upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-04-21 22:27:47 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/release/tools/ec2-builder.conf
Colin Percival 925ec43c15 EC2: Add AMI Builder AMI building 
Starting in 2015 I have published "AMI Builder AMIs" for FreeBSD/EC2:
These boot into a memory disk, extract a "clean" copy of FreeBSD onto
the root disk, mount it at /mnt, and allow the user to SSH in to make
customizations before creating a new AMI from the "running" instance
(in fact, from the FreeBSD installation which is not running but is
mounted on /mnt).

This provides a much cleaner mechanism for building customized FreeBSD
AMIs than the traditional Linux approach of "launch an EC2 instance,
SSH in and configure it, then try to wipe logs and credentials before
creating an AMI"; and it's easier than building a customized AMI ab
initio by modifying the FreeBSD release-building code.

This commit brings that functionality into the FreeBSD src tree and
into the collection of images built by the release engineering team:
The EC2 "BUILDER" flavour AMI is essentially a "SMALL" flavour AMI with
a compressed "BASE" flavour disk image, plus an init script which
juggles disks around (rerooting into a memory disk and extracting the
"BASE" image onto disk).

Polished by:	bz, emaste
MFC after:	1 week
Sponsored by:	Amazon
Differential Revision:	https://reviews.freebsd.org/D49930

(cherry picked from commit 58426589030308cd632477d328b9536b1634c54d)
2025-04-26 12:17:51 -07:00

57 lines
1.9 KiB
Bash
Raw Blame History

#!/bin/sh
. ${WORLDDIR}/release/tools/ec2.conf
# Build with a 7.9 GB partition; this is enough for our stripped-down
# base system plus the compressed ec2-base image.
export VMSIZE=8000m
# Flags to installworld/kernel: We don't want debug symbols (kernel or
# userland), 32-bit libraries, tests, or the debugger.
export INSTALLOPTS="WITHOUT_DEBUG_FILES=YES WITHOUT_KERNEL_SYMBOLS=YES \
WITHOUT_LIB32=YES WITHOUT_TESTS=YES WITHOUT_LLDB=YES"
# Packages to install into the image we're creating. In addition to packages
# present on all EC2 AMIs, we install:
# * ec2-scripts, which provides a range of EC2ification startup scripts,
# * isc-dhcp44-client, used for IPv6 network setup, and
# * py-awscli, to make it easier for users to create AMIs.
export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} ec2-scripts \
isc-dhcp44-client devel/py-awscli"
# Services to enable in rc.conf(5).
export VM_RC_LIST="${VM_RC_LIST} ec2_configinit ec2_ephemeral_swap \
ec2_fetchkey ec2_loghostkey sshd"
vm_extra_pre_umount() {
# Any EC2 ephemeral disks seen when the system first boots will
# be "new" disks; there is no "previous boot" when they might have
# been seen and used already.
touch ${DESTDIR}/var/db/ec2_ephemeral_diskseen
# Configuration common to all EC2 AMIs
ec2_common
# Standard FreeBSD network configuration
ec2_base_networking
# Grab a copy of the ec2-base disk image, and compress it
zstd < ${EC2BASEIMG} > ${DESTDIR}/image.zst
# Disable fortune so we don't have extra noise at login
chmod a-x ${DESTDIR}/usr/bin/fortune
# Install the AMI-building script
install -m 755 ${WORLDDIR}/release/tools/mkami.sh ${DESTDIR}/bin/mkami
# Install an /etc/rc which juggles disks around for us
install -m 755 ${WORLDDIR}/release/tools/rc.amibuilder ${DESTDIR}/etc
# We want to mount from the UFS disk and juggle disks first
cat >> ${DESTDIR}/boot/loader.conf <<-EOF
vfs.root.mountfrom="ufs:/dev/gpt/rootfs"
init_script="/etc/rc.amibuilder"
EOF
return 0
}
Reference in a new issue View git blame Copy permalink