containers-roadmap icon indicating copy to clipboard operation
containers-roadmap copied to clipboard

Published 20 hours ago verified publisher icon aws

[ECS/EC2] [request]: Build AL2 ECS-Optimized AMI with kernel 5.x

Open sparrc opened this issue 2 years ago • 1 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request

This is a request for an ECS-Optimized AL2 AMI with kernel 5.4 or 5.10 by default, similar to how the AL2 team offers a separate AMI with kernel 5.10 (see AL2 5.10 amis below):

% aws ssm get-parameters-by-path --path /aws/service/ami-amazon-linux-latest --query "Parameters[].Name"| grep "kernel-5\.10"   
    "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs",
    "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2",
    "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2",

Which service(s) is this request for?

ECS on EC2

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?

There are performance and security optimizations available in kernel 5.x not currently available in the default ECS AMIs. Furthermore, Amazon Linux itself recommends using kernel 5.x (see kernel-ng package and AL2 AMIs with kernel 5.10).

Not providing official ECS-Optimized AMIs with kernel 5.x makes it harder for customers to upgrade, since they have to manage their own custom AMIs or add a lengthy kernel upgrade and reboot step into their userdata, which makes their container instances startup slower and wastes money.

Are you currently working around this issue?

See here for knowledge center guidance on how to upgrade the AL2 kernel.

  1. Build a custom AMI with a change to the official AMI recipes installing the kernel-ng package from Amazon Linux: https://github.com/aws/amazon-ecs-ami/compare/main...al2-5.10-kernel
  2. Include the following userdata in startup to install new kernel and reboot on instance launch:
# update the kernel and reboot
if [ ! -f /etc/.kernel-ng-installed ]; then
  amazon-linux-extras install kernel-ng
  touch /etc/.kernel-ng-installed
  reboot
fi

sparrc avatar Jul 19 '22 19:07 sparrc

Strong preference for 5.10 (so we can use Wireguard kernel modules added in 5.6).

gregtws avatar Jul 22 '22 17:07 gregtws

ECS now offers separate ECS-Optimized AL2 AMIs with kernel 5.10.

Please refer to documentation here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/retrieve-ecs-optimized_AMI.html

danehlim avatar Feb 07 '23 22:02 danehlim