Creating an AMI on EC2
Notes About Creating a New EC2 AMI
Back to parent: GotCloud
The following are notes taken when creating the Amazon Machine Instance used for the CSG pipeline process.
These notes assume you have already created an EC2 account and have the certificates and keys set up properly.
Create new GotCloud AMI from StarCluster AMI
Launch an instance
Login to https://console.aws.amazon.com/ec2 # EC2 Management Console
Pay attention to the region you are using, at least for now it seems any StarCluster activity must be in us-east-1.
Launch a new instance starting from a StarCluster AMI. We will use set up the software on this instance and ultimately save it as an AMI.
EC2 DashBoard -> Launch Instance- Select:
Community AMIs- Enter in the search box:
starcluster-base-ubuntu - Select:
starcluster-base-ubuntu-12.04-x86_64 - ami-765b3e1f
- Enter in the search box:
- Select the Instance Type:
Compute optimized c3.2xlarge- You can use a smaller/cheaper machine - I originaly used t1.micro, but I found things go so much faster with a larger machine.
- Click:
Review and Launch- Select:
Make General Purpose (SSD) the boot volume for this instance. - Select:
Next
- Select:
- Scroll down to the
Storagesection - Click:
Edit storage- Update the Size:
30- We use 30G to fit the GotCloud code and reference files. Make it larger if you want additional space.
- Click:
Review and Launch
- Update the Size:
- Click:
Launch - Select the key/pair you want to use & Launch
Setup the instance with GotCloud
This assumes you have already logged onto the instance.
- Get the latest version of GotCloud:
- Multiples ways to do this, one way is to do:
sudo git clone https://github.com/statgen/gotcloud.git
- Multiples ways to do this, one way is to do:
- Download cmake (required to build premo)
sudo apt-get updatesudo apt-get upgrade(takes a while, may be able to skip this step)sudo apt-get install cmake
- Build the source (if you obtained the source code).
cd gotcloud/srcsudo make- Specify
-j #based on the number of CPUs your instance has, if more than 1
- Specify
cd
- Get the reference files
- Untar:
tar xvf h37-db135-v3.tgz - Move reference to gotcloud directory:
sudo mv gotcloud.ref gotcloud - Remove tar file:
rm h37-db135-v3.tgz - Set the paths, by updating .profile:
vi .profilei
if [ -d "$HOME/gotcloud" ] ; then PATH="$HOME/gotcloud:$PATH" fi if [ -d "$HOME/gotcloud/bin" ] ; then PATH="$HOME/gotcloud/bin:$PATH" fi if [ -d "$HOME/gotcloud/scripts" ] ; then PATH="$HOME/gotcloud/scripts:$PATH" fi
ESC:q
Set Up Swap Space
Issue the command swapon -s to see if there is swap space. If there is only a header line, you need to add a swap file like this:
df -h # Be sure there's enough space, decide on swap size
# Create a file /swap to use (assuming / is large enough)
sudo bash # Run these commands as root
swap=/swap
dd if=/dev/zero of=$swap bs=524288 count=16384 # 8GB swap on t1.micro 15G=bs=1073741824 count=15
chown root:root $swap
mkswap $swap
chmod 0600 $swap
swapon $swap
echo "$swap none swap sw 0 0" >> /etc/fstab
swapon -s # Should show the swap device
Cleanup the instance for creating an AMI
Create the AMI
- Go to : Create the AMI
Update the GotCloud AMI
- Start an instance of the current GotCloud AMI
- Suggest an instance with some CPU so you can parallelize the "make" call.
- Login as ubuntu
cd gotcloudsudo git pullcd gotcloud/srcsudo make- Specify
-j #based on the number of CPUs your instance has
- Specify
cd- Go to : Create the AMI
Cleanup Instance for AMI Creation
First time from generic/starcluster AMI
- Disable password-based logins for root
- Open /etc/ssh/sshd_config
- Change
PermitRootLogin yestoPermitRootLogin without-password
- Disable root access
sudo passwd -l root
Each time we generate a new AMI, run:
sudo shred -u /etc/ssh/*_key /etc/ssh/*_key.pub
sudo find / -name "authorized_keys" -exec rm -f {} \;
rm -rf ~/.ssh
shred -u ~/.*history
sudo find /root/.*history /home/*/.*history -exec rm -f {} \;
history -w
history -c
These commands do the following:
- Remove SSH host key pairs
- Remove SSH authorized keys
- Remove ssh
- Delete shell history
Create the AMI
Once your instance is all ready with everything you want, create the AMI.
In your browser at the EC2 Management Console do the following:
- Select the running instance
- Right click,
Create Image - Enter name & Description
- Ensure volume size is correct
- Mark delete on terminate
- This will take several minutes to complete.
- In the EC2 Dashboard, you can monitor the progress.
- When it is done, you'll see a new AMI under the list of AMIs.
- When completed, terminate your old instance
Older/Additional Instructions
Install the Software
(1) There are a number of additional Debian packages that you may well need, so we make sure they are all installed.
sudo apt-get update
sudo apt-get upgrade # Apply maintenance
sudo apt-get install java-common default-jre make libssl0.9.8
sudo apt-get install libnet-amazon-ec2-perl s3cmd
sudo apt-get install make g++ libcurl4-openssl-dev libssl-dev libxml2-dev libfuse-dev
(2) S3fs allows one to access S3 storage as a conventional file system. This can be quite handy, if it is set up properly. Our recent experience is that the 1000 Genomes data is has many files with incorrect permissions. Still if you're lucky, your data will be useful. Install the software like this:
mkdir -p ~/src
cd ~/src
wget http://s3fs.googlecode.com/files/s3fs-1.68.tar.gz
tar xzvf s3fs-1.68.tar.gz
cd s3fs*
./configure
sudo make install
(3) Configure s3cmd. This will ask for your AWS ID and Secret Key. If creates a file in ~/.s3cfg
s3cmd --configure
Enter new values or accept defaults in brackets with Enter.
Refer to user manual for detailed description of all options.
Access key and Secret key are your identifiers for Amazon S3
Access Key: AKI1234QEUWZ3YCZF2Q
Secret Key: ft1eJa1234NE8iitNlbA08x/G8iMqkMI1234IGf
Encryption password is used to protect your files from reading
by unauthorized persons while in transfer to S3
Encryption password: password_you_do_not_need_to_know
Path to GPG program [/usr/bin/gpg]:
When using secure HTTPS protocol all communication with Amazon S3
servers is protected from 3rd party eavesdropping. This method is
slower than plain HTTP and can't be used if you're behind a proxy
Use HTTPS protocol [No]:
On some networks all internet access must go through a HTTP proxy.
Try setting it here if you can't conect to S3 directly
HTTP Proxy server name:
New settings:
Access Key: AKI1234QEUWZ3YCZF2Q
Secret Key: ft1eJa1234NE8iitNlbA08x/G8iMqkMI1234IGf
Encryption password: password_you_do_not_need_to_know
Path to GPG program: /usr/bin/gpg
Use HTTPS protocol: False
HTTP Proxy server name:
HTTP Proxy server port: 0
Test access with supplied credentials? [Y/n]
Please wait...
Success. Your access key and secret key worked fine :-)
Now verifying that encryption works...
Success. Encryption and decryption worked fine :-)
Save settings? [y/N] y
Configuration saved to '/home/ubuntu/.s3cfg'
(4) Follow the instructions to install the GotCloud Debian packages Run the tests to be sure everything is OK.
Configure the Host to be Usable
It is useful to configure /etc/rc.local to do most things you need at boot time. There are many other ways to do this, but here's one simple way - create the file /etc/rc.local (as root). The following example sets up access details for s3cmd and s3fs (use your own credentials).
ubuntu@ip-10-254-60-210:~$ sudo more /etc/rc.local
#!/bin/sh
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
USER=ubuntu
THOUSANDG=/mnt/1000g
FILES3=/etc/passwd-s3fs # Where s3fs access info will live
S3ERR=/tmp/s3fs.err
# These are needed for s3fs access
AWSACCESSKEYID=AKIAxxxxxxZ3YCZF2Q
AWSSECRETACCESSKEY=ft1eJa3WxxxxxxxNlbA08x/G8iMqkMIkJjFCIGf
# Check that we have swap set up
a=`swapon -s | grep -v File`
if [ "$a" = "" ]; then
echo "#######################################################"
echo "# You have no SWAP file set up"
echo ""
echo "# swap=/mnt/swapfile"
echo "# sudo dd if=/dev/zero of=$swap bs=1073741824 count=20"
echo "# sudo chown root:root $swap"
echo "# sudo mkswap $swap"
echo "# sudo chmod 0600 $swap"
echo "# sudo swapon $swap"
echo ""
echo "# If need be, add to /etc/fstab"
echo "# echo "$swap none swap sw 0 0" >> /etc/fstab"
echo "#######################################################"
fi
# Set up for GotCloud
gc=/gotcloud.mnt
if [ ! -r $gc/release_version.txt ]; then
mkdir -p $gc
mount /dev/xvdg $gc
if [ -d $gc/gotcloud.ref ]; then
echo "#######################################################"
echo "# GotCloud is set up on $gc"
echo "#######################################################"
fi
fi
# Set up access to S3 storage as normal filesystem
echo "${AWSACCESSKEYID}:$AWSSECRETACCESSKEY" > $FILES3
chown root.root $FILES3
chmod 640 $FILES3
usermod -aG fuse $USER
# Setup 1000genomes
mkdir -p $THOUSANDG
if [ ! -r $THOUSANDG/release ]; then
chown $USER.$USER $THOUSANDG
/usr/local/bin/s3fs -o allow_other 1000genomes $THOUSANDG > $S3ERR 2>&1
if [ ! -r $THOUSANDG/alignment.index ]; then
echo "#######################################################"
echo "# 1000genomes is not set up on $THOUSANDG"
echo "# See S3FS errors in $S3ERR"
echo "#######################################################"
fi
df -h
fi
exit 0
Test the new AMI
Launch a new AMI instance and check that files are in the correct places. In the EC2 Management Console do:
EC2 DashBoard -> AMIs -> Select CSG instance -> Launch Instance
Launch Instances (take defaults)
Advanced Instance Options (take defaults)
Storage Device Configuration -> Edit
Change volume to 30G or larger -> Continue # Defaults are OK
Instance Details
Key Name = test of instance
Create Key/Pair if you need to, most likely you can use one you have created
Choose a Security Group -> sg-a098e9c8 - quick-start-1
Review -> Launch
