feat(packer): switch AMI from Rocky Linux to Amazon Linux 2023 and up… (

#141)
aws-games · Jul 12, 2024 · 334fb24 · 334fb24
1 parent aaff07c
commit 334fb24
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 85 deletions.
diff --git a/assets/packer/perforce/helix-core/p4_configure.sh b/assets/packer/perforce/helix-core/p4_configure.sh
@@ -31,6 +31,30 @@ resolve_aws_secret() {
   echo $result
 }
 
+
+# wait for p4d_1 service
+
+wait_for_service() {
+  local service_name=$1
+  local max_attempts=10
+  local attempt=1
+
+  while [ $attempt -le $max_attempts ]; do
+    log_message "Waiting for $service_name to start... Attempt $attempt of $max_attempts."
+    systemctl is-active --quiet $service_name && break
+    sleep 1
+    ((attempt++))
+  done
+
+  if [ $attempt -gt $max_attempts ]; then
+    log_message "Service $service_name did not start within the expected time."
+    return 1
+  fi
+
+  log_message "Service $service_name started successfully."
+  return 0
+}
+
 # Setup Helix Authentication Extension
 setup_helix_auth() {
   local p4port=$1
@@ -245,7 +269,7 @@ fi
 FILE_PATH="/p4/ssl/config.txt"
 
 # Retrieve the EC2 instance DNS name
-if [-z $7]; then
+if [ -z $7 ]; then
   log_message "FQDN was not provided. Retrieving from EC2 metadata."
   EC2_DNS_NAME=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname --header "X-aws-ec2-metadata-token: $TOKEN")
 else

diff --git a/assets/packer/perforce/helix-core/p4_setup.sh b/assets/packer/perforce/helix-core/p4_setup.sh
@@ -8,17 +8,6 @@ log_message() {
     echo "$(date) - $1" >> $LOG_FILE
 }
 
-# Known things to be fixed:  
-# 1. Add function to validate dirs and files isnsted of calling it multiple times. - DONE
-# 2. Fix variable names 
-# 3. Validate values passed to functions
-# 4. Error handling (distro check) - this works for rhel based with dnf
-# 5. Move hardcoded paths/names to a config file
-# 6. Add a log - DONE
-# 7. Split the script into two: one for p4 copy of necessary files and second to run mkdirs cfg to setup replica. make te second setup also a one timer that mounts basic dirs /hxlogs /hxmetadata /hxdepots - DONE
-# 8. Install s-nail and sendmail from dnf that provides with "mail" command otherwise daily checkpoint script fails. 
-# 9. Add nfs-utils package
-
 # Constants
 ROOT_UID=0
 
@@ -32,32 +21,19 @@ fi
 # Set local variables
 SDP_Root=/hxdepots/sdp/helix_binaries
 SDP=/hxdepots/sdp
-PACKAGE="policycoreutils-python-utils sendmail nfs-utils s-nail" # Required in both
-
-
-# Check if SELinux is enabled, we need to relabel the service post installation otherwise it will not start p4d
-
-SELINUX_STATUS=$(getenforce)
-
-
-
-
-if [ "$SELINUX_STATUS" = "Enforcing" ] || [ "$SELINUX_STATUS" = "Permissive" ]; then
-    log_message "SELinux is enabled."
-    if ! dnf list installed "$PACKAGE" &> /dev/null; then
-        log_message "Package $PACKAGE is not installed. Installing..."
-        sudo dnf install -y $PACKAGE
-        if [ $? -eq 0 ]; then
-            log_message "$PACKAGE installed successfully."
-        else
-            log_message "Failed to install $PACKAGE."
-        fi
+PACKAGE="policycoreutils-python-utils" # Required in both
+
+# Function to check SELinux status
+check_selinux_status() {
+    SELINUX_STATUS=$(getenforce)
+    if [ "$SELINUX_STATUS" = "Enforcing" ] || [ "$SELINUX_STATUS" = "Permissive" ]; then
+        log_message "SELinux is enabled."
+        return 0  # Return 0 for enabled
     else
-        log_message "Package $PACKAGE is already installed."
+        log_message "SELinux is not enabled."
+        return 1  # Return 1 for disabled
     fi
-else
-    log_message "SELinux is not enabled. Skipping package installation."
-fi
+}
 
 # Function to check if a group exists
 group_exists() {
@@ -74,30 +50,24 @@ directory_exists() {
   [ -d "$1" ]
 }
 
-# Function to wait for a service to start
-wait_for_service() {
-  local service_name=$1
-  local max_attempts=10
-  local attempt=1
-
-  while [ $attempt -le $max_attempts ]; do
-    log_message "Waiting for $service_name to start... Attempt $attempt of $max_attempts."
-    systemctl is-active --quiet $service_name && break
-    sleep 1
-    ((attempt++))
-  done
-
-  if [ $attempt -gt $max_attempts ]; then
-    log_message "Service $service_name did not start within the expected time."
-    return 1
-  fi
-
-  log_message "Service $service_name started successfully."
-  return 0
-}
-
 log_message "Installing Perforce"
-# dnf update -y skipping this for now as it prolongs the AMI build and can be called post launch. 
+
+# Check if SELinux is enabled
+if check_selinux_status; then
+    if ! dnf list installed "$PACKAGE" &> /dev/null; then
+        log_message "Package $PACKAGE is not installed. Installing..."
+        sudo dnf install -y $PACKAGE
+        if [ $? -eq 0 ]; then
+            log_message "$PACKAGE installed successfully."
+        else
+            log_message "Failed to install $PACKAGE."
+        fi
+    else
+        log_message "Package $PACKAGE is already installed."
+    fi
+else
+    log_message "SELinux is not enabled. Skipping package installation."
+fi
 
 # Check if group 'perforce' exists, if not, add it
 if ! group_exists perforce; then

diff --git a/assets/packer/perforce/helix-core/perforce.pkr.hcl b/assets/packer/perforce/helix-core/perforce.pkr.hcl
@@ -9,7 +9,7 @@ packer {
 
 locals {
   timestamp = regex_replace(timestamp(), "[- TZ:]", "")
-  ami_prefix = "p4_rocky_linux"
+  ami_prefix = "p4_al2023"
 }
 
 variable "region" {
@@ -37,7 +37,7 @@ variable "ssh_interface" {
   default = "public_ip"
 }
 
-source "amazon-ebs" "rocky" {
+source "amazon-ebs" "al2023" {
   region = var.region
   ami_name      = "${local.ami_prefix}-${local.timestamp}"
   instance_type = "t3.medium"
@@ -50,26 +50,27 @@ source "amazon-ebs" "rocky" {
 
   source_ami_filter {
     filters = {
-      name                = "Rocky-9-EC2-Base-9.2-20230513.0.x86_64*"
+      name                = "al2023-ami-2023.5.*"
+      architecture        = "x86_64"
       root-device-type    = "ebs"
       virtualization-type = "hvm"
     }
     most_recent = true
-    owners      = ["679593333241"]
+    owners      = ["amazon"]
   }
 
-  ssh_username = "rocky"
+  ssh_username = "ec2-user"
 }
 
 build {
   name = "P4_SDP_AWS"
   sources = [
-    "source.amazon-ebs.rocky"
+    "source.amazon-ebs.al2023"
   ]
 
     provisioner "shell" {
       inline = [
-        "sudo dnf install -y git"
+        "sudo dnf install -y git sendmail nfs-utils s-nail unzip cronie"
       ]
     }
 
@@ -80,30 +81,17 @@ build {
 
     provisioner "file" {
       source      = "p4_configure.sh"
-      destination = "/home/rocky/p4_configure.sh"
+      destination = "/tmp/p4_configure.sh"
     }
 
     provisioner "shell" {    
-      inline = ["chmod +x /home/rocky/p4_configure.sh"]
-    }
-
-    # Install Amazon SSM Agent
-    provisioner "shell" {
-      inline = [
-        "sudo dnf install -y https://s3.${var.region}.amazonaws.com/amazon-ssm-${var.region}/latest/linux_amd64/amazon-ssm-agent.rpm",
-        "sudo systemctl enable amazon-ssm-agent"
+      inline = ["mkdir -p /home/ec2-user/gpic_scripts",
+                "sudo mv /tmp/p4_configure.sh /home/ec2-user/gpic_scripts"
       ]
     }
 
-    # Install AWS CLI
-    provisioner "shell" {
-      inline = [
-          <<-EOF
-          sudo dnf install -y unzip
-          curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
-          unzip awscliv2.zip
-          sudo ./aws/install
-          EOF
-      ]
+    provisioner "shell" {    
+      inline = ["sudo chmod +x /home/ec2-user/gpic_scripts/p4_configure.sh"]
     }
+
 }