name: UpdateAndReboot description: Update OS and Reboot schemaVersion: 1.0 constants: - FailExitCode: type: string value: 1 phases: - name: build steps: # Check input base AMI OS and get OS information, the output should be like centos.7 | amzn.2 | ubuntu.20.04 | ubuntu.22.04 | rhel.8.7 - name: OperatingSystemRelease action: ExecuteBash inputs: commands: - | set -v FILE=/etc/os-release if [ -e ${!FILE} ]; then . ${!FILE} echo "${!ID}${!VERSION_ID:+.${!VERSION_ID}}" else echo "The file '${!FILE}' does not exist. Failing build." exit {{ FailExitCode }} fi # Get uniformed OS name - name: OperatingSystemName action: ExecuteBash inputs: commands: - | set -v RELEASE='{{ build.OperatingSystemRelease.outputs.stdout }}' if [ `echo "${!RELEASE}" | grep -w '^amzn\.2'` ]; then OS='alinux2' elif [ `echo "${!RELEASE}" | grep '^centos\.7'` ]; then OS='centos7' elif [ `echo "${!RELEASE}" | grep '^ubuntu\.20'` ]; then OS='ubuntu2004' elif [ `echo "${!RELEASE}" | grep '^ubuntu\.22'` ]; then OS='ubuntu2204' elif [ `echo "${!RELEASE}" | grep '^rhel\.8'` ]; then OS='rhel8' else echo "Operating System '${!RELEASE}' is not supported. Failing build." exit {{ FailExitCode }} fi echo ${!OS} # Get platform name - name: PlatformName action: ExecuteBash inputs: commands: - | set -v OS='{{ build.OperatingSystemName.outputs.stdout }}' if [ `echo "${!OS}" | grep -E '^(alinux|centos|rhel)'` ]; then PLATFORM='RHEL' elif [ `echo "${!OS}" | grep -E '^ubuntu'` ]; then PLATFORM='DEBIAN' fi echo ${!PLATFORM} # Check if input base AMI has supported OS - name: IsOperatingSystemSupported action: ExecuteBash inputs: commands: - | set -v RELEASE='{{ build.OperatingSystemRelease.outputs.stdout }}' if [ `echo "${!RELEASE}" | grep -Ev '^(amzn|centos|ubuntu|rhel)'` ]; then echo "This component does not support '${!RELEASE}'. Failing build." exit {{ FailExitCode }} fi # This component only supports aarch64 CPUs on Amazon Linux 2, Ubuntu2004, Ubuntu2204, Centos7 and RHEL 8 ARCH=$(uname -m) if [[ `echo ${!ARCH}` == 'aarch64' ]]; then if [ `echo "${!RELEASE}" | grep -Ev '^(amzn\.2|centos\.7|ubuntu\.20\.04|ubuntu\.22\.04|rhel\.8)'` ]; then echo "This component does not support '${!RELEASE}' on ARM64 CPUs. Failing build." exit {{ FailExitCode }} fi fi - name: DisableNouveau action: ExecuteBash inputs: commands: - | set -v PLATFORM='{{ build.PlatformName.outputs.stdout }}' /bin/sed -r -i -e 's/GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 rd.driver.blacklist=nouveau nouveau.modeset=0"/' /etc/default/grub if [[ ${!PLATFORM} == RHEL ]]; then grub2-mkconfig -o /boot/grub2/grub.cfg elif [[ ${!PLATFORM} == DEBIAN ]]; then update-grub fi - name: InstallEfiBootManager action: ExecuteBash inputs: commands: - | set -v PLATFORM='{{ build.PlatformName.outputs.stdout }}' ARCH=$(uname -m) if [[ `echo ${!ARCH}` == 'aarch64' ]] && [[ ${!PLATFORM} == DEBIAN ]]; then # temporary workaround to solve https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1936857 apt-get -y install efibootmgr fi - name: UpdateOS action: ExecuteBash inputs: commands: - | set -v OS='{{ build.OperatingSystemName.outputs.stdout }}' PLATFORM='{{ build.PlatformName.outputs.stdout }}' if [[ ${!PLATFORM} == RHEL ]]; then yum -y update if [[ ${!OS} != "rhel8" ]]; then package-cleanup -y --oldkernels --count=1 else # package-cleanup has changed in RHEL8 and it works differently # RHEL8 keeps at least 2 kernel for fallback reason https://access.redhat.com/solutions/1227 # The kernel cleanup should be performed manually # get the default kernel for the next boot LAST_KERNEL_VERSION=$(grubby --default-kernel | sed -e "s/.*-\(4.18.0-.*\).$(uname -m)/\1/g") # get all the installed kernel versions except the one for the next boot KERNEL_VERSIONS_CLEANUP=$(rpm -q --qf "%{VERSION}-%{RELEASE}\n" kernel | grep -v "$LAST_KERNEL_VERSION") for VERSION in $KERNEL_VERSIONS_CLEANUP; do echo "Removing kernel-$VERSION kernel-core-$VERSION kernel-modules-$VERSION" rpm -e kernel-$VERSION kernel-core-$VERSION kernel-modules-$VERSION; done fi yum -y install kernel-devel elif [[ ${!PLATFORM} == DEBIAN ]]; then while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done flock $(apt-config shell StateDir Dir::State/d | sed -r "s/.*'(.*)\/?'$/\1/")/daily_lock systemctl disable --now apt-daily.timer apt-daily.service apt-daily-upgrade.timer apt-daily-upgrade.service sed "/Update-Package-Lists/s/\"1\"/\"0\"/; /Unattended-Upgrade/s/\"1\"/\"0\"/;" /etc/apt/apt.conf.d/20auto-upgrades > "/etc/apt/apt.conf.d/51pcluster-unattended-upgrades" DEBIAN_FRONTEND=noninteractive apt-get -y update && DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --with-new-pkgs upgrade && apt-get --purge autoremove -y apt-get -y install linux-aws linux-headers-aws linux-image-aws fi - name: KeepSSM action: ExecuteBash inputs: commands: - | set -v if [[ -f /tmp/imagebuilder_service/ssm_installed ]]; then echo "Keeping SSM agent installed" rm -rf /tmp/imagebuilder_service/ssm_installed else echo "SSM agent is installed by default" fi - name: RebootStep action: Reboot onFailure: Abort maxAttempts: 2 inputs: delaySeconds: 10 - name: validate steps: - name: UpdateValidate action: ExecuteBash inputs: commands: - | echo "Check the OS has been updated"