← Home

Care and feeding of Amazon Linux

CON404, “Care and feeding of Amazon Linux”, is my chalk talk from AWS re:Invent 2018.

If you’re reading this while I’m giving my talk, bookmark this so you’ll have it later. It’ll all make sense soon enough.

Slides (PDF)

Image building scripts

The following scripts are released under the MIT No Attribution license.

Building a container image

View as plain text

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#!/bin/sh
# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0

# This script is to be run on an AL2 host (so it can use the existing yum
# configs).

# Come up with an image name, specific to today's date and the architecture
IMAGE="amzn2-container-raw-2.0.$(date -u +%Y%m%d)-$(uname -p).tar.xz"

# Create a root directory for yum to install into
ROOT=$(mktemp -d)

# Perform the yum install.
# * --installroot is most commonly used for building images.
# * --releasever must be set because system-release isn't installed in the
#   chroot yet.
# * This uses the yum repository definitions in /etc/yum.repos.d.
# * yum will look outside the chroot for the GPG key file if necessary.
yum --installroot=$ROOT --releasever=2 groupinstall -y container

# Clean up the yum cache.
rm -rf $ROOT/var/cache/yum/*

# cd into the chroot, then create a tarball at the old working directory.
(cd $ROOT; tar -cJvf $OLDPWD/$IMAGE .)

Building an AMI

View as plain text

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#!/bin/sh
# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0

# This script is to be run on an AL2 host (so it can use the existing yum
# configs).

# Come up with an image name, specific to today's date and the architecture
IMAGE="amzn2-ami-minimal-hvm-2.0.$(date -u +%Y%m%d)-$(uname -p).xfs.gpt"

# Generate a filesystem UUID, and create a 2 GB image on the filesystem.
UUID=$(uuidgen); truncate -s 2G $IMAGE

# Create the partition table:
# * partition 1, from sector 4096 to the end, Linux filesystem
# * partition 128, from sector 2048 to 4095, BIOS boot partition
sgdisk --clear -n 1:4096:0 -t 1:8300 -n 128:2048:4095 -t 128:ef02 $IMAGE

# kpartx creates block devices mapped to the partitions of the file. Take the
# third field of the first line and prepend /dev/mapper to get the block device
# path.
DEV=/dev/mapper/$(kpartx -avs $IMAGE | head -n 1 | awk '{ print $3 }')

# Create the XFS filesystem and a place to put it, then mount it.
mkfs.xfs -m uuid=$UUID $DEV; ROOT=$(mktemp -d); mount -o discard $DEV $ROOT

# Mount /dev, /proc, and /sys into the chroot. This is required for dracut
# generating the initramfs (as part of the yum install), grub2-install, and
# grub2-mkconfig.
mkdir $ROOT/{dev,proc,sys}; mount -t devtmpfs devtmpfs $ROOT/dev; \
    mount -t proc proc $ROOT/proc; mount -t sysfs sysfs $ROOT/sys

# Perform the yum install.
# * --installroot is most commonly used for building images.
# * --releasever must be set because system-release isn't installed in the
#   chroot yet.
# * This uses the yum repository definitions in /etc/yum.repos.d.
# * yum will look outside the chroot for the GPG key file if necessary.
yum --installroot=$ROOT --releasever=2 groupinstall -y ami-minimal

# Write an /etc/fstab, so that systemd remounts the root filesystem as
# read-write in early boot.
echo "UUID=$UUID / xfs defaults,noatime 1 1" > $ROOT/etc/fstab

# Copy over configuration files: network configuration, GRUB command line
# settings, and disabling SELinux.
for f in /etc/sysconfig/network /etc/sysconfig/network-scripts/{ifcfg,route}-eth0 \
    /etc/default/grub /etc/selinux/config; do cp -f $f $ROOT$f; done

# Install GRUB to the disk. The regex mess is for going from the partition block
# device path to the full disk path, and converts "/dev/mapper/loop0p1" to
# "loop0".
chroot $ROOT grub2-install /dev/$(sed -rn 's@^.*(loop[0-9]+).*$@\1@p' <<<$DEV)

# Generate a GRUB config and output it to the usual spot.
chroot $ROOT grub2-mkconfig -o /boot/grub2/grub.cfg

# Clean everything up!
rm -rf $ROOT/var/cache/yum/*; umount --recursive $ROOT; kpartx -ds $IMAGE