From owner-freebsd-cloud@FreeBSD.ORG  Mon Apr  6 04:48:34 2015
Return-Path: <owner-freebsd-cloud@FreeBSD.ORG>
Delivered-To: freebsd-cloud@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 9697384B
 for <freebsd-cloud@freebsd.org>; Mon,  6 Apr 2015 04:48:34 +0000 (UTC)
Received: from o1.l99.sendgrid.net (o1.l99.sendgrid.net [198.37.153.74])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 56227E80
 for <freebsd-cloud@freebsd.org>; Mon,  6 Apr 2015 04:48:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.info; 
 h=from:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding;
 s=smtpapi; bh=rc5hYqzZszHds40SuU/s5FO6RtU=; b=tvro9rwdBP4n9Fw9OH
 nhHa9fX9nD55OTPjobQoA5EykK09h0+nYQzKZIckbdiZBYG744YDYcyhPgDCW/2m
 mKzDAhdJD/TPSSdaZZA0cHL775jBuR9Bk0bBEfLs3Dkce0Evo9T6snQCtZJ/7w7M
 ZO86X3ENSOIKO52kwoWxpg7uw=
Received: by filter0228p1mdw1.sendgrid.net with SMTP id
 filter0228p1mdw1.6018.55221018E
 2015-04-06 04:48:24.99462077 +0000 UTC
Received: from mail.tarsnap.com (ec2-54-86-246-204.compute-1.amazonaws.com
 [54.86.246.204])
 by ismtpd-034 (SG) with ESMTP id 14c8d0ee136.3dd6.63ea2a
 for <freebsd-cloud@freebsd.org>; Mon, 06 Apr 2015 04:48:24 +0000 (UTC)
Received: (qmail 30023 invoked from network); 6 Apr 2015 04:46:31 -0000
Received: from unknown (HELO clamshell.daemonology.net) (127.0.0.1)
 by ec2-107-20-205-189.compute-1.amazonaws.com with ESMTP;
 6 Apr 2015 04:46:31 -0000
Received: (qmail 18921 invoked from network); 6 Apr 2015 04:48:03 -0000
Received: from unknown (HELO clamshell.daemonology.net) (127.0.0.1)
 by clamshell.daemonology.net with SMTP; 6 Apr 2015 04:48:03 -0000
Message-ID: <55221003.3010307@freebsd.org>
Date: Sun, 05 Apr 2015 21:48:03 -0700
From: Colin Percival <cperciva@freebsd.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: freebsd-cloud@freebsd.org
Subject: EC2 AMI building support in the src tree
References: <5472FD59.4040906@freebsd.org>
In-Reply-To: <5472FD59.4040906@freebsd.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-SG-EID: XhyBwObMhraAR+zdwMupjd7LSrZ36RouVZZW3oDOpB11r6d+Bxg3VVv7F4Z59PsAw3W/sh+4PcNM8h
 d63BwLWL9lJ/CNPtM17TZwbeD/2tpFuBDyIgZLCN7T+rd7dKow9+kK0V8dyMI2B/juTw67D2swpH1W
 Z3qevjaqCvZI7+p5wu5JpuOCInbS402taXj8
X-SendGrid-Contentd-ID: {"test_id":"1428295705"}
X-BeenThere: freebsd-cloud@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure,
 etc.\)" <freebsd-cloud.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-cloud>,
 <mailto:freebsd-cloud-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-cloud/>
List-Post: <mailto:freebsd-cloud@freebsd.org>
List-Help: <mailto:freebsd-cloud-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-cloud>,
 <mailto:freebsd-cloud-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2015 04:48:34 -0000

Hi all,

On Wednesday I finished merging my AMI-building patches into src/release,
and it occurs to me that I should provide updated instructions since the
process I described a few months ago is no longer necessary.

To build EC2 AMIs now, start by installing bsdec2-image-upload and checking
out the src tree (AMI-building bits are currently only in HEAD):

# pkg install bsdec2-image-upload
# svnlite co https://svn0.us-west.FreeBSD.org/base/head /usr/src

Then set up your AWS account and create an AWS key file per my earlier
instructions:
> 1. Create an S3 bucket in the region you want to use (in my case, us-west-2
> aka. Oregon).  I called mine "freebsd-release-staging".
> 2. Create a Lifecycle Rule on the bucket to Permanently Delete objects 1 day
> after the object's creation date.
> 3. Create an IAM user named "freebsd-release-upload".
> 4. Attach a Policy to the IAM user granting permission for:
>  * s3:DeleteObject, s3:GetObject, and s3:PutObject
>    on resource arn:aws:s3:::YOURBUCKETNAME/*
>  * ec2:CopyImage, ec2:CreateSnapshot, ec2:DeleteVolume,
>    ec2:DescribeConversionTasks, ec2:DescribeImages, ec2:DescribeSnapshots,
>    ec2:ImportVolume, ec2:ModifyImageAttribute and ec2:RegisterImage
>    on resource *
> 5. Create AWS Access Keys for the IAM user, and create a file in the format
> ACCESS_KEY_ID=AKIEXAMPLEEXAMPLE
> ACCESS_KEY_SECRET=EXAMPLEEXAMPLEEXAMPLEEXAMPLEEXAMPLE

Make sure there isn't any errant whitespace in the key file, because the
bsdec2-image-upload tool isn't smart enough to remove it.

And finally perform the build:

# cd /usr/src && make buildworld buildkernel
# cd /usr/src/release && make WITH_CLOUDWARE=YES \
      AWSKEYFILE=/root/aws.key AWSREGION=us-west-2 \
      AWSBUCKET=freebsd-release-staging EC2PUBLIC=YES ec2ami

(Omit EC2PUBLIC=YES if you just want to create a private AMI in
a single EC2 region.)

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid