From nobody Fri Dec 16 00:10:53 2022 X-Original-To: freebsd-cloud@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NY8dk2CMGz4jZwM for ; Fri, 16 Dec 2022 00:11:06 +0000 (UTC) (envelope-from robballantyne3@gmail.com) Received: from mail-vs1-xe29.google.com (mail-vs1-xe29.google.com [IPv6:2607:f8b0:4864:20::e29]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NY8dj5XCxz4X0w for ; Fri, 16 Dec 2022 00:11:05 +0000 (UTC) (envelope-from robballantyne3@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-vs1-xe29.google.com with SMTP id a66so855958vsa.6 for ; Thu, 15 Dec 2022 16:11:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=YD2tUvFCkegdykr91Qi6Exh0FiHXzH4PIzAcIXo8ckE=; b=e+ibecgphUOAEsefyRW037jTy5aL4OkcEAqmnhUpUfXuQ1XXR6ScZu+fNm6UR0uyBa Tu4TJR/g5hEMTCxYwylJG46Srw3cZhQiiWsBb8xm8QsI6MYtlpqJWC8IZ0jVEeMfUNTQ lt3Skexd1Mzo12GKk1RbGi4QqeTHn84FfJASrFaTTDg0Cjqob3+rRXKjRdjjZcZT1mBP xBNGd/6h0vX4jAOIIBHDzCX+v6SkfnVxngWIvmYvQL9RPKzC7iE4MqlsbYfwLexY73lZ 17fMD/nO5zIpbHmxYdWUZD6eKb4FVjA33HWyawcD5JPvWyAfukI9jruoWZ+SFF4RAFW2 gFww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YD2tUvFCkegdykr91Qi6Exh0FiHXzH4PIzAcIXo8ckE=; b=RdielJp3qsFzL/oGi7GMz3vc7nV7UtMJIF57hHP/R3qWLgOeuHBbs8Qq3jRlX3azaH sWJNfXyLX44gdb1NdObNYLtxc3sym2kqltPXtjE81LKoe62bUk50wp0DemcuvfU6z23q ecvUGI47wmfdlWx8A+qbKAKJAMjDCP9tod4cnPb6IKC4Cpv2kBojWJA3GDpGHeFKhb9q lfpGpqSPMNKkgEcjxDfChJZj6aaiUve2QSmiE6webkSVqPfquhezR8EGAbqXsaMt5fOC E6q21GBNrRms62cTTzn0/L9AnxovH3N931li4Z50w4gs40xqKzpw7es5Fm+sdQ6huZsu gaFA== X-Gm-Message-State: ANoB5pnnQj4gBiWuURe6EQOvSyh054GHgUjOJqsC0fJUsQbQpz8rEzc9 G06hmE7d/VzhJ6dwkDeGcovBD6M+xKTc8/MSD6lUCi5j X-Google-Smtp-Source: AA0mqf5SDCAjQU8xhqHKPPLbYD19keA6ATkTiJyyt7rgRFjqgX+REHvrzaedDN/2jixX5U7/QoQtd4cEX4LAYNTDYDU= X-Received: by 2002:a05:6102:807:b0:3b0:cc5c:a3f7 with SMTP id g7-20020a056102080700b003b0cc5ca3f7mr26410867vsb.1.1671149464890; Thu, 15 Dec 2022 16:11:04 -0800 (PST) List-Id: FreeBSD on cloud platforms (EC2, GCE, Azure, etc.) List-Archive: https://lists.freebsd.org/archives/freebsd-cloud List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-cloud@freebsd.org MIME-Version: 1.0 References: In-Reply-To: From: Rob Ballantyne Date: Thu, 15 Dec 2022 16:10:53 -0800 Message-ID: Subject: Re: What is a VPC (google's specifically but it could be more general) really? To: leif@ofwilsoncreek.com Cc: freebsd-cloud@freebsd.org Content-Type: multipart/alternative; boundary="00000000000038b1af05efe6ce04" X-Rspamd-Queue-Id: 4NY8dj5XCxz4X0w X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N --00000000000038b1af05efe6ce04 Content-Type: text/plain; charset="UTF-8" Thank you Leif, I probably should have mentioned that I got the OpenVPN tunnel working as well. I was confused as to what was going on until I looked carefully at what Google had installed in the routing table and saw what ought to be a link local route (which would normally just be directed at a link#k entry in the Gateway Field) was actually directed to what I believe is the VPC router interface in the subnet (10.1.1.1 above). It's working now but I've got an uneasy feeling I haven't done it 'right.' If this were ordinary VLAN/Ethernet stuff, it would work like this too (I think) but it would be incurring an extra L3 hop through the router when it could have gone over the VLAN/Ethernet fabric direct. Thanks again! Rob On Thu, Dec 15, 2022 at 2:27 PM Leif Pedersen wrote: > Hi, > > I don't have a direct answer, but as a user I can confirm that OpenVPN in > layer 3 mode works for me. I simply haven't tried it in layer 2 mode with > GCE (because I've no need for layer 2 and it incurs the extra overhead of > broadcast packets). Layer 2 mode probably won't work anyway because the MTU > has to be reduced to 1460, unless you do that on all participating hosts. > Point is, if that's an option for you it might be worth exploring. > > As a side note, I configure the tun devices with the same IP address at > the vtnet device. That actually works perfectly, even though the two > endpoints are on wildly different networks, and avoids maintaining DNS > entries and routes for the point to point network. > > For example: > vtnet0: flags=8943 metric > 0 mtu 1460 > inet 10.1.2.3 netmask 0xffffffff broadcast 10.1.2.3 > inet 130.x.x.x netmask 0xffffffff broadcast 130.x.x.x > tun5000: flags=8051 metric 0 mtu 1500 > inet 10.1.2.3 --> 10.16.0.1 netmask 0xffffffff > > (The internal IP on my home router's ethernet interface is 10.16.0.1/16, > overlapping with its tun interface.) > > -Leif > > > > > > On Thu, Dec 15, 2022 at 4:03 PM Rob Ballantyne > wrote: > >> Hello, >> >> I have a question about what the internal structure and forwarding is >> within Google's VPCs. >> >> I started into a project using OpenVPN to bind my home network to an >> isolated VPC in Google's Cloud when I discovered the routing didn't work >> quite the way I thought. I had assumed that VPCs would look like a private >> VLAN (Layer2) into which Google's infrastructure would inject L3 router >> interfaces and/or ip/ethernet filters. >> >> I set up a private VPC and two test FreeBSD boxes to test and see >> exactly how VPC configures routing. >> >> First, I just used a standard install of 13.1 and the routing table >> after everything is up and configured looks like: >> >> ---- >> Internet: >> Destination Gateway Flags Netif Expire >> default 10.1.1.1 UGS vtnet0 >> 10.1.1.1 link#1 UHS vtnet0 >> 10.1.1.20 link#1 UH lo0 >> 127.0.0.1 link#2 UH lo0 >> ---- >> >> This looked a little unusual to me so (there was no link local route >> for all the addresses in the VPC), I commented out the rc.conf entry >> 'google_network_daemon_enable=YES' and setup the vtnet0 interface up >> manually with: 'ifconfig_vtnet0="inet 10.1.1.20 netmask 255.255.255.0"' >> The resulting routing table: >> >> ---- >> Internet: >> Destination Gateway Flags Netif Expire >> 10.1.1.0/24 link#1 U vtnet0 >> 10.1.1.20 link#1 UHS lo0 >> 127.0.0.1 link#2 UH lo0 >> ---- >> >> This configuration wasn't able to communicate. The latter routing table >> looks more usual though, with a 10.1.1.0/24 route to the local link. >> >> So, it appears to me that VPCs are really configured to be a >> point-to-point (star really) network where the Google router interface >> (10.1.1.1 in this case) has to handle all forwarding between nodes of a >> network. >> >> I've searched around the web to try and confirm this but there is scant >> detail on how exactly forwarding works within a single VPC. >> >> My VPN project involved using a bastion VPN host that would have >> terminated the VPN/SSL tunnel and routed traffic between my home network >> and the isolated network behind the bastion. >> >> Before I make final decisions on configuration, I wanted to know if my >> understanding is correct and whether there is any documentation on this >> that I've somehow missed. >> >> FreeBSD is, of course, the host of choice for this operation! >> >> If anyone does know any details, any info would be greatly appreciated. >> >> Many Thanks, >> Rob Ballantyne >> > --00000000000038b1af05efe6ce04 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thank you Leif,

=C2=A0 I probably should have mentione= d that I got the OpenVPN tunnel working as well.=C2=A0 I was confused as to= what was going on until I looked carefully at what Google had installed in= the routing table and saw what ought to be a link local route (which would= normally just be directed at a link#k entry in the Gateway Field) was actu= ally directed to what I believe is the VPC router interface in the subnet (= 10.1.1.1 above).

=C2=A0 It's working now but I've got an une= asy feeling I haven't done it 'right.'=C2=A0 If this were ordin= ary VLAN/Ethernet stuff, it would work like this too (I think) but it would= be incurring an extra L3 hop through the router when it could have gone ov= er the VLAN/Ethernet fabric direct.

=C2=A0 Thanks again!
Rob
<= /div>
O= n Thu, Dec 15, 2022 at 2:27 PM Leif Pedersen <leif@ofwilsoncreek.com> wrote:
Hi,

I don't have a direct answer, but as a user I can confirm that OpenV= PN in layer 3 mode works for me. I simply haven't tried it in layer 2 m= ode with GCE (because I've no need for layer 2 and it incurs the extra = overhead of broadcast packets). Layer 2 mode probably won't work anyway= because the MTU has to be reduced to 1460, unless you do that on all parti= cipating hosts. Point is, if that's an option for you it might be worth= exploring.

As a side note, I configure the tun de= vices with the same IP address at the vtnet device. That actually works per= fectly, even though the two endpoints are on wildly different networks, and= avoids maintaining DNS entries and routes for the point to point network.<= /div>

For example:
vtnet0: flags=3D8943<UP,= BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1460
=
=C2=A0 =C2=A0 inet 10.1.2.3 netmask 0xffffffff broadcast 10.1.2.3
= =C2=A0 =C2=A0 inet 130.x.x.x netmask 0xffffffff broadcast 130.x.x.x
tun5= 000: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500=
=C2=A0 =C2=A0 inet 10.1.2.3 --> 10.16.0.1 netmask 0xffffffff

(The internal IP on my home router's ethernet int= erface is 10.16.0.1/16, overlapping with its tun interface.)


On Thu, Dec 15= , 2022 at 4:03 PM Rob Ballantyne <robballantyne3@gmail.com> wrote:
Hello,

= =C2=A0 I have a question about what the internal structure and forwarding i= s within Google's VPCs.

=C2=A0 I started into a project using = OpenVPN to bind my home network to an isolated VPC in Google's Cloud wh= en I discovered the routing didn't work quite the way I thought.=C2=A0 = I had assumed that VPCs would look like a private VLAN (Layer2) into which = Google's infrastructure would inject L3 router interfaces and/or ip/eth= ernet filters.

=C2=A0 I set up a private VPC and two test FreeBSD bo= xes to test and see exactly how VPC configures routing.=C2=A0=C2=A0

= =C2=A0 First, I just used a standard install of 13.1 and the routing table = after everything is up and configured looks like:

----
Internet:Destination =C2=A0 =C2=A0 =C2=A0 =C2=A0Gateway =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0Flags =C2=A0 =C2=A0 Netif Expire
default =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A010.1.1.1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 UGS =C2= =A0 =C2=A0 =C2=A0vtnet0
10.1.1.1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 link= #1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 UHS =C2=A0 =C2=A0 =C2=A0vtnet0=
10.1.1.20 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0link#1 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 UH =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0
127.0.0.1= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0link#2 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 UH =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0
----

=C2=A0 This looked a little unusual to me so (th= ere was no link local route for all the addresses in the VPC), I commented = out the rc.conf entry 'google_network_daemon_enable=3DYES' and setu= p the vtnet0 interface up manually with: 'ifconfig_vtnet0=3D"inet = 10.1.1.20 netmask 255.255.255.0"'=C2=A0 The resulting routing tabl= e:

----
Internet:
Destination =C2=A0 =C2=A0 =C2=A0 =C2=A0Gateway= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Flags =C2=A0 =C2=A0 Netif Expire<= br>10.1.1.0/24 =C2=A0 = =C2=A0 =C2=A0 =C2=A0link#1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 U =C2= =A0 =C2=A0 =C2=A0 =C2=A0vtnet0
10.1.1.20 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0link#1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 UHS =C2=A0 =C2=A0 =C2= =A0 =C2=A0 lo0
127.0.0.1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0link#2 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 UH =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo= 0
----

=C2=A0 This configuration wasn't able to communicate= . The latter routing table looks more usual though, with a 10.1.1.0/24 route to the local link.
=
=C2=A0 So, it appears to me that VPCs=C2=A0are really configured to b= e a point-to-point (star really) network where the Google router interface = (10.1.1.1 in this case) has to handle all forwarding between nodes of a net= work.

=C2=A0 I've searched around the web to try and confirm thi= s but there is scant detail on how exactly forwarding works within a single= VPC.

=C2=A0 My VPN project involved using a bastion VPN host that w= ould have terminated the VPN/SSL tunnel and routed traffic between my home = network and the isolated network behind the bastion.

=C2=A0 Before = I make final decisions on configuration, I wanted=C2=A0to know if my unders= tanding is correct and whether there is any documentation on this that I= 9;ve somehow missed.

=C2=A0 FreeBSD is, of course, the host of choic= e for this operation!

=C2=A0 If anyone does know any details, any in= fo would be greatly appreciated.

Many Thanks,
Rob Ballantyne
<= /div>
--00000000000038b1af05efe6ce04-- From nobody Mon Mar 6 02:15:33 2023 X-Original-To: freebsd-cloud@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PVMcZ4kyxz3wGHx for ; Mon, 6 Mar 2023 02:15:42 +0000 (UTC) (envelope-from meta@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PVMcZ4GPvz3BnN; Mon, 6 Mar 2023 02:15:42 +0000 (UTC) (envelope-from meta@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678068942; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=VW9dChPKi8BCYUhnrEJBgEegap7zASsRJGQF4e7pxSg=; b=SBTszqp/z/IwHdIl/mdpKPnMZdSFT+co+Gg8QnO+7ZBm7wZOVI3d8gICRCtwQKQhDVKVgl 7OreeLmYYbetJyNdmCYGBPb1uCkDOsTSnjfERVVaiemQPTuHODQrpJ/VbY23AgUnusmeVS TqSCi8soCYbNB9R4gmIdo5u6eae9OlpaYbbGQBksFJnEeIP+a0jc8z1QceREwMrWHMRTVe wulC36eWVFKIlqvHEYitBFZjIylROj/OnA/123Bi5hralyDKk7txltILyJgACmvJRR0nOM 29eYO4RBbWMynAAA8Mhzl9F14O3hOZzIfUhuit/o62szLtdkPsCSmMgWeDgIqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678068942; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=VW9dChPKi8BCYUhnrEJBgEegap7zASsRJGQF4e7pxSg=; b=s8GQ55ArFE8te7Bthy504aBB8BCGXaq7Ge4/WMXDRZwP8Xhgm/I2Z4tVl12WQ3W5tfQCOD lBJtj+mDOowlxSJ8iHP3bfGtBf1jSx0J+EODuOl28gg7VHNgwoAN7qcB2e0LH9DQjR7Zmz J6v9fyKQjTnffu35omJWg77mtu8Y+IefEQ2U5Hf322WSdmUchXMWsO2u2A7RGVfWVMWOZO SColpVIG/HBP6NW+g0ARfO/Dz0EK62Mn0kMviBxiieRZQl268tlAjhNs1psS6JYGuu/o3/ fixcEa7j42luaDTZHQiYWNVqOFFT6KYvG0l/RoPLOKErGem/E0Y7S0lORFE+IQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1678068942; a=rsa-sha256; cv=none; b=ymsyKzmfC5B13WvKfH4xrG7k55o/7peLN3j6Ctwoljf4WfkNUtKYNvZNQAqd34jLcdHeIL FRkMeAKptElm1MI3HLpa/8f/JjTCaxtn9i3iTL7zuHpywWO5BRNgUNuhlxaU0hNkYKIIJ9 CUMVvTJuIrVuG11t+PSoDWMifExQVDoVPyb0FPxOIkqImMi+MVKEyjAhorLJHwZnHKk5Ng gOM7Jzmo55YIpm2j0iRl8Oc8j0YDXM6PiYbOkqP7iuqpPHyfiRRH//KwQHM+oSEV4iVwD8 wJIou+PkVGmIgm8xEdk2+VLhSNCYY36QgN/6dqVJQ8u6YfwXcKQxay5um9XMZQ== Received: from icepick.vmeta.jp (unknown [IPv6:2403:bd80:c100:411:911b:1dab:8985:dd4a]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: meta/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4PVMcY4XV4ztSw; Mon, 6 Mar 2023 02:15:41 +0000 (UTC) (envelope-from meta@FreeBSD.org) Date: Mon, 6 Mar 2023 11:15:33 +0900 From: Koichiro Iwao To: freebsd-cloud@FreeBSD.org Subject: How are official EC2 images built? Message-ID: <20230306021533.ght5ouvxg6zrihfr@icepick.vmeta.jp> X-Operating-System: FreeBSD 13.2-STABLE amd64 List-Id: FreeBSD on cloud platforms (EC2, GCE, Azure, etc.) List-Archive: https://lists.freebsd.org/archives/freebsd-cloud List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-cloud@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-ThisMailContainsUnwantedMimeParts: N Hi, Does anyone how offical EC2 images [1] are built? I mean if the build script is public. I would like to create private custom images with some customization based on official image. [1] https://aws.amazon.com/marketplace/seller-profile?id=92bb514d-02bc-49fd-9727-c474863f63da&ref=dtl_prodview-ukzmy5dzc6nbq -- meta From nobody Mon Mar 6 02:30:40 2023 X-Original-To: freebsd-cloud@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PVMyF6xlTz3wH3N for ; Mon, 6 Mar 2023 02:31:01 +0000 (UTC) (envelope-from pat@patmaddox.com) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PVMyF130kz3Dsh for ; Mon, 6 Mar 2023 02:31:01 +0000 (UTC) (envelope-from pat@patmaddox.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=patmaddox.com header.s=fm3 header.b=M7pClutx; dkim=pass header.d=messagingengine.com header.s=fm1 header.b="a gVNFiu"; spf=pass (mx1.freebsd.org: domain of pat@patmaddox.com designates 66.111.4.28 as permitted sender) smtp.mailfrom=pat@patmaddox.com; dmarc=none Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 8A3605C00F5; Sun, 5 Mar 2023 21:31:00 -0500 (EST) Received: from imap41 ([10.202.2.91]) by compute2.internal (MEProxy); Sun, 05 Mar 2023 21:31:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=patmaddox.com; h=cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm3; t= 1678069860; x=1678156260; bh=1acgjJJImjGQuq2pmqIHYttPwksntoZ9848 PM/Xbkzc=; b=M7pClutxpCuq7QLuCC8WWwN5iN2mOQgYic/SG/HP9w4gdp/Kxuu 9he723uOMqpRklNlAwaoy3TRQ5tJusex09L2DicK9PQbBwByQkJpDoPxVfA4x8Wq QmdUSluTL5O5vwTfNztYZ7jZf7pzzOJFq79xA5UXDH8+LSgq6tQTcFUGe+3H50Tf Ak/pa4lCCG+2YtA9EemrcGGQxEghlcVVMXL1h/94BATZLh2sDoz6XsF0iXsTtol+ YyTpbciA6FIwz+K9AH1BdRhm84qHos8bzTkBNu9OyaBT6TXERTZp+/rMSSJQs2vg B4PucCpjjqgRTW9E9jN6sD+/KGXek2bhY3w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1678069860; x= 1678156260; bh=1acgjJJImjGQuq2pmqIHYttPwksntoZ9848PM/Xbkzc=; b=a gVNFiuet0WUVSAh/ra1clhXC0akcC7Ptd5alZEBavD2GE1bD8UEGX49R3na73zfe w7+MXOcT0AAT44t8rT+rfA8Hg9JpJKkWepbDOlCUIY6krsJcY+TeKe5rhjU9DGef ADNRHzeQKvYfYukggUNgCIqHzlR6umdG80jtXxaegeMuoyRZoYBwzbcYmHu7j7de o0Od/LcfqUwklkKYZwExIu3Q2RbzPI00p9Jqcidxph6IBxxQX0PAiqDKL3Gbojtv eLkC/QxxPJQQfrzpN6keG3BmXZzy/9Gv1KvZ+mAsrz4//DPBYSNDB+pozfbuWtJi 4wwuqsZ1wzfS2mUzrrE+w== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvddthedggeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepfdfrrghtucforgguughogidfuceophgrthesphgrthhm rgguughogidrtghomheqnecuggftrfgrthhtvghrnhepleduleetteefueeivdffleelle etjeetvdekudefgfeitedtuddtteejueevhedunecuffhomhgrihhnpehfrhgvvggsshgu rdhorhhgpdhgihhthhhusgdrtghomhdprghmrgiiohhnrdgtohhmnecuvehluhhsthgvrh fuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphgrthesphgrthhmrgguugho gidrtghomh X-ME-Proxy: Feedback-ID: i8b6c40f9:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 33570234007B; Sun, 5 Mar 2023 21:31:00 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-183-gbf7d00f500-fm-20230220.001-gbf7d00f5 List-Id: FreeBSD on cloud platforms (EC2, GCE, Azure, etc.) List-Archive: https://lists.freebsd.org/archives/freebsd-cloud List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-cloud@freebsd.org Mime-Version: 1.0 Message-Id: In-Reply-To: <20230306021533.ght5ouvxg6zrihfr@icepick.vmeta.jp> References: <20230306021533.ght5ouvxg6zrihfr@icepick.vmeta.jp> Date: Sun, 05 Mar 2023 18:30:40 -0800 From: "Pat Maddox" To: freebsd-cloud@freebsd.org Subject: Re: How are official EC2 images built? Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-3.19 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MV_CASE(0.50)[]; R_DKIM_ALLOW(-0.20)[patmaddox.com:s=fm3,messagingengine.com:s=fm1]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.28]; RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.28:from]; MIME_GOOD(-0.10)[text/plain]; RWL_MAILSPIKE_GOOD(-0.10)[66.111.4.28:from]; XM_UA_NO_VERSION(0.01)[]; FREEFALL_USER(0.00)[pat]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[patmaddox.com]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_NONE(0.00)[]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[patmaddox.com:+,messagingengine.com:+]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-cloud@freebsd.org] X-Rspamd-Queue-Id: 4PVMyF130kz3Dsh X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N https://cgit.freebsd.org/src/tree/release/Makefile.ec2 https://cgit.freebsd.org/src/tree/release/tools/ec2.conf I have opted to build images a bit differently, not using the stuff in s= rc/release. I=E2=80=99ve done two approaches. The first is to attach a second disk to an EC2 instance, install FreeBSD= onto it with customizations, and then image the disk (https://gist.gith= ub.com/patmaddox/9f20edcb50ff15fa9edd1d4e38d07e50). The way I=E2=80=99m doing it now is to use poudriere to make an img file= , and then upload that image to S3, snapshot it (aws ec2 import-snapshot= =E2=80=93disk-container Format=3Draw,Url=3Ds3://mybucket/myimage.img) a= nd finally make an AMI from that snapshot. The stuff in src/release is good for knowing what changes to make to con= fig files, or packages to install. Pat On Sun, Mar 5, 2023, at 6:15 PM, Koichiro Iwao wrote: > Hi,=20 > > Does anyone how offical EC2 images [1] are built? > I mean if the build script is public. I would like to create private > custom images with some customization based on official image. > > [1]=20 > https://aws.amazon.com/marketplace/seller-profile?id=3D92bb514d-02bc-4= 9fd-9727-c474863f63da&ref=3Ddtl_prodview-ukzmy5dzc6nbq > > --=20 > meta From nobody Mon Mar 6 02:31:29 2023 X-Original-To: freebsd-cloud@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PVMzB11Fsz3wGwS for ; Mon, 6 Mar 2023 02:31:50 +0000 (UTC) (envelope-from pat@patmaddox.com) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PVMz95Gwdz3F37 for ; Mon, 6 Mar 2023 02:31:49 +0000 (UTC) (envelope-from pat@patmaddox.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=patmaddox.com header.s=fm3 header.b=k+K48mZf; dkim=pass header.d=messagingengine.com header.s=fm1 header.b="E mEX5hf"; spf=pass (mx1.freebsd.org: domain of pat@patmaddox.com designates 66.111.4.28 as permitted sender) smtp.mailfrom=pat@patmaddox.com; dmarc=none Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id A23305C00C1; Sun, 5 Mar 2023 21:31:49 -0500 (EST) Received: from imap41 ([10.202.2.91]) by compute2.internal (MEProxy); Sun, 05 Mar 2023 21:31:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=patmaddox.com; h=cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm3; t= 1678069909; x=1678156309; bh=42FPRap9hSJ/tKtAnOLycS5Xj2+SagwAyV/ ofeBkbM0=; b=k+K48mZfmGdWMd7EC5HhAofv1Qxo4Tla8bmMBARdLEyCIcAwHdk zRe49IAlmRKlQl/fxZaY+BEgFfNMVlwjSZEJ8ITUF7AKvvAlInO+MN51FnC8nUsG +AhJ/F0niWNhGNwAiKMd8DB+BLmArBYVx+f2Auz5eJUfqyv9bokf+ZsGZCP2FTU5 znL2KOSk/fehRmhxVnzB2Zi/CzO6VPDtTwYpSxSsmMTvGeoz060/gq0iLyk2bS9r 6rnkVOo5BIYHITU3XN+yip+GPQmgxbzhPLMgBzOQ/fxE8NXTNvgMgoAGJtAgYH/T U8/JbD2lr3TOtqMBhe4IJuhIkNimFr9G6Jg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1678069909; x= 1678156309; bh=42FPRap9hSJ/tKtAnOLycS5Xj2+SagwAyV/ofeBkbM0=; b=E mEX5hf/vy9dni56XQ8+TvOW4EReB22rvhXVZWndT0XS1PDQS4J1t06azrlSorsPM GWm0cVdqtHyf4Y+4c2C+iFqKTfRG/cSa3vTeOL8qc1RmL9icx0f4nT88eIePgpTD 71j03FdsD1kCfANlZUokaIwalQ7G3ZUZ7cZrSS4Eb5/PLfi+igfb3CrpufKXaEB+ f7SeocNVcy+vVE6tntyvD7f+gJ2Ybx1GvgAjOjAQjXkrOyxh/zQd8d5v6pnePukL wJazWWBuIDcjsxm05/gPaCLa0KYPTNl+F2dZNBp2/t2qzZyB04jKxQHdMbbcNpg4 2z0tc4ZmSb8YE1M5q2izQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvddthedggeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepfdfrrghtucforgguughogidfuceophgrthesphgrthhm rgguughogidrtghomheqnecuggftrfgrthhtvghrnhepleduleetteefueeivdffleelle etjeetvdekudefgfeitedtuddtteejueevhedunecuffhomhgrihhnpehfrhgvvggsshgu rdhorhhgpdhgihhthhhusgdrtghomhdprghmrgiiohhnrdgtohhmnecuvehluhhsthgvrh fuihiivgepudenucfrrghrrghmpehmrghilhhfrhhomhepphgrthesphgrthhmrgguugho gidrtghomh X-ME-Proxy: Feedback-ID: i8b6c40f9:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 67C77234007B; Sun, 5 Mar 2023 21:31:49 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-183-gbf7d00f500-fm-20230220.001-gbf7d00f5 List-Id: FreeBSD on cloud platforms (EC2, GCE, Azure, etc.) List-Archive: https://lists.freebsd.org/archives/freebsd-cloud List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-cloud@freebsd.org Mime-Version: 1.0 Message-Id: <39256c80-e375-44cf-9840-66eb8a43db2e@app.fastmail.com> In-Reply-To: References: <20230306021533.ght5ouvxg6zrihfr@icepick.vmeta.jp> Date: Sun, 05 Mar 2023 18:31:29 -0800 From: "Pat Maddox" To: freebsd-cloud@freebsd.org Subject: Re: How are official EC2 images built? Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-3.19 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MV_CASE(0.50)[]; R_DKIM_ALLOW(-0.20)[patmaddox.com:s=fm3,messagingengine.com:s=fm1]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.28:c]; RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.28:from]; MIME_GOOD(-0.10)[text/plain]; RWL_MAILSPIKE_GOOD(-0.10)[66.111.4.28:from]; XM_UA_NO_VERSION(0.01)[]; FREEFALL_USER(0.00)[pat]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[patmaddox.com]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_NONE(0.00)[]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[patmaddox.com:+,messagingengine.com:+]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-cloud@freebsd.org] X-Rspamd-Queue-Id: 4PVMz95Gwdz3F37 X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N One thing I left out - with the second approach I shared, you have to ma= ke the AMI with UEFI mode. -Pat On Sun, Mar 5, 2023, at 6:30 PM, Pat Maddox wrote: > https://cgit.freebsd.org/src/tree/release/Makefile.ec2 > > https://cgit.freebsd.org/src/tree/release/tools/ec2.conf > > I have opted to build images a bit differently, not using the stuff in=20 > src/release. I=E2=80=99ve done two approaches. > > The first is to attach a second disk to an EC2 instance, install=20 > FreeBSD onto it with customizations, and then image the disk=20 > (https://gist.github.com/patmaddox/9f20edcb50ff15fa9edd1d4e38d07e50). > > The way I=E2=80=99m doing it now is to use poudriere to make an img fi= le, and=20 > then upload that image to S3, snapshot it (aws ec2 import-snapshot=20 > =E2=80=93disk-container Format=3Draw,Url=3Ds3://mybucket/myimage.img) = and finally=20 > make an AMI from that snapshot. > > The stuff in src/release is good for knowing what changes to make to=20 > config files, or packages to install. > > Pat > > On Sun, Mar 5, 2023, at 6:15 PM, Koichiro Iwao wrote: >> Hi,=20 >> >> Does anyone how offical EC2 images [1] are built? >> I mean if the build script is public. I would like to create private >> custom images with some customization based on official image. >> >> [1]=20 >> https://aws.amazon.com/marketplace/seller-profile?id=3D92bb514d-02bc-= 49fd-9727-c474863f63da&ref=3Ddtl_prodview-ukzmy5dzc6nbq >> >> --=20 >> meta From nobody Mon Mar 6 02:54:24 2023 X-Original-To: freebsd-cloud@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PVNTM2pKQz3wJ75 for ; Mon, 6 Mar 2023 02:54:31 +0000 (UTC) (envelope-from meta@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PVNTM2LX9z3G5Z; Mon, 6 Mar 2023 02:54:31 +0000 (UTC) (envelope-from meta@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678071271; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5aQ2bAfOugtNfqruYD551/BVB2mpqw/NhOC4KMwKpLY=; b=ME7pEY3Xz6cUpo5RzKptrrtR6k1HxkSK1r+cDpNfqSRmEwS4cQd2Xq9ulcfpni156nO4Ij 82UPoFC7C6ag1JZHo2x0JdAspIEqkhqnECaBDMPnRAkbZ+g6hgMryOeZl82PGTS09/jO+3 cejURPW8O44McrJ6bwyGKPAkDEL2ZK5Xf1+IB3U4d9cgutP+y6aVBz6QhdN4/5gYSYoWQT t0TK2OGdq2gBpAJ+vRLjE+tQORZ5cMryiAeaUXeTex0N16y+Sd7b3x0yC3dU0fM5M+CkQv ydh8AfygbVWbYdcQMgqIT/jN2kHOMJK8G22f6YLxQ7J6bIYf5YnnweF4/YxTDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678071271; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5aQ2bAfOugtNfqruYD551/BVB2mpqw/NhOC4KMwKpLY=; b=CQ/kXc7phn2uXssTxFlAT9eknJBna8ObPC9JaxCWVrkBS7izfiqbcA1Ns4WlAEZ5410Q28 iWWa22Xgsn2KP8kqp6cEDsUP5x/6aJ9O6NjB25/48Hm4pz+eCHqpKXUFChoEYg7kLvk6xN kusf9GV5a1V+PKdYk+hp8XYHTj1fgHD8zc8CwV8NtlCNXo7GMugcHLgXj6oidyVaqMtwko KbCIuYSoK0+xznHJqHKuEkZgnLttJdJojo8On6FNY4wEIFmXXwLt4C2cY6mQOaEQEjKeAO zVQcjpNAVZOxqJhpJ1xyeDFs+pz5IlFtXdzstjC74uvSC2EP/aLuWiTpiooM/Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1678071271; a=rsa-sha256; cv=none; b=haTnIIkLKSv986u4cRIPnpc3xdkelhnCjVTa3FDX/2gsw51KD0uoE5zohjXxCaAk/6EqXE v3ewGW+dFu5MNMv6D+TnwMu1VbtW+5tqE7S6hWt7vszJ4N4JDSPJyrfwBKxIOVh+9LV9UH rEzmJmkqYuXuXkcNl4WRJ7tlHPatOby37y4cxl19Uh9vzVk55ZX6HaPyFyWkv8XuW0z/Im plvSC1sbGoVFVt/yyLNNzUdcbWyZKkacWLUUGoeGecu4j1W5FsG7s2spGsJAUizNPgfou6 6C3mojaRei4V6nalBhvmL03dE4jdBClMvPq/OPwAY8bXWdFwmp1oA44d0H2qkQ== Received: from icepick.vmeta.jp (unknown [IPv6:2403:bd80:c100:411:911b:1dab:8985:dd4a]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: meta/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4PVNTL1XxsztlB; Mon, 6 Mar 2023 02:54:30 +0000 (UTC) (envelope-from meta@FreeBSD.org) Date: Mon, 6 Mar 2023 11:54:24 +0900 From: Koichiro Iwao To: Pat Maddox Cc: freebsd-cloud@freebsd.org Subject: Re: How are official EC2 images built? Message-ID: <20230306025424.jx3rihykbswl4uk2@icepick.vmeta.jp> X-Operating-System: FreeBSD 13.2-STABLE amd64 References: <20230306021533.ght5ouvxg6zrihfr@icepick.vmeta.jp> List-Id: FreeBSD on cloud platforms (EC2, GCE, Azure, etc.) List-Archive: https://lists.freebsd.org/archives/freebsd-cloud List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-cloud@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-ThisMailContainsUnwantedMimeParts: N Thanks for the quick response! Both are definitely useful. On Sun, Mar 05, 2023 at 06:30:40PM -0800, Pat Maddox wrote: > https://cgit.freebsd.org/src/tree/release/Makefile.ec2 > > https://cgit.freebsd.org/src/tree/release/tools/ec2.conf > > I have opted to build images a bit differently, not using the stuff in src/release. I’ve done two approaches. > > The first is to attach a second disk to an EC2 instance, install FreeBSD onto it with customizations, and then image the disk (https://gist.github.com/patmaddox/9f20edcb50ff15fa9edd1d4e38d07e50). > > The way I’m doing it now is to use poudriere to make an img file, and then upload that image to S3, snapshot it (aws ec2 import-snapshot –disk-container Format=raw,Url=s3://mybucket/myimage.img) and finally make an AMI from that snapshot. > > The stuff in src/release is good for knowing what changes to make to config files, or packages to install. > > Pat > > On Sun, Mar 5, 2023, at 6:15 PM, Koichiro Iwao wrote: > > Hi, > > > > Does anyone how offical EC2 images [1] are built? > > I mean if the build script is public. I would like to create private > > custom images with some customization based on official image. > > > > [1] > > https://aws.amazon.com/marketplace/seller-profile?id=92bb514d-02bc-49fd-9727-c474863f63da&ref=dtl_prodview-ukzmy5dzc6nbq > > > > -- > > meta > -- meta From nobody Mon Mar 6 14:08:51 2023 X-Original-To: freebsd-cloud@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PVgRc474xz3wwx0 for ; Mon, 6 Mar 2023 14:09:00 +0000 (UTC) (envelope-from meta@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PVgRc3WqLz3QPh; Mon, 6 Mar 2023 14:09:00 +0000 (UTC) (envelope-from meta@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678111740; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=nsZEQVTjaZ4VD3FMO4Z2C19mPUsffqHHMt/Xq65xBAg=; b=Z2TzgzRP+k3kRVzhxHjeN5DFU1tRG2K6T9I9REfJEpYcrlE9F7DMuhfJgeE83A46A6bg6V qIP5FemROgT2Y8l1qyMNIisBL0kIyDeDqMgyImD9Cpj1oz5jNJMeZJdf+1JwogFZna0WIN rbdbMZRm57om4qCDhEX4APwOoPlf5q9t9IM5CMOvntjIDnzAe4i5JHaD3I4E0ci2WR64Se nuVSI/lIr9xeQ9XsUalZKQFmwQ4EwwThwsYjZPbxErtm/JgFA51JKAP7EFs0Rx9qcEUfff aAixFJqbHp5M7ats6i5xVsbzfXOasjZ1zWjmWUiFLCrdkl4phgWJhlRk+pbGRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678111740; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=nsZEQVTjaZ4VD3FMO4Z2C19mPUsffqHHMt/Xq65xBAg=; b=gwKb6OCCf70898A0Ecvr9SbQ83AJQenbqS25LOU+AgFlpE1Iwkr7203d9+c+up06+Ue7F4 ZQvRs7BJwuvYrF5vFMdCI5JSyrwilvuVzNmrB8fVKMkg4ldowjWundQgO0UidEMadFIQAI NDQnXV7M7WMBC4A9HRiz800oVO1UXnC12Ew59V4skBkAiJXHZjmGR4uveDgq6RfEtHUI+u jtZy/v4d/+5Gzg+uqbY6ukOWqpd2vemgwVbHAq/O+HRD65CVBDySOf0wcJ6PjZg1RPwH82 Mu2LKVPQm8jqawsXBam/mRb/CsPCdQJrDmT5JT9Fw2HqLwm9ztsr35tTGHel+g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1678111740; a=rsa-sha256; cv=none; b=HhDF7jIzHAU9J4W1/X5LivkIrOmGgCkwC8S1jxLgK8lwlf9IzRSgyAmeycY3Gr6PG0x5Pq 69XblVnWLKvSr983tHtqKhx0T5KgWY2I5DAWXYJhhu7nldKCcjiwumLwyBTzRkKAQth1dM rLp+gl7NaRAsL7HrEc4hx/2dlhcuOxLak0GZT5Y0aRyQVJ/8grrLtYMRH7Z/aUD+mHbmLb 3VSmHq7PfiWVbD0V2aDVfzmktNmW5mvHRl321yIVqC0dfQuX08AvKVI/6NiykSYjayY7j0 JKaOnBNKREgin7z3zoPbtsphnQlv8B/BcoMcA6k/G0z/foK6jzn/kfncLx9G0g== Received: from icepick.vmeta.jp (unknown [IPv6:2403:bd80:c100:411:e10f:5f62:d735:93a1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: meta/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4PVgRb2McZz16WN; Mon, 6 Mar 2023 14:08:59 +0000 (UTC) (envelope-from meta@FreeBSD.org) Date: Mon, 6 Mar 2023 23:08:51 +0900 From: Koichiro Iwao To: Colin Percival Cc: freebsd-cloud@FreeBSD.org Subject: Re: How are official EC2 images built? Message-ID: <20230306140851.hduau66beidb7rne@icepick.vmeta.jp> X-Operating-System: FreeBSD 13.2-STABLE amd64 References: <20230306021533.ght5ouvxg6zrihfr@icepick.vmeta.jp> <01000186b5b4a976-9499f902-9004-4929-a9b3-6d6db764dc76-000000@email.amazonses.com> List-Id: FreeBSD on cloud platforms (EC2, GCE, Azure, etc.) List-Archive: https://lists.freebsd.org/archives/freebsd-cloud List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-cloud@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <01000186b5b4a976-9499f902-9004-4929-a9b3-6d6db764dc76-000000@email.amazonses.com> X-ThisMailContainsUnwantedMimeParts: N On Mon, Mar 06, 2023 at 06:56:01AM +0000, Colin Percival wrote: > On 3/5/23 18:15, Koichiro Iwao wrote: > > Does anyone how offical EC2 images [1] are built? > > They are built using the `make ec2ami` target in the src/release directory. > That target builds a disk image and then converts it into an AMI using the > bsdec2-image-upload utility (available in the ports tree). > > > I mean if the build script is public. I would like to create private > > custom images with some customization based on official image. > > I wrote about some of the options a few years ago: > https://www.daemonology.net/blog/2018-12-26-the-many-ways-to-launch-FreeBSD-in-EC2.html > > I'm guessing the AMI Builder option will best suit your need for "some > customization" but if you need to make changes to the base system then > you'll > want to use `make ec2ami`. Thanks, what I actually wanted to create is a qcow2 image with cloud-init/firstboot enabled to be run by vm-bhyve, removing EC2-specific stuffs from official EC2 images. I'll try to make EC2 images next. Anyway, it helps a lot. Thanks! -- meta