Wednesday, November 2, 2011

Remotely Creating a new AMI

We create a new AMI for every production release, because we want to use auto-scaling to automatically start up new web servers when required. Therefore, our code must already be deployed when the instance starts up.

We are using the Amazon Linux AMI (Beta) as our base image and load our specific environment on top of that. Unfortunately, you cannot remotely create a new AMI from the Amazon base image as is.

These are the steps to modify the /etc/sudoers configuration file, so that a new AMI can be created remotely.

  1. Edit the /etc/sudoers file using the following command:
    sudo visudo
  2. Add the following line to keep the EC2 related environment variables:
    Defaults    env_keep += "EC2_HOME EC2_AMITOOL_HOME AWS_PATH JAVA_HOME"
  3. Modify the following line to add /opt/aws/bin to the secure_path:
    Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/opt/aws/bin
  4. If you want to run ssh without the -t option, comment out the following line:
    # Defaults    requiretty
Once you have these settings saved on your base AMI, you can do the following ssh commands from a remote shell script to create a new AMI:
ssh -i YOUR_KEY ec2-user@YOUR_PUBLIC_DNS \
sudo ec2-bundle-vol \
-p YOUR_NAME \
-k YOUR_PK \
-c YOUR_CERT \
-u YOUR_UID \
-r x86_64
ssh -i YOUR_KEY infdevel@YOUR_PUBLIC_DNS \
sudo ec2-upload-bundle \
-b YOUR_BUCKET \
-m /tmp/YOUR_NAME.manifest.xml \
-a YOUR_ACCESS_KEY \
-s YOUR_ACCESS_SECRET
ssh -i YOUR_KEY infdevel@YOUR_PUBLIC_DNS \
sudo ec2-register \
YOUR_BUCKET/YOUR_NAME.manifest.xml \
-n YOUR_NAME \
-K YOUR_PK \
-C YOUR_CERT



No comments: