Starting an EC2 Image by Hand

Contents
Expand all   Collapse all

Starting an existing EC2 image

The easiest way to bring up an EC2 image is to create one by cloning somebody elses. Amazon provide some prepopulated Fedora machines; various other people provide different images.

Before you begin
Before cloning an image, set up the command line and create your SSH keys
> ec2-describe-images -o self -o amazon
IMAGE   ami-20b65349    ec2-public-images/fedora-core4-base.manifest.xml        amazon  available       public
IMAGE   ami-22b6534b    ec2-public-images/fedora-core4-mysql.manifest.xml       amazon  available       public
IMAGE   ami-23b6534a    ec2-public-images/fedora-core4-apache.manifest.xml      amazon  available       public
IMAGE   ami-25b6534c    ec2-public-images/fedora-core4-apache-mysql.manifest.xml        amazon  available       public
IMAGE   ami-26b6534f    ec2-public-images/developer-image.manifest.xml  amazon  available       public
IMAGE   ami-2bb65342    ec2-public-images/getting-started.manifest.xml  amazon  available       public
IMAGE   ami-36ff1a5f    ec2-public-images/fedora-core6-base-x86_64.manifest.xml amazon  available       public
IMAGE   ami-bd9d78d4    ec2-public-images/demo-paid-AMI.manifest.xml    amazon  available       public  A79EC0DB

Pick one of the images, e.g ami-2bb65342 . This is an AMI ID. You can run an instance of this, with the given public key. you can then ssh in to it. Once you deploy it, the $$ starts accruing at $10c/hour or partial hour thereof. Play with it for a while (its cheaper than repeated start/stop, but then delete it before going home at night or the weekend. Make sure you have a the Firefox gui and AMI keys on your laptop so that you are ready to kill it while you travel.

You can start the image from the GUI, or the command line, with a pointer to the private key to use

ec2-run-instances ami-2bb65342 -k ec2-keypair1

This will queue the new VM for execution. 

> ec2-run-instances ami-2bb65342 -k ec2-keypair1 
RESERVATION     r-28c72941      190241856364    default
INSTANCE        i-3e798c57      ami-2bb65342                    pending ec2-keypair1    0               m1.small        2007-11-20T16:02:15+0000

You are under the clock at this point;

Dont leave old images around
You are paying for every hour of every image. Don't leave them around. Similarly, as you pay for each partial hour, dont run through hundreds in a day during a test cycle; that would fritter money away even faster.

consult the GUI For a status

> ec2-describe-instances 
RESERVATION     r-28c72941      190241856364    default
INSTANCE        i-3e798c57      ami-2bb65342    ec2-67-202-21-138.compute-1.amazonaws.com       domU-12-31-38-00-22-56.compute-1.internal  running  ec2-keypair1    0               m1.small        2007-11-20T16:02:15+0000

Once the machine is live, you can ssh in using the key created earlier

> ssh -i ~/.ssh/ec2.keypair.ssh ec2-67-202-21-138.compute-1.amazonaws.com -l root
The authenticity of host 'ec2-67-202-21-138.compute-1.amazonaws.com (67.202.21.138)' can't be established.
RSA key fingerprint is f9:9c:3b:f2:f0:75:74:a9:10:5a:8a:18:74:48:63:55.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-67-202-21-138.compute-1.amazonaws.com,67.202.21.138' (RSA) to the list of known hosts.

         __|  __|_  )  Rev: 2
         _|  (     / 
        ___|\___|___|

 Welcome to an EC2 Public Image
                       :-)

    Getting Started


    __ c __ /etc/ec2/release-notes.txt

The base example image is very bare: no java, fairly small machine

 df -k
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda1             10321208    786868   9010052   9% /
none                    870472         0    870472   0% /dev/shm
/dev/sda2            153915428    192076 145904908   1% /mnt

From the gui you can grab the console output 

Linux version 2.6.16-xenU (builder@xenbat.amazonsa) (gcc version 4.0.1 20050727 (Red Hat 4.0.1-5)) #1 SMP Mon May 28 03:41:49 SAST 2007
BIOS-provided physical RAM map:
 Xen: 0000000000000000 - 000000006a400000 (usable)
980MB HIGHMEM available.
727MB LOWMEM available.
NX (Execute Disable) protection: active
IRQ lockup detection disabled
Built 1 zonelists
Kernel command line:  root=/dev/sda1 ro 4
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Initializing CPU#0
PID hash table entries: 4096 (order: 12, 65536 bytes)
Xen reported: 2600.002 MHz processor.
Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
Software IO TLB disabled
vmalloc area: ee000000-f53fe000, maxmem 2d7fe000
Memory: 1718700k/1748992k available (1958k kernel code, 20948k reserved, 620k data, 144k init, 1003528k highmem)
Checking if this processor honours the WP bit even in supervisor mode... Ok.
Calibrating delay using timer specific routine.. 5202.10 BogoMIPS (lpj=26010529)
Mount-cache hash table entries: 512
CPU: L1 I Cache: 64K (64 bytes/line), D cache 64K (64 bytes/line)
CPU: L2 Cache: 1024K (64 bytes/line)
Checking 'hlt' instruction... OK.
Brought up 1 CPUs
migration_cost=0
Grant table initialized
NET: Registered protocol family 16
Brought up 1 CPUs
xen_mem: Initialising balloon driver.
highmem bounce pool size: 64 pages
VFS: Disk quotas dquot_6.5.1
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
Initializing Cryptographic API
io scheduler noop registered
io scheduler anticipatory registered (default)
io scheduler deadline registered
io scheduler cfq registered
i8042.c: No controller found.
RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
Xen virtual console successfully installed as tty1
Event-channel device installed.
netfront: Initialising virtual ethernet driver.
mice: PS/2 mouse device common for all mice
md: md driver 0.90.3 MAX_MD_DEVS=256, MD_SB_DISKS=27
md: bitmap version 4.39
NET: Registered protocol family 2
Registering block device major 8
IP route cache hash table entries: 65536 (order: 6, 262144 bytes)
TCP established hash table entries: 262144 (order: 9, 2097152 bytes)
TCP bind hash table entries: 65536 (order: 7, 524288 bytes)
TCP: Hash tables configured (established 262144 bind 65536)
TCP reno registered
TCP bic registered
NET: Registered protocol family 1
NET: Registered protocol family 17
NET: Registered protocol family 15
Using IPI No-Shortcut mode
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
kjournald starting.  Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
VFS: Mounted root (ext3 filesystem) readonly.
Freeing unused kernel memory: 144k freed
  
  ***************************************************************
  ***************************************************************
  ** WARNING: Currently emulating unsupported memory accesses  **
  **          in /lib/tls glibc libraries. The emulation is    **
  **          slow. To ensure full performance you should      **
  **          install a 'xen-friendly' (nosegneg) version of   **
  **          the library, or disable tls support by executing **
  **          the following as root:                           **
  **          mv /lib/tls /lib/tls.disabled                    **
  ** Offending process: init (pid=1)                           **
  ***************************************************************
  ***************************************************************
  
Pausing... 5Pausing... 4Pausing... 3Pausing... 2Pausing... 1Continuing...
INIT: version 2.85 booting
/etc/rc.d/rc.sysinit: line 78: /dev/tty1: Read-only file system
/etc/rc.d/rc.sysinit: line 78: /dev/tty2: Read-only file system
/etc/rc.d/rc.sysinit: line 78: /dev/tty3: Read-only file system
/etc/rc.d/rc.sysinit: line 78: /dev/tty4: Read-only file system
/etc/rc.d/rc.sysinit: line 78: /dev/tty5: Read-only file system
/etc/rc.d/rc.sysinit: line 78: /dev/tty6: Read-only file system
/etc/rc.d/rc.sysinit: line 82: /dev/tty7: Read-only file system
/etc/rc.d/rc.sysinit: line 83: /dev/tty8: Read-only file system
		Welcome to Fedora Core
		Press 'I' to enter interactive startup.
Starting udev:[  OK  ]
Initializing hardware...  storage network audio done[  OK  ]
Setting clock : Tue Nov 20 11:03:31 EST 2007 [  OK  ]
Setting hostname localhost:  [  OK  ]
Setting up Logical Volume Management:   No volume groups found
[  OK  ]
Checking filesystems
Checking all file systems.
[/sbin/fsck.ext3 (1) -- /] fsck.ext3 -a /dev/sda1 
/dev/sda1 has gone 350 days without being checked, check forced.
/dev/sda1: 30694/1310720 files (0.4% non-contiguous), 237761/2621440 blocks
[  OK  ]
Remounting root filesystem in read-write mode:  [  OK  ]
Mounting local filesystems:  [  OK  ]
Enabling local filesystem quotas:  [  OK  ]
Enabling swap space:  [  OK  ]
INIT: Entering runlevel: 4
Entering non-interactive startup
Starting sysstat:  Calling the system activity data collector (sadc): 
[  OK  ]
Checking for new hardwaremmap /dev/mem: Bad address
mmap /dev/mem: Bad address
 [  OK  ]
Bringing up loopback interface:  [  OK  ]
Bringing up interface eth0:  
Determining IP information for eth0... done.
[  OK  ]
Starting system logger: [  OK  ]
Starting kernel logger: [  OK  ]
Starting auditd: [FAILED]
Error sending rule list request (Connection refused)
Error sending watch list request (Connection refused)
Error sending rule list request (Connection refused)
Error sending watch list request (Connection refused)
There was an error in line 7 of /etc/audit.rules
Mounting other filesystems:  [  OK  ]
Starting automount: [  OK  ]
Starting sshd: [  OK  ]
Starting sendmail: [  OK  ]
Starting sm-client: [  OK  ]
Starting httpd: [  OK  ]
Starting crond: [  OK  ]
Starting anacron: [  OK  ]
Starting atd: [  OK  ]
Starting system message bus: [  OK  ]
Starting HAL daemon: [  OK  ]
50+0 records in
50+0 records out
Changing password for user root.
passwd: all authentication tokens updated successfully.
Attempting ami-utils update from S3
--11:03:43--  http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.noarch.rpm
           => `ec2-ami-tools.noarch.rpm'
Resolving s3.amazonaws.com... 72.21.206.184
Connecting to s3.amazonaws.com|72.21.206.184|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 106,025 (104K) [audio/x-pn-realaudio-plugin]
 0% [                                     ] 0             --.--K/s             100%[====================================>] 106,025       --.--K/s             
11:03:46 (8.88 MB/s) - `ec2-ami-tools.noarch.rpm' saved [106025/106025]
ec2: Retreived ec2-ami-tools from S3
ec2: Preparing...                ##################################################
ec2: ec2-ami-tools               ##################################################
ec2: Updated ec2-ami-tools from S3
grep: /root/.ssh/authorized_keys: No such file or directory
c
Fedora Core release 4 (Stentz)
Kernel 2.6.16-xenU on an i686
domU-12-31-38-00-22-56 l

Things to do once logged in

  1. copy the authorized_keys, or extend it by pasting in new keys. Remember, this only lasts for the duration of the image
  2. install other RPMs (which only last the duration of the program)
  3. list all rpms 
    [root@domU-12-31-38-00-22-56 .ssh]# rpm -q -a                         
hwdata-0.158.3-1
filesystem-2.3.4-1
words-3.0-7
glibc-2.3.6-3
libselinux-1.23.11-1.1
mktemp-1.5-23
popt-1.10.1-23
libstdc++-4.0.2-8.fc4
bash-3.0-31
expat-1.95.8-6
readline-5.0-3
findutils-4.2.20-1
elfutils-libelf-0.108-1
audit-libs-1.0.14-1.fc4
dbus-0.33-3.fc4.1
libattr-2.4.24-1.FC4.1
sqlite-3.1.2-3
diffutils-2.8.1-15
beecrypt-4.1.2-8
gdbm-1.8.0-25
libsepol-1.5.10-1.1
iproute-2.6.11-1
tar-1.15.1-11.FC4
gzip-1.3.5-6
iptables-1.3.0-2
libgpg-error-1.0-2
hesiod-3.0.2-31
libjpeg-6b-34
libgcrypt-1.2.1-1
checkpolicy-1.23.1-1
vim-minimal-6.3.086-0.fc4
lockdev-1.0.1-7.1
bzip2-1.0.2-16
groff-1.18.1.1-6.FC4
syslinux-3.08-2
m4-1.4.3-1
crontabs-1.10-7
tcl-8.4.9-3
fedora-release-4-2
procmail-3.22-16
redhat-menus-3.8-1
file-4.16-fc4.1
patch-2.5.4-24
pciutils-2.1.99.test8-10
pcre-5.0-4.1.fc4
coreutils-5.2.1-48.1
krb5-libs-1.4.1-5
newt-0.51.6-7
module-init-tools-3.2-0.pre9.0.FC4.4
usermode-1.80-1
pyxf86config-0.3.19-4
rpm-libs-4.4.1-23
rpm-python-4.4.1-23
SysVinit-2.85-39
rhnlib-1.8-6.p24.1
python-urlgrabber-2.9.6-1
gettext-0.14.3-1
at-3.1.8-77_FC4
man-1.5p-6.fc4
bc-1.06-18
ethtool-3-1
grub-0.95-13
setools-2.1.2-1.1
ntsysv-1.3.23-0.4
system-config-securitylevel-tui-1.5.8.1-1
pam_ccreds-1-6
wget-1.10.2-0.fc4
pam_krb5-2.1.15-2
sudo-1.6.8p8-2.4
logwatch-7.2.1-1.fc4
minicom-2.00.0-21
jpackage-utils-1.6.3-1jpp_1rh
aspell-en-0.51-12
numactl-0.6.4-1.18
fbset-2.1-20
nss_db-2.2-31
attr-2.4.24-1.FC4.1
audit-1.0.14-1.fc4
ftp-0.17-26
nano-1.3.5-0.20050302
gpm-1.20.1-71
psacct-6.3.2-37
mtr-0.71-0.FC4.1
statserial-1.1-38
nc-1.82-fc4.1
tcpdump-3.8.2-14.FC4
eject-2.1.1-0.fc4.1
zip-2.3-30
traceroute-1.4a12-26
rdate-1.4-4
pam_smb-1.1.7-6
rdist-6.1.5-40
finger-0.17-28
rsh-0.17-29.1
symlinks-1.2-24
schedutils-1.4.0-4
lha-1.14i-19
man-pages-1.67-8
specspo-9.0.92-1.3
hotplug-2004_09_23-7
mkinitrd-4.2.15-1
initscripts-8.11.1-1
openssh-4.2p1-fc4.10
kudzu-1.1.116.3-1
libpcap-0.8.3-14.FC4
ypbind-1.17.2-5
pm-utils-0.01-1
vixie-cron-4.1-41.FC4
dhclient-3.0.2-34.FC4
which-2.16-6
prelink-0.3.4-3
ipsec-tools-0.5-4
netdump-0.7.7-6
redhat-lsb-1.3-10
kbd-1.12-10.fc4.1
diskdumputils-1.1.9-2
yum-2.4.1-1.fc4
pinfo-0.6.8-11
fuse-libs-2.6.0-2.fc4
apr-0.9.6-3.5
libidn-0.5.15-1
vim-common-6.3.086-0.fc4
fuse-encfs-1.3.1-2.fc4
screen-4.0.2-9
fuse-devel-2.6.0-2.fc4
gpg-pubkey-4f2a6fd2-3f9d9d3b
sed-4.1.5-4.fc4
bind-libs-9.3.1-20.FC4
kernel-2.6.17-1.2142_FC4
python-2.4.3-8.FC4
ruby-libs-1.8.4-3.fc4
libtiff-3.7.1-6.fc4.3
libuser-0.53.7-1.fc4.1
tzdata-2006g-1.fc4
dhcdbd-1.14-1.FC4
cyrus-sasl-md5-2.1.20-6
ntp-4.2.0.a.20050816-0.FC4
bind-9.3.1-20.FC4
lvm2-2.02.06-1.0.fc4
sendmail-8.13.7-2.fc4.2
selinux-policy-targeted-1.27.1-2.28
libgcc-4.0.2-8.fc4
setup-2.5.44-1.1
basesystem-8.0-5
cracklib-dicts-2.8.2-1
termcap-5.4-7fc4
glibc-common-2.3.6-3
chkconfig-1.3.23-0.4
zlib-1.2.2.2-5.fc4
e2fsprogs-1.38-0.FC4.1
glib2-2.6.6-1
libtermcap-2.0.8-41
ncurses-5.4-19.fc4
gawk-3.1.4-5.4
bzip2-libs-1.0.2-16
db4-4.3.27-5.fc4
tcp_wrappers-7.6-39
shadow-utils-4.0.12-8.FC4
net-tools-1.60-52.fc4.2
libacl-2.2.32-1.FC4.2
make-3.80-7
psmisc-21.5-5
libusb-0.1.10a-1
perl-5.8.6-24
dbus-glib-0.33-3.fc4.1
cpio-2.6-9.FC4
less-394-1.fc4
freetype-2.1.9-2
slang-1.4.9-17
fontconfig-2.2.3-13
aspell-0.50.5-6
elfutils-0.108-1
time-1.7-27
mtools-3.9.9-13
binutils-2.15.94.0.2.2-2.1
cracklib-2.8.2-1
logrotate-3.7.1-10
libxml2-2.6.20-1.FC4
iputils-20020927-22
desktop-file-utils-0.10-1
libpng-1.2.8-2
mingetty-1.07-5
dosfstools-2.10-3
mailx-8.1.1-44
grep-2.5.1-48.2
pam-0.79-9.6
openssl-0.9.7f-7.10
util-linux-2.12p-9.14
openldap-2.2.29-1.FC4
passwd-0.69-2
libxml2-python-2.6.20-1.FC4
neon-0.24.7-6
rpm-4.4.1-23
policycoreutils-1.27.2-1.2
pyOpenSSL-0.6-1.p24.4.1
python-elementtree-1.2.6-4
python-sqlite-1.1.6-1
libwvstreams-3.75.0-5
nscd-2.3.6-3
sysklogd-1.4.1-30
MAKEDEV-3.19-1
fedora-logos-1.1.31-1
nss_ldap-234-4
authconfig-4.6.12-2
setuptool-1.17.1-1
lftp-3.2.1-10_FC4
stunnel-4.08-2
krb5-workstation-1.4.1-5
tcsh-6.14-1.fc4.2
utempter-0.5.5-6
sysreport-1.4.1-5
anacron-2.3-36.FC4
dmraid-1.0.0.rc8-FC4_5
iptstate-1.4-1.1
perl-Filter-1.30-7
tmpwatch-2.9.3-1
acl-2.2.32-1.FC4.2
slocate-2.7-22.fc4.1
parted-1.6.22-3.FC4
mgetty-1.1.33-3_FC4
ed-0.2-38
talk-0.17-29
telnet-0.17-35
ksh-20050202-1
unzip-5.51-13.fc4
crash-3.10-13
vconfig-1.8-7
unix2dos-2.2-26
pam_passwdqc-0.7.6-1
pax-3.0-11
lrzsz-0.12.20-21
hdparm-5.9-1
setarch-1.8-1.FC4
dos2unix-3.1-24
lsof-4.74-7
mailcap-2.1.19-1
rootfiles-8.1-1
Glide3-libGL-6.2.1-5.fc4
freeglut-2.2.0-16
cups-libs-1.1.23-15.4
Glide3-20050815-1.fc4
udev-071-0.FC4.3
kernel-2.6.16-1.2069_FC4
hal-0.5.2-2.fc4.1
portmap-4.0-65
ppp-2.4.2-7
caching-nameserver-7.3-4.FC4
openssh-clients-4.2p1-fc4.10
cups-1.1.23-15.4
htmlview-3.0.0-11
yp-tools-2.8-8
rp-pppoe-3.5-27.FC4.1
acpid-1.0.4-1
mdadm-1.11.0-4.fc4
quota-3.12-6
mkbootdisk-1.5.2-5
openssh-server-4.2p1-fc4.10
dhcpv6_client-0.10-14_FC4
fuse-2.6.0-2.fc4
apr-util-0.9.6-2
libcap-1.10-22
rlog-1.3.7-1.fc4
pkgconfig-0.20-1.fc4.1
sysstat-5.0.5-9.fc
tree-1.5.0-3
curl-7.13.1-5.fc4
fuse-sshfs-1.7-1.fc4
vim-enhanced-6.3.086-0.fc4
info-4.8-8.fc4.2
xorg-x11-libs-6.8.2-37.FC4.49.2.1
cyrus-sasl-2.1.20-6
procps-3.2.5-6.4
device-mapper-1.02.07-2.0
xorg-x11-Mesa-libGLU-6.8.2-37.FC4.49.2.1
ruby-1.8.4-3.fc4
bind-utils-9.3.1-20.FC4
nfs-utils-1.0.7-13.FC4
cyrus-sasl-plain-2.1.20-6
autofs-4.1.4-26
gnupg-1.4.5-1
httpd-2.0.54-10.4
jwhois-3.2.3-3.3.fc4.1
rsync-2.6.8-1.FC4.1
ec2-ami-tools-1.3-15586

Rebooting an image

when you reboot an image, its launch time doesnt appear to change. it is cheaper than stopping and starting a machine, as you do not create a new image. 

[root@domU-12-31-38-00-22-56 .ssh]# 
Broadcast message from root (console) (Tue Nov 20 11:31:05 2007):

The system is going down for reboot NOW!
Read from remote host ec2-67-202-21-138.compute-1.amazonaws.com: Connection reset by peer
Connection to ec2-67-202-21-138.compute-1.amazonaws.com closed.

When it comes back up, all persistent state changes appear as is. Rebooting an instance does not lose instance-local data.

The console log shows a normal shutdown

Fedora Core release 4 (Stentz)
INIT: Sending processes the TERM signal
Stopping HAL daemon: [  OK  ]
Stopping system message bus: [  OK  ]
Stopping anacron: [  OK  ]
Stopping atd: [  OK  ]
Stopping httpd: [  OK  ]
Stopping sshd: [  OK  ]
Shutting down sm-client: [  OK  ]
Shutting down sendmail: [  OK  ]
Stopping crond: [  OK  ]
Stopping automount:[  OK  ]
Shutting down kernel logger: [  OK  ]
Shutting down system logger: [  OK  ]
Shutting down interface eth0:  [  OK  ]
Shutting down loopback interface:  [  OK  ]
Stopping sysstat:  [  OK  ]
Starting killall:  [  OK  ]
Sending all processes the TERM signal... 
Sending all processes the KILL signal... 
Saving random seed:  
Syncing hardware clock to system time 
Turning off swap:  
Turning off quotas:  
Unmounting file systems:  
Please stand by while rebooting the system...
md: stopping all md devices.
md: md0 switched to read-only mode.
Restarting system.
.

You can reboot on the command line, by using the instance ID:

> ec2-reboot-instances i-3e798c57
>

Killing the image

you can do this in the EC2 gui or on the command line:

> ec2-terminate-instances i-3e798c57
INSTANCE        i-3e798c57      running shutting-down

The GUI shows the console as shutting down, and then terminated (user initiated). The console shows system halted, as with a {{reboot -h }} operation. 

> ec2-describe-instances  i-3e798c57
RESERVATION     r-28c72941      190241856364    default
INSTANCE        i-3e798c57      ami-2bb65342                    terminated      ec2-keypair1    0               m1.small        2007-11-20T16:02:15+0000

Note that the reservation remains, and even after termination you get a short period to restart it. So maybe your hour's allocation of the CPU remains even after you kill the image -you can add a new image using the remaining time. The image no longer has an IP address, of course.

Mounting

There is a directory /mnt that is always transient. Use this to store secret information that you do not want saved in an AMI when you create an AMI for reuse.

Troubleshooting

Bad keys

>ec2-run-instances ami-2bb65342 -k ~/.ssh/ec2.keypair.ssh 
Client.InvalidKeyPair.NotFound: The key pair '/home/slo/.ssh/ec2.keypair.ssh' does not exist

You need to give the name of the keypair as listed in the AWS server "ec2-keypair1" not the path to the local file.
Get SmartFrog at SourceForge.net. Fast, secure and Free Open Source software downloads