Page MenuHomeFreeBSD

EC2: Add AMI Builder AMI building
ClosedPublic

Authored by cperciva on Apr 20 2025, 4:50 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Oct 25, 1:42 PM
Unknown Object (File)
Fri, Oct 24, 3:31 AM
Unknown Object (File)
Fri, Oct 24, 2:45 AM
Unknown Object (File)
Thu, Oct 23, 8:15 AM
Unknown Object (File)
Sat, Oct 18, 11:21 AM
Unknown Object (File)
Thu, Oct 16, 11:51 AM
Unknown Object (File)
Sep 4 2025, 7:27 AM
Unknown Object (File)
Aug 31 2025, 7:33 AM

Details

Summary

Starting in 2015 I have published "AMI Builder AMIs" for FreeBSD/EC2:
These boot into a memory disk, extract a "clean" copy of FreeBSD onto
the root disk, mount it at /mnt, and allow the user to SSH in to make
customizations before creating a new AMI from the "running" instance
(in fact, from the FreeBSD installation which is not running but is
mounted on /mnt).

This provides a much cleaner mechanism for building customized FreeBSD
AMIs than the traditional Linux approach of "launch an EC2 instance,
SSH in and configure it, then try to wipe logs and credentials before
creating an AMI"; and it's easier than building a customized AMI ab
initio by modifying the FreeBSD release-building code.

This commit brings that functionality into the FreeBSD src tree and
into the collection of images built by the release engineering team:
The EC2 "BUILDER" flavour AMI is essentially a "SMALL" flavour AMI with
a compressed "BASE" flavour disk image, plus an init script which
juggles disks around (rerooting into a memory disk and extracting the
"BASE" image onto disk).

MFC after: 1 week
Sponsored by: Amazon

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

I don't know if anyone else on re@ has any interest in EC2-specific bits, but I figured I'd post this for a few days in case anyone has a chance to look for spelling mistakes etc.

Have not reviewed in great detail but 👍 to putting this in the tree.

Feel free to ignore any comments; for as much as I understand cross-reading... get it in...

release/tools/ec2-builder.conf
3

Do we add (c) and license to these files?

release/tools/mkami.sh
3

Not needed anymore.

26

SPDX?

43

Can this IPv4-only link-local address get a mention to a documentation somewhere?

release/tools/rc.amibuilder
3

No longer needed.

26

SPDX?

37

kenv vfs.root.mountfrom?

65

Do you still need this?

release/tools/ec2-builder.conf
3

None of the other <cloudware>.conf files have copyright statements. And there's not much in the way of creative content so I'm inclined to just follow existing "this is a configuration file which is presumed to be in the public domain" practice.

release/tools/mkami.sh
43
release/tools/rc.amibuilder
37

Nope, because when we reboot (reroot) into the memory disk vfs.root.mountfrom points at the memory disk; we really want to know about the physical disk.

65

I think so? I got errors when I didn't have this here. Even when we don't have anything mounted from that disk, it was partitioned and GEOM wasn't happy about me trying to overwrite it.

Add SPDX, remove #-, and link to details about EC2 IMDS.

You can drop the license boilerplate and just have the SPDX tag, if you like.

release/tools/rc.amibuilder
65

I don't recall any changes that would remove the need for this in certain cases. It is unfortunate that this functionality is in an unfortunate namespace and not all that well documented.

You can drop the license boilerplate and just have the SPDX tag, if you like.

Ah, I hadn't realized that SPDX-only was now officially project-approved. Done.

Anything else before I push this into the tree?

I still haven't looked it over fully but I'm fine with it going into the tree now.

This revision was not accepted when it landed; it landed in state Needs Review.Apr 22 2025, 8:35 PM
This revision was automatically updated to reflect the committed changes.