Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Base Image to Amazon Linux 2023 #1122

Merged
merged 39 commits into from
Jun 9, 2023
Merged

Upgrade Base Image to Amazon Linux 2023 #1122

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
9cc368e
Switch base AMI to Amazon Linux 2023
triarius Mar 20, 2023
0a59a3b
Bump packer to v1.8.6
triarius Mar 21, 2023
2a72f01
Remove python2 and install aws-cli v2 from repos
triarius Mar 21, 2023
883da24
Replace docker-gc cron jobs with systemd timers
triarius May 30, 2023
6c6bd3e
Remove docker-compose v1
triarius May 30, 2023
25a9da8
Remove qemu and qemu-user-static packages
triarius May 30, 2023
23b3db8
Remove upgrade of signature
triarius Jun 5, 2023
6ca45e4
Switch to manual install of goss and install dgoss as well
triarius Jun 5, 2023
4f99405
Fewer tabs in bk-install-elastic-stack.sh
triarius Jun 5, 2023
2143bda
Use a single command to start and enable systemd units
triarius Jun 5, 2023
eca2fe2
Bump docker compose to v2.18.1 and install docker from repos
triarius Jun 5, 2023
3c57da5
Convert refresh authorized_keys cron into systemd timer
triarius Jun 5, 2023
9c0d053
Use curl instead of ec2-metadata tool
triarius Jun 5, 2023
2d32dfc
Consolidate packer install scripts
triarius Jun 5, 2023
734e9ce
Install all utils in single command
triarius Jun 5, 2023
214f529
Remove ssm plugin
triarius Jun 5, 2023
b8a23e1
Update sshd home dir expectation
triarius Jun 5, 2023
e8e41a8
Update expected docker group id
triarius Jun 5, 2023
6ecfbf0
Replace cloud-boothook with x-shellscript
triarius Jun 5, 2023
f12eed1
Update subgid for docker group
triarius Jun 5, 2023
406d9ff
Fix logging and standardise formatting in some startup scripts
triarius Jun 5, 2023
07a7a1b
Add a comment about userns
triarius Jun 6, 2023
6a7667c
Remove unnecessary quotes in goss file
triarius Jun 6, 2023
198c8bc
Add checks that docker is configured correctly
triarius Jun 6, 2023
96510d4
Remove docker info goss test and update comments
triarius Jun 6, 2023
da56b78
Escape go templating
triarius Jun 6, 2023
b4be589
Restart docker daemon after setting userns
triarius Jun 6, 2023
2e25e00
Remove default instance in systemd
triarius Jun 6, 2023
e1e9479
Install, start, and enable ssm-agent
triarius Jun 6, 2023
c0b6d97
Print more informative steps during docker installation
triarius Jun 6, 2023
d290926
Install qemu-binfmt using docker container on boot
triarius Jun 6, 2023
7755a93
Add GOSS test for amazon-ssm-agent
triarius Jun 6, 2023
974b2b9
Remove goss timeouts
triarius Jun 6, 2023
b4afa48
Test multiarch with goss
triarius Jun 6, 2023
3e4cd66
Rightsize test instances
triarius Jun 6, 2023
00e7a8b
Add explicit 30s timeout to all goss assertions that pull docker images
triarius Jun 6, 2023
9272fb7
Change docker info output to show which elements of a list are presen…
triarius Jun 7, 2023
d0bb6f2
Fix goss docker info commands
triarius Jun 7, 2023
3c7c3a5
Use case statement to determine ARCH in packer/linux/conf/bin/bk-inst…
triarius Jun 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
VERSION = $(shell git describe --tags --candidates=1)
SHELL = /bin/bash -o pipefail

PACKER_VERSION ?= 1.6.2
PACKER_VERSION ?= 1.8.6
PACKER_LINUX_FILES = $(exec find packer/linux)
PACKER_WINDOWS_FILES = $(exec find packer/windows)

Expand Down
10 changes: 8 additions & 2 deletions goss.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,10 +109,16 @@ command:
"git-lfs --version":
exit-status: 0

"/etc/cron.hourly/docker-low-disk-gc":
"systemctl is-enabled docker-gc.timer":
exit-status: 0

"/etc/cron.hourly/docker-gc":
/usr/local/bin/docker-gc:
exit-status: 0

"systemctl is-enabled docker-low-disk-gc.timer":
exit-status: 0

/usr/local/bin/docker-low-disk-gc:
exit-status: 0

# Checks that docker is running
Expand Down
12 changes: 3 additions & 9 deletions packer/linux/buildkite-ami.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"region": "{{user `region`}}",
"source_ami_filter": {
"filters": {
"name": "amzn2-ami-kernel-5.10-hvm-2.0.*-gp2",
"name": "al2023-ami-minimal-2023.0.*.*-kernel-*",
"architecture": "{{user `arch`}}",
"virtualization-type": "hvm"
},
Expand All @@ -21,7 +21,7 @@
"instance_type": "{{user `instance_type`}}",
"ssh_username": "ec2-user",
"ami_name": "buildkite-stack-linux-{{user `arch`}}-{{isotime | clean_resource_name}}",
"ami_description": "Buildkite Elastic Stack (Amazon Linux 2 LTS w/ docker)",
"ami_description": "Buildkite Elastic Stack (Amazon Linux 2023 w/ docker)",
"ami_groups": ["all"]
}
],
Expand Down Expand Up @@ -74,13 +74,7 @@
},
{
"type": "shell",
"script": "scripts/upgrade-kernel.sh"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed

},
{
"type": "shell",
"inline": [
"rm /home/ec2-user/.ssh/authorized_keys"
]
"inline": ["rm /home/ec2-user/.ssh/authorized_keys"]
}
]
}
0 ...r/linux/conf/docker/cron.hourly/docker-gc → packer/linux/conf/docker/scripts/docker-gc
View file
Open in desktop
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are now systemd timers

File renamed without changes.
0 ...onf/docker/cron.hourly/docker-low-disk-gc → ...ux/conf/docker/scripts/docker-low-disk-gc
100644 → 100755
View file
Open in desktop
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are now systemd timers

File renamed without changes.
10 changes: 10 additions & 0 deletions packer/linux/conf/docker/systemd/docker-gc.service
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
[Unit]
Description=Clean files used by docker except for the build cache
Wants=docker-gc.timer

[Service]
Type=oneshot
ExecStart=/usr/local/bin/docker-gc

[Install]
WantedBy=multi-user.target
10 changes: 10 additions & 0 deletions packer/linux/conf/docker/systemd/docker-gc.timer
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
[Unit]
Description=Clean files used by docker except for the build cache
Requires=docker-gc.service

[Timer]
Unit=docker-gc.service
OnCalendar=hourly

[Install]
WantedBy=timers.target
10 changes: 10 additions & 0 deletions packer/linux/conf/docker/systemd/docker-low-disk-gc.service
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
[Unit]
Description=Clean files used by docker including the build cache when disk space is low
Wants=docker-low-disk-gc.timer

[Service]
Type=oneshot
ExecStart=/usr/local/bin/docker-low-disk-gc

[Install]
WantedBy=multi-user.target
10 changes: 10 additions & 0 deletions packer/linux/conf/docker/systemd/docker-low-disk-gc.timer
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
[Unit]
Description=Clean files used by docker including the build cache when disk space is low
Requires=docker-low-disk-gc.service

[Timer]
Unit=docker-low-disk-gc.service
OnCalendar=hourly

[Install]
WantedBy=timers.target
41 changes: 9 additions & 32 deletions packer/linux/scripts/install-docker.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ set -eu -o pipefail

DOCKER_VERSION=20.10.23
DOCKER_RELEASE="stable"
DOCKER_COMPOSE_VERSION=1.29.2
DOCKER_COMPOSE_V2_VERSION=2.16.0
DOCKER_BUILDX_VERSION="0.10.5"
MACHINE=$(uname -m)
Expand Down Expand Up @@ -33,42 +32,18 @@ sudo curl -Lfs -o /etc/systemd/system/docker.socket "https://raw.githubuserconte
sudo systemctl daemon-reload
sudo systemctl enable docker.service

if [ "${MACHINE}" == "x86_64" ]; then
echo "Downloading docker-compose..."
sudo curl -Lsf -o /usr/bin/docker-compose https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64
sudo chmod +x /usr/bin/docker-compose
docker-compose --version
elif [[ "${MACHINE}" == "aarch64" ]]; then
sudo yum install -y gcc-c++ libffi-devel openssl11 openssl11-devel python3-devel

# docker-compose depends on the cryptography package, v3.4 of which
# introduces a build dependency on rust; let's avoid that for now.
# https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst#34---2021-02-07
# This should be unpinned ASAP; hopefully docker-compose will offer binary
# download for arm64 at some point:
# https://github.com/docker/compose/issues/7472
CONSTRAINT_FILE="/tmp/docker-compose-pip-constraint"
echo 'cryptography<3.4' >"$CONSTRAINT_FILE"
echo 'urllib3<2' >"$CONSTRAINT_FILE"
sudo pip3 install --constraint "$CONSTRAINT_FILE" "docker-compose==${DOCKER_COMPOSE_VERSION}"

docker-compose version
else
echo "No docker compose option configured for arch ${MACHINE}"
exit 1
fi

Comment on lines -36 to -60
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

chefskiss

echo "Adding docker cron tasks..."
sudo cp /tmp/conf/docker/cron.hourly/docker-gc /etc/cron.hourly/docker-gc
sudo cp /tmp/conf/docker/cron.hourly/docker-low-disk-gc /etc/cron.hourly/docker-low-disk-gc
sudo chmod +x /etc/cron.hourly/docker-*
echo "Adding docker systemd timers..."
sudo cp /tmp/conf/docker/scripts/* /usr/local/bin
sudo cp /tmp/conf/docker/systemd/docker-* /etc/systemd/system
sudo chmod +x /usr/local/bin/docker-*
sudo systemctl daemon-reload
sudo systemctl enable docker-gc.timer docker-low-disk-gc.timer

echo "Installing jq..."
sudo yum install -y -q jq
jq --version

echo "Installing docker buildx..."

DOCKER_CLI_DIR=/usr/libexec/docker/cli-plugins
sudo mkdir -p "${DOCKER_CLI_DIR}"

Expand All @@ -82,7 +57,6 @@ case "${MACHINE}" in
;;
esac


sudo curl --location --fail --silent --output "${DOCKER_CLI_DIR}/docker-buildx" "https://github.com/docker/buildx/releases/download/v${DOCKER_BUILDX_VERSION}/buildx-v${DOCKER_BUILDX_VERSION}.linux-${BUILDX_ARCH}"
sudo chmod +x "${DOCKER_CLI_DIR}/docker-buildx"
docker buildx version
Expand All @@ -91,6 +65,9 @@ sudo curl --location --fail --silent --output "${DOCKER_CLI_DIR}/docker-compose"
sudo chmod +x "${DOCKER_CLI_DIR}/docker-compose"
docker compose version

sudo ln -s "${DOCKER_CLI_DIR}/docker-compose" /usr/bin/docker-compose
docker-compose version

echo "Installing qemu..."
sudo yum install -y qemu qemu-user-static

Expand Down
9 changes: 4 additions & 5 deletions packer/linux/scripts/install-utils.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,15 @@ set -eu -o pipefail
echo "Updating core packages"
sudo yum update -y

echo "Updating awscli..."
sudo yum install -y python2-pip
echo "Installing python..."
sudo yum install -y python3-pip python3 python3-setuptools
sudo pip install --upgrade awscli
sudo pip install future
sudo pip3 install future

echo "Installing zip utils..."
sudo yum install -y zip unzip git pigz

echo "Installing aws utils..."
sudo yum install -y awscli-2 aws-cfn-bootstrap

echo "Installing bk elastic stack bin files..."
sudo chmod +x /tmp/conf/bin/bk-*
sudo mv /tmp/conf/bin/bk-* /usr/local/bin
Expand Down