build-ubuntu-ami 0.1.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. data/README.md +8 -0
  2. data/bin/build-ubuntu-ami +1 -0
  3. data/data/user_data.sh.erb +20 -2
  4. data/lib/build_ubuntu_ami.rb +2 -4
  5. metadata +3 -3
data/README.md CHANGED
@@ -26,3 +26,11 @@ It works as follows:
26
26
  Booting and logging in to a system offers many opportunities to leak secret credentials (even if you [delete them](http://alestic.com/2009/09/ec2-public-ebs-danger)). Creating an AMI from a pristine image rather than a running root volume obviates the need to remove leaked credentials.
27
27
 
28
28
  This script does not need a private key & cert for credentials. It uses the AWS Access Key ID and Secret Access Key.
29
+
30
+ ## Troubleshooting
31
+
32
+ If you're running into an issue where you need to run CLI commands, its helpful to ssh to the instance and enter into the chroot environment. Do the following:
33
+
34
+ $ cd /mnt/$IMAGE_NAME
35
+ $ sudo chroot . /bin/bash
36
+
data/bin/build-ubuntu-ami CHANGED
@@ -16,6 +16,7 @@ OptionParser.new do |opts|
16
16
  opts.on('-c', '--codename=CODENAME', "Ubuntu release codename (#{options[:codename]})") { |o| options[:codename] = o }
17
17
  opts.on('-k', '--key_name=KEY_NAME', "EC2 key name for scratch AMI (#{options[:key_name]})") { |o| options[:key_name] = o }
18
18
  opts.on('-g', '--group=GROUP', "EC2 security group for scratch AMI (#{options[:group]})") { |o| options[:group] = o }
19
+ opts.on('-a', '--arch=ARCH', "Processor architecture for scratch AMI (#{options[:arch]})") { |o| options[:arch] = o }
19
20
 
20
21
  opts.on('-h', '--help', 'Show this message') { puts opts; exit }
21
22
  end.parse!
data/data/user_data.sh.erb CHANGED
@@ -13,16 +13,21 @@ mkdir -p $imagedir
13
13
  mount -o loop $image $imagedir
14
14
 
15
15
  # Allow network access from chroot environment
16
+ # cp fails because the symlink reference doesn't exist. Create a backup for now.
17
+ if [ -e $imagedir/etc/resolve.conf ]; then mv $imagedir/etc/resolv.conf $imagedir/etc/resolv.conf.bak; fi
16
18
  cp /etc/resolv.conf $imagedir/etc/
17
19
 
18
20
  # Upgrade and install packages on the target file system
19
21
  chroot $imagedir mount -t proc none /proc
20
- #sudo chroot $imagedir mount -t devpts none /dev/pts
22
+
23
+ # prevent daemons from starting during apt-get
21
24
  cat <<EOF | tee $imagedir/usr/sbin/policy-rc.d > /dev/null
22
25
  #!/bin/sh
23
26
  exit 101
24
27
  EOF
28
+
25
29
  chmod 755 $imagedir/usr/sbin/policy-rc.d
30
+
26
31
  chroot $imagedir apt-get update
27
32
  chroot $imagedir apt-get dist-upgrade -y
28
33
 
@@ -35,13 +40,25 @@ chmod +x $imagedir/tmp/custom_user_script
35
40
  chroot $imagedir /tmp/custom_user_script
36
41
  # END CUSTOM USER SCRIPT
37
42
 
43
+ # Put resolv.conf symlink back in place
44
+ rm -rf $imagedir/etc/resolve.conf
45
+ if [ -e $imagedir/etc/resolve.conf.bak ]; then mv $imagedir/etc/resolv.conf.bak $imagedir/etc/resolv.conf; fi
46
+
38
47
  # Clean up chroot environment
39
48
  chroot $imagedir umount /proc
40
- #chroot $imagedir umount /dev/pts
49
+
50
+ # Clean up policy-rc.d
41
51
  rm -f $imagedir/usr/sbin/policy-rc.d
42
52
 
43
53
  # Wait for EBS volume to be attached
44
54
  dev=<%= ebs_device %>
55
+
56
+ # Device names changed in precise/sid. lsb_release modules arent loaded so use debian_version.
57
+ codename=$(cat /etc/debian_version)
58
+ if [ "$codename" == "wheezy/sid" ]; then
59
+ dev="/dev/xvdi"
60
+ fi
61
+
45
62
  while [ ! -e $dev ]; do sleep 1; done
46
63
 
47
64
  # Format and mount the EBS volume
@@ -53,6 +70,7 @@ mount $dev $ebsimagedir
53
70
  # Copy file system from temporary rootdir to EBS volume
54
71
  tar -cSf - -C $imagedir . | sudo tar xvf - -C $ebsimagedir
55
72
 
73
+ # Unmount
56
74
  umount $imagedir
57
75
  umount $ebsimagedir
58
76
 
data/lib/build_ubuntu_ami.rb CHANGED
@@ -15,7 +15,7 @@ class BuildUbuntuAmi
15
15
  :flavor => 'm1.small',
16
16
  :brand => 'My',
17
17
  :size => 20,
18
- :codename => 'lucid',
18
+ :codename => 'precise',
19
19
  :key_name => 'default',
20
20
  :group => 'default',
21
21
  :arch => 'amd64',
@@ -61,7 +61,6 @@ class BuildUbuntuAmi
61
61
  else
62
62
  arch
63
63
  end
64
-
65
64
  end
66
65
 
67
66
  def description
@@ -132,14 +131,13 @@ class BuildUbuntuAmi
132
131
  server.destroy
133
132
  end
134
133
 
135
-
136
134
  def build!
137
135
  launch_server!
138
136
  launch_volume!
139
137
 
140
138
  puts "waiting for user_data to complete and server to shut down..."
141
139
  puts "Follow along by running:"
142
- puts " ssh -l #{server.username} #{server.dns_name} 'tail -f /var/log/user.log'"
140
+ puts " ssh -l #{server.username} #{server.dns_name} 'tail -f /var/log/user-data.log'"
143
141
  server.wait_for { state == 'stopped' }
144
142
 
145
143
  puts "Detaching volume"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: build-ubuntu-ami
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 1.0.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-06-09 00:00:00.000000000 Z
12
+ date: 2013-01-29 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: fog
@@ -60,7 +60,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
60
60
  version: 1.3.5
61
61
  requirements: []
62
62
  rubyforge_project:
63
- rubygems_version: 1.8.23
63
+ rubygems_version: 1.8.24
64
64
  signing_key:
65
65
  specification_version: 3
66
66
  summary: Securely create a customized Ubuntu Amazon Machine Image.