2013-07-31 01:17:58 -04:00
|
|
|
---
|
2017-06-14 21:04:16 -04:00
|
|
|
description: |
|
2018-10-26 20:02:51 -04:00
|
|
|
The amazon-chroot Packer builder is able to create Amazon AMIs backed by an EBS
|
|
|
|
volume as the root device. For more information on the difference between
|
2017-06-14 21:04:16 -04:00
|
|
|
instance storage and EBS-backed instances, storage for the root device section
|
|
|
|
in the EC2 documentation.
|
2015-07-22 22:31:00 -04:00
|
|
|
layout: docs
|
2017-06-14 21:04:16 -04:00
|
|
|
page_title: 'Amazon chroot - Builders'
|
|
|
|
sidebar_current: 'docs-builders-amazon-chroot'
|
2016-09-04 15:15:01 -04:00
|
|
|
---
|
2013-07-31 01:17:58 -04:00
|
|
|
|
|
|
|
# AMI Builder (chroot)
|
|
|
|
|
|
|
|
Type: `amazon-chroot`
|
|
|
|
|
2015-07-22 22:31:00 -04:00
|
|
|
The `amazon-chroot` Packer builder is able to create Amazon AMIs backed by an
|
|
|
|
EBS volume as the root device. For more information on the difference between
|
|
|
|
instance storage and EBS-backed instances, see the ["storage for the root
|
|
|
|
device" section in the EC2
|
2016-01-14 15:31:19 -05:00
|
|
|
documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html#storage-for-the-root-device).
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2015-07-22 22:31:00 -04:00
|
|
|
The difference between this builder and the `amazon-ebs` builder is that this
|
2018-10-26 20:02:51 -04:00
|
|
|
builder is able to build an EBS-backed AMI without launching a new EC2
|
|
|
|
instance. This can dramatically speed up AMI builds for organizations who need
|
|
|
|
the extra fast build.
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2019-02-11 14:40:56 -05:00
|
|
|
\~> **This is an advanced builder** If you're just getting started with
|
2015-07-22 22:31:00 -04:00
|
|
|
Packer, we recommend starting with the [amazon-ebs
|
|
|
|
builder](/docs/builders/amazon-ebs.html), which is much easier to use.
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2018-10-26 20:02:51 -04:00
|
|
|
The builder does *not* manage AMIs. Once it creates an AMI and stores it in
|
|
|
|
your account, it is up to you to use, delete, etc., the AMI.
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2019-06-18 11:05:10 -04:00
|
|
|
### How Does it Work?
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2015-07-22 22:31:00 -04:00
|
|
|
This builder works by creating a new EBS volume from an existing source AMI and
|
|
|
|
attaching it into an already-running EC2 instance. Once attached, a
|
2016-01-14 15:31:19 -05:00
|
|
|
[chroot](https://en.wikipedia.org/wiki/Chroot) is used to provision the system
|
2018-10-26 20:02:51 -04:00
|
|
|
within that volume. After provisioning, the volume is detached, snapshotted,
|
|
|
|
and an AMI is made.
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2018-10-26 20:02:51 -04:00
|
|
|
Using this process, minutes can be shaved off the AMI creation process because
|
|
|
|
a new EC2 instance doesn't need to be launched.
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2015-07-22 22:31:00 -04:00
|
|
|
There are some restrictions, however. The host EC2 instance where the volume is
|
|
|
|
attached to must be a similar system (generally the same OS version, kernel
|
|
|
|
versions, etc.) as the AMI being built. Additionally, this process is much more
|
2018-10-26 20:02:51 -04:00
|
|
|
expensive because the EC2 instance must be kept running persistently in order
|
|
|
|
to build AMIs, whereas the other AMI builders start instances on-demand to
|
|
|
|
build AMIs as needed.
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2019-06-18 11:05:10 -04:00
|
|
|
## Chroot Specific Configuration Reference
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2019-06-18 11:05:10 -04:00
|
|
|
There are many configuration options available for the builder. In addition to
|
|
|
|
the items listed here, you will want to look at the general configuration
|
|
|
|
references for [AMI](#ami-configuration),
|
|
|
|
[BlockDevices](#block-devices-configuration) and
|
2019-11-06 04:15:19 -05:00
|
|
|
[Access](#access-config-configuration) configuration references, which are
|
2019-06-18 11:05:10 -04:00
|
|
|
necessary for this build to succeed and can be found further down the page.
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2019-06-18 11:05:10 -04:00
|
|
|
#### Required:
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2019-06-06 10:46:12 -04:00
|
|
|
<%= partial "partials/builder/amazon/chroot/Config-required" %>
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2019-06-18 11:05:10 -04:00
|
|
|
#### Optional:
|
2019-06-06 10:46:12 -04:00
|
|
|
<%= partial "partials/builder/amazon/chroot/Config-not-required" %>
|
2019-06-18 11:05:10 -04:00
|
|
|
|
|
|
|
## General Common Configuration Reference
|
|
|
|
|
|
|
|
Following will be a set of fields that are also settable for other aws
|
|
|
|
builders.
|
|
|
|
|
|
|
|
### AMI Configuration
|
|
|
|
|
2019-08-26 10:56:57 -04:00
|
|
|
#### Required:
|
|
|
|
|
|
|
|
<%= partial "partials/builder/amazon/common/AMIConfig-required" %>
|
|
|
|
|
2019-06-18 11:05:10 -04:00
|
|
|
#### Optional:
|
2019-06-06 10:46:12 -04:00
|
|
|
<%= partial "partials/builder/amazon/common/AMIConfig-not-required" %>
|
2019-06-18 11:05:10 -04:00
|
|
|
|
|
|
|
### Block Devices Configuration
|
|
|
|
|
|
|
|
Block devices can be nested in the
|
|
|
|
[ami_block_device_mappings](#ami_block_device_mappings) array.
|
|
|
|
|
|
|
|
<%= partial "partials/builder/amazon/common/BlockDevice" %>
|
|
|
|
|
|
|
|
|
|
|
|
#### Optional:
|
|
|
|
<%= partial "partials/builder/amazon/common/BlockDevice-not-required" %>
|
|
|
|
|
2019-11-06 04:15:19 -05:00
|
|
|
### Access Config Configuration
|
2019-06-18 11:05:10 -04:00
|
|
|
|
|
|
|
#### Required:
|
|
|
|
|
|
|
|
<%= partial "partials/builder/amazon/common/AccessConfig-required" %>
|
|
|
|
|
|
|
|
#### Optional:
|
|
|
|
|
|
|
|
<%= partial "partials/builder/amazon/common/AccessConfig-not-required" %>
|
2019-02-05 17:19:24 -05:00
|
|
|
|
2013-07-31 01:17:58 -04:00
|
|
|
## Basic Example
|
|
|
|
|
|
|
|
Here is a basic example. It is completely valid except for the access keys:
|
|
|
|
|
2017-06-14 21:04:16 -04:00
|
|
|
``` json
|
2013-07-31 01:17:58 -04:00
|
|
|
{
|
|
|
|
"type": "amazon-chroot",
|
|
|
|
"access_key": "YOUR KEY HERE",
|
|
|
|
"secret_key": "YOUR SECRET KEY HERE",
|
|
|
|
"source_ami": "ami-e81d5881",
|
2013-08-08 19:59:42 -04:00
|
|
|
"ami_name": "packer-amazon-chroot {{timestamp}}"
|
2013-07-31 01:17:58 -04:00
|
|
|
}
|
2014-10-20 13:55:16 -04:00
|
|
|
```
|
2013-07-31 01:17:58 -04:00
|
|
|
|
|
|
|
## Chroot Mounts
|
|
|
|
|
2016-10-15 08:42:36 -04:00
|
|
|
The `chroot_mounts` configuration can be used to mount specific devices within
|
2015-07-22 22:31:00 -04:00
|
|
|
the chroot. By default, the following additional mounts are added into the
|
|
|
|
chroot by Packer:
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2017-06-14 21:04:16 -04:00
|
|
|
- `/proc` (proc)
|
|
|
|
- `/sys` (sysfs)
|
|
|
|
- `/dev` (bind to real `/dev`)
|
|
|
|
- `/dev/pts` (devpts)
|
|
|
|
- `/proc/sys/fs/binfmt_misc` (binfmt\_misc)
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2015-07-22 22:31:00 -04:00
|
|
|
These default mounts are usually good enough for anyone and are sane defaults.
|
|
|
|
However, if you want to change or add the mount points, you may using the
|
2016-10-15 08:42:36 -04:00
|
|
|
`chroot_mounts` configuration. Here is an example configuration which only
|
2018-02-06 21:58:54 -05:00
|
|
|
mounts `/proc` and `/dev`:
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2017-06-14 21:04:16 -04:00
|
|
|
``` json
|
2013-07-31 01:17:58 -04:00
|
|
|
{
|
|
|
|
"chroot_mounts": [
|
|
|
|
["proc", "proc", "/proc"],
|
|
|
|
["bind", "/dev", "/dev"]
|
|
|
|
]
|
|
|
|
}
|
2014-10-20 13:55:16 -04:00
|
|
|
```
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2015-07-22 22:31:00 -04:00
|
|
|
`chroot_mounts` is a list of a 3-tuples of strings. The three components of the
|
|
|
|
3-tuple, in order, are:
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2017-06-14 21:04:16 -04:00
|
|
|
- The filesystem type. If this is "bind", then Packer will properly bind the
|
2015-07-22 23:25:58 -04:00
|
|
|
filesystem to another mount point.
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2017-06-14 21:04:16 -04:00
|
|
|
- The source device.
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2017-06-14 21:04:16 -04:00
|
|
|
- The mount directory.
|
2013-07-31 01:17:58 -04:00
|
|
|
|
|
|
|
## Parallelism
|
|
|
|
|
2015-07-22 22:31:00 -04:00
|
|
|
A quick note on parallelism: it is perfectly safe to run multiple *separate*
|
|
|
|
Packer processes with the `amazon-chroot` builder on the same EC2 instance. In
|
|
|
|
fact, this is recommended as a way to push the most performance out of your AMI
|
|
|
|
builds.
|
2013-07-31 01:17:58 -04:00
|
|
|
|
2015-07-22 22:31:00 -04:00
|
|
|
Packer properly obtains a process lock for the parallelism-sensitive parts of
|
|
|
|
its internals such as finding an available device.
|
2013-09-25 01:09:10 -04:00
|
|
|
|
2013-11-22 01:11:40 -05:00
|
|
|
## Gotchas
|
|
|
|
|
2018-05-23 12:58:15 -04:00
|
|
|
### Unmounting the Filesystem
|
2018-10-26 20:02:51 -04:00
|
|
|
|
2013-11-22 01:11:40 -05:00
|
|
|
One of the difficulties with using the chroot builder is that your provisioning
|
2018-10-26 20:02:51 -04:00
|
|
|
scripts must not leave any processes running or packer will be unable to
|
|
|
|
unmount the filesystem.
|
2013-11-22 01:11:40 -05:00
|
|
|
|
2015-07-22 22:31:00 -04:00
|
|
|
For debian based distributions you can setup a
|
|
|
|
[policy-rc.d](http://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt)
|
|
|
|
file which will prevent packages installed by your provisioners from starting
|
|
|
|
services:
|
2013-11-22 01:11:40 -05:00
|
|
|
|
2017-06-14 21:04:16 -04:00
|
|
|
``` json
|
2013-11-22 01:11:40 -05:00
|
|
|
{
|
|
|
|
"type": "shell",
|
|
|
|
"inline": [
|
|
|
|
"echo '#!/bin/sh' > /usr/sbin/policy-rc.d",
|
|
|
|
"echo 'exit 101' >> /usr/sbin/policy-rc.d",
|
|
|
|
"chmod a+x /usr/sbin/policy-rc.d"
|
|
|
|
]
|
|
|
|
},
|
2014-10-20 13:55:16 -04:00
|
|
|
|
|
|
|
// ...
|
|
|
|
|
2013-11-22 01:11:40 -05:00
|
|
|
{
|
|
|
|
"type": "shell",
|
|
|
|
"inline": [
|
|
|
|
"rm -f /usr/sbin/policy-rc.d"
|
|
|
|
]
|
|
|
|
}
|
2014-10-20 13:55:16 -04:00
|
|
|
```
|
2016-09-03 15:06:40 -04:00
|
|
|
|
2019-01-03 13:21:41 -05:00
|
|
|
### Ansible provisioner
|
|
|
|
|
2019-02-11 14:40:56 -05:00
|
|
|
Running ansible against `amazon-chroot` requires changing the Ansible
|
|
|
|
connection to chroot and running Ansible as root/sudo.
|
2019-01-03 13:21:41 -05:00
|
|
|
|
2018-05-23 12:58:15 -04:00
|
|
|
### Using Instances with NVMe block devices.
|
2018-10-26 20:02:51 -04:00
|
|
|
|
2018-05-23 12:58:15 -04:00
|
|
|
In C5, C5d, M5, and i3.metal instances, EBS volumes are exposed as NVMe block
|
2018-10-26 20:02:51 -04:00
|
|
|
devices
|
|
|
|
[reference](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html).
|
2018-05-23 12:58:15 -04:00
|
|
|
In order to correctly mount these devices, you have to do some extra legwork,
|
|
|
|
involving the `nvme_device_path` option above. Read that for more information.
|
|
|
|
|
|
|
|
A working example for mounting an NVMe device is below:
|
|
|
|
|
|
|
|
{
|
2018-10-26 20:02:51 -04:00
|
|
|
"variables": {
|
|
|
|
"region" : "us-east-2"
|
2018-05-23 12:58:15 -04:00
|
|
|
},
|
2018-10-26 20:02:51 -04:00
|
|
|
"builders": [
|
|
|
|
{
|
|
|
|
"type": "amazon-chroot",
|
|
|
|
"region": "{{user `region`}}",
|
|
|
|
"source_ami_filter": {
|
|
|
|
"filters": {
|
|
|
|
"virtualization-type": "hvm",
|
|
|
|
"name": "amzn-ami-hvm-*",
|
|
|
|
"root-device-type": "ebs"
|
|
|
|
},
|
|
|
|
"owners": ["137112412989"],
|
|
|
|
"most_recent": true
|
|
|
|
},
|
|
|
|
"ena_support": true,
|
|
|
|
"ami_name": "amazon-chroot-test-{{timestamp}}",
|
|
|
|
"nvme_device_path": "/dev/nvme1n1p",
|
|
|
|
"device_path": "/dev/sdf"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
|
|
|
|
"provisioners": [
|
|
|
|
{
|
|
|
|
"type": "shell",
|
|
|
|
"inline": ["echo Test > /tmp/test.txt"]
|
|
|
|
}
|
|
|
|
]
|
2018-05-23 12:58:15 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
Note that in the `nvme_device_path` you must end with the `p`; if you try to
|
2018-10-18 19:09:49 -04:00
|
|
|
define the partition in this path (e.g. `nvme_device_path`: `/dev/nvme1n1p1`)
|
2018-05-23 12:58:15 -04:00
|
|
|
and haven't also set the `"mount_partition": 0`, a `1` will be appended to the
|
|
|
|
`nvme_device_path` and Packer will fail.
|
|
|
|
|
2016-09-04 15:15:01 -04:00
|
|
|
## Building From Scratch
|
2016-09-03 15:06:40 -04:00
|
|
|
|
2016-09-04 15:15:01 -04:00
|
|
|
This example demonstrates the essentials of building an image from scratch. A
|
2016-09-03 15:06:40 -04:00
|
|
|
15G gp2 (SSD) device is created (overriding the default of standard/magnetic).
|
|
|
|
The device setup commands partition the device with one partition for use as an
|
2016-09-04 15:15:01 -04:00
|
|
|
HVM image and format it ext4. This builder block should be followed by
|
2016-09-03 15:06:40 -04:00
|
|
|
provisioning commands to install the os and bootloader.
|
|
|
|
|
2017-06-14 21:04:16 -04:00
|
|
|
``` json
|
2016-09-03 15:06:40 -04:00
|
|
|
{
|
|
|
|
"type": "amazon-chroot",
|
2017-03-18 20:37:02 -04:00
|
|
|
"ami_name": "packer-from-scratch {{timestamp}}",
|
2016-09-03 15:06:40 -04:00
|
|
|
"from_scratch": true,
|
|
|
|
"ami_virtualization_type": "hvm",
|
2017-02-22 13:32:49 -05:00
|
|
|
"pre_mount_commands": [
|
2016-09-04 15:15:01 -04:00
|
|
|
"parted {{.Device}} mklabel msdos mkpart primary 1M 100% set 1 boot on print",
|
2016-09-03 15:06:40 -04:00
|
|
|
"mkfs.ext4 {{.Device}}1"
|
|
|
|
],
|
|
|
|
"root_volume_size": 15,
|
|
|
|
"root_device_name": "xvda",
|
|
|
|
"ami_block_device_mappings": [
|
|
|
|
{
|
|
|
|
"device_name": "xvda",
|
|
|
|
"delete_on_termination": true,
|
|
|
|
"volume_type": "gp2"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
```
|
2018-04-02 13:32:14 -04:00
|
|
|
|
|
|
|
## Build template data
|
|
|
|
|
2018-10-26 20:02:51 -04:00
|
|
|
In configuration directives marked as a template engine above, the following
|
|
|
|
variables are available:
|
2018-04-02 13:32:14 -04:00
|
|
|
|
2018-10-26 20:02:51 -04:00
|
|
|
- `BuildRegion` - The region (for example `eu-central-1`) where Packer is
|
|
|
|
building the AMI.
|
|
|
|
- `SourceAMI` - The source AMI ID (for example `ami-a2412fcd`) used to build
|
|
|
|
the AMI.
|
|
|
|
- `SourceAMIName` - The source AMI Name (for example
|
|
|
|
`ubuntu/images/ebs-ssd/ubuntu-xenial-16.04-amd64-server-20180306`) used to
|
|
|
|
build the AMI.
|
|
|
|
- `SourceAMITags` - The source AMI Tags, as a `map[string]string` object.
|