diff options
author | Jake Buchholz <tomalok@gmail.com> | 2020-08-11 21:16:54 -0700 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2020-08-12 18:12:22 -0700 |
commit | 2b76c6ebf655e14a8d7ce774137df3c13d6c232a (patch) | |
tree | 287d63c3764c6444564dd13479410118601cd5bb | |
parent | d593de3833014b4e83d7693a5e6691013122eb0e (diff) | |
download | alpine-ec2-ami-2b76c6ebf655e14a8d7ce774137df3c13d6c232a.tar.bz2 alpine-ec2-ami-2b76c6ebf655e14a8d7ce774137df3c13d6c232a.tar.xz alpine-ec2-ami-2b76c6ebf655e14a8d7ce774137df3c13d6c232a.zip |
support modification of default AMI user
-rw-r--r-- | packer.conf | 1 | ||||
-rw-r--r-- | profiles/base/2 | 15 | ||||
-rw-r--r-- | profiles/test.conf | 17 | ||||
-rw-r--r-- | profiles/version/3.12 | 2 | ||||
-rwxr-xr-x | scripts/builder.py | 4 | ||||
-rwxr-xr-x | scripts/setup-ami | 19 |
6 files changed, 35 insertions, 23 deletions
diff --git a/packer.conf b/packer.conf index a62d7de..08a0d2c 100644 --- a/packer.conf +++ b/packer.conf | |||
@@ -90,6 +90,7 @@ provisioners = [ | |||
90 | "KERNEL_MODS={{user `kernel_modules`}}" | 90 | "KERNEL_MODS={{user `kernel_modules`}}" |
91 | "KERNEL_OPTS={{user `kernel_options`}}" | 91 | "KERNEL_OPTS={{user `kernel_options`}}" |
92 | "INITFS_FEATURES={{user `initfs_features`}}" | 92 | "INITFS_FEATURES={{user `initfs_features`}}" |
93 | "EC2_USER={{user `ami_user`}}" | ||
93 | ] | 94 | ] |
94 | use_env_var_file = "true" | 95 | use_env_var_file = "true" |
95 | execute_command = "sudo sh -c '. {{.EnvVarFile}} && {{.Path}}'" | 96 | execute_command = "sudo sh -c '. {{.EnvVarFile}} && {{.Path}}'" |
diff --git a/profiles/base/2 b/profiles/base/2 index ae58f06..cc90fee 100644 --- a/profiles/base/2 +++ b/profiles/base/2 | |||
@@ -34,7 +34,7 @@ ami_desc_prefix = "Alpine Linux " | |||
34 | ami_desc_suffix = "" | 34 | ami_desc_suffix = "" |
35 | ami_volume_size = "1" | 35 | ami_volume_size = "1" |
36 | ami_encrypt = "false" | 36 | ami_encrypt = "false" |
37 | ami_user = "alpine" # modification currently not supported | 37 | ami_user = "alpine" |
38 | 38 | ||
39 | # NOTE: the following are python format strings, resolved in resolve-profile.py | 39 | # NOTE: the following are python format strings, resolved in resolve-profile.py |
40 | ami_name = "{var.ami_name_prefix}{var.release}-{var.arch}-{var.revision}{var.ami_name_suffix}" | 40 | ami_name = "{var.ami_name_prefix}{var.release}-{var.arch}-{var.revision}{var.ami_name_suffix}" |
@@ -95,9 +95,18 @@ kernel_options { | |||
95 | "console=ttyS0,115200n8" = true | 95 | "console=ttyS0,115200n8" = true |
96 | "nvme_core.io_timeout=4294967295" = true | 96 | "nvme_core.io_timeout=4294967295" = true |
97 | } | 97 | } |
98 | # NOTE: nvme and ena are critical for i3, a1, m6g, and anything in the 5 series | 98 | # NOTE: nvme and ena are critical for i3, a1, m6g, and anything in the 5 |
99 | # forward. Without them these instances will not boot. | 99 | # series forward. Without them these instances will not boot. |
100 | initfs_features { | 100 | initfs_features { |
101 | nvme = true | 101 | nvme = true |
102 | ena = true | 102 | ena = true |
103 | } | 103 | } |
104 | |||
105 | # Local path to additional setup script, runs before setup-ami cleanup. | ||
106 | setup_script = null | ||
107 | |||
108 | # Files/directories to copy to /tmp/setup-ami.d/ on build instance for | ||
109 | # setup-script to use. Map key is the copy target in the build instance | ||
110 | # /tmp/setup-ami.d/ directory, map value is local file/directory path. | ||
111 | # Nothing copied ends up in the AMI unless `setup_script` does it. | ||
112 | setup_copy = null | ||
diff --git a/profiles/test.conf b/profiles/test.conf index 0d4e740..74019b1 100644 --- a/profiles/test.conf +++ b/profiles/test.conf | |||
@@ -1,6 +1,7 @@ | |||
1 | ### Profile for Testing Builds | 1 | ### Profile for Testing Builds |
2 | # vim: ts=2 et: | 2 | # vim: ts=2 et: |
3 | 3 | ||
4 | version-3_12 { include required("version/3.12") } | ||
4 | version-3_11 { include required("version/3.11") } | 5 | version-3_11 { include required("version/3.11") } |
5 | version-3_10 { include required("version/3.10") } | 6 | version-3_10 { include required("version/3.10") } |
6 | version-3_9 { include required("version/3.9") } | 7 | version-3_9 { include required("version/3.9") } |
@@ -12,20 +13,18 @@ arch-aarch64 { include required("arch/aarch64") } | |||
12 | test { | 13 | test { |
13 | ami_name_prefix = "test-" | 14 | ami_name_prefix = "test-" |
14 | ami_desc_prefix = "Alpine Test " | 15 | ami_desc_prefix = "Alpine Test " |
16 | ami_user = "test" | ||
15 | } | 17 | } |
16 | 18 | ||
17 | # Build definitions | 19 | # Build definitions |
18 | BUILDS { | 20 | BUILDS { |
19 | # merge version, arch, profile, and build vars | 21 | # merge version, arch, profile, and build vars |
20 | v3_11-x86_64 = ${version-3_11} ${arch-x86_64} ${test} | 22 | v3_12-x86_64 = ${version-3_12} ${arch-x86_64} ${test} { revision = "r0" } |
21 | v3_10-x86_64 = ${version-3_10} ${arch-x86_64} ${test} | 23 | v3_11-x86_64 = ${version-3_11} ${arch-x86_64} ${test} { revision = "r0" } |
22 | v3_9-x86_64 = ${version-3_9} ${arch-x86_64} ${test} | 24 | v3_10-x86_64 = ${version-3_10} ${arch-x86_64} ${test} { revision = "r0" } |
25 | v3_9-x86_64 = ${version-3_9} ${arch-x86_64} ${test} { revision = "r0" } | ||
23 | edge-x86_64 = ${version-edge} ${arch-x86_64} ${test} | 26 | edge-x86_64 = ${version-edge} ${arch-x86_64} ${test} |
24 | 27 | ||
25 | # aarch64 AMI builds are under development | 28 | v3_12-aarch64 = ${version-3_12} ${arch-aarch64} ${test} { revision = "r0" } |
26 | edge-aarch64 = ${version-edge} ${arch-aarch64} ${test} | 29 | edge-aarch64 = ${version-edge} ${arch-aarch64} ${test} |
27 | #edge-aarch64 = ${version-edge} ${arch-aarch64} ${test} { | ||
28 | # other us-west-2 subnet doesn't do a1.* instances | ||
29 | # build_subnet = "subnet-08dfc622745f7d96a" | ||
30 | #} | ||
31 | } | 30 | } |
diff --git a/profiles/version/3.12 b/profiles/version/3.12 index c51bb39..3a77dd5 100644 --- a/profiles/version/3.12 +++ b/profiles/version/3.12 | |||
@@ -7,7 +7,7 @@ include required("../base/1") | |||
7 | # set version-specific vars | 7 | # set version-specific vars |
8 | version = "3.12" | 8 | version = "3.12" |
9 | release = "3.12.0" | 9 | release = "3.12.0" |
10 | end_of_life = "2022-06-01" | 10 | end_of_life = "2022-05-01" |
11 | repos { | 11 | repos { |
12 | "http://dl-cdn.alpinelinux.org/alpine/v3.12/main" = true | 12 | "http://dl-cdn.alpinelinux.org/alpine/v3.12/main" = true |
13 | "http://dl-cdn.alpinelinux.org/alpine/v3.12/community" = true | 13 | "http://dl-cdn.alpinelinux.org/alpine/v3.12/community" = true |
diff --git a/scripts/builder.py b/scripts/builder.py index ea23d99..21df3fe 100755 --- a/scripts/builder.py +++ b/scripts/builder.py | |||
@@ -534,11 +534,11 @@ class ConfigBuilder: | |||
534 | self.rel_symlink("scripts/nvme-ebs-links", setup_dir, "nvme-ebs-links") | 534 | self.rel_symlink("scripts/nvme-ebs-links", setup_dir, "nvme-ebs-links") |
535 | 535 | ||
536 | # symlink additional setup_script | 536 | # symlink additional setup_script |
537 | if "setup_script" in cfg.keys(): | 537 | if "setup_script" in cfg.keys() and cfg["setup_script"] is not None: |
538 | self.rel_symlink(cfg["setup_script"], setup_dir, "setup_script") | 538 | self.rel_symlink(cfg["setup_script"], setup_dir, "setup_script") |
539 | del cfg["setup_script"] | 539 | del cfg["setup_script"] |
540 | 540 | ||
541 | if "setup_copy" in cfg.keys(): | 541 | if "setup_copy" in cfg.keys() and cfg["setup_copy"] is not None: |
542 | for dst, src in cfg["setup_copy"].items(): | 542 | for dst, src in cfg["setup_copy"].items(): |
543 | self.rel_symlink(src, setup_dir, dst) | 543 | self.rel_symlink(src, setup_dir, dst) |
544 | del cfg["setup_copy"] | 544 | del cfg["setup_copy"] |
diff --git a/scripts/setup-ami b/scripts/setup-ami index e3c311d..8ae7999 100755 --- a/scripts/setup-ami +++ b/scripts/setup-ami | |||
@@ -256,8 +256,6 @@ enable_services() { | |||
256 | done | 256 | done |
257 | } | 257 | } |
258 | 258 | ||
259 | # TODO: allow profile to specify alternate ALPINE_USER? | ||
260 | # NOTE: tiny-ec2-bootstrap will need to be updated to support that! | ||
261 | create_alpine_user() { | 259 | create_alpine_user() { |
262 | # Allow members of the wheel group to sudo without a password. By default | 260 | # Allow members of the wheel group to sudo without a password. By default |
263 | # this will only be the alpine user. This allows us to ship an AMI that is | 261 | # this will only be the alpine user. This allows us to ship an AMI that is |
@@ -269,12 +267,17 @@ create_alpine_user() { | |||
269 | # There is no real standard ec2 username across AMIs, Amazon uses ec2-user | 267 | # There is no real standard ec2 username across AMIs, Amazon uses ec2-user |
270 | # for their Amazon Linux AMIs but Ubuntu uses ubuntu, Fedora uses fedora, | 268 | # for their Amazon Linux AMIs but Ubuntu uses ubuntu, Fedora uses fedora, |
271 | # etc... (see: https://alestic.com/2014/01/ec2-ssh-username/). So our user | 269 | # etc... (see: https://alestic.com/2014/01/ec2-ssh-username/). So our user |
272 | # and group are alpine because this is Alpine Linux. On instance bootstrap | 270 | # and group, by default, are alpine because this is Alpine Linux. |
273 | # the user can create whatever users they want and delete this one. | 271 | user="${EC2_USER:-alpine}" |
274 | chroot "$TARGET" /usr/sbin/addgroup alpine | 272 | chroot "$TARGET" /usr/sbin/addgroup "$user" |
275 | chroot "$TARGET" /usr/sbin/adduser -h /home/alpine -s /bin/sh -G alpine -D alpine | 273 | chroot "$TARGET" /usr/sbin/adduser -h "/home/$user" -s /bin/sh -G "$user" -D "$user" |
276 | chroot "$TARGET" /usr/sbin/addgroup alpine wheel | 274 | chroot "$TARGET" /usr/sbin/addgroup "$user" wheel |
277 | chroot "$TARGET" /usr/bin/passwd -u alpine | 275 | chroot "$TARGET" /usr/bin/passwd -u "$user" |
276 | |||
277 | # Let tiny-ec2-bootstrap know what the EC2 user of the AMI is | ||
278 | cat > "$TARGET/etc/conf.d/tiny-ec2-bootstrap" <<EOF | ||
279 | EC2_USER="$user" | ||
280 | EOF | ||
278 | } | 281 | } |
279 | 282 | ||
280 | configure_ntp() { | 283 | configure_ntp() { |