EC2: Add AMI Builder AMI building
Needs ReviewPublic
Actions

Authored by cperciva on Sun, Apr 20, 4:50 PM.

Details

Reviewers

None

Group Reviewers

releng

Summary

Starting in 2015 I have published "AMI Builder AMIs" for FreeBSD/EC2:
These boot into a memory disk, extract a "clean" copy of FreeBSD onto
the root disk, mount it at /mnt, and allow the user to SSH in to make
customizations before creating a new AMI from the "running" instance
(in fact, from the FreeBSD installation which is not running but is
mounted on /mnt).

This provides a much cleaner mechanism for building customized FreeBSD
AMIs than the traditional Linux approach of "launch an EC2 instance,
SSH in and configure it, then try to wipe logs and credentials before
creating an AMI"; and it's easier than building a customized AMI ab
initio by modifying the FreeBSD release-building code.

This commit brings that functionality into the FreeBSD src tree and
into the collection of images built by the release engineering team:
The EC2 "BUILDER" flavour AMI is essentially a "SMALL" flavour AMI with
a compressed "BASE" flavour disk image, plus an init script which
juggles disks around (rerooting into a memory disk and extracting the
"BASE" image onto disk).

MFC after: 1 week
Sponsored by: Amazon

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 63625
Build 60509: arc lint + arc unit

Event Timeline

cperciva created this revision.Sun, Apr 20, 4:50 PM

Herald added subscribers: jrtc27, imp. · View Herald TranscriptSun, Apr 20, 4:50 PM

cperciva requested review of this revision.Sun, Apr 20, 4:50 PM

Harbormaster completed remote builds in B63600: Diff 153966.Sun, Apr 20, 4:50 PM

I don't know if anyone else on re@ has any interest in EC2-specific bits, but I figured I'd post this for a few days in case anyone has a chance to look for spelling mistakes etc.

guest-patmaddox added a subscriber: guest-patmaddox.Sun, Apr 20, 6:06 PM

Have not reviewed in great detail but 👍 to putting this in the tree.

Feel free to ignore any comments; for as much as I understand cross-reading... get it in...

release/tools/ec2-builder.conf
3	Do we add (c) and license to these files?
release/tools/mkami.sh
3	Not needed anymore.
26	SPDX?
43	Can this IPv4-only link-local address get a mention to a documentation somewhere?
release/tools/rc.amibuilder
3	No longer needed.
26	SPDX?
37	kenv vfs.root.mountfrom?
65	Do you still need this?

cperciva added inline comments.Mon, Apr 21, 8:17 PM

release/tools/ec2-builder.conf
3	None of the other `<cloudware>.conf` files have copyright statements. And there's not much in the way of creative content so I'm inclined to just follow existing "this is a configuration file which is presumed to be in the public domain" practice.
release/tools/mkami.sh
43	https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html but sure I'll add a comment.
release/tools/rc.amibuilder
37	Nope, because when we reboot (reroot) into the memory disk `vfs.root.mountfrom` points at the memory disk; we really want to know about the physical disk.
65	I think so? I got errors when I didn't have this here. Even when we don't have anything mounted from that disk, it was partitioned and GEOM wasn't happy about me trying to overwrite it.