2013-07-31 01:17:58 -04:00
---
2017-06-14 21:04:16 -04:00
description: |
The amazon-chroot Packer builder is able to create Amazon AMIs backed by an
EBS volume as the root device. For more information on the difference between
instance storage and EBS-backed instances, storage for the root device section
in the EC2 documentation.
2015-07-22 22:31:00 -04:00
layout: docs
2017-06-14 21:04:16 -04:00
page_title: 'Amazon chroot - Builders'
sidebar_current: 'docs-builders-amazon-chroot'
2016-09-04 15:15:01 -04:00
---
2013-07-31 01:17:58 -04:00
# AMI Builder (chroot)
Type: `amazon-chroot`
2015-07-22 22:31:00 -04:00
The `amazon-chroot` Packer builder is able to create Amazon AMIs backed by an
EBS volume as the root device. For more information on the difference between
instance storage and EBS-backed instances, see the ["storage for the root
device" section in the EC2
2016-01-14 15:31:19 -05:00
documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html#storage-for-the-root-device).
2013-07-31 01:17:58 -04:00
2015-07-22 22:31:00 -04:00
The difference between this builder and the `amazon-ebs` builder is that this
builder is able to build an EBS-backed AMI without launching a new EC2 instance.
This can dramatically speed up AMI builds for organizations who need the extra
fast build.
2013-07-31 01:17:58 -04:00
2017-06-14 21:04:16 -04:00
~> **This is an advanced builder** If you're just getting started with
2015-07-22 22:31:00 -04:00
Packer, we recommend starting with the [amazon-ebs
builder](/docs/builders/amazon-ebs.html), which is much easier to use.
2013-07-31 01:17:58 -04:00
2015-07-22 22:31:00 -04:00
The builder does *not* manage AMIs. Once it creates an AMI and stores it in your
account, it is up to you to use, delete, etc. the AMI.
2013-07-31 01:17:58 -04:00
## How Does it Work?
2015-07-22 22:31:00 -04:00
This builder works by creating a new EBS volume from an existing source AMI and
attaching it into an already-running EC2 instance. Once attached, a
2016-01-14 15:31:19 -05:00
[chroot ](https://en.wikipedia.org/wiki/Chroot ) is used to provision the system
2015-07-22 22:31:00 -04:00
within that volume. After provisioning, the volume is detached, snapshotted, and
an AMI is made.
2013-07-31 01:17:58 -04:00
2015-07-22 22:31:00 -04:00
Using this process, minutes can be shaved off the AMI creation process because a
new EC2 instance doesn't need to be launched.
2013-07-31 01:17:58 -04:00
2015-07-22 22:31:00 -04:00
There are some restrictions, however. The host EC2 instance where the volume is
attached to must be a similar system (generally the same OS version, kernel
versions, etc.) as the AMI being built. Additionally, this process is much more
expensive because the EC2 instance must be kept running persistently in order to
build AMIs, whereas the other AMI builders start instances on-demand to build
AMIs as needed.
2013-07-31 01:17:58 -04:00
## Configuration Reference
There are many configuration options available for the builder. They are
segmented below into two categories: required and optional parameters. Within
each category, the available configuration keys are alphabetized.
2014-05-04 13:47:40 -04:00
### Required:
2013-07-31 01:17:58 -04:00
2017-06-14 21:04:16 -04:00
- `access_key` (string) - The access key used to communicate with AWS. [Learn
how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
2013-07-31 01:17:58 -04:00
2017-06-14 21:04:16 -04:00
- `ami_name` (string) - The name of the resulting AMI that will appear when
managing AMIs in the AWS console or via APIs. This must be unique. To help
make this unique, use a function like `timestamp` (see [template
engine](/docs/templates/engine.html) for more info)
2013-07-31 01:17:58 -04:00
2017-06-14 21:04:16 -04:00
- `secret_key` (string) - The secret key used to communicate with AWS. [Learn
how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
2013-07-31 01:17:58 -04:00
2017-06-14 21:04:16 -04:00
- `source_ami` (string) - The source AMI whose root volume will be copied and
provisioned on the currently running instance. This must be an EBS-backed AMI
with a root volume snapshot that you have access to. Note: this is not used
when `from_scratch` is set to true.
2013-07-31 01:17:58 -04:00
2014-05-04 13:47:40 -04:00
### Optional:
2014-04-10 08:16:31 -04:00
2017-06-14 21:04:16 -04:00
- `ami_description` (string) - The description to set for the
2017-01-10 08:47:53 -05:00
resulting AMI(s). By default this description is empty. This is a
2018-04-02 13:32:14 -04:00
[template engine ](/docs/templates/engine.html ),
see [Build template data ](#build-template-data ) for more information.
2013-08-09 01:57:22 -04:00
2017-06-14 21:04:16 -04:00
- `ami_groups` (array of strings) - A list of groups that have access to
2015-07-22 23:25:58 -04:00
launch the resulting AMI(s). By default no groups have permission to launch
the AMI. `all` will make the AMI publicly accessible.
2013-08-09 01:57:22 -04:00
2017-06-14 21:04:16 -04:00
- `ami_product_codes` (array of strings) - A list of product codes to
2015-07-22 23:25:58 -04:00
associate with the AMI. By default no product codes are associated with
the AMI.
2013-08-09 01:57:22 -04:00
2017-06-14 21:04:16 -04:00
- `ami_regions` (array of strings) - A list of regions to copy the AMI to.
2015-07-22 23:25:58 -04:00
Tags and attributes are copied along with the AMI. AMI copying takes time
depending on the size of the AMI, but will generally take many minutes.
2013-08-22 18:20:44 -04:00
2017-06-14 21:04:16 -04:00
- `ami_users` (array of strings) - A list of account IDs that have access to
2017-10-16 16:27:26 -04:00
launch the resulting AMI(s). By default no additional users other than the user creating the AMI has permissions to launch it.
2013-08-09 01:57:22 -04:00
2017-06-14 21:04:16 -04:00
- `ami_virtualization_type` (string) - The type of virtualization for the AMI
2015-07-22 23:25:58 -04:00
you are building. This option is required to register HVM images. Can be
"paravirtual" (default) or "hvm".
2014-05-04 13:47:40 -04:00
2017-06-14 21:04:16 -04:00
- `chroot_mounts` (array of array of strings) - This is a list of devices
2016-10-15 08:42:36 -04:00
to mount into the chroot environment. This configuration parameter
2015-07-22 23:25:58 -04:00
requires some additional documentation which is in the "Chroot Mounts"
section below. Please read that section for more information on how to
use this.
2013-07-31 01:17:58 -04:00
2017-06-14 21:04:16 -04:00
- `command_wrapper` (string) - How to run shell commands. This defaults to
2016-09-04 15:15:01 -04:00
`{{.Command}}` . This may be useful to set if you want to set environmental
variables or perhaps run it with `sudo` or so on. This is a configuration
template where the `.Command` variable is replaced with the command to
2016-09-16 07:57:41 -04:00
be run. Defaults to "{{.Command}}".
2014-05-04 13:47:40 -04:00
2017-06-14 21:04:16 -04:00
- `copy_files` (array of strings) - Paths to files on the running EC2 instance
2016-09-16 07:57:41 -04:00
that will be copied into the chroot environment prior to provisioning. Defaults
2017-03-24 15:43:37 -04:00
to `/etc/resolv.conf` so that DNS lookups work. Pass an empty list to skip
2017-03-24 18:42:11 -04:00
copying `/etc/resolv.conf` . You may need to do this if you're building
2017-03-25 02:27:07 -04:00
an image that uses systemd.
2013-07-31 01:17:58 -04:00
2017-10-16 16:27:26 -04:00
- `custom_endpoint_ec2` (string) - This option is useful if you use a cloud
provider whose API is compatible with aws EC2. Specify another endpoint
like this `https://ec2.custom.endpoint.com` .
2017-05-17 13:33:57 -04:00
2017-10-02 16:12:42 -04:00
- `decode_authorization_messages` (boolean) - Enable automatic decoding of any
encoded authorization (error) messages using the `sts:DecodeAuthorizationMessage` API.
Note: requires that the effective user/role have permissions to `sts:DecodeAuthorizationMessage`
on resource `*` . Default `false` .
2017-06-14 21:04:16 -04:00
- `device_path` (string) - The path to the device where the root volume of the
2015-07-22 23:25:58 -04:00
source AMI will be attached. This defaults to "" (empty string), which
forces Packer to find an open device automatically.
2013-07-31 01:17:58 -04:00
2017-08-29 12:36:06 -04:00
- `ena_support` (boolean) - Enable enhanced networking (ENA but not SriovNetSupport)
on HVM-compatible AMIs. If true, add `ec2:ModifyInstanceAttribute` to your AWS IAM policy.
Note: you must make sure enhanced networking is enabled on your instance. See [Amazon's
documentation on enabling enhanced networking](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html#enabling_enhanced_networking). Default `false` .
2017-06-14 21:04:16 -04:00
- `force_deregister` (boolean) - Force Packer to first deregister an existing
2016-10-26 23:36:35 -04:00
AMI if one with the same name already exists. Default `false` .
2015-06-15 11:01:32 -04:00
2017-06-14 21:04:16 -04:00
- `force_delete_snapshot` (boolean) - Force Packer to delete snapshots associated with
2016-11-30 16:28:34 -05:00
AMIs, which have been deregistered by `force_deregister` . Default `false` .
2017-06-14 21:04:16 -04:00
- `encrypt_boot` (boolean) - Instruct packer to automatically create a copy of the
2017-02-26 20:49:33 -05:00
AMI with an encrypted boot volume (discarding the initial unencrypted AMI in the
2017-07-14 17:13:21 -04:00
process). Packer will always run this operation, even if the base
AMI has an encrypted boot volume to start with. Default `false` .
2017-02-26 20:49:33 -05:00
2017-06-14 21:04:16 -04:00
- `kms_key_id` (string) - The ID of the KMS key to use for boot volume encryption.
2017-02-26 20:54:42 -05:00
This only applies to the main `region` , other regions where the AMI will be copied
will be encrypted by the default EBS KMS key.
2017-06-14 21:04:16 -04:00
- `from_scratch` (boolean) - Build a new volume instead of starting from an
2016-10-26 23:36:35 -04:00
existing AMI root volume snapshot. Default `false` . If true, `source_ami` is
2016-09-04 15:15:01 -04:00
no longer used and the following options become required:
`ami_virtualization_type` , `pre_mount_commands` and `root_volume_size` . The
2016-09-03 15:06:40 -04:00
below options are also required in this mode only:
2017-06-14 21:04:16 -04:00
- `ami_block_device_mappings` (array of block device mappings) - Add one or
2017-01-18 00:32:18 -05:00
more [block device mappings ](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html )
to the AMI. These will be attached when booting a new instance from your
AMI. Your options here may vary depending on the type of VM you use. The
block device mappings allow for the following configuration:
2016-10-26 23:36:35 -04:00
2017-06-14 21:04:16 -04:00
- `delete_on_termination` (boolean) - Indicates whether the EBS volume is
2016-11-15 22:55:59 -05:00
deleted on instance termination. Default `false` . **NOTE** : If this
value is not explicitly set to `true` and volumes are not cleaned up by
an alternative method, additional volumes will accumulate after
every build.
2017-06-14 21:04:16 -04:00
- `device_name` (string) - The device name exposed to the instance (for
example, `/dev/sdh` or `xvdh` ). Required when specifying `volume_size` .
2016-11-15 22:55:59 -05:00
2017-06-14 21:04:16 -04:00
- `encrypted` (boolean) - Indicates whether to encrypt the volume or not
2016-11-15 22:55:59 -05:00
2018-01-12 17:48:18 -05:00
- `kms_key_id` (string) - The ARN for the KMS encryption key. When
specifying `kms_key_id` , `encrypted` needs to be set to `true` .
2017-10-16 14:23:33 -04:00
- `iops` (number) - The number of I/O operations per second (IOPS) that the
2016-11-15 22:55:59 -05:00
volume supports. See the documentation on
[IOPs ](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_EbsBlockDevice.html )
for more information
2017-06-14 21:04:16 -04:00
- `no_device` (boolean) - Suppresses the specified device included in the
2016-11-15 22:55:59 -05:00
block device mapping of the AMI
2017-06-14 21:04:16 -04:00
- `snapshot_id` (string) - The ID of the snapshot
2016-11-15 22:55:59 -05:00
2017-06-14 21:04:16 -04:00
- `virtual_name` (string) - The virtual device name. See the documentation on
2016-11-15 22:55:59 -05:00
[Block Device
Mapping](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_BlockDeviceMapping.html)
for more information
2017-10-16 14:23:33 -04:00
- `volume_size` (number) - The size of the volume, in GiB. Required if not
2016-11-15 22:55:59 -05:00
specifying a `snapshot_id`
2017-06-14 21:04:16 -04:00
- `volume_type` (string) - The volume type. gp2 for General Purpose (SSD)
2016-11-15 22:55:59 -05:00
volumes, io1 for Provisioned IOPS (SSD) volumes, and standard for Magnetic
volumes
2016-09-03 15:06:40 -04:00
2017-06-14 21:04:16 -04:00
- `region_kms_key_ids` (map of strings) - a map of regions to copy the ami to,
along with the custom kms key id to use for encryption for that region.
Keys must match the regions provided in `ami_regions` . If you just want to
encrypt using a default ID, you can stick with `kms_key_id` and `ami_regions` .
If you want a region to be encrypted with that region's default key ID, you can
use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""` )
However, you cannot use default key IDs if you are using this in conjunction with
`snapshot_users` -- in that situation you must use custom keys.
2017-06-01 12:28:17 -04:00
2017-06-14 21:04:16 -04:00
- `root_device_name` (string) - The root device name. For example, `xvda` .
2016-09-03 15:06:40 -04:00
2017-06-14 21:04:16 -04:00
- `mfa_code` (string) - The MFA [TOTP ](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm )
code. This should probably be a user variable since it changes all the time.
2017-06-12 20:16:27 -04:00
2017-06-14 21:04:16 -04:00
- `mount_path` (string) - The path where the volume will be mounted. This is
2015-07-22 23:25:58 -04:00
where the chroot environment will be. This defaults to
2016-09-16 07:57:41 -04:00
`/mnt/packer-amazon-chroot-volumes/{{.Device}}` . This is a configuration template
2015-07-22 23:25:58 -04:00
where the `.Device` variable is replaced with the name of the device where
the volume is attached.
2013-07-31 01:17:58 -04:00
2018-04-25 13:47:52 -04:00
- `mount_partition` (string) - The partition number containing the
/ partition. By default this is the first partition of the volume, (for
example, `xvda1` ) but you can designate the entire block device by setting
`"mount_partition": "0"` in your config, which will mount `xvda` instead.
2016-01-06 14:35:01 -05:00
2017-06-14 21:04:16 -04:00
- `mount_options` (array of strings) - Options to supply the `mount` command
2015-07-22 23:25:58 -04:00
when mounting devices. Each option will be prefixed with `-o` and supplied
to the `mount` command ran by Packer. Because this command is ran in a
2017-10-04 17:25:31 -04:00
shell, user discretion is advised. See [this manual page for the mount
2015-07-22 23:25:58 -04:00
command](http://linuxcommand.org/man_pages/mount8.html) for valid file
system specific options
2015-06-23 12:31:43 -04:00
2018-05-23 12:58:15 -04:00
- `nvme_device_path` (string) - When we call the mount command (by default
`mount -o device dir` ), the string provided in `nvme_mount_path` will
replace `device` in that command. When this option is not set, `device` in
that command will be something like `/dev/sdf1` , mirroring the attached
device name. This assumption works for most instances but will fail with c5
and m5 instances. In order to use the chroot builder with c5 and m5
2018-05-23 16:34:56 -04:00
instances, you must manually set `nvme_device_path` and `device_path` .
2018-05-23 12:58:15 -04:00
2017-06-14 21:04:16 -04:00
- `pre_mount_commands` (array of strings) - A series of commands to execute
2016-09-04 15:15:01 -04:00
after attaching the root volume and before mounting the chroot. This is not
required unless using `from_scratch` . If so, this should include any
partitioning and filesystem creation commands. The path to the device is
2016-09-03 15:06:40 -04:00
provided by `{{.Device}}` .
2017-06-14 21:04:16 -04:00
- `profile` (string) - The profile to use in the shared credentials file for
2017-06-14 19:45:18 -04:00
AWS. See Amazon's documentation on [specifying
profiles](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-profiles)
for more details.
2017-06-14 21:04:16 -04:00
- `post_mount_commands` (array of strings) - As `pre_mount_commands` , but the
2016-09-03 15:06:40 -04:00
commands are executed after mounting the root device and before the extra
2016-09-04 15:15:01 -04:00
mount and copy steps. The device and mount path are provided by
2016-09-03 15:06:40 -04:00
`{{.Device}}` and `{{.MountPath}}` .
2017-10-16 14:23:33 -04:00
- `root_volume_size` (number) - The size of the root volume in GB for the
2016-10-27 00:20:45 -04:00
chroot environment and the resulting AMI. Default size is the snapshot size
of the `source_ami` unless `from_scratch` is `true` , in which case
this field must be defined.
2015-06-23 11:52:42 -04:00
2018-09-04 20:01:54 -04:00
- `root_volume_type` (string) - The type of EBS volume for the chroot environment
and resulting AMI. The default value is the type of the `source_ami` , unless
`from_scratch` is true, in which case the default value is `gp2` . You can only
specify `io1` if building based on top of a `source_ami` which is also `io1` .
2018-07-20 02:04:49 -04:00
- `root_volume_tags` (object of key/value strings) - Tags to apply to the volumes
that are *launched* . This is a
[template engine ](/docs/templates/engine.html ),
see [Build template data ](#build-template-data ) for more information.
2017-06-14 21:04:16 -04:00
- `skip_region_validation` (boolean) - Set to true if you want to skip
2016-10-26 23:36:35 -04:00
validation of the `ami_regions` configuration option. Default `false` .
2016-06-06 14:45:22 -04:00
2017-06-14 21:04:16 -04:00
- `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot.
2017-01-10 08:47:53 -05:00
They will override AMI tags if already applied to snapshot. This is a
2018-04-02 13:32:14 -04:00
[template engine ](/docs/templates/engine.html ),
see [Build template data ](#build-template-data ) for more information.
2016-12-02 03:49:21 -05:00
2017-06-14 21:04:16 -04:00
- `snapshot_groups` (array of strings) - A list of groups that have access to
2016-12-02 03:49:21 -05:00
create volumes from the snapshot(s). By default no groups have permission to create
2017-12-19 19:29:39 -05:00
volumes from the snapshot(s). `all` will make the snapshot publicly accessible.
2016-12-02 03:49:21 -05:00
2017-06-14 21:04:16 -04:00
- `snapshot_users` (array of strings) - A list of account IDs that have access to
2016-12-02 03:49:21 -05:00
create volumes from the snapshot(s). By default no additional users other than the
user creating the AMI has permissions to create volumes from the backing snapshot(s).
2017-06-14 21:04:16 -04:00
- `source_ami_filter` (object) - Filters used to populate the `source_ami` field.
2016-10-01 18:27:48 -04:00
Example:
2016-11-30 06:32:46 -05:00
2017-06-14 21:04:16 -04:00
``` json
2016-10-01 18:27:48 -04:00
"source_ami_filter": {
2017-03-25 18:13:52 -04:00
"filters": {
"virtualization-type": "hvm",
2017-09-05 20:20:48 -04:00
"name": "ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*",
2017-03-25 18:13:52 -04:00
"root-device-type": "ebs"
},
"owners": ["099720109477"],
"most_recent": true
2016-10-01 18:27:48 -04:00
}
```
2016-11-30 06:32:46 -05:00
2016-10-01 18:27:48 -04:00
This selects the most recent Ubuntu 16.04 HVM EBS AMI from Canonical.
2016-10-14 14:51:19 -04:00
NOTE: This will fail unless *exactly* one AMI is returned. In the above
example, `most_recent` will cause this to succeed by selecting the newest image.
2016-10-01 18:27:48 -04:00
2017-06-14 21:04:16 -04:00
- `filters` (map of strings) - filters used to select a `source_ami` .
NOTE: This will fail unless *exactly* one AMI is returned.
Any filter described in the docs for [DescribeImages ](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html )
is valid.
2016-10-01 18:27:48 -04:00
2017-06-14 21:04:16 -04:00
- `owners` (array of strings) - This scopes the AMIs to certain Amazon account IDs.
2018-08-14 15:33:09 -04:00
This is a required option, necessary to limit the AMIs your account or a trusted third party.
2016-10-01 18:27:48 -04:00
2017-10-16 12:11:33 -04:00
- `most_recent` (boolean) - Selects the newest created image when true.
2017-06-14 21:04:16 -04:00
This is most useful for selecting a daily distro build.
2016-10-01 18:27:48 -04:00
2018-02-13 19:48:39 -05:00
You may set this in place of `source_ami` or in conjunction with it. If you
2018-04-25 13:47:52 -04:00
set this in conjunction with `source_ami` , the `source_ami` will be added to
2018-02-13 19:48:39 -05:00
the filter. The provided `source_ami` must meet all of the filtering criteria
2018-04-25 13:47:52 -04:00
provided in `source_ami_filter` ; this pins the AMI returned by the filter,
2018-02-13 19:48:39 -05:00
but will cause Packer to fail if the `source_ami` does not exist.
2017-08-29 12:36:06 -04:00
- `sriov_support` (boolean) - Enable enhanced networking (SriovNetSupport but not ENA)
on HVM-compatible AMIs. If true, add `ec2:ModifyInstanceAttribute` to your AWS IAM
policy. Note: you must make sure enhanced networking is enabled on your instance. See [Amazon's
documentation on enabling enhanced networking](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html#enabling_enhanced_networking).
Default `false` .
2017-06-14 21:04:16 -04:00
- `tags` (object of key/value strings) - Tags applied to the AMI. This is a
2018-04-02 13:32:14 -04:00
[template engine ](/docs/templates/engine.html ),
see [Build template data ](#build-template-data ) for more information.
2017-01-10 08:47:53 -05:00
2013-07-31 01:17:58 -04:00
## Basic Example
Here is a basic example. It is completely valid except for the access keys:
2017-06-14 21:04:16 -04:00
``` json
2013-07-31 01:17:58 -04:00
{
"type": "amazon-chroot",
"access_key": "YOUR KEY HERE",
"secret_key": "YOUR SECRET KEY HERE",
"source_ami": "ami-e81d5881",
2013-08-08 19:59:42 -04:00
"ami_name": "packer-amazon-chroot {{timestamp}}"
2013-07-31 01:17:58 -04:00
}
2014-10-20 13:55:16 -04:00
```
2013-07-31 01:17:58 -04:00
## Chroot Mounts
2016-10-15 08:42:36 -04:00
The `chroot_mounts` configuration can be used to mount specific devices within
2015-07-22 22:31:00 -04:00
the chroot. By default, the following additional mounts are added into the
chroot by Packer:
2013-07-31 01:17:58 -04:00
2017-06-14 21:04:16 -04:00
- `/proc` (proc)
- `/sys` (sysfs)
- `/dev` (bind to real `/dev` )
- `/dev/pts` (devpts)
- `/proc/sys/fs/binfmt_misc` (binfmt\_misc)
2013-07-31 01:17:58 -04:00
2015-07-22 22:31:00 -04:00
These default mounts are usually good enough for anyone and are sane defaults.
However, if you want to change or add the mount points, you may using the
2016-10-15 08:42:36 -04:00
`chroot_mounts` configuration. Here is an example configuration which only
2018-02-06 21:58:54 -05:00
mounts `/proc` and `/dev` :
2013-07-31 01:17:58 -04:00
2017-06-14 21:04:16 -04:00
``` json
2013-07-31 01:17:58 -04:00
{
"chroot_mounts": [
["proc", "proc", "/proc"],
["bind", "/dev", "/dev"]
]
}
2014-10-20 13:55:16 -04:00
```
2013-07-31 01:17:58 -04:00
2015-07-22 22:31:00 -04:00
`chroot_mounts` is a list of a 3-tuples of strings. The three components of the
3-tuple, in order, are:
2013-07-31 01:17:58 -04:00
2017-06-14 21:04:16 -04:00
- The filesystem type. If this is "bind", then Packer will properly bind the
2015-07-22 23:25:58 -04:00
filesystem to another mount point.
2013-07-31 01:17:58 -04:00
2017-06-14 21:04:16 -04:00
- The source device.
2013-07-31 01:17:58 -04:00
2017-06-14 21:04:16 -04:00
- The mount directory.
2013-07-31 01:17:58 -04:00
## Parallelism
2015-07-22 22:31:00 -04:00
A quick note on parallelism: it is perfectly safe to run multiple *separate*
Packer processes with the `amazon-chroot` builder on the same EC2 instance. In
fact, this is recommended as a way to push the most performance out of your AMI
builds.
2013-07-31 01:17:58 -04:00
2015-07-22 22:31:00 -04:00
Packer properly obtains a process lock for the parallelism-sensitive parts of
its internals such as finding an available device.
2013-09-25 01:09:10 -04:00
2013-11-22 01:11:40 -05:00
## Gotchas
2018-05-23 12:58:15 -04:00
### Unmounting the Filesystem
2013-11-22 01:11:40 -05:00
One of the difficulties with using the chroot builder is that your provisioning
scripts must not leave any processes running or packer will be unable to unmount
the filesystem.
2015-07-22 22:31:00 -04:00
For debian based distributions you can setup a
[policy-rc.d ](http://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt )
file which will prevent packages installed by your provisioners from starting
services:
2013-11-22 01:11:40 -05:00
2017-06-14 21:04:16 -04:00
``` json
2013-11-22 01:11:40 -05:00
{
"type": "shell",
"inline": [
"echo '#!/bin/sh' > /usr/sbin/policy-rc.d",
"echo 'exit 101' >> /usr/sbin/policy-rc.d",
"chmod a+x /usr/sbin/policy-rc.d"
]
},
2014-10-20 13:55:16 -04:00
// ...
2013-11-22 01:11:40 -05:00
{
"type": "shell",
"inline": [
"rm -f /usr/sbin/policy-rc.d"
]
}
2014-10-20 13:55:16 -04:00
```
2016-09-03 15:06:40 -04:00
2018-05-23 12:58:15 -04:00
### Using Instances with NVMe block devices.
In C5, C5d, M5, and i3.metal instances, EBS volumes are exposed as NVMe block
devices [reference ](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html ).
In order to correctly mount these devices, you have to do some extra legwork,
involving the `nvme_device_path` option above. Read that for more information.
A working example for mounting an NVMe device is below:
```
{
"variables": {
"region" : "us-east-2"
},
"builders": [
{
"type": "amazon-chroot",
"region": "{{user `region` }}",
"source_ami_filter": {
"filters": {
"virtualization-type": "hvm",
"name": "amzn-ami-hvm-*",
"root-device-type": "ebs"
},
"owners": ["137112412989"],
"most_recent": true
},
"ena_support": true,
"ami_name": "amazon-chroot-test-{{timestamp}}",
"nvme_device_path": "/dev/nvme1n1p",
"device_path": "/dev/sdf"
}
],
"provisioners": [
{
"type": "shell",
"inline": ["echo Test > /tmp/test.txt"]
}
]
}
```
Note that in the `nvme_device_path` you must end with the `p` ; if you try to
define the partition in this path (e.g. "nvme_device_path": `/dev/nvme1n1p1` )
and haven't also set the `"mount_partition": 0` , a `1` will be appended to the
`nvme_device_path` and Packer will fail.
2016-09-04 15:15:01 -04:00
## Building From Scratch
2016-09-03 15:06:40 -04:00
2016-09-04 15:15:01 -04:00
This example demonstrates the essentials of building an image from scratch. A
2016-09-03 15:06:40 -04:00
15G gp2 (SSD) device is created (overriding the default of standard/magnetic).
The device setup commands partition the device with one partition for use as an
2016-09-04 15:15:01 -04:00
HVM image and format it ext4. This builder block should be followed by
2016-09-03 15:06:40 -04:00
provisioning commands to install the os and bootloader.
2017-06-14 21:04:16 -04:00
``` json
2016-09-03 15:06:40 -04:00
{
"type": "amazon-chroot",
2017-03-18 20:37:02 -04:00
"ami_name": "packer-from-scratch {{timestamp}}",
2016-09-03 15:06:40 -04:00
"from_scratch": true,
"ami_virtualization_type": "hvm",
2017-02-22 13:32:49 -05:00
"pre_mount_commands": [
2016-09-04 15:15:01 -04:00
"parted {{.Device}} mklabel msdos mkpart primary 1M 100% set 1 boot on print",
2016-09-03 15:06:40 -04:00
"mkfs.ext4 {{.Device}}1"
],
"root_volume_size": 15,
"root_device_name": "xvda",
"ami_block_device_mappings": [
{
"device_name": "xvda",
"delete_on_termination": true,
"volume_type": "gp2"
}
]
}
```
2018-04-02 13:32:14 -04:00
## Build template data
The available variables are:
- `BuildRegion` - The region (for example `eu-central-1` ) where Packer is building the AMI.
- `SourceAMI` - The source AMI ID (for example `ami-a2412fcd` ) used to build the AMI.
- `SourceAMIName` - The source AMI Name (for example `ubuntu/images/ebs-ssd/ubuntu-xenial-16.04-amd64-server-20180306` ) used to build the AMI.
- `SourceAMITags` - The source AMI Tags, as a `map[string]string` object.