+ RUN venv/bin/ansible-galaxy collection install --force amazon.aws && \

+     venv/bin/ansible-galaxy collection install --force azure.azcollection && \

+ from .publish import (  # noqa: F401

+     AwsPublishedV1,

+     AzurePublishedV1,

+     ContainerPublishedV1,

+ )

+ class AwsPublishedV1(_PublishedV1):

+     """Published when an AWS AMI is created from an image."""

+ 

+     topic = ".".join([_PublishedV1.topic, "aws"])

+     body_schema = {

+         "id": f"{SCHEMA_URL}/v1/{'.'.join([_PublishedV1.topic, 'aws'])}",

+         "$schema": "https://json-schema.org/draft/2019-09/schema",

+         "description": (

+             "Schema for messages sent by fedora-image-uploader when a "

+             "new Amazon Web Services image is published."

+         ),

+         "type": "object",

+         "properties": {

+             "architecture": {

+                 "type": "string",

+                 "description": "The machine architecture of the image (x86_64, aarch64, etc).",

+             },

+             "compose_id": {

+                 "type": "string",

+                 "description": "The compose ID this image was created from.",

+             },

+             "image_name": {

+                 "type": "string",

+                 "description": "The name of the AMI.",

+             },

+             "regions": {

+                 "type": "object",

+                 "description": (

+                     "A map of regions to AMI IDs. The object keys are the AWS region and "

+                     "the value is the AMI ID."

+                 ),

+             },

+         },

+         "required": [

+             "architecture",

+             "compose_id",

+             "image_name",

+             "regions",

+         ],

+     }

+ 

+     @property

+     def summary(self):

+         return (

+             f"{self.app_name} published an AWS image from compose {self.body['compose_id']} as "

+             f"{self.body['image_name']}"

+         )

+ 

+     def __str__(self):

+         regions_and_ids = [f"{region} as {id}" for region, id in self.body["regions"].items()]

+         return (

+             "A new image has been published to Amazon Web Services:\n\n"

+             f"\tArchitecture: {self.body['architecture']}\n"

+             f"\tCompose ID: {self.body['compose_id']}\n"

+             f"\tImage Name: {self.body['image_name']}\n"

+             f"\tRegions: {', '.join(regions_and_ids)}\n"

+         )

+ 

+ 

+ from fedora_image_uploader_messages import (

+     AwsPublishedV1,

+     AzurePublishedV1,

+     ContainerPublishedV1,

+ )

+         handlers = {

+             "aws": self.handle_aws,

+             "azure": self.handle_azure,

+             "container": self.handle_container,

+         }

+         self.handlers = [

+             handler for conf_key, handler in handlers.items() if conf_key in self.conf.keys()

+         ]

+                 fallible_publish(message)

+     def run_playbook(

+         self, playbook: str, variables: dict, workdir: str

+     ) -> ansible_runner.runner.Runner:

+         return result

+ 

+     def handle_aws(self, image: dict, ffrel: ff_release.Release):

+         """Handle AWS images."""

+         if image.get("subvariant") != "Cloud_Base" or "AmazonEC2" not in image.get("path", ""):

+             return

+ 

+         with tempfile.TemporaryDirectory() as workdir:

+             image_path = self.download_image(image, workdir, decompress=True)

+             date = ffrel.metadata["composeinfo"]["payload"]["compose"]["date"]

+             respin = ffrel.metadata["composeinfo"]["payload"]["compose"]["respin"]

+             ami_name = (

+                 f"Fedora-Cloud-Base-AmazonEC2.{image['arch']}-{ffrel.relnum}-{date}.{respin}",

+             )

+             variables = {

+                 "base_region": self.conf["aws"]["base_region"],

+                 "s3_bucket_name": self.conf["aws"]["s3_bucket_name"],

+                 "ami_description": self.conf["aws"]["ami_description"],

+                 "ami_volume_dev_name": self.conf["aws"]["ami_volume_dev_name"],

+                 "ami_volume_type": self.conf["aws"]["ami_volume_type"],

+                 "ami_volume_size": self.conf["aws"]["ami_volume_size"],

+                 "ami_regions": self.conf["aws"]["ami_regions"],

+                 "ami_name": ami_name,

+                 "architecture": image["arch"],

+                 "image_source": image_path,

+                 "exclude_from_latest": True,

+                 "ansible_remote_tmp": workdir,

+             }

+ 

+             playbook = os.path.join(PLAYBOOKS, "aws.yml")

+             run = self.run_playbook(playbook, variables, workdir)

+             # extract the AMI ids from the Ansible run

+             regions = dict()

+             for event in run.events:

+                 if event["event"] == "runner_on_ok":

+                     uploaded_ami = event["event_data"]["res"]["image_id"]

+                     region = event["invocation"]["module_args"]["region"]

+                     regions[region] = uploaded_ami

+             message = AwsPublishedV1(

+                 body={

+                     "architecture": image["arch"],

+                     "compose_id": ffrel.cid,

+                     "image_name": ami_name,

+                     "regions": regions,

+                 },

+             )

+             if self.conf["aws"].get("publish_amqp_messages", False):

+                 fallible_publish(message)

+                 fallible_publish(message)

+         registries = self.conf["container"].get("registries")

+ 

+ 

+ def fallible_publish(message):

+     """

+     Helper to publish AMQP messages fallibly.

+ 

+     Rather than try really hard to publish every message, if the broker is unavailable it's

+     reasonable to just wait until the next image (which happens daily) to get built and try

+     again then.

+     """

+     try:

+         api.publish(message=message)

+     except (fm_exceptions.PublishTimeout, fm_exceptions.PublishReturned) as e:

+         _log.warning("Unable to publish %s message: %s", message.__class__.__name__, str(e))

+     except fm_exceptions.PublishForbidden as e:

+         _log.error(

+             "Unable to publish message to topic %s, permission denied: %s",

+             message.topic,

+             str(e),

+         )

+ # This playbook expects the following environment variables to be set for authentication:

+ #   - AWS_ACCESS_KEY_ID

+ #   - AWS_SECRET_ACCESS_KEY

+ 

+ ---

+ - name: Create Fedora AWS marketplace image

+   hosts: localhost

+   # defaults and values largely pulled from fedimg without much thought on my part

+   vars:

+     base_region: us-east-1

+     # current names are fedora-s3-bucket-fedimg{-testing}

+     s3_bucket_name: fedora-image-uploads

+     # current format seems to be Fedora-Cloud-Base-AmazonEC2.x86_64-40-20240619.0

+     ami_name: "Fedora Cloud"

+     ami_description: "Fedora Cloud"

+     ami_virt_type: "hvm"

+     ami_volume_dev_name: "/dev/sda1"

+     ami_volume_type: "gp3"

+     ami_volume_size: 7

+     ami_regions:

+       - 'af-south-1'

+       - 'eu-north-1'

+       - 'ap-south-1'

+       - 'eu-west-3'

+       - 'eu-west-2'

+       - 'eu-south-1'

+       - 'eu-west-1'

+       - 'ap-northeast-3'

+       - 'ap-northeast-2'

+       - 'me-south-1'

+       - 'ap-northeast-1'

+       - 'sa-east-1'

+       - 'ca-central-1'

+       - 'ap-east-1'

+       - 'ap-southeast-1'

+       - 'ap-southeast-2'

+       - 'ap-southeast-3'

+       - 'eu-central-1'

+       - 'us-east-1'

+       - 'us-east-2'

+       - 'us-west-1'

+       - 'us-west-2'

+     architecture: "x86_64"

+   tasks:

+ 

+     - name: Ensure S3 bucket exists

+       amazon.aws.s3_bucket:

+         state: present

+         name: "{{ s3_bucket_name }}"

+         region: "{{ base_region }}"

+ 

+     - name: Checksum local file

+       register: local_image_file

+       ansible.builtin.stat:

+         path: "{{ image_source }}"

+         checksum_algorithm: sha256

+         get_checksum: true

+ 

+     - name: Set s3_object_name to <sha256sum>.raw

+       ansible.builtin.set_fact:

+         s3_object_name: "{{ local_image_file.stat.checksum }}.raw"

+ 

+     - name: Upload image to S3 bucket

+       register: s3_upload

+       amazon.aws.s3_object:

+         region: "{{ base_region }}"

+         src: "{{ image_path }}"

+         bucket: "{{ s3_bucket_name }}"

+         object: "{{ s3_object_name }}"

+         mode: put

+         overwrite: false

+ 

+     # TODO unclear if this task or the next one is what I need.

+     - name: Import image to EC2

+       amazon.aws.ec2_import_image:

+         region: "{{ base_region }}"

+         state: present

+         boot_mode: "uefi-preferred"

+         description: "{{ ami_description }}"

+         disk_containers:

+           description: "Fedora Cloud"

+           device_name: "{{ ami_volume_dev_name }}"

+           format: "raw"

+           user_bucket:

+             s3_bucket: "{{ s3_bucket_name }}"

+             s3_key: "{{ s3_object_name }}"

+         platform: "Linux"

+ 

+     - name: Create AMI from S3 object

+       loop: "{{ ami_regions }}"

+       register: created_ami

+       amazon.aws.ec2_ami:

+         state: present

+         region: "{{ item }}"

+         name: "{{ ami_name }}"

+         boot_mode: "uefi-preferred"

+         description: "{{ ami_description }}"

+         image_location: "{{ s3_upload.url }}"

+         architecture: "{{ architecture }}"

+         virtualization_type: "{{ ami_virt_type }}"

+         enhanced_networking: true

+         device_mapping:

+           - device_name: "{{ ami_volume_dev_name }}"

+             volume_size: "{{ ami_volume_size }}"

+             volume_type: "{{ ami_volume_type }}"

+             delete_on_termination: true

+         launch_permissions:

+           group_names: ['all']

+     "boto3",

+     "botocore",

+ [consumer_config.aws]

+ base_region = "us-east-1"

+ s3_bucket_name = "fedora-image-uploads"

+ ami_description = "Fedora Cloud base image."

+ ami_volume_dev_name = "/dev/sda1"

+ ami_volume_type = "gp3"

+ ami_volume_size = 7

+ ami_regions = [

+     "af-south-1",

+     "eu-north-1",

+     "ap-south-1",

+     "eu-west-3",

+     "eu-west-2",

+     "eu-south-1",

+     "eu-west-1",

+     "ap-northeast-3",

+     "ap-northeast-2",

+     "me-south-1",

+     "ap-northeast-1",

+     "sa-east-1",

+     "ca-central-1",

+     "ap-east-1",

+     "ap-southeast-1",

+     "ap-southeast-2",

+     "ap-southeast-3",

+     "eu-central-1",

+     "us-east-1",

+     "us-east-2",

+     "us-west-1",

+     "us-west-2",

+ ]

+ 

+