With the power of duplicity and chroot we can make a Amazon EC2 image that is as good as a harware node, i.e. with persistent storage. Let me explain how to do it your self as well. However I’ll be leaving out the minute details.<\/p>\n
Step 1: Start an instance of a public AMI<\/p>\n
I would recommend ami-76cb2e1f because i you are able to use the same image for x-large and large instance powering up. Also it has the ec2 ami tools installed and patched. Login to the instance as root using the certificate you provided when starting the instance. Also do not forget to give the following as User Data.<\/p>\n
chroot_bucket=[your_bucket_name]<\/pre>\nStep 2: Download and install duplicity and boto<\/p>\n
You need to install duplicity<\/a> 0.4.9 or later and boto<\/a> 1.0 or later.<\/p>\n
Step 3: Create a PGP key<\/p>\n
Run the following and follow the instructions that will appear. <\/p>\n
# gpg --gen-key<\/pre>\nPlease note down the key id because we need it later on. It should look something like 860BCFF6.<\/p>\n
gpg: key 860BCFF6<\/b> marked as ultimately trusted<\/pre>\nStep 4: Install libpam-chroot<\/p>\n
You have to install libpam-chroot for it to be possible to push the user inside the chroot when the user logs in via ssh.<\/p>\n
Step 5: Create the chroot<\/p>\n
Create the chroot and install all the applications you need inside the chroot. Read about how to create a chroot in a debian system here<\/a>. Create your users inside the chroot. It is important that you understand how chroot works as well.<\/p>\n
Step 6: Push the users to chroot<\/p>\n
You need to change \/etc\/security\/chroot.cnf and add a line similar to bellow.<\/p>\n
[username] \/mnt\/chroot<\/pre>\nStep 6: Download the scripts<\/p>\n
You need to download the scripts archive that contains the scripts necessary to do all the magic to ensure that data actually persist. Download it from http:\/\/www.mohanjith.net\/downloads\/amazon\/ec2\/ec2-chroot-persistence-1.0.tar.gz<\/a><\/p>\n
Step 7: Extract and edit the scripts
Extract the scripts from out side the chroot, preferably in \/.<\/p>\n# cd \/
# tar -xzf [path_to_archive]\/ec2-chroot-persistence-1.0.tar.gz<\/pre>\nYou need to edit \/etc\/init.d\/ec2 and \/etc\/ec2\/cron and change the lines that look like bellow.<\/p>\n
export AWS_ACCESS_KEY_ID=[your_aws_access_key_id]
export AWS_SECRET_ACCESS_KEY=[your_aws_secret_access_key]
export PASSPHRASE=[your_gpg_passphrase]
export gpg_key=[your_gpg_key_id]<\/pre>\nStep 8: Set up the scripts<\/p>\n
You will also have to setup a cron job outside the chroot to backup the data to S3. The script to invoke is \/etc\/ec2\/cron. I would recommend hourly backups, but anything more frequently will be bad because the time it takes to backup will increase drastically.<\/p>\n
You will also have to make sure ec2 service (\/etc\/init.d\/ec2) is run on power on, power off and restart. To do that you will have to create sym links to \/etc\/init.d\/ec2 from \/etc\/rc0.d\/K10ec2, \/etc\/rc3.d\/S90ec2, \/etc\/rc4.d\/S90ec2, and \/etc\/rc6.d\/K10ec2.<\/p>\n
Step 9: Where to persist data.<\/p>\n
Run the bellow as root outside the chroot.<\/p>\n
curl http:\/\/169.254.169.254\/2007-08-29\/user-data > \/tmp\/my-user-data<\/pre>\nStep 8: Remaster the AMI<\/p>\n