build-ubuntu-ami 0.1.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +8 -0
- data/bin/build-ubuntu-ami +1 -0
- data/data/user_data.sh.erb +20 -2
- data/lib/build_ubuntu_ami.rb +2 -4
- metadata +3 -3
data/README.md
CHANGED
@@ -26,3 +26,11 @@ It works as follows:
|
|
26
26
|
Booting and logging in to a system offers many opportunities to leak secret credentials (even if you [delete them](http://alestic.com/2009/09/ec2-public-ebs-danger)). Creating an AMI from a pristine image rather than a running root volume obviates the need to remove leaked credentials.
|
27
27
|
|
28
28
|
This script does not need a private key & cert for credentials. It uses the AWS Access Key ID and Secret Access Key.
|
29
|
+
|
30
|
+
## Troubleshooting
|
31
|
+
|
32
|
+
If you're running into an issue where you need to run CLI commands, its helpful to ssh to the instance and enter into the chroot environment. Do the following:
|
33
|
+
|
34
|
+
$ cd /mnt/$IMAGE_NAME
|
35
|
+
$ sudo chroot . /bin/bash
|
36
|
+
|
data/bin/build-ubuntu-ami
CHANGED
@@ -16,6 +16,7 @@ OptionParser.new do |opts|
|
|
16
16
|
opts.on('-c', '--codename=CODENAME', "Ubuntu release codename (#{options[:codename]})") { |o| options[:codename] = o }
|
17
17
|
opts.on('-k', '--key_name=KEY_NAME', "EC2 key name for scratch AMI (#{options[:key_name]})") { |o| options[:key_name] = o }
|
18
18
|
opts.on('-g', '--group=GROUP', "EC2 security group for scratch AMI (#{options[:group]})") { |o| options[:group] = o }
|
19
|
+
opts.on('-a', '--arch=ARCH', "Processor architecture for scratch AMI (#{options[:arch]})") { |o| options[:arch] = o }
|
19
20
|
|
20
21
|
opts.on('-h', '--help', 'Show this message') { puts opts; exit }
|
21
22
|
end.parse!
|
data/data/user_data.sh.erb
CHANGED
@@ -13,16 +13,21 @@ mkdir -p $imagedir
|
|
13
13
|
mount -o loop $image $imagedir
|
14
14
|
|
15
15
|
# Allow network access from chroot environment
|
16
|
+
# cp fails because the symlink reference doesn't exist. Create a backup for now.
|
17
|
+
if [ -e $imagedir/etc/resolve.conf ]; then mv $imagedir/etc/resolv.conf $imagedir/etc/resolv.conf.bak; fi
|
16
18
|
cp /etc/resolv.conf $imagedir/etc/
|
17
19
|
|
18
20
|
# Upgrade and install packages on the target file system
|
19
21
|
chroot $imagedir mount -t proc none /proc
|
20
|
-
|
22
|
+
|
23
|
+
# prevent daemons from starting during apt-get
|
21
24
|
cat <<EOF | tee $imagedir/usr/sbin/policy-rc.d > /dev/null
|
22
25
|
#!/bin/sh
|
23
26
|
exit 101
|
24
27
|
EOF
|
28
|
+
|
25
29
|
chmod 755 $imagedir/usr/sbin/policy-rc.d
|
30
|
+
|
26
31
|
chroot $imagedir apt-get update
|
27
32
|
chroot $imagedir apt-get dist-upgrade -y
|
28
33
|
|
@@ -35,13 +40,25 @@ chmod +x $imagedir/tmp/custom_user_script
|
|
35
40
|
chroot $imagedir /tmp/custom_user_script
|
36
41
|
# END CUSTOM USER SCRIPT
|
37
42
|
|
43
|
+
# Put resolv.conf symlink back in place
|
44
|
+
rm -rf $imagedir/etc/resolve.conf
|
45
|
+
if [ -e $imagedir/etc/resolve.conf.bak ]; then mv $imagedir/etc/resolv.conf.bak $imagedir/etc/resolv.conf; fi
|
46
|
+
|
38
47
|
# Clean up chroot environment
|
39
48
|
chroot $imagedir umount /proc
|
40
|
-
|
49
|
+
|
50
|
+
# Clean up policy-rc.d
|
41
51
|
rm -f $imagedir/usr/sbin/policy-rc.d
|
42
52
|
|
43
53
|
# Wait for EBS volume to be attached
|
44
54
|
dev=<%= ebs_device %>
|
55
|
+
|
56
|
+
# Device names changed in precise/sid. lsb_release modules arent loaded so use debian_version.
|
57
|
+
codename=$(cat /etc/debian_version)
|
58
|
+
if [ "$codename" == "wheezy/sid" ]; then
|
59
|
+
dev="/dev/xvdi"
|
60
|
+
fi
|
61
|
+
|
45
62
|
while [ ! -e $dev ]; do sleep 1; done
|
46
63
|
|
47
64
|
# Format and mount the EBS volume
|
@@ -53,6 +70,7 @@ mount $dev $ebsimagedir
|
|
53
70
|
# Copy file system from temporary rootdir to EBS volume
|
54
71
|
tar -cSf - -C $imagedir . | sudo tar xvf - -C $ebsimagedir
|
55
72
|
|
73
|
+
# Unmount
|
56
74
|
umount $imagedir
|
57
75
|
umount $ebsimagedir
|
58
76
|
|
data/lib/build_ubuntu_ami.rb
CHANGED
@@ -15,7 +15,7 @@ class BuildUbuntuAmi
|
|
15
15
|
:flavor => 'm1.small',
|
16
16
|
:brand => 'My',
|
17
17
|
:size => 20,
|
18
|
-
:codename => '
|
18
|
+
:codename => 'precise',
|
19
19
|
:key_name => 'default',
|
20
20
|
:group => 'default',
|
21
21
|
:arch => 'amd64',
|
@@ -61,7 +61,6 @@ class BuildUbuntuAmi
|
|
61
61
|
else
|
62
62
|
arch
|
63
63
|
end
|
64
|
-
|
65
64
|
end
|
66
65
|
|
67
66
|
def description
|
@@ -132,14 +131,13 @@ class BuildUbuntuAmi
|
|
132
131
|
server.destroy
|
133
132
|
end
|
134
133
|
|
135
|
-
|
136
134
|
def build!
|
137
135
|
launch_server!
|
138
136
|
launch_volume!
|
139
137
|
|
140
138
|
puts "waiting for user_data to complete and server to shut down..."
|
141
139
|
puts "Follow along by running:"
|
142
|
-
puts " ssh -l #{server.username} #{server.dns_name} 'tail -f /var/log/user.log'"
|
140
|
+
puts " ssh -l #{server.username} #{server.dns_name} 'tail -f /var/log/user-data.log'"
|
143
141
|
server.wait_for { state == 'stopped' }
|
144
142
|
|
145
143
|
puts "Detaching volume"
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: build-ubuntu-ami
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1
|
4
|
+
version: 1.0.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2013-01-29 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: fog
|
@@ -60,7 +60,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
60
60
|
version: 1.3.5
|
61
61
|
requirements: []
|
62
62
|
rubyforge_project:
|
63
|
-
rubygems_version: 1.8.
|
63
|
+
rubygems_version: 1.8.24
|
64
64
|
signing_key:
|
65
65
|
specification_version: 3
|
66
66
|
summary: Securely create a customized Ubuntu Amazon Machine Image.
|