upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-06 23:32:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/release/tools/ec2.conf
Colin Percival 55c3348ed7 acpi_pci: Add quirk for DELAY-after-EJ0 
On some EC2 instances, there is a race between removing a device from
the system and making the PCI bus stop reporting the presence of the
device.  As a result, a PCI BUS_RESCAN performed immediately after
the _EJ0 method returns "sees" the device which is being ejected, which
then causes problems later (e.g. we won't recognize a new device being
plugged into that slot because we never knew it was vacant).

On other operating systems the bus is synchronously marked as needing
to be rescanned but the rescan does not occur until O(1) seconds later.

Create a new ACPI_Q_DELAY_BEFORE_EJECT_RESCAN quirk and set it in EC2
AMIs, and add a 10 ms DELAY between _EJ0 and BUS_RESCAN when tht quirk
is set.

Reviewed by:	jhb
MFC after:	1 month
Sponsored by:	Amazon
Differential Revision:	https://reviews.freebsd.org/D49252
2025-03-14 11:35:35 -07:00

154 lines
6 KiB
Bash
Raw Blame History

#!/bin/sh
# Package which should be installed onto all EC2 AMIs:
# * ebsnvme-id, which is very minimal and provides important EBS-specific
# functionality,
export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} ebsnvme-id"
# Services which should be enabled by default in rc.conf(5).
export VM_RC_LIST="dev_aws_disk ntpd"
# Build with a 7.9 GB partition; the growfs rc.d script will expand
# the partition to fill the root disk after the EC2 instance is launched.
# Note that if this is set to <N>G, we will end up with an <N+1> GB disk
# image since VMSIZE is the size of the filesystem partition, not the disk
# which it resides within.
export VMSIZE=8000m
# No swap space; it doesn't make sense to provision any as part of the disk
# image when we could be launching onto a system with anywhere between 0.5
# and 4096 GB of RAM.
export NOSWAP=YES
ec2_common() {
# Delete the pkg package and the repo database; they will likely be
# long out of date before the EC2 instance is launched.
mount -t devfs devfs ${DESTDIR}/dev
chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \
/usr/sbin/pkg delete -f -y pkg
umount ${DESTDIR}/dev
rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD
# Turn off IPv6 Duplicate Address Detection; the EC2 networking
# configuration makes it unnecessary.
echo 'net.inet6.ip6.dad_count=0' >> ${DESTDIR}/etc/sysctl.conf
# Booting quickly is more important than giving users a chance to
# access the boot loader via the serial port.
echo 'autoboot_delay="-1"' >> ${DESTDIR}/boot/loader.conf
echo 'beastie_disable="YES"' >> ${DESTDIR}/boot/loader.conf
# The EFI RNG on Graviton 2 is particularly slow if we ask for the
# default 2048 bytes of entropy; ask for 64 bytes instead.
echo 'entropy_efi_seed_size="64"' >> ${DESTDIR}/boot/loader.conf
# Tell gptboot not to wait 3 seconds for a keypress which will
# never arrive.
printf -- "-n\n" > ${DESTDIR}/boot.config
# The emulated keyboard attached to EC2 instances is inaccessible to
# users, and there is no mouse attached at all; disable to keyboard
# and the keyboard controller (to which the mouse would attach, if
# one existed) in order to save time in device probing.
echo 'hint.atkbd.0.disabled=1' >> ${DESTDIR}/boot/loader.conf
echo 'hint.atkbdc.0.disabled=1' >> ${DESTDIR}/boot/loader.conf
# There is no floppy drive on EC2 instances so disable the driver.
echo 'hint.fd.0.disabled=1' >> ${DESTDIR}/boot/loader.conf
echo 'hint.fdc.0.disabled=1' >> ${DESTDIR}/boot/loader.conf
# There is no parallel port on EC2 instances so disable driver.
echo 'hint.ppc.0.disabled=1' >> ${DESTDIR}/boot/loader.conf
# EC2 has two consoles: An emulated serial port ("system log"),
# which has been present since 2006; and a VGA console ("instance
# screenshot") which was introduced in 2016.
echo 'boot_multicons="YES"' >> ${DESTDIR}/boot/loader.conf
# Some older EC2 hardware used a version of Xen with a bug in its
# emulated serial port. It is not clear if EC2 still has any such
# nodes, but apply the workaround just in case.
echo 'hw.broken_txfifo="1"' >> ${DESTDIR}/boot/loader.conf
# Graviton 1 through Graviton 4 have a bug in their ACPI where they
# mark the PL061's pins as needing to be configured in PullUp mode
# (in fact the PL061 has no pullup/pulldown resistors). Graviton 1
# through Graviton 3 have non-functional PCI _EJ0 and need a value
# written to the PCI power status register in order to eject a
# device. EC2 instances with PCI (not PCIe) buses need a short
# delay before rescanning upon device detach.
echo 'debug.acpi.quirks="56"' >> ${DESTDIR}/boot/loader.conf
# Load the kernel module for the Amazon "Elastic Network Adapter"
echo 'if_ena_load="YES"' >> ${DESTDIR}/boot/loader.conf
# Use the "nda" driver for accessing NVMe disks rather than the
# historical "nvd" driver.
echo 'hw.nvme.use_nvd="0"' >> ${DESTDIR}/boot/loader.conf
# Disable KbdInteractiveAuthentication according to EC2 requirements.
sed -i '' -e \
's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \
${DESTDIR}/etc/ssh/sshd_config
# RSA host keys are obsolete and also very slow to generate
echo 'sshd_rsa_enable="NO"' >> ${DESTDIR}/etc/rc.conf
# Use FreeBSD Update mirrors hosted in AWS
sed -i '' -e 's/update.FreeBSD.org/aws.update.FreeBSD.org/' \
${DESTDIR}/etc/freebsd-update.conf
# Use the NTP service provided by Amazon
sed -i '' -e 's/^pool/#pool/' \
-e '1,/^#server/s/^#server.*/server 169.254.169.123 iburst/' \
${DESTDIR}/etc/ntp.conf
# Provide a map for accessing Elastic File System mounts
cat > ${DESTDIR}/etc/autofs/special_efs <<'EOF'
#!/bin/sh
if [ $# -eq 0 ]; then
# No way to know which EFS filesystems exist and are
# accessible to this EC2 instance.
exit 0
fi
# Provide instructions on how to mount the requested filesystem.
FS=$1
REGION=`fetch -qo- http://169.254.169.254/latest/meta-data/placement/availability-zone | sed -e 's/[a-z]$//'`
echo "-nfsv4,minorversion=1,oneopenown ${FS}.efs.${REGION}.amazonaws.com:/"
EOF
chmod 755 ${DESTDIR}/etc/autofs/special_efs
# The first time the AMI boots, run "first boot" scripts.
touch ${DESTDIR}/firstboot
return 0
}
ec2_base_networking () {
# EC2 instances use DHCP to get their network configuration. IPv6
# requires accept_rtadv.
echo 'ifconfig_DEFAULT="SYNCDHCP accept_rtadv"' >> ${DESTDIR}/etc/rc.conf
# The EC2 DHCP server can be trusted to know whether an IP address is
# assigned to us; we don't need to ARP to check if anyone else is using
# the address before we start using it.
echo 'dhclient_arpwait="NO"' >> ${DESTDIR}/etc/rc.conf
# Enable IPv6 on all interfaces, and spawn DHCPv6 via rtsold
echo 'ipv6_activate_all_interfaces="YES"' >> ${DESTDIR}/etc/rc.conf
echo 'rtsold_enable="YES"' >> ${DESTDIR}/etc/rc.conf
echo 'rtsold_flags="-M /usr/local/libexec/rtsold-M -a"' >> ${DESTDIR}/etc/rc.conf
# Provide a script which rtsold can use to launch DHCPv6
mkdir -p ${DESTDIR}/usr/local/libexec
cat > ${DESTDIR}/usr/local/libexec/rtsold-M <<'EOF'
#!/bin/sh
/usr/local/sbin/dhclient -6 -nw -N -cf /dev/null $1
EOF
chmod 755 ${DESTDIR}/usr/local/libexec/rtsold-M
return 0
}
Reference in a new issue View git blame Copy permalink