Building Custom Linux Images Building Custom Linux Images for - - PowerPoint PPT Presentation

Building Custom Linux Images Building Custom Linux Images for Amazon EC2 for Amazon EC2

O'Reilly OSCON Open Source Convention 2009 O'Reilly OSCON Open Source Convention 2009

Eric Hammond Eric Hammond VP Technology VP Technology CampusExplorer.com CampusExplorer.com

Building Custom Linux Images for Amazon EC2

2

Intro to Amazon EC2 Intro to Amazon EC2

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

3

What is Amazon EC2? On Demand, Self Service, Pay As You Go, Computing Infrastructure

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

4

EC2 - Computing Infrastructure

Servers (CPU, RAM, Disk) Static IP addresses Firewalls SAN – Storage Area Network Monitoring Load Balancing Auto Scaling Network bandwidth

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

5

EC2 Terminology

Server Static IP Firewall SAN Monitoring Load Balancing Auto Scaling “Instance” “Elastic IP Address” “Security Group” “Elastic Block Store” “CloudWatch” “Elastic Load Balancing” “Auto Scaling”

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

6

EC2 – On Demand Scale up ...to meet demand Scale down ...to save money Scaling time measured in minutes

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

7

EC2 – Self Service AWS = Amazon “Web Services” No Amazon employees needed Complete root access to servers Write software to control EC2

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

8

EC2 – Pay As You Go Pay for what you use Stop paying when you stop using it Server – pay by hour (wall clock) Network – pay by GB Storage – pay by GB/month

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

9

Amazon Machine Images (AMI) Amazon Machine Images (AMI)

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

10

Amazon Machine Images “image” = Copy of a boot disk Determines:

Operating system (Linux, Windows) Distribution (Ubuntu, Debian, Fedora, ...) Release (Ubuntu 9.04 Intrepid) Software installed (LAMP, Rails, ...) Software configuration

Should not include “data”

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

11

Image = Boot Disk

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

12

New EC2 Servers New EC2 server starts with a copy of the boot disk image Changes on the server do not affect the contents of the master image

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

13

New Server = New Copy of Disk

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

14

Where Do You Get an EC2 Image?

Public EC2 images Building EC2 images from running systems Building EC2 images from scratch Building EC2 images using 3rd party services

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

15

Public Linux Images Public Linux Images

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

16

Public EC2 Images

Fedora Red Hat CentOS Ubuntu Debian OpenSuse Gentoo (OpenSolaris) (Windows 2003)

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

17

Needle In a Haystack Over 3,300 public EC2 images as of Jul 2009 Around 500 of those are mine About 60 of those are the latest release of their series

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

18

EC2 Images Available on Alestic.com

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

19

Advantages of Public Images Convenience Maintenance Support Community

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

20

Drawbacks of Public Images Trust, security, longevity Software setup Documentation Startup/setup time

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

21

Using Public EC2 Images Research images Research image publishers Stay current with latest images Install & configure software at bootup

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

22

user-data Startup Scripts

Server startup scripts with user-data ec2userdata.notlong.com If user-data starts with #! then the server runs it as root on the first boot

Supported by Ubuntu and Debian images

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

23

user-data startup script

Eric Hammond Alestic.com

#!/bin/bash
-x export
DEBIAN_FRONTEND=noninteractive apt-get
update
&&
apt-get
upgrade
-y tasksel
install
lamp-server apt-get
install
-y
wordpress
php5-gd</dev/null META=http://169.254.169.254/2007-12-15/meta-data host=$(wget
-qO-
$META/public-hostname/) WP=/usr/share/doc/wordpress/examples perl
-pi
-e
's/^ping/true/'
$WP/setup-mysql bash
$WP/setup-mysql
-n
wordpress
$host mv
/var/www
/var/www.orig ln
-s
/usr/share/wordpress
/var/www /etc/init.d/apache2
restart

Building Custom Linux Images for Amazon EC2

24

Building EC2 Images: Building EC2 Images: Concepts Concepts

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

25

Concepts

Bucket – possibly public, globally unique name; contains multiple images Prefix – possibly public name, unique within bucket; identifies individual image Image ID (AMI ID) – Unique identifier for an individual image; assigned by EC2

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

26

Access Identifiers

9+ access identifiers, some available on ec2access.notlong.com AWS user id (account id without dashes) Amazon.com account email, password AWS access key id, secret access key X.509 certificate, private key ssh public key, private key (“keypair”)

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

27

Building Images from Building Images from Running Systems Running Systems

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

28

Rebundle a Running EC2 Server Run an existing EC2 image Install and customize software “Rebundle” and upload Register as a new image

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

29

Rebundle a Running EC2 Server

Eric Hammond Alestic.com

#
Upload
certificate+private
key scp
-i
<KEYPAIR>.pem
\ 

{cert,pk}-*.pem



\ 

root@<HOST>:/tmp/ #
Connect
to
the
instance ssh
-i
<KEYPAIR>.pem
root@<HOST> #
Install
and
customize
software ...

Building Custom Linux Images for Amazon EC2

30

Rebundle a Running EC2 Server

Eric Hammond Alestic.com

#
Bundle
the
current
file
system sudo
ec2-bundle-vol











\ 
--prefix
<PREFIX>












\ 
--user
<AWS_USER_ID>









\ 
--arch
i386


















\ 
--destination
/mnt











\ 
--cert
/tmp/cert-*.pem







\ 
--privatekey
/tmp/pk-*.pem



\ 
--size
10240

















\ 
--exclude
/mnt,/tmp,/root/.ssh

Building Custom Linux Images for Amazon EC2

31

Rebundle a Running EC2 Server

Eric Hammond Alestic.com

#
Upload
the
bundle
to
S3 ec2-upload-bundle














\ 

--bucket
<BUCKET>












\ 

-m
/mnt/<PREFIX>.manifest.xml
\ 

--access-key
<ACCESS_KEY_ID>

\ 

--secret-key
<SECRET_KEY>

Building Custom Linux Images for Amazon EC2

32

Rebundle a Running EC2 Server

Eric Hammond Alestic.com

#
Register
the
image
 ec2-register
\ 

<BUCKET>/<PREFIX>.manifest.xml

Building Custom Linux Images for Amazon EC2

33

Free Tip Don't terminate the server until you have tested the new EC2 image

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

34

Advantages of Rebundling Seems easy Manual software configuration No special software/skills required Lots of tutorials available

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

35

Drawbacks of Rebundling Reproducibility Debug cycle Code branching

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

36

Building Images from Scratch Building Images from Scratch

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

37

Building From Scratch

Create fresh copy of a boot file system ...in a subdirectory of the current file system Bundle & upload as the new image

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

38

Building From Scratch Build base OS (e.g., debootstrap) Install software packages

• Don't launch daemons on install

Install kernel modules

• Special XFS kernel module for old kernel

Install EC2 AMI command line tools /proc and /dev/pts file systems

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

39

Building From Scratch Set locale, timezone Set up /etc/apt/sources.list Set up /etc/fstab Set up /etc/network/interfaces Set up /etc/hosts Apply fixes for xen and libc6 Remove unused ttys

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

40

Building From Scratch Disable passwords Don't remember old MAC address Don't try to sync CMOS clock Don't start AppArmor if old kernel Install EC2 startup processes Bundle image Upload image

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

41

Startup Responsibilities

Mount local storage Set up network with DHCP Copy public ssh key to authorized_keys Regenerate ssh host keys

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

42

ec2ubuntu-build-ami ec2ubuntu-build-ami (Ubuntu & Debian) (Ubuntu & Debian)

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

43

ec2ubuntu-build-ami

Code: ec2ubuntu-build-ami.notlong.com Open source, maintained since 2007 Best practices for building EC2 images Builds Ubuntu and Debian images

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

44

ec2ubuntu-build-ami

Eric Hammond Alestic.com

#
Start
a
32-bit
Fedora
EC2
image ec2-run-instances
\ 

--key
<KEYPAIR>
\ 

ami-f51aff9c #
Get
the
hostname ec2-describe-instances
\ 

<INSTANCE_ID>

Building Custom Linux Images for Amazon EC2

45

ec2ubuntu-build-ami

Eric Hammond Alestic.com

#
Upload
certificate+private
key scp
-i
<KEYPAIR>.pem
\ 

{cert,pk}-*.pem



\ 

root@<HOST>:/tmp/ #
Connect
to
the
instance ssh
-i
<KEYPAIR>.pem
root@<HOST> #
Download
ec2ubuntu-build-ami wget
http://ec2build.notlong.com

Building Custom Linux Images for Amazon EC2

46

ec2ubuntu-build-ami

Eric Hammond Alestic.com

#
Build
Ubuntu
9.04
Jaunty
image bash
ec2ubuntu-build-ami





\ 



--codename
jaunty








\ 



--bucket
<BUCKET>








\ 



--prefix
<PREFIX>








\ 



--user
<AWS_USER_ID>





\ 



--access-key
<ACCESS_KEY>
\ 



--secret-key
<SECRET_KEY>
\ 



--cert
/tmp/cert-*.pem



\ 



--private-key
/tmp/pk-*.pem

Building Custom Linux Images for Amazon EC2

47

ec2ubuntu-build-ami Customizations

Add standard packages with

• -package
<NAME>

Run customization script with

• -script
<FILE>

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

48

ec2ubuntu-build-ami --script

Eric Hammond Alestic.com

#!/bin/bash #
build-wordpress chroot
$imagedir
bash
-x
<<'EOM' export
DEBIAN_FRONTEND=noninteractive tasksel
install
lamp-server apt-get
install
-y
wordpress
php5-gd</dev/null WP=/usr/share/doc/wordpress/examples perl
-pi
-e
's/^ping/true/'
$WP/setup-mysql /etc/init.d/mysql
start bash
$WP/setup-mysql
\ 

-n
wordpress
blog.example.com /etc/init.d/mysql
stop mv
/var/www
/var/www.orig ln
-s
/usr/share/wordpress
/var/www EOM

Building Custom Linux Images for Amazon EC2

49

vmbuilder

vmbuilder package in Ubuntu In development by Canonical Will replace ec2ubuntu-build-ami Also builds kvm, xen, vmw6, vmserver Easier to type

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

50

Building Other Linux Distributions

RightScale script to build CentOS image ec2build-centos.notlong.com Article on building Gentoo image ec2build-gentoo.notlong.com Others might be available; check forum ec2forum.notlong.com

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

51

Advantages of Building From Scratch

Control Security Reproducibility Understanding

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

52

Drawbacks of Building From Scratch

More advanced Debugging Shell scripting required Code branching

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

53

Building EC2 Images using Building EC2 Images using Third Party Systems Third Party Systems

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

54

3rd Party EC2 Image Builders

CohesiveFT Elastic Server elasticserver.com rPath rBuilder rpath.org

• thers?

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

55

Releasing Public EC2 Images Releasing Public EC2 Images

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

56

Making Images Public

Eric Hammond Alestic.com

#
Let
another
EC2
user
run
image ec2-modify-image-attribute
\ 

-l






















\ 

-a
<OTHER_USER_ID>






\ 

<IMAGE_ID> #
Let
everybody
(public)
run
image ec2-modify-image-attribute
\ 

-l






















\ 

-a
all


















\ 

<IMAGE_ID>

Building Custom Linux Images for Amazon EC2

57

Public Images - Security Clear private and sensitive data

• AWS keys
• Log files
• Shell history

Disable/exclude back doors

• Account passwords
• Application passwords
• authorized_keys files

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

58

Public Images - Maintenance Document how you built the image Document the history / change log Keep old images forever

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

59

Cleanup Cleanup

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

60

Cleanup

Eric Hammond Alestic.com

#
Deregister
an
EC2
image ec2-deregister
<IMAGE_ID> #
Delete
the
bundle ec2-delete-bundle










\ 

--access-key
<ACCESS_KEY>
\ 

--secret-key
<SECRET_KEY>
\ 

--bucket
<BUCKET>








\ 

--prefix
<PREFIX>

Building Custom Linux Images for Amazon EC2

61

Remember! Don't delete public EC2 images if others might be using them

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

62

Resources Resources

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

63

Learning More Amazon EC2 ec2.notlong.com Public EC2 images (some of them) ec2ami.notlong.com Ubuntu and Debian EC2 images Alestic.com

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

64

Support Groups Amazon EC2 Forum ec2forum.notlong.com Google Group for EC2 and Ubuntu ec2ubuntu-group.notlong.com Canonical EC2 mailing list ec2canonical-list.notlong.com

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

65

IRC channels AWS support (especially EC2, S3) irc.freenode.net ##aws Ubuntu and EC2 irc.freenode.net #ubuntu-ec2 Eucalyptus irc.freenode.net #eucalyptus

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

66

Articles

MySQL on persistent EBS volumes ec2ebs-mysql.notlong.com RAID across EBS volumes alestic-raid.notlong.com Elastic IP and internal EC2 servers alestic-internal.notlong.com

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

67

Presentation Latest version of this presentation available at:

• scon2009talk.notlong.com

Open Office Impress template licensed under Creative Commons license http://creativecommons.org/licenses/by-sa/2.5/deed.en from Chih-Hao Tsai: http://technology.chtsai.org/impress/

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

68

Plug

CampusExplorer.com is hiring: senior Perl developer eric@perl.org

Eric Hammond Alestic.com

Building Custom Linux Images for Amazon EC2

69

Contact Info

Eric Hammond Email: esh@ubuntu.com Twitter: esh Identi.ca: esh Facebook: /erichammond Alestic.com (Ubuntu on EC2)

Eric Hammond Alestic.com