From ae386a5b23c69e23f867ec2d3e46298bd663b919 Mon Sep 17 00:00:00 2001 From: Roman Tkachenko Date: Fri, 20 Jan 2023 00:43:48 -0800 Subject: [PATCH] Update AMI IDs for 11.2.2 (#20466) Co-authored-by: Steven Martin --- assets/aws/Makefile | 17 +-- assets/aws/update-ami-ids.sh | 84 +++++---------- examples/aws/terraform/AMIS.md | 102 +++++++++--------- .../terraform/ha-autoscale-cluster/README.md | 2 +- .../aws/terraform/starter-cluster/README.md | 2 +- 5 files changed, 86 insertions(+), 121 deletions(-) diff --git a/assets/aws/Makefile b/assets/aws/Makefile index e36c26f9031..c748cefdf23 100644 --- a/assets/aws/Makefile +++ b/assets/aws/Makefile @@ -14,7 +14,7 @@ AWS_REGION ?= us-west-2 # This must be a _released_ version of Teleport, i.e. one which has binaries # available for download on https://gravitational.com/teleport/download # Unreleased versions will fail to build. -TELEPORT_VERSION ?= 11.2.1 +TELEPORT_VERSION ?= 11.2.2 # Teleport UID is the UID of a non-privileged 'teleport' user TELEPORT_UID ?= 1007 @@ -114,28 +114,21 @@ check-vars: echo "TELEPORT_VERSION is not set"; exit 1; \ fi; -.PHONY: update-ami-ids-cloudformation -update-ami-ids-cloudformation: - @echo -e "\nUpdating OSS Cloudformation image IDs" - ./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -m cloudformation -t oss -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION) - @echo -e "\nUpdating Enterprise Cloudformation image IDs" - ./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -m cloudformation -t ent -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION) - .PHONY: update-ami-ids-terraform update-ami-ids-terraform: @echo -e "\nUpdating OSS Terraform image IDs" - ./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -m terraform -t oss -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION) + ./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -t oss -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION) @echo -e "\nUpdating Enterprise Terraform image IDs" - ./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -m terraform -t ent -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION) + ./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -t ent -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION) @echo -e "\nUpdating Enterprise FIPS Terraform image IDs" - ./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -m terraform -t ent-fips -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION) + ./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -t ent-fips -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION) # you will need the Github 'gh' CLI installed and working to be able to use this target # https://github.com/cli/cli/releases/latest AUTO_BRANCH_NAME := "ami-auto-branch-$(shell date +%s)" MAKEFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST))) .PHONY: create-update-pr -create-update-pr: update-ami-ids-cloudformation update-ami-ids-terraform +create-update-pr: update-ami-ids-terraform @echo "Creating PR for updates" sed -i -E "s/^TELEPORT_VERSION \?= [0-9.]+$$/TELEPORT_VERSION ?= $(TELEPORT_VERSION)/g" $(MAKEFILE_PATH) git add -A ../../examples/aws $(shell pwd) diff --git a/assets/aws/update-ami-ids.sh b/assets/aws/update-ami-ids.sh index 78337b58b7f..70d285c3024 100755 --- a/assets/aws/update-ami-ids.sh +++ b/assets/aws/update-ami-ids.sh @@ -8,16 +8,12 @@ set -euo pipefail # -- (something like "export PATH=/usr/local/opt/findutils/libexec/gnubin:$PATH") # shellcheck disable=SC2086 -usage() { echo "Usage: $(basename $0) [-a ] [-m ] [-t ] [-r ] [-v version]" 1>&2; exit 1; } -while getopts ":a:m:t:r:v:" o; do +usage() { echo "Usage: $(basename $0) [-a ] [-t ] [-r ] [-v version]" 1>&2; exit 1; } +while getopts ":a:t:r:v:" o; do case "${o}" in a) a=${OPTARG} ;; - m) - m=${OPTARG} - if [[ ${m} != "cloudformation" && ${m} != "terraform" ]]; then usage; fi - ;; r) r=${OPTARG} ;; @@ -35,14 +31,12 @@ while getopts ":a:m:t:r:v:" o; do done shift $((OPTIND-1)) -if [ -z "${a}" ] || [ -z "${m}" ] || [ -z "${r}" ] || [ -z "${t}" ] || [ -z "${v}" ]; then +if [ -z "${a}" ] || [ -z "${r}" ] || [ -z "${t}" ] || [ -z "${v}" ]; then usage fi # account ID that owns the public images AWS_ACCOUNT_ID=${a} -# mode to run in (either 'cloudformation' or 'terraform') -MODE=${m} # comma-separated list of regions to get and update AMI IDs for REGIONS=${r} # Teleport AMI type (one of 'oss', 'ent' or 'ent-fips') @@ -78,51 +72,29 @@ for REGION in ${REGIONS//,/ }; do IMAGE_IDS[${REGION}]=${IMAGE_ID} done -if [[ "${MODE}" == "cloudformation" ]]; then - if [[ "${TYPE}" == "oss" ]]; then - CLOUDFORMATION_PATH=../../examples/aws/cloudformation/oss.yaml - elif [[ "${TYPE}" == "ent" ]]; then - CLOUDFORMATION_PATH=../../examples/aws/cloudformation/ent.yaml - elif [[ "${TYPE}" == "ent-fips" ]]; then - # Enterprise FIPS deployments using Cloudformation are not currently - # supported, pending an update to the Cloudformation scripts. - echo "Enterprise FIPS mode is not supported for Cloudformation" - exit 4 - fi - # replace AMI ID in place - for REGION in ${REGIONS//,/ }; do - OLD_AMI_ID=$(grep "${REGION}" "${CLOUDFORMATION_PATH}" | sed -n -E "s/$REGION: \{HVM64 : (ami.*)\}/\1/p" | tr -d " ") - NEW_AMI_ID=${IMAGE_IDS[$REGION]} - sed -i -E "s/$REGION: \{HVM64 : ami(.*)\}$/$REGION: \{HVM64 : $NEW_AMI_ID\}/g" ${CLOUDFORMATION_PATH} - echo "[${TYPE}: ${REGION}] ${OLD_AMI_ID} -> ${NEW_AMI_ID}" - done - # update version number - sed -i -E "s/# All AMIs from AWS - gravitational-teleport-ami-(.*)/# All AMIs from AWS - gravitational-teleport-ami-${TYPE}-${VERSION}/g" ${CLOUDFORMATION_PATH} -elif [[ "${MODE}" == "terraform" ]]; then - TERRAFORM_SUBDIR="../../examples/aws/terraform" - TERRAFORM_PATH="${TERRAFORM_SUBDIR}/AMIS.md" - # get a list of non-hidden directories one level under the terraform directory (one for each of our different terraform modes) - pushd ${TERRAFORM_SUBDIR} - TERRAFORM_MODES="$(find . -mindepth 1 -maxdepth 1 -type d -not -path '*/\.*' -printf '%P\n' | xargs)" - popd - if [[ "${TYPE}" == "oss" ]]; then - TYPE_STRING="OSS" - elif [[ "${TYPE}" == "ent" ]]; then - TYPE_STRING="Enterprise" - elif [[ "${TYPE}" == "ent-fips" ]]; then - TYPE_STRING="Enterprise FIPS" - fi - # change version numbers in TF_VAR_ami_name strings - # shellcheck disable=SC2086 - for MODE in ${TERRAFORM_MODES}; do - echo "Updating version in README for ${MODE}" - sed -i -E "s/gravitational-teleport-ami-${TYPE}-([0-9.]+)/gravitational-teleport-ami-${TYPE}-${VERSION}/g" "${TERRAFORM_SUBDIR}/${MODE}/README.md" - done - # replace AMI ID in place - for REGION in ${REGIONS//,/ }; do - OLD_AMI_ID=$(grep -E "# $REGION v(.*) ${TYPE_STRING}" $TERRAFORM_PATH | sed -n -E "s/# $REGION v(.*) ${TYPE_STRING}: (ami.*)/\2/p" | tr -d " ") - NEW_AMI_ID=${IMAGE_IDS[$REGION]} - sed -i -E "s/^# $REGION v(.*) ${TYPE_STRING}: ami(.*)$/# $REGION v${VERSION} ${TYPE_STRING}: $NEW_AMI_ID/g" ${TERRAFORM_PATH} - echo "[${TYPE}: ${REGION}] ${OLD_AMI_ID} -> ${NEW_AMI_ID}" - done +TERRAFORM_SUBDIR="../../examples/aws/terraform" +TERRAFORM_PATH="${TERRAFORM_SUBDIR}/AMIS.md" +# get a list of non-hidden directories one level under the terraform directory (one for each of our different terraform modes) +pushd ${TERRAFORM_SUBDIR} +TERRAFORM_MODES="$(find . -mindepth 1 -maxdepth 1 -type d -not -path '*/\.*' -printf '%P\n' | xargs)" +popd +if [[ "${TYPE}" == "oss" ]]; then + TYPE_STRING="OSS" +elif [[ "${TYPE}" == "ent" ]]; then + TYPE_STRING="Enterprise" +elif [[ "${TYPE}" == "ent-fips" ]]; then + TYPE_STRING="Enterprise FIPS" fi +# change version numbers in TF_VAR_ami_name strings +# shellcheck disable=SC2086 +for MODE in ${TERRAFORM_MODES}; do + echo "Updating version in README for ${MODE}" + sed -i -E "s/gravitational-teleport-ami-${TYPE}-([0-9.]+)/gravitational-teleport-ami-${TYPE}-${VERSION}/g" "${TERRAFORM_SUBDIR}/${MODE}/README.md" +done +# replace AMI ID in place +for REGION in ${REGIONS//,/ }; do + OLD_AMI_ID=$(grep -E "# $REGION v(.*) ${TYPE_STRING}" $TERRAFORM_PATH | sed -n -E "s/# $REGION v(.*) ${TYPE_STRING}: (ami.*)/\2/p" | tr -d " ") + NEW_AMI_ID=${IMAGE_IDS[$REGION]} + sed -i -E "s/^# $REGION v(.*) ${TYPE_STRING}: ami(.*)$/# $REGION v${VERSION} ${TYPE_STRING}: $NEW_AMI_ID/g" ${TERRAFORM_PATH} + echo "[${TYPE}: ${REGION}] ${OLD_AMI_ID} -> ${NEW_AMI_ID}" +done diff --git a/examples/aws/terraform/AMIS.md b/examples/aws/terraform/AMIS.md index de1185a9bd3..afdf1a4c247 100644 --- a/examples/aws/terraform/AMIS.md +++ b/examples/aws/terraform/AMIS.md @@ -6,65 +6,65 @@ is updated when new AMI versions are released. ### OSS ``` -# eu-north-1 v11.2.1 OSS: ami-0aa32448011d21daa -# ap-south-1 v11.2.1 OSS: ami-0b5af9873fbbc0d5b -# eu-west-1 v11.2.1 OSS: ami-060d6a9b73715ccae -# eu-west-2 v11.2.1 OSS: ami-0fbe8cb2438e8f894 -# eu-west-3 v11.2.1 OSS: ami-0ab0b9ccc2bca36dd -# ap-northeast-1 v11.2.1 OSS: ami-071c7ecd75607a0c1 -# ap-northeast-2 v11.2.1 OSS: ami-0265b754f6e49372c -# ap-northeast-3 v11.2.1 OSS: ami-06421346bad9886c8 -# sa-east-1 v11.2.1 OSS: ami-0b06afcf0fade127e -# ca-central-1 v11.2.1 OSS: ami-0c0dbaf70a80ac000 -# ap-southeast-1 v11.2.1 OSS: ami-068b8888580d6f4d9 -# ap-southeast-2 v11.2.1 OSS: ami-0c869ece8772db4ea -# eu-central-1 v11.2.1 OSS: ami-00a7e481b0640d69a -# us-east-1 v11.2.1 OSS: ami-07e4b9bc8c835b6e3 -# us-east-2 v11.2.1 OSS: ami-0c172ff8752585ce0 -# us-west-1 v11.2.1 OSS: ami-059c8e8146896d814 -# us-west-2 v11.2.1 OSS: ami-01df09166f7b4c020 +# eu-north-1 v11.2.2 OSS: ami-0c851105c3986f7f1 +# ap-south-1 v11.2.2 OSS: ami-09de33c07393c1a7a +# eu-west-1 v11.2.2 OSS: ami-06815d0a95ca7cf06 +# eu-west-2 v11.2.2 OSS: ami-0ad0cf8b038218e97 +# eu-west-3 v11.2.2 OSS: ami-008e4686033ef0d48 +# ap-northeast-1 v11.2.2 OSS: ami-0c6f43f172911a009 +# ap-northeast-2 v11.2.2 OSS: ami-06e832811e86939d5 +# ap-northeast-3 v11.2.2 OSS: ami-072c7e5772c34a2c4 +# sa-east-1 v11.2.2 OSS: ami-07685856e94535bc4 +# ca-central-1 v11.2.2 OSS: ami-074d078b49c9afcf6 +# ap-southeast-1 v11.2.2 OSS: ami-0d6474f832328f797 +# ap-southeast-2 v11.2.2 OSS: ami-08a1eea1b2acefa43 +# eu-central-1 v11.2.2 OSS: ami-0bb7d39643a56be29 +# us-east-1 v11.2.2 OSS: ami-070433cdf086d4b1d +# us-east-2 v11.2.2 OSS: ami-0080b94ee03a340d3 +# us-west-1 v11.2.2 OSS: ami-031145356b7abb6e3 +# us-west-2 v11.2.2 OSS: ami-04c8949ca8ecde91e ``` ### Enterprise ``` -# eu-north-1 v11.2.1 Enterprise: ami-092a894a9f62e06dc -# ap-south-1 v11.2.1 Enterprise: ami-0f853fa8cd84627df -# eu-west-1 v11.2.1 Enterprise: ami-03b4ce8d90639774d -# eu-west-2 v11.2.1 Enterprise: ami-08d415ccb902c56d4 -# eu-west-3 v11.2.1 Enterprise: ami-0f1a3a8ceeca3ebdd -# ap-northeast-1 v11.2.1 Enterprise: ami-08659c5f6cbb49edd -# ap-northeast-2 v11.2.1 Enterprise: ami-07d7a9f750de06647 -# ap-northeast-3 v11.2.1 Enterprise: ami-0e98cdb93fb308b21 -# sa-east-1 v11.2.1 Enterprise: ami-0c8479b62ba6ee0d7 -# ca-central-1 v11.2.1 Enterprise: ami-0c2f0f53673145c85 -# ap-southeast-1 v11.2.1 Enterprise: ami-0c3ae9c57460a4336 -# ap-southeast-2 v11.2.1 Enterprise: ami-0e35f53977c167189 -# eu-central-1 v11.2.1 Enterprise: ami-0f343ecb19c6bf618 -# us-east-1 v11.2.1 Enterprise: ami-01d77bebfb9dcfc9e -# us-east-2 v11.2.1 Enterprise: ami-0d546a6aadae15be1 -# us-west-1 v11.2.1 Enterprise: ami-05b43c3d227ff3c6d -# us-west-2 v11.2.1 Enterprise: ami-044435dae6a21d224 +# eu-north-1 v11.2.2 Enterprise: ami-0c21260b9253591e6 +# ap-south-1 v11.2.2 Enterprise: ami-087f13674211acdf7 +# eu-west-1 v11.2.2 Enterprise: ami-083708e9ecb365def +# eu-west-2 v11.2.2 Enterprise: ami-09423301c4a887606 +# eu-west-3 v11.2.2 Enterprise: ami-0bacec7537eb510b4 +# ap-northeast-1 v11.2.2 Enterprise: ami-043801c478eb7f053 +# ap-northeast-2 v11.2.2 Enterprise: ami-04f4d59aa925fbeeb +# ap-northeast-3 v11.2.2 Enterprise: ami-0f425dca3400e3803 +# sa-east-1 v11.2.2 Enterprise: ami-0c6d5566f50628cb6 +# ca-central-1 v11.2.2 Enterprise: ami-02d74c8e9cf13c513 +# ap-southeast-1 v11.2.2 Enterprise: ami-093e37cb80b7cf9de +# ap-southeast-2 v11.2.2 Enterprise: ami-026c482d589c45c55 +# eu-central-1 v11.2.2 Enterprise: ami-0ea403e9f620ce056 +# us-east-1 v11.2.2 Enterprise: ami-0be0118d5c4e1f57a +# us-east-2 v11.2.2 Enterprise: ami-0b96cfec26b745059 +# us-west-1 v11.2.2 Enterprise: ami-08a46487728892243 +# us-west-2 v11.2.2 Enterprise: ami-065f25af33b828b17 ``` ### Enterprise FIPS ``` -# eu-north-1 v11.2.1 Enterprise FIPS: ami-00b8b982d59e2df89 -# ap-south-1 v11.2.1 Enterprise FIPS: ami-0f8bbe3441169c942 -# eu-west-1 v11.2.1 Enterprise FIPS: ami-0fdcb8cfe8a558951 -# eu-west-2 v11.2.1 Enterprise FIPS: ami-0fc471582ebfe6e7d -# eu-west-3 v11.2.1 Enterprise FIPS: ami-028e581bc09203025 -# ap-northeast-1 v11.2.1 Enterprise FIPS: ami-04077addf7f9d3ecd -# ap-northeast-2 v11.2.1 Enterprise FIPS: ami-0142b3fde19937afe -# ap-northeast-3 v11.2.1 Enterprise FIPS: ami-067f76f0c700ccc1a -# sa-east-1 v11.2.1 Enterprise FIPS: ami-01478e374c52db331 -# ca-central-1 v11.2.1 Enterprise FIPS: ami-08232f88951493140 -# ap-southeast-1 v11.2.1 Enterprise FIPS: ami-00c2e36bb4144e7b2 -# ap-southeast-2 v11.2.1 Enterprise FIPS: ami-0eae042c38cdf1582 -# eu-central-1 v11.2.1 Enterprise FIPS: ami-0c8853e6dc2baa0fb -# us-east-1 v11.2.1 Enterprise FIPS: ami-0183d527cedfa27b0 -# us-east-2 v11.2.1 Enterprise FIPS: ami-0aaa5ad01061a9ae3 -# us-west-1 v11.2.1 Enterprise FIPS: ami-0e22e2a7c7d421bf1 -# us-west-2 v11.2.1 Enterprise FIPS: ami-001176d919af8552a +# eu-north-1 v11.2.2 Enterprise FIPS: ami-02e0bd3579c79eafe +# ap-south-1 v11.2.2 Enterprise FIPS: ami-0eaa2e192b76c624b +# eu-west-1 v11.2.2 Enterprise FIPS: ami-07a6ef1d17c56d853 +# eu-west-2 v11.2.2 Enterprise FIPS: ami-06dd9b84f0ec249d9 +# eu-west-3 v11.2.2 Enterprise FIPS: ami-053b818996abee59f +# ap-northeast-1 v11.2.2 Enterprise FIPS: ami-0903966e3575d5053 +# ap-northeast-2 v11.2.2 Enterprise FIPS: ami-03118497c54092dbf +# ap-northeast-3 v11.2.2 Enterprise FIPS: ami-0c8c7bea9a9651086 +# sa-east-1 v11.2.2 Enterprise FIPS: ami-07ba02a04b8c4f23f +# ca-central-1 v11.2.2 Enterprise FIPS: ami-089a696a015a53bf5 +# ap-southeast-1 v11.2.2 Enterprise FIPS: ami-0bc1c4ad0b0c60a65 +# ap-southeast-2 v11.2.2 Enterprise FIPS: ami-0cc4f3da550543d9a +# eu-central-1 v11.2.2 Enterprise FIPS: ami-0ae8df49711d11a33 +# us-east-1 v11.2.2 Enterprise FIPS: ami-07dcfa61708f97fcc +# us-east-2 v11.2.2 Enterprise FIPS: ami-044098573bce4dde5 +# us-west-1 v11.2.2 Enterprise FIPS: ami-01eb54b899af8d414 +# us-west-2 v11.2.2 Enterprise FIPS: ami-07d79f27436274ab0 ``` diff --git a/examples/aws/terraform/ha-autoscale-cluster/README.md b/examples/aws/terraform/ha-autoscale-cluster/README.md index 5c54a41f849..311ef642f31 100644 --- a/examples/aws/terraform/ha-autoscale-cluster/README.md +++ b/examples/aws/terraform/ha-autoscale-cluster/README.md @@ -45,7 +45,7 @@ export TF_VAR_cluster_name="teleport.example.com" # OSS: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-oss*' # Enterprise: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-ent*' # FIPS 140-2 images are also available for Enterprise customers, look for '-fips' on the end of the AMI's name -export TF_VAR_ami_name="gravitational-teleport-ami-ent-11.2.1" +export TF_VAR_ami_name="gravitational-teleport-ami-ent-11.2.2" # AWS SSH key name to provision in installed instances, should be available in the region export TF_VAR_key_name="example" diff --git a/examples/aws/terraform/starter-cluster/README.md b/examples/aws/terraform/starter-cluster/README.md index 202b325e13e..b9a7aea1a8b 100644 --- a/examples/aws/terraform/starter-cluster/README.md +++ b/examples/aws/terraform/starter-cluster/README.md @@ -86,7 +86,7 @@ TF_VAR_license_path ?= "/path/to/license" # OSS: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-oss*' # Enterprise: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-ent*' # FIPS 140-2 images are also available for Enterprise customers, look for '-fips' on the end of the AMI's name -TF_VAR_ami_name ?= "gravitational-teleport-ami-ent-11.2.1" +TF_VAR_ami_name ?= "gravitational-teleport-ami-ent-11.2.2" # Route 53 hosted zone to use, must be a root zone registered in AWS, e.g. example.com TF_VAR_route53_zone ?= "example.com"