1 files changed, 134 insertions, 0 deletions

diff --git a/playbooks/aws/openshift-cluster/build_ami.yml b/playbooks/aws/openshift-cluster/build_ami.yml
new file mode 100644
index 000000000..fa708ffa1
--- /dev/null
+++ b/playbooks/aws/openshift-cluster/build_ami.yml
@@ -0,0 +1,134 @@
+---
+- hosts: localhost
+  connection: local
+  gather_facts: no
+  tasks:
+  - name: get the necessary vars for ami building
+    include_vars: vars.yml
+
+  - name: create a vpc with the name <clusterid>
+    include_role:
+      name: openshift_aws_vpc
+    vars:
+      r_openshift_aws_vpc_clusterid: "{{ provision.clusterid }}"
+      r_openshift_aws_vpc_cidr: "{{ provision.vpc.cidr }}"
+      r_openshift_aws_vpc_subnets: "{{ provision.vpc.subnets }}"
+      r_openshift_aws_vpc_region: "{{ provision.region }}"
+      r_openshift_aws_vpc_tags: "{{ provision.vpc.tags }}"
+      r_openshift_aws_vpc_name: "{{ provision.vpc.name | default(provision.clusterid) }}"
+
+  - name: create aws ssh keypair
+    include_role:
+      name: openshift_aws_ssh_keys
+    vars:
+      r_openshift_aws_ssh_keys_users: "{{ provision.instance_users }}"
+      r_openshift_aws_ssh_keys_region: "{{ provision.region }}"
+
+  - name: fetch the default subnet id
+    ec2_vpc_subnet_facts:
+      region: "{{ provision.region }}"
+      filters:
+        "tag:Name": "{{ provision.vpc.subnets[provision.region][0].az }}"
+    register: subnetout
+
+  - name: create instance for ami creation
+    ec2:
+      assign_public_ip: yes
+      region: "{{ provision.region }}"
+      key_name: "{{ provision.node_group_config.ssh_key_name }}"
+      group: "{{ provision.clusterid }}"
+      instance_type: m4.xlarge
+      vpc_subnet_id: "{{ subnetout.subnets[0].id }}"
+      image: "{{ provision.build.base_image }}"
+      volumes:
+      - device_name: /dev/sdb
+        volume_type: gp2
+        volume_size: 100
+        delete_on_termination: true
+      wait: yes
+      exact_count: 1
+      count_tag:
+        Name: ami_base
+      instance_tags:
+        Name: ami_base
+    register: amibase
+
+  - name: wait for ssh to become available
+    wait_for:
+      port: 22
+      host: "{{ amibase.tagged_instances.0.public_ip }}"
+      timeout: 300
+      search_regex: OpenSSH
+
+  - name: add host to group
+    add_host:
+      name: "{{ amibase.tagged_instances.0.public_dns_name }}"
+      groups: amibase
+
+- hosts: amibase
+  remote_user: root
+  tasks:
+  - name: included required variables
+    include_vars: vars.yml
+
+  - name: run openshift image preparation
+    include_role:
+      name: openshift_ami_prep
+    vars:
+      r_openshift_ami_prep_yum_repositories: "{{ provision.build.yum_repositories }}"
+      r_openshift_ami_prep_node: atomic-openshift-node
+      r_openshift_ami_prep_master: atomic-openshift-master
+
+- hosts: localhost
+  connection: local
+  become: no
+  tasks:
+  - name: bundle ami
+    ec2_ami:
+      instance_id: "{{ amibase.tagged_instances.0.id }}"
+      region: "{{ provision.region }}"
+      state: present
+      description: "This was provisioned {{ ansible_date_time.iso8601 }}"
+      name: "{{ provision.build.ami_name }}{{ lookup('pipe', 'date +%Y%m%d%H%M')}}"
+      wait: yes
+    register: amioutput
+
+  - debug: var=amioutput
+
+  - when: provision.build.use_encryption | default(False)
+    block:
+    - name: setup kms key for encryption
+      include_role:
+        name: openshift_aws_iam_kms
+      vars:
+        r_openshift_aws_iam_kms_region: "{{ provision.region }}"
+        r_openshift_aws_iam_kms_alias: "alias/{{ provision.clusterid }}_kms"
+
+    - name: augment the encrypted ami tags with source-ami
+      set_fact:
+        source_tag:
+          source-ami: "{{ amioutput.image_id }}"
+
+    - name: copy the ami for encrypted disks
+      include_role:
+        name: openshift_aws_ami_copy
+      vars:
+        r_openshift_aws_ami_copy_region: "{{ provision.region }}"
+        r_openshift_aws_ami_copy_name: "{{ provision.build.ami_name }}{{ lookup('pipe', 'date +%Y%m%d%H%M')}}-encrypted"
+        r_openshift_aws_ami_copy_src_ami: "{{ amioutput.image_id }}"
+        r_openshift_aws_ami_copy_kms_alias: "alias/{{ provision.clusterid }}_kms"
+        r_openshift_aws_ami_copy_tags: "{{ source_tag | combine(provision.build.openshift_ami_tags) }}"
+        r_openshift_aws_ami_copy_encrypt: "{{ provision.build.use_encryption }}"
+        # this option currently fails due to boto waiters
+        # when supported this need to be reapplied
+        #r_openshift_aws_ami_copy_wait: True
+
+    - name: Display newly created encrypted ami id
+      debug:
+        msg: "{{ r_openshift_aws_ami_copy_retval_custom_ami }}"
+
+  - name: terminate temporary instance
+    ec2:
+      state: absent
+      region: "{{ provision.region }}"
+      instance_ids: "{{ amibase.tagged_instances.0.id }}"