Date: Mon, 24 Nov 2014 01:41:45 -0800 From: Colin Percival <cperciva@freebsd.org> To: freebsd-cloud@freebsd.org Subject: Patches to support EC2 AMI building in base system Message-ID: <5472FD59.4040906@freebsd.org>
next in thread | raw e-mail | index | archive | help
Hi everyone, I have some patches to support building EC2 AMIs from the FreeBSD base system. I hope that these will be merged soon, but in the mean time you can apply them to your tree. My patches are based off gjb's release-vmimage branch, but they build images which take advantage of the 'growfs' rc.d script in HEAD (which hasn't been merged to gjb's branch) so you'll want to check out HEAD and then get gjb's release bits on top of that: svnlite co https://svn0.us-west.FreeBSD.org/base/head /usr/src svnlite co \ https://svn0.us-west.FreeBSD.org/base/projects/release-vmimage/release \ /usr/src/release-vmimage Then download and apply my patches to the release-vmimage bits: cd /usr/src/release-vmimage fetch http://people.freebsd.org/~cperciva/0-pkg-infrastructure.patch fetch http://people.freebsd.org/~cperciva/1-ec2-conf.patch fetch http://people.freebsd.org/~cperciva/2-ec2.ami.patch patch < 0-pkg-infrastructure.patch patch < 1-ec2-conf.patch patch < 2-ec2-ami.patch You'll also need my bsdec2-image-upload code: make -C /usr/ports/net/bsdec2-image-upload install clean Next you'll need to set up your AWS account to support importing a disk image and creating an AMI from it: 1. Create an S3 bucket in the region you want to use (in my case, us-west-2 aka. Oregon). I called mine "freebsd-release-staging". 2. Create a Lifecycle Rule on the bucket to Permanently Delete objects 1 day after the object's creation date. 3. Create an IAM user named "freebsd-release-upload". 4. Attach a Policy to the IAM user granting permission for: * s3:DeleteObject, s3:GetObject, and s3:PutObject on resource arn:aws:s3:::YOURBUCKETNAME/* * ec2:CopyImage, ec2:CreateSnapshot, ec2:DeleteVolume, ec2:DescribeConversionTasks, ec2:DescribeImages, ec2:DescribeSnapshots, ec2:ImportVolume, ec2:ModifyImageAttribute and ec2:RegisterImage on resource * 5. Create AWS Access Keys for the IAM user, and create a file in the format ACCESS_KEY_ID=AKIEXAMPLEEXAMPLE ACCESS_KEY_SECRET=EXAMPLEEXAMPLEEXAMPLEEXAMPLEEXAMPLE Finally, build world and kernel, and then the "ec2ami" target (with the appropriate parameters based on your AWS setup above): cd /usr/src && make buildkernel buildworld cd /usr/src/release-vmimage && make WITH_CLOUDWARE=YES \ AWSKEYFILE=/root/aws.key AWSREGION=us-west-2 \ AWSBUCKET=freebsd-release-staging EC2PUBLIC=YES \ ec2ami This will construct a disk image, import it into EC2, create a snapshot from it, register an AMI from that, copy the AMI to all the (publicly available) regions, and mark the AMIs as public. To skip the copying and marking of the AMIs as public, remove the "EC2PUBLIC=YES" part of the ec2ami make command. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5472FD59.4040906>