Hi all
Quite some time ago I posted instructions for making a Debian AMI on these forums. Since then I've been providing and regularly updating a public Debian Etch image for anyone to use.
Given the regular questions appearing on the forum about using Debian/Ubuntu with EC2 I thought it might be a useful exercise to post a complete HOWTO should people wish to roll their own AMI rather than use my public one. I suspect that these instructions will work for Ubuntu as well although I've not actually tested this.
To start with we need to construct a simple Debian installation on a host machine. I'm using my local Etch at home but this should also work fine on the EC2 public Etch instances.
1. Create a 1Gb disk image, format it ext3 and mount it:
dd if=/dev/zero of=debian.fs count=1024 bs=1M
mke2fs -F -j debian.fs
mount -o loop debian.fs /mnt
2. Using ‘debootstrap’ we install Debian Etch onto the mounted image, update the apt sources list and chroot into the image:
debootstrap -arch i386 etch /mnt
http://ftp.debian.org
nano /mnt/etc/apt/sources.list (I just added the security updates line)
chroot /mnt
3. We need to create some devices:
mount /proc
cd /dev
/sbin/MAKEDEV console
/sbin/MAKEDEV std
/sbin/MAKEDEV generic (it's been suggested this isn't actually necessary but I left it in anyway just in case)
4. Setup the root password, network interfaces and fstab:
passwd (this is 'etch' on the public AMI)
nano /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
nano /etc/fstab
/dev/sda1 / ext3 defaults 0 1
/dev/sda2 /mnt ext3 defaults 1 2
/dev/sda3 swap swap defaults 0 0
5. Now we use apt to update and add sshd:
apt-get update
apt-get dist-upgrade (don't worry about the locale warnings here, we'll fix this later)
apt-get install openssh-server
6. This simple install should now be capable of booting on EC2. Let's test this out before going any further:
exit (out of the chroot environment)
sync
umount -l /mnt (for lazy umount)
ec2-bundle-image -i debian.fs -k
private_key
-c
certificate
-u
aws_id
ec2-upload-bundle -b
bucket
-m /tmp/debian.fs.manifest.xml -a
s3_access_key
-s
s3_secret_key
ec2-register
bucket
/debian.fs.manifest.xml
7. This intermediate stage AMI should launch fine. If not take a look at the console output to debug. Once we have this basic image we then need to make it a bit more EC2 friendly by installing the following packages onto it:
apt-get install locales libc6-xen curl rsync ruby libopenssl-ruby1.8 module-init-tools openssl
dpkg-reconfigure locales (I selected en_US.UTF-8)
8. Download the EC2 AMI rpm tools package from the Developer Resources section of the AWS site and use 'alien' to convert it to a Debian package, then:
dpkg -i
ec2-ami-tools_1.2-7222_all.deb
RUBYLIB=/usr/lib/site_ruby/
add the following to /root/.profile
RUBYLIB=/usr/lib/site_ruby/
export RUBYLIB
9. We need to modify the AMI tools slightly due to differences in MAKEDEV:
nano /usr/lib/site_ruby/aes/amiutil/image.rb
changing
exec( ‘for i in console null zero ; do /sbin/MAKEDEV -d ‘ + dev_dir + ‘ -x $i ; done’ )
on around line 150 to
exec("cd #{dev_dir} && /sbin/MAKEDEV console && /sbin/MAKEDEV std && /sbin/MAKEDEV generic")
10. We also need the AWS kernel modules:
cd /
wget
http://s3.amazonaws.com/ec2-downloads/modules-2.6.16-ec2.tgz
tar -xzvf modules-2.6.16-ec2.tgz
rm modules-2.6.16-ec2.tgz
depmod -a
11. Finally, in order to secure the image a bit we will disable root password login:
nano /etc/ssh/sshd_config
changing
PermitRootLogin yes
to
PermitRootLogin without-password
12. and enable the AWS public key login feature by appending the following to rc.local:
nano /etc/rc.local
if [ ! -d /root/.ssh ] ; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
curl
http://169.254.169.254/1.0//meta-data/public-keys/0/openssh-key > /tmp/my-key
if [ $? -eq 0 ] ; then
cat /tmp/my-key >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
rm /tmp/my-key
fi
exit 0
13. If the image is being bundled for public consumption you may wish to do the following where appropriate:
rm /root/.ssh/authorized_keys
rm /root/.bash_history && touch /root/.bash_history
14. We can now use the new 'self-bundling' ability of the instance:
ec2-bundle-vol -d /mnt -p
ami_name
-k
private_key
-c
certificate
-u
aws_id
-s 3072
ec2-upload-bundle -b
bucket
-m /mnt/
ami_name
.manifest.xml -a
s3_access_key
-s
s3_secret_key
ec2-register
bucket
/
ami_name
.manifest.xml
15. Again, if this AMI doesn't work on launch take a look at the console to figure out why (don't forget that root password login was disabled).
If you notice any bugs in this HOWTO please let us know. Otherwise the public ami-30f11459 was made today using these same instructions if you want to try it out.
Best regards
Paul
|
