You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jclouds.apache.org by David Bosschaert <da...@gmail.com> on 2014/08/18 23:18:46 UTC
Preparing a node for creating an AMI
Hi all,
I'm creating a node in EC2 using JClouds that I later want to save as
an AMI, so that I can later create compute nodes from it. I was
wondering what the recommended configuration options are for such a
scenario, esp in relation to security settings. I'd like to use this
AMI for different accounts, just like many of the general-purpose AMIs
can be used.
I currently have the following:
TemplateBuilder templateBuilder = compute.templateBuilder();
templateBuilder
.hardwareId(InstanceType.M3_MEDIUM)
.imageId("eu-west-1/ami-892fe1fe") // standard amazon linux
.options(TemplateOptions.Builder
.inboundPorts(22, 80, 8080)); // depends on application
I then install some stuff on it (using "yum -y update" and "yum -y
install xyz").
I noticed that I should not use AdminAccess.standard() as my runscript
(which I think is typically done for compute nodes), as that causes
[1]. Any other things that I should look out for when creating an
image, that is to be an AMI later?
Many thanks, David
[1] AuthorizationException on node eu-west-1/i-e4d0b2a4:
org.jclouds.rest.AuthorizationException: (... stuff ...) error
acquiring {hostAndPort=54.73.70.170:22, loginUser=root, ssh=null,
connectTimeout=60000, sessionTimeout=60000} (out of retries - max 7):
Exhausted available authentication methods
at org.jclouds.sshj.SshjSshClient.propagate(SshjSshClient.java:385)
Caused by: net.schmizz.sshj.userauth.UserAuthException: publickey auth failed
Re: Preparing a node for creating an AMI
Posted by David Bosschaert <da...@gmail.com>.
Just coming back to this... I started using packer.io and it worked
perfectly for me :)
Thanks again for the help, guys!
David
On 22 August 2014 15:48, David Bosschaert <da...@gmail.com> wrote:
> Thanks Ignasi and Chris for getting back with the help. This gives me
> something further to look at.
>
> Ignasi, I was just creating the AMIs by creating a node with the
> ComputeService createNodesInGroup() method and then manually in the
> EC2 console saving them as AMI image... Something I want to automated,
> but need to get the basics running first :)
>
> Best,
>
> David
>
> On 19 August 2014 21:33, Chris Custine <ch...@gmail.com> wrote:
>> Hi David,
>> Not a direct answer to either of your questions, but if you haven’t looked
>> at it yet you might want to check out one of the packer AMI builders for
>> automated building of AMIs: http://www.packer.io/docs/builders/amazon.html
>> I have found it very useful for repeatable builds of images for various
>> providers they support and keeping the images up to date over time.
>>
>> Thanks,
>> Chris
>> --
>> Chris Custine
>>
>>
>> On August 18, 2014 at 3:19:34 PM, David Bosschaert
>> (david.bosschaert@gmail.com) wrote:
>>
>> Hi all,
>>
>> I'm creating a node in EC2 using JClouds that I later want to save as
>> an AMI, so that I can later create compute nodes from it. I was
>> wondering what the recommended configuration options are for such a
>> scenario, esp in relation to security settings. I'd like to use this
>> AMI for different accounts, just like many of the general-purpose AMIs
>> can be used.
>>
>> I currently have the following:
>> TemplateBuilder templateBuilder = compute.templateBuilder();
>> templateBuilder
>> .hardwareId(InstanceType.M3_MEDIUM)
>> .imageId("eu-west-1/ami-892fe1fe") // standard amazon linux
>> .options(TemplateOptions.Builder
>> .inboundPorts(22, 80, 8080)); // depends on application
>>
>> I then install some stuff on it (using "yum -y update" and "yum -y
>> install xyz").
>>
>> I noticed that I should not use AdminAccess.standard() as my runscript
>> (which I think is typically done for compute nodes), as that causes
>> [1]. Any other things that I should look out for when creating an
>> image, that is to be an AMI later?
>>
>> Many thanks, David
>>
>> [1] AuthorizationException on node eu-west-1/i-e4d0b2a4:
>> org.jclouds.rest.AuthorizationException: (... stuff ...) error
>> acquiring {hostAndPort=54.73.70.170:22, loginUser=root, ssh=null,
>> connectTimeout=60000, sessionTimeout=60000} (out of retries - max 7):
>> Exhausted available authentication methods
>> at org.jclouds.sshj.SshjSshClient.propagate(SshjSshClient.java:385)
>> Caused by: net.schmizz.sshj.userauth.UserAuthException: publickey auth
>> failed
Re: Preparing a node for creating an AMI
Posted by David Bosschaert <da...@gmail.com>.
Thanks Ignasi and Chris for getting back with the help. This gives me
something further to look at.
Ignasi, I was just creating the AMIs by creating a node with the
ComputeService createNodesInGroup() method and then manually in the
EC2 console saving them as AMI image... Something I want to automated,
but need to get the basics running first :)
Best,
David
On 19 August 2014 21:33, Chris Custine <ch...@gmail.com> wrote:
> Hi David,
> Not a direct answer to either of your questions, but if you haven’t looked
> at it yet you might want to check out one of the packer AMI builders for
> automated building of AMIs: http://www.packer.io/docs/builders/amazon.html
> I have found it very useful for repeatable builds of images for various
> providers they support and keeping the images up to date over time.
>
> Thanks,
> Chris
> --
> Chris Custine
>
>
> On August 18, 2014 at 3:19:34 PM, David Bosschaert
> (david.bosschaert@gmail.com) wrote:
>
> Hi all,
>
> I'm creating a node in EC2 using JClouds that I later want to save as
> an AMI, so that I can later create compute nodes from it. I was
> wondering what the recommended configuration options are for such a
> scenario, esp in relation to security settings. I'd like to use this
> AMI for different accounts, just like many of the general-purpose AMIs
> can be used.
>
> I currently have the following:
> TemplateBuilder templateBuilder = compute.templateBuilder();
> templateBuilder
> .hardwareId(InstanceType.M3_MEDIUM)
> .imageId("eu-west-1/ami-892fe1fe") // standard amazon linux
> .options(TemplateOptions.Builder
> .inboundPorts(22, 80, 8080)); // depends on application
>
> I then install some stuff on it (using "yum -y update" and "yum -y
> install xyz").
>
> I noticed that I should not use AdminAccess.standard() as my runscript
> (which I think is typically done for compute nodes), as that causes
> [1]. Any other things that I should look out for when creating an
> image, that is to be an AMI later?
>
> Many thanks, David
>
> [1] AuthorizationException on node eu-west-1/i-e4d0b2a4:
> org.jclouds.rest.AuthorizationException: (... stuff ...) error
> acquiring {hostAndPort=54.73.70.170:22, loginUser=root, ssh=null,
> connectTimeout=60000, sessionTimeout=60000} (out of retries - max 7):
> Exhausted available authentication methods
> at org.jclouds.sshj.SshjSshClient.propagate(SshjSshClient.java:385)
> Caused by: net.schmizz.sshj.userauth.UserAuthException: publickey auth
> failed
Re: Preparing a node for creating an AMI
Posted by Chris Custine <ch...@gmail.com>.
Hi David,
Not a direct answer to either of your questions, but if you haven’t looked at it yet you might want to check out one of the packer AMI builders for automated building of AMIs: http://www.packer.io/docs/builders/amazon.html I have found it very useful for repeatable builds of images for various providers they support and keeping the images up to date over time.
Thanks,
Chris
--
Chris Custine
On August 18, 2014 at 3:19:34 PM, David Bosschaert (david.bosschaert@gmail.com) wrote:
Hi all,
I'm creating a node in EC2 using JClouds that I later want to save as
an AMI, so that I can later create compute nodes from it. I was
wondering what the recommended configuration options are for such a
scenario, esp in relation to security settings. I'd like to use this
AMI for different accounts, just like many of the general-purpose AMIs
can be used.
I currently have the following:
TemplateBuilder templateBuilder = compute.templateBuilder();
templateBuilder
.hardwareId(InstanceType.M3_MEDIUM)
.imageId("eu-west-1/ami-892fe1fe") // standard amazon linux
.options(TemplateOptions.Builder
.inboundPorts(22, 80, 8080)); // depends on application
I then install some stuff on it (using "yum -y update" and "yum -y
install xyz").
I noticed that I should not use AdminAccess.standard() as my runscript
(which I think is typically done for compute nodes), as that causes
[1]. Any other things that I should look out for when creating an
image, that is to be an AMI later?
Many thanks, David
[1] AuthorizationException on node eu-west-1/i-e4d0b2a4:
org.jclouds.rest.AuthorizationException: (... stuff ...) error
acquiring {hostAndPort=54.73.70.170:22, loginUser=root, ssh=null,
connectTimeout=60000, sessionTimeout=60000} (out of retries - max 7):
Exhausted available authentication methods
at org.jclouds.sshj.SshjSshClient.propagate(SshjSshClient.java:385)
Caused by: net.schmizz.sshj.userauth.UserAuthException: publickey auth failed
Re: Preparing a node for creating an AMI
Posted by Ignasi Barrera <na...@apache.org>.
In general, I'd say you should avoid running things that leave user
specific data on the node. That is, for example the jclouds predefined
statements that jclouds provides (admin access, install private keys, etc).
You can also run a script to wipe all that data before creating the image.
There are several tools out there for this purpose.
Regarding the "failed" AMIs, how are you creating them? Are you using the
jclouds ComputeService's ImageExtension?
El 19/08/2014 09:42, "David Bosschaert" <da...@gmail.com>
escribió:
> After digging a bit deeper I'm finding that I can't get jclouds to
> launch any of my custom-made AMIs at all (hand-made ones nor
> jclouds-made ones). It can launch pre-created ones fine (e.g. Amazon
> Linux AMI 2014.03.2-HVM) but when I try to launch any of my custom
> made ones it just hangs. I can see that the instances are created, but
> they're not finished, i.e. the names and tags aren't set...
>
> Anything obvious that I could be forgetting/doing wrong?
>
> Thanks,
>
> David
>
> On 18 August 2014 22:18, David Bosschaert <da...@gmail.com>
> wrote:
> > Hi all,
> >
> > I'm creating a node in EC2 using JClouds that I later want to save as
> > an AMI, so that I can later create compute nodes from it. I was
> > wondering what the recommended configuration options are for such a
> > scenario, esp in relation to security settings. I'd like to use this
> > AMI for different accounts, just like many of the general-purpose AMIs
> > can be used.
> >
> > I currently have the following:
> > TemplateBuilder templateBuilder = compute.templateBuilder();
> > templateBuilder
> > .hardwareId(InstanceType.M3_MEDIUM)
> > .imageId("eu-west-1/ami-892fe1fe") // standard amazon linux
> > .options(TemplateOptions.Builder
> > .inboundPorts(22, 80, 8080)); // depends on application
> >
> > I then install some stuff on it (using "yum -y update" and "yum -y
> > install xyz").
> >
> > I noticed that I should not use AdminAccess.standard() as my runscript
> > (which I think is typically done for compute nodes), as that causes
> > [1]. Any other things that I should look out for when creating an
> > image, that is to be an AMI later?
> >
> > Many thanks, David
> >
> > [1] AuthorizationException on node eu-west-1/i-e4d0b2a4:
> > org.jclouds.rest.AuthorizationException: (... stuff ...) error
> > acquiring {hostAndPort=54.73.70.170:22, loginUser=root, ssh=null,
> > connectTimeout=60000, sessionTimeout=60000} (out of retries - max 7):
> > Exhausted available authentication methods
> > at org.jclouds.sshj.SshjSshClient.propagate(SshjSshClient.java:385)
> > Caused by: net.schmizz.sshj.userauth.UserAuthException: publickey auth
> failed
>
Re: Preparing a node for creating an AMI
Posted by David Bosschaert <da...@gmail.com>.
After digging a bit deeper I'm finding that I can't get jclouds to
launch any of my custom-made AMIs at all (hand-made ones nor
jclouds-made ones). It can launch pre-created ones fine (e.g. Amazon
Linux AMI 2014.03.2-HVM) but when I try to launch any of my custom
made ones it just hangs. I can see that the instances are created, but
they're not finished, i.e. the names and tags aren't set...
Anything obvious that I could be forgetting/doing wrong?
Thanks,
David
On 18 August 2014 22:18, David Bosschaert <da...@gmail.com> wrote:
> Hi all,
>
> I'm creating a node in EC2 using JClouds that I later want to save as
> an AMI, so that I can later create compute nodes from it. I was
> wondering what the recommended configuration options are for such a
> scenario, esp in relation to security settings. I'd like to use this
> AMI for different accounts, just like many of the general-purpose AMIs
> can be used.
>
> I currently have the following:
> TemplateBuilder templateBuilder = compute.templateBuilder();
> templateBuilder
> .hardwareId(InstanceType.M3_MEDIUM)
> .imageId("eu-west-1/ami-892fe1fe") // standard amazon linux
> .options(TemplateOptions.Builder
> .inboundPorts(22, 80, 8080)); // depends on application
>
> I then install some stuff on it (using "yum -y update" and "yum -y
> install xyz").
>
> I noticed that I should not use AdminAccess.standard() as my runscript
> (which I think is typically done for compute nodes), as that causes
> [1]. Any other things that I should look out for when creating an
> image, that is to be an AMI later?
>
> Many thanks, David
>
> [1] AuthorizationException on node eu-west-1/i-e4d0b2a4:
> org.jclouds.rest.AuthorizationException: (... stuff ...) error
> acquiring {hostAndPort=54.73.70.170:22, loginUser=root, ssh=null,
> connectTimeout=60000, sessionTimeout=60000} (out of retries - max 7):
> Exhausted available authentication methods
> at org.jclouds.sshj.SshjSshClient.propagate(SshjSshClient.java:385)
> Caused by: net.schmizz.sshj.userauth.UserAuthException: publickey auth failed