smoser's thoughts: cloud

Showing posts with label cloud. Show all posts

Wednesday, August 14, 2013

lxc with fast cloning via overlayfs and userdata via clone hooks

Serge Hallyn and Stéphane Graber made some really nice improvements to LXC in the last few months. These include:

user namespaces, which will bring us secure containers in 14.04 and the ability to safely run containers without root.
a library with bindings for C, go and python3.
cloning with overlayfs
hooks executed at clone time.

I had previously worked with Ben Howard on the 'ubuntu cloud' template, and I just finished some updates to it that take advantage of overlayfs and clone hooks to provide a great environment to use or test cloud-init.

Previously the ubuntu cloud template (which downloads a cloud image to create a container) allowed the user to specify userdata or public keys at container creation time. The change was really just to move the container customization code to a clone hook.

Thanks to the daily build ppa, you can do this on any release from 12.04 to 13.10.

Hopefully the example below explains this better. The times reported are from my Thinkpad X120e, which is a netbook class cpu and slow disk. Times clearly will vary, and these are not meant to be scientific results. If you do not see the embedded file below, please read the remainder of this post in the gist on github.

Tuesday, July 23, 2013

Using Ubuntu cloud images on VirtualBox

A few months ago, I wrote an article on "Using Ubuntu cloud-images without a cloud". That article showed how to do this with kvm. Virtualbox is another virtualiztion technology that is especially popular on Mac and Windows. So, I figured I'd give the same basic article a try, but using virtualbox rather than kvm.

I used 'virtualboxmanage' and 'virtualbox' here, but I'm sure the same can be accomplished via the virtuabox gui, and probably similar commands to do the same thing on Mac/OSX or windows.

So, below is roughly the same thing as the kvm post but with virtualbox. Also to verify function, I did this on Ubuntu 12.04 host with Ubuntu 12.04 guest, but later versions should also work.

Monday, February 11, 2013

Using Ubuntu cloud-images without a cloud

Since sometime in early 2009, we've put effort into building the Ubuntu cloud images and making them useful as "cloud images". From the beginning, they supported use as an instance on a cloud platform. Initially that was limited to EC2 and Eucalyptus, but over time, we've extended the "Data Sources" that the images support.

A "Data Source" to cloud-init provides 2 essential bits of information that turn a generic cloud-image into a cloud instance that is actually usable to its creator. Those are:

public ssh key
user-data

Without these, the cloud image cannot even be logged into.

Very early on it felt like we should have a way to use these images outside of a cloud. They were essentially ready-to-use installations of Ubuntu Server that allow you to bypass installation. In 11.04 we added the OVF as a data source and a tool in cloud-init's source tree for creating a OVF ISO Transport that cloud-init would read data from. It wasn't until 12.04 that we improved the "NoCloud" data source to make this even easier.

Available in cloud-utils, and packaged in Ubuntu 12.10 is a utility named 'cloud-localds'. This makes it trivial to create a "local datasource" that the cloud-images will then use to get the ssh key and/or user-data described above.

After boot, you should see a login prompt that you can log into with 'ubuntu' and 'passw0rd' as specified by the user-data provided.

Some notes about the above:

None of the commands other than 'apt-get install' require root.
The 2 qemu-img commands are not strictly necessary.

The 'convert' converts the compressed qcow2 disk image as downloaded to an uncompressed version. If you don't do this the image will still boot, but reads will go decompression.
The 'create' creates a new qcow2 delta image backed by 'disk1.img.orig'. It is not necessary, but useful to keep the '.orig' file pristine. All writes in the kvm instance will go to the disk.img file.

libvirt, different kvm networking or disk could have been used. The kvm command above is just the simplest for demonstration. (I'm a big fan of the '-curses' option to kvm.)
In the kvm command above, you'll need to hit 'ctrl-alt-3' to see kernel boot messages and boot progress. That is because the cloud images by default send console output to the first serial device, that a cloud provider is likely to log.
There is no default password in the Ubuntu images. The password was set by the user-data provided.

The content of 'my-user-data' can actually be anything that cloud-init supports as user-data. So any custom user-data you have can be used (or developed) in this way.

Tuesday, August 9, 2011

Amazon issues with EBS affect Ubuntu images in the EU-WEST region

Note: This blog post has been updated in-place.

We have received information from Amazon that the EBS snapshots for our released 10.04 images from 20110719 were not affected (ami-5c417128 and ami-52417126). ~~It seems that an api issue incorrectly marked them as such~~. It was an error in our logic that associated snapshot-ids with amis that gave us the incorrect output. The only Ubuntu images that were affected were old daily builds and milestone releases. If you are interested in reading the original message, please do so on the Ubuntu cloud-announce mailing list archives.

We received this morning an automated email[1] from Amazon informing us of possible loss of data in EBS snapshots on the EU-WEST-1 region. Our engineering team immediately started an assessment of the damages this might have caused to the EBS images that we publish for our users. We are working with Amazon to re-mediate customer impact and prevent any future outages.

A number of non-current daily build and old alpha or beta images have been affected, but we hope that no one would have been using these images for production use; we are not planning corrective actions for these images. You can see the full list of AMIs affected at http://paste.ubuntu.com/662210/.

To have this type of announcements sent to your email directly, please subscribe to our ubuntu-cloud-announce mailing list at https://lists.ubuntu.com/mailman/listinfo/ubuntu-cloud-announce..

Our support services are available to help customers of the Ubuntu Advantage Cloud Guest program. Details about this program can be found at http://www.canonical.com/enterprise-services/ubuntu-advantage/cloud

[1] Email received from Amazon on Aug 9 2011 at 9:11 UTC

Hello,

We've discovered an error in the Amazon EBS software that cleans up unused snapshots. This has affected at least one of your snapshots in the EU-West Region.

During a recent run of this EBS software in the EU-West Region, one or more blocks in a number of EBS snapshots were incorrectly deleted. The root cause was a software error that caused the snapshot references to a subset of blocks to be missed during the reference counting process. This process compares the blocks scheduled for deletion to the blocks referenced in customer snapshots. As a result of the software error, the EBS snapshot management system in the EU-West Region incorrectly thought some of the blocks were no longer being used and deleted them. We've addressed the error in the EBS snapshot system to prevent it from recurring.

We have now disabled all of your snapshots that contain these missing blocks. You can determine which of your snapshots were affected via the AWS Management Console or the DescribeSnapshots API call. The status for any affected snapshots will be shown as "error."

We have created copies of your affected snapshots where we've replaced the missing blocks with empty blocks. You can create a new volume from these snapshot copies and run a recovery tool on it (e.g. a file system recovery tool like fsck); in some cases this may restore normal volume operation. These snapshots can be identified via the snapshot Description field which you can see on the AWS Management Console or via the DescribeSnapshots API call. The Description field contains "Recovery Snapshot snap-xxxx" where snap-xxx is the id of the affected snapshot. Alternately, if you have any older or more recent snapshots that were unaffected, you will be able to create a volume from those snapshots without error. For additional questions, you may open a case in our Support Center: https://aws.amazon.com/support/createCase

We apologize for any potential impact this might have on your applications.

Sincerely,
AWS Developer Support

This message was produced and distributed by Amazon Web Services LLC, 410 Terry Avenue North, Seattle, Washington 98109-5210

Friday, July 29, 2011

How to find the right Ubuntu AMI with tools

A while ago, I gave instructions on how you could find the right Ubuntu AMI. I promised to write about how you could accomplished programmaticly.

When we publish Ubuntu AMIs, we simultaneously publish machine consumable data to https://cloud-images.ubuntu.com/query/. The data there contains information so that you can:

Find the latest ami of a given type (hvm/ebs/instance-store), arch, and region.
Download the pristine image files

I think the format of the data is generally discernible, but there is some more information on the Ubuntu Wiki.

I've put an example client together. Here is some example usage:

Launch the latest released image in us-east-1


$ euca-run-instances --instance-type t1.micro --key mykey $(ubuntu-ami)

Open the Amazon EC2 console to launch the latest Oneiric daily build

directly link


$ ami=$(ubuntu-ami us-west-1 oneiric daily i386)

$ gnome-open https://console.aws.amazon.com/ec2/home?region=us-west-1#launchAmi=${ami}

Download and extract the latest tarball for lucid


$ wget $(ubuntu-ami -f "%{url} -O %{pubname}.tar.gz")

$ uec-publish-tarball *.tar.gz my-ubuntu-images

I don't think I'll get this into 11.10, but I'd like to have something with this function into 12.04, and support launching AMIs directly through it for ease of use. I'd love to hear input on what you'd like a "ubuntu-run-instance" command to look like and do.

Monday, July 25, 2011

Updated AWS tools PPA for Ubuntu

I thought I would post a quick entry to spread the word about a ppa I've been maintaining with up to date versions of some of the AWS tools. It is named simply awstools. You can find it here.

Right now the ppa has the following packages:

ec2-api-tools : Amazon's EC2 command line tools
ec2-ami-tools : Amazon's EC2 AMI tools (rebundling and uploading images)
iamcli : Identity Access Management (IAM) Command Line Toolkit
rdscli : Command Line Toolkit for the Amazon Relational Database Service

To add this repository its as easy as:



$ sudo apt-add-repository ppa:awstools-dev/awstools

$ sudo apt-get update

Then, to install the newest available version of ec2-api-tools, do:



$ sudo apt-get install ec2-api-tools

I hope hope that is helpful.

Monday, July 18, 2011

How to find the right Ubuntu AMI on EC2

For anyone getting started on EC2, the first obstacle they're faced with is selecting an AMI (Amazon Machine Image). If your trying to find an Ubuntu image either via the Amazon Console or via the output of ec2-describe-images, you're likely to be overwhelmed. The success of Ubuntu as a platform and Ubuntu's commitment to refreshing AMIs means that there are literally thousands of of images on Amazon EC2 with "ubuntu"in their name. That, combined with and the lack of Ubuntu on the "Quick Start" menu makes this a non-trivial task.

The purpose of this post is to document how you can easily, quickly and safely find the Official Ubuntu AMIs on EC2 via the Amazon EC2 console or via your web browser.

Some General Ubuntu Information

You already may be aware of these items, but I want to point them out for those who are just getting started with Ubuntu or EC2.

Ubuntu releases every 6 months. Each release has a version number and a codename. The most important thing to note here is that every 2 years a LTS (Long Term Support) release is made. If you want stability and support for 5 years, select an LTS release. If you want the newest packages, select the most recent release. See the wikipedia entry for more information.
At the time of this writing, there are 5 "regions" in Amazon EC2. Each region represents a geographical location. Each region has its own AMI ids. Inside each region there are 2 architectures (x86_64, i386) and 2 "root store" types (EBS or instance). That means that for each build Ubuntu releases, we generate 20 ami ids.

Easiest: Find AMIs From Your Web Browser

You can choose your interface for selecting images. Go to either:

http://cloud.ubuntu.com/ami
https://cloud-images.ubuntu.com/server/releases/

Select Your release by number or code-name
Select 'release/': We keep historical builds around for debugging, but the 'release/' directory will always be the latest.
Select your AMI from the table and click to launch in the console or copy and paste a command line.

Search through the Amazon EC2 Console

The EC2 Console is a graphical way to sort through AMIs and select one to launch. To Launch an Official Ubuntu Image here, follow the steps below.

Select the region you want in the top left, under 'Navigation'
Click "AMIs"
for 'Viewing', select "All Images"
Limit the results to Ubuntu Stable Release images by typing ubuntu-images/
Limit the results to a specific release by appending '.*'.

ubuntu-images/.*10.04

Limit the results to a given arch by appending '.*i386' or '.*amd64'
Sort your results by AMI Name and make selection
Verify the Owner is 099720109477!
Any user can register an AMI under any name. Nothing prevents a malicious user from registering an AMI that would match the search above. So, in order to be safe, you need to verify that the owner of the ami is '099720109477'.
If "Owner" is not a column for you, click "Show/Hide" at the top right and select "Owner" to be shown.
Click on the AMI name, then Click 'Launch'

Notes

HTTPS Access

Ahmed

Web Console 'Launch Instance' dialog

Hint

Friday, July 15, 2011

Getting a larger root volume on a cluster compute instance

At this point, all of the Ubuntu EBS root images are 8GB. This is nice and small. I previously covered how you could increase the size of those disks.

On Cluster Compute instances, its a bit more difficult. The cluster compute instances have their root filesystem in a partition inside of the disk attached. Thats all well and good, and most likely a partitioned disk is more familiar to you than one that is not partitioned. The cluster compute images have grub2 installed in the MBR of that disk.

The problem with the partition on the disk is that you can no longer simply launch the instance with a larger root volume and then 'resize2fs /dev/sda1'. This is because the kernel won't re-read the partition table of a disk until all of its partitions are unmounted. For the disk that holds your root partition, that means you basically have to reboot after a change.

To avoid that waste of precious time, we've included a utility called 'growpart' inside of the initramfs on the Ubuntu images. It is invoked by the 'cloud-initramfs-growroot' package. This code runs before the root fileystem is busy, so the request for the kernel to re-read the partition table will work without requiring a reboot. To try it out, do:



# us-east-1 ami-1cad5275 hvm/ubuntu-natty-11.04-amd64-server-20110426

$ ec2-run-instances --region us-east-1 --instance-type cc1.4xlarge \

--block-device-mapping /dev/sda1=:20 ami-1cad5275

When you get to the instance, you'll have a 20G filesystem on /. And, if you're interested enough to look in the console output, you'll see something like:



GROWROOT: CHANGED: partition=1 start=16065 old: size=16755795 end=16771860 new: size=41913585,end=41929650

Wednesday, March 2, 2011

start a 11.04 instance with a larger root filesystem

In order to fit inside the Amazon "Free Tier", Ubuntu made the decision to change its root volume size from 15G to 8G. That decision was made for all refreshed EBS root images. So, our current set of 10.04, 10.10 and 11.04 images have 8G root filesystems.

If you find that space somewhat limiting, it is easy to give yourself a larger root volume at instance creation time. Its easy

Launch the instance with appropriate block-device-mapping arguments



$ ec2-run-instances $AMI --key mykey --block-device-mapping /dev/sda1=:20

That will create you an instance with a 20G root volume. However the filesystem on that volume will still only occupy 8G of the space. Essentially, you'd have 12G of unused volume at the end of the disk.

Resize the root volume

if you've launched an 11.04 based image newer than alpha-2, this step is not necessary. Cloud-init will do it for you. It is just assumed that you want your root filesystem to fill all space on its partition. I honestly cannot think of a reason why you would not want that.

Now, if you are using 10.04 or 10.10 images, you can resize your root volume easily enough after the boot. Just login, and issue:



$ sudo resize2fs /dev/sda1

That operation should take only a few seconds or less, and you'll then have all the space you need.

Thursday, February 3, 2011

Migrating to pv-grub kernels for kernel upgrades

After the release of the Ubuntu 10.04 LTS images that use the pv-grub kernel, there were some questions on what to do if you're running from an older AMI and want to take advantage of what pv-grub offers.

Heres a short list of how you might be affected:

If you are running an EBS root instance launched from or rebundled from an Official Ubuntu image of 10.04 LTS (Lucid Lynx) released 20110201.1 or later, 10.10 (Maverick Meerkat), Natty Narwhal, or later, then you do not need to do anything. You already are using pv-grub, and can simply apply software updates and reboot to get new kernel updates. You can stop reading now.
If you are running an instance-store instance that is not using a pv-grub kernel, there is nothing you can do. There is simply no way to change the kernel of an instance store instance.
If you are running an EBS-root based instance rebundled from a Ubuntu 9.10 (Karmic Koala) or older, then there is currently no supported path to getting kernel upgrades. There were no officially released EBS-root based Ubuntu images of 9.10, and with Karmic's end of life coming in April, there is not likely to be support for this new feature.
If you are running an EBS-root instance launched from or rebundled from an official Ubuntu release of 10.04, read on.

Updating a 10.04 based image basically entails 2 steps, setting up /boot/grub/menu.lst, and then modifying your instance to have a pv-grub kernel.

Step 1: installing grub-legacy-ec2.

If you launched or rebundled your instance from an Ubuntu 10.04 numbered 20101020 or earlier, you need to do this step. If you started from a release of 20101228 you can skip this step.

Apply software updates.

Depending on how out of date you are, this might take a while.

sudo apt-get update && sudo apt-get dist-upgrade
Install grub-legacy-ec2

The 'grub-legacy-ec2' package is what the images use to manage /boot/grub/menu.lst. If you had used Ubuntu prior to the default selection of grub2, you will be familiar with how it works. grub-legacy-ec2 is basically just the menu.lst managing portion of the Ubuntu grub 0.97 package with some EC2 specifics thrown in.
To get a functional /boot/grub/menu.lst, all you have to do is:
sudo apt-get install grub-legacy-ec2

Step 2: modifying the instance to use pv-grub kernels

Now, your images should have a functional /boot/grub/menu.lst, and grub-legacy-ec2 should be properly installed such that future kernels will get automatically added and selected on reboot. However, you have to change your instance to boot using pv-grub rather than the old kernel aki that you originally started with.

Shut down the instance

The best way to do this is probably to just issue '/sbin/poweroff' inside the instance. Alternatively, you could use the ec2 api tools, or do so from the AWS console.
% sudo /sbin/poweroff

Modify the instance's kernel to be a pv-grub kernel

Once the instance is moved to "stopped" state, you can modify its kernel to be a pv-grub kernel. The kernel you select depends on the arch and region. See the table below for selecting which you should use:

region	arch	aki id
ap-southeast-1	x86_64	aki-11d5aa43
ap-southeast-1	i386	aki-13d5aa41
eu-west-1	x86_64	aki-4feec43b
eu-west-1	i386	aki-4deec439
us-east-1	x86_64	aki-427d952b
us-east-1	i386	aki-407d9529
us-west-1	x86_64	aki-9ba0f1de
us-west-1	i386	aki-99a0f1dc

Then, assuming you have $AKI represents the appropriate aki above, and $IID represents your instance id, and $REGION represents your region, you can update the instance and then start it with:



$ ec2-modify-instance-attribute --region ${REGION} --kernel ${AKI} ${IID} 

$ ec2-start-instances --region ${REGION} ${IID}

Your instance will start with a new hostname/IP address, so get that out of describe-instances and ssh to your instance. You can check that it has worked by looking at /proc/cmdline. Your kernel command line should look something like this:



$ cat /proc/cmdline 

root=UUID=7233f657-c156-48fe-8d60-31ae6400d0cf ro console=hvc0

In the future, your instance will now behave much more like a "normal server". If you apply software updates (apt-get dist-upgrade) and reboot, you'll boot into a fresh new kernel.

Getting ephemeral devices on EBS images

When you launch an instance in EC2, be it EBS root or instance-store, you are "entitled" to some amount of ephemeral storage. Ephemeral storage is basically just extra local disk that lives in the host machine where your instance will run. How much instance-store disk you are entitled to is described with the instance size descriptions.

The described amount of ephemeral storage is allocated to all instance-store instances. However, at register time of EBS-root instances the default "block-device-mapping" is set. Because an EBS-root AMI may be run with different instance-types, it is impossible to set the correct mapping for all scenarios. For the Ubuntu images, the default mapping only includes ephemeral0, which is present in all but t1.micro sizes.

So, if you want to "get all that you're paying for", you'll have to launch instances with different '--block-device-mapping' arguments to ec2-run-instances (or euca-run-instances). I've written a little utility named bdmapping to make that easier, and hold the knowledge.

You can use it to show the mappings for a given instance type:



$ ./bdmapping

--block-device-mapping=sdb=ephemeral0 --block-device-mapping=sdc=ephemeral1

Or, use it with command substitution when you launch an instance:



$ ec2-run-instances $(bdmapping -c m1.xlarge) --key mykey ami-c692ec94

#

# the above is the same as running:

# ec2-run-instances --block-device-mapping=sdb=ephemeral0 \

#   --block-device-mapping=sdc=ephemeral1 --instance-type=m1.large \

#   --key mykey ami-c692ec94

You can view or download 'bdmapping' at https://gist.github.com/809587

New Ubuntu 10.04 LTS images with pv-grub support

Yesterday I announced the availability of updated Ubuntu images on EC2 for 10.04 LTS (Lucid Lynx).

This post is mainly to mirror that one to a possibly wider audience, but also to go into more detail on the key change in these images:

You can now upgrade the kernel inside your 10.04 based EC2 image by running 'apt-get update && apt-get dist-upgrade && reboot!

Now, for a little more detail on that.

Around the time that 10.04 released, or shortly there after, Amazon released a new feature of EC2 as "Use Your Own Kernel with Amazon EC2". What this really meant was that there were now "kernels" on EC2 that were really versions of grub. By selecting this kernel, and providing a /boot/grub/menu.lst inside your image, the instance would be in control of the kernel booted. Previously, the loading of a kernel was done by the xen hypervisor, and could not be changed at all for a instance-store image, and only non-trivially for an EBS-root instance

Yes, you read that right, midway through the year of 2010 you were able to change the kernel that you were running in an EC2 instance with a software update and a reboot.

We took advantage of this support in our 10.10 images, but for many people, only LTS (Long Term Support) releases are interesting. So, to satisfy those people, we've brought the function into our 10.04 images.

If you're using our images, or have rebundled an image starting from them, I *strongly* suggest updating to the 20110201.1 images or anything later. You'll want to do that because

You can receive kernel upgrades as normal software upgrades to your running instance.
This is by far the most supportable route for upgrade from 10.04 to our next LTS (12.04). If your instance is not using the pv-grub kernel, and you want to upgrade to a newer release, you will have to upgrade, shutdown the instance, modify the associated kernel, and start up the instance. That is both more painful, and will result in larger downtime.

So, in short, grab our new images!

Tuesday, January 11, 2011

Failsafe and manual management of kernels on EC2

On 10.10 and later, Ubuntu images use the Amazon provided pv-grub to load kernels that live inside the image. The selected kernel is controlled by /boot/grub/menu.lst. This makes it possible to install a new kernel via 'dpkg -i' or 'apt-get dist-upgrade' and then reboot into the new kernel.

The file /boot/grub/menu.lst is managed by grub-legacy-ec2 package. The program 'update-grub-legacy-ec2' is called on installation of Ubuntu kernels through files that are installed in /etc/kernel/postinst.d and /etc/kernel/postrm.d.

By default, as with other Ubuntu systems, the kernel with the highest revision will be the behavior will be automatically selected as the default, and selected on the next boot. Because EC2 images is read-only, you may want to manually manage your selected kernel. This can be done by modifying /boot/grub/menu.lst to use the grub "fallback" code.

I'll launch an instance of the current released maverick (ami-ccf405a5 in us-east-1 ubuntu-maverick-10.10-i386-server-20101225). Then, on the instance, create hard links to the default kernel and ramdisk so even on apt removal, they'll stick around, and then change /boot/grub/menu.lst to use those kernels.



sudo ln /boot/vmlinuz-$(uname -r) /boot/vmlinuz-failsafe

sudo ln /boot/initrd.img-$(uname -r) /boot/initrd.img-failsafe

Then, copy the existing entry in /boot/grub/menu.lst to a new entry above the automatic section. I've changed/added:



# You can specify 'saved' instead of a number. In this case, the default entry

# is the entry saved with the command 'savedefault'.

# WARNING: If you are using dmraid do not use 'savedefault' or your

# array will desync and will not let you boot your system.

default         saved



...<snip>...



# Put static boot stanzas before and/or after AUTOMAGIC KERNEL LIST



# this is the failsafe kernel, it will be '0' as it is the first

# entry in this file

title           Failsafe kernel

root            (hd0)

kernel          /boot/vmlinuz-failsafe root=LABEL=uec-rootfs ro console=hvc0 FAILSAFE

initrd          /boot/initrd.img-failsafe

savedefault



title           Ubuntu 10.10, kernel 2.6.35-24-virtual

root            (hd0)

kernel          /boot/vmlinuz-2.6.35-24-virtual root=LABEL=uec-rootfs ro console=hvc0 TEST-KERNEL

initrd          /boot/initrd.img-2.6.35-24-virtual

savedefault     0

And then update grub to store that the first kernel is the 'saved', which for grub 1 (or 0.97) modifies /boot/grub/default.



sudo grub-set-default 0

sudo reboot

Now, a reboot will boot into the failsafe kernel (which we can verify by checking /proc/cmdline) and see 'FAILSAFE'. Then, to test our "TEST-KERNEL", run:



sudo grub-set-default 1

sudo reboot

After this reboot, the system come up into "TEST-KERNEL" (per /proc/cmdline) but /boot/grub/default will contain '0', indicating that on subsequent boot, the FAILSAFE will run. In this way, if your kernel failed to boot all the way up, you can then just issue:



euca-reboot-instances i-15b77779

And you'll boot back into the FAILSAFE kernel.

The above basically allows you to manually manage your kernels while letting grub-legacy-ec2 still write entries to /boot/grub/menu.lst.

I chose to use hardlinks for the 'failsafe' kernels, so that even on dpkg removal, the files would still exist. Because the 10.10 Ubuntu kernels have the EC2 network and disk drivers built in, you'll still be able to boot even after a dpkg removal of the failsafe kernel or an errant 'rm -Rf /lib/modules/2*'

Friday, January 7, 2011

Using euca2ools rather than ec2-api-tools with EC2

The Ubuntu UEC Images that Ubuntu produces on EC2 are in every way fully supported, "Official Ubuntu". As with other official releases, access to source code for security and maintenance reasons affects our decisions on what is included.

In the UEC images, the most notable packages left out are 'ec2-api-tools' and 'ec2-ami-tools'. I personally use the ec2-api-tools and ec2-ami-tools quite frequently and Amazon has done a great job with them. However, the license and lack of source code prevents them from being in Ubuntu 'main'.

Fortunately
a.) There are packages made available in the Ubuntu 'multiverse' component.
b.) The euca2ools package is installed by default and provides an almost drop in replacement for the ec2-api-tools and ec2-ami-tools.

I think that many users of EC2 aren't aware of the euca2ools, so I'd like to give some information on how to use them here.

The ec2-api-tools use the SOAP interface and thus use the "EC2_CERT" and "EC2_PRIVATE_KEY". The euca2ools sit on top of the excellent boto project. Boto uses the AWS REST api, which means authentication is done with your "Access Key" and "Secret Key". As a result, configuration is a little different. (Note, bundling images, you still need the EC2_CERT and EC2_PRIVATE_KEY for encryption/signing).

Configuration for euca2ools can be done via environment variables (EC2_URL, EC2_ACCESS_KEY, EC2_SECRET_KEY, EC2_CERT, EC2_PRIVATE_KEY, S3_URL, EUCALYPTUS_CERT) or via config file. I personally prefer the configuration file approach.

Here is my ~/.eucarc that is configured to operate with the EC2 us-east-1 region.



CRED_D=${HOME}/creds/aws-smoser

EC2_REGION="${EC2_REGION:-us-east-1}"

EC2_CERT=${CRED_D}/cert.pem

EC2_PRIVATE_KEY=${CRED_D}/pk.pem

EC2_ACCESS_KEY=ABCDEFGHIJKLMNOPQRST

EC2_SECRET_KEY=UVWXYZ0123456789abcdefghijklmnopqrstuvwx

EC2_USER_ID=950047163771

EUCALYPTUS_CERT=/etc/ec2/amitools/cert-ec2.pem

EC2_URL=https://ec2.${EC2_REGION}.amazonaws.com

S3_URL=https://s3.amazonaws.com:443

Things to note above:

euca2ools sources the ~/.eucarc file with bash, and then reads out the values of EC2_REGION, EC2_CERT, EC2_PRIVATE_KEY, EC2_ACCESS_KEY, EC2_USER_ID, EC2_URL, S3_URL. This means that you use other bash functionality in the config file as I've done above with 'EC2_REGION'. This allows me to do something like:
EC2_REGION=us-west-1 euca-describe-images
If there is no configuration file specified with '--config', then those values will be read from environment variables

Amazon's public certificate from the ami tools is included with euca2ools in ubuntu, and located in /etc/ec2/amitools/cert-ec2.pem

Many of the euca2ools commands will run significantly faster than the ec2-api-tools. The reason for slowness of the ec2-api-tools is their man java dependencies (please correct me if I'm wrong).
Your ~/.eucarc file contains credentials and therefore it should be protected with filesystem permissions (ie 'chmod go-r ~/.eucarc').

Hopefully this will make it easier for you to use euca2ools with EC2 on Ubuntu.

Tuesday, December 14, 2010

Ubuntu Natty Narwhal Cluster Compute Instances

Some time ago, Amazon announced two new instance types aimed at high performance computing. The new types differ from Amazon's previous offerings in that

They use Xen "hvm" (Hardware Virtualization Mode) rather than 'paravirtualization'
Only priviledged accounts can create images of the 'hvm' virtualization-type.

The result is that there are very few public images for cluster compute nodes, and up until today, there were no Ubuntu images.

I'm happy to announce that you can now run Official Ubuntu images on cluster compute instance types. From today forward we will be publishing daily builds of Natty Narwhal builds.

These images are identical to the other Ubuntu images. For AMI ids, you can browse the list at http://uec-images.ubuntu.com/server/natty/current/, or use more machine friendly data at http://uec-images.ubuntu.com/query.

There is one known bug (bug 690286) that prevents you from using ephemeral storage on the CC nodes.

If you've got a couple dollars burning a whole in your pocket, you can try one out with:

   
qurl="http://uec-images.ubuntu.com/query/" 

ami_id=$(curl --silent "${qurl}/natty/server/daily.current.txt" | 

    awk '-F\t' '$11 == "hvm" && $7 == "us-east-1" { print $8 }')

  ec2-run-instances --key mykey --instance-type cc1.4xlarge "${ami_id}"

Wednesday, November 3, 2010

Using Ubuntu Images on AWS "Free Tier"

[Update 2011-01-20]

There are now official Ubuntu AMIs that fit into the Free Tier disk requirements. You can get a list of the AMIs for 10.04 or 10.10.

This article is still useful as documentation, but is not necessary if you only want to use Ubuntu on Amazon's Free Tier.

Amazon AWS recently announced an AWS Free Usage Tier. The summary of which is that new AWS customers can run a t1.micro instance 24x7 for the next year and pay nothing (or at least very little).

There are various restrictions on what you get for free, but the most interesting to the Ubuntu images is:

10 GB of Amazon Elastic Block Storage, plus 1 million I/Os, 1 GB of snapshot storage, 10,000 snapshot Get Requests and 1,000 snapshot Put Requests*

The Official Ubuntu Images have a 15GB root filesystem. What that means is if you're using any of our official images (10.04, 10.10), then you will be charged for 5GB of provisioned storage per month. In the us-east-1 region that would be $0.50/month. In other regions, that would be $0.55/month.

This issue has been raised on the AWS Discussion Forums, but it seems like Amazon is not willing to budge.

Similarly, bug 670161 was opened requesting "10GB root partition for EBS boot AMIs on EC2". If you're interested in following this discussion, subscribe yourself to that bug. I will make sure that it is kept up to date.

I don't want to comment right now on whether or not we will release future EBS root AMIs of 10.04 and and 10.10 with a 10GB filesystem instead of a 15G filesystem. What I do want to discuss is how you can create your own AMI that has a 10G (or smaller) root filesystem, which will perform otherwise identically to the official images.

If you want to use Ubuntu on the Amazon Free Tier *right now*, then you can follow these instructions, which assume you have the ec2-api-tools correctly configured on your laptop. And you have a keypair named "mykey" available in the target region.

In the code (shell prompt) snippits below, '$' prompt indicates command run on my laptop. '%' prompt indicates command run on the ec2 instance. lines beginning with a '#' are comments.

Launch an instance to work with:



# us-east-1 ami-548c783d canonical ebs/ubuntu-maverick-10.10-amd64-server-20101007.1

$ ec2-run-instances --region us-east-1 --instance-type t1.micro \

--key mykey ami-548c783d

$ iid=i-1855ea75

$ zone=$(ec2-describe-instances $iid |

awk '-F\t' '$2 == iid { print $12 }' iid=${iid} )

$ echo ${zone}

us-east-1d

$ host=$(ec2-describe-instances $iid |

awk '-F\t' '$2 == iid { print $4 }' iid=${iid} )

$ echo ${host}

ec2-174-129-61-12.compute-1.amazonaws.com

create a volume in correct zone of the desired size to attach to the instance. Change '10' to '5' if you wanted a 5GB root filesystem.



$ ec2-create-volume --size 10 --availability-zone ${zone}

$ vol=vol-c64d55af

$ ec2-attach-volume --instance ${iid} --device /dev/sdh ${vol}

Then, ssh to ubuntu@${host}, and download the uec reference image and extract it. Below, I've downloaded the i386 image for maverick. You could browse through at http://uec-images.ubuntu.com/releases/10.10/release/ and find an amd64 image or a 10.04 base image.



% sudo chown ubuntu:ubuntu /mnt

% cd /mnt

% url=http://uec-images.ubuntu.com/releases/10.10/release/ubuntu-10.10-server-uec-i386.tar.gz

% tarball=${url##*/}

% wget ${url} -O ${tarball}

% tar -Sxvzf ${tarball}

maverick-server-uec-i386.img

maverick-server-uec-i386-vmlinuz-virtual

maverick-server-uec-i386-loader

maverick-server-uec-i386-floppy

README.files

% img=maverick-server-uec-i386.img

% mkdir src target

create target filesystem, mount the attached volume, and copy source filesystem contents to target filesystem using rsync.



% sudo mount -o loop,ro ${img} /mnt/src

% sudo mkfs.ext4 -L uec-rootfs /dev/sdh

% sudo mount /dev/sdh /mnt/target

# the rsync could take quite a while.  for me it took 22 seconds.

% sudo rsync -aXHAS /mnt/src/ /mnt/target

% sudo umount /mnt/target

% sudo umount /mnt/src

Now, back on the laptop, snapshot the volume.



$ ec2-create-snapshot ${vol}

$ snap=snap-b97dfdd3

# now you have to wait for snapshot to be 'completed'

$ ec2-describe-snapshots ${snap}

SNAPSHOT  snap-b97dfdd3  vol-c64d55af   completed   2010-11-03T17:31:52+0000   100%  950047163771   10

Turn the contents of that volume into an AMI. Note, you must set 'arch', 'rel', and 'region' correctly. Then, we use that information to get the aki associated with the most recent released Ubuntu image.



$ rel=maverick; region=us-east-1; arch=i386; # arch=amd64

$ [ $arch = amd64 ] && xarch=x86_64 || xarch=${arch}

$ qurl=http://uec-images.ubuntu.com/query/${rel}/server/released.current.txt

$ aki=$(curl --silent "${qurl}" |

awk '-F\t' '$5 == "ebs" && $6 == arch && $7 == region { print $9 }' \

arch=$arch region=$region )

$ echo ${aki}

aki-407d9529

$ ec2-register --snapshot ${snap} \

--architecture=${xarch} --kernel=${aki} \

--name "my-ubuntu-${rel}" --description "my-ubuntu-${rel}"

IMAGE ami-4483742d

$ ami=ami-4483742d

Clean up your instance and volume



$ ec2-detach-volume ${vol}

$ ec2-terminate-instances ${iid}

$ ec2-delete-volume ${vol}

And now run your instance



$ ec2-run-instances --instance-type t1.micro ${ami}

$ ssh ubuntu@

% sudo apt-get update && sudo apt-get dist-upgrade

# if you got a new kernel (linux-virtual package), then you will

# need to reboot

% sudo reboot

Now, your newly created image has filesystem contents that are identical to those of the official Ubuntu images, but with a 10G filesystem.

Once you've launched your image, you can actually clean up the snapshot and the AMI id that you launched. To do that:



ec2-deregister ${ami}

ec2-delete-snapshot ${snap}

The cost of the above operations will probably be on the order of pennies, and will remove the costs you would have incurred due to having 15G root volume.

create image with XFS root filesystem from UEC Images

A post was made to the ec2ubuntu google group asking if Ubuntu had any plans to create images XFS root filesystems.

The Official Ubuntu Images for 10.04 LTS (lucid) and prior have an ext3 root filesystem. For Ubuntu 10.10 (maverick) and the development builds of 11.04, the filesystem is ext4.

The selection of ext3 or ext4 is because ext4 is the filesystem selected by default on an Ubuntu install from CD or DVD. This selection is carried over to our Ubuntu images for UEC or EC2. The 10.04 images really should have been ext4, but the change didn't get in for that release.

Ubuntu fully supports the XFS filesystem, it simply wasn't chosen as the default. The -virtual kernel has filesystem support available as a module, and the xfsprogs package is in the main archive.

So, just as you can get full support for the Ubuntu images using ext4, you can get full support from Ubuntu (and paid support from Canonical) by using xfs as your root filesystem. You will simply have to create your own images.

Luckily, due primarily due to the fact that the Ubuntu images are downloadable at http://uec-images.ubuntu.com, the process for creating a XFS based ebs image is trivial.

In the code (shell prompt) snippits below, '$' prompt indicates command run on my laptop. '%' prompt indicates command run on the ec2 instance. lines beginning with a '#' are comments.

Launch an instance to work with:



# us-east-1 ami-688c7801 canonical ubuntu-maverick-10.10-amd64-server-20101007.1

$ ec2-run-instances --region us-east-1 --instance-type m1.large \

--key mykey ami-688c7801

$ iid=i-bcc679d1

$ zone=$(ec2-describe-instances $iid |

awk '-F\t' '$2 == iid { print $12 }' iid=${iid} )

$ echo ${zone}

us-east-1d

$ host=$(ec2-describe-instances $iid |

awk '-F\t' '$2 == iid { print $4 }' iid=${iid} )

$ echo ${host}

ec2-174-129-61-12.compute-1.amazonaws.com

create a volume in correct zone of the desired size to attach to the instance.



$ ec2-create-volume --size 10 --availability-zone ${zone}

$ vol=vol-c64d55af

$ ec2-attach-volume --instance ${iid} --device /dev/sdh ${vol}

Then, ssh to ubuntu@${host}, and download the uec reference image, extract, and get necessary packages:



% sudo chown ubuntu:ubuntu /mnt

% cd /mnt

% url=http://uec-images.ubuntu.com/releases/10.10/release/ubuntu-10.10-server-uec-i386.tar.gz

% tarball=${url##*/}

% wget ${url} -O ${tarball}

% tar -Sxvzf ${tarball}

maverick-server-uec-i386.img

maverick-server-uec-i386-vmlinuz-virtual

maverick-server-uec-i386-loader

maverick-server-uec-i386-floppy

README.files

% img=maverick-server-uec-i386.img

% mkdir src target

% sudo apt-get install xfsprogs

create target filesystem, mount the attached volume, and copy source filesystem contents to target filesystem using rsync.



% sudo mount -o loop,ro ${img} /mnt/src

% sudo mkfs.xfs -L uec-rootfs /dev/sdh

% sudo mount /dev/sdh /mnt/target

% sudo rsync -aXHAS /mnt/src/ /mnt/target

% sudo umount /mnt/target

% sudo umount /mnt/src

Above, you could have mounted /proc and /sys into /mnt/target, chrooted into it and done a dist-upgrade. I left that out for simplicity.

Now, back on the laptop, snapshot the volume.



$ ec2-create-snapshot ${vol}

$ snap=snap-b97dfdd3

# now you have to wait for snapshot to be 'completed'

$ ec2-describe-snapshots ${snap}

SNAPSHOT  snap-b97dfdd3  vol-c64d55af   completed   2010-11-03T17:31:52+0000   100%  950047163771   10



$ rel=maverick; region=us-east-1; arch=i386; # arch=amd64

$ [ $arch = amd64 ] && xarch=x86_64 || xarch=${arch}

$ [ $arch = amd64 ] && blkdev=/dev/sdb || blkdev=/dev/sda2

$ qurl=http://uec-images.ubuntu.com/query/${rel}/server/released.current.txt

$ aki=$(curl --silent "${qurl}" |

awk '-F\t' '$5 == "ebs" && $6 == arch && $7 == region { print $9 }' \

arch=$arch region=$region )

$ echo ${aki}

aki-407d9529

$ ec2-register --snapshot ${snap} \

--architecture=${xarch} --kernel=${aki} \

--block-device-mapping ${blkdev}=ephemeral0 \

--name "my-${rel}-xfs-root" --description "my-${rel}-xfs-description"

IMAGE ami-4483742d

$ ami=ami-4483742d

Clean up your instance and volume



$ ec2-detach-volume ${vol}

$ ec2-terminate-instances ${iid}

$ ec2-delete-volume ${vol}

And now run your instance



$ ec2-run-instances --instance-type t1.micro ${ami}

ssh to your instance, verify that it is in fact xfs:



% grep uec-rootfs /proc/mounts 

/dev/disk/by-label/uec-rootfs / xfs rw,relatime,attr2,nobarrier,noquota 0 0

Now, your newly created image has filesystem contents that are identical to those of the official Ubuntu images.

Some notes on the above:

Many people believe that transition to btrfs as the default filesytem is inevitable, possibly even for the 12.04 LTS release. Doing this on EC2 would require that amazon release btrfs support in a pv-grub kernel.
Outside of creating a 'xfs' filesystem, the steps above are very generic "create a custom EBS root image" instructions. In fact, the process outlined above is used for the actual publishing of ebs images via the ec2-publishing-scripts (see ec2-image2ebs)
The process above will work using the maverick based images. Lucid images are not likely to work out of the box because they do not boot with a ramdisk. Where maverick images use pv-grub to load the kernel and ramdisk from inside the image, Lucid kernels are loaded by xen directly and Canonical did not publish ramdisks for the lucid release.

Friday, October 22, 2010

UDS-N Call for participation

The Ubuntu Developer Summit (UDS) is the event in which the Ubuntu community discusses and plans the upcoming Ubuntu release. UDS Natty begins Monday, October 25th (this monday) outside of Orlando, FL, USA. If you're in the Orlando area, this event is free, and open to anyone.

If you've not yet made plans to attend physically, then its unlikely that you'll be present in the rooms. However, the Canonical IS does an outstanding job of making remote participation possible. For more information, on how you can participate remotely, read the Remote Participation document. In short, you join an IRC channel, listen to a live high quality audio stream from the room, and can see edits to a live gobby document.

The comprehensive list of all sessions is available through the summit schedule, or a filtered list of only the 'Cloud track'.

Some of the sessions that I personally am interested (ok, interested *and* leading) in are:

cloud-server-n-cloud-images: Here we'll discuss how we can make the Ubuntu Images on EC2 or UEC better. If you've used them, then we're interested in your feedback.
cloud-server-n-image-rebundle: Here we'll discuss possible improvements in the rebundling process. Ie, how can you take one of the Ubuntu images, and customize it and turn it into your own AMI. This is a common operation, and unfortunately, one that has some sticking points. If you have other ideas for "cloud utilities" this is the place to bring them up.
cloud-server-n-desktop-images: Ubuntu has made desktop images available on ec2 in a "tech preview" like manner for 2 releases. We've not fully supported these images, but a version of the cloud images with a remote-desktop interface is a common request. If you want to see what it might look like, try out the free Edubuntu demo using NX
cloud-server-n-cloud-init: Here we'll discuss improvements to cloud-init or cloud-config. If you've customized images via user-data, then you've used cloud-init. How can we make it better ?
cloud-server-n-ubuntu-trial: We threw together awstrial fairly quickly, and with the 10.10 release, we allowed anyone interested to Try Ubuntu Free. We got a great response and we see lots of ways this can be used. Come and let us know what you think

There are loads of other interesting sessions. If 'Server' or 'Cloud' isn't your thing, there are other tracks that might peek your interest.

How to rebundle Ubuntu 10.10 (Maverick Meerkat) EBS root

There was a post on the ec2ubuntu list regarding a problem the poster had with re-bundling a Ubuntu 10.10 instance. The poster followed another blog entry. I responded to the post, but figured that a blog entry might reach a larger audience.

The simple summary of my long winded post is this:

To rebundle an EBS root image, use ec2-create-image.

If you've launched one of the Official Ubuntu 10.10 Images and modified it a bit, the best way to create a new AMI with the modifications in it is to:

1.) stop the instance (do not terminate it)
2.) "create-image"
3.) wait for your new AMI to become available and run your new instance

Note, that all of the above steps can be done from the EC2 console as well as by using the command line tools. I don't think I previously realised how nice this api call is.

The reason that the title of this post includes 'Ubuntu 10.10' rather than just "Ubuntu", is that releases of 10.04 and earlier do not utilize pv-grub. If you're re-bundling one of those images, you have to take additional steps to get a new kernel upgrade. You really should take those steps, as kernel upgrades include important security fixes, and newly created AMIs should always be created with the most recent kernel available.

Friday, October 8, 2010

Try out Ubuntu Server 10.10 on EC2 for FREE!

I'm mostly disappointed that it wasn't my idea. Dustin deserves all the credit. The implementation (awstrial) was a fairly straightforward programming exercise. I don't mean at all to discount the work of the others who contributed to the awstrial project, and I had a blast in my first django experience, but the idea was the brilliance.

What idea ? The idea to allow anyone to try out Ubuntu 10.10 on EC2 for free for 55 minutes. No hardware is needed. While you're waiting for your desktop or server ISO to download, you can give a test drive to the server. You'll have 170Gb disk, 2G memory, and a very high speed internet connection with local LAN access to Ubuntu mirrors.

You do not need an AWS account or a credit card.

Here is how it works:

Sometime on Sunday, October 10, 2010 Ubuntu 10.10 (Maverick Meerkat) will be released.
At that point, and a limited time following, you'll be able to go to 10.cloud.ubuntu.com and launch an instance.
wait 3 minutes or less
ssh to the instance
do something
55 minutes after launch, your instance will be terminated

In order to take part in this, you'll need to have a launchpad.net or Ubuntu Single Singon account. If you don't have one, then create one. If you're reading this, you probably have ssh keys in a file called ~/.ssh/id_rsa.pub, so go to https://launchpad.net/~YOUR_LOGIN/+editsshkeys and paste those keys in.

Now, back to the 'do something' item above. What should you do?

Heres some suggestions, but I'm certain that you're more creative than I am.

Check if a bug you opened (or were annoyed by) in 10.04 LTS is still present. If it was fixed, then make sure the bug in launchpad is marked 'Fix Released'.
Take Postgres 9.0for a spin, thanks to Martin Pitt's PPA builds
run 'rm -Rf /' just to see what happens.
Find something that is broken. Open a bug, using 'ubuntu-bug'.
Hack on awstrial

Whatever you do, I hope you enjoy taking the "Official Ubuntu Image" for a spin. Do something cool, blog about it, tell people how easy it was.