OpenSolaris Tutorials
Installing and Configuring OpenVPN in OpenSolaris
Deploying OpenSolaris In Amazon EC2
Installing Postfix and Dovecot Under OpenSolaris

Deploying OpenSolaris In Amazon EC2

This tutorial is based on Sun Amazon EC2 Getting Started Guide Link (Sun.com) modified based on experiences with EC2. Amazon EC2 is a flexible cloud solution offering platform as a service (PaaS). With EC2 you are given a Xen domU which you can boot a custom Windows, Linux, or OpenSolaris based image. An Amazon Machine Image (AMI) is the base operating system and software packages you want to use. As you spend more time using Amazon EC2 you'll want to customize your images. There is a cost to using EC2, consult the Amazon AWS website for usage fees.

The first thing to do is setup some directories used during the AMI creation process. The /mnt area of the filesystem is excluded during the image creation process. The directory /mnt/keys will be used to store your Amazon AWS certificate and private key and /mnt/parts will be used to store the bundled image chunks. Use scp to upload the certificate and private key into /mnt/keys on your running image.

ec2# mkdir /mnt/keys /mnt/parts

local$ scp -i key.pem cert-XXXXXXXXXXXXXXXXX pk-XXXXXXXXXXXXXXXXX 
    root@ec2-XXX-XXX-XXX-XXX.compute-1.amazonaws.com:/mnt/keys

Now create the following two scripts on your local host and upload them to /mnt on the EC2 instance. The rebundle_clean.sh script cleans the instance from any files that shouldn't be included in a fresh AMI. Also it moves the /root/.ssh directory to /mnt. An AMI should never be bundled with an existing /root/.ssh. This prevents the proper keys from being installed when the instance boots.

rebundle_clean.sh

#!/bin/sh
rm /var/adm/messages.[0123456]
> /var/adm/messages
> /var/adm/utmpx
> /var/adm/wtmpx
rm /root/.bash_history
mv /root/.ssh /mnt

The rebundle_env.sh script sets up the environment variables used to simplify the commands below. the IMAGE variable should end in .img. The AWS_KEYID is the access identifier listed in the AWS console and the AWS_KEY is the private key to the access identifier. EC2_CERT and EC2_PRIVATE_KEY should point to the certificate and private key files in /mnt/keys. BUCKET is the name of the Amazon S3 bucket to upload the image to. Since this file contains AWS authentication credentials you should take every precaution to protect it!

rebundle_env.sh

# Directory to work from.  /mnt is usually the best place since it's ignored
# during the rebundle process
export DIRECTORY=/mnt 
# The image file to write
export IMAGE= 
# The EC2 utilities are java based and your environment needs know where to 
# find java
export JAVA_HOME=/usr/jdk/latest
# Path to EC2
export EC2_HOME=/opt/ec2 
# Update the path
export PATH=$PATH:$EC2_HOME/bin 
# where to find ruby
export RUBYLIB=$EC_HOME/LIB 
# The EC2 URL
export EC2_URL=https://ec2.amazonaws.com 
# full path to your private key
export EC2_PRIVATE_KEY=/mnt/keys/key.pem 
# full path to your certificate file
export EC2_CERT=/mnt/keys/cert.pem 
# amazon aws access id
export EC2_KEYID= 
# amazon aws secret access key
export EC2_KEY= 
# S3 bucket to upload the image to
export BUCKET=

Run the two scripts.

ec2# source /mnt/rebundle_clean.sh
ec2# source /mnt/rebundle_env.sh

Now that the running instance is clean and the environment is setup it's time to actually create the image. The OpenSolaris images provided by Sun include the Amazon EC2 toolkit in /opt/ec2. In addition Sun has created and bundled a script /opt/ec2/sbin/rebundle.sh to simplify the image creation process.

ec2# /opt/ec2/sbin/rebundle.sh -v $IMAGE

The bundling process prepares the image file for uploading into S3. This process will generate the manifest file along with encrypting the image and breaking it into parts. Pay special attention to the options in this command as they won't be caught until much later in the process, especially kernel/ramdisk and rpool/XX. Always refer to the latest version of the Sun Getting Started Guide for the correct values for the version of OpenSolaris being bundled. This writing is for a 2009.06 AMI. FYI in 2008.11 The rpool/XX was 52 instead of 53.

ec2:/mnt# /opt/ec2/bin/ec2-bundle-image 
    -c $CERT_FILE -k $KEY_FILE --kernel aki-6552b60c 
    --ramdisk ari-6452b60d --user $USER_ID --arch i386 
    --block-device-mapping "root=rpool/53@0,ami=0,ephemeral0=1" 
    -i $IMAGE -d /mnt/parts

Once the AMI has been bundled it's time to upload it into S3.

ec2:/mnt# cd parts/
ec2:/mnt/parts# /opt/ec2/bin/ec2-upload-bundle 
    -b $BUCKET -m $IMAGE.manifest.xml 
    --url http://s3.amazonaws.com --retry -a $AWS_KEYID 
    -s $AWS_KEY

Finally register the image for use in EC2. This command will output the AMI ID and you're ready to launch the image.

ec2# ec2reg -C $EC2_CERT -K $EC2_PRIVATE_KEY $BUCKET/$IMAGE.manifest.xml
 1 2  >> Creating and Using EBS Volumes
New Content