Are you puzzled by the many public Amazon EC2 images that are available? They are all wonderful to get started with, and we all have to thank the many authors who have put a lot of work into creating them. But when we put a server into production we always feel like we should be 100% in control. We want to make sure there is nothing unknown on the images we are using. We also believe that even though we will be offering base images to our customers, some of them may want to recreate them themselves, “just to be sure”. Well, we finally found the right approach to creating base Amazon EC2 images: scripting.Our first RightImages are a Fedora Core 6 image and a CentOS 5 image, both generated entirely automatically. Our goals are:
- Create a fairly clean base image with just what we believe are the essentials.
- Create the image automatically using a script, this allow you to inspect all the details, create your own version of our image if you choose to, and it allows for easy maintenance.
- Put a few seeds onto the image that will support the new features we’re preparing in the context of the RightScale service (you can easily remove these if you want to use the image without RightScale).
Below is a description of the FC6 image we prepared, and you can download the script that we used to prepare it. To reproduce the image yourself, launch the Amazon Fedora Core 4 base image, log in, copy the script onto the image, edit the credentials in the script, and run the script. Then have lunch/dinner, and hopefully everything will have completed by the time you are done!
RightImage Fedora Core 6 Base, Version 2
Amazon AMI-ID: ami-2c8f6a45
The purpose of the Fedora Core 6 base image is to provide the bare essentials for a usable Amazon EC2 image. We started with a GroupInstall Base and made the following customizations.
yum packages added
- wget – for retrieving web based files
- mlocate – for fast file searching
- nano – Alternative to Vi/Emacs
- logrotate – Log Rotation
- ruby – needed for EC2 and RightScale scripts
- rubygems – needed for ruby work
- syslog-ng – replacement to syslog, better remote logging, used by RightScale features
- postfix – alternative to Sendmail, easier to set-up for most people
- gcc/gcc-c++ – needed to compile software
- glibc libraries – these are needed and must be force installed for some software to work.
Non-yum based software added
- Java JRE 1.6.0su1 – used by the Amazon API tools
- Amazon Kernel Headers linux-2.6.16-xenU – useful to compile kernel modules
- Amazon EC2 AMI Tools – enable bundling
- Amazon EC2 API Tools – EC2 command line tools
- S3Sync – rsync-like functionality to sync local filesystem with S3
- RightScale Software – fetches launch data into /var/spool/ec2
- EC2 meta-data is fetched from 169.254.169.254 into /var/spool/ec2/meta-data
- EC2 meta-data and user-data include files in /var/spool/ec2/metat-data for Bash and Perl.
- EC2 Command Line tools in /home/ec2
- AWS variables for EC2 and S3 are set in /etc/profile.d/ec2.sh
- Java variables are set in /etc/profile.d/java.sh
- Disabled password authentication in /etc/ssh/sshd_config
- Modifications to /network config according to Amazon documentation
- Modifications to /etc/rc.local to fetch ssh key
- Creation of /opt/rightscale directory tree for RightScale add-ons, they consist on the following:
The following services are not necessary on EC2 or were replaced by another service:
- yum-updatesd (disabled to ensure an update does not break production)
RightImage CentOS 5 Base, Version 1
Amazon AMI-ID: ami-268f6a4f
The CentOS 5 image is pretty much identical to the FC6, except that some packages come in at different versions and we had to install syslog-ng from source. As above, you can download the script to generate the image.
We would love to hear your feedback, specially if you feel that there is anything that we have missed.