Merge pull request #689 from lorengordon/feat/ebs-surrogate

Uses new amazon-ebssurrogate volume swap feature to skip pivot-root
plus3it · Apr 23, 2024 · 4e0e541 · 4e0e541
2 parents d59e4c9 + 69c7adb
commit 4e0e541
Show file tree

Hide file tree

Showing 9 changed files with 204 additions and 126 deletions.
diff --git a/Makefile b/Makefile
@@ -5,7 +5,7 @@ PACKER_LOG ?= '1'
 PACKER_LOG_PATH = .spel/$(SPEL_VERSION)/packer.log
 CHECKPOINT_DISABLE ?= '1'
 SPEL_CI ?= false
-SPEL_BUILDERS ?= amazon-ebs.minimal-rhel-7-hvm,amazon-ebs.minimal-centos-7-hvm,amazon-ebs.minimal-rhel-8-hvm,amazon-ebs.minimal-centos-8stream-hvm,amazon-ebs.minimal-ol-8-hvm
+SPEL_BUILDERS ?= amazon-ebssurrogate.minimal-rhel-7-hvm,amazon-ebssurrogate.minimal-centos-7-hvm,amazon-ebssurrogate.minimal-rhel-8-hvm,amazon-ebssurrogate.minimal-centos-8stream-hvm,amazon-ebssurrogate.minimal-ol-8-hvm
 BUILDER_REGION = $(or $(PKR_VAR_aws_region),$(AWS_REGION))
 export PATH := $(HOME)/bin:$(PATH)
 

diff --git a/README.md b/README.md
@@ -390,18 +390,18 @@ For all inputs to the template, see [spel/README.md](spel/README.md)
 
 The Minimal Linux `packer` template includes the following builders:
 
-| Builder Name                            | Description                                               |
-|-----------------------------------------|-----------------------------------------------------------|
-| `amazon-ebs.minimal-centos-8stream-hvm` | amazon-ebs builder for a minimal CentOS Stream 8 HVM AMI  |
-| `amazon-ebs.minimal-ol-8-hvm`           | amazon-ebs builder for a minimal Oracle Linux 8 HVM AMI   |
-| `amazon-ebs.minimal-rhel-8-hvm`         | amazon-ebs builder for a minimal RHEL 8 HVM AMI           |
-| `amazon-ebs.minimal-centos-7-hvm`       | amazon-ebs builder for a minimal CentOS 7 HVM AMI         |
-| `amazon-ebs.minimal-rhel-7-hvm`         | amazon-ebs builder for a minimal RHEL 7 HVM AMI           |
-| `azure-arm.minimal-centos-7-image`      | azure-arm builder for a minimal CentOS 7 Image            |
-| `azure-arm.minimal-rhel-7-image`        | azure-arm builder for a minimal RHEL 7 Image              |
-| `azure-arm.minimal-rhel-8-image`        | azure-arm builder for a minimal RHEL 8 Image              |
-| `openstack.minimal-centos-7-image`      | openstack builder for a minimal CentOS 7 Image            |
-| `virtualbox-iso.minimal-centos-7-image` | virtualbox-iso builder for a minimal CentOS 7 Vagrant Box |
+| Builder Name                                     | Description                                               |
+|--------------------------------------------------|-----------------------------------------------------------|
+| `amazon-ebssurrogate.minimal-centos-8stream-hvm` | amazon-ebs builder for a minimal CentOS Stream 8 HVM AMI  |
+| `amazon-ebssurrogate.minimal-ol-8-hvm`           | amazon-ebs builder for a minimal Oracle Linux 8 HVM AMI   |
+| `amazon-ebssurrogate.minimal-rhel-8-hvm`         | amazon-ebs builder for a minimal RHEL 8 HVM AMI           |
+| `amazon-ebssurrogate.minimal-centos-7-hvm`       | amazon-ebs builder for a minimal CentOS 7 HVM AMI         |
+| `amazon-ebssurrogate.minimal-rhel-7-hvm`         | amazon-ebs builder for a minimal RHEL 7 HVM AMI           |
+| `azure-arm.minimal-centos-7-image`               | azure-arm builder for a minimal CentOS 7 Image            |
+| `azure-arm.minimal-rhel-7-image`                 | azure-arm builder for a minimal RHEL 7 Image              |
+| `azure-arm.minimal-rhel-8-image`                 | azure-arm builder for a minimal RHEL 8 Image              |
+| `openstack.minimal-centos-7-image`               | openstack builder for a minimal CentOS 7 Image            |
+| `virtualbox-iso.minimal-centos-7-image`          | virtualbox-iso builder for a minimal CentOS 7 Vagrant Box |
 
 ### Minimal Linux Packer Post-Provisioners
 

diff --git a/build/build.sh b/build/build.sh
@@ -35,7 +35,7 @@ then
     SUCCESS_BUILDERS=$(IFS=, ; echo "${SUCCESS_BUILDS[*]}")
     echo "Successful builds being tested: ${SUCCESS_BUILDERS}"
     packer build \
-        -only "$SUCCESS_BUILDERS" \
+        -only "${SUCCESS_BUILDERS//amazon-ebssurrogate./amazon-ebs.}" \
         -var "spel_identifier=${SPEL_IDENTIFIER:?}" \
         -var "spel_version=${SPEL_VERSION:?}" \
         tests/minimal-linux.pkr.hcl

diff --git a/spel/README.md b/spel/README.md
@@ -47,7 +47,6 @@ No resources.
 | <a name="input_amigen_aws_cfnbootstrap"></a> [amigen\_aws\_cfnbootstrap](#input\_amigen\_aws\_cfnbootstrap) | URL of the tar.gz bundle containing the CFN bootstrap utilities | `string` | `"https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz"` | no |
 | <a name="input_amigen_aws_cliv1_source"></a> [amigen\_aws\_cliv1\_source](#input\_amigen\_aws\_cliv1\_source) | URL of the .zip bundle containing the installer for AWS CLI v1 | `string` | `""` | no |
 | <a name="input_amigen_aws_cliv2_source"></a> [amigen\_aws\_cliv2\_source](#input\_amigen\_aws\_cliv2\_source) | URL of the .zip bundle containing the installer for AWS CLI v2 | `string` | `"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"` | no |
-| <a name="input_amigen_build_device"></a> [amigen\_build\_device](#input\_amigen\_build\_device) | Path of the build device that will be partitioned to create the image | `string` | `"/dev/nvme0n1"` | no |
 | <a name="input_amigen_fips_disable"></a> [amigen\_fips\_disable](#input\_amigen\_fips\_disable) | Toggles whether FIPS will be disabled in the images | `bool` | `false` | no |
 | <a name="input_amigen_grub_timeout"></a> [amigen\_grub\_timeout](#input\_amigen\_grub\_timeout) | Timeout value to set in the grub config of each image | `number` | `1` | no |
 | <a name="input_amigen_use_default_repos"></a> [amigen\_use\_default\_repos](#input\_amigen\_use\_default\_repos) | Modifies the behavior of `amigen_repo_names`. When true, `amigen_repo_names` are appended to the enabled repos. When false, `amigen_repo_names` are used exclusively | `bool` | `true` | no |

diff --git a/spel/minimal-linux.pkr.hcl b/spel/minimal-linux.pkr.hcl
@@ -6,7 +6,7 @@ packer {
   required_plugins {
     amazon = {
       source  = "github.com/hashicorp/amazon"
-      version = "~> 1"
+      version = ">= 1.3.1"
     }
     azure = {
       source  = "github.com/hashicorp/azure"
@@ -434,12 +434,6 @@ variable "virtualbox_vagrantcloud_username" {
 # Variables used by all AMIGEN platforms
 ###
 
-variable "amigen_build_device" {
-  description = "Path of the build device that will be partitioned to create the image"
-  type        = string
-  default     = "/dev/nvme0n1"
-}
-
 variable "amigen_amiutils_source_url" {
   description = "URL of the AMI Utils repo to be cloned using git, containing AWS utility rpms that will be installed to the AMIs"
   type        = string
@@ -834,23 +828,39 @@ variable "spel_version" {
 # Start of source blocks
 ###
 
-source "amazon-ebs" "base" {
+source "amazon-ebssurrogate" "base" {
+  ami_root_device {
+    source_device_name    = "/dev/xvdf"
+    delete_on_termination = true
+    device_name           = "/dev/sda1"
+    volume_size           = var.spel_root_volume_size
+    volume_type           = "gp3"
+  }
   ami_groups                  = var.aws_ami_groups
   ami_name                    = "${var.spel_identifier}-${source.name}-${var.spel_version}.x86_64-gp3"
   ami_regions                 = var.aws_ami_regions
   ami_users                   = var.aws_ami_users
+  ami_virtualization_type     = "hvm"
   associate_public_ip_address = true
   communicator                = "ssh"
-  deprecate_at                = local.aws_ami_deprecate_at
-  ena_support                 = true
-  force_deregister            = var.aws_force_deregister
-  instance_type               = var.aws_instance_type
+  # Not yet supported for ebssurrogate builder, see:
+  #   * https://github.com/hashicorp/packer-plugin-amazon/issues/478
+  # deprecate_at                = local.aws_ami_deprecate_at
+  ena_support      = true
+  force_deregister = var.aws_force_deregister
+  instance_type    = var.aws_instance_type
   launch_block_device_mappings {
     delete_on_termination = true
     device_name           = "/dev/sda1"
     volume_size           = var.spel_root_volume_size
     volume_type           = "gp3"
   }
+  launch_block_device_mappings {
+    delete_on_termination = true
+    device_name           = "/dev/xvdf"
+    volume_size           = var.spel_root_volume_size
+    volume_type           = "gp3"
+  }
   max_retries   = 20
   region        = var.aws_region
   sriov_support = true
@@ -870,6 +880,7 @@ source "amazon-ebs" "base" {
   subnet_id                             = var.aws_subnet_id
   tags                                  = { Name = "" } # Empty name tag avoids inheriting "Packer Builder"
   temporary_security_group_source_cidrs = var.aws_temporary_security_group_source_cidrs
+  use_create_image                      = true
   user_data_file                        = "${path.root}/userdata/userdata.cloud"
 }
 
@@ -902,7 +913,6 @@ source "azure-arm" "base" {
   vm_size                                = var.azure_vm_size
 }
 
-
 source "openstack" "base" {
   flavor                  = var.openstack_flavor
   floating_ip_network     = var.openstack_floating_ip_network_name
@@ -979,7 +989,7 @@ locals {
 
 # AMIgen builds
 build {
-  source "amazon-ebs.base" {
+  source "amazon-ebssurrogate.base" {
     ami_description = format(local.description, "CentOS 7 AMI")
     name            = "minimal-centos-7-hvm"
     source_ami_filter {
@@ -993,7 +1003,7 @@ build {
     }
   }
 
-  source "amazon-ebs.base" {
+  source "amazon-ebssurrogate.base" {
     ami_description = format(local.description, "CentOS Stream 8 AMI")
     name            = "minimal-centos-8stream-hvm"
     source_ami_filter {
@@ -1007,7 +1017,7 @@ build {
     }
   }
 
-  source "amazon-ebs.base" {
+  source "amazon-ebssurrogate.base" {
     ami_description = format(local.description, "CentOS Stream 9 AMI")
     name            = "minimal-centos-9stream-hvm"
     source_ami_filter {
@@ -1021,7 +1031,7 @@ build {
     }
   }
 
-  source "amazon-ebs.base" {
+  source "amazon-ebssurrogate.base" {
     ami_description = format(local.description, "Oracle Linux 8 AMI")
     name            = "minimal-ol-8-hvm"
     source_ami_filter {
@@ -1035,7 +1045,7 @@ build {
     }
   }
 
-  source "amazon-ebs.base" {
+  source "amazon-ebssurrogate.base" {
     ami_description = format(local.description, "Oracle Linux 9 AMI")
     name            = "minimal-ol-9-hvm"
     source_ami_filter {
@@ -1049,7 +1059,7 @@ build {
     }
   }
 
-  source "amazon-ebs.base" {
+  source "amazon-ebssurrogate.base" {
     ami_description = format(local.description, "RHEL 7 AMI")
     name            = "minimal-rhel-7-hvm"
     source_ami_filter {
@@ -1063,7 +1073,7 @@ build {
     }
   }
 
-  source "amazon-ebs.base" {
+  source "amazon-ebssurrogate.base" {
     ami_description = format(local.description, "RHEL 8 AMI")
     name            = "minimal-rhel-8-hvm"
     source_ami_filter {
@@ -1077,7 +1087,7 @@ build {
     }
   }
 
-  source "amazon-ebs.base" {
+  source "amazon-ebssurrogate.base" {
     ami_description = format(local.description, "RHEL 9 AMI")
     name            = "minimal-rhel-9-hvm"
     source_ami_filter {
@@ -1127,7 +1137,7 @@ build {
 
   # Azure EL7 provisioners
   provisioner "shell" {
-    execute_command = "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh -ex '{{ .Path }}'"
+    execute_command = "{{ .Vars }} sudo -E sh -ex '{{ .Path }}'"
     inline = [
       "yum update -y --disablerepo='*' --enablerepo='*microsoft*'",
     ]
@@ -1137,28 +1147,12 @@ build {
     ]
   }
 
-  # Azure EL8 provisioners
-  provisioner "shell" {
-    execute_command = "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh -ex '{{ .Path }}'"
-    inline = [
-      "/usr/bin/cloud-init status --wait",
-      "setenforce 0 || true",
-      "yum -y update",
-    ]
-    only = [
-      "azure-arm.minimal-rhel-8-image",
-    ]
-  }
-
   # Common provisioners
   provisioner "shell" {
     environment_vars = [
       "DNF_VAR_ociregion=",
       "DNF_VAR_ocidomain=oracle.com",
     ]
-    except = [
-      "azure-arm.minimal-rhel-8-image",
-    ]
     execute_command = "{{ .Vars }} sudo -E /bin/sh -ex '{{ .Path }}'"
     inline = [
       "/usr/bin/cloud-init status --wait",
@@ -1182,15 +1176,13 @@ build {
     scripts = [
       "${path.root}/scripts/builder-prep-9.sh",
     ]
-    start_retry_timeout = "15m"
     only = [
-      "amazon-ebs.minimal-centos-9stream-hvm",
-      "amazon-ebs.minimal-ol-9-hvm",
-      "amazon-ebs.minimal-rhel-9-hvm",
+      "amazon-ebssurrogate.minimal-centos-9stream-hvm",
+      "amazon-ebssurrogate.minimal-ol-9-hvm",
+      "amazon-ebssurrogate.minimal-rhel-9-hvm",
     ]
   }
 
-
   provisioner "shell" {
     environment_vars = [
       "DNF_VAR_ociregion=",
@@ -1202,6 +1194,11 @@ build {
       "${path.root}/scripts/pivot-root.sh",
     ]
     start_retry_timeout = "15m"
+    only = [
+      "azure-arm.minimal-centos-7-image",
+      "azure-arm.minimal-rhel-7-image",
+      "azure-arm.minimal-rhel-8-image",
+    ]
   }
 
   provisioner "shell" {
@@ -1213,8 +1210,6 @@ build {
       "fuser -vmk /oldroot",
     ]
     only = [
-      "amazon-ebs.minimal-centos-7-hvm",
-      "amazon-ebs.minimal-rhel-7-hvm",
       "azure-arm.minimal-centos-7-image",
       "azure-arm.minimal-rhel-7-image",
     ]
@@ -1225,11 +1220,8 @@ build {
     scripts = [
       "${path.root}/scripts/free-root.sh",
     ]
-    except = [
-      "amazon-ebs.minimal-centos-7-hvm",
-      "amazon-ebs.minimal-rhel-7-hvm",
-      "azure-arm.minimal-centos-7-image",
-      "azure-arm.minimal-rhel-7-image",
+    only = [
+      "azure-arm.minimal-rhel-8-image",
     ]
   }
 
@@ -1241,13 +1233,17 @@ build {
       "echo Unmounting /oldroot",
       "test $( grep -c /oldroot /proc/mounts ) -eq 0 || umount /oldroot",
     ]
+    only = [
+      "azure-arm.minimal-centos-7-image",
+      "azure-arm.minimal-rhel-7-image",
+      "azure-arm.minimal-rhel-8-image",
+    ]
   }
 
   # AWS EL7 provisioners
   provisioner "shell" {
     environment_vars = [
       "SPEL_AMIGENBRANCH=${var.amigen7_source_branch}",
-      "SPEL_AMIGENBUILDDEV=${var.amigen_build_device}",
       "SPEL_AMIGENCHROOT=/mnt/ec2-root",
       "SPEL_AMIGENMANFST=${var.amigen7_package_manifest}",
       "SPEL_AMIGENPKGGRP=${local.amigen7_package_groups}",
@@ -1269,11 +1265,12 @@ build {
       "SPEL_FIPSDISABLE=${var.amigen_fips_disable}",
       "SPEL_GRUBTMOUT=${var.amigen_grub_timeout}",
       "SPEL_USEDEFAULTREPOS=${var.amigen_use_default_repos}",
+      "SPEL_USEROOTDEVICE=false",
     ]
     execute_command = "{{ .Vars }} sudo -E /bin/sh '{{ .Path }}'"
     only = [
-      "amazon-ebs.minimal-centos-7-hvm",
-      "amazon-ebs.minimal-rhel-7-hvm",
+      "amazon-ebssurrogate.minimal-centos-7-hvm",
+      "amazon-ebssurrogate.minimal-rhel-7-hvm",
     ]
     scripts = [
       "${path.root}/scripts/amigen7-build.sh",
@@ -1290,7 +1287,6 @@ build {
       "SPEL_AMIGENBOOTDEVSZ=${var.amigen8_bootdev_size}",
       "SPEL_AMIGENBOOTSIZE=17m",
       "SPEL_AMIGENBRANCH=${var.amigen8_source_branch}",
-      "SPEL_AMIGENBUILDDEV=${var.amigen_build_device}",
       "SPEL_AMIGENCHROOT=/mnt/ec2-root",
       "SPEL_AMIGENMANFST=${var.amigen8_package_manifest}",
       "SPEL_AMIGENPKGGRP=${local.amigen8_package_groups}",
@@ -1307,12 +1303,13 @@ build {
       "SPEL_FIPSDISABLE=${var.amigen_fips_disable}",
       "SPEL_GRUBTMOUT=${var.amigen_grub_timeout}",
       "SPEL_USEDEFAULTREPOS=${var.amigen_use_default_repos}",
+      "SPEL_USEROOTDEVICE=false",
     ]
     execute_command = "{{ .Vars }} sudo -E /bin/sh '{{ .Path }}'"
     only = [
-      "amazon-ebs.minimal-centos-8stream-hvm",
-      "amazon-ebs.minimal-ol-8-hvm",
-      "amazon-ebs.minimal-rhel-8-hvm",
+      "amazon-ebssurrogate.minimal-centos-8stream-hvm",
+      "amazon-ebssurrogate.minimal-ol-8-hvm",
+      "amazon-ebssurrogate.minimal-rhel-8-hvm",
     ]
     scripts = [
       "${path.root}/scripts/amigen8-build.sh",
@@ -1329,7 +1326,6 @@ build {
       "SPEL_AMIGENBOOTDEVSZ=${var.amigen9_boot_dev_size}",
       "SPEL_AMIGENBOOTDEVSZMLT=${var.amigen9_boot_dev_size_mult}",
       "SPEL_AMIGENBRANCH=${var.amigen9_source_branch}",
-      "SPEL_AMIGENBUILDDEV=${var.amigen_build_device}",
       "SPEL_AMIGENCHROOT=/mnt/ec2-root",
       "SPEL_AMIGENMANFST=${var.amigen9_package_manifest}",
       "SPEL_AMIGENPKGGRP=${local.amigen9_package_groups}",
@@ -1348,12 +1344,13 @@ build {
       "SPEL_FIPSDISABLE=${var.amigen_fips_disable}",
       "SPEL_GRUBTMOUT=${var.amigen_grub_timeout}",
       "SPEL_USEDEFAULTREPOS=${var.amigen_use_default_repos}",
+      "SPEL_USEROOTDEVICE=false",
     ]
     execute_command = "{{ .Vars }} sudo -E /bin/sh '{{ .Path }}'"
     only = [
-      "amazon-ebs.minimal-centos-9stream-hvm",
-      "amazon-ebs.minimal-ol-9-hvm",
-      "amazon-ebs.minimal-rhel-9-hvm",
+      "amazon-ebssurrogate.minimal-centos-9stream-hvm",
+      "amazon-ebssurrogate.minimal-ol-9-hvm",
+      "amazon-ebssurrogate.minimal-rhel-9-hvm",
     ]
     scripts = [
       "${path.root}/scripts/amigen9-build.sh",