From owner-freebsd-cloud@freebsd.org Sun Mar 10 22:06:36 2019 Return-Path: Delivered-To: freebsd-cloud@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4CFC51543AA5 for ; Sun, 10 Mar 2019 22:06:36 +0000 (UTC) (envelope-from greg@unrelenting.technology) Received: from out.migadu.com (out.migadu.com [91.121.223.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.migadu.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3B2C269BA4 for ; Sun, 10 Mar 2019 22:06:33 +0000 (UTC) (envelope-from greg@unrelenting.technology) Received: (Migadu outbound); Sun, 10 Mar 2019 22:06:24 +0000 Received: from [192.168.1.141] ([62.122.208.146]) by out.migadu.com (Haraka/2.8.16) with ESMTPSA id 226BFB91-4C7C-49EE-8C50-5BD0BC0F0D4F.1 envelope-from (authenticated bits=0) (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 verify=FAIL); Sun, 10 Mar 2019 22:06:24 +0000 Date: Mon, 11 Mar 2019 01:06:20 +0300 From: Greg V Subject: Re: ARM Graviton AWS Processor (AMI Image) To: Martin Karrer Cc: freebsd-arm@freebsd.org, freebsd-hackers@freebsd.org, freebsd-cloud@freebsd.org Message-Id: <1552255580.21373.0@unrelenting.technology> In-Reply-To: <1548182399.2864.0@smtp.migadu.com> References: <79CC79B9-81AF-4563-BABE-429E6A57F476@bmalum.com> <010201686fe5047f-ed14af85-2b25-4480-a62a-a893f062eedd-000000@eu-west-1.amazonses.com> <010201686fe5047f-ed14af85-2b25-4480-a62a-a893f062eedd-000000@eu-west-1.amazo> X-Mailer: geary/master~gfcf07ad4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; bh=yFeukkt+RUN+oEqF1Ne+PZL5JrtX8FnxvXapLRyw2ig=; c=relaxed/simple; d=unrelenting.technology; h=from:subject:date:to; s=default; b=bO0c5gqCPwVq1Ip/7e9PLoCHqgYYn+WFSTytDddDRgn8sznjfCFWXKFXpa9DhrllgGrw463zaQfRMiT/1OlO7SQzvzRa2NHj6dm1G77lvRPWfWrgsf8hSF5S6rGRDWLq9jlwNuVmlxOttP38e/z9gyPeZOt4iqwvejLF6Rlf8FU= X-Rspamd-Queue-Id: 3B2C269BA4 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=unrelenting.technology header.s=default header.b=bO0c5gqC; dmarc=pass (policy=none) header.from=unrelenting.technology; spf=pass (mx1.freebsd.org: domain of greg@unrelenting.technology designates 91.121.223.63 as permitted sender) smtp.mailfrom=greg@unrelenting.technology X-Spamd-Result: default: False [-6.63 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[unrelenting.technology:s=default]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip4:91.121.223.63]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[unrelenting.technology:+]; DMARC_POLICY_ALLOW(-0.50)[unrelenting.technology,none]; MX_GOOD(-0.01)[aspmx1.migadu.com,aspmx2.migadu.com]; NEURAL_HAM_SHORT(-0.99)[-0.989,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-2.63)[ip: (-9.89), ipnet: 91.121.0.0/16(-4.08), asn: 16276(0.84), country: FR(-0.01)]; ASN(0.00)[asn:16276, ipnet:91.121.0.0/16, country:FR]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Mar 2019 22:06:36 -0000 On Tue, Jan 22, 2019 at 9:39 PM, Greg V =20 wrote: > On Mon, Jan 21, 2019 at 1:11 PM, Martin Karrer =20 > wrote: >> My question is if there are any plans yet to support the Graviton=20 >> ARM =7Finstances of AWS? >>=20 >> We have a heavy load on FreeBSD and would also use the ARM=20 >> instances. =7FAre there any other interested parties? >=20 > I have tried this. It should work very well in theory, e.g. the=20 > network card driver (if_ena) compiles with no changes for aarch64,=20 > and in fact NetBSD has ported this driver and is up and running on=20 > these instances: https://dmesgd.nycbug.org/index.cgi?do=3Dview&id=3D4623 >=20 > But my result with FreeBSD was: nothing on the console after=20 > loader.efi hands control to the kernel. > [=E2=80=A6] Hello everyone, big update: FreeBSD/aarch64 on Amazon EC2 a1 (AWS Graviton) instances WORKS! https://dmesgd.nycbug.org/index.cgi?do=3Dview&id=3D4813 And you can try it (well, my -CURRENT build, NO WARRANTY etc) right now: ami-0c2829a0b82a62ca6 in eu-west-1 (Ireland) ----- So, what I had to do / what should be done / how others can help get=20 this into a finished state: 1. Serial console: - I fixed it: https://reviews.freebsd.org/D19507 - (I learned some things about UARTs and their support in FreeBSD,=20 should write a blog post about that) 2. aarch64 build configuration: - if_ena network driver module should be enabled:=20 https://reviews.freebsd.org/D18372 - NVMe driver should be enabled in the GENERIC kernel config (device=20 nvme, device nvd) - BTW, why not also go with hw.nvme.use_nvd=3D"0" by default on=20 aarch64, IIRC that was done on powerpc64 3. VM image build system: - GPT+EFI should be used (amd64 was GPT with no EFI, and aarch64 was=20 MBR with EFI (???)): https://reviews.freebsd.org/D18371 - bsdec2-image-upload --arm64 flag should be supported: included=20 above ^^ - ec2.conf: amazon-ssm-agent shouldn't be installed when building=20 for aarch64 TARGET, since that's written in Go, and Go isn't ported to=20 FreeBSD/aarch64 yet:=20 https://github.com/myfreeweb/freebsd/commit/5b530ebf7385d8320b9076cf84f50aa= d01689bc=20 (untested patch, I actually used an interactive shell in between the=20 image build commands) - qemu-aarch64-static should be used for preinstalling pkgs when=20 chrooting into the image: rough version included above ^^ 4. ENA (Elastic Network Adapter) driver: - it works - except there's something funky with interrupt activation, and it=20 hits panic("Attempt to double activation of resource id: %u\n", res_id)=20 (for the management IRQ) on boot, so I applied the obvious silly=20 workaround of "don't panic":=20 https://github.com/myfreeweb/freebsd/commit/a7e7c6e48cdbdb0fdc6c4e0ba633922= 62938e62c - but still, it doesn't properly reactivate interrupts (and the box=20 becomes unreachable over the net) after going down and up again =E2=80=94=20 guess what does that on boot? dhclient applying the big jumbo MTU =E2=80=94= =20 so I set dhclient.conf to reject MTU changes:=20 https://github.com/myfreeweb/freebsd/commit/03ec4d417b0b4252285baaf4e294cc6= d8c870f7f Would be great if someone familiar with interrupts and stuff could help=20 debug the ena driver and make it work without these hacks :) = From owner-freebsd-cloud@freebsd.org Mon Mar 11 08:35:24 2019 Return-Path: Delivered-To: freebsd-cloud@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 916A915375A0 for ; Mon, 11 Mar 2019 08:35:24 +0000 (UTC) (envelope-from mw@semihalf.com) Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1BE218A609 for ; Mon, 11 Mar 2019 08:35:23 +0000 (UTC) (envelope-from mw@semihalf.com) Received: by mail-qk1-x72c.google.com with SMTP id h28so2188218qkk.7 for ; Mon, 11 Mar 2019 01:35:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=m+q2GQObguL+4V8sNF9RM4VFdlQStOagmq6ejfw/Wr4=; b=OjDNekRdXDXT/wpHYnZyj8a/hKPR5qch2In9TTHFDKKJtIu6d6xXMPmGyxQlYM81mF WXE2iUn+CsN2lXUdx2vCUy5inxqyaxWSleiXmt1cCb1WiPjpU2dsA09xLO5pAxZB/yzN JxDRibvS+r3fz41VywSF1rK0ujZmxXbuIimiLn/vi7wUJZKdqQbDIprfNxMpYauE6qlh a8c10CA0DDaY6okZ6amaVmak6y0MY01ni1m82r4r/axADNgvavJreqTNMH4OZPCvk9Ac oTwFCTVzP0bVL+8SmdP2qku+MhIkv+OB5kS8mCRWeedg1l9oMVboR8+Z3Hst35JJxjMA QA6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=m+q2GQObguL+4V8sNF9RM4VFdlQStOagmq6ejfw/Wr4=; b=Z3+WlFdLN2JPLnxWwbdjFvNdYbo8B+JMnxkomMgO+qT7Dp6MEWbVIjkgE3UIMqL1BJ CWmI/Q42nm8rIYT7v0CPsbJ3y+lLSlckC+IsrgZvAJTmBchnYKsncQI0Il6kro9zd4UZ CAlo/x8GV8Bz8qdY5UneuUtp1AQGhemKObXwYeoBzrAx1W6kP2qe/Mq8bpNDKfDzIU5x CRlEDhLQM4W+r0/6vK+jPRNk6JdG8oQvylc96fe2P4tJLtGBjY7ycBlFFcnrIyTySGDJ SJuWV61mrnReD5oFZSpjIBYXaEnA3Z5XPDzVYrr8qC2hEFK0qkn0IRop+q1Py9K9TpzN XBNw== X-Gm-Message-State: APjAAAVejtUDT/fqd+Ya8rNHpZBZOoZxFpMMP7L2sa2c5JO71Q5uA+ce kGwAp5yZpUDAUZ4xRzSBPL3wZsAPQXfVPv5HAmDTBQ== X-Google-Smtp-Source: APXvYqwFJ2utru3PKH+z0Sn7GS0FiYgWuWfiFnzAmZVvet7lHa88iAwbhk9taPaXcE0ftefKCG5HNDTtxYQmHg2b+ow= X-Received: by 2002:a37:b105:: with SMTP id a5mr23047025qkf.298.1552293322323; Mon, 11 Mar 2019 01:35:22 -0700 (PDT) MIME-Version: 1.0 References: <79CC79B9-81AF-4563-BABE-429E6A57F476@bmalum.com> <010201686fe5047f-ed14af85-2b25-4480-a62a-a893f062eedd-000000@eu-west-1.amazonses.com> <010201686fe5047f-ed14af85-2b25-4480-a62a-a893f062eedd-000000@eu-west-1.amazo> <1548182399.2864.0@smtp.migadu.com> <1552255580.21373.0@unrelenting.technology> In-Reply-To: <1552255580.21373.0@unrelenting.technology> From: Marcin Wojtas Date: Mon, 11 Mar 2019 09:35:11 +0100 Message-ID: Subject: Re: ARM Graviton AWS Processor (AMI Image) To: Greg V Cc: Martin Karrer , "Matushevsky, Alexander" , =?UTF-8?Q?Micha=C5=82_Krawczyk?= , =?UTF-8?B?UmFmYcWCIEtvemlr?= , freebsd-arm@freebsd.org, freebsd-cloud@freebsd.org, freebsd-hackers@freebsd.org X-Rspamd-Queue-Id: 1BE218A609 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=OjDNekRd X-Spamd-Result: default: False [-6.07 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.997,0]; R_DKIM_ALLOW(-0.20)[semihalf-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-cloud@freebsd.org]; DMARC_NA(0.00)[semihalf.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[semihalf-com.20150623.gappssmtp.com:+]; MX_GOOD(-0.01)[ASPMX2.GOOGLEMAIL.com,ALT2.ASPMX.L.GOOGLE.com,ASPMX.L.GOOGLE.com,ALT1.ASPMX.L.GOOGLE.com,ASPMX3.GOOGLEMAIL.com]; RCPT_COUNT_SEVEN(0.00)[8]; RCVD_IN_DNSWL_NONE(0.00)[c.2.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; NEURAL_HAM_SHORT(-0.94)[-0.935,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(-2.83)[ip: (-9.28), ipnet: 2607:f8b0::/32(-2.74), asn: 15169(-2.07), country: US(-0.07)] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2019 08:35:24 -0000 +FreeBSD ENA maintainers W dniu pon., 11.03.2019 o 00:40 Greg V napisa=C5=82(a): > > On Tue, Jan 22, 2019 at 9:39 PM, Greg V > wrote: > > On Mon, Jan 21, 2019 at 1:11 PM, Martin Karrer > > wrote: > >> My question is if there are any plans yet to support the Graviton > >> ARM instances of AWS? > >> > >> We have a heavy load on FreeBSD and would also use the ARM > >> instances. Are there any other interested parties? > > > > I have tried this. It should work very well in theory, e.g. the > > network card driver (if_ena) compiles with no changes for aarch64, > > and in fact NetBSD has ported this driver and is up and running on > > these instances: https://dmesgd.nycbug.org/index.cgi?do=3Dview&id=3D462= 3 > > > > But my result with FreeBSD was: nothing on the console after > > loader.efi hands control to the kernel. > > [=E2=80=A6] > > Hello everyone, big update: > > FreeBSD/aarch64 on Amazon EC2 a1 (AWS Graviton) instances WORKS! > > https://dmesgd.nycbug.org/index.cgi?do=3Dview&id=3D4813 > > And you can try it (well, my -CURRENT build, NO WARRANTY etc) right now: > > ami-0c2829a0b82a62ca6 in eu-west-1 (Ireland) > > ----- > > So, what I had to do / what should be done / how others can help get > this into a finished state: > > 1. Serial console: > - I fixed it: https://reviews.freebsd.org/D19507 > - (I learned some things about UARTs and their support in FreeBSD, > should write a blog post about that) > > 2. aarch64 build configuration: > - if_ena network driver module should be enabled: > https://reviews.freebsd.org/D18372 > - NVMe driver should be enabled in the GENERIC kernel config (device > nvme, device nvd) > - BTW, why not also go with hw.nvme.use_nvd=3D"0" by default on > aarch64, IIRC that was done on powerpc64 > > 3. VM image build system: > - GPT+EFI should be used (amd64 was GPT with no EFI, and aarch64 was > MBR with EFI (???)): https://reviews.freebsd.org/D18371 > - bsdec2-image-upload --arm64 flag should be supported: included > above ^^ > - ec2.conf: amazon-ssm-agent shouldn't be installed when building > for aarch64 TARGET, since that's written in Go, and Go isn't ported to > FreeBSD/aarch64 yet: > > https://github.com/myfreeweb/freebsd/commit/5b530ebf7385d8320b9076cf84f50= aad01689bc > (untested patch, I actually used an interactive shell in between the > image build commands) > - qemu-aarch64-static should be used for preinstalling pkgs when > chrooting into the image: rough version included above ^^ > > 4. ENA (Elastic Network Adapter) driver: > - it works > - except there's something funky with interrupt activation, and it > hits panic("Attempt to double activation of resource id: %u\n", res_id) > (for the management IRQ) on boot, so I applied the obvious silly > workaround of "don't panic": > > https://github.com/myfreeweb/freebsd/commit/a7e7c6e48cdbdb0fdc6c4e0ba6339= 2262938e62c > - but still, it doesn't properly reactivate interrupts (and the box > becomes unreachable over the net) after going down and up again =E2=80=94 > guess what does that on boot? dhclient applying the big jumbo MTU =E2=80= =94 > so I set dhclient.conf to reject MTU changes: > > https://github.com/myfreeweb/freebsd/commit/03ec4d417b0b4252285baaf4e294c= c6d8c870f7f > > > Would be great if someone familiar with interrupts and stuff could help > debug the ena driver and make it work without these hacks :) > > > _______________________________________________ > freebsd-arm@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-arm > To unsubscribe, send any mail to "freebsd-arm-unsubscribe@freebsd.org" > From owner-freebsd-cloud@freebsd.org Mon Mar 11 09:42:31 2019 Return-Path: Delivered-To: freebsd-cloud@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DDEFE153A1BF for ; Mon, 11 Mar 2019 09:42:31 +0000 (UTC) (envelope-from raf@rafal.net) Received: from smtp-out-2.mxes.net (smtp-out-2.mxes.net [205.237.194.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E54548D94F for ; Mon, 11 Mar 2019 09:42:30 +0000 (UTC) (envelope-from raf@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 910F2274FD; Mon, 11 Mar 2019 05:42:21 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rafal.net; s=tm; t=1552297342; bh=39MZRwGLGs4YeCz4Ian824FGhFWRCBuggmSsnSVL2/8=; h=From:Date:Subject:Cc:To:From; b=wv56zBhFzQVR8N3Usb6f94xi0MpBqA2Y6UQKzRQbXP2sMIAgJY+3td9KQBnYBLze0 lSKbUVn2ocfduETeEYEfAwoJg5Ujs6bsyfTpwcpQkgX3DlZvOdqt0Qnr4yiZ98Lvsc 7qEBTX+y9Jh/abYMpvQZY0rxEE7e75lsd/lH6U7o= From: Rafal Lukawiecki Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Date: Mon, 11 Mar 2019 09:42:19 +0000 Subject: How to base64 encode and upload userdata for EC2 Launch Template Message-Id: <16C73F7C-3673-44CC-B59E-DA247A0C2DF7@rafal.net> To: freebsd-cloud@freebsd.org X-Mailer: iPad Mail (16D57) X-Sent-To: X-Sender: rafal.net X-Rspamd-Queue-Id: E54548D94F X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=rafal.net header.s=tm header.b=wv56zBhF; dmarc=pass (policy=none) header.from=rafal.net; spf=pass (mx1.freebsd.org: domain of raf@rafal.net designates 205.237.194.127 as permitted sender) smtp.mailfrom=raf@rafal.net X-Spamd-Result: default: False [-6.09 / 15.00]; ARC_NA(0.00)[]; SUBJECT_ENDS_SPACES(0.50)[]; R_DKIM_ALLOW(-0.20)[rafal.net:s=tm]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:205.237.194.0/25]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[mxin.mxes.net,mxin.mxes.net]; DKIM_TRACE(0.00)[rafal.net:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.94)[-0.940,0]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,none]; IP_SCORE(-3.04)[ip: (-7.97), ipnet: 205.237.192.0/20(-3.98), asn: 10607(-3.19), country: US(-0.07)]; RCVD_IN_DNSWL_LOW(-0.10)[127.194.237.205.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:10607, ipnet:205.237.192.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2019 09:42:32 -0000 Hello Everyone, Hello Colin, I hope someone can explain, as I have been lost in this for over a week. I w= ould like to pass a small (4-5kB) tarball of files for the built-in cloud in= it script of the official FreeBSD 12.0 EC2 AMI to get untarred and processed= (>, >>, or #!) upon instance launch. I have successfully done it for over 2= years using Launch Configurations but I cannot make it work using the new L= aunch Templates. No matter if base64 and upload via the console, or base64 and use aws cli, o= r create an LC and convert to an LT, it only works with LC. So far, I can see that depending which route I use to upload the file, when I= download it back from the finished template/configuration there seem to be 3= different userdata lengths, even though I always pass the same input. It su= ggests to me that some other processing of that input happens, and I am lost= where to hunt for it. Have any of you nailed it down? What steps do you take to prepare it? Many thanks and regards from Ireland, Rafal Lukawiecki= From owner-freebsd-cloud@freebsd.org Mon Mar 11 18:00:45 2019 Return-Path: Delivered-To: freebsd-cloud@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AE4261528299 for ; Mon, 11 Mar 2019 18:00:45 +0000 (UTC) (envelope-from pgollucci@p6m7g8.com) Received: from mail-vs1-xe34.google.com (mail-vs1-xe34.google.com [IPv6:2607:f8b0:4864:20::e34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 15B6E729E3 for ; Mon, 11 Mar 2019 18:00:44 +0000 (UTC) (envelope-from pgollucci@p6m7g8.com) Received: by mail-vs1-xe34.google.com with SMTP id t5so595456vsp.0 for ; Mon, 11 Mar 2019 11:00:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=p6m7g8-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=V28I64d0Y1VW8wezLa0bCc0Ie2uGl/2tA4Oixx1s0Hc=; b=gynP+5oIMlD5+3kJWANEeLubls6Hs73UyNtI1vs/W6ztW+6aRJyaZ1j5GKNrW7wt+v EjUg/gv8521879JKxZZbgCRJSWBd36dRjQPU7q8rxxpBKawEnotIilBB1cGEtK1P1wTd aXxXqd+r8+G0McdMXPPoYtTrdimo834lljtQXyqhO5N4o+75N5iUUTBaAhi0apBs/Xl/ PQWKy4U2YKGocq/2sQTgcYonliHujaKtHtiQm2+V4AgxcbFj22q0MnWZePCC1upSL+PN M3JpnGnade6ObiPN9tcITbD80YIVn5bCJ5DYLtL2vZS6khJ09uOHY2z/x7xGJ9mSNIVL Zvbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=V28I64d0Y1VW8wezLa0bCc0Ie2uGl/2tA4Oixx1s0Hc=; b=nF1gcC2clCgYI/pMRab9byKVgb8KOHC7USa1Aifp/ZDTgD+fXrDUShPRyX8mCg/ffM cmZ/fPmLv9CHECS3xcTBPClhzX1B6yBJjzzUaILDynHgOjERPshDKzj+hFbIOcwHS4et NjxU8boFVnJpB/RqDgEHp/rPVuXb7VpZ7lsqiwrHF3dFTmXbVDdibiyW6pxAizk0aSmC GIfhHvffBhqqrAVGpx87+x+oTk2PZ5DRw/Jltd1ZXxXIIOfIq5axZiw/r5j7BVs9Mfe6 h+WZV0mMRh0LkJT8wydcAJqLbwE2C6ozf3qWMUl3Vm/muI/9r5hFCflPlRTNeXU2Mg1w lV2g== X-Gm-Message-State: APjAAAVNx1+9ds/T2hoEjQEfxqK82m9XG95iphg/f56Uixhj+E9FQH7x Hpw8g3OUcK0mtPvllW5GHy1R/XJXYqsGm9/2i/ieedN++jI= X-Google-Smtp-Source: APXvYqwYiyN4c2Imwcc+cJitNNc5T+z0IxAEHDasNsXDxjoImRjEwD5SnRP1IktecsbYOHVx9+EMGjHU+fCgbxSzwLE= X-Received: by 2002:a67:e8c1:: with SMTP id y1mr16822481vsn.93.1552327243241; Mon, 11 Mar 2019 11:00:43 -0700 (PDT) MIME-Version: 1.0 References: <16C73F7C-3673-44CC-B59E-DA247A0C2DF7@rafal.net> In-Reply-To: <16C73F7C-3673-44CC-B59E-DA247A0C2DF7@rafal.net> From: "Philip M. Gollucci" Date: Mon, 11 Mar 2019 14:00:07 -0400 Message-ID: Subject: Re: How to base64 encode and upload userdata for EC2 Launch Template To: Rafal Lukawiecki Cc: freebsd-cloud@freebsd.org X-Rspamd-Queue-Id: 15B6E729E3 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=p6m7g8-com.20150623.gappssmtp.com header.s=20150623 header.b=gynP+5oI X-Spamd-Result: default: False [-6.18 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; R_DKIM_ALLOW(-0.20)[p6m7g8-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-cloud@freebsd.org]; DMARC_NA(0.00)[p6m7g8.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[p6m7g8-com.20150623.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[4.3.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; MX_GOOD(-0.01)[alt1.aspmx.l.google.com,aspmx.l.google.com,aspmx2.googlemail.com,alt2.aspmx.l.google.com,aspmx3.googlemail.com]; R_SPF_NA(0.00)[]; NEURAL_HAM_SHORT(-0.94)[-0.943,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(-2.93)[ip: (-9.75), ipnet: 2607:f8b0::/32(-2.74), asn: 15169(-2.07), country: US(-0.07)] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2019 18:00:45 -0000 You could pull it down from an S3 bucket that only the deployer and the ASG w/ IAM role have access to. I highly recommend versioning the bucket and make 2 for blue/green or red/black. On Mon, Mar 11, 2019 at 5:46 AM Rafal Lukawiecki wrote: > Hello Everyone, Hello Colin, > > I hope someone can explain, as I have been lost in this for over a week. I > would like to pass a small (4-5kB) tarball of files for the built-in cloud > init script of the official FreeBSD 12.0 EC2 AMI to get untarred and > processed (>, >>, or #!) upon instance launch. I have successfully done it > for over 2 years using Launch Configurations but I cannot make it work > using the new Launch Templates. > > No matter if base64 and upload via the console, or base64 and use aws cli, > or create an LC and convert to an LT, it only works with LC. > > So far, I can see that depending which route I use to upload the file, > when I download it back from the finished template/configuration there seem > to be 3 different userdata lengths, even though I always pass the same > input. It suggests to me that some other processing of that input happens, > and I am lost where to hunt for it. > > Have any of you nailed it down? What steps do you take to prepare it? > > Many thanks and regards from Ireland, > Rafal Lukawiecki > _______________________________________________ > freebsd-cloud@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-cloud > To unsubscribe, send any mail to "freebsd-cloud-unsubscribe@freebsd.org" > -- Philip M. Gollucci IT Executive and Engineering Leader http://www.linkedin.com/in/pgollucci/ 301.818.0719 From owner-freebsd-cloud@freebsd.org Mon Mar 11 19:21:32 2019 Return-Path: Delivered-To: freebsd-cloud@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1AF2A152AA20 for ; Mon, 11 Mar 2019 19:21:32 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from mail.tarsnap.com (mail.tarsnap.com [54.86.246.204]) by mx1.freebsd.org (Postfix) with ESMTP id 6942576ECC for ; Mon, 11 Mar 2019 19:21:31 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: (qmail 71271 invoked from network); 11 Mar 2019 19:23:24 -0000 Received: from unknown (HELO exbuntu.daemonology.net) (127.0.0.1) by ec2-107-20-205-189.compute-1.amazonaws.com with ESMTP; 11 Mar 2019 19:23:24 -0000 Received: (qmail 16997 invoked from network); 11 Mar 2019 19:21:58 -0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by clamshell.daemonology.net with SMTP; 11 Mar 2019 19:21:58 -0000 Subject: Re: How to base64 encode and upload userdata for EC2 Launch Template To: Rafal Lukawiecki , freebsd-cloud@freebsd.org References: <16C73F7C-3673-44CC-B59E-DA247A0C2DF7@rafal.net> From: Colin Percival Openpgp: preference=signencrypt Autocrypt: addr=cperciva@freebsd.org; prefer-encrypt=mutual; keydata= mQGhBElrAAcRBACDfDys4ZtK+ErCJ1HAzYeteKpm3OEsvT/49AjUTLihkF79HhIKrCQU+1KC zv7BwHCMLb6hq30As9L7iFKG7n5QFLFC4Te/VcITUnWHMG/c3ViLOfJGvi+9/nOEHaM1dVJY D6tEp5yM1nHmVQpo9932j4KGuGFR0LhOK5IHXOSfGwCgxSFDPdgxe2OEjWxjGgY+oV3EafcD +JROXCTjlcQiG/OguQH4Vks3mhHfFnEppLxTkDuYgHZQiUtpcT9ssH5khgqoTyMar05OUdAj ZIhNbWDh4LgTj+7ZmvLhXT5Zxw8LX9d7T36aTB8XDQSenDqEtinMWOb0TCBBLbsB8EFG1WTT ESbZci9jJS5yhtktuZoY/eM8uXMD/3k4FWFO80VRRkELSp+XSy/VlSQjyi/rhl2nQq/oOA9F oJbDaB0yq9VNhxP+uFBzBWSqeIX0t1ZWLtNfVFr4TRP5hihI5ICrg/0OpqgisKsU2NFe9xyO hyJLYmfD8ebpDJ/9k30C7Iju9pVrwLm1QgS4S2fqJRcR+U4WbjvP7CgStCVDb2xpbiBQZXJj aXZhbCA8Y3BlcmNpdmFAdGFyc25hcC5jb20+iGEEExECACEFAklrALYCGwMHCwkIBwMCAQQV AggDBBYCAwECHgECF4AACgkQOM7KaQxqam6/igCgn+z2k3V5ggNppmWrZstt1U2lugsAoL7L wS9V9yLtil3oWmHtwpUqYruEuQINBElrAAcQCAD3ZLMIsP4CIDoJORg+YY0lqLVBgcnF7pFb 4Uy2+KvdWofN+DKH61rZLjgXXkNE9M4EQC1B4lGttBP8IY2gs41y3AUogGdyFbidq99rCBz7 LTsgARHwFxZoaHmXyiZLEU1QZuMqwPZV1mCviRhN5E3rRqYNXVcrnXAAuhBpvNyj/ntHvcDN 2/m+ochiuBYueU4kX3lHya7sOj+mTsndcWmQ9soOUyr8O0r/BG088bMn4qqtUw4dl5/pglXk jbl7uOOPinKf0WVd2r6M0wLPJCD4NPHrCWRLLLAjwfjrtoSRvXxDbXhCdgGBa72+K8eYLzVs hgq7tJOoBWzjVK6XRxR7AAMGB/9Mo3iJ2DxqDecd02KCB5BsFDICbJGhPltU7FwrtbC7djSb XUrwsEVLHi4st4cbdGNCWCrp0BRezXZKohKnNAPFOTK++ZfgeKxrV2sJod+Q9RILF86tQ4XF 7A7Yme5hy92t/WgiU4vc/fWbgP8gV/19f8nunaT2E9NSa70mZFjZNu4iuwThoUUO5CV3Wo0Y UISsnRK8XD1+LR3A2qVyLiFRwh/miC1hgLFCTGCQ3GLxZeZzIpYSlGdQJ0L5lixW5ZQD9r1I 8i/8zhE6qRFAM0upUMI3Gt1Oq2w03DiXrZU0Fu/R8Rm8rlnkQKA+95mRTUq1xL5P5NZIi4gJ Z569OPMFiEkEGBECAAkFAklrAAcCGwwACgkQOM7KaQxqam41igCfbaldnFTu5uAdrnrghESv EI3CAo8AoLkNMks1pThl2BJNRm4CtTK9xZeH Message-ID: Date: Mon, 11 Mar 2019 12:21:58 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0 MIME-Version: 1.0 In-Reply-To: <16C73F7C-3673-44CC-B59E-DA247A0C2DF7@rafal.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 6942576ECC X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; NEURAL_HAM_SHORT(-0.98)[-0.980,0]; ASN(0.00)[asn:14618, ipnet:54.86.0.0/16, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2019 19:21:32 -0000 On 3/11/19 2:42 AM, Rafal Lukawiecki wrote: > I hope someone can explain, as I have been lost in this for over a week. I would like to pass a small (4-5kB) tarball of files for the built-in cloud init script of the official FreeBSD 12.0 EC2 AMI to get untarred and processed (>, >>, or #!) upon instance launch. I have successfully done it for over 2 years using Launch Configurations but I cannot make it work using the new Launch Templates. Is this a tarball, or a compressed tarball? There's a longstanding bug (which I'm told is going to get fixed eventually!) in the AWS Console whereby any non-7-bit-clean user-data files get mangled and come out with each byte UTF-8 encoded. I was only aware of this as an issue with the Console but it's entirely possible that someone at Amazon wrote the same bug in multiple places. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid From owner-freebsd-cloud@freebsd.org Mon Mar 11 19:25:01 2019 Return-Path: Delivered-To: freebsd-cloud@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47C5E152ACDE for ; Mon, 11 Mar 2019 19:25:01 +0000 (UTC) (envelope-from raf@rafal.net) Received: from smtp-out-2.mxes.net (smtp-out-2.mxes.net [205.237.194.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 52631771D8 for ; Mon, 11 Mar 2019 19:25:00 +0000 (UTC) (envelope-from raf@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 754D02755D; Mon, 11 Mar 2019 15:24:56 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rafal.net; s=tm; t=1552332297; bh=DE2z7uj9D5LsN7cfdlEVi6S3YuYCoP+P+mK3ZVPJn+I=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=qUV/kw9Te5XRqkP5dP3dhgt9hkHVwxZJMT50yi2DsK5XC2X5faiaMG7iP0BhWN8iB XcOOnj1KkJV+h2TBmsugS6oXFqBal3Uw5Gj0NE7q2pCjUTYJdGFwSNyMascOjvPlrX fawGZDwZ5Dlc2pjMN1C+O4srdKpqRR0r44i+nYJw= Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: How to base64 encode and upload userdata for EC2 Launch Template From: Rafal Lukawiecki In-Reply-To: Date: Mon, 11 Mar 2019 19:24:54 +0000 Cc: freebsd-cloud@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <16C73F7C-3673-44CC-B59E-DA247A0C2DF7@rafal.net> To: Colin Percival X-Mailer: Apple Mail (2.3445.102.3) X-Sent-To: X-Sender: rafal.net X-Rspamd-Queue-Id: 52631771D8 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=rafal.net header.s=tm header.b=qUV/kw9T; dmarc=pass (policy=none) header.from=rafal.net; spf=pass (mx1.freebsd.org: domain of raf@rafal.net designates 205.237.194.127 as permitted sender) smtp.mailfrom=raf@rafal.net X-Spamd-Result: default: False [-6.77 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[rafal.net:s=tm]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:205.237.194.0/25]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-3.21)[ip: (-8.40), ipnet: 205.237.192.0/20(-4.20), asn: 10607(-3.36), country: US(-0.07)]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: mxin.mxes.net]; DKIM_TRACE(0.00)[rafal.net:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.95)[-0.953,0]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,none]; RCVD_IN_DNSWL_LOW(-0.10)[127.194.237.205.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:10607, ipnet:205.237.192.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2019 19:25:01 -0000 I have been using =E2=80=9Ctar cvyf fff ddd=E2=80=9D, which I think is a = compressed tarball using bzip. Should I use something else? I have also noticed odd behaviour in the Console for LCs, but different = behaviour in the Console for LCs, and yet different for CLI=E2=80=A6 Thank you, Colin. Rafal > On 11 Mar 2019, at 19:21, Colin Percival wrote: >=20 > On 3/11/19 2:42 AM, Rafal Lukawiecki wrote: >> I hope someone can explain, as I have been lost in this for over a = week. I would like to pass a small (4-5kB) tarball of files for the = built-in cloud init script of the official FreeBSD 12.0 EC2 AMI to get = untarred and processed (>, >>, or #!) upon instance launch. I have = successfully done it for over 2 years using Launch Configurations but I = cannot make it work using the new Launch Templates. >=20 > Is this a tarball, or a compressed tarball? >=20 > There's a longstanding bug (which I'm told is going to get fixed = eventually!) > in the AWS Console whereby any non-7-bit-clean user-data files get = mangled > and come out with each byte UTF-8 encoded. I was only aware of this = as an > issue with the Console but it's entirely possible that someone at = Amazon wrote > the same bug in multiple places. >=20 > --=20 > Colin Percival > Security Officer Emeritus, FreeBSD | The power to serve > Founder, Tarsnap | www.tarsnap.com | Online backups for the truly = paranoid From owner-freebsd-cloud@freebsd.org Mon Mar 11 19:37:14 2019 Return-Path: Delivered-To: freebsd-cloud@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 87C42152C0A8 for ; Mon, 11 Mar 2019 19:37:14 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from mail.tarsnap.com (mail.tarsnap.com [54.86.246.204]) by mx1.freebsd.org (Postfix) with ESMTP id 2450977731 for ; Mon, 11 Mar 2019 19:37:14 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: (qmail 71789 invoked from network); 11 Mar 2019 19:39:12 -0000 Received: from unknown (HELO exbuntu.daemonology.net) (127.0.0.1) by ec2-107-20-205-189.compute-1.amazonaws.com with ESMTP; 11 Mar 2019 19:39:12 -0000 Received: (qmail 17207 invoked from network); 11 Mar 2019 19:37:46 -0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by clamshell.daemonology.net with SMTP; 11 Mar 2019 19:37:46 -0000 Subject: Re: How to base64 encode and upload userdata for EC2 Launch Template To: Rafal Lukawiecki Cc: freebsd-cloud@freebsd.org References: <16C73F7C-3673-44CC-B59E-DA247A0C2DF7@rafal.net> From: Colin Percival Openpgp: preference=signencrypt Autocrypt: addr=cperciva@freebsd.org; prefer-encrypt=mutual; keydata= mQGhBElrAAcRBACDfDys4ZtK+ErCJ1HAzYeteKpm3OEsvT/49AjUTLihkF79HhIKrCQU+1KC zv7BwHCMLb6hq30As9L7iFKG7n5QFLFC4Te/VcITUnWHMG/c3ViLOfJGvi+9/nOEHaM1dVJY D6tEp5yM1nHmVQpo9932j4KGuGFR0LhOK5IHXOSfGwCgxSFDPdgxe2OEjWxjGgY+oV3EafcD +JROXCTjlcQiG/OguQH4Vks3mhHfFnEppLxTkDuYgHZQiUtpcT9ssH5khgqoTyMar05OUdAj ZIhNbWDh4LgTj+7ZmvLhXT5Zxw8LX9d7T36aTB8XDQSenDqEtinMWOb0TCBBLbsB8EFG1WTT ESbZci9jJS5yhtktuZoY/eM8uXMD/3k4FWFO80VRRkELSp+XSy/VlSQjyi/rhl2nQq/oOA9F oJbDaB0yq9VNhxP+uFBzBWSqeIX0t1ZWLtNfVFr4TRP5hihI5ICrg/0OpqgisKsU2NFe9xyO hyJLYmfD8ebpDJ/9k30C7Iju9pVrwLm1QgS4S2fqJRcR+U4WbjvP7CgStCVDb2xpbiBQZXJj aXZhbCA8Y3BlcmNpdmFAdGFyc25hcC5jb20+iGEEExECACEFAklrALYCGwMHCwkIBwMCAQQV AggDBBYCAwECHgECF4AACgkQOM7KaQxqam6/igCgn+z2k3V5ggNppmWrZstt1U2lugsAoL7L wS9V9yLtil3oWmHtwpUqYruEuQINBElrAAcQCAD3ZLMIsP4CIDoJORg+YY0lqLVBgcnF7pFb 4Uy2+KvdWofN+DKH61rZLjgXXkNE9M4EQC1B4lGttBP8IY2gs41y3AUogGdyFbidq99rCBz7 LTsgARHwFxZoaHmXyiZLEU1QZuMqwPZV1mCviRhN5E3rRqYNXVcrnXAAuhBpvNyj/ntHvcDN 2/m+ochiuBYueU4kX3lHya7sOj+mTsndcWmQ9soOUyr8O0r/BG088bMn4qqtUw4dl5/pglXk jbl7uOOPinKf0WVd2r6M0wLPJCD4NPHrCWRLLLAjwfjrtoSRvXxDbXhCdgGBa72+K8eYLzVs hgq7tJOoBWzjVK6XRxR7AAMGB/9Mo3iJ2DxqDecd02KCB5BsFDICbJGhPltU7FwrtbC7djSb XUrwsEVLHi4st4cbdGNCWCrp0BRezXZKohKnNAPFOTK++ZfgeKxrV2sJod+Q9RILF86tQ4XF 7A7Yme5hy92t/WgiU4vc/fWbgP8gV/19f8nunaT2E9NSa70mZFjZNu4iuwThoUUO5CV3Wo0Y UISsnRK8XD1+LR3A2qVyLiFRwh/miC1hgLFCTGCQ3GLxZeZzIpYSlGdQJ0L5lixW5ZQD9r1I 8i/8zhE6qRFAM0upUMI3Gt1Oq2w03DiXrZU0Fu/R8Rm8rlnkQKA+95mRTUq1xL5P5NZIi4gJ Z569OPMFiEkEGBECAAkFAklrAAcCGwwACgkQOM7KaQxqam41igCfbaldnFTu5uAdrnrghESv EI3CAo8AoLkNMks1pThl2BJNRm4CtTK9xZeH Message-ID: <00238cea-75dc-57e2-a304-671a8dc5f5b5@freebsd.org> Date: Mon, 11 Mar 2019 12:37:46 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 2450977731 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.98)[-0.980,0]; ASN(0.00)[asn:14618, ipnet:54.86.0.0/16, country:US] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2019 19:37:14 -0000 Try it without the 'y' flag. It's possible that this will produce something too big to pass as a user-data file; but if it's small enough this would be a useful indication of where the problem lies. Colin Percival On 3/11/19 12:24 PM, Rafal Lukawiecki wrote: > I have been using “tar cvyf fff ddd”, which I think is a compressed tarball using bzip. Should I use something else? > > I have also noticed odd behaviour in the Console for LCs, but different behaviour in the Console for LCs, and yet different for CLI… > > Thank you, Colin. > Rafal > >> On 11 Mar 2019, at 19:21, Colin Percival wrote: >> >> On 3/11/19 2:42 AM, Rafal Lukawiecki wrote: >>> I hope someone can explain, as I have been lost in this for over a week. I would like to pass a small (4-5kB) tarball of files for the built-in cloud init script of the official FreeBSD 12.0 EC2 AMI to get untarred and processed (>, >>, or #!) upon instance launch. I have successfully done it for over 2 years using Launch Configurations but I cannot make it work using the new Launch Templates. >> >> Is this a tarball, or a compressed tarball? >> >> There's a longstanding bug (which I'm told is going to get fixed eventually!) >> in the AWS Console whereby any non-7-bit-clean user-data files get mangled >> and come out with each byte UTF-8 encoded. I was only aware of this as an >> issue with the Console but it's entirely possible that someone at Amazon wrote >> the same bug in multiple places. >> >> -- >> Colin Percival >> Security Officer Emeritus, FreeBSD | The power to serve >> Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid > > > -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid From owner-freebsd-cloud@freebsd.org Wed Mar 13 16:43:46 2019 Return-Path: Delivered-To: freebsd-cloud@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5352815396E7 for ; Wed, 13 Mar 2019 16:43:46 +0000 (UTC) (envelope-from raf@rafal.net) Received: from smtp-out-2.mxes.net (smtp-out-2.mxes.net [205.237.194.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5286B891E9 for ; Wed, 13 Mar 2019 16:43:45 +0000 (UTC) (envelope-from raf@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id B29FB2753E; Wed, 13 Mar 2019 12:43:34 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rafal.net; s=tm; t=1552495416; bh=VaqWeW0kRiGwkIKRhbH+uYzVZuMVwBJ8O//VcOGX8FE=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=OnLMUOgizbMIcm3MbiDdf+RoM33fySPIdz2PfKMFJMq3RfXGUwWq2+A62NW1HNZTC SP44aiKUFGKUvIRTCt0g3DZ2ei9DUDxHMSz/OHnMtBCUkfH36BJWn397DEY4G1n6cm jhFSzlzCc+BytiHKZsXunisYrwbIwc2ya2APW+bw= Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: How to base64 encode and upload userdata for EC2 Launch Template From: Rafal Lukawiecki In-Reply-To: <00238cea-75dc-57e2-a304-671a8dc5f5b5@freebsd.org> Date: Wed, 13 Mar 2019 16:43:32 +0000 Cc: freebsd-cloud@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <8601F0A6-9099-4C7C-8889-38D789A81EFD@rafal.net> References: <16C73F7C-3673-44CC-B59E-DA247A0C2DF7@rafal.net> <00238cea-75dc-57e2-a304-671a8dc5f5b5@freebsd.org> To: Colin Percival , "Philip M. Gollucci" X-Mailer: Apple Mail (2.3445.102.3) X-Sent-To: X-Sender: rafal.net X-Rspamd-Queue-Id: 5286B891E9 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=rafal.net header.s=tm header.b=OnLMUOgi; dmarc=pass (policy=none) header.from=rafal.net; spf=pass (mx1.freebsd.org: domain of raf@rafal.net designates 205.237.194.127 as permitted sender) smtp.mailfrom=raf@rafal.net X-Spamd-Result: default: False [-6.26 / 15.00]; ARC_NA(0.00)[]; SUBJECT_ENDS_SPACES(0.50)[]; R_DKIM_ALLOW(-0.20)[rafal.net:s=tm]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip4:205.237.194.0/25]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[127.194.237.205.list.dnswl.org : 127.0.5.1]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[rafal.net:+]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,none]; MX_GOOD(-0.01)[mxin.mxes.net,mxin.mxes.net]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.99)[-0.985,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-3.16)[ip: (-8.29), ipnet: 205.237.192.0/20(-4.14), asn: 10607(-3.32), country: US(-0.07)]; ASN(0.00)[asn:10607, ipnet:205.237.192.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Mar 2019 16:43:46 -0000 Colin, Philip, Thank you both for your suggestions. My set of scripts is a nice 5kB = when compressed, but tar without any compression is 20kB, which means it = does not get accepted as UserData by aws. Since I already use EFS for = distribution of some config data (mainly rc.init scripts), I will = simplify the configinit stage, repurpose the logic of it that processes = files in a loop seeing if they are >, >> or #!, but run it against the = mounted EFS, rather than from data that was passed in UserData. Philip: my current set-up already caters for different versions of = configs, as in, older but in production, current testing, and future. I = like your idea of colours. :) In end end, I will combine the best of both of your advice, for which I = would like to thank you. I wish, however, that AWS LT and LC worked with = encoded data correctly, and preferably, in the same way. Colin: have you = managed to pass any userdata to your cloudconfig in a compressed tar = format in a Launch Template? I have never succeeded with that, yet. Regards from Ireland, Rafal > On 11 Mar 2019, at 19:37, Colin Percival wrote: >=20 > Try it without the 'y' flag. It's possible that this will produce = something > too big to pass as a user-data file; but if it's small enough this = would be > a useful indication of where the problem lies. >=20 > Colin Percival >=20 > On 3/11/19 12:24 PM, Rafal Lukawiecki wrote: >> I have been using =E2=80=9Ctar cvyf fff ddd=E2=80=9D, which I think = is a compressed tarball using bzip. Should I use something else? >>=20 >> I have also noticed odd behaviour in the Console for LCs, but = different behaviour in the Console for LCs, and yet different for CLI=E2=80= =A6 >>=20 >> Thank you, Colin. >> Rafal >>=20 >>> On 11 Mar 2019, at 19:21, Colin Percival = wrote: >>>=20 >>> On 3/11/19 2:42 AM, Rafal Lukawiecki wrote: >>>> I hope someone can explain, as I have been lost in this for over a = week. I would like to pass a small (4-5kB) tarball of files for the = built-in cloud init script of the official FreeBSD 12.0 EC2 AMI to get = untarred and processed (>, >>, or #!) upon instance launch. I have = successfully done it for over 2 years using Launch Configurations but I = cannot make it work using the new Launch Templates. >>>=20 >>> Is this a tarball, or a compressed tarball? >>>=20 >>> There's a longstanding bug (which I'm told is going to get fixed = eventually!) >>> in the AWS Console whereby any non-7-bit-clean user-data files get = mangled >>> and come out with each byte UTF-8 encoded. I was only aware of this = as an >>> issue with the Console but it's entirely possible that someone at = Amazon wrote >>> the same bug in multiple places. >>>=20 >>> --=20 >>> Colin Percival >>> Security Officer Emeritus, FreeBSD | The power to serve >>> Founder, Tarsnap | www.tarsnap.com | Online backups for the truly = paranoid >>=20 >>=20 >>=20 >=20 > --=20 > Colin Percival > Security Officer Emeritus, FreeBSD | The power to serve > Founder, Tarsnap | www.tarsnap.com | Online backups for the truly = paranoid