osbuildexecutor: add aws.ec2 executor

This executor spins up an instance which can only contact the host, and uses the osbuild-jobsite manager & builder to invoke osbuild.
2024-01-26 20:26:37 +01:00 · 2024-01-26 20:26:37 +01:00 · e7cadb16af
commit e7cadb16af
parent a2fb1bfc61
4 changed files with 103 additions and 2 deletions
--- a/cmd/osbuild-worker/config.go
+++ b/cmd/osbuild-worker/config.go
@ -72,7 +72,8 @@ type pulpConfig struct {
 }

 type executorConfig struct {
-	Type string `toml:"type"`
+	Type       string `toml:"type"`
+	IAMProfile string `toml:"iam_profile"`
 }

 type workerConfig struct {
--- a/cmd/osbuild-worker/jobimpl-osbuild.go
+++ b/cmd/osbuild-worker/jobimpl-osbuild.go
@ -487,6 +487,8 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error {
 	switch impl.OSBuildExecutor.Type {
 	case "host":
 		executor = osbuildexecutor.NewHostExecutor()
+	case "aws.ec2":
+		executor = osbuildexecutor.NewAWSEC2Executor(impl.OSBuildExecutor.IAMProfile)
 	default:
 		osbuildJobResult.JobError = clienterrors.WorkerClientError(clienterrors.ErrorInvalidConfig, "No osbuild executor defined", nil)
 		return err
--- a/cmd/osbuild-worker/main.go
+++ b/cmd/osbuild-worker/main.go
@ -474,7 +474,8 @@ func main() {
 			Store:  store,
 			Output: output,
 			OSBuildExecutor: ExecutorConfiguration{
-				Type: config.OSBuildExecutor.Type,
+				Type:       config.OSBuildExecutor.Type,
+				IAMProfile: config.OSBuildExecutor.IAMProfile,
 			},
 			KojiServers: kojiServers,
 			GCPConfig:   gcpConfig,
--- a/internal/osbuildexecutor/runner-impl-aws-ec2.go
+++ b/internal/osbuildexecutor/runner-impl-aws-ec2.go
@ -0,0 +1,97 @@
+package osbuildexecutor
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"os/exec"
+
+	"github.com/osbuild/images/pkg/osbuild"
+	"github.com/sirupsen/logrus"
+
+	"github.com/osbuild/osbuild-composer/internal/cloud/awscloud"
+)
+
+type awsEC2Executor struct {
+	iamProfile string
+}
+
+func (ec2e *awsEC2Executor) RunOSBuild(manifest []byte, store, outputDirectory string, exports, exportPaths, checkpoints,
+	extraEnv []string, result bool, errorWriter io.Writer) (*osbuild.Result, error) {
+	region, err := awscloud.RegionFromInstanceMetadata()
+	if err != nil {
+		return nil, err
+	}
+
+	aws, err := awscloud.NewDefault(region)
+	if err != nil {
+		return nil, err
+	}
+
+	si, err := aws.RunSecureInstance(ec2e.iamProfile)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		err := aws.TerminateSecureInstance(si)
+		if err != nil {
+			logrus.Errorf("Error terminating secure instance: %v", err)
+		}
+	}()
+
+	logrus.Info("Spinning up jobsite manager")
+	args := []string{
+		"--builder-host",
+		*si.Instance.PrivateIpAddress,
+	}
+
+	for _, exp := range exports {
+		args = append(args, "--export", exp)
+	}
+	for _, exp := range exportPaths {
+		args = append(args, "--export-file", exp)
+	}
+	for _, env := range extraEnv {
+		args = append(args, "--environment", env)
+	}
+	args = append(args, "--output", outputDirectory)
+
+	cmd := exec.Command(
+		"/usr/libexec/osbuild-composer/osbuild-jobsite-manager",
+		args...,
+	)
+
+	stdout := &bytes.Buffer{}
+	stderr := &bytes.Buffer{}
+	cmd.Stdout = stdout
+	cmd.Stderr = stderr
+
+	err = cmd.Start()
+	if err != nil {
+		logrus.Errorf("Starting osbuild-jobsite-manager failed: %v", err)
+		return nil, err
+	}
+	err = cmd.Wait()
+	if err != nil {
+		logrus.Errorf("Waiting for osbuild-jobsite-manager failed: %v", err)
+		if e, ok := err.(*exec.ExitError); ok {
+			logrus.Errorf("Exit code: %d", e.ExitCode())
+		}
+		logrus.Errorf("StdErr :%s", stderr.String())
+		return nil, err
+	}
+
+	var osbuildResult osbuild.Result
+	err = json.Unmarshal(stdout.Bytes(), &osbuildResult)
+	if err != nil {
+		logrus.Errorf("Unable to unmarshal stdout into osbuild result: %v", stdout.String())
+		return nil, err
+	}
+	return &osbuildResult, nil
+}
+
+func NewAWSEC2Executor(iamProfile string) Executor {
+	return &awsEC2Executor{
+		iamProfile,
+	}
+}