Page MenuHomeFreeBSD
Files F150668878

D41792.id127981.diff
No OneTemporary
Actions

D41792.id127981.diff
View Options

diff --git a/release/tools/ec2-base.conf b/release/tools/ec2-base.conf
--- a/release/tools/ec2-base.conf
+++ b/release/tools/ec2-base.conf
@@ -1,78 +1,36 @@
#!/bin/sh
-#
-#
-# Packages to install into the image we're creating. This is a deliberately
-# minimalist set, providing only the packages necessary to bootstrap further
-# package installation as specified via EC2 user-data.
-export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} ec2-scripts \
- firstboot-freebsd-update firstboot-pkgs isc-dhcp44-client \
- ebsnvme-id"
-
-# Include the amazon-ssm-agent package in amd64 images, since some users want
-# to be able to use it on systems which are not connected to the Internet.
-# (It is not enabled by default, however.) This package does not exist for
-# aarch64, so we have to be selective about when we install it.
-if [ "${TARGET_ARCH}" = "amd64" ]; then
- export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} amazon-ssm-agent"
-fi
-
-# Set to a list of third-party software to enable in rc.conf(5).
-export VM_RC_LIST="ec2_configinit ec2_fetchkey ec2_loghostkey firstboot_freebsd_update firstboot_pkgs ntpd dev_aws_disk ec2_ephemeral_swap"
+. ${WORLDDIR}/release/tools/ec2.conf
-# Build with a 4.9 GB partition; the growfs rc.d script will expand
-# the partition to fill the root disk after the EC2 instance is launched.
-# Note that if this is set to <N>G, we will end up with an <N+1> GB disk
-# image since VMSIZE is the size of the filesystem partition, not the disk
-# which it resides within.
-export VMSIZE=5000m
+# Packages to install into the image we're creating. In addition to packages
+# present on all EC2 AMIs, we install:
+# * ec2-scripts, which provides a range of EC2ification startup scripts,
+# * firstboot-freebsd-update, to install security updates at first boot,
+# * firstboot-pkgs, to install packages at first boot, and
+# * isc-dhcp44-client, used for IPv6 network setup.
+export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} ec2-scripts \
+ firstboot-freebsd-update firstboot-pkgs isc-dhcp44-client"
-# No swap space; the ec2_ephemeralswap rc.d script will allocate swap
-# space on EC2 ephemeral disks. (If they exist -- the T2 low-cost instances
-# and the C4 compute-optimized instances don't have ephemeral disks. But
-# it would be silly to bloat the image and increase costs for every instance
-# just for those two families, especially since instances ranging in size
-# from 1 GB of RAM to 60 GB of RAM would need different sizes of swap space
-# anyway.)
-export NOSWAP=YES
+# Services to enable in rc.conf(5).
+export VM_RC_LIST="${VM_RC_LIST} ec2_configinit ec2_ephemeral_swap \
+ ec2_fetchkey ec2_loghostkey firstboot_freebsd_update firstboot_pkgs \
+ growfs sshd"
vm_extra_pre_umount() {
- # The firstboot_pkgs rc.d script will download the repository
- # catalogue and install or update pkg when the instance first
- # launches, so these files would just be replaced anyway; removing
- # them from the image allows it to boot faster.
- mount -t devfs devfs ${DESTDIR}/dev
- chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \
- /usr/sbin/pkg delete -f -y pkg
- umount ${DESTDIR}/dev
- rm ${DESTDIR}/var/db/pkg/repo-*.sqlite
-
- # The size of the EC2 root disk can be configured at instance launch
- # time; expand our filesystem to fill the disk.
- echo 'growfs_enable="YES"' >> ${DESTDIR}/etc/rc.conf
-
- # EC2 instances use DHCP to get their network configuration. IPv6
- # requires accept_rtadv.
- echo 'ifconfig_DEFAULT="SYNCDHCP accept_rtadv"' >> ${DESTDIR}/etc/rc.conf
-
- # Unless the system has been configured via EC2 user-data, the user
- # will need to SSH in to do anything.
- echo 'sshd_enable="YES"' >> ${DESTDIR}/etc/rc.conf
-
# The AWS CLI tools are generally useful, and small enough that they
# will download quickly; but users will often override this setting
# via EC2 user-data.
echo 'firstboot_pkgs_list="devel/py-awscli"' >> ${DESTDIR}/etc/rc.conf
+ # EC2 instances use DHCP to get their network configuration. IPv6
+ # requires accept_rtadv.
+ echo 'ifconfig_DEFAULT="SYNCDHCP accept_rtadv"' >> ${DESTDIR}/etc/rc.conf
+
# Enable IPv6 on all interfaces, and spawn DHCPv6 via rtsold
echo 'ipv6_activate_all_interfaces="YES"' >> ${DESTDIR}/etc/rc.conf
echo 'rtsold_enable="YES"' >> ${DESTDIR}/etc/rc.conf
echo 'rtsold_flags="-M /usr/local/libexec/rtsold-M -a"' >> ${DESTDIR}/etc/rc.conf
- # Turn off IPv6 Duplicate Address Detection; the EC2 networking
- # configuration makes it unnecessary.
- echo 'net.inet6.ip6.dad_count=0' >> ${DESTDIR}/etc/sysctl.conf
-
# Provide a script which rtsold can use to launch DHCPv6
mkdir -p ${DESTDIR}/usr/local/libexec
cat > ${DESTDIR}/usr/local/libexec/rtsold-M <<'EOF'
@@ -82,94 +40,13 @@
EOF
chmod 755 ${DESTDIR}/usr/local/libexec/rtsold-M
- # The EC2 console is output-only, so while printing a backtrace can
- # be useful, there's no point dropping into a debugger or waiting
- # for a keypress.
- echo 'debug.trace_on_panic=1' >> ${DESTDIR}/boot/loader.conf
- echo 'debug.debugger_on_panic=0' >> ${DESTDIR}/boot/loader.conf
- echo 'kern.panic_reboot_wait_time=0' >> ${DESTDIR}/boot/loader.conf
-
- # The console is not interactive, so we might as well boot quickly.
- echo 'autoboot_delay="-1"' >> ${DESTDIR}/boot/loader.conf
- echo 'beastie_disable="YES"' >> ${DESTDIR}/boot/loader.conf
-
- # Tell gptboot not to wait 3 seconds for a keypress which won't
- # arrive either.
- printf -- "-n\n" > ${DESTDIR}/boot.config
-
- # The emulated keyboard attached to EC2 instances is inaccessible to
- # users, and there is no mouse attached at all; disable to keyboard
- # and the keyboard controller (to which the mouse would attach, if
- # one existed) in order to save time in device probing.
- echo 'hint.atkbd.0.disabled=1' >> ${DESTDIR}/boot/loader.conf
- echo 'hint.atkbdc.0.disabled=1' >> ${DESTDIR}/boot/loader.conf
-
- # EC2 has two consoles: An emulated serial port ("system log"),
- # which has been present since 2006; and a VGA console ("instance
- # screenshot") which was introduced in 2016.
- echo 'boot_multicons="YES"' >> ${DESTDIR}/boot/loader.conf
-
- # Some older EC2 hardware used a version of Xen with a bug in its
- # emulated serial port. It is not clear if EC2 still has any such
- # nodes, but apply the workaround just in case.
- echo 'hw.broken_txfifo="1"' >> ${DESTDIR}/boot/loader.conf
-
- # Load the kernel module for the Amazon "Elastic Network Adapter"
- echo 'if_ena_load="YES"' >> ${DESTDIR}/boot/loader.conf
-
- # Use the "nda" driver for accessing NVMe disks rather than the
- # historical "nvd" driver.
- echo 'hw.nvme.use_nvd="0"' >> ${DESTDIR}/boot/loader.conf
-
- # Disable KbdInteractiveAuthentication according to EC2 requirements.
- sed -i '' -e \
- 's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \
- ${DESTDIR}/etc/ssh/sshd_config
-
- # Use FreeBSD Update mirrors hosted in AWS
- sed -i '' -e 's/update.FreeBSD.org/aws.update.FreeBSD.org/' \
- ${DESTDIR}/etc/freebsd-update.conf
-
- # Use the NTP service provided by Amazon
- sed -i '' -e 's/^pool/#pool/' \
- -e '1,/^#server/s/^#server.*/server 169.254.169.123 iburst/' \
- ${DESTDIR}/etc/ntp.conf
-
- # Provide a map for accessing Elastic File System mounts
- cat > ${DESTDIR}/etc/autofs/special_efs <<'EOF'
-#!/bin/sh
-
-if [ $# -eq 0 ]; then
- # No way to know which EFS filesystems exist and are
- # accessible to this EC2 instance.
- exit 0
-fi
-
-# Provide instructions on how to mount the requested filesystem.
-FS=$1
-REGION=`fetch -qo- http://169.254.169.254/latest/meta-data/placement/availability-zone | sed -e 's/[a-z]$//'`
-echo "-nfsv4,minorversion=1,oneopenown ${FS}.efs.${REGION}.amazonaws.com:/"
-EOF
- chmod 755 ${DESTDIR}/etc/autofs/special_efs
-
- # The first time the AMI boots, the installed "first boot" scripts
- # should be allowed to run:
- # * ec2_configinit (download and process EC2 user-data)
- # * ec2_fetchkey (arrange for SSH using the EC2-provided public key)
- # * growfs (expand the filesystem to fill the provided disk)
- # * firstboot_freebsd_update (install critical updates)
- # * firstboot_pkgs (install packages)
- touch ${DESTDIR}/firstboot
-
# Any EC2 ephemeral disks seen when the system first boots will
# be "new" disks; there is no "previous boot" when they might have
# been seen and used already.
touch ${DESTDIR}/var/db/ec2_ephemeral_diskseen
- if ! [ -z "${QEMUSTATIC}" ]; then
- rm -f ${DESTDIR}/${EMULATOR}
- fi
- rm -f ${DESTDIR}/etc/resolv.conf
+ # Configuration common to all EC2 AMIs
+ ec2_common
return 0
}
diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf
new file mode 100644
--- /dev/null
+++ b/release/tools/ec2.conf
@@ -0,0 +1,111 @@
+#!/bin/sh
+
+# Packages which should be installed onto all EC2 AMIs:
+# * ebsnvme-id, which is very minimal and provides important EBS-specific
+# functionality,
+# * amazon-ssm-agent (not enabled by default, but some users need to use
+# it on systems not connected to the internet).
+export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} ebsnvme-id amazon-ssm-agent"
+
+# Services which should be enabled by default in rc.conf(5).
+export VM_RC_LIST="dev_aws_disk ntpd"
+
+# Build with a 4.9 GB partition; the growfs rc.d script will expand
+# the partition to fill the root disk after the EC2 instance is launched.
+# Note that if this is set to <N>G, we will end up with an <N+1> GB disk
+# image since VMSIZE is the size of the filesystem partition, not the disk
+# which it resides within.
+export VMSIZE=5000m
+
+# No swap space; it doesn't make sense to provision any as part of the disk
+# image when we could be launching onto a system with anywhere between 0.5
+# and 4096 GB of RAM.
+export NOSWAP=YES
+
+ec2_common() {
+ # Delete the pkg package and the repo database; they will likely be
+ # long out of date before the EC2 instance is launched.
+ mount -t devfs devfs ${DESTDIR}/dev
+ chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \
+ /usr/sbin/pkg delete -f -y pkg
+ umount ${DESTDIR}/dev
+ rm ${DESTDIR}/var/db/pkg/repo-*.sqlite
+
+ # Turn off IPv6 Duplicate Address Detection; the EC2 networking
+ # configuration makes it unnecessary.
+ echo 'net.inet6.ip6.dad_count=0' >> ${DESTDIR}/etc/sysctl.conf
+
+ # Booting quickly is more important than giving users a chance to
+ # access the boot loader via the serial port.
+ echo 'autoboot_delay="-1"' >> ${DESTDIR}/boot/loader.conf
+ echo 'beastie_disable="YES"' >> ${DESTDIR}/boot/loader.conf
+
+ # Tell gptboot not to wait 3 seconds for a keypress which will
+ # never arrive.
+ printf -- "-n\n" > ${DESTDIR}/boot.config
+
+ # The emulated keyboard attached to EC2 instances is inaccessible to
+ # users, and there is no mouse attached at all; disable to keyboard
+ # and the keyboard controller (to which the mouse would attach, if
+ # one existed) in order to save time in device probing.
+ echo 'hint.atkbd.0.disabled=1' >> ${DESTDIR}/boot/loader.conf
+ echo 'hint.atkbdc.0.disabled=1' >> ${DESTDIR}/boot/loader.conf
+
+ # EC2 has two consoles: An emulated serial port ("system log"),
+ # which has been present since 2006; and a VGA console ("instance
+ # screenshot") which was introduced in 2016.
+ echo 'boot_multicons="YES"' >> ${DESTDIR}/boot/loader.conf
+
+ # Some older EC2 hardware used a version of Xen with a bug in its
+ # emulated serial port. It is not clear if EC2 still has any such
+ # nodes, but apply the workaround just in case.
+ echo 'hw.broken_txfifo="1"' >> ${DESTDIR}/boot/loader.conf
+
+ # Load the kernel module for the Amazon "Elastic Network Adapter"
+ echo 'if_ena_load="YES"' >> ${DESTDIR}/boot/loader.conf
+
+ # Use the "nda" driver for accessing NVMe disks rather than the
+ # historical "nvd" driver.
+ echo 'hw.nvme.use_nvd="0"' >> ${DESTDIR}/boot/loader.conf
+
+ # Disable KbdInteractiveAuthentication according to EC2 requirements.
+ sed -i '' -e \
+ 's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \
+ ${DESTDIR}/etc/ssh/sshd_config
+
+ # Use FreeBSD Update mirrors hosted in AWS
+ sed -i '' -e 's/update.FreeBSD.org/aws.update.FreeBSD.org/' \
+ ${DESTDIR}/etc/freebsd-update.conf
+
+ # Use the NTP service provided by Amazon
+ sed -i '' -e 's/^pool/#pool/' \
+ -e '1,/^#server/s/^#server.*/server 169.254.169.123 iburst/' \
+ ${DESTDIR}/etc/ntp.conf
+
+ # Provide a map for accessing Elastic File System mounts
+ cat > ${DESTDIR}/etc/autofs/special_efs <<'EOF'
+#!/bin/sh
+
+if [ $# -eq 0 ]; then
+ # No way to know which EFS filesystems exist and are
+ # accessible to this EC2 instance.
+ exit 0
+fi
+
+# Provide instructions on how to mount the requested filesystem.
+FS=$1
+REGION=`fetch -qo- http://169.254.169.254/latest/meta-data/placement/availability-zone | sed -e 's/[a-z]$//'`
+echo "-nfsv4,minorversion=1,oneopenown ${FS}.efs.${REGION}.amazonaws.com:/"
+EOF
+ chmod 755 ${DESTDIR}/etc/autofs/special_efs
+
+ # The first time the AMI boots, run "first boot" scripts.
+ touch ${DESTDIR}/firstboot
+
+ if ! [ -z "${QEMUSTATIC}" ]; then
+ rm -f ${DESTDIR}/${EMULATOR}
+ fi
+ rm -f ${DESTDIR}/etc/resolv.conf
+
+ return 0
+}

File Metadata

Mime Type
text/plain
Expires
Sat, Apr 4, 5:49 AM (1 h, 11 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
30802091
Default Alt Text
D41792.id127981.diff (12 KB)

Event Timeline