Build CI ami

Author: Daniel Noland

ci/.terraform.lock.hcl

@@ -0,0 +1 @@
+make-container.sh

ci/ami-builder/.dockerignore

@@ -0,0 +1,9 @@
+FROM debian:bullseye
+
+RUN apt-get update \
+ && apt-get dist-upgrade --yes \
+ && apt-get install --yes --no-install-recommends \
+  packer \
+ && apt-get clean
+
+COPY ./assets/root /

ci/ami-builder/Dockerfile

@@ -0,0 +1,87 @@
+variable "ami_label" {
+  type = string
+  default = "rust_ibverbs-{{timestamp}}"
+}
+
+variable "aws_access_key_id" {
+  type = string
+  default = ""
+}
+
+variable "aws_secret_access_key" {
+  type = string
+  default = ""
+}
+
+variable "aws_region" {
+  type = string
+  default = "us-west-1"
+}
+
+source "amazon-ebssurrogate" "generated" {
+  access_key = var.aws_access_key_id
+  ami_description = "rust_ibverbs CI AMI"
+  ami_name = var.ami_label
+  ami_regions = [
+    var.aws_region,
+  ]
+  skip_region_validation = true
+  ami_root_device {
+    delete_on_termination = true
+    device_name = "/dev/xvda"
+    source_device_name = "/dev/xvdf"
+    volume_size = 32
+    volume_type = "gp2"
+  }
+  ami_virtualization_type = "hvm"
+  associate_public_ip_address = true
+  instance_type = "t2.micro"
+  launch_block_device_mappings {
+    delete_on_termination = true
+    device_name = "/dev/xvdf"
+    volume_size = 32
+    volume_type = "gp2"
+  }
+  secret_key = var.aws_secret_access_key
+  source_ami_filter {
+    filters = {
+      name = "*debian-10-amd64-*"
+      root-device-type = "ebs"
+      virtualization-type = "hvm"
+    }
+    most_recent = true
+    owners = [
+      "136693071363", # debian aws id
+    ]
+  }
+  ssh_pty = true
+  ssh_timeout = "5m"
+  ssh_username = "admin"
+}
+
+build {
+  sources = [
+    "source.amazon-ebssurrogate.generated"
+  ]
+
+  provisioner "file" {
+    source = "/tmp/rust_ibverbs.img.zst"
+    destination = "/tmp/rust_ibverbs.img.zst"
+  }
+
+  provisioner "file" {
+    source = "provision-image.sh"
+    destination = "/tmp/provision-image.sh"
+  }
+
+  provisioner "shell" {
+    script = "install-image.sh"
+    skip_clean = true
+    start_retry_timeout = "5m"
+  }
+
+  post-processor "manifest" {
+    output = "manifest.json"
+  }
+
+}

ci/ami-builder/assets/root/packer/create-ami.pkr.hcl

@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+# Install the generated image to the EBS volume
+
+set -euxETo pipefail
+
+declare -rx DEBIAN_FRONTEND="noninteractive"
+
+declare -r IMAGE_DEVICE="/dev/xvdf"
+
+sudo apt-get update
+sudo apt-get install --yes --no-install-recommends \
+  coreutils `#needed for chroot` \
+  e2fsprogs `#needed to resize root filesystem` \
+  gdisk     `#needed to resize root partition` \
+  parted    `#needed to partprobe image after transfer` \
+  zstd      `#needed to decompress system image`
+sudo zstd --decompress --force -o "${IMAGE_DEVICE}" /tmp/rust_ibverbs.img.zst
+sync
+
+sudo partprobe --summary
+
+declare -ri ROOT_DEVICE_PARTITION_NUMBER=3
+declare -ri BOOT_DEVICE_PARTITION_NUMBER=2
+declare -r ROOT_DEVICE="${IMAGE_DEVICE}${ROOT_DEVICE_PARTITION_NUMBER}"
+declare -r BOOT_DEVICE="${IMAGE_DEVICE}${BOOT_DEVICE_PARTITION_NUMBER}"
+
+# Resize the root partition to take all available space.
+sync
+sudo sgdisk --move-second-header "${IMAGE_DEVICE}"
+sync
+sudo sgdisk --delete="${ROOT_DEVICE_PARTITION_NUMBER}" "${IMAGE_DEVICE}"
+sync
+sudo sgdisk --largest-new="${ROOT_DEVICE_PARTITION_NUMBER}" "${IMAGE_DEVICE}"
+sync
+sudo sgdisk --change-name="${ROOT_DEVICE_PARTITION_NUMBER}":root "${IMAGE_DEVICE}"
+sync
+sudo sgdisk --move-second-header "${IMAGE_DEVICE}"
+sync
+sudo partprobe --summary
+sync
+sudo e2fsck -v -f "${ROOT_DEVICE}" || true
+sync
+sudo e2fsck -v -f "${ROOT_DEVICE}"
+sync
+sudo resize2fs "${ROOT_DEVICE}"
+sync
+sudo partprobe --summary
+sync
+
+declare CHROOT
+CHROOT="$(sudo mktemp -t --directory --suffix=".rust_ibverbs.rootfs")"
+declare -r CHROOT
+
+sudo mount "${ROOT_DEVICE}" "${CHROOT}"
+sudo mount "${BOOT_DEVICE}" "${CHROOT}/boot"
+
+# Prepare our chroot with necessary bind mounts
+sudo mount -t proc /proc "${CHROOT}"/proc
+sudo mount --rbind /sys "${CHROOT}"/sys
+sudo mount --rbind /dev/ "${CHROOT}"/dev
+sudo mount --make-rslave "${CHROOT}"
+sudo mount -t tmpfs -o size=128M tmpfs "${CHROOT}/tmp"
+
+sudo cp /tmp/provision-image.sh "${CHROOT}/tmp/provision-image.sh"
+sudo mv "${CHROOT}/etc/resolv.conf" "${CHROOT}/etc/resolv.conf.orig"
+sudo cp /etc/resolv.conf "${CHROOT}/etc/resolv.conf"
+sudo chmod +x "${CHROOT}/tmp/provision-image.sh"
+
+sudo chroot "${CHROOT}" /tmp/provision-image.sh "${IMAGE_DEVICE}"
+sync
+sudo mv "${CHROOT}/etc/resolv.conf.orig" "${CHROOT}/etc/resolv.conf"
+sync

ci/ami-builder/assets/root/packer/install-image.sh

@@ -0,0 +1,32 @@
+{
+  "builds": [
+    {
+      "name": "generated",
+      "builder_type": "amazon-ebssurrogate",
+      "build_time": 1623427339,
+      "files": null,
+      "artifact_id": "us-west-1:ami-0f0a43086150a5cc6",
+      "packer_run_uuid": "92a44adf-384a-9b0d-f8d4-45cd0cbf0cc7",
+      "custom_data": null
+    },
+    {
+      "name": "generated",
+      "builder_type": "amazon-ebssurrogate",
+      "build_time": 1623432569,
+      "files": null,
+      "artifact_id": "us-west-1:ami-0b71e7b75ef6e432c",
+      "packer_run_uuid": "6e6eca61-519a-a174-1fd0-67f2541137df",
+      "custom_data": null
+    },
+    {
+      "name": "generated",
+      "builder_type": "amazon-ebssurrogate",
+      "build_time": 1623434041,
+      "files": null,
+      "artifact_id": "us-west-1:ami-0247055d748c65c9a",
+      "packer_run_uuid": "f9da5cf2-917f-c887-a537-a1defd907fe7",
+      "custom_data": null
+    }
+  ],
+  "last_run_uuid": "f9da5cf2-917f-c887-a537-a1defd907fe7"
+}

ci/ami-builder/assets/root/packer/manifest.json

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+set -euxETo pipefail
+
+declare -x DEBIAN_FRONTEND=noninteractive
+declare -r IMAGE_DEVICE="${1}"
+
+apt-get update
+
+# Do not configure grub during package install
+printf 'grub-pc grub-pc/install_devices_empty select true\n' | debconf-set-selections
+printf 'grub-pc grub-pc/install_devices select\n' | debconf-set-selections
+
+# Install various packages needed for a booting system
+apt-get install --yes --no-install-recommends \
+	grub2 \
+	locales
+
+# Set the locale to en_US.UTF-8
+locale-gen --purge en_US.UTF-8
+printf 'LANG="en_US.UTF-8"\nLANGUAGE="en_US:en"\n' > /etc/default/locale
+locale-gen
+
+# Install GRUB (can't currently seem to do UEFI in AWS)
+grub-probe /
+grub-install "${IMAGE_DEVICE}"
+
+# Configure and update GRUB
+mkdir -p /etc/default/grub.d
+cat <<EOF > /etc/default/grub.d/50-aws-settings.cfg
+GRUB_RECORDFAIL_TIMEOUT=0
+GRUB_TIMEOUT=0
+GRUB_CMDLINE_LINUX_DEFAULT="root=LABEL=ROOT rw console=tty0 earlyprintk=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 scsi_mod.use_blk_mq=Y"
+GRUB_TERMINAL=console
+EOF
+
+update-grub
+
+# Set options for the default interface
+cat <<EOF >> /etc/network/interfaces
+auto eth0
+iface eth0 inet dhcp
+EOF

ci/ami-builder/assets/root/packer/provision-image.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+set -euxETo pipefail
+
+declare build_dir
+build_dir="$(readlink --canonicalize-existing "$(dirname "${0}")")"
+declare -r build_dir
+
+pushd "${build_dir}"
+docker buildx build --tag=rust_ibverbs_ami_builder "${build_dir}"
+popd

ci/ami-builder/make-container.sh

@@ -0,0 +1 @@
+make-container.sh

ci/image-builder/.dockerignore

@@ -0,0 +1,34 @@
+FROM debian:bullseye
+
+# Install tools necessary to assemble a physical / virtual disc image
+RUN apt-get update \
+ && apt-get dist-upgrade --yes \
+ && apt-get install --yes --no-install-recommends \
+  apt-transport-https `#needed for docker` \
+  ca-certificates     `#needed for docker` \
+  curl                `#needed for docker` \
+  dosfstools          `#needed to make EFI disc partition` \
+  gnupg               `#needed for docker` \
+  lsb-release         `#needed for docker` \
+  parted              `#needed to partition loopback disc image` \
+  zstd                `#needed to de/compress generated image` \
+  udev                `#needed to silence parted chatter` \
+ && apt-get clean
+
+# install most recent docker-ce (the one Debian ships whith is always ancient)
+RUN curl --fail --silent --show-error --location https://download.docker.com/linux/debian/gpg \
+  | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
+ && \
+ { \
+    printf "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] "; \
+    printf "https://download.docker.com/linux/debian bullseye stable\n"; \
+ } | tee /etc/apt/sources.list.d/docker.list > /dev/null \
+ && apt-get update \
+ && apt-get install --yes --no-install-recommends \
+  containerd.io \
+  docker-ce \
+  docker-ce-cli
+
+COPY ./assets/generate-image.sh /
+
+CMD ["/generate-image.sh"]