Creating a Custom Linux OpenSuSE 11 EC2 S3 Backed AMI Using Kiwi

245

I finally got around to testing running opensuse on AWS!!

To begin with I started by using SuSEstudio and plumbing in my EC2 credentials and getting the SuSEstudio platform to push the AMI to S3 for me and run from EBS. This was great and I messed around a bit with creating small installations of JeOS and OpenSuSE. But I wanted to be able to have the all same functionality without being dependant on an external service to push a new version of my AMI and so on.

I read that Kiwi was pretty cool, and that SuSEstudio actually used this behind the scences to power its platform. First steps were to download the cookbook and have a read. Also at one of the last stages I subscribed to the Kiwi google group. – The guys on here were brilliant at coming back to me with answers and sanity checks.

Anyhow, heres how I got things up and running.

Firstly I noticed that there were problems with Kiwi working successfully on OpenSuSE 12 if you were trying to create an EC2 guest, so in my final test I used an OpenSuSE 11.3 Virtual Machine using VMware Fusion  on my Mac and ran Kiwi on here to generate the OpenSuSE 11.4 AMI.

Firstly I copied /usr/share/doc/packages/kiwi/examples/suse-11.4/suse-ec2-guest to /usr/local/testing/suse-ec2-guest.

I then changed directory to the latter and edited the file config.xml
In this section enter the details for your privatekey,certificatefile,EC2 Account number and region.
for example:

<ec2config><ec2privatekeyfile>privatekey-12345.pem</ec2privatekeyfile>
<ec2certfile>cert-12345.pem</ec2certfile>
<ec2accountnr>111222333444</ec2accountnr>
<ec2region>EU-West-1</ec2region>

</ec2config>

This is also the place to enter any additional packages you want to be included in the AMI before it gets bundled and pushed up to AWS.
This normally happens at the end of the xml file, if you know the name of the package you are after its as easy as:

<package name=”ruby”/>

Next thing to do is start off the initial part of kiwi’s system image creation:

kiwi –prepare /usr/local/testing/suse-ec2-guest/ –root /home/myec2

You’re almost ready to roll, but before you do, you need to do a boot.local hack for SSH to work. – This needs to be done before you do “kiwi create

vi /home/myec2/etc/init.d/boot.local then a quick google for a similar issue suggests making the following entries:

rm -f /etc/ssh/ssh_host_key*
rm -f /etc/ssh/ssh_host_rsa_key*
rm -f /etc/ssh/ssh_host_dsa_key*

echo “recreating SSH Keys”
/usr/bin/ssh-keygen -q -f /etc/ssh/ssh_host_key -N ” -t rsa1
/usr/bin/ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N ” -t rsa
/usr/bin/ssh-keygen -f /etc/ssh/ssh_host/dsa_key -N ” -t dsa

echo “restarting SSH”
/etc/init.d/sshd restart
echo “finished”

kiwi –create /home/myec2 -d /home/myec2-result -y

ec2-upload-bundle -b mytestsuse114 -m /home/myec2-result/suse-11.4-ec2-guest.x86_64-1.1.2.ec2-EU-West/suse-11.4-ec2-guest.x86_64-1.1.2.ami.manifest.xml -a accesskey -s secretkey –location=EU

ec2-register –private-key=privatekey.pem –cert=cert.pem –region=EU-WEST-1 mytestsuse114/suse-11.4-ec2-guest.x86_64-1.1.2.ami.manifest.xml -n mysuse114 -a x86_64 -d “My Kiwi SuSE 11.4”

Once this has completed, the ec2-register command should send back to the command line a note of your AMI that has just been created eg:ami-1f111f1a. Make a note of this as you will need to know which AMI you want to start.

Next to fire up the Instance…

According to the Kiwi docs the images that it creates for S3 do not contain a partition table so when looking for the correct AKI to use you need to pick one that uses hd0 not hd00 from the AWS “user specified kernels doc”

My image is x86_64 and running on S3 in EU-WEST-1, so according to the list that means I need to specify aki-4feec43b as the AKI for this image. – Check the doc for your region and architecture.

Rule of thumb is for S3 select and AKI with hd0 an for EBS backed chose hd00. For EU-WEST-1 I wrote out this table.

aki-4feec439(32 bit S3 backed)
aki-4feec43b(64 bit S3 backed)
aki-47eec433(32 bit EBS backed)
aki-41eec435(64 bit EBS backed)

Ok, so lets fire up the Instance then:

ec2-run-instances -K privatekey.pem -C cert.pem –region EU-WEST-1 ami-1f111f1a -g mysecuritygroup –key mykeypairname -n 1 -t m1.large -z EU-WEST-1a –kernel aki-4feec43b

As you can see the above command launches my AMI (ami-1f111f1a)in EU-WEST-1a as an m1.large using the AKI aki-4feec43b as my Instance is S3 backed and is 64-bit.
You should now be able to login to you OpenSuse 11.4 Instance on AWS!

ssh -i my-eu-west-1-key.pem
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Hope you found my notes useful, this is a post I wrote on my personal blog last year, but thought other might find it interesting.

 

(c)Matt Palmer