OpenSolaris on Amazon EC2: Information and News: Signup for news on OpenSolaris AMIs

List of OpenSolaris AMIs

Technical Support Team

bash # export EC2_URL="https://eu-west-1.ec2.amazonaws.com"
bash # export LOCATION="EU"

bash # export EC2_URL="https://eu-west-1.ec2.amazonaws.com"
bash # export LOCATION="EU"

Previously we posted a blog entry titled “OpenSolaris supports EBS - provides capability to create ZFS” that explains how to use the Amazon's Elastic Block Storage with OpenSolaris EC2 instances. This document combines the EBS with OpenSolaris ZFS technology. While we tried to cover the details needed but there a few questions have been asked several times. In this entry, I will try to explain those details and feel free to ask more questions so we can make it as clear as possible:

• When an EBS device is attached to OpenSolaris instance, how do I identify these drives from within the instance?
• Can I use some automated scripts to mount these EBS devices during the instance startup ? is this answered last (below)?
• Why do I sometimes detach/attach being not successful ?

I will answer these questions in following sections.

When a disk is attached to an OpenSolaris instance it can be viewed in number of ways and the simplest one is to use the format(1M) command. Following is the output of the format command on a default OpenSolaris EC2 instance (without any EBS device being attached) :

root@domU-12-31-39-00-50-A7:~# format

Searching for disks...done

AVAILABLE DISK SELECTIONS:

0. c7d0 <DEFAULT cyl 1274 alt 0 hd 255 sec 63>

/xpvd/xdf@0

1. c7d1 <DEFAULT cyl 19464 alt 0 hd 255 sec 63>

/xpvd/xdf@1

Specify disk (enter its number):

What this tells us is there are two default disks wwhere the controller is 7 and disk is 0(c7d0) and 1(c7d1). It is important to note that this is an OpenSolaris 2009.06 AMI and any AMI which is based on this should have the same controller number. For different OpenSolaris versions the controller number may change and the Getting Started Guide or the format command can be referred to get this information. Any further disk attachment through EBS commands (ec2-attach-volume) will have the same controller ID and a new disk id which will change based on the argument we give to this command. So far it can be easily assumed that -d (a unique number greater than 1) will result in an EBS device appearing as below with the format command within the EC2 instance:

c7d<decimal value of <<a unique number greater than 1> treated as hex number>

eg.

$ ec2-attach-volume vol-63d6250a -d 3 -i i-cf65b5a7

will result in:

c7d3 <DEFAULT cyl 2048 alt 0 hd 128 sec 32>

/xpvd/xdf@3

And so a command like this will result in the following:

$ ec2-attach-volume vol-63d6250a -d 10 -i i-cf65b5a7

will result in:

c7d16 <DEFAULT cyl 2048 alt 0 hd 128 sec 32>

/xpvd/xdf@3

Now if the disk number is already assigned and you try to do that again, it will result in following error:

$ ec2-detach-volume vol-63d6250a -d 2 -i i-cf65b5a7

Client.InvalidAttachment.NotFound: The volume 'vol-63d6250a' is not attached to instance 'i-cf65b5a7' as device '2'.

So it must be unique and unused number.

Also, for detaching a mounted ZFS or regular UFS? file system, we will have to do few things before we can do a clean detach:

For the EBS volumes that is part of ZFS we have to do the following:

Shutdown all applications that are running on top of the ZFS pool.
Export the ZFS pools with:
$ zpool export pool_name
Detach the EBS volumes from the ECS instance.
Also clean up devices with:
$ devfsadm -C -v

For regular UFS? mounted file systems using the newfs(1M) and mount(1M) commands:

Unmount the mounted volume:

$ umount /ebs-vol

Also clean up devices with:
$ devfsadm -C -v

We are very happy to announce the availability of the latest Drupal with AMP Stack AMI on Amazon EC2 in the European Region. This AMI is based on the OpenSolaris 2008.11 base AMI US AMI and does not need registration.

Following are the details of this new AMI:

Drupal with AMP Stack Hardened OpenSolaris 2008.11 32-bit AMI:

ami-d8614aac aki-661c3412 / ari-601c3414

Manifest: hardened_2008.11_32_AMP_Drupal_V1.1.img.manifest.xml

To run this AMI in Europe, change the following environment variables before launching the AMI:

EC2_URL="https://eu-west-1.ec2.amazonaws.com"
LOCATION="EU"

The other env variables remain the same.

NOTE:  a unique <your-keypair-name> must be generated for each region before launching an AMI.(Use ec2-add-keypair <name> > keypairfile after setting the above env variables).

As many of you have requested about how to create and manage Solaris zones/container within an instance of OpenSolaris running in Amazon EC2 environment. Our team member Sean O'Dell was able to put together a series of blog:

• Running OpenSolaris and Zones in the Amazon Cloud - Part 1

which will guide you through step by step instruction on how to create Solaris Zones in an OpenSolaris instance running in EC2. This brings in the best of virtualization features of OpenSolaris in the EC2 environment. If you have used the zones before you may be aware that there are virtually no cost of running zones on OpenSolaris.

We welcome your feedback and comment, if you have any problem following the blog please let us know so we can make it more clear.

Description:

Sun Microsystems Inc. is pleased to announce the release of Drupal AMI with AMP Stack based on Hardened OpenSolaris 2008.11 AMI on Amazon EC2's cloud computing service. 

This 32-bit AMI gives you the power and security of OpenSolaris combined with the flexibility of Amazon's cloud computing service, and is optimized for Amazon EC2's cloud computing environment.

• Drupal 6.10 (pre-configured state) 
• Apache 2.2, MySQL 5.0 
• PHP 5.2 (along with extensions like APC, DTrace, Suhosin, Memcache) runtime 
• phpMyAdmin for administering the MySQL data base
• OpenSolaris AMI Hardening update.  For Hardening Details, please visit  http://wikis.sun.com/display/ISC/OpenSolaris+AMI+Hardening

Configurations:

• Drupal (bundled within this AMI in pre-configured state) is available under location /var/drupal-6.10

• Drupal specific configuration for Apache Web Server is available within /etc/apache2/2.2/conf.d/drupal.conf.

• Users can launch and configure Drupal by accessing http://<DNS name associated with the instance> in their browser.

• Apache and MySQL services are pre-configured to start on boot.

• If you would like to use phpMyAdmin, you will need to do the following:

                  # cp /etc/apache2/2.2/samples-conf.d/phpmyadmin.conf /etc/apache2/2.2/conf.d/

                  # svcadm restart http:apache22

• Drupal recommends having a database protected with a valid user name and password to be created on the system before configuring Drupal. Hence, users are advised to either use 'ssh' to login to your AMI or phpMyAdmin to create such database before proceeding to configuring Drupal.

• DTrace probes are available within Apache and PHP runtime. Sample Dtrace scripts are available under /opt/DTT/

For more details on security information and image usage instructions, please refer to the '/root/ec2sun/
README' file.

AMP Stack File Layouts

Administering AMP Stack

You can reset MySQL 'root'password by running following command:

# /usr/mysql/5.0/bin/mysqladmin -u root -p password '<MySQL password>'

It is highly recommended to secure your MySQL database by following the guidelines mentioned within the MySQL 5 database documentation:

The root file system is ZFS in this AMI and includes the pre-installed packages and tools necessary to get started with using OpenSolaris on Amazon EC2. You can obtain more details about the OpenSolaris project at http://www.opensolaris.org.

Also, just like in our previous AMIs, the "pkg image-update" command updates the kernel and ramdisk which is not allowed in Amazon EC2. Therefore, in order to prevent your instances from becoming non-compatible with the Amazon EC2 environment, we have disabled this command.

More details including re-bundling instructions can be found in the Getting Started Guide. 

Support:

For technical support during the Beta period, please contact ec2­-solaris­-support[AT]SUN[DOT]COM.

Please check OpenSolaris on Amazon EC2 blog for latest updates and new information about OpenSolaris AMIs.

The "OpenSolaris on Amazon EC2 Getting Started Guide" is located at:
http://www.sun.com/third-party/global/amazon/Sun_AmazonEC2_GettingStartedGuide.pdf

Register for OpenSolaris AMIs here.

Sun GlassFish Communications Server is a Java EE technology-based converged application server combining enterprise service-oriented architecture (SOA) and Web services capabilities with Session Initiation Protocol (SIP) servlets.

This 32bit AMI is based on OpenSolaris 2008.11 AMI.

This AMI has Sun GlassFish Communication Server and MySQL pre-installed and pre-configured as services. So when the image comes up, you have a running server. All it needs is your service/application.

When the AMI instance is up and running, you can access the administration server using
http://Public-DNS-address-of-instance:4848

For your convenience, as database connection pool and JDBC resource has been configured in SailFin.You can see it under JDBC Resources in the Admnin console. Ping the Connection pool named mysql and it should be successful. Now run your usual asadmin scripts that deploy the service to the SailFin.

Configurations:

• Sailfin installation directory: /opt/sailfin
• MySQL databse name: sailfin As MySQL service need to be running for sailfin operation the sailfin service has a dependancy on mysql services and also sailfin has been declared as dependant on mysql in mysql SMF configuration.
• JDBC resources has been creted to used with "sailfin" database.

You can enable the service management facility(SMF) for sailfin by running the command:
#svcadm enable domain1

You can check the status of the sailfin service by running the command:
#svcs | grep domain1

You can disable the sailfin service by running the command as root:
#svcadm disable domain1

You can restart the service management facility(SMF) for sailfin by running the command:
#svcadm restart domain1

For security information and other details on how to work with this AMI, you can look at the README files located at

/root/ec2sun/sailfin.README
/root/ec2sun/mysql.README
/root/ec2sun/sysbench.README
/root/ec2sun/DTrace.README

Documentation:

• http://blogs.sun.com/sduv/entry/using_sailfin_in_the_amazon
• https://sailfin.dev.java.net/
• For general questions on OpenSolaris, please visit OpenSolaris on Amazon EC2 Getting Started Guide:
  http://www.sun.com/third-party/global/amazon/Sun_AmazonEC2_GettingStartedGuide.pdf

Support

• Register at http://www.sun.com/third-party/global/amazon/ to receive latest news on OpenSolaris AMIs
• For technical support during Beta period, please send emails to ec2-solaris-support[AT]SUN[DOT]COM.

OpenSolaris AMI License for Amazon EC2

Description:

Sun Microsystems Inc. is pleased to announce the release of Hardened OpenSolaris 2009.06 on Amazon EC2's cloud computing service. This 32-bit AMI gives you the power and security of OpenSolaris combined with the flexibility of Amazon's cloud computing service, and is optimized for Amazon EC2's cloud computing environment.

The OpenSolaris system configuration has been adjusted to comply with the recommendations published by Sun and the Center for Internet Security, a non-profit organization chartered to develop and encourage widespread use of security configuration benchmarks developed through a global consensus process involving participants from academia, industry and government. 

Working together for more than six years, Sun and the Center for Internet Security have consistently developed best-in-class, supportable and complete security hardening guidance for the Solaris operating system.

The latest version developed for the Solaris 10 operating system was completed with substantial contributions from Sun, CIS, the U.S. National Security Agency (NSA), as well as the U.S. Defense Information Systems Agency (DISA).

Building upon this foundation, Sun and the Center for Internet Security collaborated to adapt the security recommendations published in the Solaris 10 Benchmark to the OpenSolaris operating system and document those changes specific to virtual machine images such as those available on Amazon EC2. 

All of the specific changes made to the base OpenSolaris 2009.06 AMI are discussed on the Sun OpenSolaris AMI Hardening Wiki : http://wikis.sun.com/display/ISC/OpenSolaris+Security+Hardening

For more information on the Center for Internet Security's Solaris 10 Benchmark, see:
http://www.cisecurity.org/bench_solaris.html

New features introduced with this latest release of Hardened Security AMI are "Encrypted swap memory" and "auditing".

More information on "Encrypted Swap Memory" feature is available at
http://blogs.sun.com/gbrunett/entry/encrypted_swap_in_opensolaris_2009 

This project is affiliated with the Immutable Service Container project whose goal is to develop security reinforced virtual machine images. The Immutable Service Container project developed the code used by this AMI to implement hardening, encrypted swap and auditing.  Additional information regarding Immutable Service Containers can be found at:
http://kenai.com/projects/isc/pages/OpenSolaris

The root file system is ZFS in this AMI and includes the pre-installed packages and tools necessary to get started with using OpenSolaris on Amazon EC2. You can obtain more details about the OpenSolaris project at http://www.opensolaris.org.

Also, just like in our previous AMIs, the "pkg image-update" command updates the kernel and ramdisk which is not allowed in Amazon EC2. Therefore, in order to prevent your instances from becoming non-compatible with the Amazon EC2 environment, we have disabled this command.

More details including re-bundling instructions can be found in the Getting Started Guide.

Rebundling Changes:

 You must disable auditing during re-bundling. You can execute following commands in your clean up tasks before executing "ec2-bundle-image" command.

bash # audit -t
bash # > /var/log/auditlog
bash # rm -f /var/audit/*

 As you can see we have introduced the new ARI (ari-9d6889f4) with this AMI, make sure you use the correct ARI with the "ec2-bundle-image" command as given below.

bash # ec2-bundle-image -c $EC2_CERT -k $EC2_PRIVATE_KEY \
 --kernel aki-1783627e --ramdisk ari-9d6889f4 \
 --block-device-mapping "root=rpool/56@0,ami=0,ephemeral0=1" \
 --user <userid> --arch i386 \
 -i $DIRECTORY/$IMAGE -d $DIRECTORY/parts

You can restart the audit daemon on the instance where you disabled it temporarily for re-bundling with following command.

bash # audit -s

Support:

• For technical support during the Beta period, please contact ec2­-solaris­-support[AT]SUN[DOT]COM.
• Please check OpenSolaris on Amazon EC2 blog for latest updates and new information about OpenSolaris AMIs.
• The "OpenSolaris on Amazon EC2 Getting Started Guide" is located at:
  http://www.sun.com/third-party/global/amazon/Sun_AmazonEC2_GettingStartedGuide.pdf
• Register for OpenSolaris AMIs here.

Sun Microsystems Inc. is pleased to announce the new release OpenSolaris 2009.06 on Amazon EC2's cloud computing service. This 32-bit AMI gives you the power and security of OpenSolaris combined with the flexibility of Amazon's cloud computing service, and is optimized for for Amazon EC2's cloud computing environment.

Description:

OpenSolaris 2009.06 is the latest release of the OpenSolaris Operating System, a powerful and complete operating environment for users. developers and deployers. OpenSolaris prides itself on being a secure, stable, and highly scalable system. The OpenSolaris OS is open source software, and freely re-distributable and provides all the tools users expect from a modern computing environment both installed by default and available on our online network package repositories.

Information on "What's new in OpenSolaris 2009.06" is available at
http://www.opensolaris.com/learn/features/whats-new/200906/

The root file system is ZFS in this AMI and includes the pre-installed packages and tools necessary to get started with using OpenSolaris on Amazon EC2. You can obtain more details about the OpenSolaris project at http://www.opensolaris.org.

Also, just like in our previous AMIs, the "pkg image-update" command updates the kernel and ramdisk which is not allowed in Amazon EC2. Therefore, in order to prevent your instances from becoming non-compatible with the Amazon EC2 environment, we have disabled this command.

The "Getting Started Guide" has been updated with instructions for Re-bundling OpenSolaris 2009.06 based 32-bit AMI on Amazon EC2.

Rebundling Changes:

For new 32-bit OpenSolaris 2009.06 AMI re-bundling use following "ec2-bundle-image" command. For more detail look into the Getting Started Guide (Page 10).

ec2-bundle-image -c $EC2_CERT -k $EC2_PRIVATE_KEY   \
  --kernel aki-1783627e --ramdisk ari-858362ec \
  --block-device-mapping "root=rpool/56@0,ami=0,ephemeral0=1" \
  --user <user-id> --arch i386 \
  -i $DIRECTORY/$IMAGE -d $DIRECTORY/parts

After the launch of the OpenSolaris 2009.06 32-bit AMI (AMI ID ami-4133d528) at the beginning of June, an infrequent launch hang upon AMI startup was discovered.  This issue has been submitted as CR 6840704 and has been fixed in an AMI Refresh.

New launches of the old OpenSolaris 2009.06 AMI (ami-4133d528) will be disabled and current users will still be able to use the old ari and aki (aki-b128ced8 / ari-d336d0ba) with their rebundled AMI based on ami-4133d528.

Support:

For technical support during the Beta period, please contact ec2­-solaris­-support[AT]SUN[DOT]COM.

Please check OpenSolaris on Amazon EC2 blog for latest updates and new information about OpenSolaris AMIs.

The "OpenSolaris on Amazon EC2 Getting Started Guide" is located at:
http://www.sun.com/third-party/global/amazon/Sun_AmazonEC2_GettingStartedGuide.pdf

Register for OpenSolaris AMIs here.