jen20 / packer-ubuntu-zfs Goto Github PK

Packer templates for Ubuntu AMIs with a ZFS Root filesystem.

License: Mozilla Public License 2.0

Makefile 2.12% Shell 45.97% Python 45.74% HCL 6.16%

packer-ubuntu-zfs's Introduction

Packer Templates for Ubuntu with ZFS Root

This repository contains Packer templates for building Amazon Machine Images for Ubuntu with a ZFS root filesystem. Currently the following distributions are supported:

Ubuntu 20.04 ("Focal") LTS with AWS-Optimized Kernel
Ubuntu 18.04 ("Bionic") LTS with AWS-Optimized Kernel
Ubuntu 16.04 ("Xenial") LTS with AWS-Optimized Kernel

The template is easily modified for Debian and other Ubuntu distributions.

You can read about how this template works on the jen20.dev blog. Some relevant posts:

Differences between versions

As well as installing different versions of the Ubuntu distribution, the templates in this repository have evolved at different rates. The focal template is the most complete, and includes the following changes compared to other versions:

Support for AWS NVME device rules
Support for expanding the ZFS root filesystem via Cloud-Init
Clearing of the apt-cache as part of the build

These changes could likely be backported to other distributions, but they are mostly there for information only since I personally only use (and test) the latest LTS distribution for new images.

Running a build (Focal)

Use the focal target of the Makefile in the root of the repository to build an AMI in us-west-2. If you wish to copy the AMI to other regions, edit the template to specify aws_regions in the amazon-ebssurrogate.source source. It is also possible to change the region in which the AMI is built directly, though editing files/sources-us-west-2.list is necessary if the initial packages must be obtained from a region other than us-west-2.

AWS credentials are sourced from the environment using the standard AWS chain exposed by Packer. The template has only been tested using v1.6.0 of Packer - the latest available at the time of writing.

Running a build (Bionic and Xenial)

Use the bionic or xenial targets of the Makefile in root of the repository to build an AMI in us-west-2, and copy it to all regions. Use a recent version of Packer - version 1.3.1 has been tested.

The following environment variables must be set in order for the build to succeed:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY

Credits

Thanks to:

Scott Emmons for this post about the steps required to build Linux AMIs with a ZFS root filesystem.
Sean Chittenden for reviewing the template and blog post prior to publication.
Zachary Schneider for reviewing the template and blog post prior to publication.

packer-ubuntu-zfs's People

Contributors

Stargazers

Watchers

packer-ubuntu-zfs's Issues

Focal build, surrogate script fails to copy sources.list

When the script it running and gets to the point where is it trying to copy /tmp/sources.list into the newly mounted disk, it fails and says the file is not there.

I verified myself while the script was running that at no point does that file exist.

Any planned support for ZFS 0.8.1 now that it's out?

The build script works great for building 18.04 after disabling ena_support but it's still using the default ubuntu packages for zfs 0.7.5 which are seriously outdates. The 0.7.5 branch is up to 0.7.13 and a few newer releases are out with significant performance upgrades on release 0.8.1 which is availible in by source as well as a few reliable PPAs.

Is there any way to update these templates and scripts to build rpool on 0.8.1?

ena_support fails

If I try to do a build with the ena_support line still in there it fails and tells me it's not a valid parameter. However, if I remove that line from the .json file it seems to build fine. Is there a new name for it, or any way to add the enhanced network support back in?

Focal: apt-get clean

Adding shell provisioner action to clean apt cache when building the ami.

Focal: growpart and zpool online -e rpool /dev/xvda2

Wonderful thing you've created here!
Something I've had to add was running 'growpart /dev/xvda 2' and 'zpool online -e rpool /dev/xvda2' to bootup, if I want it to automatically grow the root filesystem at boot.

Failing to install zfsutils-linux and debootstrap

Hey there, thanks for the scripts.

I struggled to get them to work initially, it seems that there are issues with the order in which required items are installed.

amazon-ebssurrogate: + apt-get install -y zfsutils-linux debootstrap gdisk

    amazon-ebssurrogate: Reading package lists... Done
    amazon-ebssurrogate: Building dependency tree
    amazon-ebssurrogate: Reading state information... Done
    amazon-ebssurrogate: Package debootstrap is not available, but is referred to by another package.
    amazon-ebssurrogate: This may mean that the package is missing, has been obsoleted, or
    amazon-ebssurrogate: is only available from another source
    amazon-ebssurrogate:
    amazon-ebssurrogate: E: Unable to locate package zfsutils-linux
    amazon-ebssurrogate: E: Package 'debootstrap' has no installation candidate
==> amazon-ebssurrogate: Terminating the source AWS instance...
==> amazon-ebssurrogate: Deleting temporary security group...
==> amazon-ebssurrogate: Deleting temporary keypair...
Build 'amazon-ebssurrogate' errored: Script exited with non-zero exit status: 100

==> Some builds didn't complete successfully and had errors:
--> amazon-ebssurrogate: Script exited with non-zero exit status: 100

==> Builds finished but no artifacts were created.

Changing the order to gdisk -> zfsutils-linux -> debootstrap seems to be working, though.

error on focal when provision

i got error

1594706836,,ui,message,    amazon-ebssurrogate.source: + sgdisk -Zg -n1:0:4095 -t1:EF02 -c1:GRUB -n2:0:0 -t2:BF01 -c2:ZFS /dev/xvdf
1594706836,,ui,message,    amazon-ebssurrogate.source: Problem opening /dev/xvdf for reading! Error is 2.
1594706836,,ui,message,    amazon-ebssurrogate.source: The specified file does not exist!
1594706836,,ui,message,    amazon-ebssurrogate.source: Problem opening '' for writing! Program will now terminate.

focal - nitro ebssurrogate compatibility

Again huge fan of this repo.

It is possible to run the ebssurrograte EC2 instance from the fifth gen nitro families c5*|m5*|r5*|i3*|z1d* by
adding block drive / partition sym-linking in surrogate-bootstrap.sh.

Similar to how the EBS mapping rules work.

To do it requires 3 steps:

symlink /dev/xvdf EBS volume to its NVMe device before partitioning the final EBS root volume
symlink /dev/xvdf2 EBS partition to its NVMe device before creating the ZFS pool
remove the symlinks when finished (optional)

...

# install nvme-cli

# NVMe EBS launch device mappings (symlinks): /dev/nvme*n* to /dev/xvd*
declare -A blkdev_mappings
for blkdev in $(nvme list | awk '/^\/dev/ { print $1 }'); do  # /dev/nvme*n*
    # Mapping info from disk headers
    header=$(nvme id-ctrl --raw-binary "${blkdev}" | cut -c3073-3104 | tr -s ' ' | sed 's/ $//g' | sed 's!/dev/!!')
    mapping="/dev/${header%%[0-9]}"  # normalize sda1 => sda

    # Create /dev/xvd* device symlink
    if [[ ! -z "$mapping" ]] && [[ -b "${blkdev}" ]] && [[ ! -L "${mapping}" ]]; then
        ln -s "$blkdev" "$mapping"
        
        blkdev_mappings["$blkdev"]="$mapping"
    fi
done

# Partition the new root EBS volume
sgdisk -Zg -n1:0:4095 -t1:EF02 -c1:GRUB -n2:0:0 -t2:BF01 -c2:ZFS /dev/xvdf

# NVMe EBS launch device partition mappings (symlinks): /dev/nvme*n*p* to /dev/xvd*[0-9]+
declare -A partdev_mappings
for blkdev in "${!blkdev_mappings[@]}"; do  # /dev/nvme*n*
    mapping="${blkdev_mappings[$blkdev]}"

    # Create /dev/xvd*[0-9]+ partition device symlink
    for partdev in "${blkdev}"p*; do
    	partnum=${partdev##*p}
        if [[ ! -L "${mapping}${partnum}" ]]; then
            ln -s "${blkdev}p${partnum}" "${mapping}${partnum}"

            partdev_mappings["${blkdev}p${partnum}"]="${mapping}${partnum}"
        fi
    done
done

...

# Reset device mappings
for dev_link in "${blkdev_mappings[@]}" "${partdev_mappings[@]}"; do
    if [[ -L "$dev_link" ]]; then
        rm -f "$dev_link"
    fi
done

I can create a PR for this.

focal - package compatibility with ubuntu cloud-images

Huge fan of this repo.

It might be desirable to have "full" package parity with the default ext4 cloud-images.

The Install standard packages portion of chroot-bootstrap.sh is missing these packages from the standard ubuntu cloud-images AMIs:

ubuntu-server
acpid
ec2-hibinit-agent
ec2-instance-connect
hibagent
krb5-locales
ncurses-term
ssh-import-id
xauth

https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.manifest

I can create a PR to add these.

How to add encryption?

I was wondering if it was possible to create an encrypted instance with this setup, either with EC2 KMS, ZFS native encryption, or some self-decrypting LUKS setup like here. I haven't been able to achieve a working self-decrypting instance on AWS, but I've only tried LUKS so far, and unsure of how to do a KMS or ZFS-native setup here. I haven't been able to find any similar packer templates which accomplish encryption for Ubuntu.

authorized-keys not being populated?

Greeting, James! Thanks for the great article and hard work putting this together!

I was able to run the packer build for yakety just fine. However, when I specified an existing ssh key and tried to login with that with ubuntu@, no joy. (password prompt)

I even created a new key and tried that, no joy. (password prompt)

I wonder if you have any ideas whats going on here?

Let me know!

Oh, BTW.. I tested the xenial and that works just fine with ssh ubuntu@.

Thanks,
Jon.