* Re-baseline to the newly-released Alpine 3.9
* Match meanings of 'version' and 'release' to how Alpine uses them * Use optional 'revision' to denote any same-release AMI rebuild * Include CPU 'arch' in naming/description (may also offer 'aarch64' AMIs someday) * Upgrade build instance to use Amazon Linux 2 AMIs * Use env vars to pass details to 'make_ami.sh' instead of via CLI parameters * make_ami.sh + minimum version/release shouldn't be overrideable + update APK tools & Alpine keys + check build's release vs. installed /etc/alpine-release
This commit is contained in:
parent
4680ecd85e
commit
0b15db8bb5
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,3 +1,5 @@
|
|||||||
|
**/*~
|
||||||
|
**/*.swp
|
||||||
/build/
|
/build/
|
||||||
/.py3/
|
/.py3/
|
||||||
/variables.yaml
|
/variables.yaml
|
||||||
|
2
Makefile
2
Makefile
@ -4,7 +4,7 @@ ami: convert
|
|||||||
packer build -var-file=build/variables.json build/alpine-ami.json
|
packer build -var-file=build/variables.json build/alpine-ami.json
|
||||||
|
|
||||||
edge: convert
|
edge: convert
|
||||||
@echo '{ "alpine_release": "edge", "ami_release": "'`date +%Y%m%d%H%M%S`'" }' > build/edge.json
|
@echo '{ "version": "edge", "release": "edge", "revision": "'-`date +%Y%m%d%H%M%S`'" }' > build/edge.json
|
||||||
packer build -var-file=build/variables.json -var-file=build/edge.json build/alpine-ami.json
|
packer build -var-file=build/variables.json -var-file=build/edge.json build/alpine-ami.json
|
||||||
|
|
||||||
convert: build/convert
|
convert: build/convert
|
||||||
|
42
README.md
42
README.md
@ -1,27 +1,29 @@
|
|||||||
# Alpine Linux EC2 AMI Build
|
# Alpine Linux EC2 AMI Build
|
||||||
|
|
||||||
**NOTE: This is not an official Amazon or AWS provided image. This is community
|
**NOTE: This is not an official Amazon or AWS provided image. This is
|
||||||
built and supported.**
|
community built and supported.**
|
||||||
|
|
||||||
This repository contains a packer file and a script to create an EC2 AMI
|
This repository contains a packer file and a script to create an EC2 AMI
|
||||||
containing Alpine Linux. The AMI is designed to work with most EC2 features
|
containing Alpine Linux. The AMI is designed to work with most EC2 features
|
||||||
such as Elastic Network Adapters and NVME EBS volumes by default. If anything
|
such as Elastic Network Adapters and NVME EBS volumes by default. If anything
|
||||||
is missing please report a bug.
|
is missing please report a bug.
|
||||||
|
|
||||||
This image can be launched on any modern instance type, including T3, M5, C5,
|
This image can be launched on any modern x86_64 instance type, including T3,
|
||||||
I3, R5, P3, X1, X1e, D2, Z1d. Other instances may also work but have not been
|
M5, C5, I3, R5, P3, X1, X1e, D2, Z1d. Other instances may also work but have
|
||||||
tested. If you find an issue with instance support for any current generation
|
not been tested. If you find an issue with instance support for any current
|
||||||
instance please file a bug against this project.
|
generation instance please file a bug against this project.
|
||||||
|
|
||||||
To get started use one of the AMIs below. The default user is `alpine` and will
|
To get started use one of the AMIs below. The default user is `alpine` and
|
||||||
be configured to use whatever SSH keys you chose when you launched the image.
|
will be configured to use whatever SSH keys you chose when you launched the
|
||||||
If user data is specified it must be a shell script that begins with `#!`. If a
|
image. If user data is specified it must be a shell script that begins with
|
||||||
script is provided it will be executed as root after the network is configured.
|
`#!`. If a script is provided it will be executed as root after the network is
|
||||||
|
configured.
|
||||||
|
|
||||||
**Note:** This image will be updated as Alpine Linux changes over time and as
|
**NOTE:** *The images listed below are currently very much out of date. We are
|
||||||
AWS adds regions. This file and
|
working on providing a set of updated 3.9 AMIs for all current AWS regions, and
|
||||||
|
hope to automate AMI builds and updates to this file and
|
||||||
[release.yaml](https://github.com/mcrute/alpine-ec2-ami/blob/master/release.yaml)
|
[release.yaml](https://github.com/mcrute/alpine-ec2-ami/blob/master/release.yaml)
|
||||||
will be updated as new regions are made available.
|
in the not-too-distant future.*
|
||||||
|
|
||||||
| Alpine Version | Region Code | AMI ID |
|
| Alpine Version | Region Code | AMI ID |
|
||||||
| -------------- | ----------- | ------ |
|
| -------------- | ----------- | ------ |
|
||||||
@ -47,26 +49,20 @@ its development and thus there are some sharp edges.
|
|||||||
|
|
||||||
- Only EBS-backed HVM instances are supported. While paravirtualized instances
|
- Only EBS-backed HVM instances are supported. While paravirtualized instances
|
||||||
are still available from AWS they are not supported on any of the newer
|
are still available from AWS they are not supported on any of the newer
|
||||||
hardware so it seems unlikely that they will be supported going forward. Thus
|
hardware so it seems unlikely that they will be supported going forward.
|
||||||
this project does not support them.
|
Thus this project does not support them.
|
||||||
|
|
||||||
- [cloud-init](https://cloudinit.readthedocs.io/en/latest/) is not currently
|
- [cloud-init](https://cloudinit.readthedocs.io/en/latest/) is not currently
|
||||||
supported on Alpine Linux. Instead this image uses
|
supported on Alpine Linux. Instead this image uses
|
||||||
[tiny-ec2-bootstrap](https://github.com/mcrute/tiny-ec2-bootstrap). Hostname
|
[tiny-ec2-bootstrap](https://github.com/mcrute/tiny-ec2-bootstrap). Hostname
|
||||||
setting will work as will setting the ssh keys for the Alpine user based on
|
setting will work, as will setting the ssh keys for the Alpine user based on
|
||||||
what was configured during instance launch. User data is supported as long
|
what was configured during instance launch. User data is supported as long
|
||||||
as it's a shell script (starts with #!). See the tiny-ec2-bootstrap README
|
as it's a shell script (starts with #!). See the tiny-ec2-bootstrap README
|
||||||
for more details. You can still install cloud-init (from the edge/3.9 testing
|
for more details. You can still install cloud-init (from the edge testing
|
||||||
repositories), but we haven't tested whether it will not work correctly for
|
repositories), but we haven't tested whether it will not work correctly for
|
||||||
this AMI. If full cloud-init support is important to you please file a bug
|
this AMI. If full cloud-init support is important to you please file a bug
|
||||||
against this project.
|
against this project.
|
||||||
|
|
||||||
- Because several key packages in Alpine 3.8 are missing or lacking features,
|
|
||||||
we currently need to install some packages from edge. We expect that these
|
|
||||||
will be included in Alpine 3.9.
|
|
||||||
- linux-virt @edge-main (includes necessary ENA drivers)
|
|
||||||
- tiny-ec2-bootstrap @edge-main (updated to v1.2.0)
|
|
||||||
|
|
||||||
- CloudFormation support is still forthcoming. This requires patches and
|
- CloudFormation support is still forthcoming. This requires patches and
|
||||||
packaging for the upstream cfn tools that have not yet been accepted.
|
packaging for the upstream cfn tools that have not yet been accepted.
|
||||||
Eventually full CloudFormation support will be available.
|
Eventually full CloudFormation support will be available.
|
||||||
|
@ -3,9 +3,11 @@ variables:
|
|||||||
# NOTE: Configuration is done with a 'variables.yaml' file. If it doesn't
|
# NOTE: Configuration is done with a 'variables.yaml' file. If it doesn't
|
||||||
# exist, default configuration is copied from 'variables.yaml-default'.
|
# exist, default configuration is copied from 'variables.yaml-default'.
|
||||||
|
|
||||||
# NOTE: Changing alpine_release may require modifying 'make_ami.sh'.
|
# NOTE: Changing arch/version/release may require modifying 'make_ami.sh'.
|
||||||
alpine_release: "3.8"
|
arch: x86_64
|
||||||
|
version: "3.9"
|
||||||
|
release: "3.9.0"
|
||||||
|
revision: ""
|
||||||
|
|
||||||
builders:
|
builders:
|
||||||
- type: "amazon-ebssurrogate"
|
- type: "amazon-ebssurrogate"
|
||||||
@ -29,15 +31,15 @@ builders:
|
|||||||
virtualization-type: "hvm"
|
virtualization-type: "hvm"
|
||||||
root-device-type: "ebs"
|
root-device-type: "ebs"
|
||||||
architecture: "x86_64"
|
architecture: "x86_64"
|
||||||
name: "amzn-ami-hvm-*-x86_64-gp2"
|
name: "amzn2-ami-hvm-2.0.*-gp2"
|
||||||
owners:
|
owners:
|
||||||
- "137112412989"
|
- "137112412989"
|
||||||
most_recent: "true"
|
most_recent: "true"
|
||||||
|
|
||||||
### AMI Build Details
|
### AMI Build Details
|
||||||
|
|
||||||
ami_name: "{{user `ami_name_prefix`}}{{user `alpine_release`}}-r{{user `ami_release`}}{{user `ami_name_suffix`}}"
|
ami_name: "{{user `ami_name_prefix`}}{{user `release`}}{{user `revision`}}-{{user `arch`}}{{user `ami_name_suffix`}}"
|
||||||
ami_description: "{{user `ami_desc_prefix`}}{{user `alpine_release`}}-r{{user `ami_release`}}{{user `ami_desc_suffix`}}"
|
ami_description: "{{user `ami_desc_prefix`}}{{user `release`}}{{user `revision`}} {{user `arch`}}{{user `ami_desc_suffix`}}"
|
||||||
ami_virtualization_type: "hvm"
|
ami_virtualization_type: "hvm"
|
||||||
ami_root_device:
|
ami_root_device:
|
||||||
source_device_name: "/dev/xvdf"
|
source_device_name: "/dev/xvdf"
|
||||||
@ -59,5 +61,10 @@ provisioners:
|
|||||||
- type: "shell"
|
- type: "shell"
|
||||||
script: "make_ami.sh"
|
script: "make_ami.sh"
|
||||||
environment_vars:
|
environment_vars:
|
||||||
- "ALPINE_RELEASE={{user `alpine_release`}}"
|
- "VERSION={{user `version`}}"
|
||||||
execute_command: 'sudo sh -c "{{ .Vars }} {{ .Path }} ''{{user `add_repos`}}'' ''{{user `add_pkgs`}}'' ''{{user `add_svcs`}}''"'
|
- "RELEASE={{user `release`}}"
|
||||||
|
- "REVISION={{user `revision`}}"
|
||||||
|
- "ADD_REPOS='{{user `add_repos`}}'"
|
||||||
|
- "ADD_PKGS='{{user `add_pkgs`}}'"
|
||||||
|
- "ADD_SVCS='{{user `add_svcs`}}'"
|
||||||
|
execute_command: 'sudo sh -c "{{ .Vars }} {{ .Path }}"'
|
||||||
|
57
make_ami.sh
57
make_ami.sh
@ -3,13 +3,16 @@
|
|||||||
|
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
: ${MIN_RELEASE:="3.8"}
|
MIN_VERSION="3.9"
|
||||||
: ${APK_TOOLS_URI:="https://github.com/alpinelinux/apk-tools/releases/download/v2.10.0/apk-tools-2.10.0-x86_64-linux.tar.gz"}
|
MIN_RELEASE="3.9.0"
|
||||||
: ${APK_TOOLS_SHA256:="77f2d256fcd5d6fdafadf43bb6a9c85c3da7bb471ee842dcd729175235cb9fed"}
|
|
||||||
: ${ALPINE_KEYS:="http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86_64/alpine-keys-2.1-r1.apk"}
|
|
||||||
: ${ALPINE_KEYS_SHA256:="f7832b848cedca482b145011cf516e82392f02a10713875cb09f39c7221c6f17"}
|
|
||||||
|
|
||||||
: ${ALPINE_RELEASE:="${MIN_RELEASE}"} # unless otherwise specified
|
: ${VERSION:="${MIN_VERSION}"} # unless otherwise specified
|
||||||
|
: ${RELEASE:="${MIN_RELEASE}"} # unless otherwise specified
|
||||||
|
|
||||||
|
: ${APK_TOOLS_URI:="https://github.com/alpinelinux/apk-tools/releases/download/v2.10.3/apk-tools-2.10.3-x86_64-linux.tar.gz"}
|
||||||
|
: ${APK_TOOLS_SHA256:="4d0b2cda606720624589e6171c374ec6d138867e03576d9f518dddde85c33839"}
|
||||||
|
: ${ALPINE_KEYS:="http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/alpine-keys-2.1-r1.apk"}
|
||||||
|
: ${ALPINE_KEYS_SHA256:="9c7bc5d2e24c36982da7aa49b3cfcb8d13b20f7a03720f25625fa821225f5fbc"}
|
||||||
|
|
||||||
die() {
|
die() {
|
||||||
printf '\033[1;31mERROR:\033[0m %s\n' "$@" >&2 # bold red
|
printf '\033[1;31mERROR:\033[0m %s\n' "$@" >&2 # bold red
|
||||||
@ -78,7 +81,7 @@ setup_repositories() {
|
|||||||
|
|
||||||
mkdir -p "$target"/etc/apk/keys
|
mkdir -p "$target"/etc/apk/keys
|
||||||
|
|
||||||
if [ "$ALPINE_RELEASE" = 'edge' ]; then
|
if [ "$VERSION" = 'edge' ]; then
|
||||||
cat > "$target"/etc/apk/repositories <<EOF
|
cat > "$target"/etc/apk/repositories <<EOF
|
||||||
http://dl-cdn.alpinelinux.org/alpine/edge/main
|
http://dl-cdn.alpinelinux.org/alpine/edge/main
|
||||||
http://dl-cdn.alpinelinux.org/alpine/edge/community
|
http://dl-cdn.alpinelinux.org/alpine/edge/community
|
||||||
@ -86,16 +89,10 @@ http://dl-cdn.alpinelinux.org/alpine/edge/testing
|
|||||||
EOF
|
EOF
|
||||||
else
|
else
|
||||||
cat > "$target"/etc/apk/repositories <<EOF
|
cat > "$target"/etc/apk/repositories <<EOF
|
||||||
http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_RELEASE/main
|
http://dl-cdn.alpinelinux.org/alpine/v$VERSION/main
|
||||||
http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_RELEASE/community
|
http://dl-cdn.alpinelinux.org/alpine/v$VERSION/community
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
# NOTE: until several key packages graduate from edge...
|
|
||||||
cat >> "$target"/etc/apk/repositories <<EOF
|
|
||||||
@edge-main http://dl-cdn.alpinelinux.org/alpine/edge/main
|
|
||||||
@edge-community http://dl-cdn.alpinelinux.org/alpine/edge/community
|
|
||||||
@edge-testing http://dl-cdn.alpinelinux.org/alpine/edge/testing
|
|
||||||
EOF
|
|
||||||
|
|
||||||
echo "$add_repos" | tr , "\012" >> "$target"/etc/apk/repositories
|
echo "$add_repos" | tr , "\012" >> "$target"/etc/apk/repositories
|
||||||
}
|
}
|
||||||
@ -109,6 +106,18 @@ fetch_keys() {
|
|||||||
rm -rf "$tmp"
|
rm -rf "$tmp"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
install_base() {
|
||||||
|
local target="$1"
|
||||||
|
|
||||||
|
$apk add --root "$target" --no-cache --initdb alpine-base
|
||||||
|
# verify release matches
|
||||||
|
if [ "$VERSION" != "edge" ]; then
|
||||||
|
ALPINE_RELEASE=$(cat "$target/etc/alpine-release")
|
||||||
|
[ "$RELEASE" = "$ALPINE_RELEASE" ] || \
|
||||||
|
die "Current Alpine $VERSION release ($ALPINE_RELEASE) does not match build ($RELEASE)"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
setup_chroot() {
|
setup_chroot() {
|
||||||
local target="$1"
|
local target="$1"
|
||||||
|
|
||||||
@ -131,13 +140,13 @@ install_core_packages() {
|
|||||||
# tiny-ec2-bootstrap - to bootstrap system from EC2 metadata
|
# tiny-ec2-bootstrap - to bootstrap system from EC2 metadata
|
||||||
#
|
#
|
||||||
chroot "$target" apk --no-cache add \
|
chroot "$target" apk --no-cache add \
|
||||||
linux-virt@edge-main \
|
linux-virt \
|
||||||
alpine-mirrors \
|
alpine-mirrors \
|
||||||
nvme-cli \
|
nvme-cli \
|
||||||
chrony \
|
chrony \
|
||||||
openssh \
|
openssh \
|
||||||
sudo \
|
sudo \
|
||||||
tiny-ec2-bootstrap@edge-main \
|
tiny-ec2-bootstrap \
|
||||||
tzdata \
|
tzdata \
|
||||||
$(echo "$add_pkgs" | tr , ' ')
|
$(echo "$add_pkgs" | tr , ' ')
|
||||||
|
|
||||||
@ -302,14 +311,14 @@ version_sorted() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
[ "$#" -ne 3 ] && die "Expecting three parameters\nUsage: $0 '[<repo>[,...]]' '[<pkg>[,...]]' '[<lvl>=<svc>[,...][:...]]'"
|
[ "$VERSION" != 'edge' ] && {
|
||||||
[ "$ALPINE_RELEASE" != 'edge' ] && {
|
version_sorted $MIN_VERSION $VERSION || die "Minimum Alpine version is '$MIN_RELEASE'"
|
||||||
version_sorted $MIN_RELEASE $ALPINE_RELEASE || die "Minimum alpine_release is '$MIN_RELEASE'"
|
version_sorted $MIN_RELEASE $RELEASE || die "Minimum Alpine release is '$MIN_RELEASE'"
|
||||||
}
|
}
|
||||||
|
|
||||||
local add_repos="$1"
|
local add_repos="$ADD_REPOS"
|
||||||
local add_pkgs="$2"
|
local add_pkgs="$ADD_PKGS"
|
||||||
local add_svcs="$3"
|
local add_svcs="$ADD_SVCS"
|
||||||
|
|
||||||
local device="/dev/xvdf"
|
local device="/dev/xvdf"
|
||||||
local target="/mnt/target"
|
local target="/mnt/target"
|
||||||
@ -331,7 +340,7 @@ main() {
|
|||||||
fetch_keys "$target"
|
fetch_keys "$target"
|
||||||
|
|
||||||
einfo "Installing base system"
|
einfo "Installing base system"
|
||||||
$apk add --root "$target" --no-cache --initdb alpine-base
|
install_base "$target"
|
||||||
|
|
||||||
setup_chroot "$target"
|
setup_chroot "$target"
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ region:
|
|||||||
# automatically determined.
|
# automatically determined.
|
||||||
subnet:
|
subnet:
|
||||||
|
|
||||||
# Optional security group to apply to the builder instance.
|
# Optional security group to apply to the builder instance
|
||||||
security_group:
|
security_group:
|
||||||
|
|
||||||
# By default, public IPs are assigned (or not) per the subnet's configuration.
|
# By default, public IPs are assigned (or not) per the subnet's configuration.
|
||||||
@ -18,25 +18,27 @@ public_ip: ""
|
|||||||
|
|
||||||
### Build Options ###
|
### Build Options ###
|
||||||
|
|
||||||
# Treat similar to a ABUILD pkgrel variable and increment with every release.
|
# Uncomment/increment every for every rebuild of an Alpine release;
|
||||||
ami_release: "2"
|
# re-comment/zero for every new Alpine release
|
||||||
|
#revision: "-0"
|
||||||
|
|
||||||
# AMI name prefix and suffix
|
# AMI name prefix and suffix
|
||||||
ami_name_prefix: "Alpine-"
|
ami_name_prefix: "alpine-ami-"
|
||||||
ami_name_suffix: "-EC2"
|
ami_name_suffix: ""
|
||||||
|
|
||||||
# AMI description prefix and suffix
|
# AMI description prefix and suffix
|
||||||
ami_desc_prefix: "Alpine Linux "
|
ami_desc_prefix: "Alpine Linux "
|
||||||
ami_desc_suffix: " Release with EC2 Optimizations"
|
ami_desc_suffix: ""
|
||||||
|
|
||||||
# List of custom lines to add to /etc/apk/repositories. Note that @edge-main,
|
# List of custom lines to add to /etc/apk/repositories
|
||||||
# @edge-community, and @edge-testing repos have been predefined.
|
|
||||||
add_repos:
|
add_repos:
|
||||||
|
# - "@my-repo http://my-repo.tld/path"
|
||||||
|
|
||||||
# List of additional packages to add to the AMI.
|
# List of additional packages to add to the AMI.
|
||||||
add_pkgs:
|
add_pkgs:
|
||||||
|
# - package-name
|
||||||
|
|
||||||
# Additional services to start at the specified level.
|
# Additional services to start at the specified level
|
||||||
add_svcs:
|
add_svcs:
|
||||||
# boot:
|
# boot:
|
||||||
# - service1
|
# - service1
|
||||||
@ -54,7 +56,7 @@ encrypt_ami: "false"
|
|||||||
ami_access:
|
ami_access:
|
||||||
- "all"
|
- "all"
|
||||||
|
|
||||||
# List of regions to where the AMI should be copied.
|
# List of regions to where the AMI should be copied
|
||||||
deploy_regions:
|
deploy_regions:
|
||||||
- "us-east-1"
|
- "us-east-1"
|
||||||
- "us-east-2"
|
- "us-east-2"
|
||||||
|
Loading…
Reference in New Issue
Block a user