| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pkg used to store copies of upstream repository databases in
/var/db/pkg/repo-*.sqlite. About a year ago this was moved to
/var/db/pkg/repos/*/, resulting in FreeBSD cloud images no longer
having those (unhelpful since they'll be long out of date before
the cloud images are launched) databases removed.
Remove the correct location, and hope that future pkg updates don't
break the base system again.
Sponsored by: Amazon
(cherry picked from commit 078e8b34b13d6d0663661542eeac9007806fccdc)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DHCP server in EC2 knows exactly which system should be using
which IP address (and in fact EC2 has source IP filtering on by
default) so there's no point ARPing an address before using it.
The preceding commits (changing the ARP wait time from 2 s to 250 ms)
and this one (eliminating the wait entirely in EC2) reduce the time
required for a newly launched FreeBSD/EC2 instance to launch by 2
seconds.
Discussed with: icattard
MFC after: 10 days
Sponsored by: Amazon
(cherry picked from commit 54a543d5ea3a58aee2f001498376127efea24bd2)
|
| |
|
|
|
|
|
| |
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
Similar commit in main:
(cherry picked from commit d0b2dbfa0ecf)
|
| |
|
|
|
|
|
|
| |
This is useful for adding extra packages to the build of an AMI.
For example:
env VM_EXTRA_PACKAGES="zsh" make -C release ec2ami
(cherry picked from commit 83952a5baa337cc257858feb4886d947ba1a60e3)
|
| |
|
|
|
|
| |
MFC after: 1 week
(cherry picked from commit 267411d164d4d38a701599e3afe8d9e9261f65dd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This sshd_config keyword was replaced by KbdInteractiveAuthentication in
openssh 8.7, though ChallengeResponseAuthentication is silently accepted
as an alias. However, this means that the code in ec2.conf which
modifies a commented-out line no longer does anything. Apply a minimal
fix.
Reviewed by: cperciva, emaste
Sponsored by: The FreeBSD Foundation
(cherry picked from commit c1b656ac55eca1fc191225bd715b31ff25be9031)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Disable Duplicate Address Detection in EC2 instances. The networking
configuration in EC2, with IPv6 addresses assigned by DHCPv6 and
host egress filtering, makes "duplicate addresses" impossible.
This speeds up the boot process in EC2 by 2 seconds.
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D33091
(cherry picked from commit 81075203a057c9ba3467a7f90ea1e9469d7f7723)
|
| |
|
|
|
|
|
| |
Nobody is going to hit a key to tell gptboot to select another disk,
so there's no point waiting.
(cherry picked from commit 524260db7683681c7deec9f1968c15a717317685)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
truncate(1) is not case-sensitive with regard to setting the size
of a file. makefs(8), however, does not honor upper-case values.
Update release-specific files and the release(7) manual page to
reflect this.
Submitted by: ehem_freebsd_m5p.com (original)
Differential Review: https://reviews.freebsd.org/D28979
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit fa04db476201c4cad5f6a5f67da8f2ef1e1cdad3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this commit, EC2 AMIs used a "dual-dhclient" tool which was
launched in place of dhclient and spawned both the base system dhclient
for IPv4 and the ISC dhclient from ports for IPv6.
Now that rtsold supports the "M bit" (managed configuration), we can go
back to having the base system dhclient spawned normally, and provide a
script to rtsold which spawns the ISC dhclient from ports when rtsold
decides that it is appropriate.
Thanks to: bz
MFC after: 1 week
Sponsored by: https://www.patreon.com/cperciva
Notes:
svn path=/head/; revision=365696
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The FreeBSD base system continues to expand. 4GB is now insufficient;
we passed 3 GB in May 2019; we passed 2 GB in August 2017. Over half
of the disk space used is in /usr/lib/debug/.
Without this change, instances boot but are unusable, since the first
thing which breaks when VM filesystems are too small is the "pkg install"
in the VM building process.
Notes:
svn path=/head/; revision=365695
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This adjusts freebsd-update.conf and portsnap.conf files in EC2 AMIs to
point at the new AWS-hosted mirror network.
Approved by: re (delphij)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D25498
Notes:
svn path=/head/; revision=362791
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ebsnvme-id utility exposes information about EC2 disks -- for
Elastic Block Store volumes, their volume IDs and "linux device
names", and for Instance Store (aka "Ephemeral") disks, their
serial numbers.
The dev_aws_disk rc.d script and associated devd.conf rule maintains
a tree under /dev/aws/disk:
/dev/aws/disk/ebs/<volume ID>
/dev/aws/disk/linuxname/<linux device name>
/dev/aws/disk/ephemeral/<serial number>
which are symlinks to the corresponding nda or nvd devices.
MFC after: 1 week
Sponsored by: https://www.patreon.com/cperciva
Notes:
svn path=/head/; revision=361150
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Amazon Elastic File System is only available within AWS, it seems
more appropriate to have this added only in EC2 AMIs rather than
"polluting" non-EC2 images with it.
Reviewed by: gjb
MFC after: 7 days
Relnotes: Amazon EFS filesystems can be automounted by enabling autofs
and placing "/efs -efs" into /etc/auto_master.
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D24791
Notes:
svn path=/head/; revision=361143
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FreeBSD is in the process of switching from nvd(4) to nda(4) as the disk
device front-end to NVMe. Changing the default in the kernel is tricky
since existing systems may have /dev/nvd* hard-coded e.g. in /etc/fstab;
however, there's no reason to not change the default in HEAD for *new*
systems.
At present I have no intention of MFCing this to stable branches, since
someone might reasonably expect scripts they use for launching and
configuring FreeBSD 12.1 instances to work with FreeBSD 12.2 AMIs, for
example.
Reviewed by: gjb, imp
Relnotes: NVMe disks in EC2 instances launched from 13.0 and later
now show up as nda(4) devices.
Differential Revision: https://reviews.freebsd.org/D24583
Notes:
svn path=/head/; revision=360396
|
| |
|
|
|
|
|
|
|
|
| |
This gets rid of (harmless) warnings:
"pkg: Cannot open /dev/null:No such file or directory".
MFC after: 2 weeks
Notes:
svn path=/head/; revision=357750
|
| |
|
|
|
|
|
|
|
|
|
| |
I forgot to do this as part of r345858 -- I added it to the
vm_extra_pre_umount in vmimage.subr but forgot that function
was overridden in the EC2 build.
MFC after: 2 weeks
Notes:
svn path=/head/; revision=357749
|
| |
|
|
|
|
|
|
|
|
| |
dual-dhclient-daemon daemon. This makes it possible to stop/restart
the dhclients.
MFC after: 1 month
Notes:
svn path=/head/; revision=353022
|
| |
|
|
|
|
|
|
|
|
|
|
| |
AMIs have been breaking for the past month due to insufficient disk space.
Due to the small amount of overhead in the disk image, the EC2 AMIs end
up with the same (4GB) minimum disk size.
Reported by: Michal Krawczyk
Notes:
svn path=/head/; revision=347370
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If MACHINE_ARCH doesn't match TARGET_ARCH, and we're not in the special
case of building i386 images on an amd64 host, we need to pull in the
qemu-user-static package; this allows us to run some commands inside
the VM disk image chroot, most notably to install packages.
Reviewed by: gjb
MFC after: 2 weeks
Sponsored by: FreeBSD/EC2 patreon (https://www.patreon.com/cperciva)
Notes:
svn path=/head/; revision=345858
|
| |
|
|
|
|
|
| |
This package does not exist on aarch64 at present.
Notes:
svn path=/head/; revision=345317
|
| |
|
|
|
|
|
|
|
|
| |
than twice.
Reported by: Rafal Lukawiecki
MFC after: 1 week
Notes:
svn path=/head/; revision=344315
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This script broke around FreeBSD 11.0 as a result of SWAPMETA no longer
being reported by vmstat -z; but it also needs to be reworked due to the
arrival in EC2 of nvme ephemeral disks.
I'll turn this option back on after I've found time to rewrite the
script in question.
PR: 234686
Reported by: meta@
MFC after: 1 week
Notes:
svn path=/head/; revision=342875
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the probing and attaching of the PS/2 mouse (not present on EC2) and
keyboard (emulated, but not accessible via EC2).
Note that we disable atkbd0 separately even though during device probing
it shows up as a child of atkbdc0; this is necessary because the device
is also initialized during the early console setup from hammer_time.
This change cuts the kernel boot time on an EC2 c5.4xlarge instance from
7259ms down to 4727 ms.
Approved by: re (marius)
Notes:
svn path=/head/; revision=338321
|
| |
|
|
|
|
|
|
|
|
|
|
| |
EC2 instances from sysctl.conf to loader.conf; these can all be set as
loader tunables, and setting them in loader.conf gives us the right
behaviour in the event of a kernel panic taking place prior to when
sysctl.conf is processed.
MFC after: 1 week
Notes:
svn path=/head/; revision=332663
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Amazon provides NTP servers within their network, this should
be far superior to using the default NTP pools; and since the service
is provided by Amazon there's very little risk in enabling it by
default. (If someone is able to compromise Amazon's NTP servers and
exploit them to attack EC2 instances, they would almost certainly be
able to compromise EC2 instances even without ntpd running...)
MFC after: 1 week
Relnotes: EC2 instances now keep their clocks synchronized using
the Amazon Time Sync Service (aka. NTP).
Notes:
svn path=/head/; revision=326565
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
EC2 instances are normally launched with an SSH public key specified,
which is then used for logging in (by default, as 'ec2-user'). Having
ChallengeResponseAuthentication enabled (as FreeBSD's default sshd_config
does) has no functional effect in a new EC2 instance, since you can't log
in using a password until a password has been set -- but having this
enabled results in alerts from automated scanning tools which can detect
that sshd advertises support for keyboard-interactive logins (since they
can't detect that accounts have no password set).
EC2 users who want to use passwords to log in to their instances will need
to set 'ChallengeResponseAuthentication yes' in FreeBSD 12.0 and later.
Discussed with: gjb, gtetlow, emaste, des
Requested by: Amazon
X-MFC: No
Relnotes: ChallengeResponseAuthentication is turned off by default in
Amazon EC2 AMIs.
Notes:
svn path=/head/; revision=326564
|
| |
|
|
|
|
|
|
|
|
|
|
| |
copied from the build host. It is renamed to /etc/resolv.conf.bak
on boot, so never used anyway.
Noticed by: peter
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=326068
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
immediately available on instances which are running without internet
access (or which can't rely on firstboot_pkgs to install it for some
other reason).
Note that this agent is not enabled by default; to enable it, add
amazon_ssm_agent_enable="YES" to /etc/rc.conf, e.g., by placing the lines
>>/etc/rc.conf
amazon_ssm_agent_enable="YES"
into the EC2 user-data. In addition to being enabled, the agent requires
keys to be provided via IAM Roles; users are encouraged to be very careful
in using this functionality due to the inherent vulnerability in the idea
of providing credentials via a service accessible to any process which can
open an HTTP connection.
Requested by: Amazon
No objection from: re@
Relnotes: FreeBSD/EC2 AMIs now include the Amazon EC2 Systems Manager
(SSM) Agent.
Notes:
svn path=/head/; revision=325254
|
| |
|
|
|
|
|
|
|
| |
image build failures due to a full md(4)-backed filesystem.
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=322968
|
| |
|
|
|
|
|
|
|
|
| |
discussed a while back between cperciva@ and so@, and I forgot.
Reported by: cperciva
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=321661
|
| |
|
|
|
|
|
|
|
|
| |
requirements.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=321659
|
| |
|
|
|
|
|
| |
X-MFC-after: 318647 + fixes for some lock ordering warnings
Notes:
svn path=/head/; revision=318894
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
install to prepare an AMI image. This can be used to create a ZFS AMI disk
image using a virtual machine.
Change ec2.conf to use the pkg tool from a chroot rather than trying to
bootstrap it and fail from the livecd readonly filesystem.
Reviewed by: gjb
Notes:
svn path=/head/; revision=314935
|
| |
|
|
|
|
|
|
|
|
| |
builds of EC2 images for 12-CURRENT failed due to a full filesystem
on the md(4) device during creation.
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=314561
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Notes:
svn path=/head/; revision=312214
|
| |
|
|
|
|
|
|
|
|
|
| |
(see r302635), there is no need to force msix interrupt migration off
via loader.conf.
Reverts: r302184
MFC after: 3 days
Notes:
svn path=/head/; revision=302929
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
running on EC2. Due to improvements in EC2, the performance penalty which
was present on some EC2 instances no longer exists, and enabling this
feature now consistently yields ~20% higher throughput with equal or lower
latency.
Reverts: r286063
Approved by: re (gjb)
MFC after: 2 weeks
Relnotes: Improved disk throughput on EC2
Notes:
svn path=/head/; revision=302288
|
| |
|
|
|
|
|
|
|
|
|
| |
around a bug in older versions of Xen and unbreaks SR-IOV (aka. "EC2
Enhanced Networking").
Approved by: re (gjb)
Thanks to: jhb, Jeremiah Lott
Notes:
svn path=/head/; revision=302184
|
| |
|
|
|
|
|
|
|
|
| |
Amazon recently introduced an API for capturing screenshots of an
emulated VGA device; this commit makes that (somewhat) useful.
MFC after: 3 weeks
Notes:
svn path=/head/; revision=301732
|
| |
|
|
|
|
|
|
|
| |
issues on some EC2 instance types. Users may want to experiment with
removing this from loader.conf and measuring the performance impact on
the EC2 instances they are using.
Notes:
svn path=/head/; revision=286063
|
| |
|
|
|
|
|
|
|
|
|
|
| |
DESTDIR, otherwise it can get stuck in ttyin.
This means no 10-STABLE EC2 images this week.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=284780
|
| |
|
|
| |
Notes:
svn path=/head/; revision=280884
|
|
|
to create EC2 AMIs will come in a later commit.
Notes:
svn path=/head/; revision=280879
|
