Building Debian AWS EC2 AMIsPublished
A lot of acronyms in that title there. There have been some problems getting Debian’s latest release, “buster”, available on AWS. I got tired of waiting so I took it into my own hands to build an AMI for myself. It should be straightforward but the documentation is a bit scattered. It’s likely that what I describe here won’t be valid after some period of time. However, since I just did it and it worked I’m going to share the steps for the next helpless person.
First, build a host running buster from an official release image. This might be a physical host or it might be a virtual machine on your laptop. I’m not 100% sure that it is necessary that the host be running buster, but that’s what I did. I made a virtual machine and performed only the very basic installation steps necessary to get it connected to the internet and, you know, booting.
All of these commands must be run as root and you can do them from the root user’s home directory. Thus, I am not going to write sudo or mention logging in as root.
Once you have your machine that is running buster and you’re working as root, clone this repository:
git clone https://salsa.debian.org/cloud-team/debian-cloud-images
Take a look at their README but we’re not going to follow it. The README file tells you how to build a development instance and you’ll be surprised when it has some development stuff enabled like random terminal users that automatically log in on boot. Do what I’m about to describe instead. Install some dependencies:
apt-get install -y --no-install-recommends \ ca-certificates debsums dosfstools fai-server fai-setup-storage \ make python3 python3-libcloud python3-marshmallow qemu-utils udev sudo rsync
Now we’re going to build the image. This will take a while.
bin/debian-cloud-images build buster ec2 amd64 \ --build-id manual --version 1 --override-name ec2-buster-image --build-type official
After this is done running you’ll have a new file called
ec2-buster-image.tar. Transfer this to a host that is currently running in AWS. I currently have a host running stretch on which I ran these commands. I chose to use rsync to move these files, since they’re large, which is why it’s part of the
apt-get line above. The rest of these steps will be run on your AWS based host.
Before doing anything, ensure that the
aws command works. You might need to use
apt-get install awscli and run
aws configure first. You can get access keys on the AWS IAM Management Console.
The tar file that you copied over needs to be untarred. It will create a file called
disk.raw. You can rename it if you want but be aware that it will be oddly named on its way out of the tar file.
Over on the AWS console you will want to create a new volume that is 8G in size and you will want to attach it to your host. You do NOT want to mount it, just attach it. It is imperative that you create the volume in the correct availability zone. For example, if your host is in us-west-2c then the volume should also be in us-west-2c.
lsblk command to see what device the volume got given. On my host it was given the name
/dev/nvme1n1. With that in hand we can transfer our disk image to the volume:
sudo dd if=disk.raw of=/dev/nvme1n1 bs=512k
dd command finishes then detach the volume.
For the last step we’re going to turn that volume into a snapshot and an AMI. To do that I copied a program written by Noah Meyerhans that he has in his ec2-image-builder repository and I made a few changes such that the defaults are for buster and I created a gist called volume-to-ami.sh. Once you’ve copied that gist, run like this:
./volume-to-ami.sh -F <vol-id>
Once that last step is run you will have an AMI that you can use to create buster hosts. You can delete the temporary volume that you created if you want. You can also delete any or all of the other intermediate products, too. But you must keep (and pay for the keeping of) the snapshot if you want to reuse the AMI.
Go forth and use buster on AWS.
Update: One thing that I did discover missing and/or wrong on the cloud configuration that I got was the list of apt sources. I had change the apt source lists like this:
rm /etc/apt/sources.list.d/backports.list vi /etc/apt/sources.list > deb http://cdn-aws.deb.debian.org/debian buster main > deb http://security.debian.org/debian-security buster/updates main > deb http://cdn-aws.deb.debian.org/debian buster-updates main