push¶
Pushes one or more Amazon Machine Images to AWS from the specified sources.
This command gets the AMIs from the provided sources, checks for the image product in the metadata service e.g. RHSM and then uploads to AWS using the image metadata from the source. The image metadata is then updated to the metadata service post upload if the images were shipped to the users.
usage: pubtools-ami-push [-h] [--debug] [--aws-access-id AWS_ACCESS_ID]
[--aws-secret-key AWS_SECRET_KEY]
[--rhsm-url RHSM_URL] [--rhsm-cert RHSM_CERT]
[--rhsm-key RHSM_KEY]
[--aws-provider-name AWS_PROVIDER_NAME]
[--retry-wait RETRY_WAIT] [--max-retries MAX_RETRIES]
[--ship] [--container-prefix CONTAINER_PREFIX]
[--accounts ACCOUNTS] [--allow-public-images]
[--snapshot-account-ids SNAPSHOT_ACCOUNT_IDS]
source [source ...]
Named Arguments¶
- --debug, -d
Show debug logs; can be provided up to three times to enable more logs
Default: 0
AWS Service¶
- --aws-access-id
The AWS Service ID or Login to access the service (or set AWS_ACCESS_ID environment variable)
Default: “”
- --aws-secret-key
The AWS Service key to access the service (or set AWS_SECRET_KEY environment variable)
Default: “”
RHSM service¶
- --rhsm-url
Base URL of the RHSM API
- --rhsm-cert
RHSM API certificate path (or set RHSM_CERT environment variable)
- --rhsm-key
RHSM API key path (or set RHSM_KEY environment variable)
AMI common options¶
- source
source location of the staged AMIs with the source type. e.g. staged:/path/to/stage/ami or errata:https://errata.example.com?errata=RHBA-2020:1234 or pub:https://pub.example.com?task_id=125222
- --aws-provider-name
AWS provider e.g. AWS, ACN (AWS China), AGOV (AWS US Gov)
Default: “AWS”
- --retry-wait
duration to wait in sec before retrying action on AWS
Default: 30
- --max-retries
number of retries on failure with action on AWS
Default: 4
AMI Push options¶
- --ship
publish the AMIs in public domain
Default: False
- --container-prefix
prefix to storage container for upload
Default: “redhat-cloudimg”
- --accounts
region to accounts mapping for the accounts which will have permission to use the image in a region. If the accounts are not specific to a region, map them to defaults e.g. ‘{“region-1”: {“user-1”: “key-1”}}’ OR ‘{“default”: {“user-1”: “key-1”}}’ OR ‘{“region-1”: {“user-1”: “key-1”}, “default”: {“user-1”: “key-1”}}’
Default: {}
- --allow-public-images
images are released for general use
Default: False
- --snapshot-account-ids
JSON string mapping region to a list of account ids to give snapshot creation permissions to if a new snapshot is created as part of the image push.
Default: {}
Example¶
A typical invocation of push would look like this:
pubtools-ami-push \
--rhsm-url https://rhsm.example.com \
--aws-provider-name awstest \
--accounts '{"region-1": {"access-r": "secret-r"},
"default": {"access-1": "secret-1"}}' \
--aws-access-id access_id \
--aws-secret-key secret_key \
staged:/stage/ami/root
All the AMIs in the given source path will be verified for provider and product combination in RHSM and then uploaded to AWS for the accounts of the region the image is pushed to or the default accounts.
Example: ship images¶
To the ship the images to be available to users, –ship option should be used. This updates the metadata on RHSM services.
pubtools-ami-push \
--rhsm-url https://rhsm.example.com \
--aws-provider-name awstest \
--accounts '{"region-1": {"access-r": "secret-r"},
"default": {"access-1": "secret-1"}}' \
--aws-access-id access_id \
--aws-secret-key secret_key \
--ship \
staged:/stage/ami/root
Shipping the images to general public i.e. ones that are available to all like hourly images which can be used by general users for a fee requires using –allow-public-images along with the above options.
pubtools-ami-push \
--rhsm-url https://rhsm.example.com \
--aws-provider-name awstest \
--accounts '{"region-1": {"access-r": "secret-r"},
"default": {"access-1": "secret-1"}}' \
--aws-access-id access_id \
--aws-secret-key secret_key \
--ship \
--allow-public-image \
staged:/stage/ami/root
Example: modify retry¶
Uploads might fail on the first try for any reason. It gets retired by default for 4 times after every 30 seconds. These defaults can be modified as:
pubtools-ami-push \
--rhsm-url https://rhsm.example.com \
--aws-provider-name awstest \
--accounts '{"region-1": {"access-r": "secret-r"},
"default": {"access-1": "secret-1"}}' \
--aws-access-id access_id \
--aws-secret-key secret_key \
--max-retires 2 \
--retry-wait 10 \
staged:/stage/ami/root
