cloudfoundry/bosh-aws-light-stemcell-builder

Name: bosh-aws-light-stemcell-builder

Owner: Cloud Foundry

Description: Builds light stemcells for AWS from a "full" bosh stemcell

Created: 2015-11-24 00:50:20.0

Updated: 2018-05-23 23:55:42.0

Pushed: 2018-05-24 03:25:20.0

Homepage: null

Size: 16557

Language: Go

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

Light Stemcell Builder for AWS

This tool takes a raw machine image and a configuration file and creates a collection of AMIs. Any AWS region including China is supported.

AWS Setup for Publishing
  1. Create an S3 bucket for intermediate artifacts (e.g. light-stemcells-for-project-XXX)
  2. Create an AWS IAM policy based on the JSON contained in builder-policy.json
  3. Replace the bucket placeholder in your policy with the bucket created in step 1
    esource": [
 "arn:aws:s3:::<disk-image-file-bucket>",
 "arn:aws:s3:::<disk-image-file-bucket>/*"
 "arn:aws:s3:::light-stemcells-for-project-XXX",
 "arn:aws:s3:::light-stemcells-for-project-XXX/*"
    Note: The arn for AWS GovCloud region is aws-us-gov. It looks like this: "arn:aws-us-gov:s3:::<disk-image-file-bucket>"
  4. Create an AWS IAM user and attach the policy created in steps 2, 3.
  5. Create the vmimport AWS role as detailed here, specifying the previously created bucket in place of <disk-image-file-bucket>; see example IAM policy.
  6. Replicate these steps in a separate AWS China account if publishing to China.
IAM User Setup for Integration Testing
  1. Follow steps in “AWS Setup for Publishing”
  2. Create an IAM policy based on the JSON contained in integration-test-policy.json
  3. Attach the policy you created in step 2 to the existing publishing user
Testing

Unit testing:

go -r --skipPackage driver,integration
Example Usage

Example config:


mi_configuration": {
"description":          "Your description here",
"virtualization_type":  "hvm",
"visibility":           "public"

mi_regions": [
{
  "name":               "us-east-1",
  "credentials": {
    "access_key":       "US_ACCESS_KEY_ID",
    "secret_key":       "US_ACCESS_SECRET_KEY"
  },
  "bucket_name":        "US_BUCKET_NAME",
  "destinations":       ["us-west-1", "us-west-2"]
},
{
  "name":               "cn-north-1",
  "credentials": {
    "access_key":       "CN_ACCESS_KEY_ID",
    "secret_key":       "CN_ACCESS_SECRET_KEY"
  },
  "bucket_name":        "CN_BUCKET_NAME"
}

Usage:

ght-stemcell-builder -c config.json --image root.img --manifest stemcell.MF > updated-stemcell.MF

Example Output:

: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
ion: "3202"
_protocol: "1"
: f0c10bb5e8b7fee9c29db15bbb4ae481e398eab6
ating_system: ubuntu-trusty
cell_formats:
s-light
d_properties:
i:
cn-north-1: ami-69ae6504
us-east-1: ami-e62f158c
us-west-1: ami-947e0df4
us-west-2: ami-54328238
Troubleshooting

If the vmimport role is not present, you will receive this error from the light stemcell builder:

Error publishing AMIs to us-east-1: creating snapshot: creating import snapshot task: InvalidParameter: The sevice role does not exist or does not have sufficient permissions for the service to continue

status code: 400, request id:
This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.