Bug#971545: cloud.debian.org: Provide AMI image ID that is always recent
On 2/10/20 3:55 am, Ross Vandegrift wrote: > On Thu, Oct 01, 2020 at 05:16:36PM +0200, tkoeck wrote: >> is there an AMI image ID that is always the recent one? > > Instead of hardcoding an AMI somewhere, you can search to find the > current release. With awscli, try something like this: > $ aws ec2 describe-images \ > --output text \ > --owners 136693071363 \ > --filters Name=name,Values="debian-10-amd64-*" \ > --query 'Images[].[Name,ImageId]' \ > | sort -rn \ > | head -n 1 \ > | awk '{print $2}' There's a small tool I wrote earlier in the year to address the problem of quickly finding the latest AMI for a given type. It is now hosted here: https://github.com/sitepoint/amifinder eg. running something like: amifinder --name 'debian-10-amd64-*' 136693071363 in the us-west-2 region would give you: Name: debian-10-amd64-20200928-407 Architecture: x86_64 CreationDate: 2020-09-28T23:58:51.000Z ImageId: ami-06d8a32aedc6986f5 ImageLocation: 136693071363/debian-10-amd64-20200928-407 ImageType: machine Public: True OwnerId: 136693071363 State: available DeviceName: /dev/xvda DeleteOnTermination: True SnapshotId: snap-01eca3d280b2d9f69 VolumeSize: 8 VolumeType: gp2 Encrypted: False Description: Debian 10 (20200928-407) EnaSupport: True Hypervisor: xen RootDeviceName: /dev/xvda RootDeviceType: ebs SriovNetSupport: simple VirtualizationType: hvm I feel it makes things a fair bit easier. Cheers, Adam signature.asc Description: OpenPGP digital signature
Bug#971545: cloud.debian.org: Provide AMI image ID that is always recent
On Thu, Oct 01, 2020 at 05:16:36PM +0200, tkoeck wrote: > is there an AMI image ID that is always the recent one? That's not how AWS works - every image is always a different ID, just like every instance is always a different ID. Instead of hardcoding an AMI somewhere, you can search to find the current release. With awscli, try something like this: $ aws ec2 describe-images \ --output text \ --owners 136693071363 \ --filters Name=name,Values="debian-10-amd64-*" \ --query 'Images[].[Name,ImageId]' \ | sort -rn \ | head -n 1 \ | awk '{print $2}' If you're using terraform, the aws_ami data source works like this: data "aws_ami" "debian10" { most_recent = true owners = ["136693071363"] filter { name = "name" values = ["debian-10-amd64-*"] } } Ross
Bug#971545: cloud.debian.org: Provide AMI image ID that is always recent
On Thu, Oct 01, 2020 at 05:16:36PM +0200, tkoeck wrote: > is there an AMI image ID that is always the recent one? > > As far as I have seen the AMI image ID always changes for every > subversion (e.g. Debian 10.0 to 10.1)? > > It would be interesting to have an AMI image ID which would always > represent the newest Debian 10 AMI image with all security updates > installed. We publish updated AMIs (and images for other cloud services) when necessary, not just on stable point releases. You can see the history for buster and stretch AMIs at the following locations. Note especially the updates addressing DSAs for core packages such as the kernel, libc, or openssl. https://wiki.debian.org/Cloud/AmazonEC2Image/Buster and https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch We don't necessarily publish updates for every package in the base image that gets an update. Many package updates are for relatively minor issues with a limited exposure. Cloud-init provides a simple mechanism allowing packages to be updated upon instance launch, and we run unattended-upgrades by default. Primarily, the packages that trigger an AMI update are packages that require a reboot in order to be effectively applied. I think our current approach provides a good balance between up-to-date contents and excessive churn. However, if you really want something more likely to be up-to-date, we generate images daily, and you can use them. You should understand that these daily builds are mostly intended for testing purposes, and they could disappear with little to no warning. See https://noah.meyerhans.us/2020/03/04/daily-vm-image-builds-are-available-from-the-cloud-team/ for details about where to find them. noah
Bug#971545: cloud.debian.org: Provide AMI image ID that is always recent
Package: cloud.debian.org Severity: wishlist Dear Maintainer, is there an AMI image ID that is always the recent one? As far as I have seen the AMI image ID always changes for every subversion (e.g. Debian 10.0 to 10.1)? It would be interesting to have an AMI image ID which would always represent the newest Debian 10 AMI image with all security updates installed. Greetings Tobias -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.8.0-2-amd64 (SMP w/16 CPU threads) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled