Date: Sun, 05 Apr 2015 21:48:03 -0700 From: Colin Percival <cperciva@freebsd.org> To: freebsd-cloud@freebsd.org Subject: EC2 AMI building support in the src tree Message-ID: <55221003.3010307@freebsd.org> In-Reply-To: <5472FD59.4040906@freebsd.org> References: <5472FD59.4040906@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all, On Wednesday I finished merging my AMI-building patches into src/release, and it occurs to me that I should provide updated instructions since the process I described a few months ago is no longer necessary. To build EC2 AMIs now, start by installing bsdec2-image-upload and checking out the src tree (AMI-building bits are currently only in HEAD): # pkg install bsdec2-image-upload # svnlite co https://svn0.us-west.FreeBSD.org/base/head /usr/src Then set up your AWS account and create an AWS key file per my earlier instructions: > 1. Create an S3 bucket in the region you want to use (in my case, us-west-2 > aka. Oregon). I called mine "freebsd-release-staging". > 2. Create a Lifecycle Rule on the bucket to Permanently Delete objects 1 day > after the object's creation date. > 3. Create an IAM user named "freebsd-release-upload". > 4. Attach a Policy to the IAM user granting permission for: > * s3:DeleteObject, s3:GetObject, and s3:PutObject > on resource arn:aws:s3:::YOURBUCKETNAME/* > * ec2:CopyImage, ec2:CreateSnapshot, ec2:DeleteVolume, > ec2:DescribeConversionTasks, ec2:DescribeImages, ec2:DescribeSnapshots, > ec2:ImportVolume, ec2:ModifyImageAttribute and ec2:RegisterImage > on resource * > 5. Create AWS Access Keys for the IAM user, and create a file in the format > ACCESS_KEY_ID=AKIEXAMPLEEXAMPLE > ACCESS_KEY_SECRET=EXAMPLEEXAMPLEEXAMPLEEXAMPLEEXAMPLE Make sure there isn't any errant whitespace in the key file, because the bsdec2-image-upload tool isn't smart enough to remove it. And finally perform the build: # cd /usr/src && make buildworld buildkernel # cd /usr/src/release && make WITH_CLOUDWARE=YES \ AWSKEYFILE=/root/aws.key AWSREGION=us-west-2 \ AWSBUCKET=freebsd-release-staging EC2PUBLIC=YES ec2ami (Omit EC2PUBLIC=YES if you just want to create a private AMI in a single EC2 region.) -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55221003.3010307>