Create an AMI - dehora/parsel GitHub Wiki

Creating an AMI

Create user signing certificate

You need a cert to register AMIs. See http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_UploadCertificate.html. For example

brew install aws-iam-tools
openssl genrsa 2048 > pk-bobfisch-aws-2013.pem
openssl req -new -x509 -nodes -sha1 -days 365  -key pk-bobfisch-aws-2013.pem  -outform PEM > cert-bobfisch-aws-2013.pem
iam-useraddcert -f cert-bobfisch-aws-2013.pem

See here for information on credential rotation.

Create an instance to work on

Create a baking instance to work on -

export PYTHONPATH=${PYTHONPATH}:/Users/bobfisch/projects/bobfisch/parsel
pem_home="/Users/bobfisch/.ec2"
login_key_name=eu-west-1
login_key_path=/Users/bobfisch/.ec2/eu-west-1.pem
login=ubuntu
baking_cert="cert-bobfisch-aws-2013.pem"
baking_key="pk-bobfisch-aws-2013.pem"
ami="ami-1c1b1268"
sec_group="cass-test-sg"
parsel_dir="/Users/bobfisch/projects/bobfisch/parsel"

./instance start \
-k $login_key_name \
-p $login_key_path \
-l $login \
-g $sec_group \
-a $ami \
-e $pem_home \
-c $baking_cert \
-b $baking_key \
-d $parsel_dir

Note that the pem used to log into the instance is different to the pk and cert you'll use for registering the AMI. The instance upload the registation pk and cert to the home directory. The parsel project code will also be uploaded. The ssh command to log in will be printed by instance.

Connecting to AWS.
Starting 1 instance in EC2Connection:ec2.eu-west-1.amazonaws.com.
Creating instances...
.
.
.
Instance i-9c3486d6, ec2-52-51-125-135.eu-west-1.compute.amazonaws.com, 46.51.128.175 created.
Uploading pem files to ec2-52-51-125-135.eu-west-1.compute.amazonaws.com [pk-bobfisch-aws-2013.pem, cert-bobfisch-aws-2013.pem]...
...Uploading pk and cert files done.
Uploading parsel [/Users/bobfisch/projects/bobfisch/parsel] ...
...Uploading parsel done.

Instance creation complete, ssh string follows:
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /Users/bobfisch/.ec2/Viscis.pem -l ubuntu ec2-52-51-125-135.eu-west-1.compute.amazonaws.com 

Finished. All instances tagged as 'baker':'C* Baking Instance':

Sometimes instance fails to upload Parsel to the baking instance (if AWS is having a bad for example). In that case you can manually scp Parsel or destroy the instance and create a new one.

Bake the AMI

Assumes Ubuntu and a user called ubuntu on an instance you've created as per 'Create an instance to work on'.

Log into the instance

You can re-use the output from instance to login -

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /Users/bobfisch/.ec2/Viscis.pem -l ubuntu ec2-52-51-125-135.eu-west-1.compute.amazonaws.com

After logging into the AMI baking instance the parsel and credentials will be in the home directory -

ubuntu@ip-10-54-211-179:~$ ls -l
total 12
-rw-rw-r-- 1 ubuntu ubuntu 1346 Feb 14 13:14 cert-bobfisch-aws-2013.pem
drwxrwxr-x 7 ubuntu ubuntu 4096 Feb 14 13:15 parsel
-rw-rw-r-- 1 ubuntu ubuntu 1675 Feb 14 13:14 pk-bobfisch-aws-2013.pem
-rw-rw-r-- 1 ubuntu ubuntu 1675 Feb 14 13:14 awscredential.properties

Prepare the AMI

If you want to use jmxtrans to track cassandra metrics, map your graphite host's IP as graphite.server.pri to /etc/hosts. For example -

10.244.113.296        graphite.server.pri

Go to the bin package and run the prepare_ami.sh baking script -

cd parsel
git checkout -- .
cd bin
chmod +x *.sh
sudo ./prepare_ami.sh
rm -rf ~/.bash_history && history -c

This prepares the AMI. This will -

  • Install a set of base packages and update apt
  • Install the JDK
  • Install NTP
  • Install Tomcat
  • Install Maven
  • Install jmxtrans with a Cassandra conf file
  • Install C* library dependencies into the ~/.m2 area
  • Install a boot script called init-cassandra.sh under /etc/init.d that is called when the C* instance is spun up
  • Configure the root and ubuntu ~/.profile files
  • Update /etc/security/limits.conf
  • Clear the history and credentials

It can take a while to run (note that the JDK installation might hang waiting for you to hit enter). Once it completes you will not be able to ssh into the instance again.

Give the tomcat7 user enhanced perms

sudo visudo

Add this to the bottom of the file, above the #includedir directive -

%tomcat7 ALL=(ALL) NOPASSWD:ALL

This is needed by Priam, which calls sudo to start C*.

Register the AMI

You need to be root -

sudo su -
rm -rf ~/.bash_history && history -c

Install AWS tools by sourcing install_aws_tools.sh -

. /home/ubuntu/parsel/bin/install_aws_tools.sh

Bundle and register the AMI by sourcing register_ami.sh and passing in your credentials -

. /home/ubuntu/parsel/bin/register_ami.sh  $aws_id $awsaccess_key $aws_secret_key

The registration script is run using source instead of the shell (this allows access to the history, which needs to be removed before registration). If you get errors related to AWS tools not being found, you possibly ran the script instead of sourcing it.

We don't create a file system. The initd_configure.py script will set up RAID0 when it first runs.

The AMI id will be output at the end -

Uploading manifest ...
Uploaded manifest.
Bundle upload completed.
IMAGE	ami-xxxxxxxx

If you want to tag the AMI, use ec2-create-tags -

ec2-create-tags ami-xxxxxxxx \
 --tag parsel:version="0.1.0" \
 --tag parsel:c8:release="1.1.9" \
 --tag Name="Cassandra Priam 0.1.0"

Terminate the working instance

After logging out, on your local machine -

./instance terminate

Will find the working instance and destroy it.