automation: perform tasks on remote machines Sometimes you don't have access to a machine in order to do something. For example, you may not have access to a Windows machine required to build Windows binaries or run tests on that platform. This commit introduces a pile of code intended to help "automate" common tasks, like building release artifacts. In its current form, the automation code provides functionality for performing tasks on Windows EC2 instances. The hgautomation.aws module provides functionality for integrating with AWS. It manages EC2 resources such as IAM roles, EC2 security groups, AMIs, and instances. The hgautomation.windows module provides a higher-level interface for performing tasks on remote Windows machines. The hgautomation.cli module provides a command-line interface to these higher-level primitives. I attempted to structure Windows remote machine interaction around Windows Remoting / PowerShell. This is kinda/sorta like SSH + shell, but for Windows. In theory, most of the functionality is cloud provider agnostic, as we should be able to use any established WinRM connection to interact with a remote. In reality, we're tightly coupled to AWS at the moment because I didn't want to prematurely add abstractions for a 2nd cloud provider. (1 was hard enough to implement.) In the aws module is code for creating an image with a fully functional Mercurial development environment. It contains VC9, VC2017, msys, and other dependencies. The image is fully capable of building all the existing Mercurial release artifacts and running tests. There are a few things that don't work. For example, running Windows tests with Python 3. But building the Windows release artifacts does work. And that was an impetus for this work. (Although we don't yet support code signing.) Getting this functionality to work was extremely time consuming. It took hours debugging permissions failures and other wonky behavior due to PowerShell Remoting. (The permissions model for PowerShell is crazy and you brush up against all kinds of issues because of the user/privileges of the user running the PowerShell and the permissions of the PowerShell session itself.) The functionality around AWS resource management could use some improving. In theory we support shared tenancy via resource name prefixing. In reality, we don't offer a way to configure this. Speaking of AWS resource management, I thought about using a tool like Terraform to manage resources. But at our scale, writing a few dozen lines of code to manage resources seemed acceptable. Maybe we should reconsider this if things grow out of control. Time will tell. Currently, emphasis is placed on Windows. But I only started there because it was likely to be the most difficult to implement. It should be relatively trivial to automate tasks on remote Linux machines. In fact, I have a ~1 year old script to run tests on a remote EC2 instance. I will likely be porting that to this new "framework" in the near future. # no-check-commit because foo_bar functions Differential Revision: https://phab.mercurial-scm.org/D6142

     1

# __init__.py - High-level automation interfaces

     2

#

     3

# Copyright 2019 Gregory Szorc <gregory.szorc@gmail.com>

     4

#

     5

# This software may be used and distributed according to the terms of the

     6

# GNU General Public License version 2 or any later version.

     7

     8

# no-check-code because Python 3 native.

     9

    10

import pathlib

    11

import secrets

    12

    13

from .aws import (

    14

    AWSConnection,

    15

)

    16

    17

    18

class HGAutomation:

    19

    """High-level interface for Mercurial automation.

    20

    21

    Holds global state, provides access to other primitives, etc.

    22

    """

    23

    24

    def __init__(self, state_path: pathlib.Path):

    25

        self.state_path = state_path

    26

    27

        state_path.mkdir(exist_ok=True)

    28

    29

    def default_password(self):

    30

        """Obtain the default password to use for remote machines.

    31

    32

        A new password will be generated if one is not stored.

    33

        """

    34

        p = self.state_path / 'default-password'

    35

    36

        try:

    37

            with p.open('r', encoding='ascii') as fh:

    38

                data = fh.read().strip()

    39

    40

                if data:

    41

                    return data

    42

    43

        except FileNotFoundError:

    44

            pass

    45

    46

        password = secrets.token_urlsafe(24)

    47

    48

        with p.open('w', encoding='ascii') as fh:

    49

            fh.write(password)

    50

            fh.write('\n')

    51

    52

        p.chmod(0o0600)

    53

    54

        return password

    55

    56

    def aws_connection(self, region: str):

    57

        """Obtain an AWSConnection instance bound to a specific region."""

    58

    59

        return AWSConnection(self, region)