#ubuntu-ec2 2009-12-28
<flaccid> anyone alive that can help on disable_root and ec2-fetch-credentials ?
<flaccid> i'm trying to work out this system they introduced in karmic
<flaccid> i'm not sure why they do it this way instead of just sshd and pam
<erichammond> flaccid: Are you wanting to enable ssh to root?
<flaccid> heya Eric, yeah, I have raised an enhancement request so we can enable other users than root to login and also call scripts etc.
<flaccid> for now, i just want to re-enable root so i can bundle this test instance which has been right-enabled
<flaccid> then i can look at the more specific issue in the ticket raised indirectly by yourself
<flaccid> interesting implementation canonical does in /usr/bin/ec2-fetch-credentials ..
<erichammond> I posted a description on how to enable root towards the end of http://alestic.com/2009/04/ubuntu-ec2-sudo-ssh-rsync
<flaccid> i don't think that is going to do the trick, but i will try
<flaccid> wow it does. how does that work?
<flaccid> i'm trying to work out what calls /usr/bin/ec2-fetch-credentials to check disable_root boolean
<flaccid> hmmm bundle call from rs dash still silently failing
<flaccid> i think i will have to call the ec2 api manually
<erichammond> flaccid: /etc/init.d/ec2-init
<erichammond> calls ec2-fetch-credentials
<erichammond> Where do you see disable_root?
<flaccid> grep disable_root /usr/bin/ec2-fetch-credentials
<flaccid> would you be able to help me with a manual bundle then?
<erichammond> flaccid: of a running instance?
<erichammond> or building an AMI from scratch?
<flaccid> yeah so ec2-bundle-vol on a running instance. need to know best practices for the params on a running instance w/ rightscale
<flaccid> basically because i've never done it before, need to know what params i should be giving http://docs.amazonwebservices.com/AmazonEC2/dg/2006-10-01/CLTRG-ami-bundle-vol.html
<erichammond> Here are my notes which should work on Karmic: http://alestic.com/2009/06/ec2-ami-bundle
<flaccid> great, thats quite detailed, thanks eric
<erichammond> I'm also building Karmic AMIs from scratch with vmbuilder but haven't published any notes yet.
<flaccid> got any ideas why rs bundle call is silently failing after enabling root ?
<erichammond> I don't think I've ever used the RightScale bundle button.
<flaccid> im testing bundle of Ubuntu 9.10 Karmic	ami-1515f67c after right-enabling
<flaccid> yeah, our bundle button is not reliable and i wouldn't mind working out why. but without interaction with eng I don't know what the api call it issues is. would be good if aws logged all api calls and responses..
<erichammond> Are there any logs on the system?  Have any Ubuntu AMIs been able to be bundled that way before?
<erichammond> Perhaps it's an incompatibility with commands between CentOS and Ubuntu.
<flaccid> we only notify that the bundle call was initiated. i can bundle jaunty no problem and also done debian
<flaccid> i'll show you the build toolkit i made
<flaccid> erichammond: https://rightscale-services.s3.amazonaws.com:443/rightimage-build-toolkit/README
<flaccid> erichammond: could you summarise the main roadblock you had, thus the ticket submitted?
<flaccid> in regards to /bin/env: bad interpreter: No such file or directory. thats actually our bug. we should be using /usr/bin/env
<flaccid> in my build-toolkit i create an extra symlink to work around this
<erichammond> This shows up in /var/log/install: "touch: cannot touch `/var/lock/subsys/rightscale': No such file or directory"
<flaccid> yeah i got that in jaunty as well. just need to touch it iirc
<erichammond> and "/opt/rightscale/bin/ec2.sh: /opt/rightscale/bin/WaitFor: /bin/env: bad   interpreter: No such file or directory"
<flaccid> yeah for that one, do, /bin/env: symbolic link to `/usr/bin/env'
<erichammond> symlink sounds like a very temporary workaround which should be corrected quickly.
<flaccid> problem is they may not update the current rightscale scripts due to focus on RightLink
<flaccid> we can still raise bugs and try to get priority on them
<erichammond> ok, I can try adding these and see how the build goes: mkdir /var/lock/subsys; ln -s /usr/bin/env /usr/env
<flaccid> mkdir -p /var/lock/subsys && touch /var/lock/subsys/rightscale; ln -s /usr/bin/env /bin/env
<flaccid> :)
<erichammond> thanks
<flaccid> nps
<erichammond> It's ok for subsys/rightscale to be owned by root?
<flaccid> yep
<flaccid> generally nothing in there most of the time
<flaccid> if i add the mkdir/touch to my build toolkit, that should cover full support for jaunty and karmic
<flaccid> just going to launch an rs server w/ jaunty template and rightimage to verify the console output errors such as the /var/lock/subsys/rightscale
<erichammond> flaccid: All these different ways of installing RightScale are starting to wear me down.  What you just listed is different from what Martin provided me which is different from the other 4 ways I used to do it.
<flaccid> well, that certainly is a problem
<erichammond> Hopefully, we'll end up with a single recommended approach out of all this.
<flaccid> its going to be hard, particularly because of the focus on RightLink which will provide packages to simply install the RightLink agent
<flaccid> have you seen http://support.rightscale.com/index.php?title=06-FAQs/FAQ_0103_-_How_do_I_make_any_Amazon_Machine_Image_%28AMI%29_capable_of_running_RightScripts%3F ? my build toolkit is basically a fork of that
<erichammond> Here's the basic script from Martin which requires setting a number of envariables first: http://alestic-downloads.s3.amazonaws.com/rightscale_install
<erichammond> I see overlaps with your code.
<flaccid> yes that is correct
<erichammond> flaccid: so which one is preferred?
<flaccid> there is no preferred. its all up to you. there is no official way to do this
<flaccid> the equiv of this script is https://rightscale-services.s3.amazonaws.com/rightimage-build-toolkit%2Finstall_rightscale.bash and i just polished it up and modularised some things into other scripts
<erichammond> Is root ssh required to perform some RightScale functions?
<flaccid> yes because ssh/root is used
<erichammond> flaccid: Were you looking for this before? /etc/ec2-init/ec2-config.cfg
<flaccid> ah yes
<flaccid> this is bundled by canonical right?
<erichammond> yes, that file is on the Canonical AMIs
<flaccid> coolio
<erichammond> and any AMIs which are built with vmbuilder, I presume.
<erichammond> (I'll know shortly)
<flaccid> okies
<flaccid> well i am actually getting the output from our worker on running the bundling script
<flaccid> looks like missing dep for the script
<flaccid> [2009-12-28 02:05:51] [Ec2BundleWorker] : ERR: /home/ec2//lib/ec2/amitools/crypto.rb:13:in `require': no such file to load -- openssl (LoadError)\n
<flaccid> need openssl rubygem
<flaccid> apt-get install libopenssl-ruby issued
<flaccid> bundling initiated
<flaccid> rsync is going so it appears to be working without error so far
<flaccid> tar is running. good so far..
<flaccid> gzip running :)
<flaccid> splitting bundle now
<flaccid> erichammond: that was successful. let me see how it goes now under an rs server
<rberger> If I launch a canonical US-West AMI in US West it doesn't have access to http://us.ec2.archive.ubuntu.com/ubuntu/dists/karmic-updates and apt-get update fails
<rberger> Anyone know how to fix it or if I'm doing something wrong?
<erichammond> rberger: You can switch to us-west-1.ec2.archive.ubuntu.com
<erichammond> Or (as I do) switch to the RightScale Ubuntu mirrors.
<rberger> erichammond: Thanks, is this a known bug?  What is the address of the rightscale ubuntu mirros (ps you are my hero :-)
<erichammond> rberger: https://bugs.launchpad.net/ubuntu/karmic/+source/ec2-init/+bug/494185
<uvirtbot> Launchpad bug 494185 in ec2-init "ec2-init selects us-east-1 mirror when running in us-west-1 region" [High,Fix committed]
<erichammond> It's marked "fix released", but I didn't think that it was in the latest official AMI from Canonical.
<erichammond> I also suspect it will not work for you if you rebundle an AMI in us-east-1 and then migrate it to us-west-1 or eu-west-1.
<erichammond> rberger: If you have runurl installed (http://alestic.com/2009/08/runurl) then the following command switches to the RightScale Ubuntu apt repository mirrors: sudo runurl run.alestic.com/apt/rightscale
<erichammond> If you want to only upgrade to the Ubuntu archives as of a particular date, RightScale keeps daily snapshots.  For, say, December 1: sudo runurl run.alestic.com/apt/rightscale 2009/12/01
<flaccid> cool
<erichammond> RightScale has 2 load balanced, failover mirrors in us-west-1 and 3 in us-east-1.
<erichammond> When one of the EC2 availability zones failed a couple months back, my instances in a different availability zone could still upgrade because they failed over to the mirror in a zone which was working.
<flaccid> erichammond: i have a RightImage karmic working. would just need some script mods for monitoring and scripting to work, but this is separate to the image of course
<erichammond> flaccid: Glad to hear it.  I'm continuing on the path I was traveling with some mods from this session, but may switch over to your code if I have problems.
<flaccid> yeah its really just a matter of dealing with each issue
<flaccid> erichammond: those errors you saw, they were in console output right?
<erichammond> flaccid: They were in /var/log/install if we're talking about the same thing
<rberger> erichammond: I am using the ami canonical lists on their website ami-7d3c6d38. THanks again.
<flaccid> erichammond: ok. i will check this
<flaccid> erichammond: a launch and terminate shows no errors in console output. so i will now go over the /var/log/install on a fresh launch
<erichammond> rberger: Though I pointed you to some code on run.alestic.com I should caution you that it is just my playground and should not be used for production systems.  Feel free to copy the code and host it on your own reliable locations.
<rberger> erichammond: Will do. Working on gettiing my own base system on us-west for use with opscode chef. Hopefully it won't be too hard... All your tools and docs are a big help!
<erichammond> rberger: Glad you find them useful.
<flaccid> rberger: have you checked out rightscale/chef yet ?
<rberger> flaccid: Does the rightscale/ chef stuff cost money on a instance-hour basis?
<flaccid> rberger: no
<flaccid> you can get a free developer account if you wanna try it out
<flaccid> well from memory you get chef w/ free accounts
<flaccid> personally, im not into chef at all. im not a ruby guy either
<rberger> flaccid: But in production it cost per instance per hour? I'm more concerned about production as our base line system is over 10 nodes..
<flaccid> rberger: rightscale is a management platform, your cloud accounts such as AWS are with them
<erichammond> flaccid: Ok, my vmbuilder-built, RightScale-enabled, Karmic AMIs work when started with the EC2 API.  Now to tag them with the magic tags in RightScale and test them there.
<rberger> flaccid: It seems that the righscale folks are doing great stuff but we can't afford to pay extra on a per node/hour basis.
<flaccid> erichammond: ok so you are essentially saying you are up to testing, right ?
<erichammond> flaccid: yep, testing in RightScale.
<erichammond> flaccid: Is there a trivial RightScript I could use to test that RightScript functionality works?
<erichammond> I wrote my own, but figured there should be something available in the public library.
<flaccid> rberger: we don't charge anything per hour, only certain overages with premium accounts. a free dev account doesn't cost you anything, only AWS...
<flaccid> erichammond: a hello world is a good one to use
<flaccid> i don't think there is anything in the library unfortunately
<flaccid> i just use a bash hello world
<rberger> flaccid: I'll look into it again, thanks
<flaccid> rberger: nps. im a support engineer with RightScale. so if you have any questions, i'm around..
<flaccid> erichammond: ok so only error left i have is touch: cannot touch `/var/lock/subsys/rightscale': No such file or directory because i didn't do anything before bundling. can i ask where you did the mkdir and touch for this ?
<flaccid> just before bundling or in a sequence ?
<erichammond> That was needed in the rightscale install script I was running, so I did mkdir/touch before I ran it.
<erichammond> I'm building the image from scratch in a subdirectory, so I had to include the root of the image directory as well.
<flaccid> yeah so you just mkdir and touch before bundling so it exists in the image, correct?
<flaccid> ok doing another bundle after touching this file
<flaccid> i'll let you know if i can find any problems/limitations after i have updated the template to use the new image
<erichammond> flaccid: yes
<flaccid> danke
<erichammond> flaccid: No luck: flaccid: touch: cannot touch `/var/lock/subsys/rightscale': No such file or directory
<erichammond> This may be wiped out in the boot process.
<flaccid> okies, i shall look into this now!
<erichammond> It may need to be fixed by RightScale when running on Ubuntu.
<erichammond> I think Ubuntu would expect it to be /var/lock/rightscale/xxx
<erichammond> with RightScale creating the subdirectory
<erichammond> At least that's how the other /var/lock users seem to be behaving on my system.
<erichammond> /var/lock has the same permissions as /tmp (world writable, sticky bit)
<flaccid> might have to add to /etc/rc.local or something
<flaccid> let me just replicate the problem from this new bundle when its done
<erichammond> It has to be done before /etc/init.d/rightscale runs at S90
<flaccid> right
<flaccid> i assume /etc/rc.local is practically the last thing after the rc seq yeah ?
<erichammond> S99 I believe
<flaccid> ah rightio
<flaccid> i'll check it out
<erichammond> I'm also getting what looks like a more serious error in RightScale startup.  Here's the whole /var/log/install - http://paste.ubuntu.com/347903/
<flaccid> danke
<erichammond> Adding: apt-get install libxml-simple-ruby
<erichammond> but this is going to be a slow process if I have to keep building AMIs to test :-\
<erichammond> Should I switch to your code/
<erichammond> ?
<flaccid> yes iirc i handled that in my build toolkit
<flaccid> probably in the deps scripts
<flaccid> oops, dep script.
<flaccid> yeah certainly covered that when i hit it
<erichammond> flaccid: Are these still the latest and greatest instructions? https://rightscale-services.s3.amazonaws.com:443/rightimage-build-toolkit/README
<flaccid> erichammond: yes. the whole thing is authored by myself and any updated, i just save straight back to the files
<erichammond> Hm, looks like I'll have to chroot to the image directory first.
<flaccid> i should create a TODO, there is still some things to add like java jre
<flaccid> not sure why you would need to do something like that on a running instance..
<erichammond> I'm not bundling my running instance.  I'm building a fresh Karmic AMI from scratch using vmbuilder.
<flaccid> ok, sounds good then
<flaccid> keep in mind this build toolkit is for running instances bundling. i havnt done any scratch stuff
<erichammond> Does your code handle setting disable_root ?
<flaccid> negative. i have not updated anything for karmic yet
<erichammond> ok
<flaccid> but that atm, looks like the intention. i doubt eng are going to address this 'feature' anytime in the near future..
<flaccid> it does need to be addressed and my fav OS is freebsd, so when ec2 upgrades xen, i need support for non-root
<flaccid> ok so rc.local will get run before rightscale init
<flaccid> ok i am re-bundling with the touch in /etc/rc.local
<erichammond> flaccid: From what I see S90rightscale is run before S99rc.local
<flaccid> lrwxrwxrwx 1 root root  18 2009-10-27 13:43 S99rc.local -> ../init.d/rc.local
<flaccid> lrwxrwxrwx 1 root root  20 2009-12-27 23:43 S99rightscale -> ../init.d/rightscale
<flaccid> its S99 for both, so rc comes before ri
<erichammond> Ah, you have rightscale at a different level in your software.
<flaccid> well at least this is how it is with karmic in runlevel 4 default
<flaccid> erichammond: maybe. i don't recall changing this manually, so we would need to see how it is set
<flaccid> can check that out in regression
<erichammond> What problems does that missing directory/file cause?
<flaccid> none that i have noticed
<flaccid> i don't even know what its for
<flaccid> relaunching with new bundle
<flaccid> erichammond: that did the trick. so its all good, except for the fact that its not official supported yet and thus repos support is a no go etc.
<erichammond> The Ubuntu repositories hosted by RightScale are very stable.  In my experience, they have been more stable than the mirrors hosted by Canonical in EC2.
<flaccid> and also the logging and monitoring scripts will require updates
<erichammond> yeah, that makes sense.
<flaccid> erichammond: thats the repos themselves. im referring to the userland implementation on the instance. we don't support new versions yet and i'm not sure if the later releases are mirrored.
<flaccid> configuring software repos will return Failed to generate repository configuration: unsupported ubuntu release 9.10
<erichammond> flaccid: Ok, it looks like basic RightScale integration is working on my custom vmbuilder Karmic AMIs.  I'm still using Martin's code with info from this discussion with you.
<erichammond> At least basic RightScript stuff works, though I also see your latest errors, too (Failed to generate repository configuration: unsupported ubuntu release 9.10).
<erichammond> Thanks for your help.
<erichammond> I'm off to see Avatar 3D again...
<flaccid> coolio
#ubuntu-ec2 2010-01-01
<trifon> Happy New Year everyon!
<trifon> i have issue with key-pair and starting instances.
<trifon> i'm adding new ey pair with: ec2-add-keypair ec2-keypair > ec2-keypair.pem
<trifon> and changing permission on the new file: chmod 600 ec2-keypair.pem
<trifon> but after that when i try to start instance with : ec2-run-instances ami-xxxxx -k ec2-keypair
<trifon> i got error: Client.InvalidKeyPair.NotFound: The key pair '/data/trifon/Desktop/amazonws.com/ec2-keypair' does not exist
<erichammond> trifon: It sounds like you were specifying -k /data/trifon/Desktop/amazonws.com/ec2-keypair
<erichammond> You only need to specify the name of the keypair as it was passed to ec2-add-keypair, i.e., -k ec2-keypair
<trifon> erichammond: hi Eric. Thank you very much fro you response!
<trifon> i found th reason.
<trifon> 1) i must specify only name of the key pair.
<trifon> 2) i must specify region.
<trifon> i'm in Europe and if i omit region then key is created in Us.
<trifon> which leads to error when i try to start instance because key is not found.
<erichammond> trifon: Glad you solved it.  There should be an envariable you can set to default the EC2 commands to use your preferred region.  Setting EC2_URL might do it.
<trifon> erichammond: well it took me 1 day to look around.
<trifon> thank's for the hint.
<trifon> erichammond: i want to ask you if you have 5 minutes?
<trifon> i have questions. they are not technical.
#ubuntu-ec2 2010-01-02
<erichammond> trifon: You can always ask questions.  I may or may not answer :)
<trifon> erichammond: :)
<trifon> my question is about ubuntu and EC2
<trifon> as far as i understand at this moment EC2 images with Ubuntu allows users to get offical suport from Canonical
<erichammond> trifon: I've seen stuff on Canonical's site that says you can pay them for support, yes.
<trifon> erichammond: ok. thank's for the reposonse.
<trifon> i was with the impression that you have worked together with Canonical on this.
<erichammond> trifon: I supported Canonical in the development of the official Ubuntu AMIs.
<erichammond> I occasionally provide direct support to companies who are using Ubuntu on EC2, but it is not under the auspices of Canonical.
<erichammond> I'm not familiar with Canonical's commercial support services except for what I've read on their web site.
<trifon> erichammond: ok. i see. thank's for the repsonses
<trifon> erichammond: i have asked as i'm developer of open source ERP application. ADempiere.
<trifon> and i want to create AMI with ADempiere on official Ubunut suported image
<trifon> but i think that i should contact Canonical if i want to make this official.
<erichammond> trifon: You want Canonical to support your AMI?
<trifon> erichammond: i just want to make my AMI be officaly suported.
<trifon> i mean users of ERP usualy want to be sure that in case of issue there will be someone to suport them.
<erichammond> trifon: I doubt any company is going to officially support an AMI that they do not build themselves.
<trifon> so i will need suport for the OS. I preffer Ubuntu so far.
<trifon> erichammond: right.
<trifon> which means that both companies must participate in the build proces.
<erichammond> Canonical does support "Ubuntu" officially, so if the problems relate to Ubuntu, then I imagine Canonical will support that aspect of it no matter who's AMI it's running.
<erichammond> Does Canonical currently support ADempiere outside of EC2 at this point?
<trifon> not.
<trifon> ADempiere even do not have ubunut package now :(
<erichammond> I see.
<trifon> i'm not sure if Canonical can suport any ERP system.
<trifon> i mean ERP suport usuly is done by ERP vendor.
<trifon> hello everyone
<trifon> i'm trying to login into Fedora Instance AMI: ami-0a48637e
<trifon> this AMI is mentioned in the ec2ubuntu-build-ami script
<trifon> what is the user?
<trifon> i'm trying with root.
<develop> i m new to ec2 . Is there a way to extend a public 64 bit ubuntu ami : add python packages .... need to have 100 instances running the same python application
<trifon> develop: sure you can add any package you need.
<erichammond> trifon: You may want to review the tutorial in Amazon's Getting Started Guide: http://ec2gsg.notlong.com
<trifon> erichammond: hello and thank you!
<develop> thnks
<erichammond> develop: What AMI id are you using?
<develop> none yet was thinking of ami-00866b69
<develop> just need a 64 bit ubuntu add python and libs + svn and rebundle
<erichammond> develop: I don't recommend using images from the "testing" bucket.
<erichammond> Those are built automatically and have not been tested.
<develop> which one would you recommend?
<erichammond> ...unless you're volunteering to do the testing, I suppose.
<erichammond> Any reason you don't want to use Karmic (the latest Ubuntu release)?
<develop> no
<erichammond> Then I'd recommend using the latest published Ubuntu 9.10 Karmic.  I list the AMI ids in the second table on http://alestic.com
<erichammond> Now back to your original question.
<erichammond> If all you want to do is install a few software packages, then it's not necessary to rebundle and create your own AMI.
<develop> so the ami's must be ebs?
<erichammond> You can configure the Ubuntu AMIs on first boot with a user-data script as described here: http://alestic.com/2009/06/ec2-user-data-scripts
<develop> so i can start and stop
<develop> k
<erichammond> Then, when Canonical publishes an updated Karmic AMI, you can simply switch the AMI id you are using, keep the same user-data script, and you're off and running again without having to go through the painful AMI bundling and testing process.
<erichammond> If you want to be able to stop/start, EBS boot AMIs are also fine.
<develop> just need a stop /start ami for the main worker having a db2 instance
<erichammond> Canonical does not yet publish EBS boot AMIs (bug 492048)
<uvirtbot> Launchpad bug 492048 in ubuntu "Create "EBS boot" AMIs for Amazon EC2" [Undecided,New] https://launchpad.net/bugs/492048
<erichammond> On Monday, I will be publishing an article on how to build EBS boot AMIs using Ubuntu vmbuilder.
<trifon> erichammond: sounds interesting.
<trifon> i use KVM on my office servers.
<trifon> and vmbuilder of course :)
<erichammond> Drop me a note if you are willing to test the instructions and provide feedback: http://anvilon.com/contact
<trifon> erichammond: sure. count me in.
<erichammond> That said, I don't believe in putting your database and other application data on the EBS boot volume.
<erichammond> I like keeping the operating system and software on separate volumes from the data as each has a different lifecycle.
<erichammond> It's a bit more complicated to set things up this way, but I like the flexibility.
<trifon> snet message.
<trifon> erichammond: one really stupid question :(
<trifon> #   --user ID             - Defaults to $AWS_USER_ID
<trifon> #   --access-key ID       - Defaults to $AWS_ACCESS_KEY_ID
<trifon> #   --secret-key ID       - Defaults to $AWS_SECRET_ACCESS_KEY_ID
<trifon> how to get value of this environment variables?
<erichammond> trifon: http://alestic.com/2009/11/ec2-credentials
<trifon> thank's i have seen this article but didn't payid attentions so far.
<erichammond> The topic will keep coming back to haunt you.
<develop> seems like i can only login as ubuntu to ami-ab15f6c2
<trifon> erichammond: i have read the article. very good article!
<trifon> develop: on ubuntu you can't login with root by default.
<trifon> Ubuntu MAIs are coming with ubuntu user.
<develop> root pwd is
<trifon> develop: this is the trick... no root pass.
<trifon> password login is disabled.
<trifon> you must connect with: ssh -i key-pair ubuntu@ip
<develop> go it thnks
<erichammond> develop: http://alestic.com/2009/04/ubuntu-ec2-sudo-ssh-rsync
#ubuntu-ec2 2010-01-03
<develop> thnks
<develop> ec2ubuntu-build-ami seems to need AWS_USER_ID is this the email i use to login cannot see onsecurity credential page
<develop> sry got it at the bottom aws account id
<develop> wha is --codename
<erichammond> develop: --codename hardy
<japey> hello
<japey> I wanted to know if there were people who were using Ubuntu as a virtual office with ec2? and if it came dear.
<japey> According to my calculations, you must have 35 - $ 40 per month?According to my calculations, you must have 35 - $ 40 per month?
<trifon> erichammond: ping
<japey> hello
