TipsAndTricks/Running YP Image On AWS
Creating an AMI from a Yocto Image
While it is no longer well documented, AWS does still allow custom built linux AMI images so long as they have the following requirements:
- MBR partition table
- Grub bootloader
- AWS support claims that grub legacy is required; we suspect this is for licensing reasons. Due to grub 0.97 issues installing onto loopback devices, we failed to get grub legacy up and running on our image, but we were able to get grub 2 booting just fine on AWS. Future work would involve finding a way to use grub 0.97 since that’s what AWS is specifically wanting.
- Cloud-init
- AWS claims to have a specific cloud-init package, though it seems likely that an up to date package would probably work. Future work would include closely examining running AMIs to determine cloud-init versioning and functionality, and ensure that Yocto layer that supplies cloud-init is providing the proper version.
Procedure to Build, Upload, and Register the AMI
Build Yocto image
Note: This was done with Yocto Project version 2.4.
- Add the following to local.conf
MACHINE ?= "genericx86-64" IMAGE_INSTALL_append=" wget \ cloud-init \ packagegroup-core-full-cmdline \ grub \ connman \ kernel-module-xen-acpi-processor \ IMAGE_FEATURES += " ssh-server-openssh" # Ensure extra space for guest images IMAGE_ROOTFS_EXTRA_SPACE = "1000000" DISTRO_FEATURES_append = " systemd virtualization xen " VIRTUAL-RUNTIME_init_manager = "systemd" DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
NOTE: These settings work, and allow you to log into your AMI. When I tried a dropbear/sysvinit version, I could no longer ssh into the instance. I am unsure what the minimum sized version consists of that will still allow ssh into the instance.
- Add the following to bblayers.conf to include cloudinit
BBLAYERS ?= " \ /workdir/meta \ /workdir/meta-yocto \ /workdir/meta-poky \ /workdir/meta-yocto-bsp \ /workdir/meta-openembedded/meta-oe \ /workdir/meta-openembedded/meta-python \ /workdir/meta-openembedded/meta-networking \ /workdir/meta-openembedded/meta-filesystems \ /workdir/meta-virtualization \ /workdir/meta-cloud-services/meta-openstack \ "
- Location of layers can be found from http://layers.openembedded.org
- bitbake core-image-base (do NOT use core-image-minimal)
Create AMI image
Note: AWS support claims that grub legacy is required for AMIs, but we found that grub2 worked just fine. We had issues installing grub 0.97 on a loopback device, so we just used grub2. These commands are examples - they were used for Ubuntu development systems. Different systems may have slightly different commands.
Create an empty img file of desired total size
dd if=/dev/zero of=yoctoami.img bs=1M count=500
Create MBR Partition table and set bootable flag
(echo n; echo p; echo 1; echo; echo; echo a; echo p; echo w) | fdisk yoctoami.img
Mount to loopback device and create filesystem NOTE: The filesystem is formatted on the PARTITION not the general loopback device.
sudo kpartx -av yoctoami.img sudo mkfs.ext4 /dev/mapper/loopXp1
Copy a yocto rootfs onto the ext4 partition we just formatted
sudo mount tmp/deploy/images/genericx86-64/core-image-base.ext4 /mnt/yoctofs sudo mount /dev/mapper/loopXp1 /mnt/yoctoami rsync -av /mnt/yoctofs/ /mnt/yoctoami/
Populate grub.cfg and Install grub
- NOTE: Grub is installed onto the loopback device, NOT the partition. To obtain PARTUUID: blkid /dev/mapper/loopXp1
mkdir -p /mnt/yoctoami/boot/grub/ echo "(hd0) /dev/sda" | sudo tee /mnt/yoctoami/boot/grub/device.map vi /mnt/yoctoami/boot/grub/grub.cfg
menuentry "Yocto Kernel AWS" { set root='hd0,msdos1' insmod vga insmod gzio linux /boot/bzImage-4.12.12-yocto-standard root=PARTUUID=<partid> }
sudo grub-install --no-floppy --grub-mkdevicemap=/mnt/yoctoami/boot/grub/device.map --root-directory=/mnt/yoctoami /dev/loopX
Unmount filesystems
sudo umount /mnt/yoctoami sudo kpartx -dv yoctoami.img sudo umount //mnt/yoctofs
Prepare AWS Account
- Create a user
- I gave admin privileges to make allow uploading bundles to buckets and registering amis. I’m sure there’s a better, more limiting subset of permissions (a custom written policy if nothing else), but for now I just gave blanket permissions.
- Each user gets an AWS access key id, which is required for cli and api commands. Make sure you save this somewhere.
- Create an S3 Bucket to store your image files
- http://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html
- Add proper permissions to this bucket so you can interact with the objects via the CLI
- Select your bucket from the AWS S3 console
- Go to Permissions->Bucket Policy
- Following these guidelines, enter a policy with your proper information:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1508534072338", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<accountnumber>:<role>" }, "Action": "s3:*", "Resource": "arn:aws:s3::<:bucketname>" } ] }
AWS Environment Setup
- Download the AWS CLI and EC2 AMI tools
“sudo apt-get install awscli” “sudo apt-get install ec2-ami-tools”
- Configure your CLI
Follow the directions for “Quick Configuration” here: http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-quick-configuration
- More thorough documentation of the install process and CLI here:
http://docs.aws.amazon.com/cli/latest/userguide/installing.html
Bundle, Upload, and Register your AMI
Documentation for these commands can be found here and here. These are examples of what my commands looked like. Uploading your bundles and registering your ami can also be done via UI interfaces in the the AWS console.
- Bundle your image
ec2-bundle-image -c server.cert -k server.key -u userID -i yoctoami.img
- Upload your image
ec2-upload-bundle -b arn:aws:s3:::bucketname -a accesskey -s secretaccesskey -m /tmp/yoctoami.img.manifest.xml
- Register your AMI
aws ec2 register-image --image-location bucketname/yoctoami.img.manifest.xml --name "yoctoami" --architecture x86_64 --virtualization-type hvm
Run Your AMI
Once your AMI is registered, it will show up in your AWS EC2 console under Images->AMIs.
- Select your new AMI, then click Launch
- Select the type of image you want to launch (I used the default of m3.medium), then click through to see if there is any other configuration you would like to add (I didn’t select any).
- Launch the instance. Once your instance is launched, you should be able to see it pass the initialization checks and have the state of “running”.
- You can now connect to the instance via ssh, per the instructions on the console. Note, the default YP login is root w/ no password, so hopefully you have either overriden this or you have very restrictive inbound rules on your instance.
- You can also get a screenshot of the running instance and see that it is patiently waiting at the Yocto login prompt :)