* Re-baseline to the newly-released Alpine 3.9

* Match meanings of 'version' and 'release' to how Alpine uses them
* Use optional 'revision' to denote any same-release AMI rebuild
* Include CPU 'arch' in naming/description (may also offer 'aarch64' AMIs someday)
* Upgrade build instance to use Amazon Linux 2 AMIs
* Use env vars to pass details to 'make_ami.sh' instead of via CLI parameters
* make_ami.sh
+ minimum version/release shouldn't be overrideable
+ update APK tools & Alpine keys
+ check build's release vs. installed /etc/alpine-release

.gitignore

@@ -1,3 +1,5 @@
+**/*~
+**/*.swp
 /build/
 /.py3/
 /variables.yaml

Makefile

@@ -4,7 +4,7 @@ ami: convert
 	packer build -var-file=build/variables.json build/alpine-ami.json
 
 edge: convert
-	@echo '{ "alpine_release": "edge", "ami_release": "'`date +%Y%m%d%H%M%S`'" }' > build/edge.json
+	@echo '{ "version": "edge", "release": "edge", "revision": "'-`date +%Y%m%d%H%M%S`'" }' > build/edge.json
 	packer build -var-file=build/variables.json -var-file=build/edge.json build/alpine-ami.json
 
 convert: build/convert

README.md

@@ -1,27 +1,29 @@
 # Alpine Linux EC2 AMI Build
 
-**NOTE: This is not an official Amazon or AWS provided image. This is community
+**NOTE: This is not an official Amazon or AWS provided image.  This is
-built and supported.**
+community built and supported.**
 
 This repository contains a packer file and a script to create an EC2 AMI
-containing Alpine Linux. The AMI is designed to work with most EC2 features
+containing Alpine Linux.  The AMI is designed to work with most EC2 features
-such as Elastic Network Adapters and NVME EBS volumes by default. If anything
+such as Elastic Network Adapters and NVME EBS volumes by default.  If anything
 is missing please report a bug.
 
-This image can be launched on any modern instance type, including T3, M5, C5,
+This image can be launched on any modern x86_64 instance type, including T3,
-I3, R5, P3, X1, X1e, D2, Z1d. Other instances may also work but have not been
+M5, C5, I3, R5, P3, X1, X1e, D2, Z1d.  Other instances may also work but have
-tested. If you find an issue with instance support for any current generation
+not been tested.  If you find an issue with instance support for any current
-instance please file a bug against this project.
+generation instance please file a bug against this project.
 
-To get started use one of the AMIs below. The default user is `alpine` and will
+To get started use one of the AMIs below.  The default user is `alpine` and
-be configured to use whatever SSH keys you chose when you launched the image.
+will be configured to use whatever SSH keys you chose when you launched the
-If user data is specified it must be a shell script that begins with `#!`. If a
+image.  If user data is specified it must be a shell script that begins with
-script is provided it will be executed as root after the network is configured.
+`#!`.  If a script is provided it will be executed as root after the network is
+configured.
 
-**Note:** This image will be updated as Alpine Linux changes over time and as
+**NOTE:** *The images listed below are currently very much out of date.  We are
-AWS adds regions. This file and
+working on providing a set of updated 3.9 AMIs for all current AWS regions, and
+hope to automate AMI builds and updates to this file and
 [release.yaml](https://github.com/mcrute/alpine-ec2-ami/blob/master/release.yaml)
-will be updated as new regions are made available.
+in the not-too-distant future.*
 
 | Alpine Version | Region Code | AMI ID |
 | -------------- | ----------- | ------ |
@@ -45,28 +47,22 @@ will be updated as new regions are made available.
 This image is being used in production but it's still somewhat early stage in
 its development and thus there are some sharp edges.
 
-- Only EBS-backed HVM instances are supported. While paravirtualized instances
+- Only EBS-backed HVM instances are supported.  While paravirtualized instances
   are still available from AWS they are not supported on any of the newer
-  hardware so it seems unlikely that they will be supported going forward. Thus
+  hardware so it seems unlikely that they will be supported going forward.
-  this project does not support them.
+  Thus this project does not support them.
 
 - [cloud-init](https://cloudinit.readthedocs.io/en/latest/) is not currently
-  supported on Alpine Linux. Instead this image uses
+  supported on Alpine Linux.  Instead this image uses
-  [tiny-ec2-bootstrap](https://github.com/mcrute/tiny-ec2-bootstrap). Hostname
+  [tiny-ec2-bootstrap](https://github.com/mcrute/tiny-ec2-bootstrap).  Hostname
-  setting will work as will setting the ssh keys for the Alpine user based on
+  setting will work, as will setting the ssh keys for the Alpine user based on
-  what was configured during instance launch. User data is supported as long
+  what was configured during instance launch.  User data is supported as long
-  as it's a shell script (starts with #!). See the tiny-ec2-bootstrap README
+  as it's a shell script (starts with #!).  See the tiny-ec2-bootstrap README
-  for more details. You can still install cloud-init (from the edge/3.9 testing
+  for more details.  You can still install cloud-init (from the edge testing
   repositories), but we haven't tested whether it will not work correctly for
   this AMI.  If full cloud-init support is important to you please file a bug
   against this project.
 
-- Because several key packages in Alpine 3.8 are missing or lacking features,
+- CloudFormation support is still forthcoming.  This requires patches and
-  we currently need to install some packages from edge.  We expect that these
-  will be included in Alpine 3.9.
-  - linux-virt @edge-main (includes necessary ENA drivers)
-  - tiny-ec2-bootstrap @edge-main  (updated to v1.2.0)
-
-- CloudFormation support is still forthcoming. This requires patches and
   packaging for the upstream cfn tools that have not yet been accepted.
   Eventually full CloudFormation support will be available.

alpine-ami.yaml

@@ -3,9 +3,11 @@ variables:
   # NOTE:  Configuration is done with a 'variables.yaml' file.  If it doesn't
   # exist, default configuration is copied from 'variables.yaml-default'.
 
-  # NOTE:  Changing alpine_release may require modifying 'make_ami.sh'.
+  # NOTE:  Changing arch/version/release may require modifying 'make_ami.sh'.
-  alpine_release: "3.8"
+  arch: x86_64
-
+  version: "3.9"
+  release: "3.9.0"
+  revision: ""
 
 builders:
   - type: "amazon-ebssurrogate"
@@ -29,15 +31,15 @@ builders:
         virtualization-type: "hvm"
         root-device-type: "ebs"
         architecture: "x86_64"
-        name: "amzn-ami-hvm-*-x86_64-gp2"
+        name: "amzn2-ami-hvm-2.0.*-gp2"
       owners:
         - "137112412989"
       most_recent: "true"
 
     ### AMI Build Details
 
-    ami_name: "{{user `ami_name_prefix`}}{{user `alpine_release`}}-r{{user `ami_release`}}{{user `ami_name_suffix`}}"
+    ami_name: "{{user `ami_name_prefix`}}{{user `release`}}{{user `revision`}}-{{user `arch`}}{{user `ami_name_suffix`}}"
-    ami_description: "{{user `ami_desc_prefix`}}{{user `alpine_release`}}-r{{user `ami_release`}}{{user `ami_desc_suffix`}}"
+    ami_description: "{{user `ami_desc_prefix`}}{{user `release`}}{{user `revision`}} {{user `arch`}}{{user `ami_desc_suffix`}}"
     ami_virtualization_type: "hvm"
     ami_root_device:
       source_device_name: "/dev/xvdf"
@@ -59,5 +61,10 @@ provisioners:
   - type: "shell"
     script: "make_ami.sh"
     environment_vars:
-      - "ALPINE_RELEASE={{user `alpine_release`}}"
+      - "VERSION={{user `version`}}"
-    execute_command: 'sudo sh -c "{{ .Vars }} {{ .Path }} ''{{user `add_repos`}}'' ''{{user `add_pkgs`}}'' ''{{user `add_svcs`}}''"'
+      - "RELEASE={{user `release`}}"
+      - "REVISION={{user `revision`}}"
+      - "ADD_REPOS='{{user `add_repos`}}'"
+      - "ADD_PKGS='{{user `add_pkgs`}}'"
+      - "ADD_SVCS='{{user `add_svcs`}}'"
+    execute_command: 'sudo sh -c "{{ .Vars }} {{ .Path }}"'

make_ami.sh

@@ -3,13 +3,16 @@
 
 set -eu
 
-: ${MIN_RELEASE:="3.8"}
+MIN_VERSION="3.9"
-: ${APK_TOOLS_URI:="https://github.com/alpinelinux/apk-tools/releases/download/v2.10.0/apk-tools-2.10.0-x86_64-linux.tar.gz"}
+MIN_RELEASE="3.9.0"
-: ${APK_TOOLS_SHA256:="77f2d256fcd5d6fdafadf43bb6a9c85c3da7bb471ee842dcd729175235cb9fed"}
-: ${ALPINE_KEYS:="http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86_64/alpine-keys-2.1-r1.apk"}
-: ${ALPINE_KEYS_SHA256:="f7832b848cedca482b145011cf516e82392f02a10713875cb09f39c7221c6f17"}
 
-: ${ALPINE_RELEASE:="${MIN_RELEASE}"}   # unless otherwise specified
+: ${VERSION:="${MIN_VERSION}"}   # unless otherwise specified
+: ${RELEASE:="${MIN_RELEASE}"}   # unless otherwise specified
+
+: ${APK_TOOLS_URI:="https://github.com/alpinelinux/apk-tools/releases/download/v2.10.3/apk-tools-2.10.3-x86_64-linux.tar.gz"}
+: ${APK_TOOLS_SHA256:="4d0b2cda606720624589e6171c374ec6d138867e03576d9f518dddde85c33839"}
+: ${ALPINE_KEYS:="http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/alpine-keys-2.1-r1.apk"}
+: ${ALPINE_KEYS_SHA256:="9c7bc5d2e24c36982da7aa49b3cfcb8d13b20f7a03720f25625fa821225f5fbc"}
 
 die() {
     printf '\033[1;31mERROR:\033[0m %s\n' "$@" >&2  # bold red
@@ -78,7 +81,7 @@ setup_repositories() {
 
     mkdir -p "$target"/etc/apk/keys
 
-    if [ "$ALPINE_RELEASE" = 'edge' ]; then
+    if [ "$VERSION" = 'edge' ]; then
         cat > "$target"/etc/apk/repositories <<EOF
 http://dl-cdn.alpinelinux.org/alpine/edge/main
 http://dl-cdn.alpinelinux.org/alpine/edge/community
@@ -86,16 +89,10 @@ http://dl-cdn.alpinelinux.org/alpine/edge/testing
 EOF
     else
         cat > "$target"/etc/apk/repositories <<EOF
-http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_RELEASE/main
+http://dl-cdn.alpinelinux.org/alpine/v$VERSION/main
-http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_RELEASE/community
+http://dl-cdn.alpinelinux.org/alpine/v$VERSION/community
 EOF
     fi
-    # NOTE: until several key packages graduate from edge...
-    cat >> "$target"/etc/apk/repositories <<EOF
-@edge-main http://dl-cdn.alpinelinux.org/alpine/edge/main
-@edge-community http://dl-cdn.alpinelinux.org/alpine/edge/community
-@edge-testing http://dl-cdn.alpinelinux.org/alpine/edge/testing
-EOF
 
     echo "$add_repos" | tr , "\012" >> "$target"/etc/apk/repositories
 }
@@ -109,6 +106,18 @@ fetch_keys() {
     rm -rf "$tmp"
 }
 
+install_base() {
+    local target="$1"
+
+    $apk add --root "$target" --no-cache --initdb alpine-base
+    # verify release matches
+    if [ "$VERSION" != "edge" ]; then
+        ALPINE_RELEASE=$(cat "$target/etc/alpine-release")
+        [ "$RELEASE" = "$ALPINE_RELEASE" ] || \
+            die "Current Alpine $VERSION release ($ALPINE_RELEASE) does not match build ($RELEASE)"
+    fi
+}
+
 setup_chroot() {
     local target="$1"
 
@@ -131,13 +140,13 @@ install_core_packages() {
     # tiny-ec2-bootstrap - to bootstrap system from EC2 metadata
     #
     chroot "$target" apk --no-cache add \
-        linux-virt@edge-main \
+        linux-virt \
         alpine-mirrors \
         nvme-cli \
         chrony \
         openssh \
         sudo \
-        tiny-ec2-bootstrap@edge-main \
+        tiny-ec2-bootstrap \
         tzdata \
         $(echo "$add_pkgs" | tr , ' ')
 
@@ -302,14 +311,14 @@ version_sorted() {
 }
 
 main() {
-    [ "$#" -ne 3 ] && die "Expecting three parameters\nUsage: $0 '[<repo>[,...]]' '[<pkg>[,...]]' '[<lvl>=<svc>[,...][:...]]'"
+    [ "$VERSION" != 'edge' ] && {
-    [ "$ALPINE_RELEASE" != 'edge' ] && {
+        version_sorted $MIN_VERSION $VERSION || die "Minimum Alpine version is '$MIN_RELEASE'"
-        version_sorted $MIN_RELEASE $ALPINE_RELEASE || die "Minimum alpine_release is '$MIN_RELEASE'"
+        version_sorted $MIN_RELEASE $RELEASE || die "Minimum Alpine release is '$MIN_RELEASE'"
     }
 
-    local add_repos="$1"
+    local add_repos="$ADD_REPOS"
-    local add_pkgs="$2"
+    local add_pkgs="$ADD_PKGS"
-    local add_svcs="$3"
+    local add_svcs="$ADD_SVCS"
 
     local device="/dev/xvdf"
     local target="/mnt/target"
@@ -331,7 +340,7 @@ main() {
     fetch_keys "$target"
 
     einfo "Installing base system"
-    $apk add --root "$target" --no-cache --initdb alpine-base
+    install_base "$target"
 
     setup_chroot "$target"
 

variables.yaml-default

@@ -7,7 +7,7 @@ region:
 # automatically determined.
 subnet:
 
-# Optional security group to apply to the builder instance.
+# Optional security group to apply to the builder instance
 security_group:
 
 # By default, public IPs are assigned (or not) per the subnet's configuration.
@@ -18,25 +18,27 @@ public_ip: ""
 
 ### Build Options ###
 
-# Treat similar to a ABUILD pkgrel variable and increment with every release.
+# Uncomment/increment every for every rebuild of an Alpine release;
-ami_release: "2"
+# re-comment/zero for every new Alpine release
+#revision: "-0"
 
 # AMI name prefix and suffix
-ami_name_prefix: "Alpine-"
+ami_name_prefix: "alpine-ami-"
-ami_name_suffix: "-EC2"
+ami_name_suffix: ""
 
 # AMI description prefix and suffix
 ami_desc_prefix: "Alpine Linux "
-ami_desc_suffix: " Release with EC2 Optimizations"
+ami_desc_suffix: ""
 
-# List of custom lines to add to /etc/apk/repositories.  Note that @edge-main,
+# List of custom lines to add to /etc/apk/repositories
-# @edge-community, and @edge-testing repos have been predefined.
 add_repos:
+#  - "@my-repo http://my-repo.tld/path"
 
 # List of additional packages to add to the AMI.
 add_pkgs:
+#  - package-name
 
-# Additional services to start at the specified level.
+# Additional services to start at the specified level
 add_svcs:
 #  boot:
 #    - service1
@@ -54,7 +56,7 @@ encrypt_ami: "false"
 ami_access:
   - "all"
 
-# List of regions to where the AMI should be copied.
+# List of regions to where the AMI should be copied
 deploy_regions:
   - "us-east-1"
   - "us-east-2"