feat: use ec2 to upload

Author: wphyojpl

tf-module/ds_img_to_ecr/ec2.tf

@@ -0,0 +1,51 @@
+data "aws_iam_instance_profile" "ec2_profile" {
+  name = var.ec2_profile_iam_name
+}
+data "aws_subnet" "ec2_subnet" {
+  id = var.cumulus_subnet_id
+}
+
+resource "aws_instance" "docker_builder" {
+  subnet_id     = data.aws_subnet.ec2_subnet.id
+  security_groups = var.security_group_id
+  ami                    = var.ami_id
+  instance_type          = var.instance_type
+  key_name               = var.key_name
+  associate_public_ip_address = true
+  iam_instance_profile   = data.aws_iam_instance_profile.ec2_profile.name
+
+  user_data = <<-EOF
+    #!/bin/bash
+    set -e
+
+    # Install Docker
+    yum update -y
+    amazon-linux-extras enable docker
+    yum install -y docker
+    service docker start
+    usermod -aG docker ec2-user
+
+    # Install AWS CLI (if not already installed)
+    yum install -y aws-cli
+
+    # Login to ECR
+    aws ecr get-login-password --region ${var.aws_region} | docker login --username AWS --password-stdin ${aws_ecr_repository.repo.repository_url}
+
+    # Pull the AMD64 image
+    docker pull --platform=linux/amd64 ${var.github_image_url}:${var.image_tag}
+
+    # Tag and push the image to ECR
+    docker tag ${var.github_image_url}:${var.image_tag} ${aws_ecr_repository.repo.repository_url}:${var.image_tag}
+    docker push ${aws_ecr_repository.repo.repository_url}:${var.image_tag}
+
+
+    TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`
+    INSTANCE_ID=`curl http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN"`
+    aws ec2 terminate-instances --instance-ids $INSTANCE_ID --region ${var.aws_region}
+  EOF
+
+  tags = {
+    Name = "Docker-Build-Instance"
+  }
+}
+

tf-module/ds_img_to_ecr/ecr1.tf

@@ -24,14 +24,15 @@ output "ecr_repo_url" {
   value = aws_ecr_repository.repo.repository_url
 }
 
-resource "null_resource" "docker_pull_push" {
-  provisioner "local-exec" {
-    command = <<EOT
-      aws ecr get-login-password --region ${var.aws_region} | docker login --username AWS --password-stdin ${aws_ecr_repository.repo.repository_url}
-      docker pull  --platform=linux/amd64 ${var.github_image_url}:${var.image_tag}
-      docker tag ${var.github_image_url}:${var.image_tag} ${aws_ecr_repository.repo.repository_url}:${var.image_tag}
-      docker push ${aws_ecr_repository.repo.repository_url}:${var.image_tag}
-    EOT
-  }
-  depends_on = [aws_ecr_repository.repo]
-}
+# Backup option to upload docker locally. But EC2 may be a more stable option...
+#resource "null_resource" "docker_pull_push" {
+#  provisioner "local-exec" {
+#    command = <<EOT
+#      aws ecr get-login-password --region ${var.aws_region} | docker login --username AWS --password-stdin ${aws_ecr_repository.repo.repository_url}
+#      docker pull  --platform=linux/amd64 ${var.github_image_url}:${var.image_tag}
+#      docker tag ${var.github_image_url}:${var.image_tag} ${aws_ecr_repository.repo.repository_url}:${var.image_tag}
+#      docker push ${aws_ecr_repository.repo.repository_url}:${var.image_tag}
+#    EOT
+#  }
+#  depends_on = [aws_ecr_repository.repo]
+#}

tf-module/ds_img_to_ecr/terraform.tfvars.example

@@ -10,3 +10,11 @@ tags = {
 }
 aws_region = "us-west-2"
 image_tag="9.6.0"
+
+ecr_repo_name = "test4"
+cumulus_lambda_vpc_id = "vpc-xxx"
+cumulus_subnet_id = "subnet-xxx"
+security_group_id = "sg-xxx"
+ami_id = "ami-xxx"
+key_name = "mcp-unity-xxx-1"
+ec2_profile_iam_name = "uds-dev-cumulus_ecs_cluster_profile"

tf-module/ds_img_to_ecr/variables.tf

@@ -23,4 +23,38 @@ variable "ecr_repo_name" {
   description = "The name of the ECR repository"
   default = "unity-data-services"
   type        = string
+}
+
+variable "ami_id" {
+  description = "The AMI ID for the EC2 instance"
+  type        = string
+}
+
+variable "instance_type" {
+  description = "The type of EC2 instance"
+  default = "t3.medium"
+  type        = string
+}
+
+variable "key_name" {
+  description = "The name of the SSH key pair"
+  type        = string
+}
+
+variable "ec2_profile_iam_name" {
+  description = "EC2 Profile IAM name. Note that it is different from uds-sbx-cumulus_ecs_cluster_instance_role. uds-sbx-cumulus_ecs_cluster_profile is the correct name"
+  type = string
+}
+
+variable "security_group_id" {
+  description = "Security Group ID which is setup for ssh connections, https connections, and so on.. "
+  type        = list(string)
+}
+variable "cumulus_lambda_vpc_id" {
+  description = "VPC ID."
+  type = string
+}
+variable "cumulus_subnet_id" {
+  description = "subnet group ID where a new EC2 will be placed"
+  type = string
 }