support modification of default AMI user
This commit is contained in:
parent
d593de3833
commit
2b76c6ebf6
@ -90,6 +90,7 @@ provisioners = [
|
|||||||
"KERNEL_MODS={{user `kernel_modules`}}"
|
"KERNEL_MODS={{user `kernel_modules`}}"
|
||||||
"KERNEL_OPTS={{user `kernel_options`}}"
|
"KERNEL_OPTS={{user `kernel_options`}}"
|
||||||
"INITFS_FEATURES={{user `initfs_features`}}"
|
"INITFS_FEATURES={{user `initfs_features`}}"
|
||||||
|
"EC2_USER={{user `ami_user`}}"
|
||||||
]
|
]
|
||||||
use_env_var_file = "true"
|
use_env_var_file = "true"
|
||||||
execute_command = "sudo sh -c '. {{.EnvVarFile}} && {{.Path}}'"
|
execute_command = "sudo sh -c '. {{.EnvVarFile}} && {{.Path}}'"
|
||||||
|
@ -34,7 +34,7 @@ ami_desc_prefix = "Alpine Linux "
|
|||||||
ami_desc_suffix = ""
|
ami_desc_suffix = ""
|
||||||
ami_volume_size = "1"
|
ami_volume_size = "1"
|
||||||
ami_encrypt = "false"
|
ami_encrypt = "false"
|
||||||
ami_user = "alpine" # modification currently not supported
|
ami_user = "alpine"
|
||||||
|
|
||||||
# NOTE: the following are python format strings, resolved in resolve-profile.py
|
# NOTE: the following are python format strings, resolved in resolve-profile.py
|
||||||
ami_name = "{var.ami_name_prefix}{var.release}-{var.arch}-{var.revision}{var.ami_name_suffix}"
|
ami_name = "{var.ami_name_prefix}{var.release}-{var.arch}-{var.revision}{var.ami_name_suffix}"
|
||||||
@ -95,9 +95,18 @@ kernel_options {
|
|||||||
"console=ttyS0,115200n8" = true
|
"console=ttyS0,115200n8" = true
|
||||||
"nvme_core.io_timeout=4294967295" = true
|
"nvme_core.io_timeout=4294967295" = true
|
||||||
}
|
}
|
||||||
# NOTE: nvme and ena are critical for i3, a1, m6g, and anything in the 5 series
|
# NOTE: nvme and ena are critical for i3, a1, m6g, and anything in the 5
|
||||||
# forward. Without them these instances will not boot.
|
# series forward. Without them these instances will not boot.
|
||||||
initfs_features {
|
initfs_features {
|
||||||
nvme = true
|
nvme = true
|
||||||
ena = true
|
ena = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Local path to additional setup script, runs before setup-ami cleanup.
|
||||||
|
setup_script = null
|
||||||
|
|
||||||
|
# Files/directories to copy to /tmp/setup-ami.d/ on build instance for
|
||||||
|
# setup-script to use. Map key is the copy target in the build instance
|
||||||
|
# /tmp/setup-ami.d/ directory, map value is local file/directory path.
|
||||||
|
# Nothing copied ends up in the AMI unless `setup_script` does it.
|
||||||
|
setup_copy = null
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
### Profile for Testing Builds
|
### Profile for Testing Builds
|
||||||
# vim: ts=2 et:
|
# vim: ts=2 et:
|
||||||
|
|
||||||
|
version-3_12 { include required("version/3.12") }
|
||||||
version-3_11 { include required("version/3.11") }
|
version-3_11 { include required("version/3.11") }
|
||||||
version-3_10 { include required("version/3.10") }
|
version-3_10 { include required("version/3.10") }
|
||||||
version-3_9 { include required("version/3.9") }
|
version-3_9 { include required("version/3.9") }
|
||||||
@ -12,20 +13,18 @@ arch-aarch64 { include required("arch/aarch64") }
|
|||||||
test {
|
test {
|
||||||
ami_name_prefix = "test-"
|
ami_name_prefix = "test-"
|
||||||
ami_desc_prefix = "Alpine Test "
|
ami_desc_prefix = "Alpine Test "
|
||||||
|
ami_user = "test"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Build definitions
|
# Build definitions
|
||||||
BUILDS {
|
BUILDS {
|
||||||
# merge version, arch, profile, and build vars
|
# merge version, arch, profile, and build vars
|
||||||
v3_11-x86_64 = ${version-3_11} ${arch-x86_64} ${test}
|
v3_12-x86_64 = ${version-3_12} ${arch-x86_64} ${test} { revision = "r0" }
|
||||||
v3_10-x86_64 = ${version-3_10} ${arch-x86_64} ${test}
|
v3_11-x86_64 = ${version-3_11} ${arch-x86_64} ${test} { revision = "r0" }
|
||||||
v3_9-x86_64 = ${version-3_9} ${arch-x86_64} ${test}
|
v3_10-x86_64 = ${version-3_10} ${arch-x86_64} ${test} { revision = "r0" }
|
||||||
|
v3_9-x86_64 = ${version-3_9} ${arch-x86_64} ${test} { revision = "r0" }
|
||||||
edge-x86_64 = ${version-edge} ${arch-x86_64} ${test}
|
edge-x86_64 = ${version-edge} ${arch-x86_64} ${test}
|
||||||
|
|
||||||
# aarch64 AMI builds are under development
|
v3_12-aarch64 = ${version-3_12} ${arch-aarch64} ${test} { revision = "r0" }
|
||||||
edge-aarch64 = ${version-edge} ${arch-aarch64} ${test}
|
edge-aarch64 = ${version-edge} ${arch-aarch64} ${test}
|
||||||
#edge-aarch64 = ${version-edge} ${arch-aarch64} ${test} {
|
|
||||||
# other us-west-2 subnet doesn't do a1.* instances
|
|
||||||
# build_subnet = "subnet-08dfc622745f7d96a"
|
|
||||||
#}
|
|
||||||
}
|
}
|
||||||
|
@ -7,7 +7,7 @@ include required("../base/1")
|
|||||||
# set version-specific vars
|
# set version-specific vars
|
||||||
version = "3.12"
|
version = "3.12"
|
||||||
release = "3.12.0"
|
release = "3.12.0"
|
||||||
end_of_life = "2022-06-01"
|
end_of_life = "2022-05-01"
|
||||||
repos {
|
repos {
|
||||||
"http://dl-cdn.alpinelinux.org/alpine/v3.12/main" = true
|
"http://dl-cdn.alpinelinux.org/alpine/v3.12/main" = true
|
||||||
"http://dl-cdn.alpinelinux.org/alpine/v3.12/community" = true
|
"http://dl-cdn.alpinelinux.org/alpine/v3.12/community" = true
|
||||||
|
@ -534,11 +534,11 @@ class ConfigBuilder:
|
|||||||
self.rel_symlink("scripts/nvme-ebs-links", setup_dir, "nvme-ebs-links")
|
self.rel_symlink("scripts/nvme-ebs-links", setup_dir, "nvme-ebs-links")
|
||||||
|
|
||||||
# symlink additional setup_script
|
# symlink additional setup_script
|
||||||
if "setup_script" in cfg.keys():
|
if "setup_script" in cfg.keys() and cfg["setup_script"] is not None:
|
||||||
self.rel_symlink(cfg["setup_script"], setup_dir, "setup_script")
|
self.rel_symlink(cfg["setup_script"], setup_dir, "setup_script")
|
||||||
del cfg["setup_script"]
|
del cfg["setup_script"]
|
||||||
|
|
||||||
if "setup_copy" in cfg.keys():
|
if "setup_copy" in cfg.keys() and cfg["setup_copy"] is not None:
|
||||||
for dst, src in cfg["setup_copy"].items():
|
for dst, src in cfg["setup_copy"].items():
|
||||||
self.rel_symlink(src, setup_dir, dst)
|
self.rel_symlink(src, setup_dir, dst)
|
||||||
del cfg["setup_copy"]
|
del cfg["setup_copy"]
|
||||||
|
@ -256,8 +256,6 @@ enable_services() {
|
|||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO: allow profile to specify alternate ALPINE_USER?
|
|
||||||
# NOTE: tiny-ec2-bootstrap will need to be updated to support that!
|
|
||||||
create_alpine_user() {
|
create_alpine_user() {
|
||||||
# Allow members of the wheel group to sudo without a password. By default
|
# Allow members of the wheel group to sudo without a password. By default
|
||||||
# this will only be the alpine user. This allows us to ship an AMI that is
|
# this will only be the alpine user. This allows us to ship an AMI that is
|
||||||
@ -269,12 +267,17 @@ create_alpine_user() {
|
|||||||
# There is no real standard ec2 username across AMIs, Amazon uses ec2-user
|
# There is no real standard ec2 username across AMIs, Amazon uses ec2-user
|
||||||
# for their Amazon Linux AMIs but Ubuntu uses ubuntu, Fedora uses fedora,
|
# for their Amazon Linux AMIs but Ubuntu uses ubuntu, Fedora uses fedora,
|
||||||
# etc... (see: https://alestic.com/2014/01/ec2-ssh-username/). So our user
|
# etc... (see: https://alestic.com/2014/01/ec2-ssh-username/). So our user
|
||||||
# and group are alpine because this is Alpine Linux. On instance bootstrap
|
# and group, by default, are alpine because this is Alpine Linux.
|
||||||
# the user can create whatever users they want and delete this one.
|
user="${EC2_USER:-alpine}"
|
||||||
chroot "$TARGET" /usr/sbin/addgroup alpine
|
chroot "$TARGET" /usr/sbin/addgroup "$user"
|
||||||
chroot "$TARGET" /usr/sbin/adduser -h /home/alpine -s /bin/sh -G alpine -D alpine
|
chroot "$TARGET" /usr/sbin/adduser -h "/home/$user" -s /bin/sh -G "$user" -D "$user"
|
||||||
chroot "$TARGET" /usr/sbin/addgroup alpine wheel
|
chroot "$TARGET" /usr/sbin/addgroup "$user" wheel
|
||||||
chroot "$TARGET" /usr/bin/passwd -u alpine
|
chroot "$TARGET" /usr/bin/passwd -u "$user"
|
||||||
|
|
||||||
|
# Let tiny-ec2-bootstrap know what the EC2 user of the AMI is
|
||||||
|
cat > "$TARGET/etc/conf.d/tiny-ec2-bootstrap" <<EOF
|
||||||
|
EC2_USER="$user"
|
||||||
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
configure_ntp() {
|
configure_ntp() {
|
||||||
|
Loading…
Reference in New Issue
Block a user