* switch to alpine v3.8

* add public_ip variable, setting to 'true' allows packer to build from outside AWS * use smallest instance_type (t2.nano) and volume_size (1 GiB) * eu-west-3 region is live; ap-northeast-3 requires subscription * no longer need setup_staging_repos function... + tiny-ec2-bootstrap is available in main since v3.8 + aws-ena-driver-vanilla is only available in edge/testing * switched to linux-vanilla since linux-hardened is no longer available and linux-virt does not have NVME available + TODO? make kernel choice selectable (significant memory/disk savings linux-virt can be used)
author: Jake Buchholz <tomalok@gmail.com> 2018-07-28 18:28:29 -0700
committer: Mike Crute <mike@crute.us> 2018-07-30 07:59:39 -0700
commit: 836d9a3e7ef0b664f2b33fc65bb5315b901dfe2e (patch)
tree: 07d0cb926f0b4932370e08f0c15eb52e6f6836f3
parent: 27bcd4a05e0ce1bc28886452355121501310df8f (diff)
download: alpine-ec2-ami-836d9a3e7ef0b664f2b33fc65bb5315b901dfe2e.tar.bz2
alpine-ec2-ami-836d9a3e7ef0b664f2b33fc65bb5315b901dfe2e.tar.xz
alpine-ec2-ami-836d9a3e7ef0b664f2b33fc65bb5315b901dfe2e.zip
3 files changed, 25 insertions, 49 deletions
diff --git a/README.md b/README.md
index e00891b..5740f5c 100644
--- a/README.md
+++ b/README.md
@@ -50,11 +50,9 @@ its development and thus there are some sharp edges.
  hardware so it seems unlikely that they will be supported going forward. Thus
  this project does not support them.
- Not all packages required have been merged into the upstream aports tree.
+- The aws-ena-driver-vanilla package is still in edge/testing.  When it is
-  When they are they will still only be available on edge. Until then the image
+  available in a release, the edge/testing repository can be removed from
-  sources a few packages from a testing repo managed by the owner of this
+  /etc/apk/repositories.
-  repository. The builds in this repository should be identical to what is
-  eventually merged into the official tree.
 - [cloud-init](https://cloudinit.readthedocs.io/en/latest/) is not currently
  supported on Alpine Linux. Instead this image uses
diff --git a/alpine-ami.yaml b/alpine-ami.yaml
index 9cf221e..af97e49 100644
--- a/alpine-ami.yaml
+++ b/alpine-ami.yaml
@@ -1,17 +1,18 @@
 variables:
  security_group: ""
  subnet: ""
+  public_ip: "false"
  # Treat this similar to a ABUILD pkgrel variable and increment with every
  # release. Packer will notice an exiting AMI at build start and fail unless
  # it is rmoved. To prevent a period of time where no Alpine AMI exists,
  # create a new variant. Old AMIs should be pruned at some point.
-  ami_release: "2"
+  ami_release: "0"
  # Overriding this requires validating that the installation script still
  # works as expected. It probably does but stuff changes between major
  # version.
-  alpine_release: "3.7"
+  alpine_release: "3.8"
  # Don't override this without a good reason and if you do just make sure it
  # gets passed all the way through to the make_ami script
@@ -26,17 +27,18 @@ builders:
    subnet_id: "{{user `subnet`}}"
    # Input Instance Setting
-    instance_type: "t2.micro"
+    instance_type: "t2.nano"
    launch_block_device_mappings:
      - volume_type: "gp2"
        device_name: "{{user `volume_name`}}"
        delete_on_termination: true
-        volume_size: 5
+        volume_size: 1
+    associate_public_ip_address: "{{user `public_ip`}}"
    # Output AMI Settings
    ena_support: true
-    ami_name: "Alpine-{{user `alpine_release`}}-r{{user `ami_release`}}-Hardened-EC2"
+    ami_name: "Alpine-{{user `alpine_release`}}-r{{user `ami_release`}}-EC2"
-    ami_description: "Alpine Linux {{user `alpine_release`}}-r{{user `ami_release`}} Release with Hardened Kernel and EC2 Optimizations"
+    ami_description: "Alpine Linux {{user `alpine_release`}}-r{{user `ami_release`}} Release with EC2 Optimizations"
    ami_groups:
      - "all"
    ami_virtualization_type: "hvm"
@@ -49,9 +51,10 @@ builders:
      - eu-central-1
      - eu-west-1
      - eu-west-2
-#      - eu-west-3
+      - eu-west-3
      - ap-northeast-1
      - ap-northeast-2
+#      - ap-northeast-3
      - ap-southeast-1
      - ap-southeast-2
      - ap-south-1
@@ -60,7 +63,7 @@ builders:
      source_device_name: "{{user `volume_name`}}"
      device_name: "/dev/xvda"
      delete_on_termination: true
-      volume_size: 5
+      volume_size: 1
      volume_type: "gp2"
    # Use the most recent Amazon Linux AMI as our base
diff --git a/make_ami.sh b/make_ami.sh
index ec89fb7..c85c160 100755
--- a/make_ami.sh
+++ b/make_ami.sh
@@ -3,11 +3,11 @@
 set -eu
-: ${ALPINE_RELEASE:="3.7"} # not tested against edge
+: ${ALPINE_RELEASE:="3.8"} # not tested against edge
-: ${APK_TOOLS_URI:="https://github.com/alpinelinux/apk-tools/releases/download/v2.8.0/apk-tools-2.8.0-x86_64-linux.tar.gz"}
+: ${APK_TOOLS_URI:="https://github.com/alpinelinux/apk-tools/releases/download/v2.10.0/apk-tools-2.10.0-x86_64-linux.tar.gz"}
-: ${APK_TOOLS_SHA256:="da21cefd2121e3a6cd4e8742b38118b2a1132aad7f707646ee946a6b32ee6df9"}
+: ${APK_TOOLS_SHA256:="77f2d256fcd5d6fdafadf43bb6a9c85c3da7bb471ee842dcd729175235cb9fed"}
-: ${ALPINE_KEYS:="http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/alpine-keys-2.1-r1.apk"}
+: ${ALPINE_KEYS:="http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86_64/alpine-keys-2.1-r1.apk"}
-: ${ALPINE_KEYS_SHA256:="7b2d1e9a00324c8eee49785dc22355be02534201e77473ba9762027e1a475cc7"}
+: ${ALPINE_KEYS_SHA256:="f7832b848cedca482b145011cf516e82392f02a10713875cb09f39c7221c6f17"}
 die() {
        printf '\033[1;31mERROR:\033[0m %s\n' "$@" >&2  # bold red
@@ -73,34 +73,12 @@ make_filesystem() {
 setup_repositories() {
        local target="$1" # target directory
+  # NOTE: we only need @testing for aws-ena-driver-vanilla, this can be removed if/when released
        mkdir -p "$target"/etc/apk/keys
        cat > "$target"/etc/apk/repositories <<-EOF
        http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_RELEASE/main
        http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_RELEASE/community
-        EOF
+        @testing http://dl-cdn.alpinelinux.org/alpine/edge/testing
-}
-# This is mostly a temporary measure because some required packages have not
-# yet been accepted upstream. This can be removed when the following pull
-# requests are merged:
-#
-# - https://github.com/alpinelinux/aports/pull/2962
-# - https://github.com/alpinelinux/aports/pull/2961
-setup_staging_repos() {
-        local target="$1" # target directory
-        echo "https://mcrute-build-artifacts.s3.us-west-2.amazonaws.com/alpine-packages/$ALPINE_RELEASE/testing" >> "$target"/etc/apk/repositories
-        cat > "$target"/etc/apk/keys/mcrute-5a3eecec.rsa.pub  <<-EOF
-        -----BEGIN PUBLIC KEY-----
-        MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5fW5dyTqgs9Yf93xKn5U
-        cYzY9t//M3TAaiDWH7rFxqBqTGnVGkP9QAGqsbXyoo/JpIalazkOfm/1L+XaK7NI
-        IUD/8KxfrnBW53cc/KOkPcGAga36aTBz/HmLQQvjWcizPxWepjdfvAnRTMV69Oud
-        zaRPGKx8nCRqLy1YFAEXn+zpHRh+OHCzzQFlkJop+2PCXqDFaMWC7+oWwrqFs1i0
-        CXc4pq5oT6vAQyt6pUwN85sLVxtxXSt5G5ALYzQtaIj7IAR3jGlwU26wOAv5YP7z
-        xn/Z1ebQsPbAl3rw48v2T2ohPEX2TUtUq4OuwOG+z1pi3woIGOlOFVAP3k6lm8Z9
-        9QIDAQAB
-        -----END PUBLIC KEY-----
        EOF
 }
@@ -131,19 +109,19 @@ install_core_packages() {
        # Most from: https://git.alpinelinux.org/cgit/alpine-iso/tree/alpine-virt.packages
        #
        # acct - installed by some configurations, so added here
-        # aws-ena-driver-hardened - required for ENA enabled instances
+        # aws-ena-driver-vanilla - required for ENA enabled instances (still in edge/testing)
        # e2fsprogs - required by init scripts to maintain ext4 volumes
-        # linux-hardened - can't use virthardened because it's missing NVME support
+        # linux-vanilla - can't use virt because it's missing NVME support
        # mkinitfs - required to build custom initfs
        # sudo - to allow alpine user to become root, disallow root SSH logins
        # tiny-ec2-bootstrap - to bootstrap system from EC2 metadata
        chroot "$target" apk --no-cache add \
                acct \
                alpine-mirrors \
-                aws-ena-driver-hardened \
+                aws-ena-driver-vanilla@testing \
                chrony \
                e2fsprogs \
-                linux-hardened \
+                linux-vanilla \
                mkinitfs \
                openssh \
                sudo \
@@ -166,7 +144,6 @@ create_initfs() {
        local target="$1"
        # Create ENA feature for mkinitfs
-        # Submitted upstream: https://github.com/alpinelinux/mkinitfs/pull/19
        echo "kernel/drivers/net/ethernet/amazon" > \
                "$target"/etc/mkinitfs/features.d/ena.modules
@@ -310,8 +287,6 @@ main() {
        einfo "Fetching Alpine signing keys"
        fetch_keys "$target"
-        setup_staging_repos "$target"
        einfo "Installing base system"
        $apk add --root "$target" --update-cache --initdb alpine-base
author	Jake Buchholz <tomalok@gmail.com>	2018-07-28 18:28:29 -0700
committer	Mike Crute <mike@crute.us>	2018-07-30 07:59:39 -0700
commit	836d9a3e7ef0b664f2b33fc65bb5315b901dfe2e (patch)
tree	07d0cb926f0b4932370e08f0c15eb52e6f6836f3
parent	27bcd4a05e0ce1bc28886452355121501310df8f (diff)
download	alpine-ec2-ami-836d9a3e7ef0b664f2b33fc65bb5315b901dfe2e.tar.bz2 alpine-ec2-ami-836d9a3e7ef0b664f2b33fc65bb5315b901dfe2e.tar.xz alpine-ec2-ami-836d9a3e7ef0b664f2b33fc65bb5315b901dfe2e.zip