssh -i %s %s@%s" % (
self.identity_file,
self.user,
self.hostname)
class ImageBundler:
"""Bundle an EC2 image on a remote system."""
def __init__(self, private_key, cert, account_id, target_bucket,
access_key, secret_key, ssh):
self.private_key = os.path.expanduser(private_key)
self.cert = os.path.expanduser(cert)
self.account_id = account_id
self.target_bucket = target_bucket
self.access_key = access_key
self.secret_key = secret_key
self.ssh = ssh
# Use the instance /mnt directory by default, because it has a few
# hundred GB of free space to work with.
self._bundle_dir = os.path.join('/mnt', target_bucket)
def bundle_image(self):
self.configure_bundling_environment()
manifest = self._bundle_image()
self._upload_bundle(manifest)
self._register_image(manifest)
def remote_private_keypath(self):
# ALWAYS have these files in /mnt on the remote system. Otherwise
# they will get bundled along with the image.
return os.path.join('/mnt', os.path.basename(self.private_key))
def remote_certpath(self):
# ALWAYS have these files in /mnt on the remote system. Otherwise
# they will get bundled along with the image.
return os.path.join('/mnt', os.path.basename(self.cert))
def configure_bundling_environment(self):
"""Configure what we need on the instance for bundling the image."""
# Send our keypair to the remote environment so that it can be used
# to bundle the image.
local_cert = os.path.abspath(self.cert)
local_pkey = os.path.abspath(self.private_key)
# ALWAYS copy these files into /mnt on the remote system. Otherwise
# they will get bundled along with the image.
remote_cert = self.remote_certpath()
remote_pkey = self.remote_private_keypath()
# See if the files are present, and copy them over if they are not.
self._ensure_remote_file(remote_cert, local_cert)
self._ensure_remote_file(remote_pkey, local_pkey)
def _ensure_remote_file(self, remote_file, desired_file):
info("Checking for '%s' on the remote system" % remote_file)
test = 'test -f %s' % remote_file
exit_status = self.ssh.exec_command(test, check_return=False)
if bool(exit_status):
self.ssh.copy_to_remote(desired_file, remote_file)
def _bundle_image(self):
# Create the bundle in a subdirectory, to avoid spamming up /mnt.
self.ssh.exec_command(
'mkdir %s' % self._bundle_dir, check_return=False)
cmd = [
'ec2-bundle-vol',
'-d %s' % self._bundle_dir,
'-b', # Set batch-mode, which doesn't use prompts.
'-k %s' % self.remote_private_keypath(),
'-c %s' % self.remote_certpath(),
'-u %s' % self.account_id
]
self.ssh.exec_command(' '.join(cmd))
# Assume that the manifest is 'image.manifest.xml', since "image" is
# the default prefix.
manifest = os.path.join(self._bundle_dir, 'image.manifest.xml')
# Best check that the manifest actually exists though.
test = 'test -f %s' % manifest
exit_status = self.ssh.exec_command(test, check_return=False)
if bool(exit_status):
raise RuntimeError(
"Failed to write the image manifest file: %s" % manifest)
return manifest
def _upload_bundle(self, manifest):
cmd = [
'ec2-upload-bundle',
'-b %s' % self.target_bucket,
'-m %s' % manifest,
'-a %s' % self.access_key,
'-s %s' % self.secret_key
]
self.ssh.exec_command(' '.join(cmd))
def _register_image(self, manifest):
# This is invoked locally.
mfilename = os.path.basename(manifest)
manifest_path = os.path.join(self.target_bucket, mfilename)
env = os.environ.copy()
env['JAVA_HOME'] = '/usr/lib/jvm/default-java'
cmd = [
'ec2-register',
'--private-key=%s' % self.private_key,
'--cert=%s' % self.cert,
manifest_path
]
info("Executing command: %s" % ' '.join(cmd))
subprocess.check_call(cmd, env=env)
class XvfbSystemConfigurator:
"""Configure a remote operating system over SSH to use the xvfb server."""
def __init__(self, ssh):
self.ssh = ssh
def configure_system(self):
"""Configure the operating system with the needed packages, etc."""
do = self.ssh.exec_command
# Make sure we know about all the packages, and where they may be
# found.
do("apt-get -y update")
# Install the necessary packages
do("apt-get -y install xvfb firefox xfonts-base")
class CombinedConfigParser:
"""Store and reconcile options for both optparse and ConfigParser."""
def __init__(self, optparser, cfgparser):
self._optparser = optparser
self._cfgparser = cfgparser
# A list of required optparse options.
self.required_options = []
self.known_options = []
# Our parsed positional command-line arguments, as returned by
# optparse.OptionParser.parse_args()
self.args = None
# An optparse option.dest to 'cfg-key' mapping.
self._option_to_cfgkey = {}
self._parsed_cli_options = None
self._parsed_cfg_options = None
def __getattr__(self, name):
return self.get(name)
def add_option(self, *args, **kwds):
"""Wrap the OptionParser.add_option() method, and add our options."""
try:
# We can't pass unknown kwds to make_option, or it will barf.
is_required = kwds.pop('required')
except KeyError:
is_required = False
option = optparse.make_option(*args, **kwds)
self._optparser.add_option(option)
if is_required:
self.add_required_option(option)
self._add_option_to_cfg_mapping(option, args)
def add_required_option(self, option):
"""Add a required option.
Takes an optparse.Option object.
"""
self.required_options.append(option)
def _add_option_to_cfg_mapping(self, option, option_constructor_args):
# Convert the long options into .ini keys. Use the last long option
# given.
for switch in reversed(option_constructor_args):
if switch.startswith('--'):
# We found a '--foo' switch, so use it. Drop the '--',
# because the config file doesn't use the prefixes.
self._option_to_cfgkey[option.dest] = switch[2:]
def error(self, message):
"""Wrap optparse.OptionParser.error()."""
self._optparser.error(message)
def parse_config_file(self, filepath):
fp = os.path.expanduser(filepath)
if not os.path.exists(fp):
self.error("The config file '%s' does not exist!" % fp)
self._cfgparser.read(fp)
self._parsed_cfg_options = self._cfgparser.defaults()
num_opts = len(self._parsed_cfg_options)
debug("Loaded %d options from %s" % (num_opts, fp))
def parse_cli_args(self, argv):
"""Wrap optparse.OptionParser.parse_args()."""
options, args = self._optparser.parse_args(argv)
self._parsed_cli_options = options
self.args = args
return (options, args)
def verify_options(self):
"""Verify that all required options are there.
Raise an optparse.OptionParser.error() if something is missing.
Make sure you parsed the config file with parse_config_file() before
doing this.
"""
debug("Verifying options")
if not self._parsed_cfg_options:
debug("No config file options found")
for option in self.required_options:
# Check for a command-line option.
option_name = option.dest
if self.get(option_name) is None:
self._required_option_error(option)
else:
debug("Found required option: %s" % option_name)
def _required_option_error(self, option):
msg = "Required option '%s' was not given (-h for help)" % str(option)
self.error(msg)
def get(self, name, default=None):
"""Return the appropriate option, CLI first, CFG second."""
cli_name = name
cfg_name = self._option_to_cfgkey.get(name)
value = self._getoption(cli_name)
if value is None and cfg_name is not None:
# No command-line option was supplied, but we do have a config
# file entry with that name.
value = self._getcfg(cfg_name)
if value is None:
# No config file option was supplied either, so return the
# default.
return default
return value
def _getoption(self, key, default=None):
return getattr(self._parsed_cli_options, key, default)
def _getcfg(self, key, default=None):
return self._parsed_cfg_options.get(key, default)
def get_credentials():
"""Return an EC2Credentials object for accessing the webservice."""
# Get the AWS identifier and secret identifier.
return ec2test.EC2Credentials.load_from_file()
def parse_config_file(filepath):
config = ConfigParser.ConfigParser()
config.read(filepath)
return config
def parse_options(argv):
oparser = optparse.OptionParser(usage)
cparser = ConfigParser.SafeConfigParser()
parser = CombinedConfigParser(oparser, cparser)
# What follows are "Required options" - these must be supplied from either
# the command-line, or from a config file.
parser.add_option(
'-k', '--key',
dest="keypair_name",
required=True,
help="The name of the AWS key pair to use for launching instances.")
parser.add_option(
'-K', '--private-key',
dest="private_key",
required=True,
help="The X.509 private keyfile that will be used to sign the new "
"image.")
parser.add_option(
'-C', '--cert',
dest="cert",
required=True,
help="The X.509 certificate that will be used to bundle the new "
"image.")
parser.add_option(
'-i', '--identity-file',
dest='identity_file',
required=True,
help="The location of the RSA private key that SSH will use to "
"connect to the instance.")
parser.add_option(
'-b', '--bucket',
dest="bucket",
required=True,
help="The bucket that the image will be placed into.")
parser.add_option(
'-u', '--user-id',
dest="account_id",
required=True,
help="Your 12 digit AWS account ID")
parser.add_option(
'-a', '--access-key',
dest="access_key",
required=True,
help="Your AWS access key.")
parser.add_option(
'-s', '--secret-key',
dest="secret_key",
required=True,
help="Your AWS secret key.")
# Start our "Optional options."
parser.add_option(
'-v', '--verbose',
action='store_true',
dest='verbose',
default=False,
help="Turn on debug output.")
parser.add_option(
'-t', '--instance-type',
dest="instance_type",
default="m1.large",
help="The type of instance to be launched. Should be the same as "
"the base image's required type. [default: %default]")
parser.add_option(
'-c', '--config',
dest='config',
default="~/.ec2/ec2bundle.cfg",
help="Load script options from the supplied config file. (.ini "
"format, see the module docstring for details.) "
"[default: %default]")
parser.add_option(
'--keepalive',
action='store_true',
dest="keepalive",
default=False,
help="Don't shut down the instance when we are done building (or "
"erroring out).")
parser.add_option(
'--no-bundle',
action='store_true',
dest='no_bundle',
default=False,
help="Don't create a bundle, just start the server and configure the "
"environment.")
parser.add_option(
'--use-instance',
dest='running_instance',
help="Use the supplied EC2 instance ID, instead of starting our own "
"server. The instance will be left running.")
options, args = parser.parse_cli_args(argv)
# Do this ASAP
if options.verbose:
log.setLevel(logging.DEBUG)
if options.config:
parser.parse_config_file(options.config)
# Make sure all the required args are present. Will error-out if
# something is missing.
parser.verify_options()
if len(args) != 2:
parser.error("You must provide an AMI ID that can serve as the new "
"image's base.")
return parser
def main(argv):
config = parse_options(argv)
credentials = get_credentials()
account = credentials.connect(config.keypair_name)
# Save the flag so we can change it. This is how we enforce shutdown
# policies.
keepalive = config.keepalive
if config.running_instance:
# We want to keep the server alive if the user supplied their own
# instance. Killing it without their consent would be cruel.
keepalive = True
ssh_user_command = None
try:
try:
instance = None
if config.running_instance:
# Connect to an already running instance.
instance = Instance.from_running_instance(
account, config.running_instance)
else:
# Run an instance for our base image.
instance = Instance.from_image(
account, config.args[1], config.instance_type)
ssh = SSHConnector(
instance.hostname, 'root', config.identity_file)
ssh.connect()
ssh_user_command = ssh.user_command()
system_configurator = XvfbSystemConfigurator(ssh)
system_configurator.configure_system()
if not config.no_bundle:
bundler = ImageBundler(
config.private_key,
config.cert,
config.account_id,
config.bucket,
config.access_key,
config.secret_key,
ssh)
bundler.bundle_image()
except:
# Log the exception now so it doesn't interfere with or get eaten
# by the instance shutdown.
log.exception("Oops!")
finally:
if keepalive:
log.warning("instance %s is now running on its own" % instance.id)
if ssh_user_command:
info("You may now ssh into the instance using the following command:")
info(" $ %s" % ssh_user_command)
log.warning("Remember to shut the instance down when you are done!")
else:
instance.stop()
if __name__ == '__main__':
logging.basicConfig()
main(sys.argv)
|