Monday, March 28, 2011

Create an AMI


This blog will guide you through creating an Ubuntu AMI (Amazon Machine Image) from a launched Instance. In this tutorial we will create S3 backed AMI from running instance (Ubuntu). Before getting down to create an actual AMI let’s try to understand some basic terminologies:

Understand what AMI is: An Amazon Machine Image (AMI) is a special type of virtual appliance which is used to instantiate (create) a virtual machine within the Amazon Elastic Compute Cloud. It serves as the basic unit of deployment for services delivered using EC2. We can say that AMI is an image from which an instance can boot.

What is Amazon EC2: Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers
Create your own AMI, so that you can boot new custom instance which have all the required software preinstalled. Your AMI becomes basic unit of deployment; it will save your time of installing required software again and again.


You can make a new AMI either by creating a new one from scratch on your own machines or by modifying and extending an existing image (such as the one you just booted and logged onto). This tutorial will take you through modifying and extending an existing image. To start creating AMI first launch an instance of existing AMI, so that we can change it according to our need and create an AMI

Two types of AMIs: There are two types of AMIs based on storage; S3 backed and EBS backed. In this tutorial we will create S3 backed AMI. In S3 backed AMI, newly created AMI will be stored on S3

Launching an Instance:
1.       Login to Amazon EC2 (http://aws.amazon.com/)

2.       Click the button “Launch Instance”
a.       Choose AMI: Select suitable AMI
b.      Instance Details: Select Instance details like no of Instances, Instance type etc. You can skip advance steps(remain default values)
c.       Create Key Pair: Either use existing key pair or create new one.
d.      Configure Firewall: Either select existing security group or create new one (This is for unlocking the specific port etc.)
e.      After review launch the instances.

      3.       To open console in putty use public DNS and keys(created or used in previous step) of that Instance

At this point (ie before creating an AMI) you can make require changes to the instance, for example you can install required software or change some settings or whatever is your need. Now in the next step we will create AMI of the instance just launched.

Creating an Image (AMI):
       1.       After launching instance, copy the X.509 certificate and private key to /mnt
a.       To download the X.509 certificate and private key click account >> security credentials on amazon website.

       2.       Add repository:
a.       sudo perl -pi -e 's%(universe)$%$1 multiverse%'  /etc/apt/sources.list
b.      Update:
                                                               i.      sudo apt-get update
c.       Install ec2 tools:
                                                               i.      sudo apt-get install ec2-ami-tools
                                                             ii.      sudo apt-get install ec2-api-tools

        3.       Define following environment variable:
a.       export EC2_PRIVATE_KEY=YOUR-PATH-TO-PRIVATE-KEY
b.      export EC2_CERT= YOUR-PATH-TO-X.509-CERTIFICATE

        4.       Bundling the AMI: This step will create an image and break it into different part 10MB each and encrypt them.
a.       ec2-bundle-vol -d /mnt -k YOUR-PATH-TO-PRIVATE-KEY -c YOUR-PATH-TO-X.509-CERTIFICATE –u YOUR-AWS-ACCOUNT-NO -r i386

        5.       Create a bucket on S3: In this bucket our newly created AMI will be saved

        6.       Upload AMI to S3:
a.       ec2-upload-bundle -b YOUR-S3-BUCKET -m /mnt/image.manifest.xml -a YOUR-AWS-ACCESS-ID -s YOUR-AWS-ACCESS-KEY

        7.       Register the AMI: Your image must be registered with Amazon EC2, so Amazon can locate it and run instances based on it. In this process your newly created AMI will get unique AMI Id
a.       ec2-register –K  YOUR-PATH-TO-PRIVATE-KEY –C YOUR-PATH-TO-X.509-CERTIFICATE  YOUR-S3-BUCKET/image.manifest.xml

        8.       Run Instance using newly created AMI
a.       ec2-run-instances YOUR-AMI-ID (which you got in last step)

        Congratulations Your AMI is Created Successfully. Now when you launch new instance you will get this AMI in list under MY AMIs


        9.   To unregister an AMI
                     a.   ec2-deregister YOUR-AMI-ID


     Paths:
        YOUR-PATH-TO-PRIVATE-KEY:   /mnt/pk*.pem
        YOUR-PATH-TO-X.509-CERTIFICATE:  /mnt/cert*.pem

      Keys and certificate:
        YOUR-AWS-ACCOUNT-NO:   In the web browser click “account >> Account Activity” (It will appear on right side in the form 9999-9999-9999. When you use the account number in the context of the API's, you should leave out the hyphens and just use the 12 digits)
        YOUR-AWS-ACCESS-ID:   In the web browser click “account >>security credentials” under heading “access credentials >> access keys”
        YOUR-AWS-ACCESS-KEY:   In the web browser click “account >>security credentials” under heading “access credentials >> access keys”
        PRIVATE-KEY:   In the web browser click “account >>security credentials” under heading “access credentials >> x.509 certificate”
        X.509-CERTIFICATE:   In the web browser click “account >>security credentials” under heading “access credentials >> x.509 certificate”

       You have to click on create new certificate if you don’t have private key for current certificate, then you will get new certificate as well as private key

-->

16 comments:

  1. Hey fantastic writeup. Have a question, does this only work if you started an S3 ami? Can I used this if I have an EBS based instance launched and want to make an S3 ami out of it?

    ReplyDelete
  2. Thanks Ankur,
    Yes you can use this if you have EBS backed instance and and want to create S3 AMI.

    ReplyDelete
  3. Nice article. Keep posting.

    ReplyDelete
  4. AnonymousMay 02, 2011

    Hi Rahul,
    I am new to the concept of EC2. I have a distributed aplication already running in staging and have clustered App Servers and database servers. When I need to migrate this into EC2 do I have to put both the app server and db server in one AMI. I have only one Elastic IP. Please suggest.
    Thanks
    Deb

    ReplyDelete
  5. Hi,
    I am not getting why you want to create an AMI ?

    Do you want to save your data and application as Image, to provide solution to your customers ?

    You can launch an instance and configure your application on cloud in two ways:
    1. you can start with launching an AMI with no pre software installed and you can install your DB and other softwares,
    OR
    2. you can start with launching an AMI with your DB pre installed and just configure your application.

    If you want to save your configuration along with all your setups, you can create AMI.

    yes you can put both the app server and db server in one AMI.

    ReplyDelete
  6. Here's the procedure to build your own S3- and EBS-backed AMIs using CentOS install DVD discs and run the kernel that comes with CentOS: http://amazonaws.michael--martinez.com

    ReplyDelete
  7. One coleague has changed the Windows Server 2008 administrator password on an instance that we have on amazon. Can we create another instance using an image without the need to configure again the new instance and without spending time to install all the websites and applications that we have on the old instance? We spend a lot of time setting up the server it is going to take us 2 weeks to do that again.

    ReplyDelete
  8. Yes you can start another instance using old image.
    But you will get only those data(website and app) on new instance which was present on old instance before creating AMI

    ReplyDelete
  9. Is there a GUI for Creating an Image (AMI) steps?
    Thank you.

    ReplyDelete
    Replies
    1. No GUI Available for creation of AMI of S3 backed instances
      If talking about EBS backed instances, you can directly create AMI from AWS console

      select instance >> click "Instance Action" >> click "Create Image (EBS AMI)"

      Delete
  10. ok.. I did everything you said and it worked right up to: ec2-register then it just gave me a world of hell by listing all the options for ec2-register. Any ideas?
    Centos 6.2 64 bit

    Driving me nuts

    ReplyDelete
    Replies
    1. If you are able to run this command (ec2-register ), it means your image is registered now you can run that image from AWS console.

      FYI: Above steps are used and tested on Ubuntu

      Delete
  11. Ahh.. thanks.

    ReplyDelete
  12. It was interesting.. It definitely wasn't registered, so I just registered the AMI using the AWS web interface.

    ReplyDelete
    Replies
    1. ec2-register –K YOUR-PATH-TO-PRIVATE-KEY –C YOUR-PATH-TO-X.509-CERTIFICATE YOUR-S3-BUCKET/image.manifest.xml

      I have tested it, It works fine for me

      If you are not able to register with above command there might be problem of parameters like private key or certificate or bucket, please check

      Delete
  13. After running all first steps in a S3-backed ubuntu instance, I execute
    ec2-upload-bundle -b sampleimages -m /mnt/image.manifest.xml -a XXXXXXXXXXXXXXXXXXXX -s XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --url https://ec2.eu-west-1.s3.amazonaws.com

    I keep getting the error:
    ERROR: Error talking to S3: Server.SignatureDoesNotMatch(403): The request signature we calculated does not match the signature you provided. Check your key and signing method.

    I created the image with
    ec2-bundle-vol -d /mnt -k /mnt/pk-JD2USLPYCEIUTCADBCLIOEHX7WIAWWCR.pem -c /mnt/cert-JD2USLPYCEIUTCADBCLIOEHX7WIAWWCR.pem -u XXXXXXXXXXXX -r x86_64 -e /mnt

    What could be the problem?

    ReplyDelete