Index: release/tools/ec2.conf =================================================================== --- release/tools/ec2.conf +++ release/tools/ec2.conf @@ -44,57 +44,62 @@ /usr/sbin/pkg delete -f -y pkg rm ${DESTDIR}/var/db/pkg/repo-*.sqlite - # The size of the EC2 root disk can be configured at instance launch - # time; expand our filesystem to fill the disk. - echo 'growfs_enable="YES"' >> ${DESTDIR}/etc/rc.conf + cat << EOF >> ${DESTDIR}/etc/rc.conf - # EC2 instances use DHCP to get their network configuration. IPv6 - # requires accept_rtadv. - echo 'ifconfig_DEFAULT="SYNCDHCP accept_rtadv"' >> ${DESTDIR}/etc/rc.conf +# The size of the EC2 root disk can be configured at instance launch +# time; expand our filesystem to fill the disk. +growfs_enable="YES" - # Unless the system has been configured via EC2 user-data, the user - # will need to SSH in to do anything. - echo 'sshd_enable="YES"' >> ${DESTDIR}/etc/rc.conf +# EC2 instances use DHCP to get their network configuration. IPv6 +# requires accept_rtadv. +ifconfig_DEFAULT="SYNCDHCP accept_rtadv" - # The AWS CLI tools are generally useful, and small enough that they - # will download quickly; but users will often override this setting - # via EC2 user-data. - echo 'firstboot_pkgs_list="awscli"' >> ${DESTDIR}/etc/rc.conf +# Unless the system has been configured via EC2 user-data, the user +# will need to SSH in to do anything. +sshd_enable="YES" - # Enable IPv6 on all interfaces, and use DHCP on both IPv4 and IPv6. - echo 'ipv6_activate_all_interfaces="YES"' >> ${DESTDIR}/etc/rc.conf - echo 'dhclient_program="/usr/local/sbin/dual-dhclient"' >> ${DESTDIR}/etc/rc.conf +# The AWS CLI tools are generally useful, and small enough that they +# will download quickly; but users will often override this setting +# via EC2 user-data. +firstboot_pkgs_list="awscli" - # The EC2 console is output-only, so while printing a backtrace can - # be useful, there's no point dropping into a debugger or waiting - # for a keypress. - echo 'debug.trace_on_panic=1' >> ${DESTDIR}/boot/loader.conf - echo 'debug.debugger_on_panic=0' >> ${DESTDIR}/boot/loader.conf - echo 'kern.panic_reboot_wait_time=0' >> ${DESTDIR}/boot/loader.conf +# Enable IPv6 on all interfaces, and use DHCP on both IPv4 and IPv6. +ipv6_activate_all_interfaces="YES" +dhclient_program="/usr/local/sbin/dual-dhclient" +EOF - # The console is not interactive, so we might as well boot quickly. - echo 'autoboot_delay="-1"' >> ${DESTDIR}/boot/loader.conf - echo 'beastie_disable="YES"' >> ${DESTDIR}/boot/loader.conf + cat << EOF >> ${DESTDIR}/boot/loader.conf +# The EC2 console is output-only, so while printing a backtrace can +# be useful, there's no point dropping into a debugger or waiting +# for a keypress. +debug.trace_on_panic=1 +debug.debugger_on_panic=0 +kern.panic_reboot_wait_time=0 - # The emulated keyboard attached to EC2 instances is inaccessible to - # users, and there is no mouse attached at all; disable to keyboard - # and the keyboard controller (to which the mouse would attach, if - # one existed) in order to save time in device probing. - echo 'hint.atkbd.0.disabled=1' >> ${DESTDIR}/boot/loader.conf - echo 'hint.atkbdc.0.disabled=1' >> ${DESTDIR}/boot/loader.conf +# The console is not interactive, so we might as well boot quickly. +autoboot_delay="-1" +beastie_disable="YES" - # EC2 has two consoles: An emulated serial port ("system log"), - # which has been present since 2006; and a VGA console ("instance - # screenshot") which was introduced in 2016. - echo 'boot_multicons="YES"' >> ${DESTDIR}/boot/loader.conf +# The emulated keyboard attached to EC2 instances is inaccessible to +# users, and there is no mouse attached at all; disable to keyboard +# and the keyboard controller (to which the mouse would attach, if +# one existed) in order to save time in device probing. +hint.atkbd.0.disabled=1 +hint.atkbdc.0.disabled=1 - # Some older EC2 hardware used a version of Xen with a bug in its - # emulated serial port. It is not clear if EC2 still has any such - # nodes, but apply the workaround just in case. - echo 'hw.broken_txfifo="1"' >> ${DESTDIR}/boot/loader.conf +# EC2 has two consoles: An emulated serial port ("system log"), +# which has been present since 2006; and a VGA console ("instance +# screenshot") which was introduced in 2016. +boot_multicons="YES" - # Load the kernel module for the Amazon "Elastic Network Adapter" - echo 'if_ena_load="YES"' >> ${DESTDIR}/boot/loader.conf +# Some older EC2 hardware used a version of Xen with a bug in its +# emulated serial port. It is not clear if EC2 still has any such +# nodes, but apply the workaround just in case. +hw.broken_txfifo="1" + +# Load the kernel module for the Amazon "Elastic Network Adapter" +if_ena_load="YES" +EOF # Disable ChallengeResponseAuthentication according to EC2 # requirements.