Incorporate recent Alpine edge changes
* standardize on 'linux-virt' kernel + no longer need 'kernel_flavor' variable + always install 'aws-ena-driver' package + always enable ena_support * switch to 'variables.yaml' for config + update build/convert script to stringify certain keys that may contain arrays + copy from 'variables.yaml-default' if it doesn't exist * drop 'vpc' variable, using 'subnet' derives the proper VPC to use * fix chrony.conf (all pool.ntp.org references are changed to 169.254.169.123) * update README.md caveats
This commit is contained in:
parent
95b7837c9f
commit
4065c4ebb3
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,5 +1,5 @@
|
|||||||
/build/
|
/build/
|
||||||
/.py3/
|
/.py3/
|
||||||
/variables.json
|
/variables.yaml
|
||||||
/scrub-old-amis.py
|
/scrub-old-amis.py
|
||||||
/gen-readme.py
|
/gen-readme.py
|
||||||
|
10
Makefile
10
Makefile
@ -1,7 +1,9 @@
|
|||||||
.PHONY: ami
|
.PHONY: ami
|
||||||
ami: build/convert
|
ami: build/convert
|
||||||
|
[ -f variables.yaml ] || cp variables.yaml-default variables.yaml
|
||||||
|
build/convert variables.yaml > build/variables.json
|
||||||
build/convert alpine-ami.yaml > build/alpine-ami.json
|
build/convert alpine-ami.yaml > build/alpine-ami.json
|
||||||
packer build -var-file=variables.json build/alpine-ami.json
|
packer build -var-file=build/variables.json build/alpine-ami.json
|
||||||
|
|
||||||
build/convert:
|
build/convert:
|
||||||
[ -d ".py3" ] || python3 -m venv .py3
|
[ -d ".py3" ] || python3 -m venv .py3
|
||||||
@ -14,7 +16,11 @@ build/convert:
|
|||||||
# which only supports JSON
|
# which only supports JSON
|
||||||
@echo "#!`pwd`/.py3/bin/python" > build/convert
|
@echo "#!`pwd`/.py3/bin/python" > build/convert
|
||||||
@echo "import yaml, json, sys" >> build/convert
|
@echo "import yaml, json, sys" >> build/convert
|
||||||
@echo "json.dump(yaml.load(open(sys.argv[1])), sys.stdout, indent=4, separators=(',', ': '))" >> build/convert
|
@echo "y = yaml.load(open(sys.argv[1]))" >> build/convert
|
||||||
|
@echo "for k in ['ami_access','deploy_regions','add_repos','add_pkgs']:" >> build/convert
|
||||||
|
@echo " if k in y and isinstance(y[k], list):" >> build/convert
|
||||||
|
@echo " y[k] = ','.join(str(x) for x in y[k])" >> build/convert
|
||||||
|
@echo "json.dump(y, sys.stdout, indent=4, separators=(',', ': '))" >> build/convert
|
||||||
@chmod +x build/convert
|
@chmod +x build/convert
|
||||||
|
|
||||||
%.py: %.py.in
|
%.py: %.py.in
|
||||||
|
17
README.md
17
README.md
@ -50,16 +50,6 @@ its development and thus there are some sharp edges.
|
|||||||
hardware so it seems unlikely that they will be supported going forward. Thus
|
hardware so it seems unlikely that they will be supported going forward. Thus
|
||||||
this project does not support them.
|
this project does not support them.
|
||||||
|
|
||||||
- The linux-vanilla kernel all the linux-firmware packages it installs is much
|
|
||||||
larger than is necessary for an AMI designed to run on EC2. Unfortunately,
|
|
||||||
the linux-virt kernel is currently missing NVMe support, which is required for
|
|
||||||
the newest generation of instance families.
|
|
||||||
|
|
||||||
- The aws-ena-driver-vanilla package is still in edge/testing, and requires the
|
|
||||||
matching linux-vanilla package from edge/main. When ENA is available in an
|
|
||||||
alpine version release (ideally with a 'virt' kernel flavor), edge/testing
|
|
||||||
and edge/main should no longer be necessary.
|
|
||||||
|
|
||||||
- [cloud-init](https://cloudinit.readthedocs.io/en/latest/) is not currently
|
- [cloud-init](https://cloudinit.readthedocs.io/en/latest/) is not currently
|
||||||
supported on Alpine Linux. Instead this image uses
|
supported on Alpine Linux. Instead this image uses
|
||||||
[tiny-ec2-bootstrap](https://github.com/mcrute/tiny-ec2-bootstrap). Hostname
|
[tiny-ec2-bootstrap](https://github.com/mcrute/tiny-ec2-bootstrap). Hostname
|
||||||
@ -71,6 +61,13 @@ its development and thus there are some sharp edges.
|
|||||||
If full cloud-init support is important to you please file a bug against this
|
If full cloud-init support is important to you please file a bug against this
|
||||||
project.
|
project.
|
||||||
|
|
||||||
|
- Because several key packages in Alpine 3.8 are missing or lacking features,
|
||||||
|
we currently need to install some packages from edge. We expect that these
|
||||||
|
will be included in Alpine 3.9, or perhaps as a 3.8.x update.
|
||||||
|
- linux-virt @edge-main (includes necessary NVMe drivers)
|
||||||
|
- aws-ena-driver @edge-testing (installs 'virt' flavored subpackage)
|
||||||
|
- tiny-ec2-bootstrap @edge-main (updated to v1.2.0)
|
||||||
|
|
||||||
- CloudFormation support is still forthcoming. This requires patches and
|
- CloudFormation support is still forthcoming. This requires patches and
|
||||||
packaging for the upstream cfn tools that have not yet been accepted.
|
packaging for the upstream cfn tools that have not yet been accepted.
|
||||||
Eventually full CloudFormation support will be available.
|
Eventually full CloudFormation support will be available.
|
||||||
|
@ -1,8 +1,7 @@
|
|||||||
variables:
|
variables:
|
||||||
|
|
||||||
# NOTE: Configuration is done with a `variables.json` file.
|
# NOTE: Configuration is done with a `variables.yaml` file. If it doesn't
|
||||||
# To use default values, simply `cp variables.json-default variables.json`.
|
# exist, default configuration is copied from `variables.yaml-default`.
|
||||||
# See `variables.json-example` for full configuration variable descriptions.
|
|
||||||
|
|
||||||
# NOTE: Changing alpine_release requires modifying `make_ami.sh` -- don't
|
# NOTE: Changing alpine_release requires modifying `make_ami.sh` -- don't
|
||||||
# override this in `variables.json`!
|
# override this in `variables.json`!
|
||||||
@ -14,7 +13,6 @@ builders:
|
|||||||
|
|
||||||
### Builder Instance Details
|
### Builder Instance Details
|
||||||
|
|
||||||
vpc_id: "{{user `vpc`}}"
|
|
||||||
subnet_id: "{{user `subnet`}}"
|
subnet_id: "{{user `subnet`}}"
|
||||||
security_group_id: "{{user `security_group`}}"
|
security_group_id: "{{user `security_group`}}"
|
||||||
instance_type: "t3.nano"
|
instance_type: "t3.nano"
|
||||||
@ -36,7 +34,7 @@ builders:
|
|||||||
- "137112412989"
|
- "137112412989"
|
||||||
most_recent: "true"
|
most_recent: "true"
|
||||||
|
|
||||||
### Built AMI Details
|
### AMI Build Details
|
||||||
|
|
||||||
ami_name: "{{user `ami_name_prefix`}}{{user `alpine_release`}}-r{{user `ami_release`}}{{user `ami_name_suffix`}}"
|
ami_name: "{{user `ami_name_prefix`}}{{user `alpine_release`}}-r{{user `ami_release`}}{{user `ami_name_suffix`}}"
|
||||||
ami_description: "{{user `ami_desc_prefix`}}{{user `alpine_release`}}-r{{user `ami_release`}}{{user `ami_desc_suffix`}}"
|
ami_description: "{{user `ami_desc_prefix`}}{{user `alpine_release`}}-r{{user `ami_release`}}{{user `ami_desc_suffix`}}"
|
||||||
@ -48,7 +46,7 @@ builders:
|
|||||||
volume_size: "{{user `volume_size`}}"
|
volume_size: "{{user `volume_size`}}"
|
||||||
volume_type: "gp2"
|
volume_type: "gp2"
|
||||||
encrypt_boot: "{{user `encrypt_ami`}}"
|
encrypt_boot: "{{user `encrypt_ami`}}"
|
||||||
ena_support: "{{user `ena_enable`}}"
|
ena_support: "true"
|
||||||
sriov_support: "true"
|
sriov_support: "true"
|
||||||
ami_groups: "{{user `ami_access`}}"
|
ami_groups: "{{user `ami_access`}}"
|
||||||
ami_regions: "{{user `deploy_regions`}}"
|
ami_regions: "{{user `deploy_regions`}}"
|
||||||
@ -57,4 +55,4 @@ builders:
|
|||||||
provisioners:
|
provisioners:
|
||||||
- type: "shell"
|
- type: "shell"
|
||||||
script: "make_ami.sh"
|
script: "make_ami.sh"
|
||||||
execute_command: 'sudo sh -c "{{ .Vars }} {{ .Path }} {{user `kernel_flavor`}} ''{{user `add_repos`}}'' ''{{user `add_pkgs`}}''"'
|
execute_command: 'sudo sh -c "{{ .Vars }} {{ .Path }} ''{{user `add_repos`}}'' ''{{user `add_pkgs`}}''"'
|
||||||
|
24
make_ami.sh
24
make_ami.sh
@ -108,8 +108,7 @@ setup_chroot() {
|
|||||||
|
|
||||||
install_core_packages() {
|
install_core_packages() {
|
||||||
local target="$1" # target directory
|
local target="$1" # target directory
|
||||||
local flavor="$2" # kernel flavor
|
local add_pkgs="$2" # extra packages, space separated
|
||||||
local add_pkgs="$3" # extra packages, space separated
|
|
||||||
|
|
||||||
# Most from: https://git.alpinelinux.org/cgit/alpine-iso/tree/alpine-virt.packages
|
# Most from: https://git.alpinelinux.org/cgit/alpine-iso/tree/alpine-virt.packages
|
||||||
#
|
#
|
||||||
@ -117,15 +116,15 @@ install_core_packages() {
|
|||||||
# tiny-ec2-bootstrap - to bootstrap system from EC2 metadata
|
# tiny-ec2-bootstrap - to bootstrap system from EC2 metadata
|
||||||
#
|
#
|
||||||
chroot "$target" apk --no-cache add \
|
chroot "$target" apk --no-cache add \
|
||||||
linux-"$flavor" \
|
linux-virt@edge-main \
|
||||||
|
aws-ena-driver@edge-testing \
|
||||||
alpine-mirrors \
|
alpine-mirrors \
|
||||||
chrony \
|
chrony \
|
||||||
e2fsprogs \
|
|
||||||
openssh \
|
openssh \
|
||||||
sudo \
|
sudo \
|
||||||
tiny-ec2-bootstrap \
|
tiny-ec2-bootstrap@edge-main \
|
||||||
tzdata \
|
tzdata \
|
||||||
$add_pkgs
|
$(echo "$add_pkgs" | tr , ' ')
|
||||||
|
|
||||||
chroot "$target" apk --no-cache add --no-scripts syslinux
|
chroot "$target" apk --no-cache add --no-scripts syslinux
|
||||||
|
|
||||||
@ -244,7 +243,9 @@ configure_ntp() {
|
|||||||
# in EC2.
|
# in EC2.
|
||||||
#
|
#
|
||||||
# See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html
|
# See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html
|
||||||
sed -i 's/^pool .*/server 169.254.169.123 iburst/' "$target"/etc/chrony/chrony.conf
|
sed -e 's/^pool /server /' \
|
||||||
|
-e 's/pool.ntp.org/169.254.169.123/g' \
|
||||||
|
-i "$target"/etc/chrony/chrony.conf
|
||||||
}
|
}
|
||||||
|
|
||||||
cleanup() {
|
cleanup() {
|
||||||
@ -267,11 +268,10 @@ cleanup() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
[ "$#" -ne 3 ] && { echo "usage: $0 <kernel-flavor> '<repo>[,<repo>]' '<pkg>[ <pkg>]'"; exit 1; }
|
[ "$#" -ne 2 ] && { echo "usage: $0 '<repo>[,<repo>]' '<pkg>[,<pkg>]'"; exit 1; }
|
||||||
|
|
||||||
local flavor="$1"
|
local add_repos="$1"
|
||||||
local add_repos="$2"
|
local add_pkgs="$2"
|
||||||
local add_pkgs="$3"
|
|
||||||
|
|
||||||
local device="/dev/xvdf"
|
local device="/dev/xvdf"
|
||||||
local target="/mnt/target"
|
local target="/mnt/target"
|
||||||
@ -297,7 +297,7 @@ main() {
|
|||||||
setup_chroot "$target"
|
setup_chroot "$target"
|
||||||
|
|
||||||
einfo "Installing core packages"
|
einfo "Installing core packages"
|
||||||
install_core_packages "$target" "$flavor" "$add_pkgs"
|
install_core_packages "$target" "$add_pkgs"
|
||||||
|
|
||||||
einfo "Configuring and enabling boot loader"
|
einfo "Configuring and enabling boot loader"
|
||||||
create_initfs "$target"
|
create_initfs "$target"
|
||||||
|
@ -1,20 +0,0 @@
|
|||||||
{
|
|
||||||
"ami_release": "1",
|
|
||||||
"ami_name_prefix": "Alpine-",
|
|
||||||
"ami_name_suffix": "-EC2",
|
|
||||||
"ami_desc_prefix": "Alpine Linux ",
|
|
||||||
"ami_desc_suffix": " Release with EC2 Optimizations",
|
|
||||||
"kernel_flavor": "vanilla@edge-main",
|
|
||||||
"add_repos": "",
|
|
||||||
"add_pkgs": "aws-ena-driver-vanilla@edge-testing",
|
|
||||||
"ena_enable": "true",
|
|
||||||
"volume_size": "1",
|
|
||||||
"encrypt_ami": "false",
|
|
||||||
"ami_access": "all",
|
|
||||||
"deploy_regions": "us-east-1,us-east-2,us-west-1,us-west-2,ca-central-1,eu-central-1,eu-west-1,eu-west-2,eu-west-3,ap-northeast-1,ap-northeast-2,ap-southeast-1,ap-southeast-2,ap-south-1,sa-east-1",
|
|
||||||
|
|
||||||
"vpc": "",
|
|
||||||
"subnet": "",
|
|
||||||
"security_group": "",
|
|
||||||
"public_ip": "false"
|
|
||||||
}
|
|
@ -1,74 +0,0 @@
|
|||||||
# *** NOTE: This is file not valid JSON! ***
|
|
||||||
|
|
||||||
{
|
|
||||||
### Build Options ###
|
|
||||||
|
|
||||||
# Treat similar to a ABUILD pkgrel variable and increment with every release.
|
|
||||||
"ami_release": "1",
|
|
||||||
|
|
||||||
# AMI name prefix and suffix
|
|
||||||
"ami_name_prefix": "Alpine-",
|
|
||||||
"ami_name_suffix": "-EC2",
|
|
||||||
|
|
||||||
# AMI description prefix and suffix
|
|
||||||
"ami_desc_prefix": "Alpine Linux ",
|
|
||||||
"ami_desc_suffix": " Release with EC2 Optimizations",
|
|
||||||
|
|
||||||
# Kernel "flavor" to install.
|
|
||||||
#
|
|
||||||
# 'virt' is the slim choice, but doesn't currently include NVMe support and
|
|
||||||
# there is no matching 'aws-ena-driver' package. When these features are
|
|
||||||
# available, this kernel flavor will be the default (if not hardcoded).
|
|
||||||
#
|
|
||||||
# 'vanilla' installs a lot of unneeded stuff (for an AMI), but does support
|
|
||||||
# NVMe; however, there is no matching ENA driver in the main repo. In order
|
|
||||||
# to support NVMe and ENA, we need to use 'vanilla@edge-main', which matches
|
|
||||||
# the 'aws-ena-driver@edge-testing' package.
|
|
||||||
#
|
|
||||||
"kernel_flavor": "vanilla@edge-main",
|
|
||||||
|
|
||||||
# Comma separated list of custom lines to add to /etc/apk/repositories.
|
|
||||||
# @edge-main, @edge-community, and @edge-testing repos have been predefined.
|
|
||||||
"add_repos": "",
|
|
||||||
|
|
||||||
# Space separated list of additional packages to add to the AMI.
|
|
||||||
# aws-ena-driver-vanilla - ENA driver (until we have a 'virt' flavor)
|
|
||||||
"add_pkgs": "aws-ena-driver-vanilla@edge-testing",
|
|
||||||
|
|
||||||
# Enable ENA support on the AMI.
|
|
||||||
# When ENA is available for the 'virt' kernel, this will always be on.
|
|
||||||
"ena_enable": "true",
|
|
||||||
|
|
||||||
# Size of the AMI image (in GiB).
|
|
||||||
"volume_size": "1",
|
|
||||||
|
|
||||||
# Encrypt the AMI?
|
|
||||||
"encrypt_ami": "false",
|
|
||||||
|
|
||||||
# Comma separated list of groups that should have access to the AMI. However,
|
|
||||||
# only two values are currently supported: 'all' for public, '' for private.
|
|
||||||
"ami_access": "all",
|
|
||||||
|
|
||||||
# Comma separated list of regions to where the AMI should be copied.
|
|
||||||
# NOTE: ap-northeast-3 skipped, as it is available by subscription-only.
|
|
||||||
"deploy_regions": "us-east-1,us-east-2,us-west-1,us-west-2,ca-central-1,eu-central-1,eu-west-1,eu-west-2,eu-west-3,ap-northeast-1,ap-northeast-2,ap-southeast-1,ap-southeast-2,ap-south-1,sa-east-1",
|
|
||||||
|
|
||||||
|
|
||||||
### Builder-Instance Options ###
|
|
||||||
|
|
||||||
# VPC in which the builder instance is to be launched; you must also provide
|
|
||||||
# a subnet.
|
|
||||||
"vpc": "",
|
|
||||||
|
|
||||||
# Subnet in which the builder instance is to be launched.
|
|
||||||
"subnet": "",
|
|
||||||
|
|
||||||
# Security group to apply to the builder instance.
|
|
||||||
"security_group": "",
|
|
||||||
|
|
||||||
# Assign a public IP to the builder instance. Set to 'true' for if you need
|
|
||||||
# to initiate the build from somewhere that wouldn't normally be able to
|
|
||||||
# access the builder instance's private network.
|
|
||||||
"public_ip": "false"
|
|
||||||
|
|
||||||
}
|
|
64
variables.yaml-default
Normal file
64
variables.yaml-default
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
### Builder-Instance Options ###
|
||||||
|
|
||||||
|
# Subnet ID in which the builder instance is to be launched. VPC will be
|
||||||
|
# automatically determined.
|
||||||
|
subnet:
|
||||||
|
|
||||||
|
# Optional security group to apply to the builder instance.
|
||||||
|
security_group:
|
||||||
|
|
||||||
|
# Assign a public IP to the builder instance. Set to "true" for if you need
|
||||||
|
# to initiate the build from somewhere that wouldn't normally be able to access
|
||||||
|
# the builder instance's private network and a private IP is not auto-assigned.
|
||||||
|
public_ip: "false"
|
||||||
|
|
||||||
|
|
||||||
|
### Build Options ###
|
||||||
|
|
||||||
|
# Treat similar to a ABUILD pkgrel variable and increment with every release.
|
||||||
|
ami_release: "1"
|
||||||
|
|
||||||
|
# AMI name prefix and suffix
|
||||||
|
ami_name_prefix: "Alpine-"
|
||||||
|
ami_name_suffix: "-EC2"
|
||||||
|
|
||||||
|
# AMI description prefix and suffix
|
||||||
|
ami_desc_prefix: "Alpine Linux "
|
||||||
|
ami_desc_suffix: " Release with EC2 Optimizations"
|
||||||
|
|
||||||
|
# List of custom lines to add to /etc/apk/repositories. Note that @edge-main,
|
||||||
|
# @edge-community, and @edge-testing repos have been predefined.
|
||||||
|
add_repos:
|
||||||
|
|
||||||
|
# List of additional packages to add to the AMI.
|
||||||
|
add_pkgs:
|
||||||
|
|
||||||
|
# Size of the AMI image (in GiB).
|
||||||
|
volume_size: "1"
|
||||||
|
|
||||||
|
# Encrypt the AMI?
|
||||||
|
encrypt_ami: "false"
|
||||||
|
|
||||||
|
# List of groups that should have access to the AMI. However, only two
|
||||||
|
# values are currently supported: 'all' for public, '' or unset for private.
|
||||||
|
ami_access:
|
||||||
|
- "all"
|
||||||
|
|
||||||
|
# List of regions to where the AMI should be copied.
|
||||||
|
deploy_regions:
|
||||||
|
- "us-east-1"
|
||||||
|
- "us-east-2"
|
||||||
|
- "us-west-1"
|
||||||
|
- "us-west-2"
|
||||||
|
- "ca-central-1"
|
||||||
|
- "eu-central-1"
|
||||||
|
- "eu-west-1"
|
||||||
|
- "eu-west-2"
|
||||||
|
- "eu-west-3"
|
||||||
|
- "ap-northeast-1"
|
||||||
|
- "ap-northeast-2"
|
||||||
|
# - "ap-northeast-3" # skipped, available by subscription only
|
||||||
|
- "ap-southeast-1"
|
||||||
|
- "ap-southeast-2"
|
||||||
|
- "ap-south-1"
|
||||||
|
- "sa-east-1"
|
Loading…
Reference in New Issue
Block a user