* switch 3.12 back to tiny-ec2-bootstrap (tiny-cloud requires ifupdown-ng)
* restrict cloud-init to 3.15+
* pad UEFI firmware so QEMU works with aarch64 again
* kinda fix motd release_notes (more to do yet)
* switch to tiny-cloud instead of tiny-ec2-bootstrap
* set default NTP server, if configured
* add default /etc/network/interfaces
* add urlopen() timeout to mitigate ipv6 issues connecting to alpinelinux.org
* continue to use provided 'release' value if specified
* continue to use 'edge' for edge versions
* deduce 'release' value from the version on the alpine-base APK in https://dl-cdn.alpinelinux.org/alpine/v<version/main/<arch>/
* update test profile with 3.13
3.13.0 release
* add version 3.13 profile
* 3.13 end-of-life is 2022-11-01
* note we're an official Alpine project now!
* releases/alpine.yaml has been "--trim release"'d
* updated releases/README.md
scripts/builder.py
* fix ReleaseReadme() to not die when release contains "_rc"
* add --trim to releases-yaml
* tweak some --help for release-yaml and prune
scripts/setup-ami
* explicitly lock AMI root account
Subcommands
* merge 'resolve-profiles' and 'make-amis' into 'amis'
* rename 'update-releases' to 'release-yaml'
* rename 'gen-release-readme' to 'release-readme'
* rename 'prune-amis' to 'prune'
* reorder to match the usual workflow
* use argparse mutually-exclusive group where appropriate
* use argparse 'metavar' and 'nargs' for more salient help
release
* can now specify multiple AMIs on command line
* add explicit '--private' argument
* if no '--private', '--public', or '--allow-account' is specified, default to propagate the source AMI's permissions to its copies
* move 'iter_regions' and 'get*image' methods out of ReleaseAMIs class because they're also used elsewhere
* 'update_image_permissions' resets perms before adding new perms
* pending_copy loop, reports on everything in progress, waits 3m before reporting on everything again, and then waits 30s between reports
* pending_copy also notes when a copy has completed (and only queues for pending_perms if they need adjustment)
Releases class
* used by release-yaml and prune subcommands
* caches region client objects for later use (by prune)
* loads images from region - either from a profile or "unknown" (no profile tag)
* builds the releases object - now structured release -> build (instead of build -> release)
ReleasesReadme
* works with new releases object format
* improve sorting and selection of latest per version per-build AMIs
* empty cell if a region doesn't happen to have a build AMI there
PruneAMIs
* rename 'version' level to 'end-of-life'
* add 'UNKNOWN' pruning level
* works, even if you don't want to --use-broker
* --keep N - keeps an additional N AMIs that would otherwise have been purged per build
* --defer-eol DAYS - give EOL AMIs a grace period past their official EOL date
* no AMI deletion happens unless --no-pretend arg is provided
* improve pruning criteria scan and candidate selection
Co-authored-by: Jake Buchholz <jake@jakesys.net>
scripts/builder.py...
GenReleaseReadme:
* combine with ReleaseReadmeUpdater
* generates README_<profile>.md
* README_alpine.md is a symlink to README.md
* don't crash when README doesn't preexist
* append image list to README if no list found to replace
MakeAMIs:
* collect all artifact IDs and report after all builds
* don't update releases/readme
PruneAMIs:
* defaults to pretend mode, unless --no-pretend
* improve readability
UpdateReleases:
* replace code with what was RefreshReleases
* Add refresh-releases subcommand, etc.
* builder.py
+ gen-release-readme
- convert `build_time` to int
+ release
- add `source_region` to copied AMI tags
- check source AMI's permissions, queue for fixing, if necessary
+ refresh-releases
- update releases/<profile>.yaml based on AMIs that exist in regions
+ explicitly call out `python-dateutil` dependency and `pip install` it into the venv
* Release Alpine 3.12.2 & today's edge
* make it easier to switch between bootloaders
* experimental (non-working) EFI_STUB bootloader
* remove apk_tools & alpine_keys from profiles
* determine & install appropriate apk_toosl & alpine_keys in setup-ami based on version and arch.
release alpine-ami-3.12.1-aarch64-r1
Also...
* release new edge builds
* Alpine 3.9 is EOL
* build_instance_type set in profiles/arch/
* a couple comment fixes
Include the other interface configs from /etc/network/interfaces.d/ after lo
and existing eth*, as was initially intended.
Also separate out the assembly code into its own script, as this is done both
on boot via eth-eni-setup and on hotplug events by etc-eni-hotplug.
Resolves#91
* eth-eni-setup init script
before networking starts up, makes sure eth interfaces match attached ENIs
also fixes a permissions problem with eth-eni-hotplug mdev config
* fix aarch64 build
ENI Hotplug / udhcpc script
* works with all Alpine versions back to 3.9
* udhcpc handles ENI's primary IPv4
* post-bound/post-renews eth-eni-hook handles secondary IPv4 & IPv6 addresses, route tables, and rules
setup-ami tweaks
* move scripts to be installed into setup-ami.d/
* move config snippets into setup-ami.d/etc/ (previously embedded in setup-ami)
Profiles can specify 'setup_script' to do additional things. If additional files/dirs are required, a 'setup_copy' map will copy them to the build instance so that 'setup_script' can use/install them.
TBD: docs.
There is an increasing need to share components among the various
commands, especially with the introduction of the identity broker API.
Rather than trying to assemble an importable python library of code for
the build process I think we can just combine everything into one file
and use argparse sub-commands to integrate them into a set of
individually callable scripts. This change does that integration.
This is paving the way for identity broker improvements for opt-in
regions. Eventually we'll need to hook some region logic into these
scripts so having them written in python will be helpful.
This is paving the way for identity broker improvements for opt-in
regions. The output is functionally identical between the two scripts
modulo the svcs change. Hopefully this makes the transformation process
a little more clear.
* sh doesn't allow nesting of prefix strip
* also update some minor test profile bits
* new AMI revisions (fixed nvme)
* edge AMI release should remain a timestamp