Skip to content
Find file
Fetching contributors…
Cannot retrieve contributors at this time
138 lines (107 sloc) 6.9 KB

Burn an AMI



# Fix:
#  /etc/hosts
#  /etc/hostname
#  /etc/fstab

# Nuke files that would be inconvenient to persist: chef config and startup files; log files; and files that contain keys of some sort.
sudo true
away_dir=/mnt/tmp/away-`date "+%Y%m%d%H"`
sudo mkdir -p $away_dir

sudo service chef-client stop
ps auxf
df -BG

# Give apt some last-minute lovin'
sudo apt-get -y update  ;
sudo apt-get -y upgrade ;
sudo apt-get -f install ;
sudo apt-get clean ;
sudo updatedb ;

sudo mv /var/chef /etc/hostname /etc/node*name /etc/chef/{client-config.json,first-boot.json,node-attrs.json,chef-config.json,*.pem,*~} /var/www/index.html $away_dir
sudo rm -rf /var/cache/chef/*
# flush files that might have history or credentials
sudo rm -rf /root/{.cache,.chef,emacs.d,.bash_history,.gem} ~ubuntu/{.cache,.chef,emacs.d,.bash_history,.gem} /var/backups/*
# Zero out log files
sudo rm -rf /var/lib/cloud/data/* /var/log/{chef,hadoop,rabbitmq,cassandra,nginx,elasticsearch}/* /etc/sv/*/log/main/* /var/log/*.gz
sudo bash -c 'for foo in /var/log/{dmesg,syslog,messages,debug,udev,lastlog,faillog,dmesg.0,*.log} ; do echo -n > $foo ; done'
# If you want to record the AMI version, something like
sudo rm /etc/motd ;
sudo bash -c 'echo "CHIMP CHIMP CHIMP CRUNCH CRUNCH CRUNCH (image burned at `date`)" > /etc/motd ' ;

# Shutdown services  and make the following ones not restart on bootup
for foo in hadoop-0.20-{namenode,jobtracker,tasktracker,datanode,secondarynamenode} hadoop-{zookeeper-server,hbase-master,hbase-regionserver} cassandra couchdb thttpd nfs-kernel-server god apeyeye nginx  rabbitmq-server chef-{solr,solr-indexer,client,server,server-webui} elasticsearch ; do sudo service $foo stop ; done
killall redis-server tail nginx console-kil-daemon
for foo in thttpd hadoop-0.20-{tasktracker,datanode,namenode,jobtracker,secondarynamenode} hadoop-{zookeeper-server,hbase-master,hbase-regionserver} cassandra elasticsearch ; do sudo update-rc.d -f $foo remove ; done
# Give the process list a hows-your-father -- nothing interesting should be running.
ps auxf
# Unmount anything that's mounted,
sudo umount /home
sudo umount /ebs*
# Detatch anything that's attached,
ec2-describe-volumes -K pk.pem -C cert.pem | grep 3045e85a
ec2-detach-volume    -K pk.pem -C cert.pem vol-123545
# and check that it all worked.
mount
ec2-describe-volumes -K pk.pem -C cert.pem | grep 3045e85a
# nuke user accts
for foo in flip jacob dhruv doncarlo jesse dsnyder howech ryan nickster robochimp joe deploy instiki integrity webservers ; do sudo userdel $foo ; sudo groupdel $foo ; done
# blow away anything git-deployed
sudo rm -rf /var/www/{apeyeye,apidocs} /etc/{apeyeye,god,monitoring,redis,elasticsearch} /var/run/god /var/log/god /etc/sv/apeyeye
# Move files out of the way that will confuse on reboot
sudo mv /var/lib/couchdb/0.10.0/chef.couch /var/lib/rabbitmq/mnesia/rabbit /srv/chef/cache/chef_server_cookie_id /etc/hadoop/conf/{*.xml,raw_settings.yaml*} /etc/cassandra/storage-conf* /etc/elasticsearch/* $away_dir

Burning an EBS-backed AMI

Just use the console. MAKE SURE TO STOP, UNMOUNT AND DETACH ALL EBS volumes first.

infochimps.chef-client.maverick.east.ebs-64bit-20110703 ClusterChef client 20110703 http://github.com/infochimps/cluster_chef – System orchestration with Chef

Burning an Instance-backed (s3) AMIs

From your local machine, bring over your credentials


  cluster=hoolock
  scp -i ~/.hadoop-ec2/keypairs/hoolock.pem ~/.hadoop-ec2/{certs/cert.pem,certs/pk.pem,keypairs/hoolock.pem} ubuntu@50.16.13.146:/tmp

On the target machine:


cd /mnt
eval $(sudo blkid /dev/sda1 | awk -F: '{ print $2 }') 
# credentials
AWS_ACCOUNT_ID=123456781234 AWS_ACCESS_KEY_ID=2341245 AWS_SECRET_ACCESS_KEY=125324635473465743674637
# ... move the keys to /mnt (so that they are ignored in the bundling)
sudo mv /tmp/*.pem /mnt

Modify the following to suit. (A note about AMI_EXCLUDES: the ec2-bundle-vol
will complain about excluded dirs that don’t exist — remove those. Be careful
though, because it is a VERY BAD THING if directories that do exist (say, a
500GB attached drive) aren’t excluded!)



# edit these:
# i386 or x86_64
BITS=x86_64
# might need to add: /ebs1,/ebs2,/data,/var/lib/cassandra,/srv/chef/cache
AMI_EXCLUDES=/mnt,/mnt2,/root/.ssh/authorized_keys,/home/ubuntu/.ssh/authorized_keys

export EC2_CERT=/mnt/cert.pem
export EC2_PRIVATE_KEY=/mnt/pk.pem
kern=$(wget -q http://169.254.169.254/latest/meta-data/kernel-id -O -) ; echo $kern
eval `cat /etc/lsb-release `
AMI_BUCKET=s3amis.infinitemonkeys.info
ami_name=infochimps.chef-client.${DISTRIB_CODENAME}.east.ami-${BITS}-`date "+%Y%m%d"`
ami_bucket=${AMI_BUCKET}/$ami_name
sudo mkdir -p /mnt/$ami_bucket

# This will take a long fucking time. 15 minutes on a small instance. It fucking sucks.
time sudo ec2-bundle-vol --kernel $kern --exclude=$AMI_EXCLUDES -r $BITS -d /mnt/$ami_bucket -u $AWS_ACCOUNT_ID --cert cert.pem --privatekey pk.pem --ec2cert /etc/ec2/amitools/cert-ec2.pem

( cd /mnt/$ami_bucket ; ec2-unbundle --manifest image.manifest.xml --destination /mnt --privatekey $EC2_PRIVATE_KEY  )

time ec2-bundle-image --image /mnt/image --kernel $kern -u $AWS_ACCOUNT_ID --cert cert.pem --privatekey pk.pem --ec2cert /etc/ec2/amitools/cert-ec2.pem

time ec2-upload-bundle    -b $ami_bucket -m /mnt/$ami_bucket/image.manifest.xml -a $AWS_ACCESS_KEY_ID -s $AWS_SECRET_ACCESS_KEY
time ec2-register -n $ami_name -d $ami_name $ami_bucket/image.manifest.xml

If you are in a region other than us-east-1

  1. export AWS_REGION=us-west-1
  2. export EC2_URL=https://${AWS_REGION}.ec2.amazonaws.com
  3. sudo mkdir -p /mnt/$ami_bucket
  4. time sudo ec2-bundle-vol —exclude=$AMI_EXCLUDES -d /mnt/$ami_bucket -u $AWS_ACCOUNT_ID —cert cert.pem —privatekey pk.pem —ec2cert /etc/ec2/amitools/cert-ec2.pem
  5. time ec2-migrate-manifest —manifest /mnt/$ami_bucket/image.manifest.xml —region $AWS_REGION -a $AWS_ACCESS_KEY_ID -s $AWS_SECRET_ACCESS_KEY
  6. time ec2-upload-bundle -b $ami_bucket -m /mnt/$ami_bucket/image.manifest.xml —location $AWS_REGION -a $AWS_ACCESS_KEY_ID -s $AWS_SECRET_ACCESS_KEY
  7. time ec2-register -n $ami_name -d $ami_name $ami_bucket/image.manifest.xml —region $AWS_REGION

Bootstrap chef server

( cd ~/ics/sysadmin/cluster_chef/ ; knife cookbook upload —all ; for foo in ~/ics/sysadmin/cluster_chef/roles/* ; do echo $foo ; knife role from file $foo ; done ; rake load_data_bags ; rake load_data_bags )

sudo apt-get install jardiff emacs23-nox erlang-mode python-mode ruby-elisp ruby1.8-elisp org-mode mmm-mode css-mode html-helper-mode lua-mode ruby1.8 ruby1.8-dev rdoc1.8 ri1.8 libopenssl-ruby

sudo gem install —no-ri —no-rdoc extlib oniguruma fastercsv json yajl-ruby libxml-ruby htmlentities addressable uuidtools configliere right_aws whenever rest-client oauth nokogiri crack cheat echoe jeweler yard net-proto net-scp net-sftp net-ssh idn rails wirble wukong cassandra redis dependencies wukong poolparty amazon-ec2 broham

Something went wrong with that request. Please try again.