Skip to content

MacOS Images

  • MacOS with nesting AMI

    • Builds and publishes MacOS AMIs for dedicated hosts
    • Uses Packer with AWS instance plugin
    • Based on Amazon MacOS AMI with EC2 utilities
  • MacOS job images build machine

    • Dedicated always-on Mac host for building images
    • Attached to job images build project
  • MacOS job images automation

    • Uses Packer and Tart for image building
    • Publishes images to S3
    • Combines MacOS base image, Xcode tools, and Ansible-installed packages

Manual Intervention Required: Building job images isn’t fully automated due to:

  • Xcode installation requiring Apple Developer login with 2FA
  • Large host images and Xcode packages requiring persistent EBS storage

Storage Considerations: Originally, all job VMs were baked into the host AMI, creating large images with lazy EBS loading issues. The solution involves:

  • Using empty EBS volumes
  • Downloading images at startup
  • Trading ~10 minutes of provisioning time for full EBS performance

The Problem: MacOS SIP prevents programs from accessing volumes without user authorization, with no scriptable API.

The Solution: Automated keyboard commands over VNC to handle authorization dialogs.

  • Implemented in nesting full disk access script
  • ~20% failure rate, but acceptable given build frequency
  • Recent AWS SIP control updates may enable programmatic disabling during AMI building