# AWSome Builder III (Mehdi Salehi)
Containerize a COBOL app and move it to AWS

### The existing legacy enviroment:

In [261]:
%%bash

export AIX_HOST="52.117.41.211"

export AIX_USER="ab3user"

export CMD="uname; oslevel -s; prtconf 2>/dev/null | head -5"

ssh ab3user@$AIX_HOST $CMD


AIX
7200-04-01-1939
System Model: IBM,9009-22A
Machine Serial Number: 78BABE0
Processor Type: PowerPC_POWER9
Processor Implementation Mode: POWER 9
Processor Version: PV_9_Compat


### Checking the COBOL Compiler on AIX host:

In [262]:
%%bash

export AIX_HOST="52.117.41.211"

export AIX_USER="ab3user"

export CMD="lslpp -l cobol.rte"

ssh $AIX_USER@$AIX_HOST $CMD

  Fileset                      Level  State      Description         
  ----------------------------------------------------------------------------
Path: /usr/lib/objrepos
  cobol.rte                  5.1.0.0  COMMITTED  IBM COBOL for AIX Runtime


### Running a sample COBOL application on AIX (Edit the code in modern developement tools):
https://github.com/awsengineer/awsome-builder/blob/main/AWSome.cbl

In [270]:
%%bash
export AIX_HOST="52.117.41.211"
export AIX_USER="ab3user"
export APP_DIR="/home/cobol"
export COBOL_FILE="AWSome.cbl"

#cat <<EOF >$COBOL_FILE
#       IDENTIFICATION DIVISION.
#      PROGRAM-ID.  ABIII.
#
#       PROCEDURE DIVISION.
#       DisplayPrompt.
#           DISPLAY "Woohoo :) I am a COBOL code running on AIX!".
#           STOP RUN.
#EOF

git pull > /dev/null 2>&1

scp $COBOL_FILE $AIX_USER@$AIX_HOST:$APP_DIR && echo -e "\nThe COBOL code has been uploaded to the AIX host successfully."

export CMD="echo -e '\nA Quick look at the code on AIX host:\n' ;cat ${APP_DIR}/${COBOL_FILE}"

ssh $AIX_USER@$AIX_HOST $CMD


The COBOL code has been uploaded to the AIX host successfully.

A Quick look at the code on AIX host:

       IDENTIFICATION DIVISION.
       PROGRAM-ID.  ABIII.
       PROCEDURE DIVISION.
       DisplayPrompt.
           DISPLAY "Good day! I am a freaking code running on AIX.".
           STOP RUN.

### Compile the COBOL code on AIX:

In [271]:
%%bash
export AIX_HOST="52.117.41.211"
export AIX_USER="ab3user"
export APP_DIR="/home/cobol"
export COBOL_CODE="$APP_DIR/AWSome.cbl"
export EXEC_FILE="$APP_DIR/AWSome.exe"

ssh $AIX_USER@${AIX_HOST} "

echo -e 'Remove the exising complied app...\n'
rm -f $EXEC_FILE  2>/dev/null 

echo -e 'Compile the COBOL code...\n'

cob2 $COBOL_CODE -o $EXEC_FILE #>/dev/null

if [ -f $EXEC_FILE ]
then 
    echo -e '\nCheck the output binary file:\n'
    file $EXEC_FILE
    echo -e '\nRun the executable file:\n'
    $EXEC_FILE;  
else
    echo "Compile error" 
fi"


Remove the exising complied app...

Compile the COBOL code...

PP 5724-Z87 IBM COBOL for AIX  5.1.0 in progress ...
End of compilation 1,  program ABIII,  no statements flagged.

Check the output binary file:

/home/cobol/AWSome.exe: executable (RISC System/6000) or object module not stripped

Run the executable file:

Good day! I am a freaking code running on AIX.


### Run the same code on a Linux container:

In [272]:
%%bash

if [ -f AWSome.cbl ]
then 
    echo -e "\nThe contents of the Dockerfile:"
    echo -e "-------------------------------\n"
    cat Dockerfile
else
    echo "The COBOL source code (AWSome.cbl) does not exist."
fi


The contents of the Dockerfile:
-------------------------------

FROM debian:latest

RUN apt-get update && apt-get install -y open-cobol

RUN mkdir /src

COPY ./AWSome.cbl /src

RUN cd /src && cobc -free -x -o AWSome.exe AWSome.cbl

CMD "./src/AWSome.exe"


### Create the Docker image:

In [273]:
%%bash

docker -v >/dev/null 2>&1

if [ $? -eq "0" ] && [ -f ./Dockerfile ]
then
    docker build -t ezzobad/awsome-builder:ABIII .
else
    echo -e "\nDocker environemnt is not ready."
fi





Sending build context to Docker daemon  504.8kB
Step 1/6 : FROM debian:latest
 ---> e7d08cddf791
Step 2/6 : RUN apt-get update && apt-get install -y open-cobol
 ---> Using cache
 ---> 8470b97fdd69
Step 3/6 : RUN mkdir /src
 ---> Using cache
 ---> 1713072aa2c4
Step 4/6 : COPY ./AWSome.cbl /src
 ---> 98630503afdd
Step 5/6 : RUN cd /src && cobc -free -x -o AWSome.exe AWSome.cbl
 ---> Running in f7f973c98d18
[0mRemoving intermediate container f7f973c98d18
 ---> 4049fc333bbb
Step 6/6 : CMD "./src/AWSome.exe"
 ---> Running in 2498db082eee
Removing intermediate container 2498db082eee
 ---> f8ed7a02fbda
Successfully built f8ed7a02fbda
Successfully tagged ezzobad/awsome-builder:ABIII


### Test the Docker image locally:

In [274]:
%%bash

echo -e "\nThe details of the local Docker image:\n"
docker image ls ezzobad/awsome-builder:ABIII

echo -e "\nNow run a container based on the recently-created image:\n"
docker run ezzobad/awsome-builder:ABIII



The details of the local Docker image:

REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
ezzobad/awsome-builder   ABIII               f8ed7a02fbda        17 seconds ago      273MB

Now run a container based on the recently-created image:

Good day! I am a freaking code running on AIX.


### Push the image to a Docker repository:
https://hub.docker.com/repository/docker/ezzobad/awsome-builder

In [278]:
%%bash

docker push ezzobad/awsome-builder:ABIII


The push refers to repository [docker.io/ezzobad/awsome-builder]
eda15e7a56dc: Preparing
1168361bc773: Preparing
34baf94dc055: Preparing
97141eda858f: Preparing
4762552ad7d8: Preparing
4762552ad7d8: Layer already exists
97141eda858f: Layer already exists
34baf94dc055: Layer already exists
1168361bc773: Layer already exists
eda15e7a56dc: Layer already exists
ABIII: digest: sha256:b4ed60032bef2685fa876e730ebe00d0d3ad7857a15cde0a9af46ea60f4578f8 size: 1363


### Verify the Docker repository:

In [279]:
%%bash

echo -e "Delete the local image:\n"
docker image rm ezzobad/awsome-builder:ABIII --force

echo -e "\nNow run a container. This will pull the image from the repo:\n"
docker run ezzobad/awsome-builder:ABIII 2>/dev/null

Delete the local image:

Untagged: ezzobad/awsome-builder:ABIII
Untagged: ezzobad/awsome-builder@sha256:b4ed60032bef2685fa876e730ebe00d0d3ad7857a15cde0a9af46ea60f4578f8
Deleted: sha256:f8ed7a02fbda1b9327f7e4ea94a5b37f6bd1561781a5abb52ddd42ef4955ed10
Deleted: sha256:4049fc333bbb7697653bf5bbe3c0590ba2174dc356cbbb760218a1429ffc0529
Deleted: sha256:98630503afdd155aad39b80b05a72d9ab753a04c8e712a5b688de949ed23e51c

Now run a container. This will pull the image from the repo:

Good day! I am a freaking code running on AIX.


## Prepare the ROSA environment
https://cloud.redhat.com/openshift/token/rosa

Get the "Offline Access Token" to authenticate against your Red Hat OpenShift Cluster Manager account.


In [329]:
%%bash 
export region="eu-west-3"

if [ ! -f /usr/local/bin/rosa ] || [ ! -f /usr/local/bin/oc ]
then
    # The the latest version from this page: https://github.com/openshift/rosa
    sudo wget -nv https://github.com/openshift/rosa/releases/download/v0.1.6/rosa-linux-amd64 \
        -O /usr/local/bin/rosa \
        -o /dev/null
    sudo chmod +x /usr/local/bin/rosa
    
    # Download the OpenShift Client:
    rosa download oc >/dev/null 2>&1
    tar xvzf openshift-client-linux.tar.gz >/dev/null 2>&1
    sudo cp oc kubectl /usr/local/bin/
    rm -f oc kubectl openshift-client-linux.tar.gz
    sudo -- sh -c "/usr/local/bin/oc completion bash > /etc/bash_completion.d/oc"
    sudo -- sh -c "/usr/local/bin/kubectl completion bash > /etc/bash_completion.d/kubectl"
    sudo -- sh -c "/usr/local/bin/rosa completion > /etc/bash_completion.d/rosa"
    echo -e "ROSA command-line utility and ROSA Client have been installed successfully.\n"
else
    echo -e "ROSA command-line utility and ROSA Client are already installed.\n"
fi

echo -e "Verifying and initialze the ROSA environment:\n"

# rosa login --token="get the token from https://cloud.redhat.com/openshift/token/rosa"
rosa init

ROSA command-line utility and ROSA Client are already installed.

Verifying and initialze the ROSA environment:

[0;36mI:[m Logged in as 'awsomebuilder' on 'https://api.openshift.com'
[0;36mI:[m Validating AWS credentials...
[0;36mI:[m AWS credentials are valid!
[0;36mI:[m Validating SCP policies...
[0;36mI:[m AWS SCP policies ok
[0;36mI:[m Validating AWS quota...
[0;36mI:[m AWS quota ok
[0;36mI:[m Ensuring cluster administrator user 'osdCcsAdmin'...
[0;36mI:[m Admin user 'osdCcsAdmin' already exists!
[0;36mI:[m Validating SCP policies for 'osdCcsAdmin'...
[0;36mI:[m AWS SCP policies ok
[0;36mI:[m Validating cluster creation...
[0;33mW:[m Cluster creation failed. If you create a cluster, it should fail with the following error:
'create_moa_clusters' capability is not set for this account
[0;36mI:[m Verifying whether OpenShift command-line tool is available...
[0;36mI:[m Current OpenShift Client Version: 4.6.13


### ROSA Alternative on AWS
https://cloud.redhat.com/openshift/install/aws/installer-provisioned

In [330]:
%%bash

Check your AWS quota:

aws service-quotas get-service-quota --service-code ec2 --quota-code L-1216C47A --rgion=$region

#https://cloud.redhat.com/openshift/install/aws/installer-provisioned

#AWS OpenShift Installer on Mac:
#https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-install-mac.tar.gz 
    
#OpenShift Client (OC) for Mac:
#https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-mac.tar.gz 



{
    "Quota": {
        "ServiceCode": "ec2",
        "ServiceName": "Amazon Elastic Compute Cloud (Amazon EC2)",
        "QuotaArn": "arn:aws:servicequotas:us-west-1:539080165904:ec2/L-1216C47A",
        "QuotaCode": "L-1216C47A",
        "QuotaName": "Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) instances",
        "Value": 640.0,
        "Unit": "None",
        "Adjustable": true,
        "GlobalQuota": false,
        "UsageMetric": {
            "MetricNamespace": "AWS/Usage",
            "MetricName": "ResourceCount",
            "MetricDimensions": {
                "Class": "Standard/OnDemand",
                "Resource": "vCPU",
                "Service": "EC2",
                "Type": "Resource"
            },
            "MetricStatisticRecommendation": "Maximum"
        }
    }
}


bash: line 2: Check: command not found


### Explore the OpenShift cluster from CLI:

In [209]:
%%bash

export PATH=/home/ec2-user/anaconda3/bin:$PATH:/home/ec2-user/bin
        
oc login --server https://api.awsome-openshift-cluster.awsome-builder.com:6443 \
--username kubeadmin --password QUPhE-eRKET-GojYB-aHJKu > /dev/null 2>&1

oc new-project ab3project > /dev/null 2>&1

echo -e "\nCheck the cluster nodes:\n"
oc get nodes

echo -e "\nCheck the cluster resources:\n"
kubectl top nodes

echo -e "\nTweek the number of worker nodes (the hard way):\n"
echo 'oc edit machinesets.machine.openshift.io awsome-openshift-clus-f94d7-worker-us-west-1b -n openshift-machine-api'

echo -e "\nCheck the EC2 instances:\n"
echo 'https://tiny.amazon.com/48qywull/usweconsawsamazec2v2home'

echo -e "\nCheck the number of machines:\n"
oc get machinesets.machine.openshift.io -n openshift-machine-api

# kubectl run -it ab3 --image=ezzobad/awsome-builder:ABIII -- bash    
# kubectl exec ab3 -- ./src/AWSome.exe



Check the cluster nodes:

NAME                                         STATUS   ROLES    AGE    VERSION
ip-10-0-164-121.us-west-1.compute.internal   Ready    master   23d    v1.19.0+43983cd
ip-10-0-176-128.us-west-1.compute.internal   Ready    master   23d    v1.19.0+43983cd
ip-10-0-181-167.us-west-1.compute.internal   Ready    worker   164m   v1.19.0+43983cd
ip-10-0-186-141.us-west-1.compute.internal   Ready    worker   156m   v1.19.0+43983cd
ip-10-0-190-130.us-west-1.compute.internal   Ready    worker   23d    v1.19.0+43983cd
ip-10-0-222-169.us-west-1.compute.internal   Ready    master   23d    v1.19.0+43983cd
ip-10-0-235-231.us-west-1.compute.internal   Ready    worker   23d    v1.19.0+43983cd

Check the cluster resources:

NAME                                         CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
ip-10-0-164-121.us-west-1.compute.internal   599m         17%    3912Mi          27%       
ip-10-0-176-128.us-west-1.compute.internal   1030m        29%    6139Mi       

### Run a test container from the GUI Console
https://tiny.amazon.com/hjtrscbz/oautappsawsoawsologi 

### Run the COBOL app from OpenShift CLI:

In [210]:
%%bash
export PATH=/home/ec2-user/anaconda3/bin:$PATH:/home/ec2-user/bin

oc delete pod testpod --force 2>/dev/null
oc run testpod --image=ezzobad/awsome-builder:ABIII --restart Never
sleep 3
echo 
oc logs testpod 

pod/testpod created

Hiii! I am a legacy COBOL code running on AIX.


# Nest step: Automation of Docker image creation

In [211]:
%%bash
export PATH=/home/ec2-user/anaconda3/bin:$PATH:/home/ec2-user/bin
export COBOL_FILE="AWSome.cbl"

git pull 

cat <<EOF >$COBOL_FILE
      IDENTIFICATION DIVISION.
      PROGRAM-ID.  ABIII.

       PROCEDURE DIVISION.
       DisplayPrompt.
           DISPLAY "OK! Let's automate!".
           STOP RUN.
EOF

#git add $COBOL_FILE

git commit -a -m "Let's trigger Docker image build"
git push

# Create a Dockerhub build to trigger an action when Dockerfile is updated on Github
# Use the ssh-key of the Dockerhub repository to authenticate with Github
echo -e "https://hub.docker.com/repository/docker/ezzobad/awsome-builder/builds\n"


Already up to date.
[main 87ed4b0] Let's trigger Docker image build
 2 files changed, 123 insertions(+), 334 deletions(-)
https://hub.docker.com/repository/docker/ezzobad/awsome-builder/builds/edit



To https://github.com/awsengineer/awsome-builder.git
   a9d8288..87ed4b0  main -> main


# Create a Pod based on the lastest image:

In [212]:
%%bash
export PATH=/home/ec2-user/anaconda3/bin:$PATH:/home/ec2-user/bin

echo -e "Delete the old Pod if exists...\n"
oc delete pod newpod --force 2>/dev/null

echo -e "Create a Pod based on the latest image...\n"
oc run newpod --image=ezzobad/awsome-builder:ABIII \
--image-pull-policy=Always --restart=Never 

echo -e "Wait until the Pod gets ready...\n"
while [ `oc get pod newpod -o jsonpath="{.status.phase}"` != "Succeeded" ]
do 
sleep 1; 
done

echo -e "Get the application's log:\n"
oc logs newpod

Delete the old Pod if exists...

pod "newpod" force deleted
Create a Pod based on the latest image...

pod/newpod created
Wait until the Pod gets ready...

Get the application's log:

OK! Let's automate!


# Phase 2: Running the COBOL app in Lambda

### Configure ECR and push the image into it

In [257]:
%%bash
export PATH=/home/ec2-user/anaconda3/bin:$PATH:/home/ec2-user/bin
export key_alias='ab3-kms-key120'
export region="us-west-1"
export ecr_repo="ab3-ecr-repo"
export image_tag="ABIII"
export full_image_uri="539080165904.dkr.ecr.$region.amazonaws.com/$ecr_repo:$image_tag"
export lambda_exec_role="ab3_lambda_exec_role"

aws s3 ls >/dev/null 2>&1 || echo "AWS CLI has not been configured properly."

aws kms list-aliases --query Aliases[].AliasName | grep "\"alias/$key_alias\"\," > /dev/null

if [ $? -eq 0 ]
then
    echo "The KMS key already exists"
else
    echo -e "\nCreate a KMS key..."
    export kms_key_id=`aws kms create-key --customer-master-key-spec SYMMETRIC_DEFAULT \
            --key-usage ENCRYPT_DECRYPT --query KeyMetadata.KeyId --output text`
    aws kms create-alias --alias-name "alias/$key_alias" --region $region --target-key-id $kms_key_id
fi

aws ecr describe-repositories --query repositories[].repositoryName | grep $ecr_repo >/dev/null
if [ $? -eq 0 ]
then
    echo "The ECR repository already exists"
else
    aws ecr create-repository --repository-name $ecr_repo --region us-west-1 \
            --encryption-configuration encryptionType=KMS,kmsKey="alias/$key_alias" && \
            echo -e "\nThe ECR repo ($ecr_repo) was created successfully.\n"
fi

aws ecr get-login-password --region $region | docker login --username AWS --password-stdin 539080165904.dkr.ecr.$region.amazonaws.com

docker build -t $ecr_repo .

docker tag $ecr_repo:latest $full_image_uri

docker push $full_image_uri

rm -f /home/ec2-user/.docker/config.json

echo -e "\nCreate the Lambda execution role...\n"

cat <<EOF >trust-policy.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF

aws iam list-roles --query Roles[].RoleName | grep "\"$lambda_exec_role\"\," > /dev/null

if [ $? -eq 0 ]
then
    echo "The Lambda execution role ($lambda_exec_role) already exists"
else
    aws iam create-role --role-name $lambda_exec_role --region $region \
        --assume-role-policy-document file://trust-policy.json
fi

echo -e ""

echo -e ""

echo -e ""



The KMS key already exists
The ECR repository already exists
Login Succeeded
Sending build context to Docker daemon  432.1kB
Step 1/6 : FROM debian:latest
 ---> e7d08cddf791
Step 2/6 : RUN apt-get update && apt-get install -y open-cobol
 ---> Using cache
 ---> 8470b97fdd69
Step 3/6 : RUN mkdir /src
 ---> Using cache
 ---> 1713072aa2c4
Step 4/6 : COPY ./AWSome.cbl /src
 ---> Using cache
 ---> 52847c02732c
Step 5/6 : RUN cd /src && cobc -free -x -o AWSome.exe AWSome.cbl
 ---> Using cache
 ---> 5bd279ce72d0
Step 6/6 : CMD "./src/AWSome.exe"
 ---> Using cache
 ---> 28124d5289ec
Successfully built 28124d5289ec
Successfully tagged ab3-ecr-repo:latest
The push refers to repository [539080165904.dkr.ecr.us-west-1.amazonaws.com/ab3-ecr-repo]
80677dd977d4: Preparing
42fbab863011: Preparing
34baf94dc055: Preparing
97141eda858f: Preparing
4762552ad7d8: Preparing
80677dd977d4: Layer already exists
34baf94dc055: Layer already exists
4762552ad7d8: Layer already exists
42fbab863011: Layer already exis

https://docs.docker.com/engine/reference/commandline/login/#credentials-store

